Blog

Portal and other changes

December 29, 2010

Written by: Scott Shinn

We just finished up some (very, very) overdue updates to the support portal. The first is probably one of the more popular user requests to create support portal accounts that line up to the ASL user ID. Previously we had maintained a policy of separate portal portal accounts to allow users to have multiple tiers […]

Read More...


Kernel vulnerabilities, Twitter updates, and FCGI

September 17, 2010

Written by: Scott Shinn

Kernel News Brad Spender of Grsecurity fame gave me the heads up earlier on a few kernel exploits that are on their way to being published in the wild. If you track this kind of thing, you might have seen this post at The Register about one of them already. Its a neat bug in […]

Read More...


ASL 2.2.11 updates, twitter, and more

September 13, 2010

Written by: Scott Shinn

A few random project updates: nikto was updated to 2.1.3. This is a basic web application vulnerability scanner, theres another we’ve been meaning to package called w3af. Looks promising openvas-manager was updated, with more fixes. This is a minor update in a series to support the greenbone security administrator (GSA) on centos 5. clapf, an […]

Read More...


ASL 2.2.11-0.1, and Kernel updates

September 3, 2010

Written by: Scott Shinn

ASL 2.2.11-0.1 is now available in the [asl-2.0-testing] channel. This update includes some minor bugfixes for ASL Web, and ossec configuration generation. New features (at this time) are in cleaning up old rule updates which will now default to being stored for 7 days. Larger structural changes have been completed to support new vulnerability checking […]

Read More...


Vulnerability Scanner improvements

August 31, 2010

Written by: Scott Shinn

One of the larger efforts for the ASL 3.0 series is to include a more robust vulnerability detection system. With ASL 2.x we focused on more implementation specific vulnerability detection, an area we felt was (and still is!) underserved with standard vulnerability scanning technology. Thats a discussion for another day I think. Anyway, with the […]

Read More...


OSSEC and Agent mode improvements

August 27, 2010

Written by: Scott Shinn

OSSEC is under heavy development upstream, and we’ve been helping them out where we can. This week it was getting into the malware detection database / updating the rootkit lists, and today nailing down some issues with OSSEC (and ASL) in agent mode. The current 2.4.1 builds dont handle restarts/reloads if they’re deployed as an […]

Read More...


Kernel Updates, and PHP FPM

August 25, 2010

Written by: Scott Shinn

Today was all about nailing down the 2.6.32.19 kernel update. Upstream** made quite a few changes that believe it or not were effecting ioncube loader from the kernel side. I know I mentioned this before, but this is exactly why building community packages pays off for our security products. Its like the ultimate QA process […]

Read More...


New Malware rules for OSSEC

August 25, 2010

Written by: Scott Shinn

In an ongoing effort to reduce overall ASL complexity, we’ve been working to expand the capabilities of one part or another where they overlap. This summer I gave our intern the project (among others!) to see if he could merge the rkhunter rootkit signatures into the ossec rootkit database.  I’m happy to report that not […]

Read More...


PHP 5.3.3 in the works

August 23, 2010

Written by: Scott Shinn

So this saturday I found myself ultra-motivated to get this project back into gear. As a security company, supporting PHP and Mysql for enterprise environments isn’t exactly our core business. Which begs the question why we get involved in non-core projects like this (some might call this a “distraction”). I’ve found over the years that […]

Read More...


Plesk 9.5.1 Repo

April 15, 2010

Written by: Scott Shinn

The Plesk 9.5.1 repo is now live. The changes made to the infrastructure over the last few months should make this largely transparent to anyone using the newer plesk.repo & mirrorlist format pushed out before december. This allows that part of the configuration to be managed from the server rather than the client. You shouldn’t […]

Read More...


1 2 3 4

Protect Your Server Now

©2015 Atomicorp, All Rights Reserved

twitterfacebook