Posts tagged security

Being found out.

Feb. 5, 2013, 3:19 a.m. road.lk , security

The most under reported event of the year is the attack by Iranian hackers on nic.lk using an SQL injection. It shouldn't even be called hack because the security loop hole that was exploited was as big as a football field. They had an opportunity to cause some pretty serious damage but it seems lik ...

The last word on Wordpress SSL (Hopefully)

Nov. 21, 2011, 4:34 p.m. security , Wordpress

I've blogged too often in recent weeks about issues with WordPress. Many of those issues were related to Wordpress and SSL. I blogged a couple of times that I had solved them but apparently I hadn't. The solution that I had used, which involved a plugin named Wordpress HTTPS, lead to mix of  encrypt ...

gpg: decryption failed: No secret key

Dec. 28, 2010, 11:45 a.m. netbook , security , X11

GPG (or PGP) is something that even geeks often have trouble with so I was happy that I had a working installation of gnupg with keys properly setup. Then I needed to decrypt a file while on my newly aquired netbook running Fedora 14. It seems the GPG package on Fedora 14 is different from what I've ...

Bank Call Center Security Measures

Dec. 14, 2010, 12:45 p.m. security

Let us for a moment supposed that you got mugged in the parking lot, or that you got wasted and lost both your wallet and the phone. While you are passed out the mugger or the bartender decides to buy 100 grand worth of jewelry using your credit card. Thinking the transaction suspicious the bank ...

A few rewrite rules

Sept. 23, 2010, 1:17 a.m. security , Wordpress

Once upon a long ago it didn't matter whether your site was www.raditha.com or just plain old raditha.com then along came Google Pagerank. Your website being accessible with or without the www could mean that your Pagerank is divided amongst two sites. Even though Google itself advised that website ...

fuse: failed to exec fusermount: Permission denied

June 11, 2010, 1:42 p.m. fuse , security

This is a footnote to yesterday's post about using fuse based encrypted filesystems on linux. Once you have everything setup and try to mount an encrypted folder, you might get the following error: EncFS Password: fuse: failed to exec fusermount: Permission denied fuse failed.  Common problems: - ...

Encrypted filesystem on linux

June 10, 2010, 1 p.m. Centos , fuse , security , steganography , virtualization

Six years ago, I had a post with this exact same title. At the time it was about making a crypto loop. Cryptoloop allows you to create a large file, ecrypt it and then mount it with the help of a loop back device as a file system. The contents cannot be seen without the proper password. Truecrypt is ...

Exit Firefox enter Chrome

April 3, 2010, 6:27 a.m. chrome , security

Finally Firefox was sent into retirement and I have started composing my first post with Google's Chrome Browser. I just hope the retirement of firefox will not be like the retirement of a Pakistani cricketer. My reasons for giving up on Firefox include. Annyoing memory leaks. Of course they will ...

Solving a Twitter OAuth and Incorrect Signatures Mystery

Nov. 25, 2009, 10:28 a.m. security , twitter

If you see a Twitter or Facebook app that asks for your username and password you should run a mile. Admittedly OAuth is not anymore secure than CHAP authentication but there is a crucial difference; most people use the same username/password (or at least the same password ) on multiple websites, em ...

SSH : Permission denied (publickey,gssapi-with-mic).

July 6, 2009, 7:34 a.m. security

I've been using the same SSH keys for a long time and had a need  to create a new one to connect to a new server. I did the usual things like adding the user account, setting a password on the server followed by using ssh-keygen on the local machine to create the key. Next, I went back in with the r ...

Wordpress Auto Upgrade and SFTP

June 30, 2009, 5:40 a.m. security , subversion , Wordpress

Wordpress added a nice feature a while back - the ability to upgrade your installation while logged into the admin console. If you make use of this feature you no longer need to mess around with downloading zip file, deleting the old stuff, loading the upgrade.php script etc etc. The same system can ...

HttpsUrlConnection and SSL Hostname Verification.

Feb. 12, 2009, 3:28 p.m. security

Ever visit a site where the SSL certificate doesn't quite match the Fully Qualified Domain Name (FQDN) of that site? Nowadays firefox will simply refuse to take you there unless you add an exception for that site. Even high profile sites like Google Adsense is effected by this.What happens when you ...

VoIP and Scams.

Dec. 29, 2008, 5:34 p.m. Macbook , security , web 0.8

Sadly too many VoIP sites are run by scammers but it was a different kind of scam that I encountered when recently I did an asterisk related search on Google. The URL shown on the results page is very different from where I ended up (after a redirect) Microsoft Security Warning? You idiot this ...

Misdirected Packets

Nov. 6, 2008, 2:10 a.m. broadband , security

Couple of months ago, I wrote about JoPPP - Junk over PPP. That is seeing a lot of packets on my external interace that shouldn't be there. This interface is connected to my Lanka Bell Wimax antenna. They did fix the issue shortly after I reported it the last time but unfortunately it resurfaced. ...

JoPPP

Aug. 28, 2008, 7:49 a.m. broadband , security , weird

We know of PPPoE and POE which are crucial to Wimax implementations that use Alvarian outdoor antennae, but have you ever heard of JoPPP? that's short for Junk over PPP, which is what is passed back and forth over the PPP link when using Lanka Bell WiMax. No wonder it's crawling ...

sshfs debian

July 25, 2008, 1:42 a.m. security , weird

Thought I would play around with SSHFS, which allows you to mount a folder on a remote computer locally using SSH. Obviously that would be much more convenient than using SFTP and would be a hell-ova-lot safer than using No File System (NFS). Getting started with it on Debian, though wasn't quite so ...

Secure FTP Applet

May 22, 2008, 7:04 p.m. security

It's been a while since a new release of the Rad SFTP applet was made. Yesterday we put that right by making version 2.02 available for download.There isn't a large difference between the old and the new version - it's only a minor bug fix. What's more important is that the applet has now been signe ...

Thawte and Java Code Signing.

May 6, 2008, 7:04 p.m. security

When it comes to java code signing it seems we have to choose between the devil and the deep blue sea (Thawte and Verisign). Unfortunately they are two sides of the same coin. Thawte is owned by verisign.Their prices though are slightly different, with thawte's been lower (but still outrageous). It ...

How secure is your file transfer?

May 17, 2007, 8:32 p.m. security

At Rad Inks we, have just announced version 2.01 of the Rad SFTP Applet. It is a replacement for desktop FTP and Secure FTP clients. All you need is just one copy of the applet to replace any number of copies of your current desktop FTP or SFTP client.The Rad Inks Secure FTP client makes use of the ...

Secure FTP

Feb. 28, 2007, 9:15 p.m. security

It's been a long time since we at Rad Inks last made a release of the Rad SFTP Applet. When it was first released it was a ground breaking applet and was even featured on the official java website. Since then it was overshadowed by Rad Upload and we have been putting more effort on the latter and no ...

Secure FTP Applet Update

May 26, 2006, 10:52 p.m. security

How time flies, it has been nearly an year since we released Rad SFTP version 1.60. There wasn't a new release since then primarily because it works and works well. There are only so many features that you can add to a file transfer program.The SFTP applet when it was first released was a novelty. A ...

Setting up Apache SSL

May 9, 2004, 10:19 a.m. security

Since it has been a long time since I last updated the apache server running on my pc (RH 9.0) I decided to upgrade to 1.3.29 and decided to try out apache SSL at the same time. Apache SSL is actually a patch for the apache web server. This is pretty much the same way that qmail works, except that ...