Security :: Plugin - FireSheep - Lays Open Web 2.0 Insecurity
Oct 26, 2010
Quote: It's no secret that Web sessions that use the bare HTTP protocol to transmit and receive data are susceptible to a variety of security attacks. What's less clear is how much information is floating out there in the ether, especially with the rise of "Web 2.0" and rich social networking applications and other Web based sharing tools.
But now a pair of researchers have created a tool to identify and capture the social networking sessions of those around you. The tool, a Firefox browser extension dubbed "Firesheep," was demonstrated at the ToorCon Hacking Conference in San Diego on Sunday. Its primary purpose is to underscore the lack of effective transaction security for many popular social networking applications, including Facebook, Twitter, Flickr and iGoogle: allowing users to browse public wifi networks for active social networking sessions using those services, then take them over using a built-in "one-click" session hijacking feature. Firesheep works on unencrypted wireless LAN connections with services that do not use secure HTTP.
View 6 Replies
ADVERTISEMENT
Jun 19, 2010
Where can i find detailed procedure for centos system shutdown/halt, I wanted look on what parameters centos uses or sends at the time when it lays down file system.
View 3 Replies
View Related
Jan 4, 2011
how to get firesheep working in ubuntu 10.04 64bit
View 3 Replies
View Related
Nov 2, 2010
I have been reading about this new Firefox extension that can grab Twitter account information of computers connected to unprotected networks. Info: url
I occasionally have to connect to public, unprotected, WiFi networks and use Twitter via Gwibber. So, here is my question: is Gwibber vulnerable to Firesheep in an unprotected network? Is there a way of protecting it from this attacks? (I know that using https stops Firesheep attacks to the web version of Gwibber, but i don't think if this method is possible or applicable to Gwibber)
View 2 Replies
View Related
Oct 8, 2010
I can not seem to find a pdf viewer browser plugin other than the actual craprobat plugin from Adobe. The default Ubuntu install comes with a perfectly good open source stand alone pdf viewer, but this means that the browser has to save it to your download directory then run the external viewer, and eventually your download directory is all cluttered up. I would much rather just view the pdf in the browser.Is there no open source browser plugin?
View 1 Replies
View Related
Feb 5, 2011
I have a problem with correctly using a void pointer. I am writing a system that can open plugins and run them, and so far everything is going fine: I have a struct with some variables in, some function pointers, and I've written a small library to handle these correctly to communicate with the plugin. My challenge is that I need to put a pointer (let's call it "context") into this struct. The type is not important to the main body of code, and it is not ever used except by the plugin. The plugin will malloc some space for itself, and this *context will then point to whatever malloc returned. context is the address to a struct that I typedeffed to "ctxt".
Here is the first struct I mentioned:
Code:
typedef struct slave {
int val1;
int val2;
int (*entry)(struct slave*, int a, int b);
void *context;
} target;
Here are some snippets from the plugin:
Code:
typedef struct context {
int a;
int b;
} ctxt;
(*target).context = malloc(sizeof(struct ctxt));
So that (*target).*(ctxt)*context.a should refer to the int a in struct context.
But the error that the compiler gives me is a syntax one:
"expected identifier before '*' token"
Is my logic correct? Is my C correct?
View 11 Replies
View Related
Jun 20, 2010
Ive being digging around the net for some clarification about the Off-The-Record plugin for Pigdin (and other IM's). Basically i want to know if it uses the SHA-1 or SHA-2 hash function. Some might say im wearing my tin foil hat but the SHA-1 was cracked in 2005 and as far as i know SHA 2 is much more secure.
Wikipedia states it's SHA 1 and the authors of the OTR plugin mention both SHA-1 and SHA-2 in their documentation, and i couldnt find an active pidgin forum (could only find the archived pigdin forums on sourgeforge)
View 1 Replies
View Related
Sep 9, 2010
what the open source equivalent to sun-java6-plugin is? For example, the open source equivalent of sun-java-6-jre is openjdk-6-jdk.
View 2 Replies
View Related
Oct 26, 2010
The usual way to access to a virtual machine console from a VmWare server 2 is to use Firefox :
- you type the URL of your VmWare server, e.g. : https://myserver:8333
- then you click on the console tab, for the vm you want to access to
- the first time, firefox tells you to install a dedicated plug-in
- then, when you click on the right panel, a new window appears for the vm console.
But on a fresh installed x64 Suse 11.3, with Firefox 3.6.6, the plug-in does not open the window and you get an error : "Cannot access virtual machine console. The request timed out." There is a workaround that I find much more convenient than to use firefox :
- you need to access to your vmware server installation :
/usr/lib/vmware/webAccess/tomcat/apache-tomcat-6.0.16/webapps/ui/plugin
- you fetch the vmware-vmrc-linux-x64.xpi file and you copy it somewhere on your Suse PC (e.g. /home/myhome)
- you change the extension : mv vmware-vmrc-linux-x64.xpi vmware-vmrc-linux-x64.tar.gz
- you unzip it : unzip vmware-vmrc-linux-x64.tar.gz (it will create 2 files and 2 directories : components and plugins)
- you will run the VmWare plug-in directly : plugins/vmware-vmrc
- for the hostname, you have to enter : myserver:8333
- and it works !
ref : VMware Communities: HOWTO: Standalone Linux remote console ...
