Archive for December 31, 2013

30 Cool Open Source Software I Discovered in 2013

These are full-featured open source software products, free as in beer and speech that I started to use recently. Vivek Gite picks his best open source software of 2013.

Read more: "30 Cool Open Source Software I Discovered in 2013"

Tweet this    Share on Facebook

Nginx: Redirect Backend Traffic Based Upon Client IP Address

I have four Apache backend servers in front of nginx reverse proxy server. How do I make sure nginx reverse proxy load balancer always send specific client IP address (say IP 1.2.3.4) request to http://apachereadwrite/ backend and rest to http://apachereadonly/ backend?

Read answer to: "Nginx: Redirect Backend Traffic Based Upon Client IP Address"

Tweet this    Share on Facebook

CentOS / RHEL 6: Install Midnight Commander File Manager

I am a new CentOS Linux user. How do I install GNU mc (Midnight Commander) on Red Hat Enterprise Linux or CentOS Linux server version 5.x/6.x using bash command line?

Read answer to: "CentOS / RHEL 6: Install Midnight Commander File Manager"

Tweet this    Share on Facebook

NSA Server vulnerable to SMTP Spoofing, can be used for Social Engineering


An Indian hacker known as "Godzilla" has identified a vulnerability in the NSA website that allows an attacker to send fake emails from NSA's SMTP server.

NSA's SMTP server allows anyone to use the service without verifying the IP address and password.  The most interesting part is that it allows you to use any email address(for eg: admin@nsa.gov).

This vulnerability can be exploited by an attacker for launching a Spear phishing attack. An attacker can send email to anyone inside the organization(for eg to: admin2@nsa.gov).  As it is using the NSA SMTP server, it is need not to worry about firewalls.

In a screenshot provided to EHN, the hacker used the email id of the NSA Director "Gen Keith B Alexander"(KeithAlexander@nsa.gov) to send email to another email id.

"sending a mail with a link attach to it. That can be a bot link. Everyone will receive the mail with .nsa.gov domain as the mail is shooted from the same network." The hacker said.

"The mail will be send with the name of Director as no one will dare to skip the mail and have to read it. After opening the mail the attacking vector will get active. After this the ball will be in the attackers court."

"SMTP is a dangerous protocol and if you dont know how to secure it, its better you shut it down."

"Stupid NSA you are lucky its 31st December and we are not in a mood to shoot are malwares in your server." Hacker said.

Eight more arrested in Spain for role in the $45 million global ATM cyber heist


Six Romanians and Two Moroccans have been arrested in Spain for allegedly  participating in the massive global ATM cyber heist that stole $45 million from two banks.

The eight people are said to have stolen $392,000 in 446 withdrawls using the faked cards at ATMs in Madrid in February.  The Spanish authorities seized around $34,470(€25,000), jewelry, 1000 new cards and computers.

In February, the criminals managed to steal more than $45 million from a number of countries in just a few hours.

An individual said to be the leader of the network was arrested in Germany.  He is allegedly the one who hacked into the Credit card processing companies' database server and disabled security features such as the withdrawal limits.

Eight People were arrested and charged in New York in May and Six further people were arrested in New York last month.