Ubuntu Security :: Distro Used For Cracking Win XP Admin Passwords
Jul 25, 2010I think ubuntu/canonical should start releasing a new flavour geared towards meeting needs of computer security professionals just like backtrack distro
View 9 Replies
ADVERTISEMENT
Ubuntu :: Security Distro Or Cracking Tools?
Mar 25, 2010I want to see how secure my company is. I am not too concerned about over the wire, more about someone hacking our wireless.
View 6 Replies View RelatedUbuntu Security :: Encrypt Passwords On USB Flash - What Distro?
Dec 27, 2010How would You encrypt Passwords [emails,forums,accounts] onto USB Flash the most Secure way? (It should be command line so I can use any Linux distribution on it.) Is gpg -c <filename> secure enough ? And what FAST distro would you install on it? I'm learning on old USB flash and found SliTaz pretty damn cool,I use it as a LiveUSB. Also I've tried Kubuntu but it's bit slow. Going to try Lubuntu soon too. Any other idea?
And I'd like to install some FAST distro onto new 8GB mini USB flash drive,maybe Kubuntu as well. How would you partition its Flash drive? Probably separate partition for stored encrypted files?
Ubuntu Security :: Multiple Passwords \ Possible To Have Two Passwords For One User Account In 9.10?
Jan 7, 2010I wonder if it is possible to have two passwords for one user account in 9.10. I have a long login password (5 words about 45 characters with spaces caps). I would like to set a shorter password for Authentication, sudo, etc. While retaining the original for logging in.In short:Have long password to login to computer.Have short password for everything after login.
View 6 Replies View RelatedUbuntu Security :: 10.10 Vs RHEL 6 For Wireless Cracking?
Mar 28, 2011I'm in the process of building a Linux server using spare desktop (HP dc 7700p PC with USB wireless adapter) and of course it will be used as the wireless security training exercise so I just wondering if Ubuntu or RHEL is suitable for me to learn ?BackTrack Linux is too hard to use and doesn't automatically detect the USB wireless network card usually.
View 1 Replies View RelatedSecurity :: Cracking SHA1 With EC2 GPU Instances?
Nov 28, 2010Had to happen I guess - cheap cracking on the cloud; see here
View 14 Replies View RelatedUbuntu Installation :: Multiple Admin Passwords - Opration Requires Root - Administrative - Privileges
Jan 10, 2011I downloaded a driver for my printer today and I opened it in the terminal. Then a window popped up saying "This opporation requires root (administrative) privileges. Please enter the administrative password below:" I typed in the same password that I use when authorizing the installation of programs from the Ubuntu Software Center and I tried it multiple times. Each time, it rejects the password. I even tried downloading something else from the software center, just to make sure the password was correct, but the system had no problem with the password when downloading from the software center. So, is my software center password different from my administrator password?
View 9 Replies View RelatedSecurity :: THC Hydra And HTTP Brute-force Cracking?
Mar 29, 2011I set up an ASUS WL-500gP with original ASUS firmware to my LAN with IP address 192.168.1.1. If I navigate to address [URL] in my Firefox address bar, an Authentication required window opens up asking for "User name: " and "Password: ". Correct "User name: " is "admin" and correct "Password: " is "pA55w0Rd". They work fine if I type them in manually to the Authentication required window, but for some reason I can't get in using the hydra with words.txt password file, which contains "pA55w0Rd":
Code:
[root@ ~]# cat words.txt
password
user
pA55w0Rd
[code]....
Ubuntu :: Time On Custom Distro Without Admin Rights?
Jan 10, 2011I created a custom linux distro that originated from ubuntu server and I installed time-admin and want to change the time without admin rights. Is this possible?
View 1 Replies View RelatedUbuntu Security :: Security, Passwords & Encryption Keys?
Jun 7, 2011I am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:
1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?
2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.
3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?
4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?
5)give me links to fairly current documentation on this stuff?
6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.
General :: Disable Passwords And Security?
Dec 15, 2010I use Ubuntu on my netbook, which I uses for browsing and email. It's way faster than the Windows which came on the machine. That's a nice feature, as is the price.
I like it except for the constant, perpetual, ever-present, super-annoying need to be entering passwords and "becoming root user" and so on. I am the only one using this appliance. I don't even care if someone steals it, really. There must be some way (I hope) of disabling this idea that I am a CIA agent with TopSecret materials.
I just want a simple, easy to use appliance. If not Ubuntu, is there any distro that is aimed at normal people?
Security :: Encryption - Two Passwords Associated With One Account ?
Mar 11, 2011Is it possible to have two passwords associated with one account, one that is the actual one, and another one, a duress password, that upon entering gives a similar (desktop) environment with "decoy data"?
