HYIP-Man: January 2008
Tuesday, January 29, 2008
Three low-cost Linux PCs
EverexgPC

Wal-Mart sells this Everex gPC for $198. It's bundled with speakers, a mouse, and a keyboard, and it comes with 24-hour tech support. The operating system is called gOS, a version of Ubuntu 7.10. Despite the fact that many mainstream consumers have likely never even heard of Ubuntu, Wal-Mart is having trouble keeping the gPC in stock.




Mirus Linspire

Mirus and Linspire collaborated on the Mirus Linux PC, which is now for sale at Sears.com. Its retail price is $299, but an included $100 rebate brings it to $199. It comes preloaded with Freespire 2.0, an Ubuntu-based Linux distribution.




shuttle kpc

At the Consumer Electronics Show earlier this month, Shuttle introduced its KPC. It'll include an Intel Celeron processor, a 945GC chipset, 512MB of memory, and either a 60GB or 80GB hard drive. What it won't have: an optical drive or a PCI Express slot. It comes in red, blue, white, and black, each with a different icon stamped on the front. Shuttle also says there will also be a $99 bare-bones version of the KPC. That version will have the option of upgrading to a Core 2 Duo processor and 1GB of memory.

source:DISCOVIX

Labels: ,

Wednesday, January 23, 2008
60 Cool Websites
All listed websites are FREE (or come with a decent free account option).

(1) Doodle - Next time you need to schedule a meeting, try Doodle: it’s smart, simple, fast, and doesn’t require any sign-up.

(2) MyVoipProvider - Compare VoIP calling rates to any country worldwide. MyVoipProvider looks through hundreds of popular VoIP providers (Skype, VoipBuster, Jajah etc.) and lists them based on the calling rates.

(3) PhoneSpell - Ever wonder what the letters that are associated with your phone number spell out. This is the place to find it out.

(4) phpForm - Great online form creator for those who aren’t sure of HTML. Create forms quickly and efficiently.

(5) Pingie - Free RSS to SMS service that allows users to forward RSS feeds to mobile phones.

(6) SwarmSketch - Online sketch board where 1000s of people collaborate on all kinds of sketches. Each week SwarmSketch randomly chooses some popular search term and makes it the sketch subject for the week.

(7) SubwayMaps - Find and print subway and metro maps for almost any city that has a subway. In addition to maps you can also get such info as hours of operation, ticket price, related subway images, etc.

(8) WebFormFactory - Every online form needs a backend code, something that grabs the input data and processes it. WFF is an open source online form generator which automatically generates the necessary backend code to tie your form to a database. Combine it with above phpForm, and you have everything you need to design and place forms on your website.

(9) WhatTheFont - Online font recognition tool that identifes the font type (Arial, Helvetica, Time New Roman, Tahoma etc.) by scanning font image.

(10) YouTorrent - Newly launched torrent search site that enables users to search and compare torrents from 12 popular torrent engines (Mininova, The Pirate Bay … ) simultaneously.

(11) ATMLocator - Instantly locate and get address details for nearby ATM Cash Machines in almost any country worldwide.

(12) BrowserShots - Web-based browser combatibility check tool that allows designers to preview website look in all popular browsers at the same time.

(13) Digby - Use your BlackBerry to find, browse and buy popular merchandise including books, music, DVDs, flowers etc.

(14) Meemix - Online music recommendation service that serves you custom playlists (aka ‘Mee stations’) based on selected songs or artists. Create stations, share stations with friends, tune-in to stations created by other members, etc.

(15) MobSaver - Lookup (compare) product prices on Amazon and eBay via text messaging. Just text UPC or ISBN number of any item to ’save@mobsaver.com’ and shortly after you should receive a text message with the item prices on Amazon and eBay.

(16) PDFHammer - Extremely useful online tool that lets you merge and rearrange PDF documents online.

(17) PriceHub - If you are in the market for a new car, or want to sell one, you can use PriceHub to get a fairly good idea about how much other people have paid for a similar car.

(18) PrintFreeGraphPaper - Create and print custom graph paper sheets. Perfect for science and math students, craft projects etc.

(19) ScrubIT - Free DNS service that offers a bunch of useful improvements to your internet connection. These include better connection speed, automatic blocking of malicious websites and domain typo fixer.

(20) toRead - Tiny browser bookmarklet that sends current webpage to your email address. Just click on ‘toread’ button on yout toolbar and the page will be forwarded to your email.

(21) Bodocus - Love to watch documentaries ? Bodocus is a documentary movie directory where you can freely access and stream over 650 documenatary movies.

(22) CanYouRunIt - One-click web utility that inspects your computer’s hardware and configuration settings to determine whether or not your system can run a particular game. Must-have bookmark for any gamer.

(23) CoverItLive - Stream live commentary onto your web pages or blog so your readers can follow you in real time. Extremely useful for live coverage of events, conferences, interviews etc. In addition to commentary you can also post polls, youtube videos, images from Google, accept questions from viewers, etc.

(24) IM-History - Desktop application that lets your save and sync your IM conversations for multiple instant messengers in one place. Whether you’re on Skype, MSN, AIM, ICQ, at work or at home, you can have all chat conversations securely stored in one place.

(25) InstaSaver - Free web-based screensaver maker that lets you transform your favorite photos into a Windows screensaver.

(26) PixDrop - Easily send pictures from a computer to your mobile phone. If you need a new wallpaper for your phone PixDrop is one of the faster and free ways to get it.

(27) SendMeRSS - Simple ‘RSS to email service’ that allows you to receive latest posts from your favorite blogs or websites by email. SendMeRSS checks each of the websites you’ve selected at least once in every two hours. If there is something new it gets instantly forwarded to your email.

(28) SurfTheChannel - Yet another online destination for streaming popular TV content for free. Stream TV shows, movies, documentaries, anime shows, etc.

(29) Taskado - Online project manager and collaboration tool for teams: collaborate on projects, delegate tasks to others, assign different priviledges to each collaborator, etc.

(30) TimeBridge - Fully automated meeting manager that can schedule and organize meetings for you. It’s free, takes less than a minute to sign-up and fully integrable with M. Outlook and Google Calendar.

(31) Adobe Share - Online document storage and sharing service from Adobe. Store and share office files from one centralized location and access it from any PC.

(32) Clip2Net - Must-have for anyone who frequently deals with screenshots. It’s a small desktop client that lets you easily capture and annotate screenshots (add highlights, arrows, …) and embed ready screenshots on any webpage. It’s also an excellent file sharing client.

(33) MeBeam - The simplest way to setup informal video / audio conference calls with with up to 18 people simultaneously. No sign-up or download required.

(34) Keybr - Quick and easy online training tool to practice your touch typing skills.

(35) Morale-O-Meter - Keep track of your morale, health, sleep, alcohol and caffeine consumption on a daily basis. Plot everything on a graph, share graphs with friends, compare your stats against others, and so on.

