Ubuntu Security :: Locked-Screen Login Window Vulnerability?
May 12, 2010
I've got an HP Netbook with Jaunty installed, and I've got an older Dell laptop running Debian.A friend of mine, on several occasions, has told me that when I left my computers unattended he could do some kind of series of key-strokes, and then a window comes up and he says that he can change the password for my account.I've asked him to show me how he does it, but he never will because he doesn't want me to be able to thwart himIs he lying, or is it for real? if it's for real, how do I go about changing it so that it can't happen anymore?
View 5 Replies
ADVERTISEMENT
Nov 4, 2010
I can't log in from a locked screen anymore, such as when returning fromeep or hibernation. I can, however, work around the problem by clicking "switch user" and logging in from the GDM greeting screen. Logging in from a terminal also works.I recently had a problem where /etc/passwd, /etc/groups and some other files were deleted. But I have restored them - otherwise I couldn't log in at all.
View 1 Replies
View Related
Apr 2, 2010
So yesterday I receive a copy of the SANS @RISK security vulnerability newsletter, and, lo and behold, Mozilla's Firefox and Thunderbird are on it yet again. (Yeah, I know, shocking, isn't it?)So I quickly check what versions I have installed. Yup: Vulnerable.I check whether updates are available.These are pretty serious "remote code execution" vulnerabilities and the status is "vendor confirmed, updates available." So why isn't my 9.10 desktop's update manager telling me updates are available?
View 9 Replies
View Related
May 22, 2011
Is there a config file to toggle whether the screen is locked after hibernation? I looked all over preferences but if it's there, I missed it. In Ubuntu, the screen was always locked after waking up. In Squeeze, it's going directly to desktop. It's not a biggie but you never know when someone might try to access your account so I kind of liked that it would wake up locked. Maybe it's doing that because I'm the only user on the system?
View 14 Replies
View Related
Feb 25, 2011
The problem come after i kill the Xorg using the kill command,and the screen turns to black without anything so that i can do nothing. The problem goes on after reboot
View 5 Replies
View Related
Aug 8, 2010
While I was away from my computer a friend changed my keyboard layout to a random layout thinking he could revert it via mouse actions only. Unfortunately, by the time I returned, my screen was locked. Now I cannot unlock my session to get back in to the KDE session to restore the correct keyboard layout.
However, I can log in to a console. In the console (e.g., Ctrl-Alt-F1), the keyboard layout is unchanged, so I can edit any text files and make any other changes required. How can I change the KDE keyboard layout from a console? I'm running Kubuntu 10.04. There is no .kderc file in my home directory. And Xorg.conf doesn't contain the settings either. I'm not sure where else to look.
View 5 Replies
View Related
Aug 18, 2010
I have used Ubuntu since 7-4; I now have 10.4. However, in the last week I have been taken to the login screen three times. This could be potentially calamitous. Ctrl+Alt +Backspace have by default been disable since 9-4. There is no way I am pressing atl+Prtscr +K. I wonder if there is a new zap command in 10.4, and if so, how to disable it. I have never found the need to go back back to the login window. I am generally using the command line when doing this.
View 1 Replies
View Related
Aug 26, 2010
I noticed that when typing in your password after locking the screen or a screensaver, the program focussed behind it is able to catch the input...
This sounds like a huge security risk to me, is there anyone who can test this? (Only noticed with game in wine, perhaps you need low level xorg access)
View 1 Replies
View Related
Jan 13, 2011
I i've virtual machine that is running BackTrack4r2. I need to use the built-in tool Metaspolit in bt for assessing the security and vulnerability in websites The prob is that i dont have any about the Metaspolit tool.
View 10 Replies
View Related
Feb 24, 2010
I decided to report what happened me lately so that someone more clever could find the hole in the latest ubuntu. So: I have a machine connected 24/7 on high speed network. i had karmic on it. i ran openssh and apache2 (without any mod, plain apache2) on it. In addition i ran firefox, ktorrent, and amule on it. Nothing else. The system didnt have any rule in iptables.
