Archive for August, 2008

SSH key based attacks on Linux system

No Comments
Posted 28 Aug 2008 — by Arun
Category News

US-CERT has issued a warning about attacks against Linux system using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as “phalanx2″ is installed.

According to US-CERT, Phalanx2 and the support scripts within the rootkit, are configured to systematically steal SSH keys from the compromised system. These SSH keys are sent to the attackers, who then use them to try to compromise other sites and other systems of interest at the attacked site.

To check if your system is infected, follow the steps below:

  • “ls” does not show a directory “/etc/khubd.p2/”, but it can be entered with “cd /etc/khubd.p2″.
  • “/dev/shm/” may contain files from the attack.
  • Any directory named “khubd.p2″ is hidden from “ls”, but may be entered by using “cd”.
  • Changes
    in the configuration of the rootkit might change the attack indicators
    listed above. Other detection methods may include searching for hidden
    processes and checking the reference count in “/etc” against the number
    of directories shown by “ls”.

Source: US-CERT.

, , , ,

Tags: , , , ,

Internet explorer 8 Beta 2 available

No Comments
Posted 28 Aug 2008 — by Arun
Category Announcement

Microsoft has released their second beta of Internet Explorer 8 and is available for public download here. IE8 has lots of improvements to tab functionality. Tabs are grouped and colored differently based on the groups. IE8 also includes smart address bar, similar to Firefox 3.0. Typing in the Smart Address Bar searches across Favorites, History, and RSS feeds.

IE8 also has Accelerator, which gives you ready access to the online services you use everyday like map of an address or business etc. IE8 is also supposed to offer a better performance compared to IE7. IE8’s offers visual search which gives you more information and pictures when you type in a search query.

Address Bar Nav
Picture source: Microsoft.

, , , , , , ,

Tags: , , , , , , ,

Ubiquity from Mozilla Labs

1 Comment
Posted 27 Aug 2008 — by Arun
Category Announcement

Mozilla Labs announced the launch of Ubiquity, a Mozilla Labs
experiment into connecting the Web with language in an attempt to find
new user interfaces that could make it possible for everyone to do
common Web tasks more quickly and easily.

According to Mozilla Labs,the overall goals of Ubiquity are to explore how best to:

  • Empower users to control the
    web browser with language-based instructions. (With search, users type
    what they want to find. With Ubiquity, they type what they want to do.)
  • Enable on-demand,
    user-generated mashups with existing open Web APIs. (In other words,
    allowing everyone–not just Web developers–to remix the Web so it fits
    their needs, no matter what page they are on, or what they are doing.)
  • Use Trust networks and social constructs to balance security with ease of extensibility.
  • Extend the browser functionality easily.

Ubiquity 0.1 was released. It’s a prototype version, so install it at your own risk. Ubiquity 0.1

  • Lets you map and insert maps anywhere; translate
    on-page; search amazon, google, wikipedia, yahoo, youtube, etc.; digg
    and twitter; lookup and insert yelp review; get the weather; syntax
    highlight any code you find; and a lot more.
  • Find and install new commands to extend your browser’s vocabulary through a simple subscription mechanism

Future Ubiquity Thumb

Source: Mozilla Labs.

, , , , , , ,

Tags: , , , , , , ,

Perspectives – Firefox extension to protect man in the middle attacks

No Comments
Posted 27 Aug 2008 — by Arun
Category Technology

Perspectives is a Firefox 3.0 extension which helps in protecting wireless users from “man-in-the-middle” attack. Perspectives contacts network notaries whenever your browser connects an HTTPS website. This extension also partially resolves the arguments going around the web about the way Firefox 3.0 handles security exceptions.

The extension provides two primary benefits:

  1. If you connect to a website with an untrusted (e.g.,self-signed certificate), Firefox
    will give you a security error and force you to manually install
    an exception. Perspectives can detect whether a self-signed
    certificate is valid, and automatically overrides the annoying
    security error page     if it is safe to do so.
  2. It is possible that an attacker may trick one of the many Certificate
    Authorities trusted by Firefox into incorrectly issuing a certificate for a
    trusted website. Perspectives can also detect this attack and will warn
    you if things look suspicious.

Source: Carnegie Mellon, CNet.

, , , ,

Tags: , , , ,

Kino – raw1394 kernel module not loaded or failure to read/write /dev/raw1394! error

6 Comments
Posted 22 Aug 2008 — by Arun
Category Ubuntu

I tried using Kino and Cinelerra to capture video from my Panasonic DV camcorder in my Ubuntu 8.04, but none of those softwares detected my camcorder. I tried both firewire and USB. Kino was giving me “WARNING: raw1394 kernel module not loaded or failure to read/write /dev/raw1394!” error. I couldn’t find out how to load raw1394 kernel module, so I tried changing the permission to 660 for /dev/raw1394. That didn’t help. I finally got it to work after I changed the permission to 777.

To try, Open a terminal (Application -> Accessories -> Terminal) and type
sudo chmod 777 /dev/raw1394 and press enter. Enter you login password if prompted. Try starting Kino again and see if your camcorder is detected (make sure your camcorder is connected and ON). You may not see the raw1394 directory if your camcorder is not connected and switched on.

I didn’t try Cinelerra yet after the change. It’s little bit complicated and I didn’t find time to go through the documentation. Kino is pretty simple and straighforward. The only issue is, the quality of the video that’s captured through Kino is not as good as commercial Windows product even though the capture format is set to raw DV, but for web uploads, it’s pretty easy to edit and export. I’ll try Cinelerra somtime in the near future and see if it’s good enough.

