pimg src="http://cache.gawker.com/assets/images/lifehacker/2008/10/inssider.png" align="left" hspace="4" vspace="2" width="494" height="349" style="display:block;float:none;" /Windows only: Free applicaiton inSSIDer scans networks within reach of your computer's Wi-Fi antenna, tracks signal strength over time, and determines their security settings (included whether or not they're password-protected). a href="http://lifehacker.com/software/featured-windows-download/detect-wireless-networks-with-netstumbler-266486.php"Previously mentioned NetStumbler/a has long been a favorite for this sort of functionality, but it a href="http://www.netstumbler.org/f4/vista-before-you-ask-21558/"doesn't work well with Vista/a or 64-bit XP. inSSIDer, on the other hand, works like a charm on both Vista and XP, and it's open-source to boot. This must-have for hunting down Wi-Fi networks on the road is free, Windows only, requires .NET 2.0. Mac users, check out a href="http://lifehacker.com/software/featured-mac-download/manage-wifi-networks-with-istumbler-266485.php"previously mentioned iStumbler/a./p div class="related"a href="http://www.metageek.net/products/inssider"inSSIDer/a [MetaGeek via a href="http://www.downloadsquad.com/2008/10/08/open-source-inssider-is-a-vista-friendly-netstumbler/"Download Squad/a]/div br style="clear: both;"/ a href="http://www.pheedo.com/feeds/ht.php?t=camp;i=20c19446fff1a24f932b04ec377865d6"img src="http://www.pheedo.com/feeds/ht.php?t=vamp;i=20c19446fff1a24f932b04ec377865d6" border="0" //a img src="http://www.pheedo.com/feeds/tracker.php?i=20c19446fff1a24f932b04ec377865d6" style="display: none;" border="0" height="1" width="1" alt=""/ pa href="http://feeds.gawker.com/~a/lifehacker/full?a=c1GJse"img src="http://feeds.gawker.com/~a/lifehacker/full?i=c1GJse" border="0"/img/a/pdiv class="feedflare" a href="http://feeds.gawker.com/~f/lifehacker/full?a=UlN1M"img src="http://feeds.gawker.com/~f/lifehacker/full?i=UlN1M" border="0"/img/a a href="http://feeds.gawker.com/~f/lifehacker/full?a=XBYrM"img src="http://feeds.gawker.com/~f/lifehacker/full?i=XBYrM" border="0"/img/a a href="http://feeds.gawker.com/~f/lifehacker/full?a=Y3DBm"img src="http://feeds.gawker.com/~f/lifehacker/full?i=Y3DBm" border="0"/img/a a href="http://feeds.gawker.com/~f/lifehacker/full?a=eQoLm"img src="http://feeds.gawker.com/~f/lifehacker/full?i=eQoLm" border="0"/img/a /divimg src="http://feeds.gawker.com/~r/lifehacker/full/~4/417122152" height="1" width="1"/

Super Talent terra cotta warrior USB drive is a life-like replica of the ancient Xian warriors that stands only 7cm tall. Super Talent terra cotta warrior USB drive is full compatibility with USB 1.1 and 2.0 and is available in 1GB-8GB capacity. The drive supports password protection. In 1974 in Xian, China farmers digging a well discovered a vast underground cavern containing thousands of life sized terra cotta warriors. Further excavation nearby revealed two more underground rooms and a...

For anyone that's interested I have compiled a version of THC-Hydra for iPhone. I haven't tried it on iPoT but I presume it will work. For those of you that don't know what hydra is, it's basically a command line app for brute-forcing passwords using a dictionary. I've tested it on http-get and ftp and it works great.

