if you go to Edit > prefs > security and choose to show saved passwords they are displayed without entering root pw. This seems to be a huge security hole. How do we fix this?
View 8 Replies
As I am a paranoid bastard, I made a bash screencap-script for my Ubuntu-computer, so I can check if anyone uses my computer for things I don't want them to do (eg. checking if anyone is viewing passwords stored in FireFox, looking at private files, or other things I find disturbing). There might be other people than me that is paranoid and want to monitor what's going on on their computers while they are away or letting someone else use their computer when going to the bathroom.
This is a small script, I'd like to hear if there is any improvements that can be done, so I can learn more and become better at such scripting.
The script requires Imagick (sudo apt-get install imagemagick) and a folder in the ~-directory (/home/username) called ".screen" (hidden, as this makes it more difficult to "intruders" to find it and it looks more like a system-folder than a monitoring-folder).
The script:
Code:
#!/bin/bash
i=1;
j=`date`;
user=`whoami`;
[Code]....
Add this script to /usr/local/bin and then go to keyboard-shortcuts in GNOME and add a shortcut-key-combination of your own choice for the script. Call it whatever you'd like, and the command you want to run is simply "screen". To add a shortcut for stopping the script, you add another shortcut-key-combination to the command "killall screen".
This enables you to monitor activity on your computer while you're away, saving png-screenshots of your desktop every three seconds in the folder /home/username/.screen/date.
NOTE: I'm not taking any responsibility for what you do with this script. Remember that monitoring someone's activities is never the right way to handle anything. Also, it's illegal many places. Take care and use it only for educational and testing purposes.
I wonder if it is possible to have two passwords for one user account in 9.10. I have a long login password (5 words about 45 characters with spaces caps). I would like to set a shorter password for Authentication, sudo, etc. While retaining the original for logging in.In short:Have long password to login to computer.Have short password for everything after login.
View 6 Replies View RelatedI have done some searches and none of them tell me how to recover or where/what the file name is for the Mozilla passwords. I was able to recover the bookmarks. orrupted my system doing the 9.4 to 9.10 upgrade and I am trying to rebuild the user one piece at a time.I also need to know how can i recover my mail from Thunderbird. Basically I have set up a new user and am trying to move stuff over from the old user one piece at at time until I can figure out how to fix the old user.
View 14 Replies View RelatedI see these activities logged on a fairly regular basis in /var/log/auth.log and was wondering if this is normal activity?
firefox: gethostby*.getanswer: asked for "ftp.cs.rose-hulman.edu IN A", got type "DNAME"
The format is always the same, though sometimes the address is a regular Internet site.
I have been unable to access the key file since installing Firefox 4 Tuesday. I have no authentication key for Firefox. [URL]
View 3 Replies View RelatedHow can I make the security applet stop showing an update for firefox 3.5.9? I have a more recent version installed from mozilla repo: firefox 3.6. The mozilla repo already has a higher priority (95 instead of 99), so I don't know what to do.
View 5 Replies View RelatedI want to configure SSH key-based authentication and SSH password Authentication in same machine for different user .
View 1 Replies View RelatedI am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:
1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?
2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.
3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?
4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?
5)give me links to fairly current documentation on this stuff?
6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.
I need to make a choice on what authentication protocol I want to use for Authentication and Authorization. I was looking at Radius and then literature suggested that Diameter was a better protocol. Keep in mind I need this on a hetrogeneous setup ( linux & windows together). Diameter seemed like a good fit until I discovered that the open source code no longer seems to be maintained ( C/C++).
I was also looking at Kerberos as an option though there is alot overhead with the server. SSL/TLS or EAP? I am looking for simple but secure and am new at the security protocols.
Whenever i try to download something i do not know where they are saved to. for example, i just tried to download the skype beta for ubuntu. the firefox download prompt pops up with the only option being "save file". i click save file and then the prompt closes and nothing happens.
how to handle such downloads.
Just did a clean, fully updated install of Lucid. Unlike the development version I was running, Firefox now will not remember usernames or passwords for sites. I have "Remember passwords for sites" under Preferences checked.
View 2 Replies View RelatedI installed the Penta OS version of Ubuntu and the version of Firefox that came with it would not retain my bookmarks on restarting Firefox.My solution was to 'apt-get uninstall Firefox.Penta OS would not let me install the latest version of Firefox with an incompatability notice.So I installed one using the Package Manager called Firefox 2
View 2 Replies View RelatedSince Ubuntu become 10.04, Firefox got some big issues with losing it's memory of saved users/passwords and places I've visited earlier. To fix it, I need to close and re-open Firefox and all is fine for a time. But after some time, all stuffs is gone missing again and I need to close and re-open it...
Why isn't Windows users affected with this? Only Ubuntu folks?
Anybody else notice this sickness with Firefox?
How do I, the rightful creater and owner of the Firefox master-password, convince Firefox to release my passwords to me? I'm aware that Firefox stores website-passwords in the personal information manager, and that I am able to view these after unlocking them with the master-password and export them with the profile info export function. However, I collect all my passwords and encrypt them with a very strong key for storage outside my PC.
View 3 Replies View RelatedRunning FC11 64 bit and Firefox 3.5.5. Under Edit->Preferences->Security, I have checked the box "Remember passwords for sites". But Firefox doesn't remember the passwords. It does remember the usernames. Is there something else that I must do to get it remember passwords?
View 6 Replies View RelatedI am returning a computer to the dealer and I want to remove all stored passwords from firefox. How do I do that? This is version 3.6.I also would like to remove bookmarks and history.
View 9 Replies View RelatedI clicked "remember" on a page, and now I have to depend on my USER login to provide me security. I am SCARED of this thing.
