Tag Archives: password

How to use sudo without a password

This may sound like a bad idea in general but I do this in my testing virtual machine (VM) with Ubuntu or Debian operating systems. It makes it easier to restart servers.

First you need to edit your /etc/sudoers file through:

visudo

In the editor, locate this:

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

Change to this:

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) NOPASSWD:ALL

Now you can use sudo without a password.

Password policy that tires

From Pearson VUE:

And they say in their help:

In our ongoing effort to secure the privacy of your personal information, Pearson VUE now requires all users to supply a strong password. Choose your new password carefully to make it hard for anyone to guess. Strong passwords must adhere to the following rules:

  • It must be a minimum of 7 characters and contain 3 out of the 4 following attributes:
    • Uppercase Latin letters (A, B, C, … Z)
    • Lowercase Latin letters (a, b, c, … z)
    • Westernized Arabic numerals (0, 1, 2, … 9)
    • Special characters (&, *, %, etc.)
  • Passwords cannot contain your username

These are policies good to have but there’s too much words to go through to understand the policy.

But wait, there’s more:

This is a huge challenge for the ever-changing self. I don’t remember much of my childhood and now the form is making me sad.

Out of all the questions I can only answer the first company I worked for. This is too hard!

Forced alphanumeric passwords

From the movie Handover 2:

Phil: Your password is baloney1?
Chow: Well used to be just baloney, but now they make you add number.

Forcing alphabets and numbers into password is just annoying for me. I have a, what I will deem to be, a sufficiently secure password and I had to uglify it with a number. The number actually makes my password harder to remember. Will my passwords be just random hashes one day?

Twitter admin hacked, password is “happiness”

And you think the computer guys know better what a good password would be. Apparently not, as the hacker of Twitter reveals:

Weak Password Brings ‘Happiness’ to Twitter Hacker

An 18-year-old hacker with a history of celebrity pranks has admitted to Monday’s hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama’s, and the official feed for Fox News.

The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter’s administrative control panel by pointing an automated password-guesser at a popular user’s account. The user turned out to be a member of Twitter’s support staff, who’d chosen the weak password “happiness.”

Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.

“I feel it’s another case of administrators not putting forth effort toward one of the most obvious and overused security flaws,” he wrote in an IM interview. “I’m sure they find it difficult to admit it.” (Source: Wired)

It’s fun while it lasts. Here’s a video to prove he has the admin account:

Twitter Hack

Critical IE vulnerability found, browser switch recommended

Critical Internet Explorer vulnerability found, browser switch is recommended.

Serious security flaw found in IE

The flaw in Microsoft’s Internet Explorer could allow criminals to take control of people’s computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.

Internet Explorer is used by the vast majority of the world’s computer users.

Said Mr Ferguson: “If users can find an alternative browser, then that’s good mitigation against the threat.”

But Microsoft counselled against taking such action.

“I cannot recommend people switch due to this one flaw,” said John Curran, head of Microsoft UK’s Windows group.

He added: “We’re trying to get this resolved as soon as possible.

“At present, this exploit only seems to affect 0.02% of internet sites,” said Mr Curran. (Source: BBC)

Browsing vigilantly is not something a normal user can do unless only use your web mail. The internet is filled with links all around. Even once in a while I ended up on phishing sites I try hard to avoid. It could be just an innocent advertisement.

Description:

A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to a use-after-free error when composed HTML elements are bound to the same data source. This can be exploited to dereference freed memory via a specially crafted HTML document.

Successful exploitation allows execution of arbitrary code.

NOTE: Reportedly, the vulnerability is currently being actively exploited.

The vulnerability is confirmed in Internet Explorer 7 on a fully patched Windows XP SP3 and in Internet Explorer 6 on a fully patched Windows XP SP2, and reported in Internet Explorer 5.01 SP4. Other versions may also be affected. (Source: Secunia)

I would recommend a temporary switch to a competing browser.