(36) Nymbler - Smart baby name guide to help you find the ideal name for your newborn.

(37) OhDontForget - Free mobile text messaging service with the option to schedule SMS delivery on any date and time you want. No registration required.

(38) reQall - reQall helps you remember stuff when you’re on the go - ideas, appointments, phone numbers, anything. Just dial provided toll-free number and ask reqall to remember it.

(39) Visual Dictionary - Visual dictionary from Merriam-Webster.

(40) Web-Alerts - Watches your favorite blogs or websites for updates and texts you as soon as there is something new.

(41) AirlineMeals - “The world’s first and leading site about nothing but airline food”. Excellent community where travelers submit, review and discuss airline meals.

(42) CameraSummary - Web-based image data extractor that extracts additional information from the JPEG images. Just upload your picture and it will instantly tell you what model of digicam was used, image creation date, camera resolution settings and lots of other details.

(43) CuePrompter - First of a kind, online teleprompter (autocue) service. Copy ‘n paste some text to CuePromter and it will run an enlarged line-by-line copy of it.

(44) Google Mobilizer - Free tool to mobilize any website and make it accessible from your mobile phone or PDA.

(45) Kwout - Handy web-based quote maker that allows you to quote a webpage (or part of it) as an image with an image map (screenshots that can have links in them).

(46) MoDazzle - This service allows you to access Facebook, LinkedIn and dozens of other web services (local directory services, weather, stock quotes, etc.) via email or mobile text messaging (sms): Update your Facebook ’status’, get ‘un-read’ messages from your Facebook inbox, get someone’s profile info from LinkedIn, request driving directions, read restaurant reviews, get location of the nearest Starbucks, and more.

(47) NetworkText - Free texting service for groups. Upload your contacts, organize contacts into groups, and send free group text messages both from web or mobile phone.

(48) OSLiving - Nicely organized collection of best open source software package in one place.

(49) PicMarkr - Finally, free online service to watermark your images. PicMarkr allows you to protect and brand your images by adding a custom image or text watermarks.

(50) Resolio - Free service to create and publish professionally looking resumes online.

(51) StumbleUpon - StumbleUpon’s service lets users bookmark and discover new sites they love.

(52) Twitter - Twitter, the new addictive microblogging platform.

(53) Netvibes - Based in London, Tariq Karim and Freddy Mini’s Netvibes has made waves in the U.S. as a top personalized web portal.

(54) Meebo - Meebo made instant messaging ubiquitous by bringing it online. They then developed it into a platform where anyone could add chat to their applications.

(55) Zoho - Zoho’s comprehensive online suite of 14 business applications ranging from document editing to CRM continues to lead the way in the move away from desktop computing to working in the cloud.

(56) iMedix - iMedix combines search and social networking to change the way people find health information online. Users are encouraged to help each other by sharing health experiences and links from around the web.

(57) ZapTXT - Get RSS feed updates in your IM program with ZapTXT.

(58) MetrO - Métro is a free worldwide public transport guide can be used on the web and on most existing smart phones. Download the program for over 250 cities wordlwide and have an easy subway, bus and tram station guide rite on your phone. It lets you calculate travel time, major landmarks (in major cities), shortest distances and of-course travel direction between any stations.

(59) TripIt - TripIt is a handy itinerary planner for those going on an independent trip. Simply forward your individual booking confirmations, reservation emails etc. TripIt recognizes these emails and creates a master itinerary that puts together all the individual pieces, provides extra information where appropriate (maps, weather information etc), enables the user to add notes and ultimately share and collaborate on this master itinerary with others.

(60) Browsercam - Screen capture and Remote Access service for cross platform compatibility testing and HTML design quality assurance.

source:
Powered LINK
Tuesday, January 22, 2008
Automating Firefox with iMacros
Do you have some mundane task that you have to do regularly through a Web browser? Are you a developer who wants to automatically test the interface of your latest Web application? Maybe you want to log into all of the sites you visit on a daily basis with one click. If you fall into any of these categories, you should check out the iMacros Firefox extension.

The iMacros for Firefox is a record and playback automation tool for the browser. The extension uses the Firefox engine to track all actions and record them in scripts that can be saved, shared, and loaded for playback. It supports most JavaScript, which sets iMacros apart from most freely available Web automation tools. The free version of iMacros cannot record actions performed on Flash objects, Java applets, or any other third-party plugins, but a $500 business edition has support for various plugins, including Flash, Java, and Silverlight.

iOpus, the company that makes iMacros, also has a free Internet Explorer version of iMacros. Each version of iMacros can run the other's scripts, so you can create testing scripts once and test on both browsers.

Once installed, iMacros adds a new button in the main navigation bar. When you click the button, a sidebar opens to display a list of recorded macros, along with a few tabs and buttons to control the macros.

To record a macro, click on the Rec tab then the Record button, then go into the main browser window. Everything you do will be recorded by iMacros and made into a script. When you are ready to stop recording, click the stop button in the iMacros sidebar. iMacros saves the current macro script as #Current.iim in its list of macros. You can play the script by clicking the Play tab then the Play button. You can stop or pause playback at any point during execution by clicking the respective button.

You can store a macro you just created in one of two ways: Either click the Save button on the Rec tab, or right-click the #Current.iim macro and choose Rename from the menu.

iMacros also has several features to manage macros. One of the most useful is the ability to edit a macro script by hand. To do this, select a macro, click the Edit tab, then the Edit Macro button. This will open a small text editor with the macro script preloaded. This feature gives you the ability to fine-tune your macros. If you would rather use a different text editor to modify the script, you can tell iMacros what editor to use in the options dialog of the Edit tab. You can change several other settings as well using this dialog.

Another useful feature is the ability to play a macro in a loop. On the Play tab you can tell iMacros how many times you want to play the selected macro by providing a Max value then clicking the Play (Loop) button. This feature gives you the ability to load-test an application and a server. By sharing and simultaneously running a macro on several computers, you can get a real-world idea of just how much traffic your services can handle.

Article written By Chad Files



Labels: ,

Sun acquires MySQL
Jonathan Schwartz: “We announced big news today - our preliminary results for our fiscal second quarter, and as importantly, that we’re acquiring MySQL AB.”

Details on the Sun-MySQL Deal

Labels:

Protect your WINDOWS while Running Suspicious Programs
As a general rule of thumb, you should never download freeware apps unless it comes from a reputable source. Otherwise you could be letting yourself in for a whole lot of trouble if that cool little freeware app happens to contain malicious code. However if you MUST try out a new program which has come from dubious sources, you can use a Windows feature to protect your PC.

When you have downloaded the program, don’t double-click to install it just yet. First, right-click on the program icon and choose “run as”. When the “run as” box comes up, Select “current user” and make sure the “protect my computer and data from unauthorized program activity” box is ticked. Then click OK. You can then do a limited installation of the program in “safe mode” so you can check it out. Having the “protect my computer” option ticked means that the Registry can be read by the application but the application can’t change anything in the Registry. So if there is any rogue code in that freeware app, it won’t wreak any havoc on your PC.