The idea is to have the bogus password go to an encrypted home drive that looks as if it were the real deal, but it is wiping particular sensitive (encrypted) data that is visible only with the real password in the background, so that the actual data that need to be protected are not compromised. While the person who unlocked the computer tries to find the information on it between all the rubbish files, the real files are securely wiped. The files are very sensitive in nature, so it's better to have then destroyed than have unauthorized people access them, in the event of that happening.
I happen to know that TrueCrypt has a similar option but that requires an entire decoy operating system (and I think that might be a bit conspicuous), but is there a native linux way to do it?
Security :: Most Popular SSH Usernames And Passwords
Sep 18, 2010DRG SSH Username and Password Authentication Tag Clouds
View 3 Replies View RelatedSecurity :: Passwords In Configuration Files
Aug 31, 2010Lately I adapted my /etc/fstab to mount samba shared network drives. I had to put the password in the configuration file in order to log in automatically. Isn't there another way? It feels a little akward to me to put passwords in a plain text-file.
View 2 Replies View RelatedUbuntu Security :: 10.10 - No Admin Rights For Administrator
Oct 22, 2010I am only user on this ubuntu 10.10 install. I have admin rights but when I try to change some settings via Ubuntu tweak unlock or alter user and groups via advanced tab I never get the option to enter my password. I have added a new user 'tempuser' via safe mode and this user is administrator too but everything works fine from this user..
Results from $ grep admin /etc/group
lpadmin:105:heath,tempuser
admin:119:firstuser,tempuser,heath
Results from groups
admin adm dialout fax cdrom floppy tape audio dip video plugdev fuse lpadmin sambashare
I am thinking of making a fresh install if I cant sort this but would like to fix if possible.
Ubuntu Security :: Cross Platform Encryption For Notes And Passwords?
Mar 10, 2010I would like to be able to store all my important details and passwords in such a way that it is encrypted, easy to get the information out and is cross-platform. Basically, I am thinking that if I kick the bucket that I would like to make it as easy as possible for others to be able to access this information using a pre-arranged password.
Ideally I would like the files to contain the program that is needed to extract the data i.e. importantinfoLinux.sh inportantinfoWin.exe (Just like a self-containing zip). I haven't found anything along those lines.
The things I am currently thinking of is:
1) A password database program that is cross-platform like KeePass. WIth the bundle contining the relevant installers for win, linux and OS X and the database file.
2) An AES encrypted zip of the data with relevant programs to open it e.g. 7-zip on windows, peazip on linux and OS X
Has anyone got any thoughts on this? Any self-containing java encryption apps?
Ubuntu Security :: Checking If Anyone Is Viewing Passwords Stored In FireFox?
Jun 16, 2010As I am a paranoid bastard, I made a bash screencap-script for my Ubuntu-computer, so I can check if anyone uses my computer for things I don't want them to do (eg. checking if anyone is viewing passwords stored in FireFox, looking at private files, or other things I find disturbing). There might be other people than me that is paranoid and want to monitor what's going on on their computers while they are away or letting someone else use their computer when going to the bathroom.
This is a small script, I'd like to hear if there is any improvements that can be done, so I can learn more and become better at such scripting.
The script requires Imagick (sudo apt-get install imagemagick) and a folder in the ~-directory (/home/username) called ".screen" (hidden, as this makes it more difficult to "intruders" to find it and it looks more like a system-folder than a monitoring-folder).
The script:
Code:
#!/bin/bash
i=1;
j=`date`;
user=`whoami`;
[Code]....
Add this script to /usr/local/bin and then go to keyboard-shortcuts in GNOME and add a shortcut-key-combination of your own choice for the script. Call it whatever you'd like, and the command you want to run is simply "screen". To add a shortcut for stopping the script, you add another shortcut-key-combination to the command "killall screen".
This enables you to monitor activity on your computer while you're away, saving png-screenshots of your desktop every three seconds in the folder /home/username/.screen/date.
NOTE: I'm not taking any responsibility for what you do with this script. Remember that monitoring someone's activities is never the right way to handle anything. Also, it's illegal many places. Take care and use it only for educational and testing purposes.
Ubuntu Security :: Firefox Shows Saved Passwords Without Authentication?
Oct 8, 2010if you go to Edit > prefs > security and choose to show saved passwords they are displayed without entering root pw. This seems to be a huge security hole. How do we fix this?
View 8 Replies View RelatedUbuntu Security :: Disable Tunneled Clear Text Passwords
Nov 13, 2010The ubuntu installation came with my ubuntu (it does not matter which version etc.) Contains sshd_config file with this interesting lines:
# Change to no to disable tunneled clear text passwords
#PasswordAuthentication yes
The same lines are seen in many Ubuntu-related internet pages. This is quite surprising to see.
