is there a way to run flash and java securely? stupid question i guess. i'd like to use a couple of sites that require them but don't want to open my box up to the bad things that can happen with these. videos, pandora etc. i don't know linux security well and just wonder what the ramifications of this will be?
View 9 Replies
I have been wondering if a guest user could compromise a machine which is set in the following way: they are not able to open the computer case, to boot from either an USB flash drive or an optical-disc drive, nor have any knowledge of the administrator-user password. Thus, they are landing on their guess account, and have to work their privilege escalation from there.
Therefore, what can they do to gain it? Could they download or otherwise install or run from a thumb drive an application that could be used to crack the administrator-user password? Because, it seems to me, could they enter into the system such a password-cracking application, the whole system could be compromised given the administrator-user password contains less than 9-or-so characters. What do you think? Can I lend my computer to anybody without them having beforehand gained my trust in them? Is the reasoning reasonable?
I read this morning that MicroSoft and Adobe Flash released a huge security update to counter the threat of malicious apps taking over systems. Included in the fix was Excel spreadsheets. Apparently a hacker could send a spreadsheet that if opened could remotely take over your machine. I opened my update manager and there was a sizable Open Office and Java update.
Question: Are Linux/Ubuntu machines susceptible to the security flaws?
Question: Since Adobe Flash is considered proprietary and not updated through the Ubuntu update manager, do I have to manually update that package?
Which are the default trusted root certificates in Java 1.4? How can a 4096bit certificate be installed in Java 1.4? (as it seems to produce an error).
View 2 Replies View RelatedI browse with Firefox and I had been running a pretty vanilla install of Ubuntu 10.4 (with a few things like tomcat and mysql) I supposed the repos kept everything (like java) up to date.
Some time ago I replaced OpenJDK with SunJDK.
java -version is "1.6.0_24"
which java is /usr/bin/java
Yesterday, for the first time, I downloaded and ran an Avast! scan. It complains of "Malware-gen" in several class files in what I think is the java cache. Does anyone know how this could be?
Recently I had a Java exploit on Windows. Luckily Microsoft Security Essentials identified and removed it. Such things can happen on Linux as well, from what I've heard. Why does Linux offer no such detection?
View 14 Replies View RelatedWhen I do a "openssl x509 -in server1.pem -issuer -noout" after I've supposedly signed it with the CA, the issuer is, for some reason, the DN string of server1. If server1 generated the CSR, and it is coming up as issued by server1, doesn't that indicate a self signed cert? How could the CA be producing a cert that has an issuer of another server? Am I just completely off base? Sorry, I'm a bit of a newb with the SSL pieces.
I hope this is the right place for this, but I'm having some difficulty using the java keytool and OpenSSL tool on a Solaris system.
I have a server (CA server) with OpenSSL installed that I would like to use as a Certificate Authority. The second server (server1) is a WebLogic server with JDK 1.6.0_21. I'm trying to configure it to use a certificate that has been signed by server1.
For some reason it keeps giving me this error when I try to import the signed SSL certificate: keytool error: java.lang.Exception: Public keys in reply and keystore don't match
Am I doing something wrong in this whole process?
1) Generate the Private Key for the CA server
openssl genrsa -out CA.key -des 2048
2) Generate the CSR on the CA
openssl req -new -key CA.key -out CA.csr
3) Sign the new CSR so that it can be used as the root certificate openssl x509 -extensions v3_ca -trustout -signkey CA.key -days 730 -req -in CA.csr -out CA.pem -extfile /usr/local/ssl/openssl.cnf
4) On server1, create Server Private Key KeyStore keytool -genkey -alias server1 -keysize 2048 -keyalg RSA keystore server1.jks -dname "CN=server1.domain.com,OU=Organization,O=Company,L=City,ST=State,C=US"
5) On server1, create a CSR from the recently created Private Key
keytool -certreq -alias server1 -sigalg SHA1WithRSA -keystore server1.jks -file server1.csr
6) Transfer the CSR over to the CA (server1) so that it can be signed openssl x509 -extensions v3_ca -trustout -signkey CA.key -days 365 -req -in server1.csr -out server1.pem -extfile /usr/local/ssl/openssl.cnf
7) Transfer CA Public Cert to server1 and Import into keytool keytool -import -trustcacerts -alias CA_Public -file CA.pem -keystore server1.jks
8) Import recently signed CSR to app server keystore (This is where I receive the error) keytool -import -trustcacerts -alias server1 -file server1.pem -keystore server1.jks
I loaded Ubuntu desktop onto my flash drive with the USB Installer For Ubuntu from [url]
I'll be placing sensitive data on the drive & need to figure out how to encrypt it. From what i've read so far, the easiest way will be to encrypt the swap, /home, tmp, temp files. Not quite sure how to do this. I'd prefer to encrypt the whole drive, but this seems quite complicated.
