peterthomas2009 - Slashdot User

Comment Nagios + Cacti an excellent combination (Score 1) 45

by peterthomas2009 on Monday February 08, 2010 @05:33PM (#31065390) Attached to: Cacti 0.8 Network Monitoring

Cacti is great for graphing performance, capacity planning and spotting anomalies while Nagios is tops for monitoring / alerting. I have worked with many different monitoring tools and suites both commercial and open source. A well configured Nagios / Cacti solution is hard to beat for stability and usability.

Facebook Master Password Was "Chuck Norris" 319

Posted by samzenpus on Thursday January 21, 2010 @03:56PM from the ad-nauseum-roundhouse dept.

I Don't Believe in Imaginary Property writes "A Facebook employee has given a tell-all interview with some very interesting things about Facebook's internals. Especially interesting are all the things relating to Facebook privacy. Basically, you don't have any. Nearly everything you've ever done on the site is recorded into a database. While they fire employees for snooping, more than a few have done it. There's an internal system to let them log into anyone's profile, though they have to be able to defend their reason for doing so. And they used to have a master password that could log into any Facebook profile: 'Chuck Norris.' Bruce Schneier might be jealous of that one."

Comment Re:I'm (still) seeing penetration attempts (Score 1) 89

by peterthomas2009 on Thursday December 10, 2009 @05:52PM (#30394920) Attached to: Hackers Find Home In Amazon EC2 Cloud

Have a look at OSSEC with active response.

Comment Brute Force ssh attacks from Amazon (Score 3, Interesting) 89

by peterthomas2009 on Thursday December 10, 2009 @05:12PM (#30394214) Attached to: Hackers Find Home In Amazon EC2 Cloud

"This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity"

I posted to my blog back in June that Amazon cloud nodes were compromised and performing brute force SSH scans against some of my hosts.

This story and my post merely highlight the obvious fact that most cloud services are just scalable hosting. Remember your instance / slice / vm can be compromised like any other web host.

Amazon Cloud Service Brute Force Attacks

Comment Autowhaler = crowd sourcing? (Score 1) 137

by peterthomas2009 on Tuesday December 08, 2009 @12:11AM (#30361568) Attached to: Hackers vs. Phishers

Since the tool is not run locally you can only assume that all the submitted url's are going into someone's database.

That someone is going to collect a lot of hacked accounts very quickly.

Hackers vs Phishers vs Hosted Hacked account collection Service?

Comment It is significantly faster (Score 1, Informative) 73

by peterthomas2009 on Thursday July 16, 2009 @06:50PM (#28724083) Attached to: Nmap 5.00 Released, With Many Improvements

I have just added the latest version to HackerTarget.com.

Across the board I am seeing significant speed improvements over 4.85.

Congratulations to the developers this looks like another quality release. I am looking forward to testing some of the new features to determine what additional capabilities can be added to our online scanning.

* Full disclosure - I run HackerTarget.com *

Nmap 5.00 Released, With Many Improvements 73

Posted by timothy on Thursday July 16, 2009 @03:50PM from the ok-now-release-another-nsfw-introduction dept.

iago-vL writes "The long-awaited Nmap Security Scanner version 5.00 was just released (download)! This marks the most important release since 1997, and is a huge step in Nmap's evolution from a simple port scanner to an all-around security and networking tool suite. Significant performance improvements were made, and dozens of scripts were added. For example, Nmap can now log into Windows and perform local checks (PDF), including Conficker detection. New tools included in 5.00 are Ncat, a modern reimplementation of Netcat (with IPv6, SSL, NAT traversal, port redirection, and more!), and Ndiff, for quickly comparing scan results. Other tools are in the works for future releases, but we're still waiting for them to add email and ftp clients so we can finally get off Emacs!"

Slashdot Top Deals