When you are convinced that the app is OK, come out of the safe mode and install the program properly.
source

Labels: ,

Plugins for BidVertiser Ads for Feeds
Following the successful launch of BidVertiser Ads for Feeds, They have now added 3 unique solutions that allow you to  keep your current feed address (including FeedBurner!) when running BidVertiser ads for Feeds:

1. WordPress Plugin to allow you to seamlessly embed the BidVertiser Ads in your feeds.
2. Solution for FeedBurner that allows you to embed the BidVertiser Ads in your current FeedBurner address (and keep your Subscribers Count!).
3. Solution for Blogger that allows you to embed the BidVertiser Ads in the footer of each of your post feeds.

All of those great features are now available for you in your publisher control panel under the Get Feed Widget button (after registering a feed).
If you are new to BidVertiser, click here to create a publisher account.

Labels: , , ,

Sunday, January 13, 2008
KDE 4.0 Released
The KDE Community is thrilled to announce the immediate availability of KDE 4.0. This significant release marks both the end of the long and intensive development cycle leading up to KDE 4.0 and the beginning of the KDE 4 era.
more

Labels: ,

Saturday, January 12, 2008
Ubuntu Hardy Heron Alpha 3 released
Steve Langasek has announced that the third alpha release of Ubuntu 8.04
full story

Labels:

Friday, January 11, 2008
Recommended Money Makers


Get Chitika eMiniMalls
Interactive Merchandise Kiosks Get paid per click (PPC)!
Chitika's flagship product, eMiniMalls, brings product promotion to life on the web. Provide your users with relevant content and comparative shopping information without even leaving your site!

Features & Benefits
  • Choose from thousands of products to feature – from iPods to baby strollers.
  • A convenient, non-intrusive and interactive shopping experience for your audience.
  • Geo-targeting in U.S., Canada, Europe, New Zealand and Australia allows you to display localized merchants, products and prices.
  • Intelligent coding learns and adapts to emphasize products your viewers are interested in buying.
  • As users interact with eMiniMalls you earn PPC revenue.




HOW DOES IT WORK?

  • Complete the sign-up form
  • Paste the text-ads HTML code onto your website
  • Customize the ads layout to fit your site
  • Always have the highest bidders appearing on your ad space
  • Get paid for every click

What is BidVertiser Publishers Program?
BidVertiser Publishers Program is a fast and easy to use way for publishers of all sizes to display unobtrusive text ads on their website and earn money. The program is free and BidVertiser pays you for valid clicks on the ads on your site. You simply paste an HTML code into your web pages and ads will instantly start appearing. Advertisers will bid against each other for your ad space, while our 3rd generation bidding-based ad serving system will always display the highest bidders, those that will generate the maximum revenue for your advertising space.





How does the AdBrite Marketplace work?
AdBrite, "The Internet's Ad Marketplace", is an e-commerce site. Rather than selling books, CDs, or rare antiques, we sell ad space on thousands of websites. So whether you are an advertiser looking for the right space to place your ad, or a publisher looking for a simple, yet powerful way to make money and sell ad space on your site, AdBrite is your marketplace.

Getting started is easy. Simply sign up with AdBrite, paste a small snippet of AdBrite HTML on your site. You can be ready to start selling ads to users on your site, as well as advertisers that use the AdBrite network, in minutes!

It is free and easy to set up as an AdBrite publisher. Through a small snippet of HTML placed on your site, we handle serving, scheduling, billing, customer service, and sales. AdBrite takes a percentage of the ad sales, depending on the type of ads you are selling.
Your minimum check amount is $20.00 by default, but you may change it to any value you like.


Labels: , , ,

Thursday, January 10, 2008
Bidvertiser Add RSS Advertising
a new way to monetize your RSS/ATOM feeds - BidVertiser Ads for Feeds:

Now you can display the BidVertiser CPC ads in your feeds, as well as get access to our various multiple-subscription Feed Widgets that will help you publicize your new feed.Here is how it works:

1. Login to your publisher account and click "Add New BidVertiser". During the Public Beta, you may also click the "Public Beta" link. If you are new to BidVertiser, click here to create a publisher account.
2. Make sure you are under the BidVertiser for your Feed tab.
3. Provide your feed URL and title and click Next.
4. Verify your feed ownership by adding a temporary post with a unique verification code we provide you with.
5. Choose your favorite multiple-subscription Feed Widget and add it to your website or blog. Detail instructions for each of the major blog platforms is provided as part of the process.

You're done!


Labels: , ,

Tuesday, January 08, 2008
First look at KDE 4.0.0 with screenshots
KDE 4.0.0 is days away from being released. In this post I show you some pieces of the final look of KDE4.0.0 and mention some of the most anticipated features of this great step forward for the Free software desktop. Let's take a look at the final state of this highly anticipated release.


Starting up

I have been following the development of KDE4 for quite a few months now. The version I base this post on is from the main KDE development (trunk in svn) at the time of the release tagging freeze. As such it should be very similar to the packages you will receive from your favorite distribution on the 11th.

startingup kde 4 photo



Progress all around

Many of the new frameworks are still almost unused in the user interface of the first KDE4 release. But some more obvious and easily implementable changes have already appeared in KDE4.0.0.


Graphics

Oxygen: Originally planned as the new icon set for KDE4, Oxygen has re-defined all aspects of KDE's user interface, including the window decorations and theme.



Plasma: Plasma is the new desktop shell of KDE4, one of the most anticipated components of KDE4 and the one which was started last.


plasma photo

Because of its late start plasma has not realized its full potential yet, but as with many things in KDE4.0.0 it will gain features rapidly in the future. Plasma's vision is a lot more than to display a panel and cool looking widgets. Stay tuned, already KDE4.1 will introduce new features.

KWin: KWin has been a very robust window manager for a long time. New in KDE4 is its ability to use desktop effects, window shadows and subtle animations. These features depend on the availability of OpenGL or at least XRender, which are not fully supported on all graphics cards yet although the situation is improving rapidly.

kwin photo



Applications

Dolphin: The new default file manager in KDE4. While Konqueror has retained its ability to manage files (and cook coffee) dolphin is written specifically for this task.




The first visible piece of KDE4's new semantic search backend Nepomuk (the name won't be visible in the UI) is dolphin's ability to annotate and rate files.
In the future Nepomuk and Strigi will help you answer questions like "Who gave me this file?" or "What sources did I use on that KDE4.0.0 blog post?"
Progress in Qt4 (the toolkit KDE4 is based on) allows user interface polish like dolphin's sidebar, which changes its layout dynamically as the user drags it. No screenshot, you have to see this one in action.

