security

Bookmarks for 22 giu 2014 through 23 giu 2014

These are my links for 22 giu 2014 through 23 giu 2014:

Bookmarks for 6 mag 2014 through 15 mag 2014

These are my links for 6 mag 2014 through 15 mag 2014:

  • Send ePub to Kindle – What is my Send-to-Kindle email address? Your Send-to-Kindle email address is a unique email address assigned to your Kindle device or reading app when it is registered. Each Kindle device or reading app has its own email address. These email addresses will always end with “@kindle.com”, and supported files sent to them will automatically appear in your Kindle library.
  • redsocks – transparent socks redirector – This tool allows you to redirect any TCP connection to SOCKS or HTTPS proxy using your firewall, so redirection is system-wide. Why is that useful? I can suggest following reasons: you use tor and don't want any TCP connection to leak you use DVB ISP and this ISP provides internet connectivity with some special daemon that may be also called "Internet accelerator" and this accelerator acts as proxy. Globax is example of such an accelerator Linux/iptables, OpenBSD/pf and FreeBSD/ipfw are supported. Linux/iptables is well-tested, other implementations may have bugs, your bugreports are welcome.
  • Unbound – Unbound is a validating, recursive, and caching DNS resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible. The source code is under a BSD License.

Bookmarks for 1 apr 2014 from 13:31 to 14:21

These are my links for 1 apr 2014 from 13:31 to 14:21:

Bookmarks for 28 mar 2014 through 29 mar 2014

These are my links for 28 mar 2014 through 29 mar 2014:

  • LDAP org chart | bitcube.co.uk – For centralised authentication and authorisation, LDAP is the de-facto standard. Whether in its pure form on Unix or in Active Directory guise on Windows, everyone uses it. What many people don't realise is that you can store all sorts of useful (and not so useful) information in LDAP. One field which can be useful is the "manager" attribute. One of our customers use that and so we've written a small script to graph it using the excellent Graphviz tool. It will probably need customising for specific cases, however we hope that people find it useful nonetheless. If you want to alter the output, do have a look at the record format documentation.
  • Puppet errors explained | bitcube.co.uk – Puppet is a wonderful system automation tool, however the learning curve can be a little steep. We've collected some of the errors messages and "strange" behaviour you may come across together with explanations to help overcome these hurdles and boost adoption of this fabulous tool. If you have any useful errors and explanations, please do send them in and we'll update this article.
  • SCAP: Guide To The Secure Configuration of Red Hat Enterprise Linux 5 – This guide has been created to assist IT professionals, in effectively securing systems with Red Hat Enterprise Linux 5.
  • DNS Load Balancing and Using Multiple Load Balancers in the Cloud – […] Load balancing in general is a complicated process, but there's some secret sauce in managing DNS along with multiple load balancers in the cloud. It requires that you draw from a few different sets of networking and “cloudy” concepts. In this second article in my best practices series (my first post covered how to use credentials within RightScale for storing sensitive or frequently used values), I'll explain how to set up load balancers to build a fault-tolerant, highly available web application in the cloud. Here's what you’ll need: Multiple A records for a host name in the DNS service of your choice Multiple load balancers to protect against failure […]
  • gdnsd – gdnsd is an Authoritative-only DNS server which does geographic (or other sorts of) balancing, redirection, weighting, and service-state-conscious failover at the DNS layer. gdnsd is written in C using libev and pthreads with a focus on high performance, low latency service. It does not offer any form of caching or recursive service, and notably does not support DNSSEC. There's a strong focus on making the code efficient, lean, and resilient. The code has a decent regression testsuite with full branch coverage on the core packet parsing and generation code, and some scripted QA tools for e.g. valgrind validation, clang-analyzer, etc. The geographically-aware features also support the emerging EDNS Client Subnet draft for receiving more-precise network location information from intermediate shared caches.

