-
Archives
- March 2013
- June 2012
- May 2012
- April 2012
- March 2012
- October 2011
- September 2011
- July 2011
- June 2011
- May 2011
- April 2011
- February 2011
- January 2011
- October 2010
- September 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- August 2009
- June 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- May 2006
- March 2006
Author Archives: danielcid
New blog location
I won’t be using this blog anymore. For new content, go to http://dcid.me/notes/ Thanks!
www.ossec.net DNS and Content modified
If you visit ossec.net you will notice a pretty new design and a new home for it. The server was officially moved to a Trend server and is now being managed by Vic Hargrave (ossec@vichargrave.com) and the Trend team. If … Continue reading
Posted in ossec
Leave a comment
Faking (all) user agents
If you are going to fake a user agent, do it right :) Seeing some web scanners faking all possible browsers out there in one single request: Firefox/3.6 Chrome/9 Firefox/3.0 Opera/9.99? Safari and more.. This is the actual log (searching … Continue reading
OSSEC rule for the PHP-CGI vulnerability
I am seeing many scans for the PHP-CGI vulnerability in the wild and put up a quick OSSEC rule to detect/block those: <rule id=”31110″ level=”6″> <if_sid>31100</if_sid> <url>?-d|?-s|?-a|?-b|?-w</url> <description>PHP CGI-bin vulnerability attempt.</description> <group>attack,</group> </rule> It looks for the possibly dangerous … Continue reading
Database Logging (PostgreSQL and MySQL)
Nobody cares about database logging, but I really recommend enabling them to see what is happening behind the scenes (specially for web applications). To enable on PostgreSQL (and be compatible with OSSEC): # Adding the timestamp, hostname and database. log_line_prefix … Continue reading
Alexa toolbar and https (not best friends)
For some reason (don’t ask my why), I decided to install the Alexa toolbar for Chrome to try it out. It works well for what it does, and I didn’t see anything wrong with it besides the expected privacy violation … Continue reading
Good passwords: It is not about their size or complexity
Every time I read a password recommendation or policy, I get frustrated. It is always about their length and complexity, and they miss the real issue with passwords and how they get compromised. So I wrote this small (non technical) … Continue reading
Back into blogging?
This blog has been neglected a bit lately. Too much going on and not enough time to post here. Anyway, I pushed some of my old papers/texts here: http://dcid.me/texts/, including a few that I thought had disappeared (specially log analysis … Continue reading
3WoO: Alerting on DNS (IP Address) changes
If you keep your DNS outside and you can’t monitor the zone files directly, a nice way to make sure the integrity of your DNS is intact is by checking remotely that it hasn’t been changed. With OSSEC, you can … Continue reading
Detecting outdated (web) applications with OSSEC
For the last few days I started working (again) on the system auditing module for OSSEC and one thing that can make it more useful is to detect outdated applications (specially web apps). Things like WordPress, Joomla, Wikis and others … Continue reading