View 4 Replies
View Related
Mar 21, 2010
I am not able to play certain encrypted DVD's under Lenny. Some of these DVD's worked fine in a previous installation (Mandriva 2008.1) in the same laptop (nx6125). I tried with several players (Kaffeine, vlc, mplayer), but nothing works. I know that the DVD drive is OK, since I was a able to watch an unencrypted DVD. I also have libdvdnav4, libdvdread3, libdvdcss2, w32codecs already installed.
This is the error message from Kaffeine:
07:06:12 PM: xine: cannot find input plugin for MRL [dvd:///dev/hdc]
07:06:12 PM: xine: input plugin cannot open MRL [dvd:///dev/hdc]
07:06:11 PM: xine: found input plugin : DVD Navigator
And this is from vlc
tommy@tardis:~$ vlc dvd://
VLC media player 0.8.6h Janus
libdvdnav: Using dvdnav version 4.1.2 from [URL]
libdvdnav: DVD Title: DVD_VIDEO
libdvdnav: DVD Serial Number: 2E904DAF
libdvdnav: DVD Title (Alternative):
libdvdnav: Unable to find map file '/home/tommy/.dvdnav/DVD_VIDEO.map'
libdvdread: Invalid main menu IFO (VIDEO_TS.IFO).
libdvdnav: vm: failed to read VIDEO_TS.IFO
libdvdread: Invalid IFO for VMGM (VIDEO_TS.IFO).
libdvdread: Error cracking CSS key for /VIDEO_TS/VIDEO_TS.VOB (0x00000180) .....
[00000277] dvdread demuxer error: read failed for block 0
[00000270] main playlist: nothing to play
View 9 Replies
View Related
Apr 15, 2010
A computer security researcher has released a plugin for Firefox that provides a wealth of data on Web sites that may have been compromised with malicious code.
The plugin, called Fireshark, was released on Wednesday at the Black Hat conference. The open-source free tool is designed to address the shortcomings in other programs used to analyze malicious Web sites, said Stephan Chenette, a principal security researcher at Websense, which lets Chenette develop Fireshark in the course of his job.
View 1 Replies
View Related
Jan 24, 2010
I've installed openSUSE 11.1 in my desktop with default firefox as web browser. Whenever surfing graphical sites Its says flash need to be installed and in the Adobe site which package I've to download? (Yat or tar.gz or rpm, etc.. etc..) and how I can install it.
View 2 Replies
View Related
Aug 8, 2010
When I am installing texlive package power gone suddenly. From that time onwards yum update command is not working. It is giving error as follows:
Loaded plugins: presto, refresh-packagekit, security [URL]: [Errno 14] HTTP Error 404 : [URL]
Trying other mirror.
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
--> Processing Dependency: libkpathsea.so.4 for package: evince-dvi-2.30.3-1.fc13.i686
---> Package texlive-kpathsea-doc.noarch 0:2010-8.svn19287.fc13 set to be updated
--> Finished Dependency Resolution
Error: Package: evince-dvi-2.30.3-1.fc13.i686 (@updates)
Requires: libkpathsea.so.4
Removing: kpathsea-2007-51.fc13.i686 (@updates)
Available: kpathsea-2007-49.fc13.i686 (fedora)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
I already tried this commands but again I have problem:
yum-complete-transaction first
rpm -e texlive
yum install libkpathsea.so.4
View 2 Replies
View Related
Apr 24, 2011
I was looking for a plugin to open pdf files in a new tab, acroread does but doesent remember the last view of the last file opened. So, is there a way to open pdf files through evince or okular within FF?
View 1 Replies
View Related
Nov 2, 2010
no more open wifi -- fire sheep make hacking open wifi a breexe.starbuck and Micky d's are open to the fire sheep.
View 3 Replies
View Related
Sep 18, 2010
I use slack 13.1 64 bits on my intel i7 machine. That is I can't find a flash-player plugin that works on all browsers. The firefox crashes on open. The release of adobe 64 bits plugin simply doesn't work on any browser. I use slack 13.1 64 plus kde. Anyone knows some that works?
View 6 Replies
View Related
Jul 5, 2010
how efficient and effective are these snort, argus, ossec etc etc for an organization having 3500 PC Network, connected through 700+ Cisco Devices (Layer 2 and Layer 3), and scattered on 130 different sites (geographically)? what should be the combination of products and what should be the architecture for an efficient forensics activity?