Bookmarks for 24 mar 2014 from 13:13 to 18:33

These are my links for 24 mar 2014 from 13:13 to 18:33:

  • ZPanel | The free web hosting panel – ZPanel is an easy to use, enterprise class web hosting control panel with support for unlimited resellers. From the largest business to SOHO or development environments, ZPanel can support your needs.
  • Bucky — Performance Measurement of Your App’s Actual Users – Bucky is a client and server for sending performance data from the client into statsd+graphite, OpenTSDB, or any other stats aggregator of your choice. It can automatically measure how long your pages take to load, how long AJAX requests take and how long various functions take to run. Most importantly, it's taking the measurements on actual page loads, so the data has the potential to be much more valuable than in vitro measurements. If you already use statsd or OpenTSDB, you can get started in just a few minutes. If you're not collecting stats, you should start! What gets measured gets managed.
  • Linux on 4 KB sector disks: Practical advice – Advanced Format disks use 4,096-byte sectors rather than the more common 512-byte sectors. This change is masked by firmware that breaks the 4,096-byte physical sectors into 512-byte logical sectors for the benefit of the operating system, but the use of larger physical sectors has implications for disk layout and system performance. This article examines these implications, including benchmark tests illustrating the likely real-world effects on some common Linux file systems. As Advanced Format disks have become the norm, understanding how to cope with these disks is a vital skill for anyone who wants to avoid serious performance penalties associated with suboptimal configuration.
  • WPScan by the WPScan Team – WPScan is a black box WordPress vulnerability scanner.
  • SiteSucker for OS X – SiteSucker is a Macintosh application that automatically downloads Web sites from the Internet. It does this by asynchronously copying the site's Web pages, images, backgrounds, movies, and other files to your local hard drive, duplicating the site's directory structure. Just enter a URL (Uniform Resource Locator), press return, and SiteSucker can download an entire Web site. [ via http://onethingwell.org/post/79174700058/sitesucker ]

Bookmarks for 26 feb 2014 through 3 mar 2014

These are my links for 26 feb 2014 through 3 mar 2014:

  • Introducing Kite ! – Kite is a gmail clone you can install on a server of your own. It's pretty limited for the moment, but I hope to get something usable in the next few months.
  • Mailpile: Let’s take e-mail back! – Mailpile is email software (an app) that runs on your desktop or laptop computer. You interact with the program using your web browser. The goal of Mailpile is to allow people to send e-mail in a more secure and private manner than before.
  • xml2csv-conv – Command line XML to CSV converter – Google Project Hosting – xml2csv-conv is command line tool for converting data from XML schema to CSV. The tool has many command line options. The software is platform independent and was written in Java language.
  • Authenticating other services against AD – SambaWiki – Maybe you finished setting up your new/migrated samba4 domain and having now the job to hook up several other services to Active Directory or LDAP. Then you will find here a place for configuration examples. Please keep in mind, that some of the examples here may only work on specific plattforms and/or distributions and have to be adapted.
  • Eight Ways to Blacklist with Apache\’s mod_rewrite | Perishable Press – With the imminent release of the next series of (4G) blacklist articles here at Perishable Press, now is the perfect time to examine eight of the most commonly employed blacklisting methods achieved with Apache’s incredible rewrite module, mod_rewrite. In addition to facilitating site security, the techniques presented in this article will improve your understanding of the different rewrite methods available with mod_rewrite.

Bookmarks for 18 feb 2014 from 01:19 to 22:32

These are my links for 18 feb 2014 from 01:19 to 22:32:

  • SubGit :: Svn To Git Migration – What is SubGit SubGit is tool for a smooth, stress-free Svn to Git migration. Create writable Git mirror of a local or remote Subversion repository and use both Subversion and Git as long as you like. Version 2.0 of SubGit introduces support for a remote Subversion repositories, so that to build a Git mirror, no shell access to Subversion repository is required (see complete release notes for a new version). […] You may use SubGit for evaluation purposes without a registration as long as you like. During that evaluation period SubGit will remind you on a necessity of registration with the help of post commit and post receive messages.
  • Apache Tips & Tricks: Deny access to some folders – MDLog:/sysadmin – Applies: apache 1.3.x / apache 2.0.x Required apache module: mod_access Scope: global server configuration, virtual host, directory, .htaccess Type: security Description: How to deny access to certain folders and the files inside them. Useful: to deny access to certain folders containing private information (log files, source code, password files, etc.). The example shown here will address the question posted by Saul Howard on how to deny access to all the subversion directories (.svn).
  • Polipo — a caching web proxy – Wikipedia: Polipo is a lightweight forwarding and caching web proxy server. Polipo is HTTP 1.1-compliant, supports IPv4, IPv6, traffic filtering and privacy-enhancement. To minimize latency, Polipo both pipelines multiple resource requests and multiplexes multiple transactions onto the same TCP/IP connection.[1] Polipo is free software[2] released under the MIT License.[3] It runs on GNU/Linux, OpenWrt, Microsoft Windows, Mac OS X, and FreeBSD. Polipo can be configured to use on-disk cache and serve cached content when offline and perform various forms of content filtering[…] E può usare upstream proxy socks… per chi se ne intende 😉