Gwenview: KDE's image viewer Gwenview has received a lot of polish while it was ported to KDE4 and handles really, really well.


Gwenview photo

Okular: The new document viewer for KDE4, based on KDE3's KPDF application. It sports annotation features, previews, presentation mode, bookmarks and support for no less than 28 file types in my build.

Okular photo

Unreleased Applications

Amarok: The famous KDE based audio player has been ported to KDE4 and is receiving a major overhaul. It is currently in pre-alpha state, but I have been able to use it normally over the last few weeks. When it is ready, it may also be released for windows.



Dragon Player: Based on the Codein video player from the KDE3 days, Dragon Player continues a successful carrier as a simple and enjoybale video player.


These are some of the highlights of the upcoming KDE4.0.0. I hope you enjoyed this preview and have come to share my opinion that KDE4 is going to rock!

Take a look at this album for these and a few more screenshots I didn't include in this post.
source:drowstar.blogspot.com

Labels: ,

The most complete list of commands on linux
COMMAND DESCRIPTION
System information
arch show architecture of machine
uname -r show used kernel version
dmidecode -q show hardware system components - (SMBIOS / DMI)
hdaparm -i /dev/hda displays the characteristics of a hard-disk
hdparm -tT /dev/sda perform test reading on a hard-disk
cat /proc/cpuinfo show information CPU info
cat /proc/interrupts show interrupts
cat /proc/meminfo verify memory use
cat /proc/swaps show file(s) swap
cat /proc/version show version of the kernel
cat /proc/net/dev show network adpters and statistics
cat /proc/mounts show mounted file system(s)
lspci -tv display PCI devices
lsusb -tv show USB devices
date show system date
cal 2007 show the timetable of 2007
date 041217002007.00 set date and time - MonthDayhoursMinutesYear.Seconds
clock -w