View 2 Replies
View Related
May 31, 2010
I',m having trouble running the zotero openoffice integration plugin in F13 under the openjdk plugin.It's known top be not working as per The problem lies in some permissions as reported here -fedora-linux/However i want to know if there's any progress on it, since i dont have privilege to install it in my lab computer. Also i found this old bug reportwhich seems to have something done.If anypone has any idea please post, else i think i need to file a new bug report.EDIT: I'd be glad even if someone can guide me to write local policy (.java.policy) to enable the plugin
View 1 Replies
View Related
Nov 26, 2009
I am using openSUSE 11.0. This OS installation gives firefox 3.0.5 Beta. I had installed new version of firefox at /usr/local/bin/firefox. I had placed link of this firefox at /usr/bin using this command ->
Code:
linux-snvz:/usr/bin # ln -s /usr/local/bin/firefox/firefox firefox My older firefox contains the flush plugin. So i can easily played ..... video's in my browser. But now my new browser saying that it doesn't have flash plugin. I was tried to install flash plugin once again.
[Code]...
Even after installation also my browser is again without flash plugin.
View 3 Replies
View Related
Jul 21, 2010
I just updated my distribution to 11.3 from 11.2. But now this problem occurs when I try to play an mp3. There was no problem before with 11.2.
It also says
Code:
The following plugin is required : MPEG-4 AAC decoder
Only certain mp3s have this problem. All gstreamer packages have been installed. What package is missing anyway?
View 1 Replies
View Related
Feb 28, 2010
i have this-for me huge problem- xfce4-xkb-plugin won�t save my keyboard setup and it won�t show after startup in xfce4 panel (xubuntu 9.10): I did this:
1) i added in /etc/default/console-setup needed keyboard layouts (de,hr,rs)-because i know that after restart xfce4-xkb-plugin will not memorize my layouts.
[Code]....
View 9 Replies
View Related
Jan 17, 2011
While using Rhythmbox this morning, I was greeted by a blunt and undiscriptive error message:
Code:
Plugin Error:Unable to activate plugin Cover Art.Going to the plugin page, I was supprised to find that most of the installed plugins would not load. Without any info being offered in the player, I looked on line. Many people had problems with other plugins, and most of the time it was a problem with an uninstalled python package. But I checked on this site and I found that I had all of these packages installed. (Well, the python ones at least, to check all of them would take forever.)
Code:
[URL]
After finding no help there, I ran rhythmbox -d to debug:
Code:
(12:04:33) [0x934fe68] [rb_python_module_init] rb-python-module.c:406: Init of python module
(rhythmbox:4971): Rhythmbox-WARNING **: unable to load module as python runtime could not be initialized
[code]....
View 1 Replies
View Related
Jul 27, 2010
I'm locking down my laptop. I know I can use a firewall to ensure nothing gets through that I didn't catch, and I certainly plan on using one, but in the meantime, I want to know what exactly is running on my system.
nmap localhost returns:
Code:
james@james-linux:~$ nmap localhost
Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on localhost (127.0.0.1):
Not shown: 994 closed ports
PORT STATE SERVICE
25/tcp open smtp
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
631/tcp open ipp
2049/tcp open nfs
Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
However, I know that localhost goes back to the loopback interface, 127.0.0.1. So, to see what was really open, I ran nmap 192.168.0.108, which is my laptop's IP at the moment.
Code:
james@james-linux:~$ nmap 192.168.0.108
Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT
Interesting ports on 192.168.0.108:
Not shown: 996 closed ports
PORT STATE SERVICE
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
2049/tcp open nfs
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
Now if I understand correctly, I can attribute 139 and 445 to my Samba share. That I'm okay with. What I don't know is 111 and 2049. Does anyone know what these ports are, what's running on them, and how I could turn them off, supposing that they are a security risk?
View 9 Replies
View Related
Mar 18, 2011
I'm getting heat from the head networking office that ports 21, 110, and 143 are open. I can telnet to those ports from a remote machine (not localhost) and get a prompt. There does not seem to be anything listening on those ports according to netstat. I've tried using iptables to discard all traffic to a from those ports but I can still telnet to them. This is a lucid desktop machine.
View 4 Replies
View Related
Jun 22, 2009
I have installed the rkhunter , but it does not work i kept on trying to open the programe but no result come out
View 2 Replies
View Related
Jan 27, 2010
How to configure SELinux to open PDF files only by Adobe Reader and other programs can't do that?
View 3 Replies
View Related
Apr 10, 2010
I installed Ubuntu 9.10 recently. I heard that there will be no open ports in the system unless I specifically open one. How do I scan to find a open port in my system.
View 9 Replies
View Related
Apr 24, 2010
Tor open port 23 for telnet. Is this normal ?
View 3 Replies
View Related
Jul 6, 2010
when i enable my ufw it completely shuts me out and closed my internet connection. i installed firewall configuraiton interface and through it defined rules to accept incoming internet connections on port 80, i can see the rules are there but when i enable my firewall it just shuts me out completely again.
when i do(with my firewall enabled):
Code:
$ sudo ufw status
it gives me:
Quote:
Status: active
[Code].....
I also messed around with fwbuilder and iptables but since then deleted fwbuilder(besides i just compiled firewall policy and never actually installed it because of errors while trying to install it. Iptables I cleared with:
Code:
$ sudo iptables -F
View 9 Replies
View Related
Aug 27, 2010
I am new to Ubuntu. I just configured Evolution email client, every thing is fine. But I need to put password to open this app, this is because many uses my computer.
View 8 Replies
View Related
