Follow by Email

Monday, July 28, 2014

Linux File System / Linux Directory Structure

Lets discuss about the Linux file System structure. This is a Common Topic of Linux because in this topic you can understand Linux core concept. Mostly when you are working on live environment. You need many time Linux File System for create new documents. Every Directory of Linux File System has particular mean. If you want to understand easily Linux directory Structure then read below.
linux-file-system

Levels of Linux File System Structure



0 ‘s ( root(/) ) Level Linux File System:-

This is core level of Linux file system. Under this section only one part and name is root directory (/).Every Linux File System are start from root directory only super user ( Administrator ) has privileges to write file or directory in this section.
file-system-structure

1’s level Linux File System



/bin – User binaries

This directory has all local user binary executable files. Which command you used in daily purpose or not have root privileges are part in this directory. Like as ps, ls, grep, cp and many more.

/sbin – User Binaries

This directory has all super user privileges commands. Which command only can used if you have super user or equal privileges. Directory /sbin also have executable file like as ifcfg , mkfs , init, fdisk , lsmod, etc.

/etc – Configuration Files

Basically this directory is mostly used because mostly program configuration file present here. If you want to edit or configure file then you need /etc directory. If you need to start and stop service of any particular program then also need it. For Example: yum.conf , host.conf, ntp.conf, resolve.conf etc.

/dev – Device Files

/dev Directory contain system related devices files. Here you can find out terminal related files or your secondary storage devices also present in /dev directory.

/tmp-Temporary Files

/tmp Directory contain temporary files. This is created by Users of System. When System is restart your previous temporary files are remove automatically.

/proc – Process Information

/proc Directory contain system information mean all about physical server. How much resources do you have? Means if you want to find out your system Primary memory then you should check under this directory #cat meminfo. Under this directory you can find various important file like as cpuinfo, meminfo, patitions, diskstat, services, uptime, version..etc.
proc-directory-structure

/var – Variable Directory

/var Directory contains variable files. And also contain system log file or error files related to executed application. If you want to find out your system log then you should check under /var/log directory.
var-directory

/home – Home Directory

/home Directory contains all local user personal files or directories. For Example : /home/sham, /home/john, /home/merry ..etc.

/lib – System Libraries

/lib Directory contains system library files. These file support binary located under /bin or /sbin. For Example: libk5crypto.so.3.1, libwrap.so.0, libxtables.so.4.0.0..etc.
lib-directory

/boot – Boot Loader Files

/boot Directory contain boot related files. Means kernel related files like as initrd, grub files, vmlinux ..etc.

/mnt – Mount Directory

/mnt Directory contains mount point of physical hard disk or partitions.

Saturday, July 26, 2014

Automating your own botnet in cloud

Two researchers have built a botnet using free anonymous accounts. They only collected 1,000 accounts, but there's no reason this can't scale to much larger numbers.

Internet Explorer Vulnerabilities Increase 100%

Bromium Labs analyzed public vulnerabilities and exploits from the first six months of 2014. The research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities. Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.

Dropbox Head Responds To Snowden Claims About Privacy

When asked for its response to Edward Snowden's claims that "Dropbox is hostile to privacy", Dropbox told The INQUIRER that users concerned about privacy should add their own encryption. The firm warned however that if users do, not all of the service's features will work. Head of Product at Dropbox for Business Ilya Fushman says: "We have data encrypted on our servers. We think of encryption beyond that as a users choice. If you look at our third-party developer ecosystem you'll find many client-side encryption apps....It's hard to do things like rich document rendering if they're client-side encrypted. Search is also difficult, we can't index the content of files. Finally, we need users to understand that if they use client-side encryption and lose the password, we can't then help them recover those files."

Friday, July 25, 2014

Most Secure-OS Under Caution

I'd like more information on this.

Wednesday, July 23, 2014

Update your web browser to Mozilla Firefox 31 to patch 11 security bugs


Mozilla Firefox recommends its users to install the security update as soon as possible, warning that the three critical vulnerabilities discovered in its browser could be exploited by attackers and leverage them to "run attacker code and install software, requiring no user interaction beyond normal browsing".


