What's the best way to handle checking for a similar password?
IE. What would a possible algorithm be to generate the error "this password is too similar to one of your previous passwords"
I thought about adding the ascii value of each letter and then adding them and looking for at least a difference of X.
What methods have yall seen used for this?
I'm not necessarily gonna do this, but I have to know. Is there a way to make the system not complain about every single freaking password you try to use? Make it so that any regular user could make "hello" their password without complaint? Like I said, I won't necessarily do it, but I have to know if it can be done.I did some searching and found the su -c "passwd username" trick, which is working for right now (I have root access but a user account I made for a friend doesn't)... it's just irritating when it won't even let him use something like "snuh123" because it seems to think it's based on a (reversed) dictionary word. Any use of a dictionary word, even with other chars, fails
View 6 Replies View RelatedI am looking for a command line utility like ping that can use for checking appropriate services on a server . I do not want do any port scan . I just want to use it for checking apache , mail,ftp and other services on a server if they are running or down.
View 3 Replies View RelatedIs there a way to change password to value same as the previous password? I know this is a security flaw, but would like to know however. when I try this:
[Code].....
how to configure my security. Upon install from the disc, the dialog asks for "automatic login" I selected that and although it automatically logs in upon cold start, I'm asked constantly by the terminal for my password when making any changes or downloads from there. In addition, I'm asked by my other interfaces and settings programs for the password as well. Since this is a new system, there is much getting apps and changing settings, so to type in my password 3 times every 5 minutes becomes annoying and time consuming.
So what I'd like is a pointer to a "how to" which tells me how to adequately deal with all these requests and typing in my password to a configuration which is comfortable for me. I'd like to be able to just sit down and turn on my computer and do whatever I want without having to deal with passwords at all "except online". I'm the only user this system.
I have ubuntu 9.10 on my machine. Haven't used it for ages and no longer have password to install updates through update manager. I want to install 11.04 which i have downloaded but can't install it because i didn't install all the previous updates and don't have that password. My question is how do i uninstall 9.10 completely so that i can start from scratch with 11.04.
View 1 Replies View RelatedI just installed umbutu 10 on a virtual machine running on VMware workstation 7.Workstation asked me for a username & password, which I supplied.The install went fine, and I logged on with the credintials that I provided to WorkStation. So far so good.I then downloaded Webmin and installed it, again no problems.I go to the provided link: URL... and it wants me to log-in as root.But I don't have the root password and checking umbutu it does not appear that I have a root user so that I can set a password.
View 4 Replies View RelatedGoogle just announced the release of Jarlsberg, a microblogging app specifically designed to be full of bugs and security flaws.The app is being released through Google Labs and Google Code University as a security tutorial for coders. Google is encouraging programmers to try their hands at exploiting weaknesses in Jarlsberg as a way of teaching them how to avoid similar vulnerabilities in their own code.
View 1 Replies View RelatedI'm not an iptables expert. Anybody know how to create a rule/chain that will log info similar to what tcpdump -s0 would do?
View 3 Replies View Relatedif it is possible to implement rbldns or any similar thing which could work over ssl?
View 3 Replies View RelatedI've been using pdfTk to encrypt PDFs for distribution to unsophisticated users (that is, users without PGP keys or the will to get one). RC4 encryption, although reasonably adequate for my use, is relatively insecure. I would be more comfortable with AES. Have any gnu tools emerged that implement AES within a PDF container?
View 2 Replies View RelatedI post this to have a memo about how I looked into this problem. You can use this command to check what is hidden.
Code:
/usr/lib/chkrootkit/chkproc -v -p 3 | grep /proc/ | sed 's/.*(/proc/[0-9]*).*/1/'| xargs -n1 -I %%% cat %%%/cmdline
If it doesn't output anything, then nothing is hidden currently. This usually means that a process was started between the ps command and the /proc check of chkrootkit. You can check what those command(s) are by running the above in a loop, with high priority.
[Code]...
Does anyone know how to get rid of these false positives while retaining other functionality of chkrootkit?
How to do an easy file integrity checking on fedora 11 ? just to make sure that the necessary core os files are not corrupted using rpm and yum.
View 2 Replies View RelatedThe problem is that yum is refusing to install gcc on a new SL6 install. As far as I can make out, a security update that I applied prior to my attempt to install gcc has caused problems. I did a new SL6 install (x86_86) a couple of weeks ago. This was a minimal installation, and I didn't install any dev tools, as I intended to install them later from yum. Since then, I've done very little; I installed a few packages (samba, xemacs, etc), and I let the system update itself. The update installed 'kernel', and updated 'kernel-firmware' [URL]. I now need to install the dev tools (g++, and so on), but I can't. I've tried this from gpk-application, and directly from yum. The complete yum output is below, but the basic error is:
> Error: Package: glibc-2.12-1.7.el6.i686 (sl)
> Requires: glibc-common = 2.12-1.7.el6
> Installed: glibc-common-2.12-1.7.el6_0.5.x86_64 (@sl-security)
[code]....
I'm interested in GNU/Tiger as recommended by a security guru I know. I did apt-cache search and located the package tiger:Code:tiger - Report system security vulnerabilitiesI also checked the ubuntu web-based package search and found tiger there too along with things like this signed message.Using apt-cache policy, I see this package is universe. I'd like to check the signature/cert/keys of this file before running apt-get install on it to see if it is acceptable given my current apt keys. Can someone explain how to do this?Also, what happens when I try to install a package using "apt-get install" and that package or one of its dependencies is:* unsigned* signed, but not by anyone whose key resides in my apt keyring?