save date changes on BIOS
Shutdown, Restart of a system and Logout
shutdown -h now shutdown system
init 0
telinit 0
shutdown -r hours:minutes & planned shutdown of the system
shutdown -c cancel a planned shutdown of the system
shutdown -r now reboot
reboot
logout leaving session
Files and Directory
cd /home enter to directory '/ home'
cd .. go back one level
cd ../.. go back two levels
cd go to home directory
cd ~utente go to home directory
cd - go to previous directory
pwd show the path of work directory
ls view files of directory
ls -F view files of directory
ls -l show details of files and directory
ls -a show hidden files
ls *[0-9]* show files and directory containing numbers
lstree show files and directories in a tree starting from root
mkdir dir1 create a directory called 'dir1'
mkdir dir1 dir2 create two directories simultaneously
mkdir -p /tmp/dir1/dir2 create a directory tree
rm -f file1 delete file called 'file1'
rmdir dir1 delete directory called 'dir1'
rm -rf dir1 remove a directory called 'dir1' and contents recursively
rm -rf dir1 dir2 remove two directories and their contents recursively
mv dir1 new_dir rename / move a file or directory
cp file1 file2 copying a file
cp dir/* . copy all files of a directory within the current work directory
cp -a /tmp/dir1 . copy a directory within the current work directory
cp -a dir1 dir2 copy a directory
ln -s file1 lnk1 create a symbolic link to file or directory
ln file1 lnk1 create a physical link to file or directory
touch -t 0712250000 fileditest modify timestamp of a file or directory - (YYMMDDhhmm)
File search
find / -name file1 search file and directory into root filesystem from '/'
find / -user user1 search files and directories belonging to 'user1'
find /home/user1 -name \*.bin search files with '. bin' extension within directory '/ home/user1'
find /usr/bin -type f -atime +100 search binary files are not used in the last 100 days
find /usr/bin -type f -mtime -10 search files created or changed within 10 days
find / -name \*.rpm -exec chmod 755 {} ; search files with '.rpm' extension and modify permits
find / -xdev -name \*.rpm search files with '.rpm' extension ignoring removable partitions as cdrom, pen-drive, etc.…
locate \*.ps find files with the '.ps' extension - first run 'updatedb' command
whereis halt show location of a binary file, source or man
which halt show full path to a binary / executable
Mounting a Filesystem
mount /dev/hda2 /mnt/hda2 mount disk called hda2 - verify existence of the directory '/ mnt/hda2'
umount /dev/hda2 unmount disk called hda2 - exit from mount point '/ mnt/hda2' first
fuser -km /mnt/hda2 force umount when the device is busy
umount -n /mnt/hda2 run umount without writing the file /etc/mtab - useful when the file is read-only or the hard disk is full
mount /dev/fd0 /mnt/floppy mount a floppy disk
mount /dev/cdrom /mnt/cdrom mount a cdrom / dvdrom
mount /dev/hdc /mnt/cdrecorder mount a cdrw / dvdrom
mount /dev/hdb /mnt/cdrecorder mount a cdrw / dvdrom
mount -o loop file.iso /mnt/cdrom mount a file or iso image
mount -t vfat /dev/hda5 /mnt/hda5 mount a Windows FAT32 file system
mount /dev/sda1 /mnt/usbdisk mount a usb pen-drive or flash-drive
mount -t smbfs -o username=user,password=pass //winclient/share /mnt/share mount a windows network share
Disk Space
df -h show list of partitions mounted
ls -lSr |more show size of the files and directories ordered by size
du -sh dir1 estimate space used by directory 'dir1'
du -sh * | sort -rn show size of the files and directories sorted by size
rpm -q -a --qf '%10{SIZE}\t%{NAME}\n' | sort -k1,1n show space used by rpm packages installed sorted by size (fedora, redhat and like)
dpkg-query -W -f='${Installed-Size;10}\t${Package}\n' | sort -k1,1n show space used by deb packages installed sorted by size (ubuntu, debian and like)
Users and Groups
groupadd group_name create a new group
groupdel group_name delete a group
groupmod -n new_group_name old_group_name rename a group
useradd -c "Nome Cognome" -g admin -d /home/user1 -s /bin/bash user1 create a new user belongs "admin" group
useradd user1 create a new user
userdel -r user1 delete a user ( '-r' eliminates home directory)
usermod -c "User FTP" -g system -d /ftp/user1 -s /bin/nologin user1 change user attributes
passwd change password
passwd user1 change a user password (only by root)
chage -E 2005-12-31 user1 set deadline for user password
pwck check correct syntax and file format of '/etc/passwd' and users existence
grpck check correct syntax and file format of '/etc/group' and groups existence
newgrp group_name log in to a new group to change default group of newly created files
Permits on File - use "+" to set permissions and "-" to remove
ls -lh show permits
ls /tmp | pr -T5 -W$COLUMNS divide terminal into 5 columns
chmod ugo+rwx directory1 set permissions reading (r), write (w) and (x) access to users owner (u) group (g) and others (o)
chmod go-rwx directory1 remove permits reading (r), write (w) and (x) access to users group (g) and others (or
chown user1 file1 change owner of a file
chown user1 -R directory1 change user owner of a directory and all the files and directories contained inside
chgrp gruppo1 file1 change group of files
chown user1:gruppo1 file1 change user and group ownership of a file
find / -perm -u+s view all files on the system with SUID configured
chmod u+s /bin/file_eseguibile set SUID bit on a binary file - the user that running that file gets same privileges as owner
chmod u-s /bin/file_binario disable SUID bit on a binary file
chmod g+s /home/public set SGID bit on a directory - similar to SUID but for directory
chmod g-s /home/public disable SGID bit on a directory
chmod o+t /home/comune set STIKY bit on a directory - allows files deletion only to legitimate owners
chmod o-t /home/comune disable STIKY bit on a directory
Special Attributes on file - use "+" to set permissions and "-" to remove
chattr +a file1 allows write opening of a file only append mode
chattr +c file1 allows that a file is compressed / decompressed automatically by the kernel
chattr +d file1 makes sure that the program ignores Dump the files during backup
chattr +i file1 makes it an immutable file, which can not be removed, altered, renamed or linked
chattr +s file1 allows a file to be deleted safely
chattr +S file1 makes sure that if a file is modified changes are written in synchronous mode as with sync
chattr +u file1 allows you to recover the contents of a file even if it is canceled
lsattr show specials attributes
Archives and compressed files
bunzip2 file1.bz2 decompress a file called 'file1.bz2'
bzip2 file1 compress a file called 'file1'
gunzip file1.gz decompress a file called 'file1.gz'
gzip file1 compress a file called 'file1'
gzip -9 file1 compress with maximum compression
rar a file1.rar test_file create an archive rar called 'file1.rar'
rar a file1.rar file1 file2 dir1 compress 'file1', 'file2' and 'dir1' simultaneously
rar x file1.rar decompress rar archive
unrar x file1.rar decompress rar archive
tar -cvf archive.tar file1 create a uncompressed tarball
tar -cvf archive.tar file1 file2 dir1 create an archive containing 'file1', 'file2' and 'dir1'
tar -tf archive.tar show contents of an archive
tar -xvf archive.tar extract a tarball
tar -xvf archive.tar -C /tmp extract a tarball into / tmp
tar -cvfj archive.tar.bz2 dir1 create a tarball compressed into bzip2
tar -xvfj archive.tar.bz2 decompress a compressed tar archive in bzip2
tar -cvfz archive.tar.gz dir1 create a tarball compressed into gzip
tar -xvfz archive.tar.gz decompress a compressed tar archive in gzip
zip file1.zip file1 create an archive compressed in zip
zip -r file1.zip file1 file2 dir1 compress in zip several files and directories simultaneously
unzip file1.zip decompress a zip archive
RPM Packages - Fedora, Red Hat and like
rpm -ivh package.rpm install a rpm package
rpm -ivh --nodeeps package.rpm install a rpm package ignoring dependencies requests
rpm -U package.rpm upgrade a rpm package without changing configuration files
rpm -F package.rpm upgrade a rpm package only if it is already installed
rpm -e package_name.rpm remove a rpm package
rpm -qa show all rpm packages installed on the system
rpm -qa | grep httpd show all rpm packages with the name "httpd"
rpm -qi package_name obtain information on a specific package installed
rpm -qg "System Environment/Daemons" show rpm packages of a group software
rpm -ql package_name show list of files provided by a rpm package installed
rpm -qc package_name show list of configuration files provided by a rpm package installed
rpm -q package_name --whatrequires show list of dependencies required for a rpm packet
rpm -q package_name --whatprovides show capability provided by a rpm package
rpm -q package_name --scripts show scripts started during installation / removal
rpm -q package_name --changelog show history of revisions of a rpm package
rpm -qf /etc/httpd/conf/httpd.conf verify which rpm package belongs to a given file
rpm -qp package.rpm -l show list of files provided by a rpm package not yet installed
rpm --import /media/cdrom/RPM-GPG-KEY import public-key digital signature
rpm --checksig package.rpm verify the integrity of a rpm package
rpm -qa gpg-pubkey verify integrity of all rpm packages installed
rpm -V package_name check file size, permissions, type, owner, group, MD5 checksum and last modification
rpm -Va check all rpm packages installed on the system - use with caution
rpm -Vp package.rpm verify a rpm package not yet installed
rpm2cpio package.rpm | cpio --extract --make-directories *bin* extract executable file from a rpm package
rpm -ivh /usr/src/redhat/RPMS/`arch`/package.rpm install a package built from a rpm source
rpmbuild --rebuild package_name.src.rpm build a rpm package from a rpm source
YUM packages updater - Fedora, RedHat and like
yum install package_name download and install a rpm package
yum update update all rpm packages installed on the system
yum update package_name upgrade a rpm package
yum remove package_name remove a rpm package
yum list list all packages installed on the system
yum search package_name find a package on rpm repository
yum clean packages clean up rpm cache erasing downloaded packages
yum clean headers remove all files headers that the system uses to resolve dependency
yum clean all remove from the cache packages and headers files
DEB packages - Debian, Ubuntu and like
dpkg -i package.deb install / upgrade a deb package
dpkg -r package_name remove a deb package from the system
dpkg -l show all deb packages installed on the system
dpkg -l | grep httpd show all rpm packages with the name "httpd"
dpkg -s package_name obtain information on a specific package installed on system
dpkg -L package_name show list of files provided by a package installed on system
dpkg --contents package.deb show list of files provided by a package not yet installed
dpkg -S /bin/ping verify which package belongs to a given file
APT packages updater - Debian, Ubuntu e like
apt-get install package_name install / upgrade a deb package
apt-cdrom install package_name install / upgrade a deb package from cdrom
apt-get update update all deb packages installed on system
apt-get remove package_name remove a deb package from system
apt-get check verify correct resolution of dependencies
