07 Sep 09 Facebook Fan Check Virus
I read an article today regarding an alleged Facebook based virus from the “Fan Check” application. I will admit I’ve been sucked into the Facebook, but to my defense I primarily stick to just a few applications. Reading about this makes me glad that I’m running Chromium browser on Linux. I think, between the two of those, my chances of becoming infected are pretty slim. The chances of becoming infected with any kind of virus are pretty limited by using Linux in the first place, but that is pretty obvious.
What I found interesting about this article and the related “infection” is that, so far, there haven’t been any proven cases of the Facebook application actually directly infecting anyone. The infection is caused by third-party websites provided through search engine results, and then by way of social engineering. Whether from the Facebook application or the third-party websites, this infection does not rely on browser vulnerabilities or outdated software. It is all done with the permission of the user.
Think about it. Your friend invites you to “join the fun” and use a Facebook application. Each application has to be given permission by the end user in order to access required data. If the application itself were the cause of the infection, the user would have to give permission for it to happen.
In the more roundabout situation the user is afraid they were infected directly by the application (may or may not be the case), so they use a search engine to find a tool that will verify this for them. The search results are then populated by pages telling them they are infected and to download security software immediately. Again, if the user decides to download and install the “security software” they have allowed the infection into their machine.
I decided to try some of these search results to see what it is they tried to do. I was honestly pretty impressed with one of them. If I didn’t know any better, and if I were running Windows it would surely look legitimate to me. Have a look.
Tags: facebook, infection, social engineering, virus, windows
17 Mar 09 Gregarius : Server Side Feed Reader
I’ve spent the last week casually hunting around for alternate feed readers. I’ve been using Google Reader for some time now. but I’ve been growing tired of it. Desktop clients just don’t quite cut it for me as, just at work, I’m regularly between three different machines. I think I’ve found one that I like! It’s small, simple to install and configure and Free Software. Gregarius.
Gregarius has been in development for a number of years now, although has recently slowed down. I’d like to see things pick up again but, as usual in the Free Software world, that usually requires a community of users. It currently has a fairly thorough wiki, forum, devlog (blog) and a list of features and configuration options. The main reasons I like it are:
- Lightweight and responsive
- Very configurable. Includes plugins and themes.
- Simple feed management (categories, tags, etc)
- Very clean default theme
- Detailed search options
- more…
For those that might be interested in trying out a server-side feed reader I thought I might outline some of the steps toward installing it.
Gregarius Installation
These steps mirror the setup I’ve decided to use on my web server. You may need to alter some of the details to your needs.
cd /var/www/html/
wget -c http://superb-west.dl.sourceforge.net/sourceforge/gregarius/gregarius-0.6.1.tar.gz
tar xf gregarius-*.tar.gz
Database Creation
Gregarius uses a MySQL database to store and search the feeds you’re subscribed to. The next step in installing this server-side feed reader is to create your database.
mysql -u root -p
[PASSWORD]
create database rss;
quit;
Configuration
The last step is updating the configuration file to know how to connect to the database, and what database to use. This configuration is found in the gregarius folder, inside the dbinit.php.sample. You’ll want to rename this file to dbinit.php and update with your database changes. The fields you’ll need to update are:
define ('DBTYPE','mysql');
define ('DBNAME','rss');
define ('DBUNAME','db_user');
define ('DBPASS', 'db_password');
define ('DBSERVER', 'localhost');
Once this is done you should be able to start using your Gregarius installation at: http://yoursite.com/rss/ Enjoy!
If you have any issues installing or using Gregarius please comment and let me know. I’d really love to see more people using this, and if that means doing a bit of support and recruiting on my own, then so be it.
14 Mar 09 Install Chromium Browser on Arch Linux
Update: I’ve submitted a patch to the existing PKGBUILD in the AUR which brings the Chromium Browser up to yesterdays nightly build. Much improved from the previous.
I saw a post recently on the Planet Ubuntu Users, again by Stefano Forenza, regarding installing and testing the latest daily Chromium browser builds. That got me curious so I started poking around and found an available package for Arch Linux by way of the Arch User Repository. Installation was simple enough and the browser works, but I should mention that it is *very* alpha quality. None of the menu buttons worked for me and I wasn’t able to make use of tab functionality. It is nice to see that some progress is being made though on the Linux platform.
Chromium on Linux
Now that we’ve seen the obligatory screenshot I’ll outline the few simple steps to installing it on Arch.
Method 1
Using the yaourt tool you can install directly from the Arch User Repository. There are a few packages available, but this appears to be the only native package, and not a variant requiring the use of Wine.
yaourt -S chromium-browser
Once this is installed you’ll be able to launch it from your Applications menu. You should note that due to the alpha nature of this client it will also automagically launch with a debug window terminal. If this is closed the browser will close as well. During these early stages this is still a requirement due to the number of issues and amount of debugging required.
Method 2
The second method still requires installing the package from the Arch User Repository, but doesn’t require the yaourt frontend. These steps are as follows:
- Download the chromium-browser tarfile from the Arch User Repository.
- tar xf chromium-browser.tar.gz
- cd chromium-browser/
- makepkg -i
At the time of this writing the Arch User Repository package is marked as out of date. Again, install the package and use the browser at your own risk. It is still very, very alpha.
30 Oct 08 Restrict Edit-Access to MediaWiki
I setup a personal wiki some time ago but it quickly was overrun by spam. Just about the point that I considered abandoning it altogether I figured out how to restrict edit access. This post, more than anything, is a note to myself… but as always it’ll end up on the Google machine and hopefully help someone else.
The following changes should be added (anywhere) to your LocalSettings.php.
Restrict anonymous editing:
$wgGroupPermissions['*']['edit'] = false;
Restrict editing by all non-sysop users:
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = false;
$wgGroupPermissions['sysop']['edit'] = true;
Restrict editing by absolutely everyone:
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = false;
$wgGroupPermissions['sysop']['edit'] = false;
Here’s to less spam on the interweb!
Tags: Interweb, localsettings.php, spam