Recently chkrootkit signaled a SuckIT rootkit in the system. I was scared, i googled for it and i saw that on ubuntu this actually happened and it was a false positive. Ok, i kept going. Yesterday i nmapped myself and i found an open port around 64000 that i couldnt see with netstat -atpnl so i concluded i was actually infected and erased the drive and tried to install lucid alpha2 so, one day of lucid,
- with a firewall this time that let open only the port 22 and 80 from internet
- with only openssh as service (no apache2)
- ran firefox3.6 , ktorrent and amule , nothing else
chkrootkit didnt find anything
debsums reported
debsums: changed file /sbin/initctl (from upstart package)
i did an apt-get install --reinstall upstart and that file didnt warn anymore. So i concluded there must be some kind of vulnerability either in
a) firefox
b) ktorrent
c) amule
View 6 Replies
View Related
Sep 28, 2010
Using Opera 10.61 and 10.62, I find that any secure website I access, such as a bank, the lock icon in the address bar is replaced by a question mark. Clicking on it brings up a window, stating that the connection is not secure, that the server does not support TLS Renegotiation. Doing some internet searches for "opera tls renegotiation" brought me to a page at the Opera website, where they discuss this issue. The issue is generic, not limited to Opera, affecting the TLS protocol, and it potentially enables a man-in-the-middle to renegotiate a "secure" connection between a server and client, issuing own commands to the server. Opera has addressed the problem on the client end, but now servers need to be upgraded too. None of the HTTPS sites I have tried have upgraded their servers, if the information provided by the Opera browser is correct.
My questions: how feasible is such a MITM attack, what level of resources would such an attack require? What, if anything, would the attacker need to know about the client and/or server to mount the attack? Would I be better off using Firefox, or is Firefox simply oblivious of the problem and not issuing warnings for that reason?
View 4 Replies
View Related
Feb 11, 2010
Is there a free online vulnerability scanner where either I can give them the IP address to scan or can be initiated from the console command, tool, or text based browser. I use GRC's Shields Up when I have a GUI, but I want a scan ran on my website that runs Ubuntu 8.04 server on a hosted VPS.
View 5 Replies
View Related
Jun 8, 2010
I ran across this problem when I used checkinstall and then tried to extract the contents of data.tar.gz (which you can find inside any .deb).tar has an option to extract the contents of a file in a given directory.From tar's manpage:
Code:
-C, --directory DIR
change to directory DIR
[code]....
View 2 Replies
View Related
Aug 10, 2010
Quote: Security expert Georgi Guninski has pointed out a security issue in the 1.0 branch of OpenSSL that potentially allows SSL servers to compromise clients. Apparently the hole can be exploited simply by sending a specially crafted certificate to the client, causing deallocated memory to be accessed in the ssl3_get_key_exchange function (in ssls3_clnt.c). While this usually only causes an application to crash, it can potentially also be exploited to execute injected code.
View 1 Replies
View Related
Aug 27, 2010
just migrated to Lucid from Jaunty and noticed that the login startup screen looks more like windoze (shows all authorized users).One of the endearing security checks with Unix was that if you had access to a console you had guess both userid AND password - the system wouldn't tell you which was wrong.I feel that we have lowered security by making the list of authorized users visible on a console. Is there any way to turn it off and force users to enter both userid and password?
View 4 Replies
View Related
Apr 5, 2010
I have a habbit of openning a 2 sessions of xwindow (I'm using KDE), one as user to browse the internet and the other as root to do some admin work. But someone told me that login to KDE as root is bad in terms of security. Is this true?
View 3 Replies
View Related
May 7, 2010
Iam facing a weird problem with ubuntu since last week... Starting system-->selecting ubuntu from grub menu-->ubuntu splash screen comes and it loads fully-->black screen is displayed instead of login window.. Restarting the system and the prob is gone..able to login properly..
This problem is ocurring randomly..sometimes i can login in 1st attempt properly,other times i have to restart the system twice or even thrice to get to the login screen.. what can be the possible reason to this...I have not done any updates also..
View 2 Replies
View Related
Jun 28, 2010
I don't have
System > Administration > Login Window > Local Tab
because I wanted to change my login window I cant change it because I dont have Login window preferences. I do have login screen but I cant change anything graphical there. I am running linux 10.04 LTS.
View 1 Replies
View Related
May 18, 2010
I have windows 7 on my laptop (Dell Studio model). I have installed fedora 12 onto my machine in the unallocated space, the installation went smoothly. If I login to the fedora directly then every thing works fine. but if I login to Window 7 and again try to re-login into fedora 12 after shutting down the winows 7 then the booting screen will become black (almost invisible) even though I can be able to login and can go to the desktop (which is also very least visible) if i click on suspend and then click on the power button then the screen will become properly visible.
View 2 Replies
View Related
Nov 3, 2010
Currently i am running fedora 13 with KDE and I get bore seeing blue login screen. I tried to change it under System Settings->Advance->Login Window , but it doesnt work.
