Stoppt die Vorratsdatenspeicherung! Jetzt klicken &handeln! Willst du auch an der Aktion teilnehmen? Hier findest du alle relevanten Infos und Materialien:

Archived entries for Security

Two-factor Authentication

Google ermöglich eine two-factor authentication für google Accounts.

Once you enable 2-step verification, you’ll see an extra page that prompts you for a code when you sign in to your account. After entering your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device. The choice is up to you. When you enter this code after correctly submitting your password we’ll have a pretty good idea that the person signing in is actually you.

Ok, das ist für mich persönlich nicht so spannend da ich meinen gmail Account als Wegwerf Adresse verwende, aber vielleicht findet das ja Nachahmer.

daily links

  • Simpleshare | drupal.org
    Sharing to Facebook and Twitter via Drupal usually means wrestling with authentication, complex settings, etc. New APIs from both sites make it much easier.
    This module adds a workflow which makes it easy to post to each service following the creation of a node. There’s lots of share widgets which will allow you to share while viewing the node itself, but nothing that prompts the user after node creation to do so (without complex setup).
  • The Ethical Hacker Network - Tutorial: Hacking Linux with Armitage
    This article introduces Armitage, a new GUI for Metasploit built around the hacking process. Today, I will show you how to use Armitage to scan a Linux host, find the right exploit, exploit the host, and handle post-exploitation. By following this process, you will learn how to use Armitage and Metasploit in your own work.
  • TYPO3-Organiser ab 1. April: All-in-One: News, Events, Online-Tickets, Personal, Standorte
    Der TYPO3-Organiser ist eine All-in-One-Lösung für Nachrichten, Veranstaltungen, Personal, Standorte und Online-Tickets. Die Datenbank ist optimal auf Anforderungen von Veranstaltern, Lobby-Organisationen und Institutionen mit Öffentlichkeitsarbeit abgestimmt.
    TYPO3-Organiser soll bis 1. April noch um ein weiteres Modul ergänzt werden: Seminare.
  • More on upgrading plugins to Joomla 1.6
    There are a number of other modifications that are required concerning changes to event names that the extension developer needs to be aware of in order for plugins to work successfully in Joomla 1.6./li>

Silently determine Login Status

Mike Cardwell zeigt wie sich via JavaScript feststellen lässt ob jemand bei Facebook, twitter, … angemeldet ist:

When you visit my website, I can automatically and silently determine if you’re logged into Facebook, Twitter, GMail and Digg. There are almost certainly thousands of other sites with this issue too, but I picked a few vulnerable well known ones to get your attention. You may not care that I can tell you’re logged into GMail, but would you care if I could tell you’re logged into one or more porn or warez sites? Perhaps http://oppressive-regime.example.org/ would like to collect a list of their users who are logged into http://controversial-website.example.com/?

Das lässt sich natürlich auch halbwegs sinnvoll nutzen, z.B. um mailto: Links durch einen Gmail Compose Links zu ersetzen:

$('<img/>').hide()
 .attr('src','https://mail.google.com/mail/photos/static/AD34hIhNx1pdsCxEpo6LavSR8dYSmSi0KTM1pGxAjRio47pofmE9RH7bxPwelO8tlvpX3sbYkNfXT7HDAZJM_uf5qU2cvDJzlAWxu7-jaBPbDXAjVL8YGpI')
 .load(function(){
 $('a[href^="mailto:"]').each(function(){
 var email = $(this).attr('href').replace(/^mailto:/,'');
 $(this).attr('href','https://mail.google.com/mail/?view=cm&fs=1&tf=0&to='+escape(email));
 });
 })
 .appendTo('body');

PDF Probleme

Julia Wolf zeigte auf dem 27C3 zahlreiche Sicherheitsprobleme des PDF Formats.

Beispielsweise könne man in ein PDF einen Datenbank-Scanner einbauen, der beim Ausdrucken des Dokuments auf einem Netzwerkdrucker aktiv werde und das Netzwerk abtaste. Auch sonst sei das Dokumentenformat für zahlreiche Überraschungen gut. Es sei etwa möglich, PDFs zu schreiben, die in unterschiedlichen Betriebssystemen, Browsern oder PDF-Lesern – oder sogar in Abhängigkeit von der Spracheinstellung eines Rechners – verschiedene Inhalte darstellten.

daily links

  • WordPress SEO Plugin - Yoast
    WordPress SEO is the most complete SEO plugin that exists today for WordPress.org users. It incorporates everything from a snippet preview that helps you optimize your page titles, meta descriptions and keywords to XML sitemaps, and loads of optimization options in between.
  • Draw on any webpage. Share thoughts. Move ideas. - MarkUp
    MarkUp lets you draw on any webpage with a variety of tools to express your thoughts, make a point or just simply edit. Try MarkUp now by choosing a shape below. Then grab and drop on your bookmarks bar to use any time. Yes, no downloading needed.
  • TYPO3 - Imagecrop for tt_content
    You can enable cropscaling in tt_content image elements with an extra checkbox. Only TypoScript.
  • TYPO3 - Perfect Lightbox
    Click-enlarge images with a lightbox/slimbox based on PROTACULOUS,MOOTOOLS or JQUERY in TYPO3! Single images, imagesets, presentation mode and slideshow supported. Options can be set for each content-element. No XCLASS, just typoscript. Valid html.
  • HTML Purifier - Filter your HTML the standards-compliant way!
    HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.
  • calibre - About
    calibre is a free and open source e-book library management application developed by users of e-books for users of e-books.

Copyright © 2004–2009. All rights reserved. – Impressum

RSS Feed. This blog is proudly powered by Wordpress and uses Modern Clix, a theme by Rodrigo Galindez.