Fedora :: Spideroak HUGE Security Flaw
Feb 18, 2011
I've evaluated about 15 offline storage systems this week, and one of the best was spideroak, but there's a huge issue in their shared folder structure and procedure.When you make part of your data shareable you MUST share a folder from your original disk. This is a real pain. You cannot share specific files like you can on many others.To initiate sharing your establish your unique username for sharing (different preferably than your spideroak username) the share name, and the room key (password).While you might expect the share name to be part of the URL that guides you to the share which then accepts your password for access, thats not how it works. Instead spideroak gives you a URL that contains the PASSWORD and does not even mention the share name!!
Therefore anyone you give the URL to has direct access to the share you create (which is what you are trying to accomplish in general) but any browser THEY USE will remember the URL which contains the password, not the share name.THIS IS A HUGE SECURITY ISSUE since you have no control over how an authorized user is going to access your data and from where and most users are not sophisticated enough to guard against the default intrusion they are going to leave behind.
View 3 Replies
ADVERTISEMENT
Oct 21, 2010
Quote: The open-source Linux operating system contains a serious security flaw that can be exploited to gain superuser rights on a target system. The vulnerability, in the Linux implementation of the Reliable Datagram Sockets (RDS) protocol, affects unpatched versions of the Linux kernel, starting from 2.6.30, where the RDS protocol was first included.
According to VSR Security, the research outfit that discovered the security hole, Linux installations are only vulnerable if the CONFIG_RDS kernel configuration option is set, and if there are no restrictions on unprivileged users loading packet family modules, as is the case on most stock distributions.
View 3 Replies
View Related
Jul 18, 2009
I refrained from posting this in the Kernel Vulns thread earlier, due to its zero-day status. But now that the issue has been Slashdotted, there's no use in keeping us from publicly discussing this vulnerability. The link to the article (from which I quote below) is here. Brad Spengler's original announcement on the Dailydave mailing list is here.Quote:A researcher has published exploit code for a new vulnerability he discovered in the Linux kernel. The vulnerability is an especially interesting one in that the researcher who discovered it, Brad Spengler, has demonstrated that he can use the weakness to defeat many of the add-on security protections offered by SELinux and AppArmor.
View 9 Replies
View Related
Jul 27, 2010
I have downloaded the rpmpackage SpiderOak-9680-1.fc10.i386.rpmBut when I installed the package and run the client I don't get any category-maps in the backup tab "Basic mode" .So my question is, are the rpm package "SpiderOak-9680-1.fc10.i386.rpm" compatible with F13 ?The rpmpackage is made for F10 but is there any differences in the package-structure so it will not work fully in F13 ?
View 3 Replies
View Related
Sep 12, 2010
Lastb often shows me a huge list of attempted ssh logins.Such as this excerpt:
Code:
admin ssh:notty Sat Sep 11 23:47 - 23:47 (00:00) 184-154-37-12.Huge-DNS.COM
root ssh:notty Sat Sep 11 23:47 - 23:47 (00:00) 184-154-37-12.Huge-DNS.COM
[code]....
View 14 Replies
View Related
May 9, 2010
For a long time I've used a custom xsession that loads Mythtv without any sort of desktop environment. Every time I upgrade I've just backed up and restored my xsessions entry. I did the same when switching to 10.4 only to find that the custom xsession entry causes gdm to login WITHOUT a password.When I select the custom xsession in GDM I get logged in immediately without a password or confirmation. The expected behavior is that I'd select the xsession and not get logged in until after entering my password. I've done some trial and error with this issue and it seems that it boils down to a single line in the custom xsession file.
View 4 Replies
View Related
Sep 22, 2010
Just installed the latest kernel upgrades, rebooted, fired up KDE and got this message: "KDE detected that one or more internal sound devices were removed. Do you want KDE to permanently forget about these devices? The list of the devices KDE thinks can be removed: Capture: HDA Intel (AD198x Analog) Output: HDA Intel (AD198x Analog) Output: HDA Intel (AD198x Digital)"
It then asked, "yes, cancel, manage devices." When I clicked on "manage" it showed Esound as the only device, but it didn't work. So, was something was left out when the packages were compiled?