Here's a link to the video of it on my iphone:
http://www.youtube.com/watch?v=MEQUlxwz-f8

If you want to install it you will need to download the following files and place them in /usr/bin

Here's the link to the files http://www.sendspace.com/file/fhl44q

Oh, and obviously use this only to test your own servers, and no one elses! ;)

Let me know how you get on...

pimg src="http://cache.gawker.com/assets/images/lifehacker/2008/10/2008-10-09_195945.jpg" align="right" hspace="4" vspace="2" width="494" height="200" style="display:block;float:none;" / Windows only: TrayEverything is a lightweight portable application that minimizes windows to the system tray even when the program lacks native support for being parked in the tray. In addition to simply minimizing windows to the tray, TrayEverything also has options to add a button to the title bar of windows for minimizing to the tray, hot keys to minimize, and even using inactivity as a trigger to send a window to the tray. If you'd like to keep a program running but don't need to tend to it or would like to make sure nobody messes with it, TrayEverything can minimize it without a visible icon in the tray and even password-protect it. For more system tray goodness, check out a href="http://lifehacker.com/396105/trayconizer-makes-any-program-a-permanent-system-tray-app"Trayconizer/a a program that starts your program in the system tray from the moment it's run. TrayEverything is a free download for Windows only./p div class="related"a href="http://www.winapizone.net/software/trayeverything/"TrayEverything/a [via a href="http://www.ghacks.net/2008/10/09/tray-everything/"gHacks/a]/div br style="clear: both;"/ img alt="" style="border: 0; height:1px; width:1px;" border="0" src="http://www.pheedo.com/img.phdo?i=ec8453de7504d04ae9debd1e8dcbf941" height="1" width="1"/ img src="http://www.pheedo.com/feeds/tracker.php?i=ec8453de7504d04ae9debd1e8dcbf941" style="display: none;" border="0" height="1" width="1" alt=""/ pa href="http://feeds.gawker.com/~a/lifehacker/full?a=JG1kjA"img src="http://feeds.gawker.com/~a/lifehacker/full?i=JG1kjA" border="0"/img/a/pdiv class="feedflare" a href="http://feeds.gawker.com/~f/lifehacker/full?a=s4CrM"img src="http://feeds.gawker.com/~f/lifehacker/full?i=s4CrM" border="0"/img/a a href="http://feeds.gawker.com/~f/lifehacker/full?a=9kFyM"img src="http://feeds.gawker.com/~f/lifehacker/full?i=9kFyM" border="0"/img/a a href="http://feeds.gawker.com/~f/lifehacker/full?a=0RHym"img src="http://feeds.gawker.com/~f/lifehacker/full?i=0RHym" border="0"/img/a a href="http://feeds.gawker.com/~f/lifehacker/full?a=iZVEm"img src="http://feeds.gawker.com/~f/lifehacker/full?i=iZVEm" border="0"/img/a /divimg src="http://feeds.gawker.com/~r/lifehacker/full/~4/416903868" height="1" width="1"/

