March 28, 2005 5:23 PM
sudo, and passwords.
I've found the command 'sudo' to be very useful, it saves constantly entering the root password but still means that you can do things as 'root' or 'superuser'. If you add 'yourname ALL=(ALL) ALL' beneath the one for root in /etc/sudoers, then you can then use commands such as 'sudo yum -y update', and just enter your password when it prompts you. It also means that you can enter commands like './configure; make' and then 'sudo make install'. Your password is remembered for, I think this is right, five minutes before its dropped out of ram, so knowing this you could use 'sudo yum check-update' and then 'sudo yum update'.
And this brings me onto passwords. Everybody knows why you need and have passwords, but how do you choose ones that are easy for you to remember and yet so complex that they aren't easily guessed or worked out? Some people use mnemonics, e.g. ROYGBAV = Richard Of York Gave Battle In Vain = the colours of the rainbow - red, orange, yellow, green. blue, indigo, violet. Basically any phrase that you can remember easily, like a friend of mine uses 'Great Balls of Fire' and then the year of his birth, which gives GBOF1963.
Basically you want something that is not easily guessable, if you know the individual and how old they are, then the year of their birth is easy to guess/work out. And you're also trying to avoid words or phrases that are in the dictionary. So what does that leave us with? Car number plates! Here in the UK our car number plates are a seemingly random mix of letters and numbers, although there is rhyme and reason behind their order [which I won't go into at the moment]. I choose the car number from a website which is out of my area, thereby reducing the chances of me seeing that car by random - and its number is easily memorable to me, and then I add some more meaningful letters and numbers on the end, and then I change the passwords at the beginning of each new month! But only the extra letters/numbers are changed monthly, leaving the basic car number untouched. And because the majority of the password is unchanged it becomes embedded in your brain and so your fingers just fly over the keyboard without thinking about it, thereby making it harder for anyone watching to try and work out what the password is that you're inputting.
The combination of all these suggestions should make your password memorable but also harder to crack or to work out, thereby enhancing the security of your machine.
And this brings me onto passwords. Everybody knows why you need and have passwords, but how do you choose ones that are easy for you to remember and yet so complex that they aren't easily guessed or worked out? Some people use mnemonics, e.g. ROYGBAV = Richard Of York Gave Battle In Vain = the colours of the rainbow - red, orange, yellow, green. blue, indigo, violet. Basically any phrase that you can remember easily, like a friend of mine uses 'Great Balls of Fire' and then the year of his birth, which gives GBOF1963.
Basically you want something that is not easily guessable, if you know the individual and how old they are, then the year of their birth is easy to guess/work out. And you're also trying to avoid words or phrases that are in the dictionary. So what does that leave us with? Car number plates! Here in the UK our car number plates are a seemingly random mix of letters and numbers, although there is rhyme and reason behind their order [which I won't go into at the moment]. I choose the car number from a website which is out of my area, thereby reducing the chances of me seeing that car by random - and its number is easily memorable to me, and then I add some more meaningful letters and numbers on the end, and then I change the passwords at the beginning of each new month! But only the extra letters/numbers are changed monthly, leaving the basic car number untouched. And because the majority of the password is unchanged it becomes embedded in your brain and so your fingers just fly over the keyboard without thinking about it, thereby making it harder for anyone watching to try and work out what the password is that you're inputting.
The combination of all these suggestions should make your password memorable but also harder to crack or to work out, thereby enhancing the security of your machine.
March 24, 2005 11:01 PM
Detect web browser exploits + a konqueror web-browser problem.
Test your web browser for security holes with the Browser Security Test.
The Browser Security Test checks for 37 known web browser vulnerabilities in Opera, Mozilla browsers (including Firefox) and Internet Explorer. The tests take awhile to complete, and they pop up windows and invoke browser plugins - so run it when you've got some time to watch your browser get put through its paces.
Link Browser Security Test
I ran this test on Firefox 1.0.2 and it passed all the tests with no problems. I then ran it on konqueror 3.4.0-1.1.3.kde Red Hat (using KDE 3.4.0-1.1.3.kde) and it chugged through the 37 tests and in the results it failed one test in 'Medium Risk Vulnerabilities' with a description as follows;-
Microsoft Internet Explorer Search Frame Fake Caller Vulnerability (ldy20030910-02)
Description This bug can allow a malicious web site to access your data on other web sites. For example it can be used to read your mail from a web mail system.