View 14 Replies
View Related
Jul 16, 2010
I just installed opensuse 11.3 freshly from opensuse-GNOME-livecd.I read about spideroak and trying to install it via zypper
View 3 Replies
View Related
Mar 12, 2011
Who am I meant to ask nicely to get such applications as Spideroak into the 11.4 repositories?
View 8 Replies
View Related
May 27, 2011
After upgrading KDE from 4.6.0 to 4.6.3 SpiderOak will fail to run with message. Cannot mix incompatible Qt library (version 0x40703) with this library (version 0x40701). There's no more SO package in Non-OSS, apparently due to some support issues. That's a pity, since Dropbox had conceded access to US agencies, IMO SpiderOak is a really good option, and has been working very nicely until now. Anyway, Yast tells me that KDE 4.6.0 uses Qt 4.7.1, while 4.6.3 brings in Qt 4.7.3. A possible solution may be found here, originally for Qt 4.7.2. I'll try it and report.
View 5 Replies
View Related
Jul 16, 2010
I have a cron job to start spideroak when the server boots code...
Command line arguments not allowed during New User Setup
Interestingly enough.... the line saying "Command line arguments not allowed during new user setup" isn't from my script. Any chance that has something to do with it?
View 2 Replies
View Related
May 13, 2011
I just finished installing Fedora 14 and the nVidia drivers, and after a reboot everything on the screen became huge, almost as if I am zoomed in. Text, icons, windows, everything is too big. How do I fix this?
View 3 Replies
View Related
Oct 10, 2009
I am a former KDE user and I am switching to gnome. I love amarok and quanta, so i installed them, but they seem to have a really big font, and because i am using my laptop and i have good eyesight I want to lessen the size of the fonts.
View 1 Replies
View Related
Dec 22, 2010
I am facing a strange problem in my server, One of my filesystem shows as 3.1G when I execute df -h command and the utilization shows as 83%, but when I cd to the directory /usr/local I could not find any huge files in that filesystem and I have searched for hidden files as well,
groupserver:~ # df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda9 3.1G 2.5G 532M 83% /usr/local
groupserver:/usr/local # du -sh *
0 bin
93M abinav
[Code]...
View 2 Replies
View Related
Nov 6, 2009
Recently upgraded to fc11. Have nvidia working ok. Using kernel 2.6.30.9-90.fc11.i586 (not the latest). When booting up I get to gui login and see the background change. It takes 20 seconds or more before I see the login dialog box. After selecting the user it takes another 20 seconds before I see the box change to enter the password. This only happens at boot. If I logout and log back in everything is fine.
View 2 Replies
View Related
Feb 4, 2011
I am currently waiting about 10min already for Fedora to finish downloading whatever-it-is-it-downloads after issuing a simple 'Query'. This is bearable when my BB-connection is performing. Unfortunately, like right now, it isn't - between 10-50kB/s - and the wait is excruciating!
So, why does Fedora seem to download the complete files database at least once every 24hrs if there's an update/query issued, and not just the 'differences'? And how do I prevent it from doing so? Ubuntu arguably has access to many more files but never pulls this stuff. Fedora would appear to be completely unusable without a broadband connection! And in the time it has taken me to type this, Fedora continues to download its update at a rate of 10-30kB/s...
View 13 Replies
View Related
Aug 4, 2011
My large ext4 / filesystem seems to cause huge latency problems when writing a large file. For example, if I use split to break up a 40GB file into DVD-sized chunks, my browser becomes unresponsive, and it can take several seconds for Gnome terminal to respond to a mouse click.
I installed LatencyTOP, and it shows jbd2_log_wait_commit as the big offender, with Chrome waiting on that function for over 31000ms (or 31 seconds). I tried remounting / with barrier=0, but that didn't help. My hard drive is a WD20EARS-00MVWB0 2TB SATA disk. I recently switched my BIOS from IDE emulation to AHCI mode, but that didn't help. I tried running split with ionice, and that does help, but the system still isn't responsive as it should be, and I'd hate to have to remember to ionice every large write. Here is some relevant stuff from dmesg:
Code:
[ 1.294068] ata3: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[ 1.294096] ata2: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[ 1.294119] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[code]....
I'm running kernel version 2.6.38.8-35.fc15.x86_64.
View 3 Replies
View Related
Jun 26, 2010
I just installed Fedora 13 on my old compaq presario with a DLINK DWL-122 usb adapter. Both lights are on as if it were working, but network manager isn't auto connecting.