pFiled under: a href="http://www.downloadsquad.com/category/utilities/" rel="tag"Utilities/a, a href="http://www.downloadsquad.com/category/linux/" rel="tag"Linux/a, a href="http://www.downloadsquad.com/category/open-source/" rel="tag"Open Source/a/pdiv align="center"img hspace="4" height="345" width="440" vspace="4" border="0" align="top" alt="Startup Manager" src="http://www.blogcdn.com/www.downloadsquad.com/media/2008/10/startup-manager.jpg" /br //div So you've decided to install Ubuntu on your computer, but you're not ready to give up Windows altogether. No problem. During the install process, just take care not to overwrite Windows and you can have a dual boot setup in under an hour. But what's this? The GRUB bootloader adds 10 seconds to your startup time if you don't hit the key to skip the countdown. And it automatically assumes Ubuntu should be your default operating system. br /br /It's relatively simple to tweak your GRUB menu by editing the menu.lst file hanging out in the grub directory of your Ubuntu file system's boot folder. You can change the boot order of the operating systems. Or you can adjust the countdown clock. But if you make a mistake, you could also make it quite difficult to load either Ubuntu or Windows.br /br /Startup Manager, or SUM provides an easier way to edit your GRUB menu. You can find SUM in the Synaptic package manager or by typing "sudo apt-get install startupmanager" into a terminal window. Or you can just a href="http://apt:startupmanager" style=""click this link/a.br /br /Once it's installed, you can access Startup Manager from the System -gt; Administration menu. The utility lets you change the default operating system, adjust the screen resolution of the GRUB menu, and even alter the background and text colors. You can adjust the countdown timer, set a password, or alter a number of other settings. And there's fairly little risk of messing up your boot menu beyond all repair.br /br /[via a href="http://digg.com/linux_unix/8_Ways_to_Maintain_a_Clean_Lean_Ubuntu_Machine"Digg/a and a href="http://maketecheasier.com/8-ways-to-maintain-a-clean-lean-ubuntu-machine/2008/10/07"Make Tech Easier/a]h6 style="clear: both; padding: 8px 0 0 0; height: 2px; font-size: 1px; border: 0; margin: 0; padding: 0;"/h6a href="http://www.downloadsquad.com/2008/10/10/ubuntu-tip-use-startup-manager-to-edit-your-boot-menu/" rel="bookmark" title="Permanent link to this entry"Permalink/anbsp;|nbsp;a href="http://www.downloadsquad.com/forward/1336939/" title="Send this entry to a friend via email"Email this/anbsp;|nbsp;a href="http://www.downloadsquad.com/2008/10/10/ubuntu-tip-use-startup-manager-to-edit-your-boot-menu/#comments" title="View reader comments on this entry"Comments/abr /br /pmap name="google_ad_map_53-1336939"area shape="rect" href="http://imageads.googleadservices.com/pagead/imgclick/53-1336939?pos=0" coords="1,2,367,28" /area shape="rect" href="http://services.google.com/feedback/abg" coords="384,10,453,23" //mapimg usemap="#google_ad_map_53-1336939" border="0" src="http://imageads.googleadservices.com/pagead/ads?format=468x30_aff_imgamp;client=ca-aol_weblogs_xmlamp;channel=Download_Squad_07_RSSamp;output=pngamp;cuid=53-1336939amp;url=http://www.downloadsquad.com/2008/10/10/ubuntu-tip-use-startup-manager-to-edit-your-boot-menu/" //p pa href="http://feeds.feedburner.com/~a/weblogsinc/downloadsquad?a=xjQGEc"img src="http://feeds.feedburner.com/~a/weblogsinc/downloadsquad?i=xjQGEc" border="0"/img/a/pdiv class="feedflare" a href="http://feeds.feedburner.com/~f/weblogsinc/downloadsquad?a=kVBim"img src="http://feeds.feedburner.com/~f/weblogsinc/downloadsquad?i=kVBim" border="0"/img/a a href="http://feeds.feedburner.com/~f/weblogsinc/downloadsquad?a=rLpRm"img src="http://feeds.feedburner.com/~f/weblogsinc/downloadsquad?i=rLpRm" border="0"/img/a /divimg src="http://feeds.feedburner.com/~r/weblogsinc/downloadsquad/~4/417163918" height="1" width="1"/

