Wednesday, April 15, 2009

Lynis v1.2.6 - Security & System Auditing Tool

Project information:
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. It can be run without prior installation, so inclusion on read only storage is no problem (USB stick, cd/dvd).

Lynis assists Auditors in performing Basel II, GLBA, HIPAA, PCI DSS and  SOX (Sarbanes-Oxley) compliance audits.

Please note that Lynis is Not a hardening tool. Lynis does not fix things automatically, it reports only & gives suggestions.

Intended Audience:
Security specialists, penetration testers, system auditors, system/network managers.

Examples of Audit tests:
    - Available authentication methods
    - Expired SSL certificates
    - Outdated software
    - User accounts without password
    - Incorrect file permissions
    - Firewall auditing

Current State:
Stable releases are available, development is active.

Download:
You can download Lynis 1.2.6 here:
http://www.rootkit.nl/files/lynis-1.2.6.tar.gz

For Lynis Documentation, please see here:
http://www.rootkit.nl/files/lynis-documentation.html

For System requirements, Supported Operating Systems & Hash information on Lynis download, please see here:
http://www.rootkit.nl/projects/lynis.html

Sunday, April 12, 2009

Analysis: Twitter StalkDaily Worm

Twitter is again in news (surprise!, anyone). 

Another XSS worm hit Twitter creating (good, eh!) publicity of another portal -  StalkDaily. The XSS worm exploited improperly escaped profile URL field to re-display the malicious script, in this case - script src="hxxp://mikeyylolz.uuuq.com/x.js - resulting in infecting anyone who visited an infected profile.

Read more on this at: Fsecure

Strangely, that's just a small, noisy show of what XSS can do. It could have become more interesting though, using XSS to quietly infect the end-user systems & build up a botnet force. The possibilities are limitless.

Twitter seems to have rectified this issue as of now.

Until the next worm!

Safe Twitterin'  :)

wepawet - Analyzing Web-Based Malware

One of the most prevelant mode of infection is headed through malicious web-sites. An attacker may chose to host his own site & use it for malware propagation. Or better still, exploit vulnerabilties in other web site(s) & host his malware code on them.

There are different ways to verify if a site is hosting malicous script(s) - varying from tedious manual inspection of code, to using tools such as Malzilla (http://malzilla.sourceforge.net/) & several others, or verifying with Google Safe Browsing.

wepawet is a simple service/tool that many security professionals prefer to use for analyzing web based malicious code.

wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, pdf and JavaScript files.

wepawet analyzes a web-site & provides us with good information about the malicious resource, & the vulnerabilities exploited during an attack.

Basically, wepawet is a simple point, click & shoot tool for analyzing web-based malware.

You can check out wepawet here:

Wednesday, April 1, 2009

Welcome to iPositive Security

Welcome to my blog!

The main content will address InfoSec updates on Exploits, Tools, Security Incidents, Analysis & experiences in the domains of Ethical Hacking, Vulnerability Assessment & Penetration Testing.

I hope you find some useful resource here.

Thank you for visiting!

Karn Ganeshen

Disclaimer

The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.