View 4 Replies
View Related
Aug 30, 2010
I've been running Fedora Core 3 on a P4 450 as a personal Samba server and domain controller. It's worked so well that I never gave any thought to upgrading. The other night, I noticed that Up To Date wasn't working, and that Firefox was acting strangely. I made the FC 13 installation disks, whereupon I found out that the system didn't have enough memory.
Rather than mess with the P3 450 any more, instead I swapped main boards and decided to do an upgrade. it even possible to do an "upgrade" from 3 to 13? Is it possible to maintain my existing partitions/settings. I've backed up everything that I'd be too unhappy to lose. It's a two drive system and the second is nothing but data, none of it catastrophic to lose, but at least disappointing. I'd like to keep the data and settings on the primary disk, but won't cry if I can't.
View 10 Replies
View Related
May 22, 2011
love security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.
View 12 Replies
View Related
Apr 13, 2011
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....
View 5 Replies
View Related
Apr 7, 2009
I'm just curious as to what security measure's I should be taking to make my box a little less vulnerable? I'm still experimenting/playing with Linux, use the net, IM, download this and that and was wondering how secure fedora 10 was out of the box?
View 12 Replies
View Related
Apr 8, 2009
During a recent install I made the leap to encryption,but /boot must remain unencrypted.Is there really any legitimate security risk to having an unencrypted /boot partition? I mean basically someone can just see what kernel you're running which they could see during boot anyways right? Oh I and keep all my financial documents in /boot/finances/ (haha ok not really, but I am serious about the first part).
View 5 Replies
View Related
May 30, 2010
Is it possible to install security lab menu on a normal Fedora 13 installation? I don't want to use security spin.
View 14 Replies
View Related
Oct 10, 2009
If I leave the computer running for a few minutes without doing anything on it, this screen appears demanding that I enter my password, otherwise I can't get back to Fedora. I understand the necessity for this security feature in a work environment, but I'm just a home user and this security screen is just a nagging problem I don't know how to get rid of.
View 1 Replies
View Related
Jul 19, 2011
I just putup the fedora15 on my PC. there are several msg coming up from selinux saying permission denied, though I am not doing any administrative activity. the PC being a workstation for reaserch. how can I know the denial is for an security intrusion attempt. how can I set conditions to see the logs of all security intrusions. how can I set exclusive msg-ing from selinux that the denial is for a security intrusion attempt.
View 5 Replies
View Related
Jul 7, 2011
So I noticed today that my machines root hard drive had almost no space on it.
I did a disk usage analyzer and I found out my var/log folder is 95GB.
The large logs are:
can I just delete them? also how can I stop this from happening again?
View 1 Replies
View Related
Dec 26, 2010
suggest or advise the best practice of bz2 or tar gz. i have a directory /var/opt/axigen which has size 33gb on daily basis as per the schedule we need to take back.i want to know pros and crons of below commands, say best compression and decompresstar cvzf /var/opt/bkup_axigen/axigen_bkup_1.tar.gz /var/opt/axigenortar -jvzf9 /var/opt/bkup_axigen/axigen_bkup_1.tar.gz /var/opt/axigen
View 2 Replies
View Related
May 24, 2010
Using slackware current and I'm really digging KDE 4.4.3. It's been way more stable on my machine than 4.3.x and it performs MUCH better. I think slackware 13.1 is going to be a really good release. Much better than 13.0. Looking forward to upgrading all of my hosts though it will probably take me a few months given how many I manage.
View 3 Replies
View Related
Jul 18, 2009
Firefox 3.5 has a critical java script vulnerability as noted in the recent news. I had to manually update to 3.5.1 using the mozilla tarball because there's still no Firefox 3.5.1 in Fedora Updates or even Fedora Updates Testing repositories. Is this normal? I didn't want to resort to using the mozilla one because now I can't use flash (my system is 64 bit and mozilla only seems to offer a 32bit tar file of Firefox) and having two Firefoxs means dealing with the ProfileManager, separate bookmarks and so on.
I'm trying to find out if I'm just looking in the wrong place, I tried the normal mirrors for "updates" for Fedora 11 and then updates-testing and also the baseurl for "updates" to get rid of the mirror update delay. None of them seem to have 3.5.1 ?
View 3 Replies
View Related
