http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/

http://blog.sucuri.net/2013/04/mass-wordpress-brute-force-attacks-myth-or-reality.html

http://krebsonsecurity.com/2013/04/brute-force-attacks-build-wordpress-botnet/

Well, being the chummy, log sharing chap I am here’s a list of the naughty machines that have been trying to logging with the admin username on my lovely blog site.

My top security tip is rename the admin account to something less obvious: Elvis, pancake, tree, duh! or metalmicky would thwart this rather simplistic attack. A decent passphrase would be another fine option too…

Needless to say most of the attacking IP addresses are from the land of the free and the home of the weak password: The  United States of America.65 out of the 151 in the table below.

Thank you compromised US systems!

I found a niffy web site that allowed me to make this pretty visual map of the attackers location http://batchiplocator.webatu.com/

Shame they only allow 110 addresses to be entered for display on the geo-ip map, but it very handy for putting together a blog post like this.

Add the following naught password guessing IPs to block lists, see if these have hit your logs too or even report them to their abuse@ ISP emails. It’s up to you.

These IP addresses are from the 14th of April up to today (18th of April).

That’s all for this year folks. Let’s see if I can’t come up with something a bit more interesting or relevent in 2013.

Like any product, it had it flaws, but it was a plucky little proxy firewall that had some sweet moves; finally beaten by the owner throwing in the towel.

Somewhat bizarrely TMG will be supported until 2015 then kept on minimal life support until 2020. Why is this bizarre? Security threats change daily, so having an unpatched and with no means to keep it reacting to changes in technology (hello? IPV6 anyone?) it’ll be a liability to the security team.

Ms will either have to bring out a replacement product or it’s time to find another edge security product that works well with Microsoft products and protocols before the end of the year.

Starting on the Wednesday 6th of February, 2013, Ashley Deuble, CISSP, CISM, CISA & GSE #47, is leading the remarkably indepth and comprehensive SANS training to help you master ISC2′s material and pass the CISSP exam.

Ashley brings his wealth of personal  and industry experience to guide you through the courseware to make the dense subject matter clear, understandable and relatable so you’re ready to tackle the CISSP exam with a real knowledge of the CISSP domains.

Download Ashley Deuble MGT414 Flyer or sign up here

Not happy.

This course brings real world security awareness to you, the Sysadmin, on what to look for if your network is under attack or has been hacked. It helps explain how the bad guys get in and how to block them. This isn’t a course telling you to do all the basic stuff – patching, installing anti-virus software, running hardening guides and so on – you’ve being doing as part of your job for years and it’s nothing new.

Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education may sound like a mouthful, but it’s practical, sensible topics and can be used in your job. This is all common sense material that the various OS vendor training courses never tells you about that actually make it easier for you to make your network more secure. Now you’ll be able to hold a solid conversation with the security team and understand what their after and how you can help provide it without making your life a misery.

Why SANS Mentor Training?

This is why I think the SANS Mentor classes are a terrific training option. If you live in the Sydney area and are interested in attending SANS classes, please do contact me to get more details!

Pace:

The material is covered over a four week period which provides lots of time for you to read on your own time and come back to the mentor meetings with questions and get answers. This helps to digest the massive amount of material in smaller, manageable doses. We study 2 or 3 modules each week and that material can be applied immediately on the job.

Cost:

The cost is significantly reduced. the cost is lower than any other form of SANS training making it very accessible to those who are budget constrained – which these days is many of us. There is an automatic 25% price reduction from the cost of courses delivered at the conferences. There is no travel or accommodations, so that massive saving in costs. And finally, I can generally offer an additional discount if you contact me prior to registration.

Networking:

Don’t overlook this one. When you are in the two-day conference courses, you definitely get a change to meet others, talk about your experiences and issues in the field, and maybe even keep in touch via email. But when meeting for 10 weekly classes with your peers in the same community, that networking experience is enhanced significantly. You have the chance to really get to know the others in the class by the shared experiences, work through the material and bounce ideas of each other; that’s a great benefit to being part of a local Mentor class.

Size:

Class sizes are typically small – much smaller than what you would find at a SANS conference, which means we can focus more closely on those areas which are difficult for the group

Material:

You get all the same material as you would from the conference course, including the same books, CDs, and even audio files of the full 2-day course lectures.

Feel free to e-mail me with any questions, or visit the course website here:
https://www.sans.org/mentor/class/sec464-sydney-aug-2012-mohan

A great guy and friend Wouter, managed to get a room in Sydney’s CBD to hold the training. It’s easy to get to and has parking nearby.