My machine is being hit by a lot of automated attacks that try to guess account names and passwords on ttsshd/tt. (This problem has been touched in a href=http://www.macosxhints.com/article.php?story=20040913102948373this hint/a.) Thanks to a href=http://www.obdev.at/products/littlesnitch/index.htmlLittle Snitch/a, it is very easy to see that this happens. Anyway, it is annoying, and I wanted to add an ttipfw/tt rule to block those machines that fail to log in fifteen or more times. So I wrote a ttlaunchd/tt script to do this:div style=margin-left: 20px; margin-top:10px; margin-bottom:10px; padding: 5px; border:1px solid; width:520px; height:120px; overflow:scroll;white-space:nowrapprecodelt;?xml version=1.0 encoding=UTF-8?gt;lt;!DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtdgt;lt;plist version=1.0gt;lt;dictgt; lt;keygt;Labellt;/keygt; lt;stringgt;se.sics.lra.denyh...br style=clear: both;/ a style='font-size: 10px; color: maroon;' href='http://www.pheedo.com/hostedMorselClick.php?hfmm=v3:f8ec89d08e0bee4cc97b43ef3ec41aea:3vN4xC9EgiGpsOLFFyrGJ2DnnZNxtw8XkZYBLV3hnoGXDFzxbFwGE91c4rzJImu0hnSbJDJj3%2Fny'img border='0' title='Add to digg' alt='Add to digg' src='http://www.pheedo.com/images/mm/digg.gif'//a a style='font-size: 10px; color: maroon;' href='http://www.pheedo.com/hostedMorselClick.php?hfmm=v3:520c8c4c420df3fcaaee3628cac8a9c0:hRrEYC1c86Xa5%2BgJ%2FOuj5IIXNvSzqiwx1xPuBTkZ%2BQNZ9dDKz9syiy%2FXLjDRMySvTzW3bF1swIf2'img border='0' title='Add to Reddit' alt='Add to Reddit' src='http://www.pheedo.com/images/mm/reddit.png'//a a style='font-size: 10px; color: maroon;' href='http://www.pheedo.com/hostedMorselClick.php?hfmm=v3:c597d99b62eaa245c96c56b7c318d533:%2FCOHYmwVIJa0LPRVWp2fNRZmNttOG8k7%2B1NmhKQMsT7svu4PjVCPTYqT%2BExIsLPPSav1T18yt4rQmw%3D%3D'img border='0' title='Add to Slashdot' alt='Add to Slashdot' src='http://www.pheedo.com/images/mm/slashdot.png'//a a style='font-size: 10px; color: maroon;' href='http://www.pheedo.com/hostedMorselClick.php?hfmm=v3:ea83ae0b1749b6769b4d2b9cb4b78f95:PVa5YLJs2iBMufYniPZpGYGqe1z9UsNeqx%2BnzkNdP27L4MefKvGnOJ%2BdWtlXgtqvjBXRy8D7Tpe7'img border='0' title='Email this Article' alt='Email this Article' src='http://www.pheedo.com/images/mm/emailthis.png'//a a style='font-size: 10px; color: maroon;' href='http://www.pheedo.com/hostedMorselClick.php?hfmm=v3:29ff2518ea811f64516fbb977c511a39:6qqMnxtsQhqvz%2FTD7TY%2B946H%2FfekySvtR2VD6B1K4XDeY8x%2BBqkHCtxLxD6%2FaMaHlE0uDG5u7BupEA%3D%3D'img border='0' title='Add to StumbleUpon' alt='Add to StumbleUpon' src='http://www.pheedo.com/images/mm/stumbleit.gif'//a br style=clear: both;/ a href=http://www.pheedo.com/click.phdo?s=1dc5d300bf5d353d51dcb19aae6bb29fimg alt= style=border: 0; border=0 src=http://www.pheedo.com/img.phdo?s=1dc5d300bf5d353d51dcb19aae6bb29f//a img src=http://www.pheedo.com/feeds/tracker.php?i=1dc5d300bf5d353d51dcb19aae6bb29f style=display: none; border=0 height=1 width=1 alt=/

Notre confrère Matbe a testé un périphérique original puisqu’il s’agit d’un lecteur d’empreintes qui se connecte au PC via une interface USB. En théorie cela devrait donc permettre de se passer de ces séances de connexion qui sont désormais si nombreuses quand on utilise régulièrement la toile. Qui n’a jamais pesté contre le champ password des sites web à cause d’une majuscule mal placé ou encore contre son navigateur web qui a enregistré un mauvais mot de pas

Getting back to Wednesday's topic of logging in via Ajax I decided to see if I could take it beyond the basics.

The basics being that we use Ajax to POST login details to /names.nsf?login and wait to see if there's a Domino session cookie attached to the response.

The trouble with this basic approach is that it only caters for authentication and not authorisation. What if the login details supplied are ok, but they're not allowed access to the page being requested in the RedirectTo field? With the code I showed you the other day it would assume all was ok as a DomAuthSessId cookie is returned and it would simply reload the page. At this point you'd see a standard login form with a message explaining that you're not allowed in.

How Can We Cater for Authorisation Issues?

Even if there's a session cookie returned we still need to examine the actual page itself to check it's not another login form. I've seen various ways of doing this, which all seem to rely on finding certain text (such as "You are not authorized") within the HTML of the page itself. 

Now, you know me, I'm just not going to be happy with that solution am I. I wanted something more universal/stable, so I looked in to using HTTP headers to convey the actual state of the login request.

