Great reads… (HackBack)

A few great first person write-ups I found documenting how these companies below were breached… – FlexiSpy – Hacking Team – Gamma

Please share other posts/write-ups you’re aware of…

Microsoft & UEFI Secure Boot

A technical solution has finally been proposed to avoid locking out Linux and other OS vendors from UEFI shipped motherboards.  A couple of months ago Microsoft made waves by announcing their Windows 8 support for UEFI.  Open source supports took notice that this security mechanism could prevent other operating systems from booting on UEFI compatible hardware.

The Linux Foundation has released a paper with a possible solution:

papers suggest that all platforms which enable Secure Boot should ship in “setup mode” which would give the system owner control of the Secure Boot system. Initial startup of an operating system should then detect that setup mode and install a KEK (key-exchange-key) and PK to enable Secure Boot. The system would then securely boot that operating system. When a user needed to take control of their system’s secure boot, a “reset” option for UEFI’s keys would allow those keys to be cleared and a different operating system installed. Microsoft’s Windows 8 could also be pre-installed in the same way; the UEFI reset would then unlock the machine for other operating systems.

Reduce ssh brute force attempts…

In case you’re still running sshd on port 22 (which you should change!) you’re probably getting hammered with brute force attempts.  Take a peak at /var/log/secure or /var/log/wtmp or the “last” command and have a looksy.

There’s a great little application called “denyhosts” which will automatically add suspected brute forcers to your DENY list.


URL        :
License    : GPLv2
Description: DenyHosts is a Python script that analyzes the sshd server log
           : messages to determine which hosts are attempting to hack into your
           : system. It also determines what user accounts are being targeted.
           : It keeps track of the frequency of attempts from each host and,
           : upon discovering a repeated attack host, updates the
           : /etc/hosts.deny file to prevent future break-in attempts from that
           : host.  Email reports can be sent to a system admin.