View 2 Replies
View Related
Nov 27, 2010
Got my Slack running on vostro 1310 for a while now. But just Today... first for what ever reason my wifi stopped to work (at boot time) even though interface was up as usual, driver was loaded, supplicant has not been touched etc. So I wired up a LAN cable and the at boot time I saw an information from eth0 that packet length is 0 and cannot be parsed (great no network at all). Tried to investigate the problem on a different machine, and one of the suggestions I've found was to set router to no security and see if wireless will connect. I thought that it would be a good idea to reboot the machine to attach to the rooter at boot time and no eth0,wlan1 tries to connect to the network and then I get a black screen instead of login window
View 4 Replies
View Related
Jul 30, 2010
I'm very much new to linux using 11.3 Gnome. I want to change my login window and splash screen. I went through lot of sites but I couldn't find the answer.
View 1 Replies
View Related
Jun 30, 2010
I've had a password on my 10.04 installation since I installed it (when it was released) and since last week it has disappeared. My computer seems to log in automatically. When I check the login screen settings, it is set to "show the screen for choosing who will log in".
View 5 Replies
View Related
Aug 30, 2010
Is there a way to set Linux to automatically log in to a specific user account and at the same time lock the screen? I want to save time and trigger various software that always should start up on boot, while leaving the computer unattended during startup (extra important and practical for remote control boots), by enforcing a 'screen lock' so that no-one can see what happens behind the login screen without entering the login credentials.
View 4 Replies
View Related
Jul 29, 2009
Is there any way to hide my username in login screen (GDM)? I ask this because in Ubuntu I have seen that you need manually enter your username.
View 5 Replies
View Related
Jun 5, 2010
A few minutes ago I accepted a suggestion from update-manager for restarting my system, such that some security updates could be effective. After restarting and login in as usual, I discovered that I could not use my adminstrative rights as a sudoer. To recover them I booted again, as root, and added my username in the "admin" group. Rebooting, all seemed well again. As an extra check I installed and ran 'chkrootkit' and nothing suspect was found.What could have hapenned? Just a glitch in the system? Can a user disappear from a group for nothing?What further checks can I make to be sure that my system is safe?I'm using Ubuntu Jaunty Jakalope amd64, with kernell 2.6.28-15-generic.
View 5 Replies
View Related
Aug 25, 2010
I am using Ubuntu 10.04 TLS from a pen-drive (running Ubuntu example). I created a new user account. When I lock desktop it correctly turnout the screen (everything go dark). When I move the mouse Ubuntu returns perfectly. My problem is that in any time I am not asked for password. I want that Ubuntu while locking ask for password to login again. I already tried configuring lock down and lock properties (application) via gconf-editor.
View 1 Replies
View Related
Jun 26, 2015
I have Debian 7 with LXDE installed on a msi-based-notebook. Immediately after i make the login (in graphics mode), the LED of "num lock key" turns on and lock,making the keyboard impossible to type properly.
I've tried to reconfigure keyboard,but it had no effect. And yes,i have tried to use the "Fn key + num lock" combination, but had no effect too.
View 3 Replies
View Related
Apr 12, 2011
My last setup (years ago) ran fluxbox so because it was familiar I installed it as a secondary to xfce right off the bat. I download a lot of different stuff because I like to try out all the apps I can find but somewhere I broke something. I can still run fluxbox fine, but nither the Xubuntu nor Xfce sessions will run now. Last thing I remember changing was pulse audio(removed it for an experiment I was trying with jack audio), not sure if it is connected but when I try to login to xfce the screen goes black, flickers a few times then it brings me back to the login screen.
I tried failsafe but everytime I do my monitor gives me a "frequency out of range" error. I tried purging and reinstalling xubuntu desktop and xfce settings but I am thinking its my xorg config. My laptop is a Toshiba satellite M305D-s4830 with ATI Radeon 3100 mobile graphics card and I am running Xubuntu 10.10. Unfortunately I also broke the screen, so right now I am stuck with an external monitor till I get a new one.
View 1 Replies
View Related
Sep 3, 2010
I would like to use a wireless network, I type in the correct password but suddenly a new window pops up saying: 'an application wants to access to the keyring 'Vorgabe', but its is locked password:'
But I don't know what password it's talking about
I went to Password and Encryption keys, there are two folders
'password: vorgabe'
'Password: login'
View 9 Replies
View Related