Technical Details It is possible to open a "javascript:" URL in a Search bar in Internet Explorer and get the JavaScript code executed in a context of any domain. To do so a malicious web site needs first to open a document from a target domain in the Search bar and in an IFRAME. Then calling IFRAME's window.open function with a "javascript:" URL and a "_search" target frame executes code in Search bar in the context of previously loaded document.
Its recommendation was to update using 'Windows Update'
which doesn't worry me too much because it didn't recognise what the browser was to start with. However, it is rather worrying that the latest and greatest from KDE does have a vulnerability in its browser. But, better we know about it than we don't!
The Browser Security Test checks for 37 known web browser vulnerabilities in Opera, Mozilla browsers (including Firefox) and Internet Explorer. The tests take awhile to complete, and they pop up windows and invoke browser plugins - so run it when you've got some time to watch your browser get put through its paces.
Link Browser Security Test
I ran this test on Firefox 1.0.2 and it passed all the tests with no problems. I then ran it on konqueror 3.4.0-1.1.3.kde Red Hat (using KDE 3.4.0-1.1.3.kde) and it chugged through the 37 tests and in the results it failed one test in 'Medium Risk Vulnerabilities' with a description as follows;-
Microsoft Internet Explorer Search Frame Fake Caller Vulnerability (ldy20030910-02)
Description This bug can allow a malicious web site to access your data on other web sites. For example it can be used to read your mail from a web mail system.
Technical Details It is possible to open a "javascript:" URL in a Search bar in Internet Explorer and get the JavaScript code executed in a context of any domain. To do so a malicious web site needs first to open a document from a target domain in the Search bar and in an IFRAME. Then calling IFRAME's window.open function with a "javascript:" URL and a "_search" target frame executes code in Search bar in the context of previously loaded document.
Its recommendation was to update using 'Windows Update'
which doesn't worry me too much because it didn't recognise what the browser was to start with. However, it is rather worrying that the latest and greatest from KDE does have a vulnerability in its browser. But, better we know about it than we don't!
March 23, 2005 7:24 PM
Online security scans.
I commented back on 19 September 2004 about firewall scanning being available at Firewall Scanning. I've also found that another one is available at Sygate Online Services which is another means of checking the first scan.
Having just enabled an apache server on this machine for my use only and not for internet usage, and seeing that results from it are now showing up in logwatch, I was interested to see if it had broached my firewall. I'm happy to say that this machine passed both firewall security scans with no problems.
Having just enabled an apache server on this machine for my use only and not for internet usage, and seeing that results from it are now showing up in logwatch, I was interested to see if it had broached my firewall. I'm happy to say that this machine passed both firewall security scans with no problems.
March 18, 2005 3:55 PM
Life is easier with a script!
Every article that I've written in this blog has been uploaded off my machine using an ftp program, which isn't hard but its not what I would call 'easy' or 'intuitive'. And just for the record the program is 'gFTP' .
But, after doing some searching and then just plain surfing today, I've found a script which is working for me. Now I'm not going to steal its authors work, so instead I'll send you to his site and you can get it there, Intelligent FTP upload with LFTP. Its a very small shell script which just needs you to set three variables, save it and then make it executable, and then when you update your blog off your machine its ever so easy to upload it to the site. Have a look and play and see what I mean.
.
But, after doing some searching and then just plain surfing today, I've found a script which is working for me. Now I'm not going to steal its authors work, so instead I'll send you to his site and you can get it there
, Intelligent FTP upload with LFTP. Its a very small shell script which just needs you to set three variables, save it and then make it executable, and then when you update your blog off your machine its ever so easy to upload it to the site. Have a look and play and see what I mean.