apt-get clean clean up cache from packages downloaded
View file content
cat file1 view the contents of a file starting from the first row
tac file1 view the contents of a file starting from the last line
more file1 view content of a file along
less file1 similar to 'more' command but which allows backward movement in the file as well as forward movement
head -2 file1 view first two lines of a file
tail -2 file1 view last two lines of a file
tail -f /var/log/messages view in real time what is added to a file
Text Manipulation
cat file_test | [operation: sed, grep, awk, grep, etc] > result.txt syntax to elaborate the text of a file, and write result to a new file
cat file_originale | [operazione: sed, grep, awk, grep, etc] >> result.txt syntax to elaborate the text of a file and append result in existing file
grep Aug /var/log/messages look up words "Aug" on file '/var/log/messages'
grep ^Aug /var/log/messages look up words that begin with "Aug" on file '/var/log/messages'
grep [0-9] /var/log/messages select from file '/var/log/messages' all lines that contain numbers
grep Aug -R /var/log/* search string "Aug" at directory '/var/log' and below
sed 's/stringa1/stringa2/g' example.txt replace "string1" with "string2" in example.txt
sed '/^$/d' example.txt remove all blank lines from example.txt
sed '/ *#/d; /^$/d' example.txt remove comments and blank lines from example.txt
echo 'esempio' | tr '[:lower:]' '[:upper:]' convert from lower case in upper case
sed -e '1d' result.txt eliminates the first line from file example.txt
sed -n '/stringa1/p' view only lines that contain the word "string1"
sed -e 's/ *$//' example.txt remove empty characters at the end of each row
sed -e 's/stringa1//g' example.txt remove only the word "string1" from text and leave intact all
sed -n '1,5p;5q' example.txt view from 1th to 5th row
sed -n '5p;5q' example.txt view row number 5
sed -e 's/00*/0/g' example.txt replace more zeros with a single zero
cat -n file1 number row of a file
cat example.txt | awk 'NR%2==1' remove all even lines from example.txt
echo a b c | awk '{print $1}' view the first column of a line
echo a b c | awk '{print $1,$3}' view the first and third column of a line
paste file1 file2 merging contents of two files for columns
paste -d '+' file1 file2 merging contents of two files for columns with '+' delimiter on the center
sort file1 file2 sort contents of two files
sort file1 file2 | uniq sort contents of two files omitting lines repeated
sort file1 file2 | uniq -u sort contents of two files by viewing only unique line
sort file1 file2 | uniq -d sort contents of two files by viewing only duplicate line
comm -1 file1 file2 compare contents of two files by deleting only unique lines from 'file1'
comm -2 file1 file2 compare contents of two files by deleting only unique lines from 'file2'
comm -3 file1 file2 compare contents of two files by deleting only the lines that appear on both files
Character set and Format file conversion
dos2unix filedos.txt fileunix.txt convert a text file format from MSDOS to UNIX
unix2dos fileunix.txt filedos.txt convert a text file format from UNIX to MSDOS
recode ..HTML < page.txt > page.html convert a text file to html
recode -l | more show all available formats conversion
Filesystem Analysis
badblocks -v /dev/hda1 check bad blocks in disk hda1
fsck /dev/hda1 repair / check integrity of linux filesystem on disk hda1
fsck.ext2 /dev/hda1 repair / check integrity of ext2 filesystem on disk hda1
e2fsck /dev/hda1 repair / check integrity of ext2 filesystem on disk hda1
e2fsck -j /dev/hda1 repair / check integrity of ext3 filesystem on disk hda1
fsck.ext3 /dev/hda1 repair / check integrity of ext3 filesystem on disk hda1
fsck.vfat /dev/hda1 repair / check integrity of fat filesystem on disk hda1
fsck.msdos /dev/hda1 repair / check integrity of dos filesystem on disk hda1
dosfsck /dev/hda1 repair / check integrity of dos filesystems on disk hda1
Format a Filesystem
mkfs /dev/hda1 create a filesystem type linux on hda1 partition
mke2fs /dev/hda1 create a filesystem type linux ext2 on hda1 partition
mke2fs -j /dev/hda1 create a filesystem type linux ext3 (journal) on hda1 partition
mkfs -t vfat 32 -F /dev/hda1 create a FAT32 filesystem
fdformat -n /dev/fd0 format a floppy disk
mkswap /dev/hda3 create a swap filesystem
SWAP filesystem
mkswap /dev/hda3 create a swap filesystem
swapon /dev/hda3 activating a new swap partition
swapon /dev/hda2 /dev/hdb3 activate two swap partitions
Backup
dump -0aj -f /tmp/home0.bak /home make a full backup of directory '/home'
dump -1aj -f /tmp/home0.bak /home make a incremental backup of directory '/home'
restore -if /tmp/home0.bak restoring a backup interactively
rsync -rogpav --delete /home /tmp synchronization between directories
rsync -rogpav -e ssh --delete /home ip_address:/tmp rsync via SSH tunnel
rsync -az -e ssh --delete ip_addr:/home/public /home/local synchronize a local directory with a remote directory via ssh and compression
rsync -az -e ssh --delete /home/local ip_addr:/home/public synchronize a remote directory with a local directory via ssh and compression
dd bs=1M if=/dev/hda | gzip | ssh user@ip_addr 'dd of=hda.gz' make a backup of a local hard disk on remote host via ssh
tar -Puf backup.tar /home/user make a incremental backup of directory '/home/user'
( cd /tmp/local/ && tar c . ) | ssh -C user@ip_addr 'cd /home/share/ && tar x -p' copy content of a directory on remote directory via ssh
( tar c /home ) | ssh -C user@ip_addr 'cd /home/backup-home && tar x -p' copy a local directory on remote directory via ssh
tar cf - . | (cd /tmp/backup ; tar xf - ) local copy preserving permits and links from a directory to another
find /home/user1 -name '*.txt' | xargs cp -av --target-directory=/home/backup/ --parents find and copy all files with '.txt' extention from a directory to another
find /var/log -name '*.log' | tar cv --files-from=- | bzip2 > log.tar.bz2 find all files with '.log' extention and make an bzip archive
dd if=/dev/hda of=/dev/fd0 bs=512 count=1 make a copy of MBR (Master Boot Record) to floppy
dd if=/dev/fd0 of=/dev/hda bs=512 count=1 restore MBR from backup copy saved to floppy
CDROM
cdrecord -v gracetime=2 dev=/dev/cdrom -eject blank=fast -force clean a rewritable cdrom
mkisofs /dev/cdrom > cd.iso create an iso image of cdrom on disk
mkisofs /dev/cdrom | gzip > cd_iso.gz create a compressed iso image of cdrom on disk
mkisofs -J -allow-leading-dots -R -V "Label CD" -iso-level 4 -o ./cd.iso data_cd create an iso image of a directory
cdrecord -v dev=/dev/cdrom cd.iso burn an ISO image
gzip -dc cd_iso.gz | cdrecord dev=/dev/cdrom - burn a compressed ISO image
mount -o loop cd.iso /mnt/iso mount an ISO image
cd-paranoia -B rip audio tracks from a CD to wav files
cd-paranoia -- "-3" rip first three audio tracks from a CD to wav files
cdrecord --scanbus scan bus to identify the channel scsi
Networking - LAN and WiFi
ifconfig eth0 show configuration of an ethernet network card
ifup eth0 activate an interface 'eth0'
ifdown eth0 disable an interface 'eth0'
ifconfig eth0 192.168.1.1 netmask 255.255.255.0 configure IP Address
ifconfig eth0 promisc configure 'eth0' in promiscuous mode to gather packets (sniffing)
dhclient eth0 active interface 'eth0' in dhcp mode
route -n show routing table
route add -net 0/0 gw IP_Gateway configura default gateway
route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.1.1 configure static route to reach network '192.168.0.0/16'
route del 0/0 gw IP_gateway remove static route
echo "1" > /proc/sys/net/ipv4/ip_forward activate ip routing
hostname show hostname
host www.google.com lookup hostname to resolve name to ip address and viceversa
ip link show show link status of all interfaces
mii-tool eth0 show link status of 'eth0'
ethtool eth0 show statistics of network card 'eth0'
netstat -tup show all active network connections and their PID
netstat -tupl show all network services listening on the system and their PID
tcpdump tcp port 80 show all HTTP traffic
iwlist scan show wireless networks
iwconfig eth1 show configuration of a wireless network card
Microsoft Windows networks - SAMBA
nbtscan ip_addr netbios name resolution
nmblookup -A ip_addr netbios name resolution
smbclient -L ip_addr/hostname show remote shares of a windows host
smbget -Rr smb://ip_addr/share like wget can download files from a host windows via smb
mount -t smbfs -o username=user,password=pass //winclient/share /mnt/share mount a windows network share
IPTABLES - firewall
iptables -t filter -L show all chains of filtering table
iptables -t nat -L show all chains of nat table
iptables -t filter -F clear all rules from filtering table
iptables -t nat -F clear all rules from table nat
iptables -t filter -X delete any chains created by user
iptables -t filter -A INPUT -p tcp --dport telnet -j ACCEPT allow telnet connections to input
iptables -t filter -A OUTPUT -p tcp --dport http -j DROP block HTTP connections to output
iptables -t filter -A FORWARD -p tcp --dport pop3 -j ACCEPT allow POP3 connections to forward chain
iptables -t filter -A INPUT -j LOG --log-prefix "DROP INPUT" logging sulla chain di input Logging on chain input
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE configure a PAT (Port Address Traslation) on eth0 masking outbound packets
iptables -t nat -A PREROUTING -d 192.168.0.1 -p tcp -m tcp --dport 22 -j DNAT --to-destination 10.0.0.2:22 redirect packets addressed to a host to another host
Monitoring and debugging
top display linux tasks using most cpu
ps -eafw displays linux tasks
ps -e -o pid,args --forest displays linux tasks in a hierarchical mode
pstree mostra un albero dei processi sistema Shows a tree system processes
kill -9 ID_Processo force closure of the process and finish it
kill -1 ID_Processo force a process to reload configuration
lsof -p $$ display a list of files opened by processes
lsof /home/user1 displays a list of open files in a given path system
strace -c ls >/dev/null display system calls made and received by a process
strace -f -e open ls >/dev/null display library calls
watch -n1 'cat /proc/interrupts' display interrupts in real-time
last reboot show history reboot
lsmod display kernel loaded
free -m displays status of RAM in megabytes
smartctl -A /dev/hda monitoring reliability of a hard-disk through SMART
smartctl -i /dev/hda check if SMART is active on a hard-disk
tail /var/log/dmesg show events inherent to the process of booting kernel
tail /var/log/messages show system events
Other useful commands
apropos ...keyword display a list of commands that pertain to keywords of a program , useful when you know what your program does, but you don't know the name of the command
man ping display the on-line manual pages for example on ping command
whatis ...keyword displays description of what a program does
mkbootdisk --device /dev/fd0 `uname -r` create a boot floppy
gpg -c file1 encrypt a file with GNU Privacy Guard
gpg file1.gpg decrypt a file with GNU Privacy Guard
wget -r www.example.com download an entire web site
wget -c www.example.com/file.iso download a file with the ability to stop the download and resume later
echo 'wget -c www.example.com/files.iso' | at 09:00 start a download at any given time
ldd ssh show shared libraries required by ssh program
alias hh='history' set an alias for a command - hh = history