A while back I had been using ubuntu on a live cd after my windows partition had been taken over by a virus, which at the time I thought had been removed by my anti virus (and then took out winlogon) and I did a system repair instead of a complete reformat because I didn't want to lose all of my files. After repairing, I noticed some things like what looked like fake "this page has been blocked based on your security preferences" on major sites like ....., myspace and facebook. I ran another virus scan with a different AV and strangely it detected a behavioural software keylogger, which after looking it up seemed to be something that could only be installed with physical access to the system, which confused me. Anyway, this is when I started to use the live CD to copy some of my music, videos, pictures etc. onto my flash drive. From what I can remember, I used this USB on my main computer without problems, but the last time I used it (few months ago) I ran a virus scan afterwards, just to feel safe and it came up with a couple java exploit trojans. This was probably just coincidence and I hadn't ran a scan in a day or two, possibly even a false positive as I noticed no decrease to system performance or any odd happenings.
So, my questions are: Is it even possible for a virus from a windows partition to copy itself to a USB flash drive on an ubuntu live cd; and is it possible (if the virus was even capable of this) if I insert the flash drive into my ubuntu computer, it could do anything like transfer across my WLAN to my windows computer, or even copy its files onto ubuntu but be unable to do anything? Which brings me to another question: if I visit a website that may contain drive-by malware or a virus of any type, is it capable of acting at all, such as even trying to transfer itself into my home folder, or does it not even recognize ubuntu at all and do nothing?
Is there a program like BlueProximity but works with a file on a flash drive which will lock up the computer if it does not detect a file on a flash drive. What I am wanting to do is make certain features inaccessible if the flash drive is removed so if anyone uses my computer they can't hurt anything.
View 1 Replies View RelatedFolks:What can I use to encrypt all data on my USB flash drive? If possible, could I use something that has a public Key, so I do not have to type in a password to access the information when I plug the drive into my machie, but will not open or display contant if the drive is plugged into anyone else's machine, unless they have the public key?
View 7 Replies View RelatedReading from this article New Flash Bug Exploited By Hackers : How to avoid it? In particular the article said
Quote:
A new attack on a Flash bug has surfaced that would give attackers control of a victim�s computer after crashing it, reports PC World. Adobe put out a Security Advisory about this on June 4. It is categorized as a critical issue and all operating systems with Flash are vulnerable including Windows, Linux, and Apple and it is also found in the recent versions of Reader and Acrobat.
Will the newest version be in the repositories or do i have to go to the flash website?
View 9 Replies View RelatedHow would You encrypt Passwords [emails,forums,accounts] onto USB Flash the most Secure way? (It should be command line so I can use any Linux distribution on it.) Is gpg -c <filename> secure enough ? And what FAST distro would you install on it? I'm learning on old USB flash and found SliTaz pretty damn cool,I use it as a LiveUSB. Also I've tried Kubuntu but it's bit slow. Going to try Lubuntu soon too. Any other idea?
And I'd like to install some FAST distro onto new 8GB mini USB flash drive,maybe Kubuntu as well. How would you partition its Flash drive? Probably separate partition for stored encrypted files?
What should I do if I want to allow access to USB flash drive selectively - Say for e.g. All permissions for "root", "Read/Write" for user "A", Only "Read" for user "B" and user "C" shouldn't be able to access or mount (no permissions) the USB flash drive at all.Also I want to do it by modifying entries in some files or by some commands (so that it can be done programatically if needed)
View 5 Replies View RelatedI tried to do 'srm', 'wipe', 'shred'... whatever terminal commands to securely wipe a '/dev/sdc' (USB flash device) but it says that the device is read-only. How should I go about securely wiping it ?