March 13, 2005 1:57 PM
Firefox
I've been using Firefox for some time now. For some reason the Fedora Core 3 rpm version was broken and wouldn't show my gmail inbox, so I installed the Firefox from mozilla, and it works a treat. Yesterday I realised just how many extensions I'm using, thirty, yes thats right 30! I was surprised at the number, so I started looking more closely at them and what they do. And then I thought, what happens if I have to do a reinstall for some reason, I could lose them all, so to help me in that possibility and also to show the wide variety of what is available I thought that I'd list them here. So off we start;-
BlogThis 0.3 - adds right-click access to Bloggers BlogThis popup
LiveLines 0.4.1 -
Tabbrowser Preferences 1.2.2 - Enhances control over some aspects of tabbed browsers
FoxyTunes 1.1 - Control any media player from Firefox and more
Flat Bookmark Editing 0.7 - Edit bookmarks in the bookmark manager, without opening the properties window
LastTab 1.1 - Allows tab navigation in a most recently used manner.
ForecastFox 0.7 - Get international weather forecasts from weather.com, and display it in any toolbar or statusbar window
SessionsSaver .2 - Magically restores your last browser session
Bookmark Backup 0.3.3 - Creates a backup of bookmarks.html each time the browser is closed
Sort Bookmarks 0.6.0 - This extension enhances bookmark sorting functionalities
Deepest Sender 0.5.3 - Post to LiveJournal (and LiveJournal based sites) directly from Firefox with this extension
Flowing Tabs 0.4 - Wrap excess browser tabs onto multiple rows
Tab Clicking Options 0.5 - Select actions for clicking events on a tab or the tabbar
Gmail Notifier 0.4.2 - A notifier for Gmail accounts
Outliner 0.5 - Some day it will be outliner. Now its just tree notekeeper
About site 0.1.1 - Quick access to site metadata - traffic, related and linked pages, and more
AutoLogin 0.2 - Automatically logs in websites
Bloglines Toolkit 1.5.3 - Browser utilities for use with Bloglines
Bookmark Duplicate Detector 0.0.1 - Detects Duplicate Bookmarks when bookmarks are added
BookmarksHome 1.2.4 - Makes pretty startup page out of bookmarks
del.icio.us 0.4 - del.icio.us is a social bookmarks manager. It allows you to easily add sites you like to your personal collection of links, to cat..
Foxylicious 0.4 - Integrates your del.icio.us bookmarks into your Firefox bookmarks
Spurl 0.33 - Spurl bar extension for spurl.net service
POTO Sidebar Extension 0.2 - An Opera-like bookmark sidebar
ViewSourceWith 0.0.5 - View page source with external editor
Plain Text Links 0.2 - Treat selected plain text urls as links, right click to open
QuickNote 0.6 - A note taking extension with advanced features
Paste and Go 0.4.1 - Lets you paste an URL from the clipboard and directly load it.
Phew, thats a lot! And they all come from The Extensions Mirror which also holds extensions for the thunderbird email program too.
Now some of these extensions that I've got above are not too useful, and some I'm still evaluating to see if they do what they say they will and if I want to keep them, but their are some real gems in that list. But don't take my word for it, load them up for yourself and see.
BlogThis 0.3 - adds right-click access to Bloggers BlogThis popup
LiveLines 0.4.1 -
Tabbrowser Preferences 1.2.2 - Enhances control over some aspects of tabbed browsers
FoxyTunes 1.1 - Control any media player from Firefox and more
Flat Bookmark Editing 0.7 - Edit bookmarks in the bookmark manager, without opening the properties window
LastTab 1.1 - Allows tab navigation in a most recently used manner.
ForecastFox 0.7 - Get international weather forecasts from weather.com, and display it in any toolbar or statusbar window
SessionsSaver .2 - Magically restores your last browser session
Bookmark Backup 0.3.3 - Creates a backup of bookmarks.html each time the browser is closed
Sort Bookmarks 0.6.0 - This extension enhances bookmark sorting functionalities
Deepest Sender 0.5.3 - Post to LiveJournal (and LiveJournal based sites) directly from Firefox with this extension
Flowing Tabs 0.4 - Wrap excess browser tabs onto multiple rows
Tab Clicking Options 0.5 - Select actions for clicking events on a tab or the tabbar
Gmail Notifier 0.4.2 - A notifier for Gmail accounts
Outliner 0.5 - Some day it will be outliner. Now its just tree notekeeper
About site 0.1.1 - Quick access to site metadata - traffic, related and linked pages, and more
AutoLogin 0.2 - Automatically logs in websites
Bloglines Toolkit 1.5.3 - Browser utilities for use with Bloglines
Bookmark Duplicate Detector 0.0.1 - Detects Duplicate Bookmarks when bookmarks are added
BookmarksHome 1.2.4 - Makes pretty startup page out of bookmarks
del.icio.us 0.4 - del.icio.us is a social bookmarks manager. It allows you to easily add sites you like to your personal collection of links, to cat..