Bookmarks for 30 gen 2014 through 10 feb 2014

These are my links for 30 gen 2014 through 10 feb 2014:

  • Binpress – iOS, Android, Web and Desktop Open-Source Code Marketplace – Binpress brings together companies and developers to build an ecosystem around Open-Source code. Open-Source projects that solve real-world problems, Manually curated and professionally supported.
  • Filtering Apache logs / conditional Logging – This can be very troublesome when trying to access certain web pages. The only way to get through is to make use of conditional logging (it is not the only way to control the contents of the logs) To do this, simply define an environment variable ,according to certain criteria, then request that the server does not write the file type within log when this variable exists
  • TestSSLServer – TestSSLServer is a simple command-line tool which contacts a SSL/TLS server (name and port are given as parameters) and obtains some information from it: Supported versions (among SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2). Support of Deflate compression (TLS-level compression, not HTTP-level gzip/deflate compression, which this tool does not consider). Supported cipher suites, for each protocol version. Server certificate hash and name.
  • gif2mp4
  • lionaneesh/RasPod – A simple music server for Raspberry Pi.

Bookmarks for 23 gen 2014 through 24 gen 2014

These are my links for 23 gen 2014 through 24 gen 2014:

  • Pancake HTTP Server – What is Pancake? Pancake is a lightweight and modern HTTP server that comes with its own PHP Server API and interfaces for FastCGI and AJP13. With its modern server architecture Pancake is capable of handling very high concurrency loads along with many other features – try it out!
  • GitLab: Self Hosted Git Management Application – GitLab is open source software to collaborate on code. Create projects and repositories, manage access and do code reviews. GitLab allows you to keep your code secure on your own server manage repositories, users and access permissions communicate through issues, line-comments and wiki pages perform code review with merge requests GitLab is powered by Ruby on Rails completely free and open source (MIT license) used by more than 25.000 organizations to keep their code secureGitLab is open source software to collaborate on code. Create projects and repositories, manage access and do code reviews.
  • Hardening the Linux server – Summary:  Servers — whether used for testing or production — are primary targets for attackers. By taking the proper steps, you can turn a vulnerable box into a hardened server and help thwart outside attackers. Learn how to tighten Secure Shell (SSH) sessions, configure firewall rules, and set up intrusion detection to alert you to possible attacks on your GNU/Linux® server.

Bookmarks for 10 gen 2014 through 15 gen 2014

These are my links for 10 gen 2014 through 15 gen 2014:

  • CodeCombat – Learn programming with a multiplayer live coding strategy game. You're a wizard, and your spells are JavaScript. Free, open source HTML5 game! [ via http://hackingitalia.com/ ]
  • » Linuxaria – Everything about GNU/Linux and Open source SSH in 2 steps on Linux with Google Authenticator – Many security policies require you to change the port number of the SSH service to ensure greater security in a Linux system. Situation now used throughout the IT world and used mostly by users who have their own private server. Today I want to show you how to add another security layer without having to change the SSH port. To do this we’ll incorporate the famous Google Authenticator to our ssh service, in this way we’ll have a safe, two steps security, by entering our password and the combination given from the GA application. Let’s see how to do this…
  • SoftEther VPN Project – SoftEther VPN Project – SoftEther VPN is one of the most powerful and easiest VPN software in the world. It is freeware, developed as an academic research project in University of Tsukuba, Japan. Download SoftEther VPN and enjoy it today. It is open source. Features * Easy to establish both remote-access and site-to-site VPN. * SSL-VPN Tunneling on HTTPS to pass through NATs and firewalls. * Revolutionary VPN over ICMP and VPN over DNS features. * Ethernet-bridging (L2) and IP-routing (L3) over VPN. * Embedded dynamic-DNS and NAT-traversal so that no static nor fixed IP address is required. * AES 256-bit and RSA 4096-bit encryptions. * 1Gbps-class high-speed throughput performance with low memory and CPU usage. * Windows, Linux, Mac, Android, iPhone, iPad and Windows Phone are supported. * SSL-VPN (HTTPS) and 6 major VPN protocols (OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3 and EtherIP) [ via http://www.net-security.org/secworld.php?id=16171 ]