Sursa.

1) Install and maintain a firewall configuration to protect data.
2) Do not use vendor-supplied defaults for system passwords and other security parameters.
3) Protect stored data.
4) Encrypt transmission of cardholder data and sensitive information across public networks.
5) Use and regularly update anti-virus software.
6) Develop and maintain secure systems and applications.
7) Restrict access to data by business need-to-know.
8 Assign a unique ID to each person with computer access.
9) Restrict physical access to cardholder data.
10) Track and monitor all access to network resources and cardholder data.
11) Regularly test security systems and processes.
12) Maintain a policy that addresses information security.

If you want to remove content from Google’s search results, that content should first be removed from the web or blocked from search engines.[...]

To remove content (including a snippet, title, page content, or an entire URL or site) from search results, the site owner-whether it’s you or somebody else-has a few options. The site owner can remove the concerning information from the page, take the page down from the web entirely, or indicate that Google shouldn’t crawl or index the page. There are varying requirements depending on the type of content you want to remove, and these are described below.

After these changes are made and Google has crawled the site again, the content should naturally drop out of the Google index.

However, if you need to urgently remove your site’s content from search results, or if you need to remove Google’s cached copy of a page that has already changed on the website or stop Google from showing results for a page that has been taken down completely, you can use Google’s removal tool to expedite the process. To use the tool, you’ll need to follow certain requirements, detailed below.

* If you own the site, you’ll need to make the changes to your website yourself and then request removal of the problematic page from Google’s search results using the URL removal tool in Webmaster Tools.
* If you don’t own the site, your first step is to contact the site’s webmaster and request that the content is removed. (Note that depending on the type of removal—see below—some other changes may also be necessary). Once the changes have been made, you can request removal of the content from appearing as a cache copy or snippet in Google’s search results by using the public URL removal tool. (It bears repeating: The site owner—whether it’s you or somebody else—must have first made the required changes to the site, or this process will not work to remove the content from search results.)

Check out Google’s Webpage removal request tool:

via google

A venit vremea ca serverul ce deserveste serviciile *.lug.ro sa fie actualizat la o configuratie mai din zilele noastre.

De aceea, pentru cine citeste acest blog a folosit sau foloseste serviciile lug.ro este invitat, daca se poate si in masura posibilitatilor sa faca o mica donatie in contul Asociatiei ProLinux pentru a strange banii necesari achizitionarii serverului respectiv.

La adresa http://wiki.lug.ro/mediawiki/index.php/Hardware_Requirements (inclusiv pagina de discutii) puteti vedea configuratia stabilita.

Mesajul care contine si datele bancare ale asociatiei poate fi gasit la http://lists.lug.ro/lurker/message/20100324.175956.be8fe057.en.html.

In alta ordine de idei, dati stirea mai departe sa se mai adune oameni care sa contribuie la ajutorarea comunitatii.

Multam fain.

via sin

http://tools.ietf.org/id/draft-ietf-tcpm-tcp-security-01.txt

TCP Maintenance and Minor F. Gont
Internet-Draft February 19, 2010

This document contains a security assessment of the specifications of the Transmission Control Protocol (TCP), and of a number of mechanisms and policies in use by popular TCP implementations. Additionally, it contains best current practices for hardening a TCP implementation.

It is a derivative of the CPNI TCP-security document published last year:
http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf

(10:04:22 AM) georgica: si revin la invataturile scripturilor
(10:04:31 AM) georgica: acum la ipv6 or sa se deosebeasca noobi de profi =))
(10:04:56 AM) georgica: iti dai seama ca ipv4 o sa fie la un moment dat… legacy… si o sa fie oameni care n-au auzit de el?
(10:05:03 AM) georgica: oameni care lucreaza in it
(10:05:11 AM) georgica: atunci … cand o sa vina ziua aia..o sa ma simt batran

Get started with AppDetective Pro with the 5 Essentials to Database Vulnerability Assessment. This 20-minute session covers how AppDetective Pro helps ground your compliance and security efforts.

The 5 steps:

1) Inventory your database environment through Database Discovery.
2) Perform Penetration Tests to gauge outside-in vulnerabilities.
3) Check for vulnerabilities within the database’s configuration using credentials through Audit Tests.
4) Create and customize Polices for your organization.
5) Measure compliance and review results through Reporting.

Be careful on help files @ McAfee Labs Blog

“Muster” is a family of backdoor which has been using help files for hiding themselves. The help files or “.hlp” files are data files designed to be viewed with Microsoft WinHelp browser for providing online helps for applications users. Earlier variants of “Muster” drop encoded copies of main backdoor components in filenames with the extension “.hlp”. These “.hlp”files are later decrypted with Microsoft CryptAPI with hardcoded keys and executed by loaders.

http://www.youtube.com/mcafeeofficial#p/c/57F0CF225B2D7135

Find out what operation aurora is, what’s at risk, and how to protect your organization.

Conform unui articol din The New York Times:

Mr. Shulman and his company examined a list of 32 million passwords that an unknown hacker stole last month from RockYou, a company that makes software for users of social networking sites like Facebook and MySpace.

Imperva found that nearly 1 percent of the 32 million people it studied had used “123456” as a password. The second-most-popular password was “12345.” Others in the top 20 included “qwerty,” “abc123” and “princess.”

Why do so many people continue to choose easy-to-guess passwords, despite so many warnings about the risks?
Security experts suggest that we are simply overwhelmed by the sheer number of things we have to remember in this digital age.

iloveyou este a 5-a parola in top.