Detect malicious traffic with MalTrail in Linux

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name, URL, IP address or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware).


  • Uses multiple public blacklists (alientvault, autoshun, badips, sblam etc)
  • Has extensive static trails for identification (domain names, URLs, IPaddresses or User-Agent values)
  • Optional heuristic mechanisms for detection of unknown threats
  • Based on Traffic -> Sensor <-> Server <-> Client Architecture
  • Web reporting interface

Continue reading “Detect malicious traffic with MalTrail in Linux”

Do I need An antivirus in linux?

Afraid to answer a bit background knowledge is necessary first.

Viruses hardly exists any more. Programs that infect other executables, overwrite parts of them and/or add new code to them is not how malware spreads nowadays in most cases. In windows that distinction is not really necessary, windows users use the term “virus” to describe every form of malware (and user error, sorry, couldn’t resist 😉 ). But in Linux that distinction is important as virus scanners in Linux do exactly what the name says…they scan for viruses. They don’t protect you against attacks from websites in any form. And on top of that they hardly even scan for Linux viruses…there are only very few proof-of-concept Linux viruses at all. And due to people never installing anything themselves but always packages provided by the distro through the package manager there is almost no attack surface for traditional viruses…no spreading of .exe saying they are the most fancy screensaver or similar. So the Linux virus scanners actually mostly scan for windows viruses, for example in a mail server scanning email attachments before delivering the mails.

Continue reading “Do I need An antivirus in linux?”

Why Linux Distro’s Are More Secured Than Any Other Operation Systems

Linux is an open source operating system where everyone can read the entire codes but still it is considered more secure as compared to the other operating systems. Linux has been extensively deployed in the tech market as many of the gadgets are Linux based and that is why more people are building trust on the Linux platform. To throw more light on why Linux has superior internet security capabilities, let us check out some of its security features.


Continue reading “Why Linux Distro’s Are More Secured Than Any Other Operation Systems”

Ubuntu Security: The Wifi Passowords Are Stored In Clear Text, Outside The Users Home

A user has reported that the wifi passwords are not encrypted on Ubuntu systems, being stored in clear text in a folder outside the user’s home, (/etc/NetworkManager/system-connections/) making it accessible for unwanted users.

2600 - goatse logo ubuntu

After this issue has been reported, a Canonical developer has explained in the mailing lists that this is caused by the fact that the “All users may connect to this network” option is enabled by default.

This issue has an easy fix, directly from the graphical user interface. All you have to do is: Open network indicator -> Edit connections -> Select network -> Click edit -> untick “All users may connect to this network.” from the general tab.

By doing this setting, the password will be stored in the user’s home and so, it will become unavailable for unwanted users. Also, encrypt your homedir, for better security.

Ultimate n00b guide to Bitcoin client installation and security/cold storage!

I previously submitted a thread which you can find here with a video tutorial to use the very robust Armory bitcoin client.

But for this submission I will provide the instructions to use Electrum BTC client which provides “Instant on” (your client does not download the blockchain, it uses a remote server).

This will show you how to configure a “watch-only” seedless wallet so that you can receive payments and see your balance on a computer you connect to the Internet with while ensuring that a hacker cannot spend your coins without first “approving” signing the transaction using an OFFLINE computer which you can then return to your online computer and broadcast on the network. If you’re confused, don’t worry, just follow along.


Get an offline computer. This can be a physical device or a separate installation on your current computer. Security tip: Here’s one method on how to disable USB auto run on your offline computer, so that a malware infected USB drive cannot spread its infection.

[Offline PC] Install Electrum via a USB-Key. Here is the download link.

[Offline PC] Create a new wallet. Write down the seed and memorize it, after which you should probably destroy the seed or keep it safe in a fire/waterproof lockbox. Password encrypt your wallet using a passphrase created using diceware for upmost security.

[Offline PC] Import/Export and copy your “Master Public Key” and put it in a text file on your USB-Key.

[Online PC] Install Electrum and select Restore in the dialog box shown on the first start up, use the “Master Public Key”.

You now have an online wallet where you can check your balances and give out new addresses, but you can’t however spend the coins. So if an attacker would be able take over your online computer your coins can’t be lost.

To make a transaction (to spend your Bitcoins) do the following:

[Online PC] Go to the send tab and make a transaction. Instead of sending it, Electrum will detect a seedless wallet and query for a location to save the transaction. Select your USB-Key.

[Offline PC] Go to Settings -> Import/Export -> “Load raw transaction”. Select your transaction from the USB-Key. It will detect it’s not signed and will prompt you to do so now. Fill in your password and sign the transaction. Save the new, signed, transaction to your USB-Key.

[Online PC] Go to Settings -> Import/Export -> “Load raw transaction”. Select the signed transaction and it will ask you if you want to broadcast it.

Hope you all found this helpful 🙂 Also if you are uber n00b please take the time to check out the FAQ which is also found on the right hand side of this blog.