viernes, 29 de junio de 2007

Set-up a Ubuntu webcam security system

Have you ever wanted to spy see on what is going on in your home while you are away? Motion is a piece of open source software that acts as a motion detector. It enables you to set-up a webcam server that you can have all your cameras connected too, so you can view them remotely and also upload them to a remote server. Motion should run on most linux distributions but for this exercise I’m using the desktop version of Ubuntu linux.


New Gnash release includes support for YouTube videos

Support for YouTube and streaming video is a key feature of Gnash 0.8.0, the third alpha release of the open source Flash movie player. Gnash is available as a standalone application, or as a plugin for Firefox, Mozilla, Konqueror, and Opera.


Retrieving Emails From Remote Servers With getmail (Debian Etch)

Getmail is a program for retrieving emails from remote servers; it is very similar to fetchmail, but more flexible. For example, it can be configured to deliver mails directly to a Maildir or mbox mailbox without the need for an MTA such as Postfix, but of course it can also pipe the mails through an MTA if you want. Getmail can use so called filters such as SpamAssassin and ClamAV to scan the mails, and you can even tell getmail to delete mails on the original server only after a certain number of days.


How To Compile A Kernel - Debian Etch

Each distribution has some specific tools to build a custom kernel from the sources. This article is about compiling a kernel on a Debian Etch system. It describes how to build a custom kernel using the latest unmodified kernel sources from (vanilla kernel) so that you are independent from the kernels supplied by your distribution. It also shows how to patch the kernel sources if you need features that are not in there.

How to secure an SSL VPN with one-time passcodes and mutual authentication

SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it's protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time.

In order to thwart this attack, mutual authentication is required. Mutual authentication means that the user is validated to the site and the site is validated to the user. In this document, we will show how to configure the WiKID Strong Authentication System to provide strong, mutual authentication for SSL-Explorer. To make life easy, we will be using the VMware versions of both SSL-Explorer and WiKID. We'll show you what to expect when it works and what to expect when it doesn't.


Mozilla Sunbird 0.5 Released

Mozilla Sunbird 0.5 is the latest release of our standalone calendar application. We recommend that all users upgrade to this latest version.

Theo de Raadt Details Intel Core 2 Bugs

Recently, Intel patched bugs in its Core 2 processors. Details were scarce; soothing words were spoken to the effect that a BIOS update is all that is required. OpenBSD founder Theo de Raadt has now provided more details and analysis on outstanding, fixed, and non-fixable Core 2 bugs.


NAT en FreeBSD con IPF

El título lo dice todo. Es un HowTo bastante reciente por lo demás.

Segunda edición de la revista Qespisqa Kawsay

Esta revista en una creación de la comunidad aqpglug de Perú. Tratan temas bastante interesantes y sus contenidos son dinámicos. Por lo demás los colores usados en la revista no desentonan y es diga de leer. Hoy día se publicó la edición número dos y no queda más que descargarla.

jueves, 28 de junio de 2007

Nmap a fondo: Escaneo de redes y hosts

Nmap es una aplicación multiplataforma usada para explorar redes y obtener información acerca de los servicios, sistemas operativos y vulnerabilidades derivadas de la conjunción de éstos.

Es muy usado por todo aquél que se interesa por las tareas de seguridad y hacking en general, desde Administradores de Sistemas a interesados con fines menos respetables. Las técnicas de escaneo que usa Nmap han sido ya implementadas en sistemas de detección de intrusos y firewalls, ya que los desarrolladores de sistemas de seguridad también usan Nmap en su trabajo y toman medidas. No obstante, pese a estar ampliamente documentado su funcionamiento, hay formas de escaneo que lo hacen difícil de detectar cuando se trata de obtener información.


Ramble around the UNIX file system

Many directories in the UNIX® file system serve a special purpose, and certain directories are named per long-standing convention. In this installment of the "Speaking UNIX" series, discover where UNIX stores important files.


