Got Root Articles

ASL Lite 1.0

Tue, 09 Feb 2010 00:00:00 +0100

ASL Lite is a new lightweight rule updater project designed specifically as an ASL rule downloader for custom apache environments, control panel software like cpanel and directadmin, or non-apache/mixed web server implementations. ASL Lite supports a guided dialog similar to the standard asl configuration, that allows for the definition of custom commands for restarting web services, location of configuration files, and use via cron.

Atomic Secured Linux 2.2.3 Released

Mon, 01 Feb 2010 01:00:00 +0100

We are proud to announce the latest release for our flagship Atomic Secured Linux product, the latest in unified threat management systems. Atomic Secured Linux(tm) is an out-of-the-box Unified Security Suite for Linux(tm) systems designed to protect your servers against both known and unknown threats. It is distributed through a subscription yum channel ensuring that ASL is always kept up to date.

Atomic Secured Linux 2.2.2 Released

Thu, 07 Jan 2010 14:00:00 +0100

Atomicorp is proud to announce the release of version 2.2.2 of Atomic Secured Linux. Our full service security suite for Linux based systems.

Atomic Secured Linux 2.2.1 Released

Sun, 13 Sep 2009 06:47:00 +0100

We are proud to announce the release of Atomic Secured Linux 2.2.1 the latest version of our cutting-edge Unified Security solution for servers.

Follow the status of the Real Time rules on twitter

Sun, 21 Jun 2009 19:49:00 +0100

We've setup a twitter feed for our subversion system. When we put out new rules you'll get a tweet. You can follow us here:

GotRoot/Atomicorp Real Time Rules Twitter Feed

Stop Rogue devices on your network for free

Thu, 09 Apr 2009 22:24:00 +0100

Rogue devices, like unauthorized hosts or rogue APs got you down? Here are several free and powerful solutions to detect, stop and even quarantine rogue devices on your network.

Standalone modsecurity rules updater available

Tue, 07 Apr 2009 18:29:00 +0100

ASL customers already have this built into ASL, but for those running the rules without ASL we have developed a stand alone rule updater/downloader:

Automatic Rule Updater (cache)

And the config file for the same:

Automatic Rule Updater Config file (cache)

Installation instructions are available here:

Installation Instructions (cache)

MD5 weakness Proof of Concept

Tue, 30 Dec 2008 18:45:00 +0100

MD5 (cache) weaknesses have been known for some time now and security researchers have been recommending against its use for a few years, while predicting that a realistic attack was just around the corner. Research was published today that demonstrates that realistic attacks are possible now. The research deals with a proof of concept collision attack to create fake CA certificate using MD5. The researchers state that a knowledgeable attacker can fake a valid signature on a CA certificate, thereby making it possible to hijack the PKI used to sign SSL certs by pretending to be a valid CA. The researchers website MD5 considered harmful today (cache) has the details. In short, nothing important should use MD5 anymore.

BotHunting tool

Mon, 22 Dec 2008 00:00:00 +0100

For those that are not familiar with it, SRI has a great project called BotHunter?. Its a snort derivative using special rules and some SRI code to detect bots on your network and to anonymously share data with the BotHunter? folks. The installer is top notch and we really like what the project is doing. Check it out yourself at http://www.bothunter.net

ASL 2.0 Final Released

Mon, 07 Jul 2008 16:06:00 +0100

Prometheus Group is proud to announce the release of Atomic Secured Linux 2.0, the latest version of our cutting-edge Unified Security solution for servers.

Virtual Patch for Hidden Text Exploit

Thu, 24 Apr 2008 22:00:00 +0100

SANS ISC (cache) brings us a report (cache) of a new method spammers are using to put links into blogs using hidden text. We don't consider this a WordPress vuln, but rather a class of problems revolving around hidden test. This is very reminiscent of the iframe attacks using hidden iframes. In the spirit of making the world a nicer place, we're publishing Modsec rules to protect against this problem. You can download the rules from here. Right now its one rule, but as we discover other ways to protect against this we'll update the file. If you are running ASL or have a subscription to the real time rules, this is included in the latest update automatically.

