Tag Archives: security

Using CentOS CR (Continuous Release) Repo

CentOS (Community Enterprise Operating System) is a Linux distribution that attempts to provide free, enterprise-class, community-supported computing platform functionally compatible with its upstream source, Red Hat Enterprise Linux (RHEL). CentOS is run by volunteers who work directly with Red Hat’s RPM source files and pushing them to CentOS for release. At times the project will fall behind […]

50 Top Server Monitoring & Application Performance Monitoring (APM) Solutions

August 6th 2017 Update: This list now contains 70 Top Server Monitoring & Application Performance Monitoring (APM) Solutions. Back in 2014, I compiled a list of the top 20 server performance monitoring solutions. Largely because I already had a list saved locally for my own reference. Sharing that list publicly was a great way to gain feedback and recommendations on […]

Securing Internet of Things (IoT) devices

Today, I spent some time researching IoT security. At the end of this post, I’ve listed companies – all of which are new to me – which offer IoT security solutions. Feel free to share your solutions, feedback and tips for securing IoT devices. For my home office, everything sits behind an OpenWRT Wi-Fi router which allows for […]

3rd DDoS attack today, beginning of a new era

4th Update: 20 min video response by Dale Drew, the chief security officer of Internet backbone company Level 3. 3rd Update: More details emerging “that some of the infrastructure responsible for the distributed denial-of-service (DDoS) attacks against Dyn DNS were botnets compromised by Mirai malware.” says Flashpoint. I’ll continue to update with additional information and important links. 2nd Update: 3rd Attack […]

WordPress Plugin being exploited. Delete inactive plugins

For the past few days an increasing number of WordPress websites have been infected by attackers exploiting a vulnerability in the WordPress plugin: WP Mobile Detector. The plugin with over 10,000 active installs was at one point removed completely from the WordPress repository with no patch available. However, as of today the WP Mobile Detector plugin has been patched […]

Review: GrooveHQ’s ‘Free Forever’ Plan, not free forever

Update July 27th 2017: A blog reader added the following in the comments section below: “We have been a GrooveHQ customer for over a year, started as a “free forever” account and got tricked into upgrading 30 days later. Since the whole thing was easy to setup and we have only 5 users, we started paying […]

OpenSSL Security Updates – Severity: High

A new set of security updates for OpenSSL were just released this morning to address various security vulnerabilities, some of which are considered to be “high” severity. Please update as soon as possible. To update keep an eye open for Linux distro updates via package managers such as yum, apt-get, etc. Control panel updates for cPanel and others will be released over […]

The Sony Hack: An Inside Job. Here’s why…

From day one, as details leaked about stolen system administrator passwords, many of us knew that the Sony Hack had to have been an inside job. The simple reason is that system administrators setup notifications for both denied login attempts and more importantly, alerts for successful logins. These hackers reportedly stole a “System’s Administator’s password” which […]

Poodlebleed vulnerability SSL version 3.0

Google Online Security blog released details of a SSLv3 vulnerability called POODLE attack. Here you’ll find links to all the important info, all in one place! Official website: poodlebleed.com (Test your website against Poodlebleed) Security advisory (PDF download) | Google Blog | Firefox Blog | OpenSSL update | Red Hat | Nice article Fedora Blog | Discussion on […]

CVE-2014-6271: Vulnerability in Bash allows remote execution of arbitrary code

Patch instructions for CVE-2014-6271 and CVE-2014-7169 are at the end of this post. UPDATE 1: Patching Bash may not be the end of this. There’s still discussion regarding if the changes completely fixed or not. UPDATE 2: Another patch being tested. UPDATE 3: From Red Hat “Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An attacker can […]