Archive for July, 2004

Think you can outsmart phishing scams?

July 29, 2004

Take Mailfrontier’s Phishing Quiz and see if you can outsmart them. I only got 80% on the first test.

Off-topic: Music copyrights

July 28, 2004

Quoting from Dan Gillmor’s Journal this morning:
“According to Pete Seeger, in this account (widely acknowledged in the folk world to be true) from the Museum of Musical Instruments, when Guthrie was singing on the radio in Los Angeles during the Depression, he’d mail mimeographed songs to listeners, and wrote on one:
“This song is Copyrighted in U.S., under Seal of Copyright # 154085, for a period of 28 years, and anybody caught singiní it without our permission, will be mighty good friends of ourn, cause we donít give a dern. Publish it. Write it. Sing it. Swing to it. Yodel it. We wrote it, thatís all we wanted to do.Ē

More on tunneling Remote Desktop over SSH

July 22, 2004

Will this saga never end? Continuing with this entry from May 21, I’ve been playing with and trying various ways to tunnel Remote Desktop over SSH. There are lots of useless entries out there on the web, mostly discussing ways to force your Windows XP machine to accept Remote Desktop connections requests to localhost or 127.0.0.1 when, in fact, all you have to do is connect to 127.0.0.2 … or .3 … or .4. That’s right, folks, 127.x.y.z are ALL local connections. And let’s not debate whether that’s a correct implementation or not, that’s just the way it is. We can take advantage of this IF we can get our local SSH client to listen on one of those IP addresses. The stock, standard OpenSSH implementation of the SSH client won’t do it so you’ve gotta pick something else. PuTTY will do it as will plink from that same free distribution. So, what you need to do is set up a PuTTY configuration to forward 127.0.0.2:3389 to 127.0.0.1:3389 (remember, the remote IP address is relative to the machine that’s your SSH target).
That’s the 2 machine case (SSH directly to the machine whose desktop you want to control). There’s also a 3 machine case where you SSH into a landing pad that has access to the machine whose desktop you want to control. I’ll deal with that later.
So, in summary, you need to run an SSH client that will allow you to listen on an IP address that’s not 127.0.0.1. PuTTY and plink are two clients that will work — the OpenSSH implementation of SSH will not work. You need to forward port 3389 (3390 if your local machine is running the Remote Desktop server) to port 3389 of the remote machine. Once you’ve established your SSH connection, bring up the Remote Desktop client and connect to 127.0.0.2 (or 127.0.0.2:3390 if your local machine is running the Remote Desktop server) and you are up and running!

Picasa V1.6 is free from Google

July 16, 2004

Google bought Picasa a little while ago. Now you cna download Picasa V1.6 for free from them here.

Mozilla/Firebird/Thunderbird Security exposure

July 10, 2004

eWeek reports in this article of a security exposure in Mozilla’s Mozilla, Firefox, and Thunderbird clients wherein a malicious user can cause arbitrary code execution by using the shell: protocol. You can download Mozilla 1.7.1, Firefox 0.9.2, and Thunderbird 0.7.2.

The Hazards of X11 Forwarding

July 6, 2004

X11 forwarding is a powerful and helpful feature of SSH but, as pointed out in this article from Hacking Linux Exposed, it can be dangerous if you’re not careful. It’s no great secret — pay attention to your file and directory permissions!

Download.Ject : Are you infected?

July 6, 2004

Microsoft has some additional information available about the most recent security exposure here. It tells you how to determine if you’ve been infected.

PC Mag’s 2004 Utility Guide

July 6, 2004

I’m a little behind on this as it’s dated June 8 but better late than never. Here’s a link to PC Magazine’s 2004 Utility Guide. Backup programs, defraggers, anti-virus, file managers, etc.

BHOs: the latest threat?

July 2, 2004

As it was explained to me, this latest threat/penetration was helped along by BHOs (Browser Helper Objects). BHOs (see this Lavasoft forum article for a good description) are useful additions to IE but, sometimes, they can turn nasty. That’s why I’ve been running a BHO watcher for a couple of years, now. My favorite has been BHODemon (free from DefinitiveSolutions. It’s been stuck at V1.0 for, I dunno, a couple of years? They’ve just released 2.0 and it’s free!