OpenBSD 4.1 review

OpenBSD 4.1 was released on May 1 with its usual mix of new hardware support and enhanced operating system features. OpenBSD releases generally represent a large collection of small changes plus a few new administration and networking tools. Beyond the standard "many little changes," the big news with 4.1 is a working native port of, the elimination of the Simtech StrongARM "cats" architecture from active development, and improved greylisting capabilities in the spamd spam filter.


martes, 26 de junio de 2007

The Solaris Installation Experience

There's a problem with Solaris and Sun knows it. The installation experience of Solaris (along with other areas) could be greatly improved. The installer doesn't "suck" as it's easy and known to Solaris administrators, but for a Linux or Windows user it could prove to be a bit challenging. In the Linux world it's no longer a challenge to install a Linux distribution on your hard drive, especially with the excellent work that the Ubuntu team has done in improving the user experience for a desktop installation. However, in this time while Linux has become just as easy to install as Microsoft Windows (if not easier), Solaris has not really evolved to make the experience easier and attractive to potential customers. After Ian Murdock had joined Sun earlier this year he had begun to expose these weak points about Solaris and how he wants to make sure that Solaris is the "better Linux than Linux" through Project Indiana. Ian views these existing problems of the installation and packaging experience as a "usability gap", which he hopes to address. Over time we have found out that Ian's Project Indiana will be an OpenSolaris distribution that combines the best out of the Solaris and Linux worlds. This distribution will be licensed under the GPLv3, of course. For those of you that have never tried out Solaris, what we've decided to do is to show you this "usability gap" with the installation process in Solaris compared to Linux. Is the experience really that bad?

Open Sound System source code released

The source code for Open Sound System is now available under the GPLv2 or the CDDL 1.0 licenses (depending on the operating system).
The source code includes drivers for most consumer PCI and USB audio devices and operating system support, including binary package generation and sample test programs. Complete documentation and API specification is also being made available to the open source community.


sábado, 23 de junio de 2007

Record screencasts with recordMyDesktop

Open-source app recordMyDesktop records screencasts graphically or from the terminal.

RecordMyDesktop solves the screencasting problem Linux users have faced for a long time. RecordMyDesktop creates high quality recordings of your screen with or without sound. While it is a terminal application, when paired with gtk-recordMyDesktop, a graphical frontend for recordMyDesktop, recordMyDesktop becomes a robust tool for easily creating screencasts.


Linux web servers "faster"

Linux-based websites perform better than those hosted on Windows servers, according to new research.

How to Setup a Subversion Server on Linux

With my recent move over to Linux. over this last week I have been resetting up my file server and getting everything setup that way it was back when it ran that other operating system. On of the functionalities my file server has, is running a subversion server. There are many ways to setup subversion, tapped into apache, using xinetd, running as a daemon, ssh, ssl... the list goes on. At home I am behind a firewall and this server has no access to the outside word, so for me it was definitely a KISS (keep it simple stupid) moment. I chose to setup subversion with xinetd. Now Ubuntu made this dead simple, but I like to learn how to do things manually as that's the spirit of being a geek. So lets take a look at hoe to get this thing up and running...

viernes, 22 de junio de 2007

New WiFi Link Distance Record

A Venezuelan techie apparently has set a new record for longest WiFi link. Networking guru Ermanno Pietrosemoli established a wireless connection between a PC in El Aguila, Venezuela, and one in Platillon Mountain, a distance of about 237 miles, mostly using off-the-shelf equipment and a few hacked parts.


More Than Half of Known Vista Bugs are Unpatched

Microsoft security executive Jeff Jones has disclosed that in the first six months of Vista's release, the company has patched fewer than half of the operating system's known bugs. Microsoft has fixed only 12 of 27 reported Vista vulnerabilities whereas it patched 36 of 39 known bugs in Windows XP in the first six months following its release.


jueves, 21 de junio de 2007

Apple releases Mac OS X 10.4.10 Update

Apple on Wednesday afternoon released Mac OS X 10.4.10, a free maintenance update recommended for all PowerPC and Intel-based Mac computers running versions of Mac OS X 10.4 Tiger.


Using OpenBSD 4.1

If you're a software enthusiast who has never used OpenBSD before, you might enjoy installing it by yourself and figuring it out as you go. If, however, you're looking for a more practical approach to using OpenBSD 4.1 on a desktop or server machine, here's a quick guide to get you started in this spectacular operating system.


