Default Apache Install:

Plus PHPInfo page:

Equals phishing attack.

Nice equation.

pam_tally comes in two parts: pam_tally.so and pam_tally. The first is the PAM module and the second is a stand-alone program. pam_tally is an (optional) application which can be used to query and/or modify the count file (such as display users’ counts, set individual counts, or clear all counts).

A pretty nice walk-through can be found here.

#!/usr/bin/perl
#
# Usage: grep something /var/log/squid/access.log | squidtimes.pl
# Usage: squidtimes.pl /some/file/path
 
if ($ARGV[0] ne "") {
        open(LOG, "$ARGV[0]" ) or die "Cannot open log: $!";
 
        while (< LOG >) {
                if ( $_ =~ /^(\d{10})\.(.*)/ ) {
                        $realtime = scalar localtime( $1 );
                        print "$realtime\t $2", "\n";
                }
        }
        close LOG;
 
} else {
        while (<>) {
                if ( $_ =~ /^(\d{10})\.(.*)/ ) {
                        $realtime = scalar localtime( $1 );
                        print "$realtime\t $2", "\n";
                }
        }
}

From there, we use a combination of bash programming, the script above, and awk to give us the data we’re looking for.

user@squid:~>; for ((i=30;i>1;i–));do sudo zgrep -e ‘192\.168\.11\.60′ /var/log/squid/access.log.$i.gz | /usr/local/scripts/squidtimes.pl | awk ‘{print $1,$2,$3,$4,$8,$9,$11,$12 }’ >> results.log;done

user@squid:~>; head -1 results.log
Tue Sep 2 07:22:32 192.168.11.60 TCP_IMS_HIT/304 GET http://workforceportal.elabor.com/ezLaborManagerNetRedirect/images/spacer.gif

There are some things you can do like rpm -qlv <name_of_package> but you’re going to be troubleshooting broken items for a while - not to mention you can throw your security right out the window. What if said user was the Apache user or named user for example… Reinstall time :o)

Some things to remember:
- Anonymous root logins are very bad. There’s no audit trail, no accountability, and may allow an exhaustive list of guessing attacks.
- Under normal circumstances, log in as an assigned user (without root privs) and use ’sudo’ when you need root level access.
- Never allow the root user to connect via SSH (or over the network for that matter); but do allow via local terminal/console.
- Always use ’sudo’ with extreme care, because it’s not going to ask you if you’re sure.

For example: a user just sent an email, as soon as I highlight the message to view it in the preview pane, it updates the right-hand xobni toolbar to show her connections on linkedin, past conversations I’ve had with her, files we’ve exchanged, how many times she’s emailed me, and how many times I’ve emailed her. It also shows a summary/approximation of the times of day that are best for her to communicate via email. And when searching, it shows all people and mail that match your searching criteria… when you click on a person that matches your criteria, it shows all conversations you had with them… or you can just do like google desktop and get an individual message. Right from that search screen, you can reply/reply to all, forward, open, etc.

I still need to give it more time, but so far this is good stuff.

http://www.xobni.com/

Let me ask you this: who is the government to tell me what I can and can’t do when it doesn’t affect anyone else? Part of being free is having the liberty to live your life as you see fit so as long as it does not adversely affect anybody else. Simple as that. If I do not wear my helmet and I get into an accident, the reprocussions are my resposibility. The government’s job is not to protect people from themselves. If it was in the constitution to protect people from themselves, we wouldn’t be a “free” country and everyone would have to be locked up and told what to do 24/7 (dictatorship anyone?).

This is the same with seat belts. Regardless if I wear my seat belt in my car, or my helmet on my bike, I am not adversely affecting anybody else should I choose to wear them. Some would argue ‘well you can’t control if somebody hits you’. And? If they hit me, it is the same principle - it does not adversely affect them anymore than it would have if I was wearing them. It affects me and it is my choice. Then the argument is ‘well if they hit you and you’re not wearing said protective measures and they kill you, they will go to jail for vehicular/involuntary manslaughter’. Again I say - and? What you are in a sense saying is that my liberties have to be sacrificed in order to protect someone else from having their liberties taken away for an action they committed. My liberties have to sacrificed to protect theirs? Seriously, does that make any sense to you?

Again I say - the government should not be in the business of protecting people from themselves. You can throw numbers at me all day long on how it saves lives (and I’ll liekly agree that it does); but at the end of the day I will tell you to give me liberty or give me death[1].

[1] - Patrick Henry, http://en.wikipedia.org/wiki/Give_me_liberty_or_give_me_death

“An email containing the password will be sent out shortly”… that says it all now doesn’t it. Guys, are you kidding me? Sure enough:

There’s my password in an unencrypted email.

Now luckily there isn’t anything too important in there (like banking information and such), but someone would be able to get all of my order history, contact information, etc. That’s somewhat of a privacy concern to me.

Always save a hashed version of the password. This fixes two things: there’s only one person that should know what it is - the user. If they forget it then they need to reset it. Second, when emailing the user, they get emailed a temporary link used to reset their password to something of their liking. There is nothing of use in the email going forward.

This explains their perception on passwords completely:

Sorry guys, I love ya, but this is rediculous.