Foxylicious 0.4 - Integrates your del.icio.us bookmarks into your Firefox bookmarks
Spurl 0.33 - Spurl bar extension for spurl.net service
POTO Sidebar Extension 0.2 - An Opera-like bookmark sidebar
ViewSourceWith 0.0.5 - View page source with external editor
Plain Text Links 0.2 - Treat selected plain text urls as links, right click to open
QuickNote 0.6 - A note taking extension with advanced features
Paste and Go 0.4.1 - Lets you paste an URL from the clipboard and directly load it.
Phew, thats a lot! And they all come from The Extensions Mirror which also holds extensions for the thunderbird email program too.
Now some of these extensions that I've got above are not too useful, and some I'm still evaluating to see if they do what they say they will and if I want to keep them, but their are some real gems in that list. But don't take my word for it, load them up for yourself and see
.
March 03, 2005 9:50 PM
10 Steps for Boosting Creativity.
1. Listen to music by Johann Sebastian Bach. If Bach doesn't make you more creative, you should probably see your doctor - or your brain surgeon if you are also troubled by headaches, hallucinations or strange urges in the middle of the night.
2. Brainstorm. If properly carried out, brainstorming can help you not only come up with sacks full of new ideas, but can help you decide which is best.
3. Always carry a small notebook and a pen or pencil around with you. That way, if you are struck by an idea, you can quickly note it down. Upon rereading your notes, you may discover about 90% of your ideas are daft. Don't worry, that's normal. What's important are the 10% that are brilliant.
4. If you're stuck for an idea, open a dictionary, randomly select a word and then try to formulate ideas incorporating this word. You'd be surprised how well this works. The concept is based on a simple but little known truth: freedom inhibits creativity. There are nothing like restrictions to get you thinking.
5. Define your problem. Grab a sheet of paper, electronic notebook, computer or whatever you use to make notes, and define your problem in detail. You'll probably find ideas positively spewing out once you've done this.
6. If you can't think, go for a walk. A change of atmosphere is good for you and gentle exercise helps shake up the brain cells.
7. Don't watch TV. Experiments performed by the JPB Creative Laboratory show that watching TV causes your brain to slowly trickle out your ears and/or nose. It's not pretty, but it happens.
8. Don't do drugs. People on drugs think they are creative. To everyone else, they seem like people on drugs.
9. Read as much as you can about everything possible. Books exercise your brain, provide inspiration and fill you with information that allows you to make creative connections easily.
10. Exercise your brain. Brains, like bodies, need exercise to keep fit. If you don't exercise your brain, it will get flabby and useless. Exercise your brain by reading a lot (see above), talking to clever people and disagreeing with people - arguing can be a terrific way to give your brain cells a workout. But note, arguing about politics or film directors is good for you; bickering over who should clean the dishes is not.
Source - Ten steps for boosting your creativity.
2. Brainstorm. If properly carried out, brainstorming can help you not only come up with sacks full of new ideas, but can help you decide which is best.
3. Always carry a small notebook and a pen or pencil around with you. That way, if you are struck by an idea, you can quickly note it down. Upon rereading your notes, you may discover about 90% of your ideas are daft. Don't worry, that's normal. What's important are the 10% that are brilliant.
4. If you're stuck for an idea, open a dictionary, randomly select a word and then try to formulate ideas incorporating this word. You'd be surprised how well this works. The concept is based on a simple but little known truth: freedom inhibits creativity. There are nothing like restrictions to get you thinking.
5. Define your problem. Grab a sheet of paper, electronic notebook, computer or whatever you use to make notes, and define your problem in detail. You'll probably find ideas positively spewing out once you've done this.
6. If you can't think, go for a walk. A change of atmosphere is good for you and gentle exercise helps shake up the brain cells.
