Ubuntu Security :: False Links In Received Emails
Aug 1, 2010
Recently a friend received a couple of emails from someone she knows with web links that purported to be about health issues. She clicked through on two of them; one gave an error, and the other went to a ****** site, so she believes these are "virus" sites. And the person who "sent" the email has just confirmed that his account was "hacked" (I'm guessing actually a virus on his computer). So, two questions:
1) She's running ubuntu 10.04. Is there any reason she should have concerns about her system's security? rkhunter gives no warnings.
2) She is also concerned that it could have compromised her email account (on gmail). I don't see how this is possible, but can anyone confirm about that?
View 1 Replies
ADVERTISEMENT
Feb 10, 2010
Since I upgraded my browser to Firefox 3.6, I've been experiencing this problem: when I click on a link in an email, Firefox doesn't go to that link. Instead, a new instance of Firefox is started (even if I've already got an instance of Firefox running), and that instance just opens my homepage. Of course I can work around this problem by right-clicking on the link, selecting Copy Link Location, then manually pasting the URL into Firefox. But I'd prefer to use just one click rather than 6.I'm using the latest official Hardy version of Evolution (2.22.3.1), and I've got Firefox 3.6 set as preferred browser (or "default browser" or whatever it's called in Ubuntu).
View 5 Replies
View Related
May 10, 2011
Just wondering how can one go about hiding their IP or displaying a false IP in Linux. Is this possible? Its not that I have anything to hide or any such things, I just like my privacy and don't like the idea that some one can track my actions and my location.
View 5 Replies
View Related
Jan 5, 2010
I have just been checking one of my machines with rkhunter and got the following result:
Code:
[17:50:08] Warning: Checking for possible rootkit strings [ Warning ]
[17:50:09] Found string 'hdparm' in file '/etc/init.d/checkroot.sh'. Possible rootkit: Xzibit Rootkit
[17:50:09] Found string 'hdparm' in file '/etc/init.d/bootlogd'. Possible rootkit: Xzibit Rootkit
Using a well known search engine shows that others have come across this before: [URL] I have installed the current version of rkhunter from Debian's Unstable repo,but i still have the same result as above. I now check the rkhunter wiki,which mentions the same problem: [URL]
Quote: Here is an example on my system to remove a false positive for a certain rootkit that hit hdparm.
[Code]....
View 4 Replies
View Related
Oct 25, 2010
Is this a false positive from rkhunter?
/usr/bin/curl [ Warning ]
/usr/bin/ldd [ Warning ]
Chkrootkit came back ok. Running ClamAV and will only add that here if it finds anything. I just neve remember seeing these before. This is in Ubuntu 10.10
View 2 Replies
View Related
May 3, 2010
After reading everything that says you don't need an anti-virus for Linux. OR Linux doesn't get viruses. Guess what I have a Virus. I don't know which one, but it is sending out spam emails from my webmail, MSN, account. I do not have a local client installed. I am guessing it is linking into MSN through Pidgin, getting the addresses there, and sending the spam, somehow, through MSN. Actually one MSN and one Hotmail account. I also have not been able to find an anti-virus program for Ubuntu. There do not seem to be any listed in the software repositories that Ubuntu links into. How do I get rid of it? My contacts are starting to get upset.
View 9 Replies
View Related
May 3, 2010
I keep finding packets that appear to be whois on port 44. they appear to originate from me to whois.arin.net (2 packets each time) and 199.212.0.43 (also 2 packets each time) when I put 199.212.0.43 in the URL box it says "Failure To Connect To Web Server". when I whois it it says:
Quote:
Available at [url] And yes, I did get the same packets when I used whois. Why is my computer randomly whoising stuff?
View 3 Replies
View Related
Nov 10, 2010
I'm posting an E-Mail I sent to Pidgin Support, which didn't get answered. I'm doing this because I believe it is a general SSL problem. I've even tried a different chat client (Instantbird) - same error message. Since a week or so I'm not able to securely login to ICQ any longer with one of my accounts. Only if I disable "Use SLL" in the advanced settings, it works. With SSL I get the error message "Unable to connect to BOS server: SSL Handshake Failed". In the debug window the reason for the failure is "A record packet with illegal version was received". If I enable the setting "Use clientLogin", I get a different error: "Received invalid data on connection with server".
I get this error for all of my ICQ accounts if I enable this, but the other ones work just fine using only "Use SLL". I can login to the ICQ website with the "bad" account too, the settings are exactly the same for all 3 accounts. I was using Pidgin 2.7.3 when this happened first, upgraded to 2.7.5, but no change. I'm running RHEL 5.5 x86_64. I've attached the Pidgin debug messages for the "bad" case of the not working account and for the "good" case of one of the working accounts. I've tried a lot of things, like deleting the account and adding it again. I deleted the cached certificates. I changed the password on the ICQ website.
