Monthly Archives: August 2014

NAS nas4free

 

nas4free: / # df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/md0 223M 216M 7.6M 97% /
devfs 1.0k 1.0k 0B 100% /dev
/dev/ada5a 117M 112M 5.0M 96% /cf
procfs 4.0k 4.0k 0B 100% /proc
RAIDZ 6.7T 51k 6.7T 0% /mnt/RAIDZ
RAIDZ/ARstorage 3.9T 355G 3.6T 9% /mnt/RAIDZ/ARstorage
RAIDZ/CMstorage 2T 82G 1.9T 4% /mnt/RAIDZ/CMstorage
RAIDZ/dataset 6.7T 45k 6.7T 0% /mnt/RAIDZ/dataset
RAIDZ/vmware 500G 321k 500G 0% /mnt/RAIDZ/vmware
/dev/md1 61M 768k 59M 1% /var
nas4free: / #

Facebook Messenger’s Android Mobile App Permissions

The Insidiousness of Facebook Messenger’s Android Mobile App Permissions (Updated)

Read full article on http://www.huffingtonpost.com/sam-fiorella/the-insidiousness-of-face_b_4365645.html

In-app purchases An app can ask you to make purchases inside the app.

Device & app history
An app can use one or more of the following:

  • Read sensitive log data
  • Retrieve system internal state
  • Read your web bookmarks and history
  • Retrieve running apps

Cellular data settings
An app can use settings that control your mobile data connection and potentially the data you receive.

Identity
An app can use your account and/or profile information on your device.

Identity access may include the ability to:

  • Find accounts on the device
  • Read your own contact card (example: name and contact information)
  • Modify your own contact card
  • Add or remove accounts

Contacts/Calendar
An app can use your device’s contacts and/or calendar information.

Contacts and calendar access may include the ability to:

  • Read your contacts
  • Modify your contacts
  • Read calendar events plus confidential information
  • Add or modify calendar events and send email to guests without owners’ knowledge

Location
An app can use your device’s location.

Location access may include:

  • Approximate location (network-based)
  • Precise location (GPS and network-based)
  • Access extra location provider commands
  • GPS access

SMS
An app can use your device’s text messaging (SMS) and/or multimedia media messaging service (MMS). This group may include the ability to use text, picture, or video messages.

Note: Depending on your plan, you may be charged by your carrier for text or multimedia messages. SMS access may include the ability to:

  • Receive text messages (SMS)
  • Read your text messages (SMS or MMS)
  • Receive text messages (MMS, like a picture or video message)
  • Edit your text messages (SMS or MMS)
  • Send SMS messages; this may cost you money
  • Receive text messages (WAP)

Phone
An app can use your phone and/or its call history.

Note: Depending on your plan, you may be charged by your carrier for phone calls.

Phone access may include the ability to:

  • Directly call phone numbers; this may cost you money
  • Write call log (example: call history)
  • Read call log
  • Reroute outgoing calls
  • Modify phone state
  • Make calls without your intervention

Photos/Media/Files
An app can use files or data stored on your device.

Photos/Media/Files access may include the ability to:

  • Read the contents of your USB storage (example: SD card)
  • Modify or delete the contents of your USB storage
  • Format external storage
  • Mount or unmount external storage

Camera/Microphone
An app can use your device’s camera and/or microphone.

Camera and microphone access may include the ability to:

  • Take pictures and videos
  • Record audio
  • Record video

Wi-Fi connection information
An app can access your device’s Wi-Fi connection information, like if Wi-Fi is turned on and the name(s) of connected devices.

Wi-Fi connection information access may include the ability to:

  • View Wi-Fi connections

Device ID & call information
An app can access your device ID(s), phone number, whether you’re on the phone, and the number connected by a call.

Device ID & call information may include the ability to:

  • Read phone status and identity

Other
An app can use custom settings provided by your device manufacturer or application-specific permissions.

Note: If an app adds a permission that is in the “Other” group, you’ll always be asked to review the change before downloading an update.

Other access may include the ability to:

  • Read your social stream (on some social networks
  • Write to your social stream (on some social networks)
  • Access subscribed feeds

When you review individual permissions, all permissions, including those not displayed in the permissions screen, will be shown in the “Other” group.



“Reverse Engineering for Beginners” free book

Written by Dennis Yurichev (yurichev.com).

Praise for the book

  • Its very well done .. and for free .. amazing.’ (Daniel Bilar, Siege Technologies, LLC.)
  • …excellent and free (Pete Finnigan, Oracle RDBMS security guru.).
  • … book is interesting, great job! (Michael Sikorski, author of Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software.)
  • … my compliments for the very nice tutorial! (Herbert Bos, full professor at the Vrije Universiteit Amsterdam.)
  • … It is amazing and unbelievable. (Luis Rocha, CISSP / ISSAP, Technical Manager, Network & Information Security at Verizon Business.)
  • Thanks for the great work and your book. (Joris van de Vis, SAP Netweaver & Security specialist.)
  • … reasonable intro to some of the techniques. (Mike Stay, teacher at the Federal Law Enforcement Training Center, Georgia, US.)

As seen on…

… hacker news, reddit #1#2#3habrahabr.

Contents

Topics discussed: x86, ARM.

Topics touched: Oracle RDBMS, Itanium, copy-protection dongles, LD_PRELOAD, stack overflow, ELF, win32 PE file format, x86-64, critical sections, syscalls, TLS, position-independent code (PIC), profile-guided optimization, C++ STL, OpenMP, win32 SEH.

 

WordPress XML DOS

 

Major Security Vulnerability in WordPress, Drupal Could Take Down Websites

Nir Goldshlager, a security researcher from Salesforce.com’s product security team, has discovered an XML vulnerability that impacts the popular website platforms WordPress and Drupal.

The vulnerability uses a well-known XML Quadratic Blowup Attack — and when executed, it can take down an entire website or server almost instantly.

WordPress and Drupal are used by millions of websites. The latest statistics from the World Wide Web Consortium (WC3) show WordPress alone powers nearly 23% of the web.

 

 

http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/

 

MySQL allow external connections

Grant privileges

Under root user execute:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password';
Bind to all addresses

Edit your my.cnf, generally located in bind-address = 127.0.0.1.

  • /etc/my.cnf
  • /etc/mysql/my.cnf
  • $MYSQL_HOME/my.cnf
  • [datadir]/my.cnf
  • ~/.my.cnf
#bind-address = 127.0.0.1

Restart mysql

service mysql restart

Intro to Linux – free on edX

Intro to Linux – free on edX from Linux Foundation

 

 

Learn Linux with This Free edX Course from the Linux Foundation

Intro to Linux is normally a $2,400 course from the Linux Foundation, but it’s being offered for free now on edX. If you’ve ever wanted to learn how to use the open source operating system, there’s no better time than now.

Source http://lifehacker.com/learn-linux-with-this-free-edx-course-from-the-linux-fo-1612770920