Plans for Ubuntu 7.10 (Gutsy Gibbon) revealed

Development plans for Ubuntu 7.10 (codenamed Gutsy Gibbon) were announced last night on the Ubuntu development mailing list. Scheduled for official release in late October, Gutsy Gibbon will include version 2.6.22 of the Linux kernel, GNOME 2.20, and Xorg 7.3. Kubuntu 7.10 will feature KDE 3.5.7 and offer optional packages for KDE 4.0 RC2. Ubuntu 7.10 Server Edition will feature some nice additions, including support for Novell's AppArmor security framework.


miércoles, 20 de junio de 2007

ZFS On Linux - It's Alive!

LinuxWorld reports that Sun Microsystem's ZFS filesystem has been converted from its incarnation in OpenSolaris to a module capable of running in the Linux user-space filsystem project, FUSE. Because of the license incompatibilities with the Linux kernel, it has not yet been integrated for distribution within the kernel itself. This project, called ZFS on FUSE, aims to enable GNU/Linux users to use ZFS as a process in userspace, bypassing the legal barrier inherent in having the filesystem coded into the Linux kernel itself.


24-hour test drive: PC-BSD

PC-BSD is not a Linux distribution, but rather it could be considered among the first major FreeBSD-based distributions to live outside of the official FreeBSD. Like most distributions, it has implemented certain features in a way that attempts to distinguish it from the competition, and I will focus mostly on these differences. This test drive is intended to give an overview of what PC-BSD is and why one would consider using it.


martes, 19 de junio de 2007

sistema de archivos BSD en un CD?

Si buscas crear un CD con un sistema de archivos BSD, conservando así, todos los permisos de ciertos archivos, existe una solución.

pf 4.1 Update available for testing

As of today (20070616) I consider this to be BETA quality (at least).
Please test and provide me (and freebsd-pf@) with feedback (good or else). If things work out well, I plan to commit this soon.


domingo, 17 de junio de 2007

Bypass Proxy Server

You can bypass the restrictions imposed by proxy server on your corporate or campus network. You'll need access to a SSH server. You can use SSH to create a SOCKS 5 proxy server on your local machine which will tunnel all the traffic through the SSH server.


How To Sniff Passwords on Wireless and Wired Networks

Sniffing passwords over a network is actually a lot easier than you would think. I’m going to show you step by step how to sniff passwords using the Windows password recovery tool Cain & Abel. Following this tutorial you’ll be able to sniff for user names and their corresponding passwords in plain-text on both wireless and wired networks. Cain & Abel sniffs passwords by implementing something called ARP (ARP Poison Routing), also known as “ARP Spoofing”.


Know your regular expressions

You can build and test regular expressions (regexps) on UNIX® systems in several ways. Discover the available tools and techniques that can help you learn how to construct regular expressions for various programs and languages.


Get free Ubuntu stickers

System76 offers free Ubuntu stickers. To get them, please send a self-addressed stamped envelope to one of the following addresses. It depends on where you are.


Controlling your Linux system processes

All modern operating systems are able to run many programs at the same time. For example, a typical Linux server might include a Web server, an email server, and probably a database service. Each of these programs runs as a separate process. What do you do if one of your services stops working? Here are some handy command-line tools for managing processes.

Getting started with GRUB

When you power on your computer, the first software that runs is a bootloader that invokes the computer's operating system. GRUB, the GRand Unified Bootloader, is an integral part of many Linux systems. It starts the Linux kernel. Here's some background on GRUB, and some tips on installing and configuring the software.


OpenBSD: New package system features

Last month we published a writeup from espie@ which talked about the code changes he's been working on in the OpenBSD package system. Here's a list of new features that have been recently added.

viernes, 15 de junio de 2007

DragonFly BSD: UNIX for Clusters?

