Security

Recent in Security

The history of /etc/passwd and /etc/shadow files

Written on February 27th, 2011 at 02:16 am by shredder12

So, I learned something important today. When you don't have an Internet access but have still got work to do, may be with a heavy heart, but you eventually end up in a library. As it turns out, reading a howto from a book is fun too. I was looking to do a crazy thing on my system(lets leave that story for some other day ) and while I was looking for something related, I came across a wonderful write up on /etc/passwd and /etc/shadow files.

Wget Password: How to use passwords securely with wget

Written on October 20th, 2010 at 16:37 pm by shredder12

Before the Wget 1.12 version, in order to fetch the authenticated http/ftp pages, we had to provide the password in clear text which was quite insecure. Since that version, a new option, --ask-password, has been included which prompts the user to fill the password in a secure manner(hidden like unix passwd).

Watch out for forged Tabs - Tabnabbing Phishing Attack

Written on June 14th, 2010 at 14:54 pm by shredder12

For those of you who haven't heard about Tabnabbing, its yet another form of phishing which seems to be simpler and more effective than the usual phishing attacks you would have heard of. An important thing about this attack is that it can't be detected easily, even a smart browser and a cautious web surfer can get easily fooled, leading to information theft.

Browser Fingerprinting - Technique to Identify Users without using Cookies

Written on May 18th, 2010 at 15:36 pm by shredder12

Protecting one's online privacy has been one of the most popular point of concern for Internet users these days. If you don't want a website to keep track of you or if want to remain anonymous for a website, you are advised to disable cookies or use private browsing mode in your browser. But a forthcoming paper by an Electronic Frontier Foundation technologist suggests that Cookies are not be the only way to identify users, a combination of various information about the system and software collected from the browser are enough to uniquely identify a user.

How to secure and optimize SSH login using sshd_config

Written on May 5th, 2010 at 20:28 pm by chia

The increased hacking attempts these days convinced me that password alone won't save my system from the attackers out there. For those of you who think that your system is safe because of some complex password, then think twice, because there is always a chance that a brute force attack from some dedicated server(s) might break it. A good password is a decent start, but its definitely not the end. In this tutorial, I will tell you some ways to make your ssh login more secure by making simple changes to the sshd_config file.

How to: Calculate sha checksum of files using shasum family of commands

Written on December 29th, 2010 at 22:55 pm by shredder12

Almost any problem that can be answered in a single word or line is available as a command line utility on Linux. Using shasum family of commands you can calculate the sha hash/check sum of files in a single go. You can even use them in scripts to automate various tasks.

How to crack zip file passwords on linux using fcrackzip

Written on October 12th, 2010 at 15:04 pm by shredder12

Remember the lame file/folder password protection trick we discussed yesterday? As it seems, someone pointed that out pretty well ;). We will get into the better protection schemes sometime later, lets see how to break the mechanism we used previously.

Google introduces Encrypted Web Search

Written on May 23rd, 2010 at 01:41 am by shredder12

Google announced the beta release of its new secure search engine this Friday. This search engine provides you with ssl encryption to protect your searches from interception, making it the first search engine to provide such a feature. All you have to do is use https instead of http to access this service.

Protect your password from Rainbow Tables

Written on May 12th, 2010 at 00:07 am by chia

Rainbow tables are a way to break md5 hashes. Rainbow tables reduce the difficulty of brute force cracking a single password by creating a large pre-generated data set of hashes for nearly every possible password.

SSH login without Password

Written on November 14th, 2009 at 00:44 am by chia

Alright! So this one day, I'm talking to a friend. She's telling me about this real cool movie she heard about...2012 or something (which btw... WATCH! ). Now I'm also typing my password on an ssh server, and I happen to mistype. Now I have a feeling I've done so, so I press Backspace till I think nothing could ever have lasted here and type again. My lucky day it was, for I happen to mistype again. That was when it hit me! There's gotta be a way around this password thingy. This is why I love being a Linuxer. There's always a way out of everything!!!

Syndicate content