View 4 Replies View RelatedWhenever I log into a site for the first time I always tell Firefox to save my passwordThis is very convenient. Along time ago, however, when I first started using this feature I sometimes clicked "Never save the password for this site" and consequently some of the sites which I most frequently visit still need me to manually input the password.How can I tell Firefox I want it to save the passwords for these sites now? I cleared everything in the "Preferences >> Security >> Exceptions" menu but that did not fix the problem. I don't want to just delete my profile because I have about a years worth of passwords and bookmarks and whatnot that I don't want to redo.
View 2 Replies View RelatedWhat I would like to do is create a good firewall and have it saved so it doesn't get lost through reboots. I have read the iptables document and the ufw document but it's still a bit confusing.
What I would like to do is be able to browse the web so I need to have rules for that as well as https. I'm not sure what rule I need for DNS for DHCP. Other than those basics I don't want anything else to happen save for updates. When I get more used to it I will add more rules if I need them. I also want IPv6 off, for incoming, outgoing and forwarding, and my guess is that I do not need any forwarding for IPv4. Ah yes and I need the loopback working.
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
[code]....
I think ubuntu/canonical should start releasing a new flavour geared towards meeting needs of computer security professionals just like backtrack distro
View 9 Replies View RelatedHow would You encrypt Passwords [emails,forums,accounts] onto USB Flash the most Secure way? (It should be command line so I can use any Linux distribution on it.) Is gpg -c <filename> secure enough ? And what FAST distro would you install on it? I'm learning on old USB flash and found SliTaz pretty damn cool,I use it as a LiveUSB. Also I've tried Kubuntu but it's bit slow. Going to try Lubuntu soon too. Any other idea?
And I'd like to install some FAST distro onto new 8GB mini USB flash drive,maybe Kubuntu as well. How would you partition its Flash drive? Probably separate partition for stored encrypted files?
I use Ubuntu on my netbook, which I uses for browsing and email. It's way faster than the Windows which came on the machine. That's a nice feature, as is the price.
I like it except for the constant, perpetual, ever-present, super-annoying need to be entering passwords and "becoming root user" and so on. I am the only one using this appliance. I don't even care if someone steals it, really. There must be some way (I hope) of disabling this idea that I am a CIA agent with TopSecret materials.
I just want a simple, easy to use appliance. If not Ubuntu, is there any distro that is aimed at normal people?
Is it possible to have two passwords associated with one account, one that is the actual one, and another one, a duress password, that upon entering gives a similar (desktop) environment with "decoy data"?
The idea is to have the bogus password go to an encrypted home drive that looks as if it were the real deal, but it is wiping particular sensitive (encrypted) data that is visible only with the real password in the background, so that the actual data that need to be protected are not compromised. While the person who unlocked the computer tries to find the information on it between all the rubbish files, the real files are securely wiped. The files are very sensitive in nature, so it's better to have then destroyed than have unauthorized people access them, in the event of that happening.
I happen to know that TrueCrypt has a similar option but that requires an entire decoy operating system (and I think that might be a bit conspicuous), but is there a native linux way to do it?
DRG SSH Username and Password Authentication Tag Clouds
View 3 Replies View RelatedLately I adapted my /etc/fstab to mount samba shared network drives. I had to put the password in the configuration file in order to log in automatically. Isn't there another way? It feels a little akward to me to put passwords in a plain text-file.
View 2 Replies View Relatedi want to backup my passwords in Firefox and my email address book in Thunderbird ,both runing on ubunto 10.04 point me in right direction please ,its just i have lost them before and its a pain in the you know where to redo them all also bookmarks in FF
View 4 Replies View RelatedI would like to be able to store all my important details and passwords in such a way that it is encrypted, easy to get the information out and is cross-platform. Basically, I am thinking that if I kick the bucket that I would like to make it as easy as possible for others to be able to access this information using a pre-arranged password.
Ideally I would like the files to contain the program that is needed to extract the data i.e. importantinfoLinux.sh inportantinfoWin.exe (Just like a self-containing zip). I haven't found anything along those lines.
The things I am currently thinking of is:
1) A password database program that is cross-platform like KeePass. WIth the bundle contining the relevant installers for win, linux and OS X and the database file.
2) An AES encrypted zip of the data with relevant programs to open it e.g. 7-zip on windows, peazip on linux and OS X
Has anyone got any thoughts on this? Any self-containing java encryption apps?
The ubuntu installation came with my ubuntu (it does not matter which version etc.) Contains sshd_config file with this interesting lines:
# Change to no to disable tunneled clear text passwords
#PasswordAuthentication yes
The same lines are seen in many Ubuntu-related internet pages. This is quite surprising to see.
This seem to contradict to the fact that ssh was created specially to provide authentication (with passwords, of couse) but without sending them by internet as clear text like previous programs did. But I could not find any clear confirmations of that neither in Kubuntu-related documents no anywhere else. I put below fragment of a document from RedHat. This seem to imply that if one will use two "yes", the passwords will be passed in encripted form (and this is what is recommended by RedHat). Is that true? Is this true for Ubuntu too? Is the quoted line from sshd_config wrong? Or incomplete?
[URL] RSAAuthentication yes
The option RSAAuthentication specifies whether to try RSA authentication. This option must be set to yes for better security in your sessions. RSA use public and private key pairs created with the ssh-keygen1utility for authentication purposes.
PasswordAuthentication yes
The option PasswordAuthentication specifies whether we should use password-based authentication. For strong security, this option must always be set to yes.
I'd like to know if something like this already exists :have an ecryptfs encrypted user account on a laptop that accepts two logins, 1st logs normally, the second triggers a system format
View 6 Replies View Related