From the attachment I'm only pasting the most important part - the error message:
(20:27:14) gnutls: Starting handshake with bos.oscar.aol.com
(20:27:14) gnutls: Handshake failed. Error A record packet with illegal version was received.
(20:27:14) oscar: unable to connect to FLAP server of type 0x0002
(20:27:14) connection: Connection error on 0x9bf19f0 (reason: 0 description: Unable to connect to BOS server: SSL Handshake Failed)
I doesn't get into my head why 2 accounts work perfectly, but one doesn't. The login-server is exactly the same, so also the used certificate should be the same.
View 2 Replies
View Related
Mar 14, 2010
Im using gmail with https always turned on but what programs can i use to easily encrypt emails? Is pretty good privacy easy to use?
View 9 Replies
View Related
Apr 25, 2011
I'm running Thunderbird with Enigmail, and I have this very annoying problem. When I open an encrypted email for the first time, it asks me for my key password. It then remembers my password. This is fine for a few minutes, since I don't want to enter the password every time if I look at seven emails in five minutes. However, I WOULD like it to EVENTUALLY forget. At the moment, it doesn't even forget if I shut off Thunderbird. I have to restart my computer, in fact.
The preferences for Enigmail don't help. I've configured it to remember the password for 0 minutes, for example. I don't know how to edit the preferences for gpg-agent or anything else like that.
View 2 Replies
View Related
Jun 17, 2009
i have recently installed thunderbird on my fedora 11 box and so far so good. i am interested in encrypting my emails and digitally signing them as well. does anyone have documentation as to how i can do this? i messed around with it last night but i was not able to import a valid certificate.
View 14 Replies
View Related
May 19, 2009
I'm looking for a solution for sendmail to limit the number of emails send per miniute per IP. For example all my local computer user with ip 192.x.x.x need to able to send 10 emails/minite (emails, not connections!. The rest of the world can send for example 200 emails/minute to the mailserver. If the amount of emails per minute is exceeded, sendmail needs to block receiving emails from the spesific IP. I want to do this to stop spaming from my local network. Is it possible?
View 1 Replies
View Related
Jun 26, 2010
Would it be possible/advisable to add a note to the security emails if an updated package is also part of the multilib install? I know with this last round of updates, seamonkey-solibs and cups are a part of multilib. I snagged the 32bit versions, converted them, and upgraded. It's kind of hard to keep track of which packages are a part of multilib.
View 1 Replies
View Related
Jun 13, 2011
I just got control over a server that was hacked several months back. The other day we started receiving rejected emails sent from my server to a yahoo email address that is no longer active that contained users login information. I am trying to find the process that is sending these emails. So far its been like finding a needle in a haystack. The email that is being sent is appending the login information each time it is sent so there must be a local file that contains this information. I have tried using grep and find without any luck.
View 2 Replies
View Related
Dec 6, 2010
At my Uni, we use a web-based login for our internet connections. Its based off of Cisco, and every Wednesday night every computer on campus must re-enter their credentials to use the network.
Normally on my several computers I simply pull up the Terminal, point links to google.com using
Code:
And enter my credentials when Cisco redirects to the login page.
Literally, the process is
Code:
Then ENTER to accept the redirect, down arrow to skip over the logo image, USERNAME, ENTER, PASSWORD, ENTER, ENTER.
Naturally, this is EXTREMELY time consuming, as I have about 5 computers located around campus and must physically walk to the machines and login every single week.
My question is, How would I formulate a program that does the following;
1) checks for connectivity (i.e. is able to reach/resolve to the greater part of the internet) and
2) automatically fills in the credentials on the links login page?
View 2 Replies
View Related
May 29, 2010
How to refresh and reload the list of email into MUTT ? Which key?
Additional: how to go to folder SENT of gmail ? and configureation eventually?
View 1 Replies
View Related
Feb 3, 2009
I have a personal wiki of notes, with now thousands of links in markdown format:
[link text](http://example.com)
but now that fckeditor is available for mediawiki (very beta), it has become much better to just stick with wikitext format. There are only a few conversions to do: tables, links, and bulleted lists. The lists are a fairly simple regex and fckeditor magically reformats the tables, so all I'm left with is the links. But I'm not a regex master. How do I reformat code...