The Free Software community is well known for its diversity. This is most obvious at the application level, but even exists in the context of operating systems. David Chisnall takes a break from UNIX-derivatives and explores some of the more esoteric options.


miércoles, 13 de junio de 2007

Desktop FreeBSD Part 5: Printing

As a writer, the only reason I ever got that first computer was because it was far more efficient than a typewriter, and certainly more readable than my own handwriting. The sheer volume of what I've turned out over the years would be impossible for me to manage on paper. Add to that all the stuff written by others that I wanted to save, and it boggles the mind. Even though most of what I've written is read by others online, I still have to produce paper copies from time to time. That means I have to translate my electronic files into readable paper copies. That first computer would have been nearly useless to me without the attached printer.



This is a delayed HEADS UP that "options AUDIT" is now the default in GENERIC.
This means you either need to add "nooptions AUDIT" in configs based on GENERIC, or you can now take out "options AUDIT" :-). Audit support will not be enabled by default out-of-the-box, but it will now be possible to turn it on without a kernel recompile.


martes, 12 de junio de 2007

Turn Vim into a bash IDE

By itself, Vim is one of the best editors for shell scripting. With a little tweaking, however, you can turn Vim into a full-fledged IDE for writing scripts. You could do it yourself, or you can just install Fritz Mehner's Bash Support plugin.


Retrieving Emails From Remote Servers With fetchmail

Fetchmail is a program for retrieving emails from remote servers. Imagine you have five email accounts on five different servers. Of course, you don't want to connect to each of them to get your emails. This is where fetchmail comes into play. If you have a user account on a Linux server, you can make fetchmail download emails from remote servers and put them into just one mailbox (the one of your Linux user), from where you can retrieve them with your email client (e.g. Thunderbird or Outlook).

Or imagine you have an email account at a provider that doesn't do spam- and virus filtering. In that case you could use fetchmail to download the mails to your own server and pipe them through spam- and virus filters (e.g. SpamAssassin and ClamAV) before you download the mails with your email client.


Five scripts that make life easier with Vim

The Vim editor allows you to modify its behavior via scripts, and the Vim community has produced hundreds of scripts that may help you be more productive, or add functions to Vim that you've always wished it would have. Here are five that I find particularly useful.


Playing encrypted DVDs on Linux

Today I needed to play a DVD on my PC actually it was the Da Vinci Code based on Dan Brown's best seller, I tried with my Mandriva, Suse and Debian, as I am just starting with Mandriva and Suse, I was not able to install the "magic" package which is libdvdcss.

When I tried on Debian it was pretty easy for me, first I need to remember you that this procedure could be illegal in your country, and it is up to you to find if this is legal or Illegal in your country.


Introduction to Antispam Practices

According to a research conducted by Microsoft and published by the Radicati Group, the percentage held by spam in the total number of emails sent daily has been constantly growing since 2005. As a result, spam is expected to represent 77% of emails sent worldwide by 2009, amounting to almost 250 billion unsolicited emails delivered every day.

In a world where spam is bound to hold such an important position, methods of preventing it should also be given an increasing importance. Some of the easiest and most widely used prevention methods are host control solutions, Antispam applications and user education.


How To Block Spam Before It Enters The Server (Postfix)

This is just a quick guide showing you how you can configure Postfix (2.x and 1.x) to block spam before entering the server. It's more or less self-explanatory. However, after applying this to your own mail server, you should check the mail log to make sure that no legitmate mails are blocked.


How to Check if Your WebMail Account has been Hacked

Normally when someone compromises a WebMail account they'll pilfer through all your messages and save anything they're interested in keeping. Unless the intruder is really dumb, and sometimes they are, they'll change all the messages back to unread (bold) so you won't notice their presence. What you can do ahead of time is set a kind of a virtual silent alarm on your account. Here's how.

Regla de iptables para bloquear MSN

Los brasileños del sitio Dicas-L encontraron una simple y muy satisfactoria regla de firewall para bloquear el servicio de mensajería instantánea de MSN en toda una red. Para esto es necesario el módulo STRING de iptables disponible a partir del Kernel 2.6.14. La regla es la siguiente:

iptables -I FORWARD -p tcp -m string --string "VER " --from 51 --to 56 --algo bm -j REJECT

Y su explicación es la siguiente...

lunes, 11 de junio de 2007

Wireless networks: The burning questions

Wireless networks might be mainstream across enterprise networks, but that doesn’t mean they’re no-brainers. Here, we’ve raised and attempted to answer some of the thornier questions you might still be dealing with.


