Secunia gave the Chamilo Security team full details of three security flaws detected in version 1.9.4 on Monday the 4th of March 2013. These flaws were detected by Fernando Muñoz, a regular contact for Chamilo in terms of security.
I wouldn't want this post to disappear, so just to make sure that the information is better spread on what passwords *not to use*, here is the list: 1. 123456 2. 12345 3. 123456789 4. Password 5. iloveyou 6. princess 7. rockyou 8. 1234567 9. 12345678 10. abc123 11. Nicole 12. Daniel 13. babygirl 14. monkey 15. Jessica 16. Lovely 17. michael 18. Ashley 19. 654321 20. Qwerty Come on, people, get some imagination!
This article was first written in December 2003 for the BeezNest technical website (http://glasnost.beeznest.org/articles/96)Some UNIX administrators find it handy to add «.» in the PATH (and some even put it at the beginning of the PATH). Why is this bad? On UNIX, everything is made so that you don't have to do it. Anything not doing so can be considered buggy, and can be fixed easily. Imagine someone has access to write a file in a otherwise harmless directory, like /tmp for example. Image now that that someone wants to do harm.
To create and save iptables rules the default Debian way, this is the way to go:
- create your rules using the CLI  iptables
- save them on the active rule by issuing a /etc/init.d/iptables save active
- create the rules for the inactive state (when booting, for example) and save them accordingly
- go into /var/lib/iptables/active and take the
An IDS is a system to track any changes not planned to a system. It is often used on sensitive machines where any unauthorized access is purely prohibited but can also act as a fool-proof system, more like a monitoring system. It works by checksumming or understanding the format of each file, and scrutinizing any suspect change to files.
A lot of people use the root account to do anything they need, just because it is easier… This is a really bad idea, as that user can do anything to the system.
A NIDS is a Network Intrusion Detection System, a system to detect intrusions from the network and take counter-measures ranging from (temporarily) blacklisting to logging through responding with specially crafted IP packets to slow down or kill the attacking host. It extends the principle of IDS to the network.
There is a common problem appearing when installing a new Chamilo portal that I have seen a lot recently, so I thought I'd share the details here.
The problemWhen installing Chamilo on a cPanel-kind-of-hosting, it might happen that you complete the installation, but when you want to enter a newly-created course, an ugly error appears.
It might seem kind of weird to mention it, but I had somewhat of a big scare when Secunia sent us an e-mail entitled "Security Patches in Dokeos 1.8.5". If my fears had been right, it would have meant that we would have needed to re-package 1.8.5 only two days after the official release.
- Page 1
- Next page