This seem to contradict to the fact that ssh was created specially to provide authentication (with passwords, of couse) but without sending them by internet as clear text like previous programs did. But I could not find any clear confirmations of that neither in Kubuntu-related documents no anywhere else. I put below fragment of a document from RedHat. This seem to imply that if one will use two "yes", the passwords will be passed in encripted form (and this is what is recommended by RedHat). Is that true? Is this true for Ubuntu too? Is the quoted line from sshd_config wrong? Or incomplete?
[URL] RSAAuthentication yes
The option RSAAuthentication specifies whether to try RSA authentication. This option must be set to yes for better security in your sessions. RSA use public and private key pairs created with the ssh-keygen1utility for authentication purposes.
PasswordAuthentication yes
The option PasswordAuthentication specifies whether we should use password-based authentication. For strong security, this option must always be set to yes.
Ubuntu Security :: Two Passwords, 1st Normal, 2nd Triggers System Format?
Jan 17, 2011I'd like to know if something like this already exists :have an ecryptfs encrypted user account on a laptop that accepts two logins, 1st logs normally, the second triggers a system format
View 6 Replies View RelatedSecurity :: Console Users Logging In Without Passwords?
Jul 19, 2010Sitting at the console, I log in with any user name and NO PASSWORD IS REQUESTED. I get logged in automatically without entering the user's password.
I did:
passwd joeuser
To change his password and still he goes right in without being asked for a password!
Possibly related- 10 days ago, my smtp server was breached as a spam relay. The username they cracked was deleted. I added fail2ban for postfix. The logs show no further intrusion.
Security :: Generate Passwords And To Store And Keep Track Of Them?
Jun 6, 2011I have joined a number of websites over time and it seems harder to manage them. Would like advice on how to generate passwords and to store and keep track of them. I would like to hear of systems or programs that are good for this.
View 5 Replies View RelatedSecurity :: Make The Same Users And Passwords For Several Machines?
Aug 11, 2010How to make users, groups, paswords and their IDs be the same on several computers (for example, on cluster)?
View 6 Replies View RelatedUbuntu Security :: Adding User To Admin Group
Jun 15, 2010I'm trying to edit a "xl2tpd.conf" file but it always says I have no write permission tried to add my account to admin group but it says something about not able to lock on password try later.
View 3 Replies View RelatedSecurity :: How To Retrieve Admin Password
Jan 25, 2011I have created 2 in Linux.One is admin and other is Guest.But I forgot my admin password.ow to retrieve or change the admin password?
View 6 Replies View RelatedGeneral :: Security - Tool To Generate Memorable Passwords?
Jan 24, 2011I'm looking for a tool, command line or GUI, for Linux that generates memorable passwords An equivalent of what I am looking for would be passwords that the Mac Os X keychain can generate, something like apples12$/fourteen. Something strong, but easily memorized by a user.
View 2 Replies View RelatedSecurity :: Create A LUKS Encryption Drive With Different Passwords?
Jun 20, 2010I'd like to know if there's a simple way to create a LUKS encryption drive with different passwords? A real one that leads to one set of data, and another that leads to a whole different set of data. Is this even possible with LUKS?
View 1 Replies View RelatedSecurity :: Permitting Users To Ssh With Out Typing Their Passwords Via Kerberos?
May 24, 2010Is there a way to use kerberos (or baring that a trusted CA) to allow users to ssh across machines in an environment isntead of having to manage the hash keys per user/server? I'm using kerberos+ldap to log folks in and get their settings but I'd like to take it a step further. I've been reading a lot but still can't quite get it all to come together.
Do I need to create a SPN for each host to do this? Sorry if I am asking a dumb question, I am returning to the *nix fold after a decade+ in the Microsoft world, be gentle with me.
Ubuntu Security :: Root Password To Make Admin Printer Changes?
Jan 23, 2010I try to install my printer again after reinstall ubuntu 9.04. ("downgraded from 9.10"). Instead of asking for the local-user-login password, as it does for other system changes, it asks for a root password that I never had. What happened? How can I set this right?I made a printscreen.
View 3 Replies View RelatedUbuntu Security :: Using AutoFS To Mount CIFS Share Without Leaving Unencrypted Passwords
Jul 30, 2011I followed this howto in order to mount CIFS shares on demand. This works great, however, this guide suggests leaving my network passwords unencrypted on the disk. This is a very bad security practice, as the passwords can be easly retrieved by booting the computer using a different OS.
I was looking for a way to secure things up, so I came up with this solution: Instead of storing the passwords plain text on the disk, I store them in a tar file encrypted using GPG. When I boot my system, I open this file to a directory in /dev/shm, and order AutoFS to retrieve the passwords from there.
This does the trick, but I presume this solution is not that secure, since /dev/shm content can be written to the swap partition. Is there any other solution which is a better security practice? Maybe using some sort of keyring service?
