July 29, 2004

Think you can outsmart phishing scams?

Take Mailfrontier's Phishing Quiz and see if you can outsmart them. I only got 80% on the first test.

Posted by tony at 08:07 AM | Comments (1)

July 28, 2004

Off-topic: Music copyrights

Quoting from Dan Gillmor's Journal this morning:

"According to Pete Seeger, in this account (widely acknowledged in the folk world to be true) from the Museum of Musical Instruments, when Guthrie was singing on the radio in Los Angeles during the Depression, he'd mail mimeographed songs to listeners, and wrote on one:

"This song is Copyrighted in U.S., under Seal of Copyright # 154085, for a period of 28 years, and anybody caught singiní it without our permission, will be mighty good friends of ourn, cause we donít give a dern. Publish it. Write it. Sing it. Swing to it. Yodel it. We wrote it, thatís all we wanted to do.Ē

Posted by tony at 08:23 AM | Comments (0)

July 22, 2004

More on tunneling Remote Desktop over SSH

Will this saga never end? Continuing with this entry from May 21, I've been playing with and trying various ways to tunnel Remote Desktop over SSH. There are lots of useless entries out there on the web, mostly discussing ways to force your Windows XP machine to accept Remote Desktop connections requests to localhost or 127.0.0.1 when, in fact, all you have to do is connect to 127.0.0.2 ... or .3 ... or .4. That's right, folks, 127.x.y.z are ALL local connections. And let's not debate whether that's a correct implementation or not, that's just the way it is. We can take advantage of this IF we can get our local SSH client to listen on one of those IP addresses. The stock, standard OpenSSH implementation of the SSH client won't do it so you've gotta pick something else. PuTTY will do it as will plink from that same free distribution. So, what you need to do is set up a PuTTY configuration to forward 127.0.0.2:3389 to 127.0.0.1:3389 (remember, the remote IP address is relative to the machine that's your SSH target).

That's the 2 machine case (SSH directly to the machine whose desktop you want to control). There's also a 3 machine case where you SSH into a landing pad that has access to the machine whose desktop you want to control. I'll deal with that later.

So, in summary, you need to run an SSH client that will allow you to listen on an IP address that's not 127.0.0.1. PuTTY and plink are two clients that will work -- the OpenSSH implementation of SSH will not work. You need to forward port 3389 (3390 if your local machine is running the Remote Desktop server) to port 3389 of the remote machine. Once you've established your SSH connection, bring up the Remote Desktop client and connect to 127.0.0.2 (or 127.0.0.2:3390 if your local machine is running the Remote Desktop server) and you are up and running!

Posted by tony at 10:56 AM | Comments (1)

July 16, 2004

Picasa V1.6 is free from Google

Google bought Picasa a little while ago. Now you cna download Picasa V1.6 for free from them here.

Posted by tony at 11:46 AM | Comments (0)

July 10, 2004

Mozilla/Firebird/Thunderbird Security exposure

eWeek reports in this article of a security exposure in Mozilla's Mozilla, Firefox, and Thunderbird clients wherein a malicious user can cause arbitrary code execution by using the shell: protocol. You can download Mozilla 1.7.1, Firefox 0.9.2, and Thunderbird 0.7.2.

Posted by tony at 09:46 PM | Comments (0)

July 06, 2004

The Hazards of X11 Forwarding

X11 forwarding is a powerful and helpful feature of SSH but, as pointed out in this article from Hacking Linux Exposed, it can be dangerous if you're not careful. It's no great secret -- pay attention to your file and directory permissions!

Posted by tony at 09:20 PM | Comments (0)

Download.Ject : Are you infected?

Microsoft has some additional information available about the most recent security exposure here. It tells you how to determine if you've been infected.

Posted by tony at 12:49 PM | Comments (0)

PC Mag's 2004 Utility Guide

I'm a little behind on this as it's dated June 8 but better late than never. Here's a link to PC Magazine's 2004 Utility Guide. Backup programs, defraggers, anti-virus, file managers, etc.

Posted by tony at 10:57 AM | Comments (0)

July 02, 2004

BHOs: the latest threat?

As it was explained to me, this latest threat/penetration was helped along by BHOs (Browser Helper Objects). BHOs (see this Lavasoft forum article for a good description) are useful additions to IE but, sometimes, they can turn nasty. That's why I've been running a BHO watcher for a couple of years, now. My favorite has been BHODemon (free from DefinitiveSolutions. It's been stuck at V1.0 for, I dunno, a couple of years? They've just released 2.0 and it's free!

Posted by tony at 12:22 PM | Comments (0)