Open Source


Spectre and Meltdown. How Susceptible Are you?

There’s a ton of crap running around about these vulnerabilities.  This video talks about the vulnerabilities on a user level and gives some background on exactly where the problem lies and much you should worry.  A technical paper on this is upcoming.  This is only a basic overview so the non-techies out there can truly understand what is going on.


Is The Cloud About to Become Fog?

It very well could be. right now I am seeing signs about an embargoed(aka being kept secret) serious HARDWARE security problem RE: virtualization(aka the cloud) that affects Intel processors. The amount of software patching going on is massive and even open source software maintainers are keeping a lid on things. Eventually something will either leak or it will get disclosed. Get ready because it appears this could be something really big….I hope this is speculation […]



A Dubious IOT Product With Some Serious Network Problems..Are We ...

From if it sounds to good to be true it probably is department: I was notified about something being hawked on a public Facebook page. Supposedly you can “fire your cable company” with this little box. What got them suspicious is the fact the seller would only do business on PM, with no public pricing information, and no real details about the product. The only things presented were a couple of screenshots of live events, […]


Progress report on new secure storage and backup

Well this is why research is done before product roll out…:) I purchased a server to use as my new storage host and it turns out the hard drive controller card is not suitable for the server product. Luckily I had another smaller server that will suffice for testing…except for the fact it has a bad chip on the motherboard that prevents the latest version of the storage software from running. Fortunately for me, the version […]



New firewall platform research project

I have grown weary of the proprietary vendors or vendors who start off Open Source and then switch to closed source while code quality and value for both me and my clients goes down.  Even though I ahve partnered with Sophos and Dell their products do not meet every objective that I have listed here.I have been researching my theoreticals for my new secure file storage/offsite backup/ cloud backup solution for about 6 months and […]




0day Linux/CentOS SSHd Spam Exploit — libkeyutils.so.1.9 | Security, Server ...

HOW TO FIND OUT IF YOU HAVE BEEN ROOTED: ls -la /lib64/libkeyutils.so.1.9 rpm -qf /lib64/libkeyutils.so.1.9 ls -la /lib/libkeyutils.so.1.9 rpm -qf /lib/libkeyutils.so.1.9 If you find the file and RPM shows “is not owned by any package” you have been rooted. Currently known affected OSes:  RHEL-based servers Currently known effected control panels:  cPanel, DirectAdmin, and Plesk we do not know if controls panels are the reason or not. Servers with ksplice have been exploited via 0day Linux/CentOS […]


2

The Broken Philosophies of Third Party Digital Certificates and How ...

This has been a long standing procedure.  If you are online and what to have an online identity certificate that identifies you you have been required to go to various third parties(Verisign, GoDaddy just to name two) and pay them to issue you a digital certificate that other folks then accept as being genuinely unique to you.  The problem is…now you have placed the security and authenticity of your online identity in the hands of a third party.  What happens when, not if, […]




Samba 4 Means the end of the Microsoft Stranglehold Networking

The team behind the Samba Project has released version 4.0 of its open source Windows interoperability software suite, the first version to offer full compatibility with Microsoft’s Active Directory protocols. The Samba stack is by far the most popular solution for networking non-Microsoft platforms with Windows machines, but previous versions only provided Windows NT Domain Controller functionality. According to the Samba Team’s press release, Samba 4 can now act as an Active Directory Domain Controller […]