Category Archives: security
Content filtering for enterprise network or educational institution can be a mandatory requirement in many institutions/organizations. Besides filtering web content by category, content control/filtering software can also helps us to filter out malware and virus sites, unwanted advertisements etc. Finding the right product and making it work for your organization can be a challenge. Click to find a list of content control software. When I first tried to implement content filtering system in my organization, the biggest challenge was to find the right product and get a demo running to check the integration aspects. After spending significant amount of time to identify a content filtering system that best fits my organization I did not get enough support from the local vendors. So later one decided to go with Squid Proxy with SquidGuard (some thing I used before). This works out very well for me. Besides being a little heavy on administration side, I have not much to complain about. This content filter can sit on the network as a proxy server and filter all web traffic as per the organization policy.
Educational institutors in many part of the world are bound by the law to protect children from inappropriate Internet contents. In business organizations or organizations of any type, Internet resources can be filtered for unwanted advertisements, malware, virus, pornography sites etc. Web content filtering or content control software is a smart way to address these issues and help enforce organizations policy and protect the network and its users.
Some of the categories that can be used to guide browsing behaviors are following
Advertisements, automobile, dating, education, gamble, hobby, isp, models, podcasts, recreation, ringtones, shopping, updatesites, weapons, webtv, aggressive, chat, downloads, finance, homestyle, jobsearch, movies, politics, redirector, science, socialnetwork, urlshortener, webmail, alcohol, drugs, fortunetelling, government, hospitals, library, music, pornography, religion, searchengines, spyware, violence, webphone, anonymous vpn, hacking, imagehosting, military, news, radio, tv, remotecontrol, sex, tracker, warez, webradio and more. These lists can be used to allow or disallow certain category of sites
SquidGuard is a content filtering tool used in enterprise network to control/filter sites that end users/hosts can access.
SquidGuard is built to work as a plug-in for squid. It uses black lists and url redirection technology to make this content filter work.
There are many free/paid black lists available in the internet, that SquidGuard can work with. These black lists includes, list of url and domain, usually categorized into content group such as advertising, chat, social network, proxy, porn, webmail, education and many more.
We see content filtering requirements in educational institutions, corporate network etc.
SquidGuard is open source, works with your Squid Proxy server. I have done my implementation on Redhat EL 5.x with squid 2.6
Reading a blog on Acxiom Corporation making billion dollar of sales having over 1,500 data points on half a billion people makes me think what future does a privacy free internet hold for us. On one side we want to see internet to be freed from government regulation, on the other hand we as a community doing a very little on protecting individual privacy.
I have always been annoyed receiving tele-marketing calls at all odd times of the day for the things I am rarely interested in. There is also a great deal of emails (used to be called junk) gets delivered in my mail box instead of junk box, which are somewhat targeted and related to something I might be interested in. I have spent a lot of time in earlier my life doing mail server administration. Seeing these emails makes me think that how far we have come after we started fighting SPAM. Now first they want to know everything about you.
I am no high valued customer but I always get this feeling that people targeting me has a fair deal of idea on who I am, what I do, what I am looking for. I understand sharing and publishing my information online/offline has made me a part of many marketing database. In these case I would like to refer to this known quote “if you’re not paying for something, you’re not the customer; you’re the product being sold” but then the question is how many times they would sell my information complete or incomplete, right or wrong to how many people? Is there a limit on how many time can I be targeted of my information can be sold?
I know many countries has a national DND data base, if you register you and still receive unwanted call you can take some action against them, but I don’t know of any authority which can protect me against my information being traded in an open/private market.
I surely would like to see a community to guideline for such activity where user rights more importantly human rights to comes first
Read more on what you can do to protect yourself from being targeted by random information collectors
Do not track IE, firefox, chrome? Who is on your side?
Who is tracking you online? The BIG Brothers? So many of them?
“Right now in Conway, Ark., north of Little Rock, more than 23,000 computer servers are collecting, collating and analyzing consumer data for a company that, unlike Silicon Valley’s marquee names, rarely makes headlines. It’s called the Acxiom Corporation, and it’s the quiet giant of a multibillion-dollar industry known as database marketing.”
The Faceless Organization That Knows Everything About You
“We all know such organizations exist, of course, by Acxiom operates on a terrifying scale. The Times reports that Acxiom’s servers process more than 50 trillion data transactions a year. Its database, apparently, contains information about 500 million consumer worldwide—including the majority of US adults— and on average holds 1,500 data points for each of them.”
Tag: Privacy, data, security, information, internet, Acxiom Corporation, protection, tele marketing, spam
After learning all about Collusion plug-in for firefox, few months back, looking at the images of network of tracker, it was always in the back of my mind while browsing how online advertising companies always trying to predict “what I am looking for” by putting on all these sponsored adds, which most of the time very annoying as they probably have a very little clue. However what concerns me the most is that they record and distribute my browsing history for indefinite time, which I don’t like at all.
At times we need to clean up our disks for whatever reason, like installation errors, privacy, security or to clean up an infected file you need a special deleting procedure.
Tools like regular delete only remove the inode of the file, which does not touch the data/contents. It is possible to recover these deleted files with simple utility. A secured delete tool like dd will overwrite the disk blocks with zero which makes the recovery impossible
To clean up the entre disk the only way to do it by booting via a boot disk, I prefer a linux boot disk
What is a Zero day exploit?
A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit application vulnerabilities that are unknown to others or the software developer
A life cycle of the Zero-day exploit
- The developer creates software containing an unknown vulnerability
- The attacker finds the vulnerability before the developer does
- The attacker writes and distributes an exploit while the vulnerability is not known to the developer
- The developer becomes aware of the vulnerability and starts developing a fix.
The problem starts when the developer does not receive information about the exploit, while the applications are exploited. Longer the exploit remains in the hands of a few the more “valuable” and dangerous it becomes.
Economics of the Zero day exploits
A security whole can be around for a long time, unless it is known and fixed or the code causes the whole becomes obsolete. Our old understanding of using software product supported by an active community or a big organization makes you reasonably secured as long as you update the security patch as soon as they comes out. Providing our understanding that zero day exploits are publicly available and do not stay Zero-days for long.
Password! Password!! Password!!!
What is worse then having a week password? Storing your password in clear text. Fortunately/Unfortunately It is nothing to do with you.
WP Sauce reports an attack took place yesterday, with the EvilShadow team replacing the front page to Microsoft’s online India store
with a page called evil.html. The site is still currently down.