Explore… and understand!
Here is A small oneliner bash script to fetch all Feedburner flares from Feedburners flare-catalog if you don’t want to have your own copy of all the pluggable flares different people have created for feedburner.
for a in `wget -q -O- http://www.feedburner.com/fb/a/help/flarecatalog | egrep -o "http[^\"]*xml"` ; do wget $a ; done
This script is OLD. It does not work on the new facebook
A hot tip to get a VCARD file of your facebook friends.
Go to http://www.facebook.com/mobile/?phonebook and paste this javascript in the URL:
javascript: var s=""; for each(person in document.getElementsByClassName("info")) { if(person.firstChild) { s+="BEGIN:VCARD<br>VERSION:3.0<br>"; var fullname = person.firstChild.firstChild.innerHTML.split(" "); var firstname = fullname[0]; var surname = fullname[1]; s+="N:"+surname+";"+firstname+";;;<br>"; s+="FN:"+firstname+" "+surname+"<br>"; var phone=person.childNodes[1].innerHTML; var phonenumber = phone.substring(0,phone.search("<span")).replace(/\./g,"-"); if(phone.search("<span>M</span>") != -1) { s+="TEL;type=CELL;type=pref:"+phonenumber+"<br>"; } else if(phone.search("<span>L</span>") != -1) { s+="TEL;type=HOME;type=pref:"+phonenumber+"<br>"; } if(person.childNodes[2]) { phone=person.childNodes[2].innerHTML; phonenumber = phone.substring(0,phone.search("<span")).replace(/\./g,"-"); if(phone.search("<span>M</span>") != -1) { s+="TEL;type=CELL;type=pref:"+phonenumber+"<br>"; } else if(phone.search("<span>L</span>") != -1) { s+="TEL;type=HOME;type=pref:"+phonenumber+"<br>"; } } s+="END:VCARD<br>"; } } document.write(s);
A predictability of the random number is not good. It makes the randomness predictable, which makes it just predictable. This means that it is a lot easier to guess the key a user has created to gain access to a remote system trough services using openssl keys.
http://lists.debian.org/debian-security-announce/2008/msg00152.html
openssl is affected with vulnerability: “predictable random number generator”.
It is a Debian-specific remote vulnerability. It got CVE Id: CVE-2008-0166.
Here is a perl script that holds all the fingerprints of predictable random number (so called compromised. Around 262 thousand keys).
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
I removed the fingerprints for obvious security reasons: (You should run as root and without piping to the sed command)
root@untuome:/# ssh-vulnkey -a | sed s/..:..:..:../xx:xx:xx:xx/gi Not blacklisted: 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /etc/ssh/ssh_host_rsa_key.pub Not blacklisted: 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /etc/ssh/ssh_host_dsa_key.pub COMPROMISED: 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/user/.ssh/id_rsa.pub Unknown (no blacklist information): 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/user/.ssh/authorized_keys
List all users using ssh keys:
ls -al /root/.ssh/authorized_keys ls -al /home/*/.ssh/authorized_keys
Fix: remove all authorized_keys that are compromised from the system
I will add more info about OpenVPN and other openssl key software here, but I wonder if you know any other ways to clean out and fix a system for these ssl key security issues?
0000/1234/12345 general code
*#9999# or *#0000# Software version
*#4720# reduce sound quality, but you get up to 30 % longer talking time.
*#3370# Restart phone
*#45978# Nokia phone becomes Sony Ericsson(?)
*#92702689# Servicemenu
*#06# IMEI number
*#7370# Factory reset – Make the phone like it was when you bought it. (Nokia Symbian cellphones)
* 3 and green call-button when you turn your phone on. (until a message says “Formating”) – Formats the internal drive. (Nokia 6600, and maybe Noka 6630)
*#73# Reset clock and score list on games
*#7370925538# Empty/reset the wallet. (Nokia 6230)
*#3925538# Empty/reset the wallet (possible also Nokia 6230)
Continue reading ‘Cellphone cheatcodes’
After upgrading to the new Ubuntu 8.04 LTS, I’ve got some minor problems with my browser.
I guess that problems I’m experiencing now is going to be better later.
Look at the list of plugins/extensions I have, few of them are ready for the 3.0 version of Firefox:
Continue reading ‘Firefox 3.0 beta 5 on Ubuntu 8.04′
Short: Use this wordpress plugin to preview your own theme when comming from your IP:
This is a wordpress plugin to allow viewing the selected theme when comming from your own Ip, logged in and have over 8 in user_level. Usefull when developing a new theme or debugging something. I got this idea from the preview-theme. I just did not want to specify the ?preview_theme=[Theme name] in the URL all the time. Therefor I changed it a lot and saved the theme name and IP from a Option page.
Sign out, and you will se how the page is for a normal user.
Sign in and debug it when you’re comming from your IP.
I recommend turing off the plugin when not debugging/developing a new theme.
Bear with me, this is the first Wordpress plugin I have created for 2.5 (I think I have created a wordpress plugin earlier). I will probably release this one in wordpress normal plugin directory after testing it for a while (I hope).
Continue reading ‘IpPreviewTheme v1.0 – a Wordpress Plugin’
Here is a small and fast way to show dilbert stripe on your webpage:
It downloads the new rss feed pubished by dilbert.com to a cache-file ‘/tmp/dilbert.xml’ using the rss_php class. Go here to download it, then unzip it into the same directory where you put this dilbert.php script.
After first fetch of the rss feed, it reads the cache for the next 2 hours without refetching the rss. Made this within an hour or two. Enjoy!
For sysadmins: I will give you an idea of how to test for week passwords on several servers.
First, collect all /etc/shadow from every server into a single directory (”passwordcheck”) on your own machine and name each of the files like the servername.
I assume that you have a ssh key installed on your user account on all of your servers.
Insecure: The ssh-commands below might give away your password to other users.
Continue reading ‘Run john the ripper on several servers / password files’
Recent Comments