What I came up with is a header I've called Domino-Auth-Response. You can see an example of it here in the headers received from Domino following an Ajax login request:

Foolishly I'd tried to login to as a user (called One Test) with no access to the database (Anonymous = Author. Default = None. Changed for purposes of this demo). Instead of reloading the page, which, in effect, locks the user out I can trap the above scenario by inspecting the headers of the returned page, using a line like this in the "onSuccess" function for the Ajax call:

if (transport.getResponseHeader("Domino-Auth-Response")){ //problem

No need to try and search the page. If the above header is found we can handle it in a much more graceful manner, which I'll discuss in a mo. First, about the header.

How To Add a Custom Header to Login Forms

Let's assume you have a domcfg.nsf on your server and you have the right to make changes to the $$LoginUserForm within it.  Open the form and it will look like this by default:

Beautifully designed.

Look inside the Computed Value I've pointed to and you'll see a formula like this:

Although I removed some bits, you get the idea? Depending on the value of the Domino-set field called reasonType a message is shown to the user. This is where you'd be able to internationalise the server if needs be.

Now let's look at the code again and see how we can use it add our new header:

As simple as that! Whatever message is shown to the user we can find this out without having to look inside the HTML. We also know the "reason type" code. This in itself could replace the need for returning the text of the message. On its own the reason code is useful for processing the login in our JavaScript.

Dealing With Unauthorised Logins

If the response is to say "you're not allowed to do that" then it's a fair bet that the user doesn't want to remain logged in as that user if they don't have access. We could log them out simply by over-writing the cookie we just received. Either we log the user out completely by setting its value to "" or (if they were already logged in) we can keep them logged in as the previous user by remembering the old value of the cookie and resetting it to that.

You can give this a go from the DEXT homepage. First login as Dext User (password=dext) . Once logged in notice there's now a "re-login" link up there. Use the login form to re-authenticate as One Test (username and password are both test1).

One Test has no access to the application so you should see a message to that effect. Now refresh the page. Notice you're still logged in as Dext User!

We can do this because the DEXT JavaScript object records all the cookie values when the page loads. We can look to it for the previous session code and reset the cookie to that.

A much more sensible approach. No?

In Summary

This whole exercise has been as much of a proof of concept as anything else. How much use it would be in a real world application I don't know. What it doesn't do is trap any request from the server for the user to login. It only works when the user chooses to login.

The only way we could create a system that relied on it would be to have the onclick of any link/button check the current user's access before opening a form or editing a document. If the current user has access then just carry on. If not then we can display our Ajax login form and set its RedirectTo field to the href value of the link clicked.

Still, whether or not is has a true practical use, it's a good example of using the @SetHTTPHeader function if nothing else and it's been fun playing. Hopefully it's of use to somebody.

Flash memory drives the size of your thumb are dirt cheap and offer gigabytes of storage. It's tempting to fill one of them with important computer files, clip it to a key chain and hit the road. However, what if you lose it while fumbling for change at Starbucks and the hacker in the corner finds it? This is not a good thing. That's where a new breed of flash drives comes in -- chock full of military-strength encryption and passwords and keypad combinations that must be entered before the data can be accessed.

div class="rxbodyfield"p class="ArticleBody" page="1"The world's financial markets may be collapsing, but technology lives on -- for the moment, anyway. This week the feds arrested a suspect in the Sarah Palin e-mail hacking case, and both Steve Jobs and Windows XP got yet another lease on life. Also: new e-books, virtual worlds, and some truly wacky science. Are you up to speed on all things tech? Prove your geek street cred by acing this quiz. Correct answers are worth 10 points each, and no asking your artificial intelligence buddies for help. Ready?/pp align="right"a href="http://ad.doubleclick.net/jump/idg.us.info.rss/news;pos=imu;tile=6;sz=336x280;skey=patch_management;pkey=security;ord=123456789?" target="_blank" /img src="http://ad.doubleclick.net/ad/idg.us.info.rss/news;pos=imu;tile=6;sz=336x280;skey=patch_management;pkey=security;ord=123456789?" width="336" height="280" border="0" alt="" align="right"//a/pp class="ArticleBody" page="1"b1. Tennessee University student David Kernell has been charged with illegally accessing Sarah Palin's Yahoo e-mail account by changing her password. What new password did he allegedly choose?/b/pp class="ArticleBody" page="1"ba. Pitbullbr/ b. Lipstickbr/ c. Popcornbr/ d. Maverick/b/pp class="ArticleBody" page="1"ba href="http://www.infoworld.com/tools/quiz/news/NQ20081010-news-quiz.php" class="regularArticleU"Take the InfoWorld news quiz/a/b/p/div

