LastPass extension for Google Chrome now available, and it rocks
My Clippings October 1st, 2009 by System
Automatically pulled from Google Starred
Filed under: Security, Google, Beta, Browsers
A number of Download Squad readers have been echoing the same sentiment in recent posts about Google’s browser: as soon as LastPass is available, we’re leaving Firefox for good.
Well, gang, grab your parachutes, it’s time to bail! The LastPass crew has released an alpha version of their Google Chrome extension, and it rocks. Check out the screens after the break!
Continue reading LastPass extension for Google Chrome now available, and it rocks
LastPass extension for Google Chrome now available, and it rocks originally appeared on Download Squad on Wed, 30 Sep 2009 14:45:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments
Sponsored Topics:
Google Chrome – Google – Software release life cycle – Mozilla Firefox – LastPass
Chrome Frame presents a golden opportunity for malware authors
My Clippings September 26th, 2009 by System
Automatically pulled from Google Starred
Filed under: Security, Google, Microsoft, Browsers
Microsoft says “hey, that thing just give malware more attach points and makes our browser less secure” — which cause a lot of chuckling around the blogosphere. After all, Chrome is a pretty secure browser and was the only one not to fall at Pwn2Own this year.
However, as Sophos Labs’ Mike Wood points out, there’s one big, nasty side effect that hasn’t been talked about: social engineering malware.
Attacks offering fake AV codecs are still commonplace. Recently a fake Flash plugin for Firefox was spotted — and we’ve all seen the numerous fake antivirus apps for Windows floating around out there.
So how long will it be before someone decides to inject a bogus “you need Google Chrome Frame” popup on some compromised website? There was a time when attacks like this were mostly limited to porn and warez sites, but nowadays it could even occur on a legitimate one like the New York Times.
No, it won’t be long before this happens and people start being duped into a malicious install. And when the proverbial sh*t hits the fan, scores of users and technicians who don’t know better are gong to blame IE8 for not being secure enough and recommend a browser switch.
Whether or not Google planned it that way (I’m going to go with not), this could turn Chrome Frame into a much bigger kick in the nuts for Internet Explorer than first thought.
Chrome Frame presents a golden opportunity for malware authors originally appeared on Download Squad on Sat, 26 Sep 2009 14:00:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments
Sponsored Topics:
Microsoft – Internet Explorer – Google – Google Chrome – Google Chrome Frame
Tags: cli, email, flash, Google, Inc., IO, ma, man, Microsoft, php, security, way, wind, XP
SVN Server Admin Issue: Fix It!
My Clippings September 25th, 2009 by System
Automatically pulled from Google Starred
    |
A few months ago, Anton Isaykin in collaboration with the company 2comrades discovered a serious security problem that is quite typical of big projects (we do not name names here). To test it, they obtained the file structures and even the source code of about 3320 Russian websites and some major English-language websites. Serious problems like this aren’t supposed to exist nowadays. Every serious or visible exploit is found and fixed quickly. But here we will show you something simple and ordinary yet quite dangerous.
What Is It?
Almost every developer has used or is using a version control system such as SVN. SVN is an advanced tool for managing source code and is used by teams consisting of anywhere from two to hundreds of developers. In its architecture, SVN stores some meta data in a hidden sub-directory (called .svn) of every directory. One of the files in there, named entries, is a list of all of the files and directories contained in the folder where .svn is located.
It also has a link to the repository itself, developer log-ins, file sizes and dates. That’s a problem right there, isn’t it? So, if a project was developed using SVN, we could go to draftcopy.ru/.svn/entries and see the project’s root file structure, with all of this information.
And we could go even further. In the same .svn directory are some text-base directories containing the latest versions of all project files. Moreover, these files carry the non-standard extension .svn-base (for example, index.php.svn-base). So, the files are not run in PHP, Ruby, Python or Perl but are displayed outright!
http://draftcopy.ru/.svn/text-base/index.php.svn-base
We should note that not all websites use SVN this way. We were not able to get the source code in every case.
When we realized that this problem has persisted for almost nine years, we decided to create a crawler to check websites with Russian top-level domains and major .com websites to collect some statistics. But before we report this, let’s go over how to prevent such a thing from happening to your own project.
How To Defend Yourself
You can solve the problem in different ways. The simplest solution is to deny access to SVN meta data directories from port 80 using a Web server configuration.