Mentor training location details

Dates: Tuesday, August 7, 2012 – Tuesday, August 28, 2012
Meeting Time: 6:00 PM – 8:00 PM
Where:

Level 33
Ernst & Young Centre
680 George Street
Sydney, Australia 2000

I love this course and it helped me reach a deeper understanding on a number of aspects of my role as the IT security person charged with incident response. It provided that real world, hands-on practical skills you need to do this job.

Why SANS Mentor Training?

This is why I think the SANS Mentor classes are a terrific training option. If you live in the Sydney area and are interested in attending SANS classes, please do contact me to get more details!

Pace:

The material is covered over a 10 week period which provides lots of time for you to read on your own time and come back to the mentor meetings with questions and get answers. This helps to digest the massive amount of material in smaller, manageable doses. We study 2 or 3 modules each week and that material can be applied immediately on the job.

Cost:

The cost is significantly reduced. the cost is lower than any other form of SANS training making it very accessible to those who are budget constrained – which these days is many of us. There is an automatic 25% price reduction from the cost of courses delivered at the conferences. There is no travel or accommodations, so that massive saving in costs. And finally, I can generally offer an additional discount if you contact me prior to registration.

Networking:

Don’t overlook this one. When you are in the 6-day conference courses, you definitely get a change to meet others, talk about your experiences and issues in the field, and maybe even keep in touch via email. But when meeting for 10 weekly classes with your peers in the same community, that networking experience is enhanced significantly. You have the chance to really get to know the others in the class by the shared experiences, work through the material and bounce ideas of each other; that’s a great benefit to being part of a local Mentor class.

Size:

Class sizes are typically small – much smaller than what you would find at a SANS conference, which means we can focus more closely on those areas which are difficult for the group

Material:

You get all the same material as you would from the conference course, including the same books, CDs, and even audio files of the full 6-day course lectures.

Feel free to e-mail me with any questions, or visit the course website here:
https://www.sans.org/mentor/class/sec504-sydney-jul-2012-mohan

A great guy and friend Wouter, managed to get a room in Sydney’s CBD to hold the training. It’s easy to get to and has parking nearby.

Mentor training location details

Dates: Thursday, July 12, 2012 – Thursday, September 13, 2012
Meeting Time: 6:00 PM – 8:00 PM
Where:

Level 33
Ernst & Young Centre
680 George Street
Sydney, Australia 2000

Taken from http://support.microsoft.com/kb/831607

To turn on the Read all standard mail in plain text option in Outlook 2003, follow these steps:

1. Start Outlook 2003.
2. On the Tools menu, click Options.
3. On the Preferences tab, in the E-mail area, click E-mail Options.
4. In the Message handling area, click to select the Read all standard mail in plain text check box.
   Note By default, the Read all standard mail in plain text option is turned off.

To turn on the Read all standard mail in plain   textoption in Outlook 2007, follow these steps:

1. Start Outlook 2007.
2. On the Tools menu, click Trust Center, and then click E-mail Security.
3. Under Read as Plain Text, click to select  the Read all standard mail in plain text check box.
4. To include messages that are signed with a digital signature, click to select the Read all digitally signed mail in plain text check box.

When the Read all standard mail in plain text  option is turned on, you receive the following notification on the InfoBar at   the top of the e-mail message:

Note If you decide to view the plain text message in its original format, click the InfoBar, and then select Display as HTML or Display as Rich Text.
To turn on the Read all standard mail in plain textoption in Outlook 2010, follow these steps:

1. Start Outlook 2010.
2.   Click the File tab in the Ribbon, and then click Options on the menu.
3. Click Trust Center on the Options menu.
4. Click the Trust Center Settings tab.
5. Click E-mail Security.
6. Under Read as Plain Text, click to select  the Read all standard mail in plain text check box.
7. To include messages that are signed with a digital signature, click to select the Read all digitally signed mail in plain text check box.

When the Read all standard mail in plain text  option is turned on, you receive the following notification on the InfoBar at   the top of the e-mail message:

Spending a bit of quality time working through the malware process will be interesting to see how my current processes stack up against the SANS format created by Lenny Zelster

SANS Canberra 2012 kicks off on the 2nd of July

Hal’s a Unix guru, so I’ll make sure I bring a fake beard, white socks and sandals to avoid him noticing the “I heart Windows” tattoo across my forehead.

Note to self – when looking for humour image on the inter-tubes you should know better.

Now this is a tattoo

Source : http://news.bmezine.com/2007/07/26/best-windows-tattoo-ever/

Hmmm.