OpenID is a specification for doing decentralized authentication of users on the Internet. It allows you to send your credentials to multiple OpenID-enabled sites, while using only one password to authenticate to your OpenID provider - which can be your very own server. It’s a neat idea to move closer towards a single sign-on implementation [...]
Also filed in
|
|
A guy who runs SETI@home on a bunch of his computers used it to locate and recover his wife’s stolen laptop! The SETI client application sends its results to the main database every few days, and then downloads new work to do. Well, when this connection happens, the SETI database logs the client’s IP address. [...]
A research paper released today by Watchfire talks about a possible vulnerability in Google Desktop [pdf]. They were able to exploit flaws in the application and its integration with the web to obtain “remote and persistent access” to data on the target system. This was just announced, so we’ll have to see if it stands [...]
Visreport is a tool, written in Ruby, for visualizing the output of SELinux logging (as well as AppArmor and Netfilter). It generates some pretty charts and graphs in an HTML format, with some nice AJAX features to spice it up. This would be useful to get a quick visual representation of where you might want [...]
Also filed in
|
|
Well, at least Sourcefire was able to discover this bug on its own. A stack-based buffer overflow attack can be carried out by presenting a Snort instance with specially crafted DCE/RPC traffic. It’s recommended that all users upgrade to the latest version (2.6.1.3), or at least disable the DCE/RPC preprocessor in snort.conf. It’s nice to [...]
Also filed in
|
|
