P. Porras, H. Saidi, V. Yegneswaran

February 2009

This new, self-refreshing worm appeared and spread on the internet in November 2008, then infected a serious number of systems successfully in a short period of time. The worm attacked windows based systems (Win2K, WinXP, Win 2003, Vista, Win 2008 etc.) with the help of specifically crafted RPC requests. Although Microsoft published the fix for the flaw on the 23rd October 2008, it seems that numerous systems didn't get these updates.
At the peak of the infection, based on the measured data, we can talk about 4.7 million infected IPs in 206 countries, but this data may mean a lot more computers. Later, more variants of the virus appeared, among which a few are still active according to network analysis systems. In the article below, a very detailed analysis can be read about the structure and operation of the worm.

Steinar H. Gunderson

November 2008

Google published the study in the reference on the occasion of the 57th RIPE meeting. From this we can learn that based on measurements by Google, 0.238% of the users have usable IPv6 based internet connections (it means less than one million addresses). An interesting presentation can be seen about the distribution of the IPv6 usage by countries, operation systems, and the applied technologies (native IPv6, 6to4, ISATAP, etc.). The penetration of IPv6 currently is very low, but based on the measurements by Google, it's increasing week by week, and who knows, maybe in a few years' time we will know 128bit IP addresses by heart, instead of the current 32bit ones.

Steve Friedl

October 2008

This article gives a lot of information about the background and the operation of the DNS flaw we detailed in the article titled Multiple DNS implementations vulnerable to cache poisoning. Detailed description, with high quality pictures, that analyse the topic from basic knowledge to the execution of the attack and the defence methods.

Borbély Zoltán

July 2008

Dan Kaminsky has discovered a new vulnerability in the DNS protocol, that affects most of the implementations. The exact nature of the vulnerability still stays a secret until August, however, even until then it's practical to install the patches.

Willy Tarreau

February 2007

We get to know the topic of load balancing of web (HTTP) traffic in the frame of a detailed analysis, with numerous examples and considerably deep protocol analysis. The article is specifically technical, but with its help we can get an insight into the operation of the most widely used protocol

Raul Siles, GSE

January 2007

The two-part article series tries to give assistance to the deep and comprehensive analysis of the traffic of wireless (WiFi) networks, which are more and more widespread these days. The first article focuses on the technical details, how WiFi networks operate and how it is possible to intercept traffic, the second part shows the analysis of the intercepted traffic doing this on a Linux operating system with the help of open source tools.
The second part of the article series can be read here: second part.

Mikhael Felker

December 2006

This two-part article series examines the password manager of Internet Explorer (6, 7) and Mozilla Firefox (1.5, 2.0). The aspects of the examination: the method of storage of the passwords, attacks against the archiver, how easy it is to trick them, usability, and defence solutions. The analysis discusses the capability of each particular browser to the necessary depth, and as an end result it states: everyone needs improvement ... and not only the browsers, but the users as well.
The second part of the article series can be read here: second part.

John Heasman

November 2006

John Heasman wrote a similar study before, in his earlier work he used the ACPI interface to store and run rootkits, with this getting around most of the rootkit detection methods. In this current writing he realises the concealment and running of the rootkits through the PCI interface. A special peculiarity of the solution is that in certain cases we can't get rid of our unpleasant pests, not even by restarting the computer.

Elad Efrat

October 2006

The article presents the broad-ranging security abilities of the NetBSD operating system, with considerable thoroughness. The following topics are introduced in this order: similar implementations, design, development, plans for the future. Thank to this, we may get to know numerous useful security solutions, not necessarily limited to NetBSD. A few of the topics mentioned: decreasing the effect of the exploits, security levels (layered security), Veriexec, kernel memory defence, etc...

SYMANTEC - Matthew Conover

August 2006

We heard the most about Windows Vista in connection with its delayed release by now, the 16 paged analysis that was published now examines the Kernel-mode safety of Windows Vista.

AVAXIO Informatikai Kft

August 2006

These days, visualisation and everything associated with it are the trendy keywords. Virtual machines, virtualisation solutions, techniques. The article below offers help in this topic for orientation.

Marius

July 2006

What to do if the problem already has occurred? Of course you should make sure to do everything not to let it happen, but it doesn't hurt to know what to do if your Linux based system was hacked.

AmirAli Lalji

October 2005

Deep knowledge of the system is crucial to be able to configure it well, that is important in security and usability aspects as well. I recommend this article especially for beginner Unix users, as it follows through the more important files that can be found under /etc, briefly introducing what the function of each is.

Noel

October 2005

This piece came to the author's mind while reading the article (Pass on Passwords with scp) recommended before. I recommend this, because expect is an undeservedly neglected tool, with the help of which we can do such things in the background (for example from cron), which would require interactivity otherwise. Such a case can be for example the updating of many computers from a logged in central management computer.

Dave Sirof

October 2005

If we want to move some files from one machine to another with the help of scp, it may cause a problem of what should be done with the password. This article describes how is it possible to solve this task with the help of an ssh key without a passphrase.

Ryan Paul, Ian Smith-Heisters

October 2005

Monitoring network traffic is an eternal topic. We can use tcpdump or ethereal for this, but with those certain specific requests are hard to solve. If we need a programmed network monitor assistant, then it's the right time for it: from the article we can learn how to create a network monitor in Ruby language, with the help of the Pcap function library.

Paul Ritchey

October 2005

As notebook computers are becoming more and more widely spread, losing or stealing them is becoming a bigger and bigger problem as well. An inconvenience like that is not awkward because of the price of the computer, but because of the confidential data and files on it. If a theft like this is targeted, for example, motivated by industrial espionage, then the prevention of damages caused by the stolen data may cause a high degree of inconvenience. That's why it is of essential importance to store the information in an encrypted form, especially on portable computers. This article shows step by step how to create and use such encrypted areas on our computer.

Brian W. Fitzpatrick

October 2005

Mayank Sharma

October 2005

From the point of view of the security of the system, the appropriate management of logs has essential importance. This short article presents the setting of the best log rotating program, logrotate. Although the developers of operating systems often make the choices instead of us, sometimes there may be a need to tune the settings.

Jason Miller

September 2005

The OpenBSD team does many things in the name of the prevention of security flaws that other operating systems could do as well. The tools of the system are continuously audited so there will be no errors left, and tools which have possibilities of errors that may lead to damage of the system later are altered or removed from the system. They are making a pioneering work for making the libc, one of the most important element of the Unix systems, safer. This article describes a few innovations, which makes the life of attackers even harder. Reading it is highly recommended for developers.

Aditya Narayan

September 2005

Another great IBM article that takes the readers to the world of supercomputers. These days it's easier and easier to create very high performance computers by connecting several computers. The obvious leaders in this area are the Linux systems developed for this specific application. The article series presents how to build a supercomputer with the help of Linux. The first part defines the fundamental concepts.

Mikael Vingaard

September 2005

The Auditor is a so called LiveCD that is based on the Knoppix system, and contains a number of software applications (more than 300) which are very useful in several areas of computer security. This article is a little introduction to the possibilities of the system.

Till Brehm, Falko Timme

September 2005

This useful description helps to set the current version of the Ubuntu as an ISP server. It is worth having a look at it even for those who use different systems, because the majority of the settings are not distribution-dependent. For those who want to use Debian as a server, the things written here can be used almost without any changes. I would like to bring to your attention the following homepage: http://www.howtoforge.com/ where outstanding descriptions can be read in all sorts of free software related topics.