Security :: How To Avoid Similar Vulnerabilities In Their Own Code
May 5, 2010
Google just announced the release of Jarlsberg, a microblogging app specifically designed to be full of bugs and security flaws.The app is being released through Google Labs and Google Code University as a security tutorial for coders. Google is encouraging programmers to try their hands at exploiting weaknesses in Jarlsberg as a way of teaching them how to avoid similar vulnerabilities in their own code.
1. May new vulnerabilities in Adobe flash became a thread for linux users? [URL] 2. By the way I would like to know if computer with linux can became a member or botnet somehow?
i have just installed Ubuntu,i'am really concerned about security,i have no idea about linux.In windows, i use kaspersky internet security to protect the computer, so any time i want to log on my bank web, i use virtual mode or secure mode,and also virtual keyboard offered by kaspersky,i ve never had a problem,this way i think i protect myself against fishing. Is there anyway to protect myself from the fishing attack in Ubuntu?
I have recently started using Ubuntu, so far I am quite satisfied with the switch in OS. This time my question has more to do with privacy, govt. sniffing of private/personal communications, Internet censorship and what to do about these issues. I live in a South American country where the govt. wants to impose Internet censorship such as the one currently in place in Iran, Cuba or China. They plan to set up a single node for all Internet communications out-going and in-coming. I would not be surprised if they are already monitoring people`s communications illegally.
1. what can be done to avoid being censored? they will be able to monitor my email accounts, facebook, twitter and so on. They want to force the Internet Service Providers and telecom companies to censor their users, since those companies will be responsible for the content of the emails, sms, tweeter messages, etc.
2. What can I do to avoid their censorship of certain contents which are critical of the govt. or contrary to the regime`s views? I need to be able to read what other people are saying beyond the borders of this country. We can`t tolerate living with this ban. Certain contents coming from abroad will be blocked.
3. How can I protect my email and bank operations? Is a proxy server an option? I really don`t know what a proxy server is, how much it would help us avoid govt. sniffing in private matters for political reasons.
4. what additional measures can be taken? is using encrypted messages an option to communicate with my relatives in order to prevent the govt. from reading my emails?
Having to write my user password every time I want to do anything. I DO know I'm doing something risky for the system, that's why I have Linux. Is there a way to avoid to rewrite the password again and again, like start with superuser permissions?
However, configured a website on a dedicated server using WHM/cPanel. The site was uploaded using the master account for the website.
The security issue is public users are able to upload files on to my server via the website. They could even access the root and execute whatever they want on the server.
I have consulted with 2-3 Linux experts. According to them, the PHP user has rights to execute anything on the server or upload & store files in whichever folder they want.
Can I protect my folders to avoid file uploads via the website. The application has security vulnerabilites. However, I want to prevent hackers to enter my site until the vulnerabilities are fixed.
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Does anybody know if there is a quick and easy way to simply disable samba security to avoid "Access Denied" errors when trying to access shares via Windows XP?
build a Linux environment in which only "signed" processes are allowed to run. When I say signed I don't mean a VeriSign etc. signature like you know it from Windows, but I mean signed by myself. I.e. I choose the software allowed to run, sign it, and then want to deny any other processes to run.If it is somehow possible I'd like to extend this even to scripts and the kernel (i.e. no unsigned modules can be loaded).Does anyone have a good idea how to solve this problem?The bad thing is: I'm pretty fine with coding stuff myself in C, but have absolutely 0 experience or knowledge in kernel (module)-programming.Any tipps, links, literatureOne approach I came up with (just a rough idea at the moment):Linux starts new processes with a fork-and-exec-combination. I therefore wonder if it is possible to change exec() in such a way that it will only execute signed programs
I am trying to find the source code behind mkpasswd which I apt-getted from universe. I am trying to code a similar app in Java and want to see how the salt is implemented in the /etc/shadow file.
Bu I just can't seem to find any source about that particular program...
i've been looking around on the web as well as here on the forums for a cain and abel source code or a dpkg if i'm lucky LOL. It's getting to be a pain in the butt to go from ubu to my win7 partition for other security tools... I'm trying to look good for an internship here and this is getting to be a pain in the butt. Some people have said in outside forums there is source code and i have build-essentials installed so i figured i'd try that but i'm sitting here at almost 1am still trying to find it!
I'm using a hp dualprocessor athlon 11 g42-415dx notebook pc and my wireless wont work i put the passcode in wicd program and it says bad password. So i tried the pin code on the wireless router and that didnt work so am i doing something wrong or is there something wrong with the hardware? i got the wired connection to work but cant get wireless its a little more complex.
how to write secure code for bash scripts in general? Strangely I didn't found anything in google and in the forum so far. If someone here is willing to review a bash script for me (about 600 lines).
Slipping some (non-root) user a piece of malignant code that he or she executes might be considered as one of the highest security breaches possible. (The only higher I can see is actually accessing the root user) What can an attacker effectively do when he/she gets a standard, (let's say a normal Ubuntu user) to execute code? Where would an attacker go from there? What would that piece of code do?
Let's say that the user is not stupid enough to be lured into entering the root/sudo password into a form/program she doesn't know. Only software from trusted sources is installed. The way I see it there is not really much one could do, is there?
Addition: I partially ask this because I am thinking of granting some people shell (non-root) access to my server. They should be able to have normal access to programs. I want them to be able to compile programs with gcc. So there will definitely be arbitrary code run in user-space...
I'm looking to edit my grub.cfg file to add the "pci=routeirq" code to the kernel line so I can configure my modem in Ubuntu. I'm happy with assigning a temporary permission to myself over the root file so I don't accidentally alter it later.
