Annual Loss Expectancy
In the context of risk management, the annual loss expectancy is an estimate of the monetary damage to the organization, from the realization of risks, over the course of one year. Calculation of ALE happens during a risk assessment.
Security Links Cheatsheet
Security-oriented Linux Distributions
- McAfee ShareScan for SMB/CIFS Shares.
- SoftPerfect NetworkScanner for IP reachability and a handful of well-known ports.
- Search engines: shodan.io, censys.io.
Knowledge & Practice
- Penetration Testing Practice Labs, Vulnerable Apps and Systems
- PenTester Lab
- The Matasano Crypto Challenges: a set of crypto challenges with solutions in mainstream programming languages.
- 7 Free InfoSec Training Resources For IT Pros
- Hack This Site
- OWASP WebGoat
- Damn Vulnerable Web Application
- 10 Easy Ways to Increase Your Application Security Knowledge
Security Job Boards
Security Job Tips
- The Top 10 Highest Paying Jobs in Information Security, Part 1 and Part 2.
- Landing a Hands-On Security Gig, Part 1 and Part 2.
In the context of risk management, a residual risk is one that has been identified, but for any reason it cannot be dealt with.
Show privileges for all users in MySQL
mysql --silent \ --skip-column-names \ --user mysqldumper \ --execute 'SELECT User, Host from mysql.user' | \ while read User Host; do mysql --user mysqldumper --execute "SHOW GRANTS FOR '$User'@'$Host'"; echo "==========================="; done
mysqldumper user only requires read permissions on the databases.
Example queries on the Sakila MySQL database
Sakila is a sample database provided by MySQL, meant to be used in tests and documentation examples. This page lists some example queries against that database.
Get a non-normalized selection of actors and films in which they played:
SELECT actor.first_name, actor.last_name, film.title FROM actor, film, film_actor WHERE film_actor.actor_id = actor.actor_id AND film_actor.film_id = film.film_id;
Get the same result with double
SELECT actor.first_name, actor.last_name, film.title FROM film_actor INNER JOIN actor ON film_actor.actor_id = actor.actor_id INNER JOIN film ON film_actor.film_id = film.film_id;
A useful script that discovers the expiry date for a given certificate: ssl-expiry-date. At some point I slightly modified this script to read a Bind DNS zone file and check each
Arecord for SSL Expiry, for the purpose of discovering which subdomains were using a wildcard SSL certificate. I should publish that somewhere some day...
A very clear explanation of SSL encryption, not specific to OpenSSL, but it uses OpenSSL for all its examples: Secure your website with SSL encryption.
Stale NFS Causes BackupPC fileListReceive Failure
Recently, one of my BackupPC clients running CentOS failed to backup, with the contents of the host log being:
2015-06-10 01:40:10 incr backup started back to 2015-05-16 08:56:42 (backup #600) for directory / 2015-06-10 21:40:18 Aborting backup up after signal ALRM 2015-06-10 21:40:18 Got fatal error during xfer (fileListReceive failed)
...and the last bad XferLOG containing:
This happened a couple of times in a row, and the interval between the start
time of the backup and the failure was consistently 20 hours. While checking,
I noticed that an
rsync process started on the client by BackupPC was running
for about a week. I did an
strace -p <PID> on the process ID of
noticed that it was trying to
stat an old NFS export, mounted from a server
that no longer exists.
Although there are other ways to fix this, it was OK for this host to be rebooted at the time, problem solved.
snmpd will report the wrong speed of a network interface. For
example, the following output shows a speed of 10Mbps, whereas the ethernet
port on the server is actually working at 100Mbps:
IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifSpeed.2 = Gauge32: 10000000
The Net-SNMP documentation mentions this. This can be manually fixed with
interface directive in
snmpd.conf, for example:
interface eth0 6 100000000