A new version of the Core Rule Set (CRS) for ModSecurity was release a couple of days back. I wanted to blog about it, as I find the changes to the previous version 2.0.9 are quite amazing, but I did not find the time to do that. So here is my list what I really find amazing:
- Checks whether cookies are marked as http only or as secure when they came down the wire via https and throws a warning.
- Helps mitigiting against the slow HTTP POST attack.
- Helps mitigitating against DoS attacks – I wonder how that works, as it is still handled at the application layer, at least at protocol level.
- Flags up requests where a CSRF tag is expected – I did not look into this at all what this is exactly, I only see occasionally some errors popping up – when a dodgy client is accessing the site.
I think the folks at modsecurity/Trustwave have done a good job again. My feeling is that ModSecurity makes really good progress as an application firewall (even though I dont like that term, “protocol enforcer” would be better suitable).
Btw, with version 2 ModSecurity also supports now not only ingress filtering, it also has some egress filters in place, for example blocking “Directory Listings” pages to name the most famous one.
It is worth to have a look at their blog at here, which discusses certain hardcore topics from time to time, at the time of writing they have an article about “Credit Card Tracking” online, so another egress filter.
I had it on my list “to look at” for a long time and finally I found some time to look at this. TrueCrypt gives you the ability to either create an encrypted partition, or to create a file on any partition which contains an encrypted filesystem aka “Container”. So far the theory then.
I was a bit sort-of excited. I had some experience with dm-crypt on Linux and EcryptFS on Ubuntu. … If you check out the documentation on their website, you will see that there is nothing to be excited about. I mean, I expected something fairly complicated to setup and use and so forth, but no – it was just working out of the box. Download the package, execute the install script and run “truecrypt”, what does everything for you. The documentation btw. is excellent.
I am using at the moment the Container feature, it works well. What I like is the only binary “truecrypt” is doing all the heavy lifting. It serves as a wizard and it is also used when mounting a container. Very well done folks, it cannot be better integrated.
I am using it only on Linux, but it should be easily possible to access your encrypted container/partition from other operating systems as well.
PS: I read somewhere that newer version of TrueCrypt should be supporting YubiKey as well…
I wanted to attend the talk from Johannes Ullrich at SANS 2010 here in London, but due to “Jubilee line woeness” (is that even a word?) I missed the original talk. Long story short, I spent some time with him and he was kind enough to have a chat about IPv6. It was very interesting, as he pointed things out, what you need to be aware when you are actually implementing it.
The slides are available here.
He is also doing the SANS Internet Storm Center StormCast podcast, this is how I got to know him. This podcast is about current information security threats and trends. I can strong recommend this podcast, as it gives you a good headstart into your day working in IT – for me while I am eating breakfast.
To finish up with his words in regards to IPv6: “You need to get to know it now, as when you need it at some point, you will need to implement it in a rush.”
I will take away the following actions for myself:
- Implement IPv6 in my homenetwork for wired and wireless connections.
- Enjoy accessing Kame via IPv6.
… what would a software be doing with this name?
Maggots are required, no doubts, but what would GNU maggots do? Cleaning computers what are zombies/bots? Analyzing network traffic to watch out for – ? Attacking CnC servers?
Suggestions welcome please.
