Tag Archive for 'security'

Google Apps’ video chat comes with secure Gmail sessions

Published 1 year, 3 months ago. 0 Comments Tags: , , , , , , , , , , , , , , .

The story was spread by all top tech blogs last week: Google’s Gmail now features a video chat. And it requires the installation of a dedicated plugin.

Alas, there is no such plugin for any other platform except “Windows XP and later” (according the official website) and Macs (as read on the official blog). So it’s a quite sad news for us Linux users. Indeed, I’m confident about a future seamless integration into the free software ecosystem, as the Gmail’s video chat is based on a stack of open (or soon-to-be, according the recent controversy) standards and protocols: XMPP/Jingle, h264/SVC & RTP.

Anyways, that’s not the main purpose of this post.

I just wanted to point out an update that was not reported by the news: as soon as it was officially made available for the public, the brand new video feature was released for Google Apps’ Gmail too.

Not only that, Google also backported to Apps’ Gmail the much awaited HTTPs option that allow you to force secure encryption of your sessions:

These two updates are quite interesting to note. I long as I remember (and I might be wrong), Google Apps components were always out-of-sync with their legacy equivalent. So this maybe a sign of change in a really good direction for Google Apps users ! :)

Wordpress 2.2 Security Hole: Identity Theft

Published 2 years, 9 months ago. 11 Comments Tags: , , , , , , , .

I’m running 4 Wordpress blogs, for me and my friends. All of them are updated to latest version of Wordpress as soon as a new one is available.

One of them, Maomium, was hacked last night. Someone created a user account on it then stole my admin identity to post content. As soon as I discovered the hack, I’ve put the blog down and changed all passwords which may have been exposed to the hacker (database, etc…).

Before the hack happened, my apache log show me that a person was looking for blogs powered by Wordpress 2.2 and open to registration:

123.76-136-217.adsl-dyn.isp.belgacom.be www.maomium.com - [07/Jun/2007:00:51:55 +0200] "GET /category/wordpress/ HTTP/1.1" 200 2960 "http://www.google.be/search?hl=fr&q=%22powered+by+wordpress+2.2%22+Register&btnG=Rechercher&meta=" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4"

This person was my hacker. As you can see he’s a belgian guy and his broadband provider is Belgacom, to which I sent an abuse request. He register himself as Waryas with his myv4you@hotmail.com email. I know that, thanks to the email Wordpress send me each time someone register. Then google told me that this hack was not his first.

If you want to disect his behaviour, you can download my apache log.

This event show us that the Wordpress vulnerablility regarding guest account registration is still there. So the advice given by CountZero must be applied !

Tor 0.1.1.21 for Mandriva 2006.0

Published 3 years, 6 months ago. 0 Comments Tags: , , , , .

tor I backported TOR, an onion routing system to communicate anonymously on the Internet from cooker to Mandriva 2006.0. You can find it in my repository.

As usual, to install packages from my repository, take a look at my previous posts.

I finally will be able to sleep quietly…

Published 3 years, 10 months ago. 0 Comments Tags: , , , , .

Woohoo ! Something I wanted so much happened: my hosting provider added TLS/SSL authentification on their FTP servers.

Thanks Lost-Oasis !