Tags: apache, email, Google, Information, IO, Javascript, php, script, security, way, XP
Use Dropbox for More Than Just File Syncing [Dropbox]
My Clippings September 14th, 2009 by System
Automatically pulled from My Clippings on NewsGator Online
Ever since Lifehacker turned me on to Dropbox, it’s become one of the most essential pieces in my daily workflow. Sure it syncs files extremely well, but Dropbox is an excellent tool for so much more.
Dropbox, at its core, is a simple file synchronization utility that stores your data in the cloud and makes it accessible across Windows, Mac, and Linux machines—or via the web interface from any browser. What sets Dropbox apart from other file syncing tools is that changes are nearly instantaneous, uploads are blazing fast, and it just works.
Dropbox doesn’t have to be limited to simply syncing your documents, photos, and music, however—with the proper setup you can completely synchronize your digital life across any PC.
Sync Your Passwords Across PCs
If you’re really serious about security, you’ve already learned how to choose secure and memorable passwords and probably started securely tracking your passwords with a password manager like KeePass–an ideal candidate for using Dropbox as the ultimate password syncer. Since both Dropbox and KeePass are cross-platform applications, you can access your passwords from Mac, Linux, or Windows. (Though if you’re on a Mac, Dropbox is also great at syncing with password management tool 1Password.) You can also synchronize your web passwords with Dropbox and Roboform, and since the Dropbox web interface is available from any computer, you can even store the portable version of KeePass there and just download the files onto any computer to access your passwords.
Sync Your Pidgin Profile
The Pidgin multi-protocol IM client not only works on both Windows and Linux, but the profile directory can be synchronized across both operating systems with Dropbox and a little symlink trickery. The basic idea is that we’ll move the profile folder into our Dropbox folder, and then create a symlink from where the original used to be so Pidgin won’t even know you moved it.
To accomplish this, you’ll want to exit out of Pidgin, move the Pidgin profile folder from your %appdata% folder (hit Win+R, then paste %appdata% and hit Enter) into your Dropbox folder, open up a command prompt (in administrator mode for Vista/Win7), and then use the mklink command to create a symbolic link between the folder in Dropbox and your AppData folder like so: mklink /D %appdata%\.purple C:\Path\To\Dropbox\PidginProfile. This will make Pidgin see the folder in the same location as it’s always been, even though the files actually reside in your synced Dropbox folder. For more detailed information and doing this on XP, check out our guide to syncing files and folders outside your Dropbox folder. Linux users can use the ln command to accomplish the same thing.
Tags: Information, IO, Linux, Mac, Microsoft, Photo, php, script, security, video, Vista, way, wind, XP
TxtNinja Stashes Your Text Inside Images [Security]
My Clippings September 11th, 2009 by System
Automatically pulled from My Clippings on NewsGator Online
Have something you want other people to read but not spam bots and search-engine crawlers? TxtNinja will turn your plain text into an image to keep the bots at bay.
Why might you want to forgo plain text? One of the more popular reasons is to mask your email to keep spam bots from sucking it up as they scan web pages. Leaving your email@someprovider.com in the open makes it ripe for picking. TxtNinja allows you to turn that plain text into:
The result is an image file which is human friendly but not machine readable.
TxtNinja allows you to change the font, font size, color, background, and supports international character sets for a dozen non-English languages.
Computing’s Greatest Conspiracies
My Clippings September 10th, 2009 by System
Automatically pulled from My Clippings on NewsGator Online
The date is 7 July 1947 and the place is Roswell, New Mexico. Something has crash-landed in the desert – but what is it? The debate is still raging today and AWitnesses reported shiny silver debris scattered over the impact site. Was it the remains of a flying saucer, as the Roswell Daily Record suggested, or just fragments of an errant weather balloon? Stories and conjecture were rife, and from them came the most famous conspiracy theory in the history of the species. Were aliens being hidden from the rest of the world by the United States government?
Conspiracy theories are a thoroughly modern cultural phenomenon. In loose terms they explain historical events as being the work of secret and powerful conspirators. After 9/11, conspiracy theorists insisted the hijackings were the work of the American government. Black helicopters in the sky – that must mean that secret and wealthy juntas are up to no good. Even the humble light bulb isn’t safe from suspicion: was the everlasting light bulb designed in 1930 and then suppressed to bolster bulb makers’ future profits?