Tags: , , , , , ,

Amarok 2.0 Beta released

No Comments
Posted 22 Aug 2008 — by Arun
Category Announcement

Amarok team has released their first beta version of Amarok 2.0, code named Nerrivik. Amarok is a very good music player for Linux with a very nice GUI and lots of features. I love Amarok and though I use Ubuntu (GNOME), I use Amarok to play my music. Amarok 2.0 beta 1 has the following new features/changes:

Features

  • Inline editing of tracks in the Collection is now possible.
  • Album moves can be undone
  • Grouped albums can be moved in the playlist by draggin the album header
  • Track moves in the playlist can now be undone
  • Gapless playback.
  • New “fuzzy” bias type, which matches values loosely.
  • Collection Setup automatically expands to show selected directories.
  • Tag editing and file deletion for MTP devices
  • Add toolbox to context view
  • Allow selecting multiple playlist items.
  • Implement “Move to collection” functionality in file browser.
  • Saving/loading of biased playlists.
  • Improved script console
  • Set items in directory selector to partially checked when relevant.
    patch by Sebastian Trueg
  • Album is now added to the playlist when clicked in Albums applet.
  • Trigger play/pause when middle-clicking systray icon.
  • New start flag –multipleinstances allows to run multiple instances of Amarok.
  • Full cover support for Nepomuk collection
  • Search local collection for albums to show in the album applet when playing non local content
  • Context view state is saved on exit and restored on start up.
  • New functions available to the scripting interface, under Amarok.Info.

Changes

  • New filename scheme widget in the Organize Collection dialog.
  • New laylout of the main toolbar using the new graphics.
  • Greatly reduced memory usage when using dynamic playlists.
  • Reworked layout and more intuitive interface in the Guess Tags from Filenames dialog.
  • New artwork by Nuno Pinheiro and Wade Olson
  • Better zooming animation in the context view
  • Better usage of the available space in the context view.
  • Show url in the playlist if track has no name. patch by Edward Hades

You can download Amarok 2.0 beta 1 here.

Source: Amarok.

2786894696 0fbc205dcd

(Photo: nightrose)

Tags: , , ,

Moved my home page to Joomla

No Comments
Posted 20 Aug 2008 — by Arun
Category General

I couldn’t blog as much as I want due to my workload. I just got my home page redesigned (2 days ago) using Joomla (it was developed using normal HTML editor earlier). The site is live with the new design. I just found out that my companies help desk website was also developed with Joomla and it went live today. :)

Tags: , , ,

Dell Inspiron 910 Mini Notebook comes with Ubuntu

No Comments
Posted 19 Aug 2008 — by Arun
Category News, Ubuntu

According to Gizmodo, the internal 910 web documentation they got, Dell’s Inspiron 910 (Mini), Dell’s answer to Eee PC, will sport Intel Atom N270 processor (1.6 ghz), 512/1024 MB memory, 4/8/16Gb Solid State drive (SSD) and Ubuntu 8.04 or Windows XP SP2. The system will go on sale on August 22nd. It’s good to know that Ubuntu is doing well with Dell.

Tags: , , , , , , ,

If it’s animation or special effects, it’s Linux.

No Comments
Posted 19 Aug 2008 — by Arun
Category News

Read the interesting article at ComputerWorld.

Tags: ,

Ubuntu 8.10 Intrepid Ibex Alpha 4 released

No Comments
Posted 15 Aug 2008 — by Arun
Category Announcement, Ubuntu

Ubuntu team has released their 4th alpha version of Ubuntu 8.10 code named Intrepid Ibex. Some of the new features in this release includes

Encrypted private directory:

The idea is to provide a default location for users to securely store sensitive data using filesystem encryption.

home/username/Private for each user, permission 700 and an ecryptfs mountpoint. To test this, install encryptfs using the following command.

  • sudo apt-get install ecryptfs-utils auth-client-config

  • sudo auth-client-config -p ecryptfs_standard -t pam-auth,pam-session,pam-password

  • ecryptfs-setup-private

Guest Sessions:

The GNOME user switching applet now provides an extra entry for starting a guest session. This creates a temporary password-less user account with restricted privileges; it cannot access any regular user’s home
directory, or permanently store data.

Network Manager 0.7:

  • Managing system wide settings (no need to log in in order to get a connection.)
  • Managing 3G connections (GSM/CDMA.)
  • Managing multiple active devices.
  • Managing PPP and PPPOE connections.
  • Managing devices with static IP configurations.
  • Managing routes for devices.

This release is for testing purposes only. Here are some of the few outstanding issues.

  • When using manual partitioning and configuring crypt+LVM, the partitioning will fail in certain configurations.
  • The Intrepid 2.6.26-5 kernel fails to boot as a guest under Virtualbox.
  • On Ubuntu systems, the “Shutdown” button on the GNOME desktop does not shut down the system, but instead logs the user out.
  • On Ubuntu systems, the default desktop theme is wrong.
  • The X.org configuration file (/etc/X11/xorg.conf) still has InputDevice entries for the mouse and keyboard, but they are ignored now because input-hotplug is used.
  • After upgrading to this version, some keys might misbehave in X.
  • The OEM mode on both Desktop and Alternate CDs gets stuck in a loop.
  • The “Print server” mode of the server CDs does not install the CUPS printing system.

Source: Ubuntu.

Tags: , , , , ,
← Previous Entries