source:rarlinux.blogspot.com

Labels: , , ,

Sunday, January 06, 2008
Safari on Linux
If you are doing websites, you might want to test them with Safari as well.

Sure, konqueror and midori (which uses GTK webkit) already provide a pretty good approximation on Safari rendering, but there might still be differences.

Here's how to run Safari on Linux:

  • run winecfg, set Windows version to WinXP.
  • copy the core windows fonts:
     cp /usr/share/fonts/truetype/msttcorefonts/{Arial,Times_New_Roman}*.ttf ~/.wine/drive_c/windows/fonts/ 
  • Download Safari for Windows from the Apple homepage
  • Run the Safari installer with Wine. Do not install Bonjour or the Apple updater.
  • Run Safari

The biggest 'trick' for me was to install the Microsoft fonts. Without them, Safari would segfault when rendering the URL bar the first time.

Step 2 assumes you have the Microsoft fonts already installed on your system in the place typical for Debian and Ubuntu users. If you don't find out how to get the required ttf files yourself. You maybe also can just symlink them.

Wine can indeed run most Windows applications by now...

Related Articles:
ies4linux claims to have a way of installing and running MS IE 7 on Linux.

source:blog.drinsama.de/erich

Labels: ,

Ubuntu giving back to Debian: facts and numbers!

I’ve always been annoyed by the discussions about “is Ubuntu really giving back to Debian?”. Debian Developers usually don’t see a lot of “giving back”, and Ubuntu Developers complain about Debian Developers ignoring their bug reports and patches.

So, a few months ago, I proposed that Ubuntu developers use a usertag when they report bugs to the Debian BTS, so they can be tracked.

Results are available:


Comments:

  • It’s really good to see Ubuntu developers reporting bugs and contributing patches to Debian!
  • … But more bugs (and patches) would be better, of course. Let’s continue the good work!
  • Many patches are applied very fast in Debian (as usual), but in some cases, the patches are ignored (as usual, too). It would be great if Debian Developers could treat those bugs as higher priority, since it makes life easier on the Ubuntu side (less difference means less work)
If you are an Ubuntu Developer, read wiki.u.c/Bugs/Debian/Usertagging for the details on how to tag the bugs you file. Note that the submittodebian script in the ubuntu-dev-tools package already sets the usertags.

source:lucas-nussbaum.net

Labels: ,

Saturday, January 05, 2008
RealPlayer 11 Unspecified Buffer Overflow Vulnerability
RealPlayer is prone to an unspecified buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.
A remote attacker may exploit this vulnerability by presenting a malicious file to a victim and enticing them to open it with the vulnerable application.
Successful exploits can allow attackers to run arbitrary code in the context of the user running the affected application. Failed attacks will likely cause denial-of-service conditions.
This issue affects RealPlayer 11; other versions may also be affected.
More @ poweredlink.blogspot.com

Labels: ,

7 Months with Ubuntu
About a year ago, Microsoft released Windows Vista, its most ambitious desktop platform to date. It's a great improvement over Windows XP primarily because it brings better security to the overall OS.

