A few great first person write-ups I found documenting how these companies below were breached…
Please share other posts/write-ups you’re aware of…
A technical solution has finally been proposed to avoid locking out Linux and other OS vendors from UEFI shipped motherboards. A couple of months ago Microsoft made waves by announcing their Windows 8 support for UEFI. Open source supports took notice that this security mechanism could prevent other operating systems from booting on UEFI compatible hardware.
In case you’re still running sshd on port 22 (which you should change!) you’re probably getting hammered with brute force attempts. Take a peak at /var/log/secure or /var/log/wtmp or the “last” command and have a looksy.
There’s a great little application called “denyhosts” which will automatically add suspected brute forcers to your DENY list.
URL : http://denyhosts.sourceforge.net/
License : GPLv2
Description: DenyHosts is a Python script that analyzes the sshd server log
: messages to determine which hosts are attempting to hack into your
: system. It also determines what user accounts are being targeted.
: It keeps track of the frequency of attempts from each host and,
: upon discovering a repeated attack host, updates the
: /etc/hosts.deny file to prevent future break-in attempts from that
: host. Email reports can be sent to a system admin.
A friend of mine showed me a great online video shows cracking the Window’s SAM file using the BackTrack live CD.
The Windows SAM file which is a database stored as a registry file stores users’ passwords in a hashed format.