In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE…. Brian Krebs at the Security Fix has some details on some of the new and interesting ways phishers are trying to exploit to seperate us from our personal information.
Tag: login
-
The security of remote tech support (ultravnc sc or x11vnc with wrapper script)
Well, I’ve got a nice way of doing “easy” one click (or one cut and paste) light desktop support for windows or linux, one uses ultravnc sc, the other uses x11vnc with a special wrapper script. So, what security flaws are there in this process? Well, for starters, I see the biggest vulnerability for the computer running the listening vncviewer (because it HAS to be available to the outside world.) That means the tech support desk must keep on top of vncviewer updates and keep the service turned off when not expecting a client connection. The other question that comes to mind is encryption though….
-
A closer look at x11vnc
I’ve got to say, one of the things I really like about linux are the myriad of options for remotely administering a system. SSH is the one I use the most, but for the graphical you have x (especially on the LAN), nxserver (which is a compressed and optionally encrypted wrapper of the X protocol….), vnc can be used, although as I’ve noted in the prior articles one problem with either nxserver, X or vnc is that you can’t by default connect to a running X session. x0rfbserver CAN, but only if a user is logged in (as far as I know….) I found an interesting trick with x11vnc that let’s you run it even if the system is at the greeter. (the login screen for X).
-
Ernst & Young loses laptop, exposes almost 250k hotels.com customers – database mayhem roundup
The Register is reporting on Ernst & Young’s loss of a laptop which had information on around 243,000 hotels.com customers. Apparently Hotels.com was notified on May 3rd. Apparently the laptop made use of a password as the only security measure. From the article….
-
Google Notebook debuts
Late last night there were discoveries of the login page for Google Notebook, then came the Official Googleblog announcement of Google Notebook and of course news of the launch spread like wildfire (along with a direct link there to the plugin download. Yes, Google Notebook is finally reality. I haven’t had a chance to test yet, but I did log in and download the extension for Firefox (I haven’t had a chance to close out and restart firefox yet, too much going on…)
-
Google Calendar revisited
When Google Calendar first rolled out, I took a look and was not overwhelmed. Now, I’ve had a chance to revisit and see a few improvements. First, one of my initial problems was that I couldn’t get to calendar from gmail. The code has now been added in the upper left corner to navigate between the two (or the google homepage, or their “other services”). This was missing when I first looked. I distinctly remember seeing it in one of the testing screenshots. Even immediately after I had started out with the Calendar, the link was still not there. I’m not sure when, but it’s there now. Good.
-
Google Calendar escapes into public use..
There have been rumors for (years?) a long time at least, that google was preparing something known as cl2 which would be a calendar with full gmail integration. There were screenshots, many of which were photoshopped from another web calendar, but there were others that were more convincing… well, as of late yesterday Google Calendar has escaped in to public view. http://www.google.com/calendar. I first tried logging in through my gmail account thinking I might see info there, but I didn’t, so I went to the above link and answered a question about what time zone I’m in, then got to see the main interface.
-
Using the command line in linux – part 2
This is part two in a series of “how to use the command line in linux” style articles…. these are intended to be quite basic for those that have not used a command line before…. In part one we logged in (if necessary) and found out about the help command, navigated a bit with the arrows and exit -ed from our login. This time we’ll try to learn a bit more about dealing with files and navigating. In a graphical interface, if you browse files, you’re presented with a list of files and folders for a directory that you can scroll through and read at your leisure. In the command line we have to tell the computer to list the files and folders for the directory that we’re currently “in” to list those in linux, we use the ls command….
-
Using the command line in linux – part 1
I know many people get intimidated with a black screen, white text and blinking cursor. No mouse, not knowing where to start…. well, I’m going to spend a bit of time in this article trying to help show you how to survive the command line in linux. For starters, don’t think that linux is a command line only operating system. In some installs, the administrator may not want a gui, but there are some VERY functional and full featured graphical interfaces for linux. For me though, if you know what you want to accomplish, the command line can be a much more efficient way to “get the job done” for many tasks.
-
Scheduling tasks in linux – the at command
I did an article a while back about cron and scheduling tasks in linux (I also mentioned kron which is a graphical interface for cron scheduling…). That works well and good for things that happen on a recurring basis, but the next question is what if I want to schedule a command (or series of commands) to happen once and not again? Well, to tell the truth I’ve used cron for this on occasion, being sure to revisit the crontab and remove the entry before it repeats again, but there is a better way. At.