Install PostgreSQL

~# yum install postgresql postgresql-contrib

Install Oracle Spacewalk

~# yum install spacewalk-postgresql

Install utilities

~# yum install spacewalk-utils spacecmd

spacecmd allows you to administer Spacewalk from the command line. You can manage activation keys, configuration channels, Kickstarts, software channels, systems, and users.

spacewalk-common-channels allows you to configure the software channels, public yum repositories, GPG keys, and activation keys for Oracle Linux from the command line.

spacewalk-hostname-rename allows you to regenerate the SSL certificate if you change the system’s host name.

spacewalk-sync-setup allows you configure a master-slave relationship between two Spacewalk servers that you want to use in an Inter-Server Synchronization (ISS) configuration.

Read More →

Refrigerator

Over the December holidays, one of our researchers discovered proof of a much-theorized but we believe never before seen in the wild security breach.

Specifically, as the this researcher was analyzing email-borne threats (something they do on an ongoing basis), they observed that in a recent attack campaign, more than 25 percent of the malicious email (over 750,000 messages) came from things that were not conventional laptop or desktop computers, but rather members of the Internet of Things (IoT); a “Thingbot”-net*, as it were.

Read More →

Joshua Rogers contacted PTV about the vulnerability on December 26.

Joshua Rogers contacted PTV about the vulnerability on December 26. Photo: Simon Schluter

A Melbourne schoolboy who exposed serious cybersecurity weaknesses within Public Transport Victoria’s systems by hacking its website to unearth a large store of personal data could be charged under the cybercrime act.

Joshua Rogers, 16, discovered an extensive database containing the personal details of public transport users in Victoria, using what cybersecurity experts described as a common hacking technique.

A self-described ‘‘security researcher’’, he contacted PTV on Boxing Day to alert them to the site’s vulnerability, but got no response until Monday, following inquiries by Fairfax Media.

The database contained a large amount of personal data including full names, addresses, home and mobile phone numbers, email addresses, dates of birth, seniors card ID numbers, and partial credit card numbers of customers of the Metlink public transport online store. The store was closed down in 2012 when PTV began.

Read More →

7634d2b176abab65aeb0e6a5ef4656d1Do you know that your public cloud provider used standard hyperviseor from xen (Linode), hyper-v(Azure), or vmware solutions.

Can you tell how secure is their setup? No. Because you have no control of the internal infrastructure of these cloud service providers.

CVE-2012-1666 – allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.