Seatubes 1.2.4

Seatubes makes it easy to batch download YouTube videos to your Mac. Simply drag YouTube URLs into a documents list view, then click the "Download" button. If a URL is a video URL it will be added, otherwise Seatubes will try to add all of the video URLs it contains, i.e. import the URL.

Seatubes is a multi-window (or multi-document) application. You can associate different windows with independent collections of videos, and save them to disk as Seatubes documents for future use.

Seatubes can convert (export) downloaded FLV files into any format supported by QuickTime, such as iPod or iPhone. To do this, or to view FLV files on your Mac, you need to install the Perian Quicktime components (http://perian.org/)

Seatubes is part of the Limit Point Software Utilities Bundle : http://www.limit-point.com/Utilities.html. Purchase a Utilities password to activate all the utilities, including Seatubes. Upgrades are always free, new utilities are always included!

Seatubes initially runs for about ten days without a permanent password.

WHAT'S NEWVersion 1.2.4:

• Fixed a bug that created the wrong download URLs due to changes at YouTube.

Version 1.2.3:

• Actively playing movies were not stopped when their owning document window was closed.

Version 1.2.2:

•  A new option for auto-playing selected downloaded videos is available in the Preferences window (OFF by default).

REQUIREMENTSMac OS X 10.4 or later.
DEVELOPERLimit Point Software
DOWNLOADS10155
DOWNLOAD NOW (561 K)
More information

My MBP came back from being repaired and it always boots up in verbose mode now. I opened Terminal and typed in sudo nvram boot-args= and it asks for a password. I don't know what it could be.. so I just hit enter.. and it comes back to the command line.

Next, I check what mode the boot is in, it still says '-v'. How do I get rid of this? How do I reset whatever password it is asking for? Is it the firmware password? Thanks.

via slashdot.org

tdalek writes "You may remember the recent Slashdot article about Yahoo! Zimbra Desktop exposing authentication information. It turns out that more Yahoo! applications are affected, although to a lesser degree. With Yahoo!'s desktop program, it transmitted the usernames and passwords in plaintext. Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! On the iPhone, authentication is encrypted, but you can see all the messages sent and received in plaintext. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request wrapped up inside a bundle of XML, but security through obscurity isn't very effective. If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), now would be a good time to forward it elsewhere for the time being."

Read more of this story at Slashdot.





More...

[David Kernell], the 20-year-old son of Democratic politician [Mike Kernell], turned himself in for hacking into Vice Presidential nominee Governor [Sarah Palin]’s Yahoo! email account. He was indicted on one felony count of violating the 1986 Computer Fraud and Abuse Act. Although the charge would normally be a misdemeanor, the indictment invokes another statute, the Stored Communications Act to beef up its claim. Some lawyers are of the opinion that the U.S. Department of Justice overreached in charging [Kernell] with a felony. They claim that the government’s justification is flawed and relies on “circuitous logic”. [Kernell] has been released without bond, and instructed not to have any contact with [Governor Palin], her family, or any witnesses to the case. If convicted fully, he faces a maximum sentence of five years in prison and a fine of up to $250,000. We also discovered that this isn’t [Kernell]’s first time in trouble. In high school, he received detention for guessing the password of the school server and obtaining access to some lesson plans.

      

And I would like some help, if you don't mind, on what exactly is a "browse one password (I am using PWnage Tool, and I am wondering if there is anything superior to this?
Exactly how does one go about downloading a browse one password?
Thanks for any assistance in this matter!
Hypo

I'm trying to set up a Billion, Bipac 7300G wireless router, and i was told that must go to this site and type in the default IP address into my address bar.

http://www.speedguide.net/broadband-view.php?hw=184

So i do that and then i'm asked for a a username/password, the website tells me the default username/password is admin.

