(I’ll be updating this post as more rules are available to stop new vulnerabilities.)
Credit to Christian Folini at coreruleset.org for providing the rule.
A major vulnerability has been discovered in Java web apps basic logging function called Log4J/Log4Shell. The best remedy for this is to update Log4j itself, or update the web app platform running Log4j with a newer version provided by the vendor. But that may take a while in many instances to fully implement.
(I’ll be updating this post as more rules are available to stop new vulnerabilities.)
Credit to Christian Folini at coreruleset.org for providing the rule.
A major vulnerability has been discovered in Java web apps basic logging function called Log4J/Log4Shell. The best remedy for this is to update Log4j itself, or update the web app platform running Log4j with a newer version provided by the vendor. But that may take a while in many instances to fully implement.
After working through a number of WordPress sites over the years and either preventing hack attempts or intervening in cleaning up hacked sites, I’ve “engineered” a free way to keep your site secure with the use of these plugins in conjunction:
None of these methods are fool proof from attacks getting through some other threat vector, but I’ve found this to catch quite a bit of junk on all the sites I’ve set them up on.
And one last thing: make sure and secure your site with SSL?!? 🙂
Recently I embarked on finding the optimal NGINX SSL security settings and stumbled across this post: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
For a number of reasons, it recommends disabling SSLv3 (as a result of its insecurity), settings AES256 as the standard cipher to utilize and a couple of other things that can prevent attacks. Good stuff to tighten up security on an NGINX SSL implementation.
Apparently, after resetting the Motorola NVG510, it allows you right into the restricted areas without a password. Well, let me rephrase that in anecdotal terms. It let me in with no password. I was able to add NAT rules, change the wireless settings and number of other things. After a few minutes, it then locked me out and forced me to login. It’s been that way ever since fortunately, but why in the world would it allow me in without a password? And no, I didn’t have the password saved in my browser. On top of the connection issues I’ve experienced with this RG, the security issue described here adds one more layer of flakiness that deserves some attention. Anyone else out there experiencing this?
“The former cybersecurity director at DHS had some sobering words last week about the battle for cybersecurity. ‘We lost,’ the former director, now chief executive officer of NetWitness Corp., said at the Symantec Government Symposium in Washington. ‘We lost the cyber war over the last 15 years. Our computing environment is already compromised,’ and things are likely to get worse going forward because we do not really understand security. ‘We lack any meaningful metrics or measures to say how secure a system is.’ It no longer is true that the best minds are on the side of the hackers. The dark side of cyberspace has been co-opted by organized crime, entrepreneurs of questionable integrity and, possibly, terrorists. Much of the process of illegal hacking has been mechanized to the point that it involves automation, not innovation. Part of the problem was identified by the U.S. Computer Emergency Readiness Team director. ‘We lack a common language for discussing many of the elements of security. We need to reinvent not only how we do incident response, but how we talk about events,’ the director said at the symposium.”
I’m a nerd. I’m not afraid to hide it, clearly. As a nerd, I love technology. I have a webcam setup at home for security reasons, pointed across my front yard to catch possible intruders that wish to invade my property or cause other harm. I have a threshold setup on the software I run along with my webcam that, when hit, sends an email attached with a picture (or series of pictures) to an offsite email account.
Most of the time, I just get cars passing by, lightning during a storm, really any kind of movement or light change that causes enough of a fluctuation to trigger a webcam picture alert. Sorting through the emails on partly cloudy days is not always fun and many times, I just delete them all because it is too many to sort through. However, there are some rare occasions that I actually get something good, funny, or odd. Here is a sample of some of the best shots from the past two years that I have kept:
This guy thought he might try and get into my garage and steal some junk in the middle of the night last year in June.
Apparently, it proved to be too much of a risk for him with the flood lights along with neighbors who are not afraid to use a gun. Good, please leave. Whew.
I’m pretty sure this jumping spider knew he would send off an email alert and intentionally walked across the viewing range of the webcam.
It really isn’t that uncommon to see people walking across the yard. You would be quite surprised to know how many neighbors do this during the middle of the day 🙂 Anyway, this guy caught my attention only because he looks exactly like my wife’s brother. It was just the electric meter guy though.
I thought this was a fascinating photo study in the custodial/lawn service arts.
Finally, these are two shots from last nights’ thunderstorm that I thought were pretty awesome.
——————————–
Updated at 2:00pm on 08/02/2008:
I almost forgot … though we live in the city, we apparently are still on a rural mail route (can’t figure that one out). As such, we receive our mail (I would guess) about every other day on average, from a guy in a jerry-rigged minivan. He drives the thing from the passenger seat. Yet the wheel still resides on the drivers side … and I assume he has pedals on the passenger side as well. I’m still trying to figure out how he drives the thing without easily running into stuff. Very interesting to say the least.
Powered by WordPress & Theme by Anders Norén