I wasn't sure how to describe this in the topic title, but every time I install software with yum (su -c 'yum install package'), I have to download repository information (I think? I'm not really sure what it is, tbh). I checked to see if I had unrar installed or not (obviously I didn't), so I decided to install it. The download is 106k, yet I had to sit there for a while downloading whatever it was that yum was downloading. Is there any way I can skip this? Typically it's not a big deal to wait a minute until it's done, but sometimes I just want to get my program installed and get back to business. Most of my Linux career has been spent with apt-get instead of yum, so I don't fully understand why the process takes longer with yum than it does with apt-get.
specs: toshiba lappy 110gb hdd, 1gb ram, core 2 duo 1.6ghz, nvidia 7600 windows xp pro service pack 3 jaunty jackalope
my problem is: i wanted to repartition (shrink xp and create partition for data storage) my hdd using gparted live cd 0.5.2-9. everything went fine until i clicked exit and reboot. after the cd tray automatically ejected i got a flood of "VFS: busy inodes on changed media or resized disk srO". this doesnt stop until i press enter. after that it reboots normally and there is no problem with the os.
my questions: 1) is that flood anything bad, is there a way to avoid this. i read somewhere that the problem is solved when using the terminal sudo eject - then push back the cd tray - then sudo eject -t. i tried that but it said failed because gparted cd is in use.
2) the first time that happened i didnt know what to do, so it flooded like for 15min or more until i pressed enter. my question is if the flood is being saved anywhere on the pc so that i have to delete it?
and a question regarding extended partition: 3) i have 50gb left that i want to use for data storage. i read that you can only have one extended partition. so since there is already one extended partition from ubuntu, i cant have another one for windows? so i can only make the data partition as primary or is there another reason why the "create extended partition" is greyed out?
last question: 4) when i set up the partition for swap i made it 1032gb big but in gparted it shows 980.53mb. is that still enough or why is it like that because somehow the sizes of the partitions seem a bit different than how they originally should be. im actually used in seeing the size shrinking a bit but i found it weird that the ubuntu partition shows 4.76 when it should be 4.5gb. i know its not much different but im just curious to know why..
partitions order: windows - unallocated (-->data partition) - ubuntu (primary) - home folder (extended) - swap
in windows the partitions are shown as: windows xp (31,74gb) - unallocated (50,05gb) - 4,76gb unkown - 24,27gb unkown - 981mb uknown
in gparted: its almost the same, only difference: there is unallocated space (7 or 8mb) between home folder and swap
on a Vimeo video in Firefox, and my computer became "partially frozen". The video stopped, but the audio continued to play to the end, but I couldn't clear the video. I pressed ctrl-f2 to switch to my other desktop, but it just brought up a blank screen, and switching back makes no difference.As it stands I have a black screen with my mouse cursor on it (I can move the cursor, yes). I'm new to linux, and I want to know if there are any keyboard shortcuts I could try to fix this. I'd rather not hard reboot whenever I run into a problem, I just don't know the terms to google for
I had a problem with Thunar in Xubuntu. As I often work with huge images, memory is consumed generating Previews. Disabling Previews seems to be very difficult in Thunar, as it makes use of external Thumbnailers. Another problem is making a file executable. I couldn't find out how to do that in Thunar. So I decided to change back to Nautilus, which solves the problems. In preferences it is easy to disable generating previews. But I was not able to get completely rid of Thunar. The folders on my desktop still would open in Thunar, although I set Nautilus as default browser. So the problem sometimes is still there. Uninstall is not possible, as it completely uninstalls xfce-desktop. Is there a way to avoid running both browsers at the same time?
How to avoid Control-D? I have a problem about my fedora 11, my fedora always gone in to Control-D. When I force shutdown or sometimes when my file or system gone error and etc. What is the meaning of Control-D anyway? It mean my system is Crash or corrupt? How can I avoid Control-D to my system?
I'm working on a managed desktop at work with Scientific Linux so I decided to install latest Ubuntu 10.10 on my laptop, an Aspire 6930, and set it up so it dual boots with Windows Vista.
It boots for the first time,everything looks great and it asks me to update some programs.After it does that,I restart and I get a grub rescue message while there was a strange clicking sound coming from the hard disk. I reinstall Ubuntu through BIOS with a CD and I bring the system to the original state.
I can now boot either with Ubuntu or Vista but I don't dare update the programs it prompts me to as I fear it will lead to the same result. It's been like this for the past month and I was wondering if there is a way to know what actually caused the problem in the first place assuming that is has to do with a program that was updated.
Truth is that the specific model has this problem with the hard disk that makes that constant clicking. When running Vista I have a program called Notebook Hardware Control which lowers some settings and stops the clicking.When running Ubuntu, there isn't any. So is there a way to know which program can cause such an error and refrain from updating it?
I have recently decided to use ATI video cards again due to poor linux support several years ago. I currently have a Radeon HD 3000 series card however I have been unable to install the fglrx driver under Debian Lenny 64. It seems that the Catalyst 10.4 driver is not compatible with the Xorg version in Lenny.
So far the NVIDIA has been very good at making drivers available for the latest linux versions. I have been running Debian Sid with an NVIDIA card with relatively few problems.Is it still best to avoid ATI graphics cards or is this just a temporary problem?
I am facing some problem with loopback on UDP sockets. is there anyway by with we could avoid loopbacking of a UDP datagram destined to same IP address, and instead force it to go all the way till NIC and then come back to the socket.
The problem is, we have some piece of code written at driver level, and we want each and every packet to hit that code on its TX and RX path. But if src and dest IPs are same, packet loops back from the IP stack itself, without hitting the driver code.
Can we modify the characteristics of a UDP socket, such that each and every packet has to go through NIC interface, thus avoiding loop backing when the src and dest IPs are same?
