As a quick followup to our story from a couple days ago about the HostSolutions.ro hack, owner Marius has now commented on LowEndTalk, confirming the breach and adding some details. The entire thread has a lot of interesting speculation, though alas not a ton of new details. Are you a HostSolutions customer? Or have you […]
HostSolutions.ro Hack Update
hacking, hostsolutions, hostsolutions.ro, involucration, Security 
December 27, 2021 @ 6:01 pm, by raindog308HostSolutions.ro Hacked
cheap vps, hacking, hostsolutions, hostsolutions.ro, ransom, ransomeware, romania, Security December 25, 2021 @ 1:35 pm, by raindog308News broke on Christmas Eve that HostSolutions.ro has been hacked. Community member @MikaelStrang posted the email below that he received from a hacker claiming to have the HostSolutions WHMCS database. “Sadly you have used hostsolutions.ro before, and they were recently hacked about a month ago. We stole their database and all of their backups. We […]
Gartner Makes Bold Prediction: War in the G20 by 2024
Gartner, one of the world’s major IT consulting firms, recently shared their “Top Strategic Predictions for 2022 and Beyond” at a conference. Most of the content concerned economic and technological trends they feel will change IT. One slide, however, made a bold, dramatic prediction: In other words, sometime in the next 13-25 months, a member of […]
log4Shell Vulnerability: “Worst Hack in History”
Vulnerabilities don’t get much worse than cases where typing the right characters into a chat box gives you remote access to the world’s Minecraft servers. Whoops. It’s been termed the worst hack in history, primarily by those seeking cheap clicks, but still…it’s not good. The CVE is rated a 10.0. The vulnerability will “haunt the […]
RHEL 9 Goes Beta
alma, alma linux, linux, red hat, rhel, rocky, rocky linux, Security November 6, 2021 @ 4:46 pm, by raindog308Now that (hopefully?) the CentOS Stream debacle and the subsequent rise of Alma and Rocky Linux is behind us, there’s news from RedHat that RHEL 9 has gone beta. Is this the love child that will finally heal the warring RPM tribes? No, but what you’re looking at here is the future Alma and Rocky […]
Locking Down Access to Your VPS
There are a number of ways you can restrict access to your VPS. Passwords (specifically, good passwords) is the most basic method. Restricting access to ssh keys only is better. You can use Google Authenticator to require a short-lived number as a second factor of authentication. You could also setup a VPN so that only […]
How to Audit Every Command Run on Your Linux System
Periodically I’ve had auditors come to me and say “can you tell me what this user on this system did between such-and-such dates/times” and my answer is usually no. By default, Linux systems don’t log this info. But they can. In this tutorial, I’ll show you how to use auditd, which is a daemon you […]
The Syniverse Hack: Why Using SMS for 2FA is a Bad Idea
2FA, at&T, cell phones, hacking, Security, sprint, syniverse, tmobile, verizon October 5, 2021 @ 7:31 pm, by raindog308Security gurus have suggested for years that relying on SMS for two-factor authentication is a bad idea. Reasons include Your phone may be stolen Many people allow SMS messages to be displayed on lock screens Your phone can be SIM-cloned People inside your phone carrier may have access to your text messages But here’s a […]
Microsoft Says Passwords are Passé
2FA, authenticator, microsoft, passwords, Security, two factor September 18, 2021 @ 12:00 pm, by raindog308Are passwords a dying breed? In a blog post published September 15, Microsoft Vice President of Security, Compliance, and Identity Vasu Jakkal entitled “The passwordless future is here for your Microsoft account” (yes, with bad capitalization, just like that), Microsoft announced that you could “completely remove the password from your Microsoft account”. He continued: “Use […]
Easy Operating System Detection with nmap
Recently I was doing some discovery at work of some systems we inherited. I didn’t yet have access but wanted to determine what type of OS was involved so I could coordinate with the proper teams. You can often guess just by determining what ports are open, but the most efficient tool is the venerable […]
