Archive for the ‘centos’ Category
Email Russ at russ AT thetechiegeek DOT com
Email Tracy at tracy AT thetechiegeek DOT com
Leave us a voice mail at 1-206-339-1575
FreeLinuxBox.org helps your un-needed Linux box find a needy home
The Techie Geek Podcast Forums! Thank you to LinuxBasix.com
Motorola Droid Bionic
Bionic disappearing app bug
App 2 SD Pro app
XP end of life
XP Compatibility Mode
Steve Jobs brainstorm with the NeXT team in this fascinating video
Best Woz interview about Steve Jobs on Dan Lyons Blog
Pixar co-founded by Steve Jobs
Tim Berners-Lee used a NeXT computer
Al Gore created the Internet (Not)
Change Desktop Resolution With a Keyboard Shortcut
YouTube to take on cable with A-list celebs
Excel slow when opened from the network
Stolen Camera Finder
Google Reader Shortcuts
Hardware hacker? Then you need the info at Form Factors .org
2Ux2.com designed by Russ (You can still get them if you need 100 of them)
New HP CEO, new plan: It’s keeping the PC biz after all
Hard Drive Shortage
Kindle Fire expected to sell 5 million in Q4
fail2ban to ban IPs that attempt too many logins
Tracy was on Ep 64 of “Linux for the Rest of Us”
Doctor Who: Regeneration (All Regenerations 1963 – 2010)
SDF.org Public Access UNIX System
Reset Windows7 Password
Derbycon 2011 videos
Samsung smartphones reportedly outship the iPhone
SecTools.Org: Top 125 Network Security Tools
Russ’s Leatherman Tools
X-Plane 10 flight simulator
How To Make Ghosts In Photoshop or GIMP
How To Make Your Own (Almost) Chromebook
How To Configure A pfSense 2.0 Cluster Using CARP
3G Hotspot Brings Home Internet Access Wherever You Get a 3G Signal
Attackers take aim at Apple with an exploit that could brick your Macbook, or perhaps worse. Plus you need to patch against a 9 year old SSL flaw.
Plus find out about a Google bug that could wipe a site from their Index, and a excellent batch of your feedback!
All that and more, on this week’s TechSNAP!
Direct Download Links:
Subscribe via RSS and iTunes:
- A nine year old bug discovered and disclosed by Moxie Marlinspike in 2002 allows attackers to decrypt intercepted SSL sessions. Moxie Marlinspike released a newer, easier to use version of the tool on monday, to coincide with Apple finally patching the flaw on iPhone and other iOS devices.
- Any unpatched iOS device can have all of it’s SSL traffic trivially intercepted and decrypted
- This means anyone with this new easy to use tool sitting near a wifi hotspot, can intercept encrypted login information (gmail, facebook), banking credentials, e-commerce transactions, or anything else people do from their phone.
- The bug was in the way iOS interpreted the certificate chain. Apple failed to respect the ‘basicConstraint’ parameter, allowing an attacker to sign a certificate for any domain with an existing valid certificate, a condition normally prevented by the constraint.
- There are no known flaws in SSL it self, in this case, the attacker could perform a man-in-the-middle attack, by feeding the improperly signed certificate to the iPhone which would have accepted it, and used the attackers key to encrypt the data.
- Patch is out with a support doc and direct download links
- After analyzing a battery firmware update that Apple pushed in 2009, researchers found that all patched batteries, and all batteries manufactured since, use the same password
- With this password, it is possible to control the firmware on the battery
- This means that an attacker can remotely brick your Macbook, or cause the battery to overheat and possibly even explode
- The attacker can also falsify the data returned to the OS from the battery, causing odd system behaviour
- The attacker could also completely replace the Apple firmware, with one designed to silently infect the machine with malware. Even if the malware is removed, the battery would be able to reinfect the machine, even after a complete OS wipe and reinstall.
- Further research will be presented at this years Black Hat Security Conference
- In the meantime, researchers have notified Apple of the vulnerability, and have created a utility that generates a completely random password for your Mac’s battery.
- A glitch in facebook allowed you to see the thumbnail preview and description of private videos posted by other users, even when they were not shared with you.
- It was not possible to view the actual videos
- Using the google webmaster tools, users were able to remove websites that did not belong to them from the Google Index
- By simply modifying the query string of a valid request to remove your own site from the google index, and changing one of the two references to the target url, you were able to remove an arbitrary site from the google index
- The issue was resolved within 7 hours of being reported to Google
- Google restored sites that were improperly removed from its index.
- Inproper input validation and output sanitation allowed attackers to inject code into their skype profile
- By entering html and java script in to the ‘mobile phone’ section of your profile, anyone who had you on their friends list would execute the injected code.
- This vulnerability could have allowed attackers to high your session, steal your account, capture your payment data, and change your password
Q: (Sargoreth) I downloaded eclipse, and I didn’t bother to verify the md5 hash they publish on the download page, how big a security risk is this?