But when i type that in it tells me it isn't valid:confused:.

So if that's not the default username/password, then what's it been changed to? And is there anyway i can find out what's been changed to?

Forgive me if i seem a bit lost but i'm new to this kind of stuff.

Thanks in advance, -Nik

coondoggie contributes this snippet from NetworkWorld: "You could probably see this one coming. With all of the confusion and money involved you knew there would be cyber-vultures out there looking to cash in. Well the Federal Trade Commission today issued a warning that indeed such increased phishing activities are taking place. Specifically the FTC said it was urging user caution regarding e-mails that look as if they come from a financial institution that recently acquired a consumer's bank, savings and loan, or mortgage. In many case such emails are only looking to obtain personal information mdash; account numbers, passwords, Social Security numbers mdash; to run up bills or commit other crimes in a consumer's name, the FTC stated."pa href="http://it.slashdot.org/article.pl?sid=08/10/10/007201amp;from=rss"img src="http://slashdot.org/slashdot-it.pl?from=rssamp;op=imageamp;style=h0amp;sid=08/10/10/007201"/a/ppa href="http://it.slashdot.org/article.pl?sid=08/10/10/007201amp;from=rss"Read more of this story/a at Slashdot./p pa href="http://feedads.googleadservices.com/~a/6Ec78MAlGD-k95QvF8wEQXv1O6E/a"img src="http://feedads.googleadservices.com/~a/6Ec78MAlGD-k95QvF8wEQXv1O6E/i" border="0" ismap="true"/img/a/pimg src="http://feedproxy.google.com/~r/Slashdot/slashdot/~4/ERtelesSzp4" height="1" width="1"/

via slashdot.org

tdalek writes "You may remember the recent Slashdot article about Yahoo! Zimbra Desktop exposing authentication information. It turns out that more Yahoo! applications are affected, although to a lesser degree. With Yahoo!'s desktop program, it transmitted the usernames and passwords in plaintext. Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! On the iPhone, authentication is encrypted, but you can see all the messages sent and received in plaintext. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request wrapped up inside a bundle of XML, but security through obscurity isn't very effective. If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), now would be a good time to forward it elsewhere for the time being, and using that account instead."

Read more of this story at Slashdot.





More...

via slashdot.org

tdalek writes "You may remember the recent Slashdot article about Yahoo! Zimbra Desktop exposing authentication information. It turns out that more that other Yahoo! applications are affected, although to a lesser degree. With Yahoo!'s desktop program, it transmitted the usernames and passwords in plaintext. Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! On the iPhone, authentication is encrypted, but you can see all the messages sent and received in plaintext. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request wrapped up inside a bundle of XML, but security through obscurity isn't very effective. If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), now would be a good time to forward it elsewhere for the time being, and using that account instead."

Read more of this story at Slashdot.





More...

DropImageURL 1.0.8

DropImageURL is a drop application which images a whole web page into a single graphic file, such as a JPEG or TIFF image.

In other words DropImageURL makes a screen capture of the page, including the portions which may not be viewable in your web browser due to its width or size.

The program provides the option to output in various image formats, and to scale the output image by a given percentage.

You can invoke this functionality in several ways:

• Drag URLs from your browser's location field onto the status window
• Drag URLs from your browser's location field onto the Dock icon
• Select "Image Browser URL" from the Dock menu to image the front window of your browser
• Select "Image URL" from the DropImageURL menu in your applications Services menu when a text selection is a URL.
• Drag "webloc" (web location) files onto the Dock icon or application
• Drag URLs directly from your web browser's displayed pages onto the Dock icon
• Drag the supplied file "DropImageURL.inetloc" into your Safari or FireFox bookmarks bar (renaming as necessary) to create the bookmark.Then click on the bookmark to image the current browser URL in DropImageURL.