View 12 Replies
View Related
May 13, 2010
I'm on ubuntu 10.4 and Cant seem to falsely authenticate myself with my AP. I am trying to break a wep key on one of my older linksys routers; It continues to say this:
Code:
root@kevin-laptop:/home/kevin# aireplay-ng -1 1 -a xx:xx:xx:xx:xx:xx mon1
No source MAC (-h) specified. Using the device MAC (xx:xx:xx:xx:xx:xx)
11:39:16 Waiting for beacon frame (BSSID: xx:xx:xx:xx:xx:xx) on channel 6
11:39:16 Sending Authentication Request (Open System) [ACK]
11:39:18 Sending Authentication Request (Open System) [ACK]
11:39:20 Sending Authentication Request (Open System) [ACK]
11:39:22 Sending Authentication Request (Open System) [ACK]
11:39:24 Sending Authentication Request (Open System) [ACK]
11:39:26 Sending Authentication Request (Open System) [ACK]
11:39:28 Sending Authentication Request (Open System) [ACK]
11:39:30 Sending Authentication Request (Open System) [ACK]
11:39:32 Sending Authentication Request (Open System) [ACK]
11:39:34 Sending Authentication Request (Open System) [ACK]
11:39:36 Sending Authentication Request (Open System) [ACK]
11:39:38 Sending Authentication Request (Open System) [ACK]
11:39:40 Sending Authentication Request (Open System) [ACK]
11:39:42 Sending Authentication Request (Open System) [ACK]
11:39:44 Sending Authentication Request (Open System) [ACK]
11:39:46 Sending Authentication Request (Open System) [ACK]
Attack was unsuccessful. Possible reasons:
* Perhaps MAC address filtering is enabled.
* Check that the BSSID (-a option) is correct.
* Try to change the number of packets (-o option).
* The driver/card doesn't support injection.
* This attack sometimes fails against some APs.
* The card is not on the same channel as the AP.
* You're too far from the AP. Get closer, or lower the transmit rate.
root@kevin-laptop:/home/kevin#
I'm using an eeepc 701 it has an Atheros card and does injection. I have also tried it with backrack 4 and it works perfectly (it falsely authenticates with the ap and decrypts the wep key) I just cant seem to get it to work on ubuntu 10.4. Could it be a kernel issue? I found out that there is a bug in the new(er) kernel(s). If you use an older kernel (I used 2.6.31-14 which can be found here) and it magically works.
View 8 Replies
View Related
Feb 18, 2010
I have a 4 disk Raid 10 with Windows 7 installed & working. (Win 7 sees this as 1 disk.)
I installed 9.10 onto a 5th disk, but I think that ubuntu saw the Raid 10 as 4 separate disks and wrote the boot loader to hd0- I had to rebuild my array & I couldn't load 9.10
For the second attempt, I disconnected my Raid 10 and 9.10 is now alive & well on the 5th disk, (presumably with the boot loader on the same disk). Both Win 7 & Ubuntu 9.10 now work but I have to steer to the required disk via the bios for loading.
I'm reluctant to play with the boot loader (GRUB?) from 9.10, because it doesn't seem to like my Windows disk array. Would something like EasyBCD (used from Win 7) be an option?
View 3 Replies
View Related
Jun 12, 2011
I have added no data to my hard drive in the last few days. I saw a notification saying I had only 1.8Gb left on my drive. Shortly after I dismissed it and ran: Code: sudo apt-get clean like the notification suggested. Then, another poped up. Now it said I have 0 bytes left.
So, I opened the disk usage analizer and the data seemed normal, and not my full drive size. It still was saying I have no space so I checked the properties widow for / . It said / contained 128TB of data and the file counter showed no signs of stopping after a few minutes. Obviously my drive is not 128TB in fact it's only 500GB. Also the disk manager program (system volume information?) Said it has 28 bad sectors.
View 4 Replies
View Related
Apr 25, 2010
way to remove open-whois.org as an rbl from /usr/share/spamassassin/50_scores.cf/usr/share/spamassassin/72_active.cfIt's creating a lot of false positives on a mail server i am using with ubuntu. i noticed only ubuntu lucid is using updated spamassassin 3.3.1 and all others are using 3.2.5i was on spamassassin's website and noticed this issue has been resolved on spamassassin 3.3.1 but not 3.2.5i tried looking in those files but they are too complicated for me to understand.i am assuming they manually have to be removed.can anyone help with the open-whois.org rbl removal from mail servers as it is currently squatted and creating false positives?
View 5 Replies
View Related
Jul 26, 2010
I run apt-get upgrade and get
Quote:
Preconfiguring packages ...
(Reading database ... 78720 files and directories currently installed.)
Preparing to replace apt 0.7.25.3ubuntu9 (using .../apt_0.7.25.3ubuntu9.1_i386.deb) ...