Free Modsecurity 2.5 rules released

Tue, 18 Mar 2008 00:00:00 +0100

We've been providing 2.5 signatures and rules to our ASL customers for over a year, and are proud to announce the availability of these rules through the GotRoot? lab website. The free rules are delayed 30 days. Want the rules in real time? Well sign up now! Its only $99.95 a year for a real time subscription to the most comprehensive and widely used WAF rules on the Internet!

ASL 2.0 final beta out

Tue, 05 Feb 2008 01:18:00 +0100

We've been been working like mad men on ASL (especially Scott), and we're at the final Beta. 2.0 final is just around the corner. The GUI is slick, tons of new security features, vulnerability scanner, built in support portal and more. Check it out on the ASL website.

Site move complete

Tue, 05 Feb 2008 00:47:00 +0100

For anyone that had problems logging into their accounts, I do apologize for the delay fixing the site. The problem was very very very convulted. Ah the joys of moving boxes, upgrading PHP, MYSQL and Javascript. Logins should be working again for everyone.

Virtual Patching talk at SANS CDI

Wed, 12 Dec 2007 23:58:00 +0100

Ryan Barnett and I will be giving a talk on Virtual Patching at SANS CDI 2007. Our talk is on December 14th, from 7:30PM to 8:30PM. Drop by and join us, and after please join us for beers and friendly banter.

Heres a link to the official SANS CDI page:

https://www2.sans.org/cdi07/night.php?portal=821dc21b4842373211f7acb46edf6b96

Virtual Patching article with SANS

Wed, 12 Dec 2007 23:48:00 +0100

I recently put together a tips and advice article for Virtual Patching for SANS (cache). You can read it here Virtual Patching for Web Applications with ModSecurity (cache). Technical Review of the article was by Ryan Barnett and GIAC Advisory Board, which I greatly appreciate.

Filter out iframe attacks

Sun, 02 Sep 2007 23:44:00 +0100

iframe attacks seem to be taking a hold with many vulnerable websites. The problem obviously being vulnerable ap plications, which we would all like to see fixed. However, not everyone can be so lucky as to have either perfect applications, or perfect countermeasures against these vulnerabilities. Enter output filtering. We've put together a special set of rules for anyone running apache. This will filter out all your iframe attacks.

Modsecurity 2.0 compatible rules released

Sun, 22 Oct 2006 19:45:00 +0100

2.0 compatible rules were released today. Consider these beta quality rules until further testing is done. Also, the format of the rules has changed considerably in 2.0, so if you want production quality we recommend you use the 1.9 rules with modsecurity 1.9.4.

Incoming calls problems with Broadvoice and Asterisk

Thu, 29 Jun 2006 22:14:00 +0100

Asterisk users of broadvoice may have noticed a problem with not recieving inbound calls today. It appears that something changed in the way Broadvoice sends their SIP packets, but we have the solution: Just make the following change to your extensions.conf file:

Look for the extensions.conf context for your incoming calls, in our case, its [from-broadvoice], and add this line at the end of your context:

exten => YOURPHONENUMBER,1,Goto(from-broadvoice,1,1)

Make sure you change the "from-broadvoice" to the name of your incoming calls context.

Flaw in Microsoft AntiSpyware Beta 1

Wed, 25 Jan 2006 23:03:00 +0100

The current version of Microsoft AntiSpyware? Beta 1 (version 1.0.701) contains a bug which causes issues for multiple users of a Windows XP system.

Symptoms of the issue are: 1) When a user logs in, they recieve an "Unexpected Error; quitting" messagebox. 2) When uninstalling or installing MSAS, the user recieves an "Error 1904.Module C:\Program Files\Microsoft Antispyware\XXXXXXXX.dll failed to (un)register. HRESULT -2147220473" on multiple dlls, even when they are an Administrator.

The issue arises from improper registry key permissions.

We have come up with a non-optimal workaround for the issue (click Read More...), and we are currently working on a more advanced solution.

We have not tested MSAS for the issue on other systems at this time.