FreeBSD Project Integrates Support for the Camellia Block Cipher

The FreeBSD Project has integrated support for the Camellia Block Cipher, developed by Nippon Telegraph and Telephone Corporation (NTT) and Mitsubishi Electric Corporation. Camellia has been specified for use with IPsec, SSL/TLS, S/MIME, and XML.


miércoles, 6 de junio de 2007

Encrypt and sign Gmail messages with FireGPG

Gmail may be an excellent Web-based email application, but there is no easy way to use it with privacy tools like GnuPG. The FireGPG extension for Firefox is designed to solve this problem. It integrates nicely into Gmail's interface and allows you to sign and encrypt not only email messages but also text snippets from any Web page.


Debian as a desktop system

Debian is well respected as a stable server distribution, and most of the reviews focus on aspects appropriate to server deployments. This article covers Debian on the desktop. It is not a step by step tutorial, but focuses on the highlights of the recent Etch release.

domingo, 3 de junio de 2007


As people might have noticed, it's been awfully quiet here. That is mostly because I've been so damn busy with my new project: FreeBSD/xen. I assume people will know what Xen is, if not, wikipedia is your friend :-)

Quite some time ago, Kip Macy has been working on the port, but eventually started working on other things. I'm trying to continue his work, and currently, most of it will be in the Perforce branch. Mind that the current focus is the domU support (ie. using FreeBSD as a guest OS), but dom0 (using FreeBSD as the host OS) is of course also TODO :-)


RealPlayer: One-click Video Ripping

RealPlayer is coming up with a free version which will allow one-click video ripping.
This free downloadable video player will allows anyone to save and organize video files in all major formats including Flash, QuickTime, RealMedia and Window Media and will support video ripping from websites like YouTube or more.


A New Global Memory Card Standard

The MultiMedia Card Association has approved a new memory card standard called the Multiple Interface Card (miCard). The card will make transferring pictures, songs, and other data between electronic gadgets and PCs easier. Twelve Taiwanese companies are preparing to manufacture the new miCard.


NetBSD 'Quarterly' Status Report Published

The NetBSD Project has published the first 'quarterly' status report in 2007, covering the months January through June of 2007. This status report summarizes the changes within NetBSD from January until June 2007.

BIND 9.4.1 imported to FreeBSD

After extensive testing, I've upgraded the BIND in the base to version 9.4.1. This version contains a lot of performance improvements, especially for threading, so I've re-enabled it by default. The other most significant thing in this version is improved DNSSEC, which will of course be of interest to only a few of you (unfortunately). :)


sábado, 2 de junio de 2007

Transfer files securely with SFTP

File Transfer Protocol (FTP) was once the most widely used protocol for transferring files between computers. However, because FTP sends authentication information and file contents over the wire unencrypted, it's not a secure way to communicate. Secure Copy (SCP) and the more robust SSH File Transfer Protocol (SFTP) address this security concern by providing data transfer over a fully encrypted channel. You can use these alternatives for transferring files securely over the Internet or any other untrusted network.


10 Anti-Phishing Firefox Extensions

For most Internet users, defending against phishing attacks is a top priority. Typically, phishing attacks involve phony emails and fraudulent web sites that try to lure users into disclosing user names, passwords and other personal information, such as credit card numbers and social security numbers.

The damage caused by phishing attacks ranges from loss of access to your web account to identity theft. Once the personal information is obtained, the phishers may use one’s details to steal money, create fake accounts etc.

One popular way to combat phishing attacks is to maintain a list of known phishing sites and to check web sites against the list. This hack highlights 10 anti-phishing Firefox extensions that can be used to mitigate the risk of being a victim of a phishing attack.


viernes, 1 de junio de 2007

PHP 5.2.3 released

With the new version of PHP, version 5.2.3, the developers have fixed multiple security-related vulnerabilities. According to the release notes, it includes fixes for an integer overflow in the chunk_split() function and a possible path traversal bypassing path restrictions in safe mode resulting from a bug in the realpath() function, plus resolution of a vulnerability in the imagecreatefrompng() function that might cause it to enter an infinite loop.