Technical: September 2004 Archives


A friend asked me to have a look at her mom's PC due to several problems that where driving her up the wall. The following is the list I was given.

1. McAfee had run out and was asking for reregistration and fees etc.
Cure: Uninstall and replace with AVG -- free edition
Why: AVG is free and as good as McAfee.

2. Windows Messenger pop ups from the internet.
Cure: Disable the service in Services
Why: Windows messenger service should be disabled. For some reason microsoft leave it enabled for normal users which is a bit silly in my book.
See Below for the cure.

3. Firewall.
Cure: Install the free edition of Zone Alarm
Why: Its free and a great product.

Some other things that I had a look for when I was fixing the PC.

Spyware:
To check for spyware download SpyBot and it should find the most common ones. I found the following.

IE DSO Exploit
Wild Tangent
Alexa Toolbar
Media Plex

and a whole lot of tracking cookies. I know a lot of this stuff can be harmless but I consider anything that sends information over the internet without the users express permission as spyware. Why AOL decided to use Wild Tangent I have no idea. Its spyware in my book.

The IE DSO Exploit may not actually be a problem due to a bug in SpyBot. I updated the windows installation that fixes the problem but SpyBot was still throwing a wobbly. A quick Google showed that this is a problem with SpyBot if windows is properly up to date.

Service Pack 2
I downloaded this and installed it which should take care of some problems and no doubt introduce a few others.

HOW TO DISABLE WINDOWS MESSENGER
Windows XP Home
Click Start->Settings ->Control Panel
Click Performance and Maintenance
Click Administrative Tools
Double click Services Scroll
down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK

Windows 2000
Click Start-> Settings-> Control Panel-> Administrative Tools->Services
Scroll down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK

Windows XP Professional
Click Start->Settings ->Control Panel
Click Administrative Tools
Click Services
Double click Services Scroll
down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK


Windows NT
Click Start ->Control Panel
Double Click Administrative Tools
Select Services-> Double-click on Messenger
In the Messenger Properties window, select Stop,
Then choose Disable as the Startup Type
Click OK

Windows 98 & ME
Windows Messenger Service cannot be disabled

Add to delicious Digg This Add to My Yahoo! Add to Google Add to StumbleUpon
| | Comments (0)

I wanted to open an application today as the Postgres user while logged in as my normal user account. I know that dropping access control to the xserver can be a bit of a security risk but I also don't like flicking between users to achieve a task. I don't mind opening an xterm but logging in and out of xwindows is not much fun.

Anyway to get an application working using the insecure method we can do the following. User A is the main user and you want user B to be able to open an app in users A's session.

A@machine:~$ xhost +
A@machine:~$ su - B
password *********
B@machine:~$ export DISPLAY=:0.0
B@machine:~$ /path/to/application/

This was easy but I don't like using

A@machine:~$ xhost +

and allowing everyone access. This is not smart so I decided to see if there is a more secure method that avoids this. Having a read of the xhost manual I found out that I could limit access on a per host or per user basis as follows

A@machine:~$ xhost +B@

which gives me a lovely error message as seen below. I have tried various different methods but I get the same error message.

B@ being added to access control list
X Error of failed request: BadValue (integer parameter out of range for operation)
Major opcode of failed request: 109 (X_ChangeHosts)
Value in failed request: 0xfe
Serial number of failed request: 7
Current serial number in output stream: 9

so it would appear to me that there is something amiss somewhere. I googled for quite a while to see if I could find a definitive answer. No joy, they all recommended using xhost + which is not what I want to do.

Simple things like this can be such a bloody chore under Linux. I know, I know stop bitching and start patching.

Anyway. I can remember doing something similar to what I want with ssh so I had a look at the man page and found the following snippet

-X Enables X11 forwarding. This can also be specified on a per-host
basis in a configuration file.

X11 forwarding should be enabled with caution. Users with the
ability to bypass file permissions on the remote host (for the
user's X authorization database) can access the local X11 display
through the forwarded connection. An attacker may then be able
to perform activities such as keystroke monitoring.

This meant that I could do the following.

A@machine
A@machine:~$ ssh -X B@machine
password ********
B@machine:~$ /path/to/application

and I get the window displayed. Remember that you need to edit the

/etc/ssh/sshd_config

files and set X11forwarding to yes. This is more secure than using xhost + but still not ideal but good enough for what I want it for.

Add to delicious Digg This Add to My Yahoo! Add to Google Add to StumbleUpon
| | Comments (0)