Makers of Linux platforms are improving their desktop OSs too. One company making huge leaps forward is Canonical, the company behind Ubuntu. In April 2007, Canonical released Ubuntu 7.04, code-named Feisty Fawn. Prior to the release of 7.04, I'd tested Ubuntu and found it somewhat acceptable for my needs but not exceptionally great mainly because it didn't recognize some of my particular hardware and I didn't want to spend much time finding and installing drivers.

In early June 2007, I finally got around to giving Ubuntu another look (using a bootable Live CD) and was pleasantly surprised. The new OS recognized all my hardware immediately, including my printers, wired Ethernet cards, and half a dozen different Wi-Fi cards. I then poked around the desktop a little bit and discovered that almost all the tools I need for day-to-day work are either already installed by default or are available for easy Internet-based installation with a few clicks of the mouse. It was at that point that Ubuntu really got my attention. I found myself thinking that I could quickly install Ubuntu along with all the tools I need and take the OS for an extended long-term test drive.And that's exactly what I did.

When I began the test drive, the questions I had in mind were, "Can I use this OS as my everyday desktop?" and "Can it effectively replace my Windows desktop?" As it turns out, the answers are yes and no, respectively. After using Ubuntu as my primary desktop for 7 months straight, every day of the week, I am thoroughly impressed. I've found that it's a fantastic platform for regular users. However, there are obvious problems for Windows security administrators.

Administrators need to run all sorts of third-party Windows-based security tools as well as the security-related tools built into Windows itself. I solved those problems in two ways, both of which might be obvious to at least some of you. The first solution is to use Wine (a Windows emulation environment), which is installed in Ubuntu by default. Wine let me run numerous third-party Windows tools directly on the Ubuntu desktop. The second solution is that I installed a free virtual machine (VM) platform and then installed Windows Vista as a guest VM. So when I need to use a tool that won't run properly under Wine or a tool that's built into Windows, I start the Vista VM and use the tool in that environment; when I'm done, I shut down the VM.

I've found that Ubuntu is reasonably secure, has decent desktop controls that help prevent unwanted access (similar to Vista's User Access Control--UAC), and is relatively quickly patched when security problems appear in various OS components. Installing those patches is easy too--a bit easier than typical desktop updates on Windows platforms.

So for the past 7 months, I've been enjoying the best of both the Linux and Windows worlds. My extended test drive of Ubuntu has been extremely fun and a great learning experience, particularly in terms of interoperability.

I wouldn't go so far as to say that any Windows administrator can switch to Ubuntu (or any other Linux desktop platform), but I do think that it's a great platform for everyday use by nonadministrative users and for those administrators that simply need a Linux platform to get their job done in the best possible manner.
Article written By Mark Joseph Edwards
source:windows-center.blogspot.com

Labels: ,

LINUX VULNERABILITY : January 2008
1. ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26927
Summary:
ClamAV is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.
ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.

2. Retired: Adobe Flash Player Multiple Security Vulnerabilities
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26929
Summary:
Adobe Flash Player is prone to multiple security vulnerabilities.
The following individual records have been created to document these vulnerabilities:

Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
Adobe Flash Player Unspecified Privilege-Escalation Vulnerability
Adobe Flash Player HTTP Response Splitting Vulnerability
Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability

These issues affect Adobe Flash Player 9.0.48.0, 8.0.35.0, 7.0.70.0 and prior versions.

3. Adobe Flash Player DNS Rebinding Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26930
Summary:
Adobe Flash Player is prone to a DNS rebinding vulnerability that allows remote attackers to establish arbitrary TCP sessions.

An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious SWF file.
Successfully exploiting this issue allows the attacker to bypass the application's same-origin policy and set up connections to services on arbitrary computers. This may lead to other attacks.

4. libexif Image Tag Remote Integer Overflow Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26942
Summary:
The libexif library is prone to an integer-overflow vulnerability because the software fails to ensure that integer values are not overrun.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an application using the vulnerable library. Failed attempts will likely result in denial-of-service conditions.

5. Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26943
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to adequately validate specially crafted IPv6 'Hop-By-Hop' headers.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

6. ClamAV 'mspack.c' Off-By-One Buffer Overflow Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26946
Summary:
ClamAV is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.

ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.

7. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26949
Summary:
Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

8. Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26951
Summary:
Adobe Flash Player is prone to a remote heap-based buffer-overflow vulnerability because the application fails to use consistent signedness when handling user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will likely cause denial-of-service conditions.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, 7.0.70.0, and prior versions.

9. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26960
Summary:
The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.

An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior versions.

10. Adobe Flash Player Unspecified Privilege-Escalation Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26965
Summary:
Adobe Flash Player is prone to a vulnerability that allows attackers to gain elevated privileges on affected computers.

Very few technical details are currently available. We will update this BID as more information emerges.

NOTE: This issue occurs only when the application is running on a Linux operating system.

Versions prior to Adobe Flash Player 9.0.115.0 are vulnerable.

11. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26966
Summary:
The Adobe Flash Player is prone to a cross-domain security-bypass vulnerability.

An attacker can exploit this issue to connect to arbitrary hosts on affected computers. This may allow the application to perform generic TCP requests to determine what services are running on the affected computer.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0. 7.0.70.0, and prior versions.

12. Adobe Flash Player HTTP Response Splitting Vulnerability
Remote: Yes
Date Published: 2007-12-20
Relevant URL: http://www.securityfocus.com/bid/26969
Summary:
Adobe Flash Player is prone to an HTTP response-splitting vulnerability because it fails to adequately sanitize user-supplied input.

A remote attacker can exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and 7.0.70.0 and prior versions.

13. libexif Image Tag Remote Denial Of Service Vulnerability
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26976
Summary:
The libexif library is prone to a denial-of-service vulnerability because of an infinite-recursion error.

Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable library.

14. Bitflu StorageFarabDb Module '.torrent' File Handling Security Bypass Vulnerability
Remote: Yes
Date Published: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27043
Summary:
Bitflu is prone to a security-bypass vulnerability.

An attacker can exploit this issue to append to or create arbitrary files.

This issue affects versions of Bitflu prior to 0.42.

15. Bitflu StorageFarabDb Module '.torrent' File Handling Security Bypass Vulnerability

Remote: Yes
Date Published: 2007-12-26
Relevant URL: http://www.securityfocus.com/bid/27043
Summary:
Bitflu is prone to a security-bypass vulnerability.

An attacker can exploit this issue to append to or create arbitrary files.
This issue affects versions of Bitflu prior to 0.42.

16. ClamAV BZ_GET_FAST Bzip2 Decompression Vulnerability
Remote: Yes
Date Published: 2007-12-29
Relevant URL: http://www.securityfocus.com/bid/27063
Summary:
ClamAV is prone to a vulnerability due to a flaw in its Bzip2 decompression support.

Successful exploits of this vulnerability may potentially allow remote attackers to execute arbitrary code in the context of the vulnerable application or to trigger denial-of-service conditions. These affects have not been confirmed.

Further information is not currently available; this BID will be updated as more information is disclosed.
ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.

Labels: ,