Raptor WAF – C Based Web Application Firewall

Raptor WAF is a Web Application Firewall made in C, using DFA to block SQL Injection, Cross Site Scripting (XSS) and Path Traversal.

Raptor WAF - C Based Web Application Firewall

DFA stands for Deterministic Finite Automaton also known as a Deterministic Finite State Machine.

It’s essentially a simple web application firewall made in C, using the KISS principle, making polls using the select() function, it’s not better than epoll() or kqueue() from *BSD but it is portable.

Features

WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend against most commonly SQL Injections and XSS attacks.

  • Block XSS, SQL Injection attacks and path traversal
  • Blacklist IPs to block users using config/blacklist ip.txt
  • Supports IPv6 and IPv4 for communication

Coming in the Future

  • DoS protection
  • Request limits
  • Rule interpreter
  • Malware detection for uploads
  • SSL/TLS Support

Do bear in mind this is an early stage almost PoC tool and not really production tested or ready, I think it’d be a great project to contribute to and most people don’t need a super complex WAF – just something REALLY reliable, stable, performant and blocks 80-90% of the common attacks.

Other options for a WAF:

NAXSI – Open-Source WAF For Nginx
Amazon AWS Web Application Firewall (WAF ) Launched
ModSecurity – Open Source Web Application Firewall

You can download Raptor WAF here:

raptor_waf-0.2.zip

Or read more here.

via https://ift.tt/2cNozQ4

Verizon technician admits he sold customer data for years

A former Verizon Wireless network technician in Alabama has admitted to using company computers to steal and sell private customers’ location and call data over a period of five years. As Ars Technica reports, Daniel Traeger of Birmingham faces up to five years in prison or a $250,000 fine for the federal hacking charge. As part of a plea deal, Traeger confessed that he sold the data to an unnamed private investigator.

Tags: 

via https://ift.tt/2dmp92Q

Microsoft, Bank of America Announce Blockchain Collaboration

Microsoft and Bank of America Merrill Lynch are collaborating on a new pilot project aimed at automating trade finance transactions using blockchain technology, the companies announced yesterday.

Blockchain is best known as the distributed database technology at the heart of cryptocurrencies like Bitcoin. It is hardened against tampering, preventing even its operators from revising or otherwise meddling with its continuously growing list of records.

Tags: 

via https://ift.tt/2dbc1PR

IEEE Sets New Ethernet Standard That Brings 5X the Speed Without Cable Ripping

Reader coondoggie writes: As expected the IEEE has ratified a new Ethernet specification — IEEE P802.3bz — that defines 2.5GBASE-T and 5GBASE-T, boosting the current top speed of traditional Ethernet five-times without requiring the tearing out of current cabling. The Ethernet Alliance wrote that the IEEE 802.3bz Standard for Ethernet Amendment sets Media Access Control Parameters, Physical Layers and Management Parameters for 2.5G and 5Gbps Operation lets access layer bandwidth evolve incrementally beyond 1Gbps, it will help address emerging needs in a variety of settings and applications, including enterprise, wireless networks. Indeed, the wireless component may be the most significant implication of the standard as 2.5G and 5G Ethernet will allow connectivity to 802.11ac Wave 2 Access Points, considered by many to be the real driving force behind bringing up the speed of traditional NBase-T products.



Share on Google+

Read more of this story at Slashdot.

via https://ift.tt/2dhvAYT

Revealed: How One Amazon Kindle Scam Made Millions of Dollars

An anonymous Slashdot reader shares an excerpt with us from a report via ZDNet that summarizes a catfishing scheme designed to deceive Amazon users into buy low-quality ebooks: Emma Moore is just one of hundreds of pseudonyms employed in a sophisticated "catfishing" scheme run by Valeriy Shershnyov, whose Vancouver-based business hoodwinks Amazon customers into buying low-quality ebooks, which have been boosted on the online marketplace by an unscrupulous system of bots, scripts, and virtual servers. Catfishing isn’t new — it’s been well documented. Some scammers buy fake reviews, while others will try other ways to game the system. Until now, nobody has been able to look inside at how one of these scams work — especially one that’s been so prolific, generating millions of dollars in royalties by cashing in on unwitting buyers who are tricked into thinking these ebooks have some substance. Shershnyov was able to stay in Amazon’s shadows for two years by using his scam server conservatively so as to not raise any red flags. What eventually gave him away weren’t customer complaints or even getting caught. It was good old-fashioned carelessness. He forgot to put a password on his server.



Share on Google+

Read more of this story at Slashdot.

via https://ift.tt/2dipJ5w

Facebook releases Osquery Security Tool for Windows

OSquery

, an open-source framework created by Facebook that allows organizations to look for potential malware or malicious activity on their networks, was available for Mac OS X and Linux environments until today.

But now the social network has announced that the company has developed a

Windows version of its osquery tool

, too.

When Facebook engineers want to monitor thousands of Apple Mac laptops across their organization, they use their own untraditional security tool called OSquery.

OSquery is a smart piece of cross-platform software that scans every single computer on an infrastructure and catalogs every aspect of it.

Then SQL-based queries allow developers and security teams to monitor low-level functions in real-time and quickly search for malicious behavior and vulnerable applications on their infrastructure.

In simple words, OSquery allows an organization to treat its infrastructure as a database, turning OS information into a format that can be queried using SQL-like statements.

This functionality is critical for administrators to perform incident response, diagnose systems and network level problems, help to troubleshoot performance issues, and more.

This open source endpoint security tool has become one of the most popular security projects on

GitHub

since its release in mid-2014 and was available for Linux distribution such as Ubuntu or CentOS, and Mac OS X machines.

So, if your organization was running a Windows environment, you were out of luck.

But, not today, as with the help of Trail of Bits, Facebook has finally launched the OSquery developer kit for Windows, allowing security teams to build customized solutions for their Windows networks.

As adoption for osquery grew, a strong and active community emerged in support of a more open approach to security,

” reads the earlier version of Facebook’s blog post provided to The Hacker News.

We saw the long-held misconception of ‘security by obscurity’ fall away as people started sharing tooling and experiences with other members of the community. Our initial release of osquery was supported for Linux and OS X, but the community was also excited for a Windows version — so we set out to build it.

To get started with the OSquery developer kit for Windows, check this official

documentation

, the development environment, and a single

script

. The build is easy to install, and you can start coding right away.

You can read the full documentation of the development process of the OSquery developer kit for Windows on the

blog post

by Trail of Bits.

via https://ift.tt/2ddd1TW