A conspiracy theory’s recipe is disarmingly simple: all you need is an occurrence, the suggestion of a dark cabal, a wilful disregard for evidence and a creative mind. Critically, however, once released the tale takes on a life of its own and begins galloping around the globe. As it travels, self-appointed experts begin picking it over, searching out ‘the real truth’. Layers upon layers of detailed information are added to what may originally have been an overheard whisper, a lie or just a simple misinterpretation.
Government cover-ups of extra terrestrial life might have been the mainstay of conspiracy theories for decades, but today the world of computing is an equally fertile breeding ground. Fuelled by never-ending debate on web discussion forums, conspiracies relating to computing and the internet abound. Here we examine 10 of the top PC-related theories and try to decide, once and for all, whether they are rooted in reality, or are nothing more than the result of too many paranoid and furtive imaginations. The truth is out there.
Hidden messages found in the Bible
Tags: bit.ly, email, Google, Information, IO, Microsoft, security, Spam, Trash, video, way, wind, XP
HOWTO : Create a FTP server with user access (proftpd)
Uncategorized September 10th, 2009 by Shai Perednik
Great post on how to setup proftpd with security.
Only down side is the normal Ubuntu apt repository has proftd 1.3.1 which has a TLS/SSL bug that allows uploading, but doesn’t give a directory listing.
So, my solution was to add the debian sid repo
and then do:
sudo apt-get update
sudo apt-get install proftpd-dev
This installed proftpd 1.3.2a which as of today is the stable release. TSL/SSL works as expected.
Circuit City Not Dead, Accepting PayPal
My Clippings September 8th, 2009 by System
Automatically pulled from My Clippings on NewsGator Online
Beleaguered electronics company Circuit City is now accepting payments via PayPal for purchases made on circuitcity.com. The arrangement was described as a “long-term relationship” between PayPal and Systemax, which purchased Circuit City’s e-commerce business in April.
“Some shoppers are uncomfortable providing their financial information directly to online merchants,” Jim Hunt, senior director of PayPal merchant services, said in a statement. “When paying with PayPal, customers’ financial information is never shared with the merchant, providing additional security and protection.”
Circuit City announced in November 2008 that it would close 155 stores and reduce its workforce by 17 percent. A week later, the company filed for Chapter 11 bankruptcy. In January, the company said it would liquidate its assets and by March, all stores were closed for good.
Systems builder Systemax stepped in and purchased the e-commerce site in April for $6.5 million in cash plus a share of future revenue generated utilizing those assets over a 30 month period. Circuitcity.com re-launched in May.
Tags: Build, Information, IO, security
WordPress under attack, upgrade your blog now
My Clippings September 7th, 2009 by System
Automatically pulled from My Clippings on NewsGator Online
Filed under: Security, News, Blogging
Several sites are reporting that a major attack on WordPress blogs started yesterday. The latest version of WordPress, 2.8.4, is not vulnerable to this particular worm, so upgrading now could save you a lot of headaches. The worm creates a new, hidden administrator account on your blog, allowing whoever’s behind this thing to access the guts of your blog, databases and all.
How do you know if your site has been affected? Lorelle on WordPress offers two possible ways to find out:
There are strange additions to the pretty permalinks, such as
example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.
Wordpress has acknowledged the attacks and encouraged users to upgrade their sites. WordPress.com users aren’t affected, as the whole system has already been updated to 2.8.4. If you’ve already been afflicted by the attack, start on the steps in WordPress’ FAQ.
[via Mashable]
WordPress under attack, upgrade your blog now originally appeared on Download Squad on Sun, 06 Sep 2009 17:35:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments
Sponsored Topics:
WordPress – Download Squad – Blog – Weblogs – On the Web
Go to Source
Tags: blockquote, email, Google, Inc., IO, php, security, way, WordPress
Sync MySQL Servers via secure SSH-tunnel
My Clippings September 4th, 2009 by System
Automatically pulled from My Clippings on NewsGator Online
$ ssh -f -L3307:127.0.0.1:3306 -N -t -x user@host sleep 600 ; mk-table-sync --execute --verbose u=root,p=xxx,h=127.0.0.1,P=3307 u=root,p=xxx,h=localhost
I wanted to keep a backup of my company database server on my local homeserver. After I found maatkit to sync databases, everything except security seemed fine. SSH takes care of that part.
by David Winterbottom (codeinthehole.com)
