The same result for Nessus 4.01

HITBSecConf2009 – Malaysia will also see a new and improved version of our highly popular team-based hacking competition known as Capture The Flag. First developed and presented at Defcon in the US, the idea behind a CTF competition is to allow for teams of three to hack into prepared servers running in order to retrieve marked files or flags on these target machines. Participants will also be required to defend their systems from attack. Teams will be judged on both their defensive as well as the offensive game play.

We believe HITBSecConf is an ideal platform for leading network security vendors to not only meet with some of the leading network security specialists but to also showcase their own technology and solutions with the public as well.

Venue:
Crowne Plaza Mutiara Kuala Lumpur,
Jalan Sultan Ismail,
50250 Kuala Lumpur

Technical Training – DAY 1 and DAY 2
Date: 5th and 6th October 2009
Time: 0900 – 1800
TECH TRAINING 1 – Web Application (in)Security
TECH TRAINING 2 – The Art of Network Based Forensics – Going Beyond Packet Data
TECH TRAINING 3 – The Exploit Laboratory 4.0
TECH TRAINING 4 – The Security of ASEAN Locks (CLOSED DOOR SESSION FOR .GOV / LAW ENFORCEMENT ONLY)
TECH TRAINING 5 – Forensic Acquisition and Analysis (*NEW*)

Conference DAY 1 and DAY 2
Date: 7th and 8th October 2009
Time: 0900 – 1800
Triple Track Conference
HITB Labs
Capture The Flag (CTF)
Lock Picking Village
HAM Radio Village

For more details please visit HITBSecConf 2009

# wget http://mirror.mcs.anl.gov/openssh/portable/openssh-5.2p1.tar.gz

Check your md5/sha1

(md5sum : ada79c7328a8551bdf55c95e631e7dad)

(sha1sum : 8273a0237db98179fbdc412207ff8eb14ff3d6de)

Next, prepare to build and install the RPM. Disable the building of GUI components in the spec file. We don’t need these on a server:

# tar zxvf openssh-5.2p1.tar.gz
# cp openssh-5.2p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
# cp openssh-5.2p1.tar.gz /usr/src/redhat/SOURCES/
# cd /usr/src/redhat/SPECS
# perl -i.bak -pe ‘s/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/’ openssh.spec
# rpmbuild -bb openssh.spec
# cd /usr/src/redhat/RPMS/`uname -i`
# ls -l
-rw-r–r– 1 root root 275808 Feb 27 08:08 openssh-5.2p1-1.x86_64.rpm
-rw-r–r– 1 root root 439875 Feb 27 08:08 openssh-clients-5.2p1-1.x86_64.rpm
-rw-r–r– 1 root root 277714 Feb 27 08:08 openssh-server-5.2p1-1.x86_64.rpm
# rpm -Uvh openssh*rpm
Preparing… ########################################### [100%]
1:openssh ########################################### [ 33%]
2:openssh-clients ########################################### [ 67%]
3:openssh-server ########################################### [100%]

# service sshd restart

Check the sshd version you are running by typing:

telnet [host] [port]

Security researchers at Milw0rm warn that the Kloxo (formerly Lxadmin) web hosting platform from LxLabs contains 24 security vulnerabilities and exploits. The flaws include SQL injection vulnerabilities and flaws that create a way for hackers to gain file access to files hosted on a vulnerable system.

Source: http://www.channelregister.co.uk/2009/06/09/lxlabs_funder_death/

Venue: Sheraton Dubai Creek,
Baniyas/Creek Road,
Dubai, UAE

Technical Training – DAY 1 and DAY 2
Date: 20th and 21st April 2009
Time: 0900 – 1700

TECH TRAINING 1 – Web Application Security – Threats and Countermeasures
TECH TRAINING 2 – 802.11 Ninjitsu
TECH TRAINING 3 – The Exploit Laboratory 3.0

Conference DAY 1 and DAY 2
Date: 22nd and 23rd April 2009
Time: 0900 – 1700

Dual Track Conference
Capture The Flag (CTF)

More details, please visit http://conference.hitb.org/hitbsecconf2009dubai/

Anyone interested to do a personal hosting site. Please contact me

The venue for this year’s Hack in The Box Security Conference has been changed to CROWNE PLAZA MUTIARA KUALA LUMPUR. The reason for this change is due to unreasonable conditions placed upon us by The Westin which makes it impossible for us to proceed with having the conference there. Trust that we did try everything possible and greatly regret any inconvenience this change may cause.

For full details on the Crowne Plaza Mutiara, please click here

<rule id=”31190″ level=”12″>
<if_sid>31100</if_sid>
<url>paypal.co|hsbc.co|citibank.co|ebay.co|barclays|amazon.co|</url>
<url>verizon.net|lloyds.com|maybank2u|maybank|e-gold.com</url>
<description>Phishing sites detected. System check advisable.</description>
<group>attack,</group>
</rule>

Now restart OSSEC and it should be picking up sites according to the keywords set. Keep in mind that the keywords above are just among the few popular sites that are usually being targeted. You’re free to add/remove those keywords as per your needs. Also, if you set OSSEC to email alerts to your mailbox, you’ll be getting these whenever it detects a phishing site. The best part is if you have APF to work along together. It will block who are trying visit the phising site. Usually the uploader of phishing site will get blocked because they want to check if their scripts is working or not

Hell yeah! Just in case you haven’t seen this somewhere else already, help Firefox set a World Record by downloading version 3 on “the download day 2008″