Unpacking replacement apt ...
dpkg: error processing /var/cache/apt/archives/apt_0.7.25.3ubuntu9.1_i386.deb (--unpack):
unable to create `/usr/share/locale/dz/LC_MESSAGES/apt.mo.dpkg-new' (while processing `./usr/share/locale/dz/LC_MESSAGES/apt.mo'): No space left on device
No apport report written because the error message indicates a disk full error
[Code]....
View 1 Replies
View Related
Jan 16, 2010
I wonder if anyone can help, I've got an annoying problem with an Acer Revo running Ubuntu 9.10 with the latest NVidia drivers. The Revo is connected to my TV via an amp by HDMI. The Revo didn't seem to like this, I'm assuming due to some handshaking issue with the HDMI which meant that no signal was being passed. Therefore, in Xorg.conf I have used
Code:
Option"UseEDID" "False" This makes the a picture appear but the highest resolution available is 640x480 (if I connect directly to my TV and comment out the "UseEDID" line the resolution is the proper 1920x1080).I have tried editing xorg.conf (the file is posted at the bottom) to force 1920x1080 resolution but nothing seems to work.
Code:
# nvidia-settings: X configuration file generated by nvidia-settings
# nvidia-settings: version 1.0 (buildd@palmer) Sun Feb 1 20:21:04 UTC 2009
Section "ServerLayout"
[Code]...
View 1 Replies
View Related
Feb 2, 2010
I have vsftpd installed on my Debian (squeeze). I wish to let a local user (ftp) access the FTP server, but not login as normal user through SSH. In vsftpd.conf, I have enabed local user and chroot. I have also changed the shell of the local user (ftp) to /bin/false. The problem is that, I cannot login the FTP server from another computer (I login as "ftp" on a Windows machine). But when I change the shell of the local user (ftp) to /bin/sh, I can login the FTP successfully.
Is this the problem of Windows, or I should use something else instead of /bin/false if I want to prevent "ftp" login service other than FTP?
View 8 Replies
View Related
Aug 30, 2010
I have a new (few months) HP Compaq laptop where I run Fedora 13. A couple weeks ago, it started complaining about too many bad sectors in the HD. What I have done is to remove palimpsest from load-on-start list, so I don't get the annoying message. I know the palimpsest Disk Utility has given problems like this (false positives) in Ubuntu, and F11. So my concerns are:
Is it normal in F13 to get those palimpsest warnings? Or should I consider the idea that my new HD is really failing? If this is a bug in palimpsest, is it going to be fixed soon?
View 2 Replies
View Related
Feb 18, 2010
If in Software Sources I have "Download from" set to "Server for Australia", then when I run sudo apt-get update, I get a warning at the end
Code:
Reading package lists... Done
W: Duplicate sources.list entry http://dl.google.com stable/main Packages
[code]....
View 3 Replies
View Related
Nov 19, 2009
I ve upgraded my system from F11 to F12 recently . Everything went good till now. Yesterday i ve tried to check if there was any update via software update and a very very bad thing happened without me knowing it updated to all dev-test packages of F13.
Is there any way of uninstalling-removing everything thats connected with F13 from my system cause now all is going very slow and laggy probably bugfull. Also my software sources tab has vanished from menu...i ve tried to edit the menu to see if i can add it back but no luck its not there also....i can enter it only via terminal.
View 5 Replies
View Related
Jul 12, 2010
Win XP is running ESET Nod32 AV and Comodo firewall, I'm having a big problem with Nod and Ubuntu, for some reason Nod is picking up the MBR on 0 physical disk (sda) as a virus "Probably unknown TSR.Boot Virus", and says is unable to clean. Since I've just that second installed XP I'm pretty sure it's not a virus or trojan, but is picking up GRUB as a false positive.
View 3 Replies
View Related
Oct 16, 2010
I have set up Samba on an Ubuntu 10.04 and am attempting to back up files from a Windows 7 machine. The entire Windows 7 drive is under 300GB and the is a single 1TB drive in the Ubuntu machine with over 500GB free as can be see below.
jon@Timeh:/etc/samba$ df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda1 937824152 326054016 564131352 37% /
[code]....
View 5 Replies
View Related
Feb 20, 2011
I can see some soft links in /etc directory which are pointing to /etc/rc.d Directory contents.
Code:
lrwxrwxrwx. 1 root root 7 Jan 31 08:19 rc -> rc.d/rc
lrwxrwxrwx. 1 root root 10 Jan 31 08:19 rc0.d -> rc.d/rc0.d
lrwxrwxrwx. 1 root root 10 Jan 31 08:19 rc1.d -> rc.d/rc1.d
code....
Any body please tell me what is the purpose of these soft links in /etc directory ? I am using RHEL 5.4 ...
View 3 Replies
View Related