7. Don't watch TV. Experiments performed by the JPB Creative Laboratory show that watching TV causes your brain to slowly trickle out your ears and/or nose. It's not pretty, but it happens.
8. Don't do drugs. People on drugs think they are creative. To everyone else, they seem like people on drugs.
9. Read as much as you can about everything possible. Books exercise your brain, provide inspiration and fill you with information that allows you to make creative connections easily.
10. Exercise your brain. Brains, like bodies, need exercise to keep fit. If you don't exercise your brain, it will get flabby and useless. Exercise your brain by reading a lot (see above), talking to clever people and disagreeing with people - arguing can be a terrific way to give your brain cells a workout. But note, arguing about politics or film directors is good for you; bickering over who should clean the dishes is not.
Source - Ten steps for boosting your creativity.
March 02, 2005 8:00 PM
Identity theft.
Did you know that identify theft is less likely to happen online than through traditional means, like losing your wallet or having your purse stolen? Moreover, the identity thief is more likely to be one of your relatives than a stranger?
According to some statistics compiled by the 2005 Identity Fraud Survey Report, released recently by the U.S. Council of Better Business Bureaus and Javelin Strategy and Research, family members, friends, and neighbors make up half of all known identity thieves. Computer theft is way down the list.
Computer identify theft can occur when fake e-mails (known as phishing) claiming to be from your bank or credit card company warn you that there has been a problem with your account and that you need to log on to the attached link (URL) in the e-mail. These can look like the real thing, but the links will take you to a bogus website. Do not respond to these.
Only 2.2 percent of identify fraud comes from viruses or hackers and 1.7 percent from fake e-mails. The biggest risk for identify fraud comes from the old-fashioned method of stealing your wallet or purse or via paper records obtained from your unshredded trash or from people who know you. The other risk comes from stolen mail. But the thieves need more than just your name, address, e-mail or your mother's maiden name. They need your Social Security and/or bank numbers. This data is usually obtained from stolen mail or unshredded records, which allows the crooks to complete credit applications and get a credit card in your name.
Learn more about this problem and how to protect yourself at:
8 Tips to Avoid Identify Theft http://www.aarp.org/bulletin/yourlife/Articles/a2004-01-28-8tips.html
Take Charge: Fighting Back Against Identify Theft http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm
Identity Theft Exposed http://www.aarp.org/money/consumerprotection/scams/Articles/a2002-10-03-WiseConsumerIdentityTheft.html
How Not to Get Hooked by a 'Phishing' Scam http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm
U.S. Federal Trade Commission: Your National Resource for Identity Theft http://www.consumer.gov/idtheft/
According to some statistics compiled by the 2005 Identity Fraud Survey Report, released recently by the U.S. Council of Better Business Bureaus and Javelin Strategy and Research, family members, friends, and neighbors make up half of all known identity thieves. Computer theft is way down the list.
Computer identify theft can occur when fake e-mails (known as phishing) claiming to be from your bank or credit card company warn you that there has been a problem with your account and that you need to log on to the attached link (URL) in the e-mail. These can look like the real thing, but the links will take you to a bogus website. Do not respond to these.
Only 2.2 percent of identify fraud comes from viruses or hackers and 1.7 percent from fake e-mails. The biggest risk for identify fraud comes from the old-fashioned method of stealing your wallet or purse or via paper records obtained from your unshredded trash or from people who know you. The other risk comes from stolen mail. But the thieves need more than just your name, address, e-mail or your mother's maiden name. They need your Social Security and/or bank numbers. This data is usually obtained from stolen mail or unshredded records, which allows the crooks to complete credit applications and get a credit card in your name.
Learn more about this problem and how to protect yourself at:
8 Tips to Avoid Identify Theft http://www.aarp.org/bulletin/yourlife/Articles/a2004-01-28-8tips.html
Take Charge: Fighting Back Against Identify Theft http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm
Identity Theft Exposed http://www.aarp.org/money/consumerprotection/scams/Articles/a2002-10-03-WiseConsumerIdentityTheft.html
How Not to Get Hooked by a 'Phishing' Scam http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm
U.S. Federal Trade Commission: Your National Resource for Identity Theft http://www.consumer.gov/idtheft/