View 2 Replies View RelatedI use clamtk to scan flash disk. It says the engine is out of date. What do I do to update it?
View 1 Replies View RelatedI want to run Debian as a live version from my USB flash drive. Does this provide the same amount of security from hackers as installing Debian as the only OS on my netbook. Windows ce would still be on my netbook?
View 5 Replies View Related1. May new vulnerabilities in Adobe flash became a thread for linux users? [URL]
2. By the way I would like to know if computer with linux can became a member or botnet somehow?
We can restrict CTRL+ALT+DEL from command prompt by changing inittab file but how that can be achieve in gui on reboot?
View 4 Replies View RelatedI use different browsers for sites like facebook and general browsing (specifically rekonq for facebook, firefox for others).
However, I find that Flash cookies are shared between browsers, and are not cleared when clear my browser cookies.
Flash cookies are kept in ~/.macromedia, and it's OK for me to clear this periodically with a little cron job. However, I would really like separate places for flash cookies from rekonq and firefox.
Does anyone know how to do this? Maybe there is an environment variable which allows this?
My second implementation option would be to make a chrooted environment for each browser or something like that.
I have two questions regarding auto mount function of Truecrypt. First question:
I want to automatically mount my flash drive encrypted by Truecrypt using a keyfile whenever I plug the drive. How can I do this? I use Ubuntu 10.10.
Second question:
As I do not know the answer of my first question, I currently use following command in a startup script to mount my encrypted flash drive automatically at every system start-up.
Quote:
/usr/bin/truecrypt -k ~/keyfile --auto-mount=favorites
My problem with this method is, Truecrypt always search for the drive in the same path saved in favorite drives list, e.g. /dev/sdb1. However sometimes there are more than one flash drive plugged to my computer and my encrypted drive's path changes. In such cases Truecrypt cannot mount my encrypted drive because it cannot find the drive in its path.
As a workaround I tried "auto-mount=devices" parameter. It is slow because it checks every mounted drive, and some of them external hard disk big in size. Moreover it does not recognize any mount point parameter. I'd like to mount the drive to the same mount point every time.
Quote:
/usr/bin/truecrypt -t --auto-mount=devices -p "" -k ~/keyfile /media/MyMountPoint
The command above mounts the drive however it is slow and to the destination of "/media/treucrypt1".
ubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
View 5 Replies View RelatedTo avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies View Related1. I understand you can protect your files or directories in your website by setting file/directory permissions. The meaning of r w x is clear to me, but I'm not sure how to proceed... Starting with the index.html file, if I wanted to make it so that anyone in the world can read it but can't modify it, do I set its permissions to rwxr-xr-x? If I set it to rwxr--r--, would that mean the file couldn't be served? I mean, what does the x setting do on a .html file, how can a .html file be executable?
2. If file permissions work on the lines of owner-group-others, in the context of a website, who is 'group'? As far as I can tell, there's only the owner, which is me, and others, which is the world accessing the site. Am I correct in thinking that by default, say when creating a website on a shared hosting server, there is no group unless I specifically set one up?
3. My ISP allows the DynDNS.org service, meaning that I could serve a website from my home. It's too early to go that route just yet, but for future reference, I would like to ask about the server software called Hiawatha. It is said to be secure, but having read some evaluations of it, it doesn't seem to offer anything that couldn't be accomplished with Apache or Cherokee, it's just that its security settings are simpler and easier to configure. Am I right about this? Or does Hiawatha truly offer something that the other major server packages don't?
i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg
!!------------------
[ 12.762633] cfg80211: Calling CRDA for country: AM
[code]....
Conky can be used to display a variety of information on the users desktop. I wanted to use Conky instead to display the current status of security as reported by:
SANS Internet Storm Center
IBM Internet Security Systems
Symantec Threatcon
McAfee Threat Center
I therefore created 4 small scripts which download the current status from these sites, and set the colour of those status's depending on the current value.The conky configuration allows for a semi-transparent background - though this is optional.Attached is an example image showing the 4 different colours.Also attached is an archive with the 4.sh files, .conkyrc and draw_bg.lua (from here http:[url].....
I just installed Ubuntu on a desktop. Can anyone give me some guidance on installing basic security software? In particular, I'm looking for a firewall, antivirus, and anti-spyware/malware utilities.
View 2 Replies View RelatedI already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
As it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
