Wednesday, March 26th, 2008
A lapse in security for Facebook discovered by Byron Ng, a computer technician from Vancouver, Canada, allowed him to sneak through Facebook’s newly improved privacy controls deployed last week.
The security loophole allowed him to view private photos of celebrities, along with other access restricted photos posted by other Facebook users.
The Associated Press verified Ng’s claim by accessing and viewing a private photo posted by Facebook founder Mark Zuckerberg.
According to a Facebook spokeperson, the security hole was fixed immediately after it was reported.
Posted in Internet, Security | 3 Comments »
Tuesday, March 25th, 2008
Streamyx issued a notice in its web site informing its users about an anti-spam exercise to mitigate spam in its network.
The action taken was by blocking outgoing SMTP port 25 for all outgoing e-mails from dynamic IP addresses to non-Streamyx mail servers.
In other words, if your company hosts its own mail server, the employees will not be able to send outgoing e-mails if they are connected from home to the office mail server via Streamyx.
SMTP port 25 is a standard outgoing port for most e-mail client software such as, Outlook Express, Mozilla Thunderbird, Eudora, and etc.
Streamyx offered several alternative configuration options. Users may either relay their mail server to Streamyx’s SMTP or use port 587 for all outgoing e-mails.
Posted in Internet, Security | No Comments »
Saturday, March 22nd, 2008
VNC stands for Virtual Network Computing. It is a remote control computing software that allows you to view and control another PC desktop remotely over the Internet.
Once the VNC session is established, all VNC data exchange between the client and the remote computers is unencrypted. A malicious user might be able to spoof your VNC data, thus allowing the person to gain access to your computer. VNC software usually contains a VNC server and a VNC viewer program.
Secure Shell or SSH is a network protocol that allows data to be exchanged between two computers over an encrypted secure channel. PuTTY is a popular and easy to use free SSH client.
Cygwin is an emulation of the Linux/UNIX-like environment and OpenSSH for Windows.
There are free software available for you to download from the Internet to tunnel VNC traffic over SSH connection.
You will need:
Install Cygwin on the remote computer
Login as Administrator.
Create a folder called c:\cygwin
Download the Cygwin setup file and save it in c:\cygwin folder.
Double click and run the Cygwin setup file.
Type c:\cygwin for the “Local Package Directory”.
Click the little View button for “Full” view.
Find the package “openssh“, click on the word “Skip” so that an “X” appears in the column.
Find the package “tcp_wrappers“, click on the word “Skip” so that an “X” appears in the column.
Find the package “zlib“, click on the word “Skip” (should be selected already) so that an “X” appears in the column.
Click “Next” to begin installing Cygwin and SSH.
Right click My Computer > Properties > Advanced > Environment Variables
Click the “New” button to add a new entry to System Variables:
Variable name: cygwin
Variable value: ntsec
Click the “OK” button.
Right click My Computer > Properties > Advanced > Environment Variables
Select the “PATH” variable and click the “Edit” button.
Append ;c:\cygwin\bin to the end of the Variable value.
Click the “OK” button.
Double click the Cygwin icon to open a cygwin window.
At the prompt, type ssh-host-config -y (the “-y” option automatically answers “yes” to the three questions below)
If the script asks about “privilege separation”, answer yes
If the script asks about “create local user sshd”, answer yes
If the script asks about “install sshd as a service”, answer yes
When the script asks about “CYGWIN=”, answer ntsec
To start the sshd service, open a Cygwin window and type either one of the following commands:
net start sshd
cygrunsrv ––start sshd
To stop the sshd service, open a Cygwin window and type either one of the following commands:
net stop sshd
cygrunsrv ––stop sshd
To harmonize Windows user information with Cygwin, open a Cygwin window and type the following commands, one line at a time:
mkpasswd ––local > /etc/passwd
mkgroup ––local > /etc/group
To test your sshd installation, open a Cygwin window and type the following command:
whoami
The current username should be displayed.
ls -h /cygdrive/c
You should see a directory listing.
Type exit at the command prompt to exit the Cygwin SSH session.
Install the VNC Server program
Download the RealVNC setup file on the computer to be controlled remotely.
Double click and run the RealVNC setup file.
Select the checkbox for VNC Server.
Click “Next” to begin the installation.
Type a VNC password when asked so that you will be prompted to enter a password every time you establish a VNC session.
Install the VNC Viewer program
Double click and run the RealVNC setup file on the computer you are using to control the remote computer desktop.
Select the checkbox for VNC Viewer.
Click “Next” to begin the installation.
Configure and run the PuTTY program
Double click and run the PuTTY program file on the computer you are using to control the remote computer desktop.
At the “Session” category in the tree menu, Type the Host Name or IP Address of the remote computer.
The Port should be default to 22 and the Connection type should be default to SSH.
Click the “SSH” category to expand the tree menu, and select “Tunnels”.
Add these entry below the “Add new forwarded port”:
Source port: 5900
Destination: 127.0.0.1:5900
Select the default values as “Local” and “Auto“.
Click the “Session” category in the tree menu.
Type a name at the “Saved Sessions” and click the “Save” button.
Click the “Open” button to establish a new SSH session to the remote computer.
Type the Windows username and password to login.
Leave the PuTTY program window open.
Run the VNC Viewer program
Double click and run the VNC Viewer program.
Type localhost or 127.0.0.1 and click “OK” to connect.
The VNC session should be tunelling through the SSH connection by now.
You can verify it by closing the SSH session. The VNC connection will be disconnected immediately too.
SSH, The Secure Shell
Posted in Internet, Security | 5 Comments »
