TechMount

This is a very short Tripwire Cheatsheet with all common commands and maintainance action. No explanations or information on the command rundown. If anything is missing let me know.
Install the Tripwire RPM
Check if Tripwire already installed:
rpm -q tripwire
Install from RPM:
rpm -Uvh /mnt/cdrom/RedHat/RPMS/tripwire*.rpm
Configure Tripewire by editing the twcfg.txt file
vi /etc/tripwire/twcfg.txt
Run the install Script
/etc/tripwire/twinstall.sh
Initialize the Tripwire Database
/usr/sbin/tripwire
Read more …

Only 48 hours after eEye Digital Security reported a “gaping hole” in Symantec’s enterprise products, Symantec has patched the flaw. The flaw was described as a stack overflow affecting the Symantec Client Security and Symantec AntiVirus Corporate Edition, two enterprise level products.
It seems like Symantec patched the hole it refused to acknowledge. Flaws in software
Read more …

The Crystalys Media spyware seems to be spreading like wildfire the last few days. If you see the h91746.exe running on your Windows machine or find this file in you C:\temp directory, you know you got it too.
The h91746.exe is an executable file which primary purpose is to start a parasite or launch some of
Read more …

While browsing the hardware device managers on my workstation, I discovered an alarming “device”, this device is the Starforce software. Starforce is a very controversial copy-protection system by a Russian development company named Protection Technology. Various reports about malfunctioning CDROM devices, slower burning processes, unstable Windows systems and corrupted drivers surfaced after installing a video
Read more …

Two months ago a virus poses as “MSN Messenger 8 Working BETA” was roaming the net. When downloaded and run the malware will replace the old instant messenger and instead will start sending download links to everyone on the user’s contact lists, in a bid to encourage others to become infected. All infected machines will
Read more …

I don’t know who’s the “genius” that thought selling a “brand new vulnerability” on eBay was a good idea, but now eBay halts the auction. Some buyers at least thought it was, after 21 bids place the price at $56.
In any case the flaw lies in the way Excel validates data when handling documents and
Read more …

A few new vulnerabilities were found in Apple QuickTime, which can be exploited to cause a DoS (Denial of Service) and potentially to compromise a user’s system. The vulnerabilities have been reported in version 6.5.2 and 7.0.1 for Mac OS X. and versions 7.x prior to 7.0.3 for Windows.
* An integer overflow error exists in
Read more …

On September 1st, the FBI issued a warning after noting many sites soliciting fake charitable donations for the victims of Hurricane Katrina.
Some of the websites and spam emails could lead to phishing and pharming activity related to identity theft. Of course, they might also lead to charity fraud, or even a combination of both activities.
Here
Read more …

It seems like some sick person has decided to release a virus infected email pretending to offer news updates about Hurricane Katrina and instead it infects the readers computer with a virus.
The malicious e-mail gives a quick news summary on the disaster before offering users a link to “read more”. Clicking that link will lead
Read more …

A new computer worm, named Zotob, that was unleashed just after the weekend has infected at many global businesses including major news organizations that run Microsoft operating systems. The Zotob worm and several of its variations infected computers at CNN, ABC, The Associated Press, The New York Times, Caterpillar and others. The fact that large
Read more …

Just as Microsoft’s support for Windows 2000 is about to be over the software giant has provided an update rollup with more than 50 security patches and system reliability fixes.
The update, which replaces Windows 2000 SP5, ships as a high-priority update on the Windows Update site, where it will be listed in the “Critical and
Read more …

For the second time in less than a month, users of ZoneLabs product ZoneAlarm Pro are experiencing severe difficulties with the programs’ TrueVector Engine.
Since Friday, June 24, reports have been flooding forum boards and blogs. The majority of users are experiencing TrueVector engine crashs. The VSMON.EXE system service seems to use 100% of
Read more …

Secunia is reporting: A seven year old vulnerability has been re-introduced in Mozilla and Firefox. This vulnerability can be exploited by malicious people to spoof the contents of web sites.
The vulnerability has been confirmed in Firefox 1.0.4 and Mozilla 1.7.8. Other versions may also be affected.
Test if your browser is vulnerable here.
Speaking of security,
Read more …

A new vulnerability was reported in Squid. It can be exploited by malicious people to “poison” the web proxy cache.
The vulnerability is caused due to an error in the handling of upstream HTTP agents (e.g. web servers) not complying correctly with the HTTP specifications. This can be exploited to cause the HTTP agent and Squid
Read more …

Even when system administrators filter out all traffic except port 22 (SSH), it’s very likely that there is still a way to gain access to other computers behind the firewall. This article by Mike Chirico shows how remote Linux and Windows users can gain access to firewalled samba, mail, and http servers. In essence,
Read more …

A few vulnerabilities has been reported in Trillian, allowing malicious people to compromise a users system.
The vulnerabilities are caused due to boundary errors in the handling of HTTP/1.1 response headers. This can be exploited to cause a heap-based buffer overflow and execute arbitrary code by sending a maliciously crafted HTTP/1.1 response.
Successful exploitation requires that the
Read more …