View 3 Replies View RelatedAs I am a paranoid bastard, I made a bash screencap-script for my Ubuntu-computer, so I can check if anyone uses my computer for things I don't want them to do (eg. checking if anyone is viewing passwords stored in FireFox, looking at private files, or other things I find disturbing). There might be other people than me that is paranoid and want to monitor what's going on on their computers while they are away or letting someone else use their computer when going to the bathroom.
This is a small script, I'd like to hear if there is any improvements that can be done, so I can learn more and become better at such scripting.
The script requires Imagick (sudo apt-get install imagemagick) and a folder in the ~-directory (/home/username) called ".screen" (hidden, as this makes it more difficult to "intruders" to find it and it looks more like a system-folder than a monitoring-folder).
The script:
Code:
#!/bin/bash
i=1;
j=`date`;
user=`whoami`;
[Code]....
Add this script to /usr/local/bin and then go to keyboard-shortcuts in GNOME and add a shortcut-key-combination of your own choice for the script. Call it whatever you'd like, and the command you want to run is simply "screen". To add a shortcut for stopping the script, you add another shortcut-key-combination to the command "killall screen".
This enables you to monitor activity on your computer while you're away, saving png-screenshots of your desktop every three seconds in the folder /home/username/.screen/date.
NOTE: I'm not taking any responsibility for what you do with this script. Remember that monitoring someone's activities is never the right way to handle anything. Also, it's illegal many places. Take care and use it only for educational and testing purposes.
I could not find any where the documentation the only best which I got was [URL]
My question is the following blog says to remove an IP from /etc/hosts.deny which denyhost has blocked
[URL] you need to have a directory /usr/share/denyhosts/data I do not find any such directory
Also when I tried to check tcp wrapper configuration as given here
[URL]
tcpdchk -v Cannot find your inetd.conf or tlid.conf file. Please specify its location.
what does the above output mean? How do I make sure denyhosts is doing its job?
everytime i try to vnc to my box, it pops up the keyring authentication, which is obviously a huge problem when logging in remotely.how do i change my keyring password to match my login password?
View 4 Replies View RelatedI know this has probably been asked too many times here but I need to secure my emails. Personal matters of course. But yeah. I use the program "Password and Encryption Keys" to generate a key to sign my emails with but I do not know what to do. To be blunt, I'm stupid when it comes to this. IF not, steps in creating a key? and giving it (my public key) to the significant other? Finding where both keys are? Implementing it into Thunderbird? If it helps any here's some extra information: Ubuntu distro: Ubuntu 10.04 Email client: Thunderbird
View 7 Replies View RelatedHow can I force passwd to use a simple password?I want to change my passwd & delete passwd history (if stored).I plan on creating a Virtual Appliance that uses another password besides my testing password.
View 5 Replies View RelatedI have a database created by an older program (not Access) that I need to open and retrieve information for my business. The manufacturer put a password on there so that only it's program could open it. I do not use that program, but it has information I need. Is there a way to find that password or circumvent the password altogether?
View 1 Replies View RelatedI already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
I am having an issue with my screen lock, sometimes when my screen locks and I try to enter my password i get the "checking" message and then about 5 mins later it will timeout and let me try again. On the 2nd retry it will let me get in.
View 1 Replies View RelatedSometimes at startup I get this message "Checking disk 1 of 1". Does that mean it's checking all partitions on the hd? After a bad shutdown there is no prompt for fsck to run and the system just boots up. In fstab I have both options set to "1" for the partition Ubuntu is on, all others set to "0". Any ideas on both?
View 3 Replies View RelatedI'm trying to set up a Fedora 11 server so that users have only SFTP access. The relevant lines from my "/etc/ssh/sshd_config" are:
[Code]....
I can log in okay, I can type "cd /" and "cd upload", but when I try an "ls" command, I get: Couldn't get handle: Permission deniedand when I try to get the file "junk" (listed above), I get: Couldn't stat remote file: Permission deniedAnyone know what I'm doing wrong?
Is it possible to change the log in password? Someone set this up for me and the password is too simple.
View 5 Replies View RelatedSimply, the number of possible combinations of passwords increases as an exponent of the number of characters used and as a factor of the number of characters available for use.
26 potential characters for a 2 character password results in 26^2 possible password combinations. This means that each new character added would result in an "order of magnitude" increase in the difficulty of brute force attack.
Using a phrase, complete with punctuation and capitalization is the very best mnemonic device to remember a password. Consider this, how hard is it to remember; The quick brown fox jumped over the lazy dog.
Than it is to remember, l33tsp34kp@ssw0rd
If we pretend that both of these passphrases are generated from a character set consisting of 26 characters, the first would be one of a possible 15274273784216769021564085930704478424313742483024 510976. The second would be one of a possible 1133827315385150725554176.
In short, use a passphrase not a password, they are much MUCH more secure.
I tried the following instructions to set up "ssh without passwords". But this didn't work.Could someone please tell how to debug this.
View 11 Replies View RelatedI'm new to ubuntu. Now iam using Karmic Koala. I want to change my password. So i used,
system->Administration->users and groups to change my password . As i entered my new password and clicked on 'Change Password', It is saying, 'password changed'. But when I click the close button in the main users and groups window, it is asking for my password, and I am forced to enter my old password only.
After the window is closed, i logout to check whether my password is changed. But it is not. I have to enter my old password to login.
i set my pass on ubuntu 10.4 and it work so good on installing app but suddenly it stopped working i thought i would restart my pc i tried to inter my pass again ubuntu don't accept it although it's surely true
View 7 Replies View Related
