Info Security

Triple Sure Your Web Servers Are NOT the Open Proxy

When examining the log for one of my clients, I noticed there are quite a few entries like:

Connection attempts using mod_proxy:
   212.247.120.50 -> 205.188.251.43:443: 6 Time(s)
   212.247.120.50 -> 64.12.202.116:443: 6 Time(s)

Since they do use proxy module on those apache servers, looks like someone are trying to use the servers as open proxy. Hmmm, worth to find more detail behind.

ModSecurity Community Console Application Tips

ModSecurity is a open source web application firewall. "With over 70% of all attacks now carried out over the web application level, organisations need every help they can get in making their systems secure. Web application firewalls are deployed to establish an external security layer that increases security, detects, and prevents attacks before they reach web applications."

Review of PMTU - Fix Broken Communication Caused by VPN

Have you ever experienced that your remote desktop client could not connect to some of your windows servers? And most of the time the traffic was going through VPN tunnel. You have tried all kinds of troubleshooting tools such as ping, telnet etc and they all worked well. And your sniffer told you the tcp session on port 3389 was established too. But wait a second, some of the packets could not be seen from the other side. What is that?

Dance with McAfee

McAfee released software patches today for ePO agents on the non-Windows platforms. Since I am one of the lucky guy who is carrying on a PCI auditing project which uses McAfee ePO/Solidcore products across the environment, I was trying to make ePO agent works on one of the Solaris servers. After long chating with the McAfee support this afternoon, he asked me to do re-install type of things but none of them worked.

Recent EMR Related Learning Material

EMR(Electronic Medical Record)/EHR(Electronic Health Record) is the area I paid close attention to for the past years. Government always takes that as a high priority and companies are working at their hardest to tackle the problem. There are a lot of security related issues (such as this one) and certainly keep learning from the industry best practice will help me better understand and work in this field.

 

Mollom-The anti spam magic behind the scene

I used to have a lot of trouble to deal with spam when I first opened comment to any visitors, it forced me eventually turned off that feature of my site several years ago.

Technology Failure for Protecting EMR

CBC reported the security incident from Alberta health network which an aged virus took control several computers and stole thousands of health records.

NBA system error to display internal server name

I am a fan of nba and check out the score at http://www.nba.com from time to time. I am always amazed by the flashy tech used at the site and impressed with their performance even under the huge load just you can imagine. But today it's different. The home page looks normal but there is connection error when I click the game detail link. Here is the screen shots.

Use OpenID for identity management

I've been involved into the identity management a while ago and heard OpenID as a "a free and easy way to use a single digital identity across the Internet."  openid protocol

Basically it's a free, open and distributed framework for user authentication. There is extension to add more value into this framework such as creating user profile automatically by  having additional user information.

Foundstone signature for finding missing patch

I found conflict between Foudnstone and Shavlik when Foundstone reported missing patch while Shavlik reported patch installed. The bad news is you have no clue how Foundstone determines that so I had to call the support. Fourtunately the support is quite helpful and here is the signature they are looking for:

Syndicate content