Archive for the ‘code’ Category

Firefox 3.6.6 Crash Protection – crashing?


2010
06.28

Is it just me or is the new version of Crash Protection which pushed itself via a new release of Firefox up to 3.6.6 marking every instance of Flash as crashed? On the one hand, this may be a little salute to the Flash – Apple situation (though I hardly think it likely).

Am I the only one who’s experiencing this? Hmmm…

Oh, yes – remember to make sure your add-ons are up-to-date

Secure SSH Tunneling – at no extra cost


2010
06.19

Assuming you have a Windows machine and you interact with Linux boxen at any stage, chances are high that you have used and interacted with PuTTY at one stage or another. That beautiful, less than 2 sec, 444K download of a tool (currently at version 0.60 beta) allows you to SSH, COM-direct, RSH, Telnet etc from the desktop. Both examples below relate to MySQL port tunneling.

SSH Tunnels using the Bash command line

Running on a proper machine (or even a Windows with Cygwin or a Mac Terminal) allows you to quickly tunnel a session to a remote server: (more…)

Upgrade and update WordPress without the FTP/FTPS options


2010
06.18

You may not have FTP or FTPS running on your server (either by choice or decision).

In order to manage that, there is a simple workaround you can implement. (more…)

WordPress 3.0 is out!


2010
06.17

Just a quick note – remember to upgrade now! But you knew that already! :)

218 people helped fixing the 1217 bugs, with a new default theme called Twenty Ten and a whole lot more.
(more…)

[SOLVED] phpSysInfo – failed to open stream on Ubuntu 10.04?


2010
06.15

phpsysinfo eval : 2 Message : parse_ini_file(/usr/share/phpsysinfo/data/distros.ini): failed to open stream: No such file or directory File

There is a simple fix for this in version 3.0.5:
(more…)

[SOLVED] mysql-server5.1.5.141-3ubuntu12.1 hangs on upgrade


2010
06.15

There are a lot of words about the MySQL upgrade on Ubuntu 10.04 (64 bit specifically, perhaps the 32bit version too?) — it just hangs:

You get the hopeful message:

Preparing to replace mysql-server-5.1 5.1.41-3ubuntu12.1

but then nothing happens and everything just hangs. (more…)

Adobe Flash and Adobe PDF zero-day critical vulnerability in the wild.


2010
06.05

From Adobe‘s advisory:

A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix.

Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions on Windows, Macintosh, Linux and Solaris are affected, as well as Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX. So it’s kinda big. What to do? (more…)

Symlinks (symbolic links) in Samba Ubuntu for Windows


2010
06.04

To enable symlinks in Samba for filesharing across platforms inWindows, modify

/etc/smb/samba.conf

and add in the [global] section:

follow symlinks = yes
unix extensions = no

There has been some discussion about

wide symlinks = yes

However, due to the attack vector on Samba servers from Windows allowing file traversion, back in February 2010, you may want to force-set wide symlinks to no– it works without that declaration and is set to no by default.

Samba cheat sheet – Ubuntu


2010
06.02

Samba. Whopping goodness. Here are a few notes that help in the setup – from user creation, to directory settings etc

This blog post contains a few lessons learnt and thus by extension a migration plan from a Windows file server to a Samba-based one running on Ubuntu 10.04 LTS. I look at users, system vs smbpasswd user creation and linking (set that up in Webmin before you start, as well as for groups), share setups, general permissions and some very basic troubleshooting (as there weren’t many troubles, just headaches.) (more…)

Upgrade your Ubuntu Distro from the Command Line – Server or Desktop


2010
06.01

What release / version are you running?

cat /etc/lsb-release

or

cat /etc/issue

But you knew that already — to upgrade the version of the Ubuntu installation you have is quite simple – just storing it so that I have it somewhere :) (more…)

Install Webmin on Ubuntu


2010
05.31

Just a quick note (as I keep forgetting, and a cut-and-paste solution is a quicker time to market) – but you knew that already. Installing Webmin is quite simple (download directly, or from the mirrors). Currently, 1.510-2 is the latest version – check on www.webmin.com for further details. As an aside, the book Webmin Kompakt – by Holger Reibold – is available for download!

So here’s a simple step-by-step: (more…)

Security Summit 2010 Wrap-Up


2010
05.14

So the Security Summit 2010 has come to an end. Featuring speakers such as Moxie Marlinspike, Joe Grand and Jeremiah Grossman (again), it’s a pity to say that there wasn’t much new that was presented. With repeated concerns about input- and output-validation, as the OWASP Top 10 for 2010 highlight and were used as a repeated example, and a call for a holistic approach to a company’s security posture, the idea of making the thought (and practice) of security part of the organisation’s culture came through over and over again. (more…)

Testing POP3 and IMAP servers from the command line in CMD or bash


2010
04.25

It’s quite simple, really: POP3 (Exchange, dovecot etc) you know, IMAP (Exchange, dovecot, courier etc) you know — so this is just a recap, right? You know how to telnet into the machine — in Vista or Windows 7, you may need to install it separately using “Add/Remove Programs”, or just use Putty in Telnet mode…  otherwise, apt-get install telnet if it’s not on your machine (or yum install telnet)

POP3:

telnet SERVER 110 (more...)

clamav 0.94 finally reaches end of life


2010
04.16

clamav finally sent the end-of-life payload yesterday evening – 0.96 is the current version, so it’s been a good run :)

Possible symptons you experienced:

  • Repeated notifications:WARNING: getpatch: Can't download daily-
  • All freshclam mirrors are ignored
  • Your mailq fills up with detailed MAILER-DAEMON messages referring to the End-of-Life nature of clamav 0.94
  • (… add your own here…)

But they warned they’d do this in October 2009:

Starting from 15 April 2010 our CVD will contain a special signature which disables all clamd installations older than 0.95 – that is to say older than 1 year.

This move is needed to push more people to upgrade to 0.95 .
We would like to keep on supporting all old versions of our engine, but unfortunately this is no longer possible without causing a disservice to people running a recent release of ClamAV.
The traffic generated by a full CVD download, as opposed to an incremental update, cannot be sustained by our mirrors. (more…)

Remote Desktop vs Local Desktop


2010
04.15

CTRL+ALT+DEL

Local: CTRL+ALT+DEL

Remote: CTRL+ALT+END

RESTART

Local: Start -> Shutdown -> Restart

Remote: Start-> Run -> shutdown -t 0 -r

I just keep forgetting it…

If you’re itching for those GNU apps from Linux on Windows…


2010
04.09

You’re stuck on a Windows box. But you don’t want to install MinGW32? Can’t dual-boot to run Ubuntu or Debian on your Windows machine for some for that GNU happiness that sed, groff, wget, whois and all those happy apps bring with it? (more…)

synch.cc has just launched systemsaudit.co.za


2010
04.03
You deserve to take a break and let the synch.cc system audit service take care of things for you

Now you get to kick back - a dog's life!

It’s up – the full network and business system audit and asset tracking service by synch.cc, tracking hardware, software and assets using a background scheduler – more at systemsaudit.co.za!

A systems auditing service with clean reporting and charts like this has never been easier!

Had to just add a plug for it here, too :)

And the picture of the puppy was just too cool to resist!

Step-by-step virus disassembly


2010
03.30

Over at SkullSecurity they’ve done a great job of a step-by-step disassembly of the Energizer Trojan using IDA. Using a sterile/insight environment, they go through the code to give you an insight into the workings of “obfuscation” (or lack thereof), backdoor management (on port 7777) and more.

Good beginner’s intro with pretty pictures :)