CRITICAL VULNERABILITIES
The three major vulnerabilities are as follows:
  1. MFSA 2014-62 - This is one of the three critical vulnerabilities reported by Patrick Cozzi and get fixed in the newer version of the browser. The vulnerability allows the exploitation of a WebGL crash with Cesium JavaScript library. Much details about the flaw are not known at the time, but Mozilla notes that the flaw cannot be exploited through email in the Thunderbird client because scripting is disabled.
  2. MFSA 2014-59 - The second critical flaw discovered in the browser, reported by Mozilla community member James Kitchener, refers to a use-after-free vulnerability when handling DirectWrite font. The vulnerability could be exploited by an attacker to crash Firefox due to an error in the way it handles font resources and tables, when rendering MathML content with specific fonts. However exploiting this flaw would be possible only on Windows platform, it does not affect OS X or Linux systems.
  3. MFSA 2014-56 - This vulnerability refers to miscellaneous memory safety hazards, identified by Mozilla developers, that affected Mozilla version 30. Mozilla fixed several memory safety bugs in its browser engine used in Firefox and other Mozilla-based products in order to safeguard its customers.
Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” Mozilla wrote.
OTHER SECURITY VULNERABILITIES
Mozilla also addresses two high rated vulnerabilities that cause a potential danger, as they could be used by an attacker to fetch users’ personal and sensitive information from other websites they visit or inject malicious code into those websites to infect users.
Moreover, the security issues fixed in the latest revision of Firefox mostly refer to use-after-free vulnerabilities, in Web Audio, with the FireOnStateChange event and when manipulating certificates in the trusted cache.
Also, to provide more security to its customers, the company has announced a protection mechanism against malicious downloads in its latest build. The feature relies on the Safe Browsing API from Google and leverages application reputation information to detect malware in file downloads.
The protection mechanism consists in verifying the metadata, such as download URL, SHA-256 hash, details about the certificate, belonging to the item requested by the user, and comparing it to a given block list.
Based on a local list of files and remote one, the verification of the metadata is carried out. If a match is found the file is not saved to disk. On the other hand, when files are signed, they are matched from a given whitelist, and the binary is marked as trusted and as a result of it, the remote check is no longer performed.
Additionally, a new SSL/TLS certificate verification is now available on Firefox latest build 31 that uses a more powerful and easier to maintain “mozilla::pkix” library. No doubt this change would go unnoticed by the regular user, but it would protect its users from the compatibility issues arose for websites that do not use an authorized certificate accepted in the Mozilla CA Program.
Update your Mozilla Firefox and Thunderbird as soon as possible. Stay Safe! Stay Secure!

Edward Snowden: 'If I end up in chains in Guantánamo I can live with that'

The 31-year-old former US National Security Agency (NSA) contractor Edward Snowden has warned that during surveillance, among other things, NSA system administrators also intercepted and routinely passed the nude photos of people in "sexually compromising" situations among other NSA employees.
In a video interview, NSA whistleblower speaks with the Guardian editor-in-chief Alan Rusbridger and reporter Ewen MacAskill in Moscow, which was then published by the Guardian on Thursday.

WOOOH!! ATTRACTIVE NUDIE PICS - PASS IT ON TO BILL TOO
"You've got young enlisted guys, 18 to 22 years old. They've suddenly been thrust into a position of extraordinary responsibility where they now have access to all of your private records," he said in the video interview.
"During the course of their daily work they stumble upon something that is completely unrelated to their work in any sort of necessary sense – for example, an intimate nude photo of someone of in a sexually compromising situation, but they're extremely attractive. So what they do? They turn around in their chair and show their co-worker."
The co-worker says: ‘Hey that's great. Send that to Bill down the way.’ And then Bill sends it to George and George sends it to Tom. And sooner or later this person's whole life has been seen by all of these other people. It's never reported.
When Guardian's Alan Rusbridger asked Snowden, “You saw instances of that happening?
Snowden responded positively saying, “Yeah.
Numerous?
It's routine enough, depending on the company that you keep, it could be more or less frequent," Snowden says. "These are seen as the fringe benefits of surveillance positions."
NO COMEBACK OF THOSE PICS
The person’s whose private life has been exposed never know about it, because the internal auditing procedures at the NSA are incredibly weak that there is no comeback of those intercepted naked photos.
“The fact that your private images, records of your private lives, records of your intimate moments have been taken from your private communications stream from the intended recipient and given to the government without any specific authorization without any specific need is itself a violation of your rights,” he added and questioned, “Why is that in a government database?”
DROPBOX - HOSTILE TO PRIVACY
Edward Snowden said cloud storage service Dropbox is "hostile to privacy," and called for more companies to offer services that prevent government snooping.
Snowden spread light on the cloud storage provider company, Spideroak, which offers greater protection to its users. The only fact behind it is that the company stores all the users data for backups, but in an encrypted form. So, its employees do not have access to the encrypted user data. Also if the government ask for user data, the company cannot hand over any meaningful or decrypted content.
Snowden calls Dropbox, a "PRISM wannabe." He asserted that the cloud storage Dropbox has recently appointed former US Secretary of State Condoleezza Rice to its board of directors, who Snowden said is “hostile to privacy” and described her as "the most anti-privacy official you can imagine."
Accountants, lawyers, and doctors should all level up their skills, Snowden said, and journalists in particular should be aware that a single slip up could compromise their sources.
I COULD LIVE IN U.S. PRISON -- SNOWDEN
Snowden addressed a number of things, noting that if he ended up in US prison facility at Guantánamo Bay, Cuba, he could “live with” that. He again dismissed any claim that he was or is a Russian spy or agent, describing those allegations “bullshit.”
"I'm not going to presume to know what a jury would think, or to say what they should or should not think. But I think it's fair to say that there are reasonable and enduring questions about the extent of these surveillance programs, how they should be applied and that should be the focus of any trial," he said.
UPDATE
The NSA’s spokesperson said such activity wouldn’t be tolerated, but didn’t explicitly deny the Snowden’s claim.
NSA is a professional foreign-intelligence organization with a highly trained workforce, including brave and dedicated men and women from our armed forces,” said spokesperson Vanee Vines by email. “As we have said before, the agency has zero tolerance for willful violations of the agency’s authorities or professional standards, and would respond as appropriate to any credible allegations of misconduct.