A: Downloadable software often has an MD5 hash published along with the downloadable file, as a measure to allow you to ensure that the file you downloaded is valid. Checking the downloaded file against this hash can ensure that the file was not corrupted during transfer. However it is not a strong enough indicator that the file has not been tampered with. If the file was modified, the MD5 hash could just as easily have been updated along with it. In order to be sure that the file has not been tampered with, you need a hash that is provided out of band, from a trusted source (The FreeBSD Ports tree comes with the SHA256 hashs of all files, which are then verified once they are downloaded). SHA256 is much more secure, as MD5 has been defeated a number of times, with attackers able to craft two files with matching hashes. SHA-1 is no longer considered secure enough for cryptographic purposes. It should also be noted that SHA-512 is actually faster to calculate than SHA256 on 64bit hardware, however it is not as widely supported yet. The ultimate solution for ensuring the integrity of downloadable files is a GPG signature, verified against a trusted public key. Many package managers (such as yum) take this approach, and some websites offer a .asc file for verification. A number of projects have stopped publishing the GPG signatures because the proportion of users who checked the signature was too low to justify the additional effort. Some open source projects have had backdoors injected in to their downloadable archives on official mirrors, such as the UnrealIRCd project.
Q: (Christoper) I have a windows 7 laptop, and a Ubuntu desktop, what would be a cheap and easy way to share files between them?
A: The easiest and most secure way, is to enable SSH on the ubuntu machine, and then use an SFTP client like FileZilla (For Windows, Mac and Linux), and then just login to your ubuntu machine using your ubuntu username/password. Alternatively, If you have shared a folder on your windows machine, you should be be able to browse to it from the Nautilus file browser in Ubuntu. Optionally, you can also install Samba, to allow your Ubuntu machine to share files with windows, it will appear as if it were another windows machine in your windows ‘network neighbourhood’.
Q: (Chad) I have a network of CentOS servers, and a central NFS/NIS server, however we are considering adding a FreeNAS box to provide ZFS. I need to be able to provide consistent centralized permissions control on this new file system. I don’t want to have to manually recreate the users on the FreeNAS box. Should I switch to LDAP?
A: FreeNAS is based on FreeBSD, so it has a native NIS client you can use (ypbind) to connect to your existing NIS system. This would allow the same users/groups to exist across your heterogeneous network. You may need to modify the /etc/nsswitch.conf file to configure the order local files and NIS are checked in, and set your NIS domain in /etc/rc.conf. Optionally, you could use LDAP, again, adding some additional parameters to nsswitch.conf and configuring LDAP. If you decide to use LDAP, I would recommend switching your CentOS machines to using LDAP as well, allowing you to again maintain a single system for both Linux and BSD, instead of maintaining separate account databases. If you are worried about performance, you might consider setting the BSD machine up as an NIS slave, so that it maintains a local copy of the NIS database. The FreeBSD NIS server is called ypserv. You can find out more about configuring NIS on FreeBSD here
- Allan’s Bitcoin mining rig mined it’s 36th bitcoin today
- Research shows Bitcoin may be less anonymous than initially though
- Buy Humble Bundle 3 with Bitcoins!
- Why We Are No Longer Accepting Dwolla « TradeHill
- Do It Yourself Dropbox Alternatives
- Attackers steal 8GB of data from the Italian Cybercrime unit
- Build your own 135 Terabyte storage server for under $8000
- Anonymous claims to have 1GB of stolen data from NATO and plans to release it
- Google is now actively warning users who it detects are infected with malware, especially attempts to hijack their search results
- The US Department of Defense lost 24k files via a compromised contractor
- Australian ISP’s Wireless Routers setup second hidden unprotected WiFi network
We’ll show you how to save your hard earned monies and how easy it is to stop burning those Linux ISO’s to disc!
Then – Find out why Microsoft is one of the top contributors to the Linux 3.0, and why its really not that big of a deal… Or is it?
Plus so much more!
All this week on, The Linux Action Show!
GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20% on hosting!
Direct Episode Download Links:
Episode Show Notes:
- Debian 7.0 Wheezy to include option of GNU HURD Kernel
- CentOS 6.0 Release
- Most active developer for Linux 3.0 works for Microsoft
- Open Source Gallium3D ATI Drivers now 60-70% the performance of proprietary drivers
- Adobe Announces Flash 11 Beta. Includes 64bit version for Linux
- Ubuntu Long Term Support == Left To Scrounge?
- Active Bitcoin forum thead: LinuxCoin A lightweight Debian based OS with everything ready to go.
- New LinuxCoin homepage: Welcome to the oficial LinuxCoin Website.
- Bitcoin FTW – Chris Fisher – Picasa Web Albums
- UNetbootin – Homepage and Downloads
- commands – unetbootin
- listcustomversion – unetbootin
- Latest Windows version
- Latest Linux version
- Latest Mac OS X version