Cody Taylor

Quick htpasswd Protection Setup On Linux.

cody@taylor:~$  <--This is the prompt. You do not need to type this

cody@taylor:~$ cd /var/www/protected

Get the full path to the directory if you don’t already know it.

cody@taylor:~$ pwd

Create the htaccess file and add the following lines.

cody@taylor:~$ vim .htaccess
AuthUserFile /var/www/protected/.htpasswd
AuthName "This Site"
AuthType Basic
Require valid-user

Next use the htpasswd linux command which should be in the most common distros.

cody@taylor:~$ htpasswd -c .htpasswd someguy
New password: 
Re-type new password:

Almost done. Now you need to set the permissions on the files we just created.

cody@taylor:~$ chmod 755 .htaccess .htpasswd

All good.

Charlie Miller, the security expert who won both this and last year’s CanSecWest Pwn2Own security contests by exploiting Macs running Safari, repeated in an interview that he’d recommend Macs to typical users as a safer alternative to Windows PCs.

narramissic writes “In a paper set to be delivered at an upcoming security conference, University of Texas at Austin researchers showed how they were able to identify people who were on public social networks such as Twitter and Flickr by mapping out the connections surrounding their network of friends. From the ITworld article: ‘Web site operators often share data about users with partners and advertisers after stripping it of any personally identifiable information such as names, addresses or birth dates. Arvind Narayanan and fellow researcher Vitaly Shmatikov found that by analyzing these ‘anonymized’ data sets, they could identify Flickr users who were also on Twitter about two-thirds of the time, depending on how much information they have to work with.'”

Read more of this story at Slashdot.

Death Metal writes “Chief Security Engineer Andrea Barisani and hardware hacker Daniele Bianco used handmade laser microphone device and a photo diode to measure the vibrations, software for analyzing the spectrograms of frequencies from different keystrokes, as well as technology to apply the data to a dictionary to try to guess the words. They used a technique called dynamic time warping that’s typically used for speech recognition applications, to measure the similarity of signals. Line-of-sight on the laptop is needed, but it works through a glass window, they said. Using an infrared laser would prevent a victim from knowing they were being spied on.” (This is the same team that was able to pick up the electromagnetic signals emitted by PS/2 keyboards.)

Read more of this story at Slashdot.

It’s lurking in millions of PCs around the world. It’s incredibly sophisticated and resilient, with built-in p2p and digital code-signing technology. It revels in killing security software. On April 1, the Conficker worm will activate.

gardel writes “Google appears to have fixed a significant security hole in its two-week-old Voice calling service though some vulnerabilities remain. Until about 7pm PDT Tuesday, an unauthorized party could use a SIP device to spoof a phone number attached to a Google Voice account to call the Google Voice number, giviing the spoofer access to greetings and voicemail, and the ability to make outbound calls, including expensive international calls. Though spoofing via SIP is no longer possible, continued existence of some vulnerability was still apparent Tuesday night. Voxilla was able to set the caller ID of a PBX extension to a mobile number attached to Google Voice account and call in, using a business VoIP trunk, to gain access.”

Read more of this story at Slashdot.

China has blocked the video-sharing network YouTube after Beijing denounced footage appearing to show security forces beating Tibetans in Lhasa last year as “a lie”.

ISoldat53 sends this quote from McClatchy DC: “The CIA, which has been monitoring foreign countries’ use of electronic voting systems, has reported apparent vote-rigging schemes in Venezuela, Macedonia and Ukraine and a raft of concerns about the machines’ vulnerability to tampering. Appearing last month before a US Election Assistance Commission field hearing in Orlando, Fla., a CIA cybersecurity expert suggested that Venezuelan President Hugo Chavez and his allies fixed a 2004 election recount, an assertion that could further roil US relations with the Latin leader. … Stigall said that most Web-based ballot systems had proved to be insecure. The commission has been criticized for giving states more than billion to buy electronic equipment without first setting performance standards. Numerous computer-security experts have concluded that US systems can be hacked, and allegations of tampering in Ohio, Florida and other swing states have triggered a campaign to require all voting machines to produce paper audit trails.”

Read more of this story at Slashdot.

Popsikle writes “A few days ago one of the Web’s largest hosting discussion forums was supposedly hacked via their backup servers. From the story: ‘We’ve since learned that this very deliberate, sophisticated and calculated hack against Web Hosting Talk was carried out by gaining access to our offsite backup servers. From our backup servers, the hacker gained access to the WHT db server. The malicious attacker deleted all backups from the backup servers within the infrastructure before deleting tables from our db server. We were alerted of the db exploitation and quickly shut down the site to prevent further damage.’ What sort of security do you put on your backup infrastructure? Looking at your backup solution could you be completely taken down by either someone obtaining a backup or accessing your backup servers? What sort of recommendations does everyone have for this not to happen?”

Read more of this story at Slashdot.

clover kicker writes “The CBC reports that the group managing Canada’s .ca internet domain is working to foil an internet worm set to attack starting April Fool’s Day. ‘This is the first virus that’s really focused on domain names as part of propagating the virus itself,’ said Byron Holland, CEO of the Canadian Internet Registration Authority, a non-profit organization that represents those who hold a .ca domain. CIRA’s strategy includes pre-emptively registering and isolating previously unregistered .ca domain names that Conficker C is expected to try and generate, said a news release issued by the group. That would make those names unavailable for anyone to register in order to set up a website to host the worm’s ‘command and control’ file. A list of the names has been predicted by security experts based on the worm’s code. In addition, CIRA is investigating and monitoring activity at names on the list that have already been registered and will ‘take appropriate action if suspicious activity is detected.'”

Read more of this story at Slashdot.