Four short links: 22 March 2018
Security Policy, Censored 3D Printers, Standup Tips, and Auto-Banning
- Protecting Security Researchers — Dropbox issues, amongst other good steps toward public security researchers, a pledge to not initiate legal action for security research conducted pursuant to the policy, including good faith, accidental violations.
- Early-stage Malicious Activity Detection in 3D Printing — teaching a 3D printer to recognize that it’s being used to print a gun, so it won’t. (via Miles Brundage)
- 5 Ways to Tune Up Your Standup — Teams need to start thinking of impediments in terms of “what is slowing me down” rather than “what has stopped me.” Testify!
- Fail2Ban — scans log files (e.g., /var/log/apache/error_log) and bans IPs that show the malicious signs — too many password failures, seeking for exploits, etc. Generally, Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g., sending an email) could also be configured. Out-of-the-box Fail2Ban comes with filters for various services (apache, courier, SSH, etc).