Once the program begins processing the URL it will display a status window which monitors the progress of the download prior to imaging. A resources pane shows all the resources which were loaded to image the URL (akin to Safari's "Activity Window") The list of URLs can be copied and used for, say, import to a batch downloader such as Blue Crab, for individual retrieval.

Select "Preferences..." from the application menu, or the Dock menu, to specify various options:

• Scale image by a given percent
• Specify image format (tiff, jpeg, etc.)
• Set comment to location URL
• Overwrite files by same name, or append a unique ID to differentiate
• Show status window
• Bring application to front
• Open image file in default image viewer
• Select image file in the Finder

DropImageURL is part of the Limit Point Software Utilities Bundle : http://www.limit-point.com/Utilities.html. Purchase a Utilities password to activate all the utilities, including DropImageURL. Upgrades are always free, new utilities are always included!

DropImageURL initially runs for about ten days without a permanent password.

WHAT'S NEWVersion 1.0.8:

• Added Danish localization.

Version 1.0.7:

• Drag and drop into the status window is now supported.
• A new resources pane shows all the resources which were loaded to image the URL (akin to Safari's "Activity Window") The list of URLs can be copied and used for, say, import to a batch downloader such as Blue Crab, for individual retrieval.
• The "completion sound" (a harp) is now optional. You can turn this feature off in the preferences window.
• Previously the program would only image URLs that had a title in the HTML because it used the title to create the image filename. This is no longer the case and if a title is missing the program will name the image using the current date and the name of the program.
• Bug fix: it the title contained a colon the file would not be saved, because filenames are not allowed to have colons.

Version 1.0.6:

• A new option to create a single page PDF of a URL has been added. Select this option from the image format menu in the Preferences window.
• Added a Close command to the File menu so you can use the usual keyboard command to close windows.

Version 1.0.5:

• Added an option to preferences to always prompt for the destination directory of the generated image file, as opposed to always putting the image into a selected folder (which defaults to the Desktop.)
• Changes to the "Image URL" window, which prompts for a URL to image: It is now called "ImageURL", the "Image" button has been made the default button so it responds to the "Return" key and if you leave out the "http" protocol it is added for you.
• Put a convenience button to open preferences in the status window.
• Added some documentation on how to use the DropImageURL.inetloc file because it is a very useful feature which enables you to create images of web pages right from within your browser (Firefox or Safari.)
• An animated progress indicator has been added, adjacent to the resource loading status field.

Version 1.0.4:

• The program responds to the "get url" request, so you can create "bookmarklets" for loading URLs into the program within your web browser. A sample is provided in the software distribution for this release: drag the file "DropImageURL.inetloc" into your Safari or FireFox bookmarks bar (renaming as necessary) to create the bookmark. Then click on the bookmark to image the current browser URL in DropImageURL.

Version 1.0.3:

• Added a status window which displays URL download progress. After tyhe imaging is complete the window's proxy is set to the image file.
• When the option to overwrite files by the same name is deselected the image is saved under a new name, which is derived from the original name by appending a UUID to it.
• The Help menu now takes you to the products home page on the web.
• Added options to Preferences for displaying the status window automatically during imaging, and for bringing the program to the foreground.
• Bug fix: If no output folder was selected the "Go to Output Folder" functionality was not opening the default location, namely the Desktop folder.

Version 1.0.2:

• Imaging URLs is now provided as a service so that the funtionality is available from the Services menu. This enables DropImageURL to image URL text selections in any application.
• A URL imaging dialog window has been added. Open it by selecting "Image URL..." from the File menu.
• Added a dock menu item to go to the image folder.
• Added an Edit menu, and copy and paste support for program text fields.

Version 1.0.1:

• Implemented a "Preferences" window which enables you to specify image scaling[1-100%], image format [TIFF, BMP, JPEG, PNG, PICT, Photoshop, QuickTime, MacPaint and JPEG2000], output folder, option to set image file comment to the URL being imaged, option to automatically open image file, option to select image file in Finder and option to overwrite files by the same name.
• Added two Dock menu items: "Preferences..." to open preferences window, and "Image Browser URL" to image the currently frontmost browser URL (for all supported browsers: Safari, FireFox, Camino and OmniWeb.)
• Added a File menu,