Note: Currently new registrations are closed, if you want an account Contact us
Difference between revisions of "Projects/TaskList"
hacking on Debian GNU/Hurd installer
(→Ideas) |
(hacking on Debian GNU/Hurd installer) |
||
Line 12: | Line 12: | ||
# Make DHCP client smarter while booting - first check whether network cable is present before requesting DHCP ip | # Make DHCP client smarter while booting - first check whether network cable is present before requesting DHCP ip | ||
# Make thunderbird new mail alarm bit more friendly. When you click on a subject in the new mail notifier it should open the mail in a new window. | # Make thunderbird new mail alarm bit more friendly. When you click on a subject in the new mail notifier it should open the mail in a new window. | ||
# Show unicode characters in firefox address bar. Now it shows % escaped values [Its a potential risk]... | # Show unicode characters in firefox address bar. Now it shows % escaped values [Its a potential risk]... [ All non-Microsoft browers include a flaw that allows URL spoofing using Unicode characters, which can be exploited by phishing scams seeking to steal login information for online banking accounts. The spoofing flaw, which is demonstrated on the web site of the Shmoo Group, works in the Firefox, Mozilla and Opera browsers, as well as the Safari browser for Macs. The spoof exploits flaws in how the browsers interpret Unicode characters. A link using Unicode characters to replace the letter "a" in "Paypal" will display as www.paypal.com in the browser, but send users to www.xn--pypal-4ve.com - which then displays "www.paypal.com" in its address bar. A similar spoof works on SSL-enabled URLs (https) commonly used on banking and e-commerce sites. Unicode is a broader character set that includes non-English characters as well as symbols, which is being used on the Internet to support Internationalized Domain Names (IDN). The affected browsers support IDN, while Microsoft's Internet Explorer does not. The attack can be disabled in Firefox and Mozilla by setting 'network.enableIDN' to false in the browser's configuration (enter about:config in the address bar to access the configuration fucntions). There is no known workaround yet for Opera or Safari, according to a Bugtraq post from Shmoo, which describes itself as "a non-profit think-tank comprised of security professionals" and hosted the Shmoocon conference over the weekend. URL spoofing exploits are useful to Internet phishing scams, making it easier to trick victims into sharing sensitive information with bogus web sites constructed by fraudsters, which can be coded to present a target institution's URL in the address bar. The impact of the spoofing flaw is limited by the low usage of non-IE browsers, but comes as Firefox is making inroads into Internet Explorer's dominant market position, gaining up to 5 percent of users by some accounts.] | ||
[ All non-Microsoft browers include a flaw that allows URL spoofing using Unicode characters, which can be exploited by phishing scams seeking to steal login information for online banking accounts. The spoofing flaw, which is demonstrated on the web site of the Shmoo Group, works in the Firefox, Mozilla and Opera browsers, as well as the Safari browser for Macs. | |||
The spoof exploits flaws in how the browsers interpret Unicode characters. A link using Unicode characters to replace the letter "a" in "Paypal" will display as www.paypal.com in the browser, but send users to www.xn--pypal-4ve.com - which then displays "www.paypal.com" in its address bar. A similar spoof works on SSL-enabled URLs (https) commonly used on banking and e-commerce sites. | |||
Unicode is a broader character set that includes non-English characters as well as symbols, which is being used on the Internet to support Internationalized Domain Names (IDN). The affected browsers support IDN, while Microsoft's Internet Explorer does not. | |||
The attack can be disabled in Firefox and Mozilla by setting 'network.enableIDN' to false in the browser's configuration (enter about:config in the address bar to access the configuration fucntions). There is no known workaround yet for Opera or Safari, according to a Bugtraq post from Shmoo, which describes itself as "a non-profit think-tank comprised of security professionals" and hosted the Shmoocon conference over the weekend. | |||
URL spoofing exploits are useful to Internet phishing scams, making it easier to trick victims into sharing sensitive information with bogus web sites constructed by fraudsters, which can be coded to present a target institution's URL in the address bar. The impact of the spoofing flaw is limited by the low usage of non-IE browsers, but comes as Firefox is making inroads into Internet Explorer's dominant market position, gaining up to 5 percent of users by some accounts.] | |||
# Add unicode support to [http://www.mikeindustries.com/sifr sIFR] (Free Software answer to font embedding problem). | # Add unicode support to [http://www.mikeindustries.com/sifr sIFR] (Free Software answer to font embedding problem). | ||
# Add sIRF support to gnash (currently you cannot select sIRF text from gnash | # Add sIRF support to gnash (currently you cannot select sIRF text from gnash | ||
# Build a cross debootstrap root file system for hurd. debootstrap is debian package to create root file systems from debian packages. | # Build a cross debootstrap root file system for hurd and use it instead of the native debootstrap for GNU/Hurd installer. debootstrap is debian package to create root file systems from debian packages. -- [User:Pravs|Praveen A] | ||
# Add Kannada support to Sarika, first Free Software Indian language speech recognition system | # Add Kannada support to Sarika, first Free Software Indian language speech recognition system | ||
# Add Hindi support to Sarika | # Add Hindi support to Sarika | ||
Line 42: | Line 32: | ||
# http://www.linux.com/feature/119363 | # http://www.linux.com/feature/119363 | ||
# I have 2 users on my system. When USER_1 logs on with gnome then selects "switch user" option from the system -> log out menu and USER_2 logs in using xfce manager (this session only) then clicks on the "log out" applet on the default xfce setup USER_2's session shuts down and immediately goes to USER_1's session without a password. A serious bug in Xfce...[https://bugs.edge.launchpad.net/ubuntu/+source/checksecurity/+bug/36809 see more info about this bug] Contributed by bhavani shankar.. | # I have 2 users on my system. When USER_1 logs on with gnome then selects "switch user" option from the system -> log out menu and USER_2 logs in using xfce manager (this session only) then clicks on the "log out" applet on the default xfce setup USER_2's session shuts down and immediately goes to USER_1's session without a password. A serious bug in Xfce...[https://bugs.edge.launchpad.net/ubuntu/+source/checksecurity/+bug/36809 see more info about this bug] Contributed by bhavani shankar.. | ||
# Your server is subjected to trojan hunting... (DoS attack) trojan hunting causes the server to go down within minutes. How to counter this attack? and how to identify the cracker? | # Your server is subjected to trojan hunting... (DoS attack) trojan hunting causes the server to go down within minutes. How to counter this attack? and how to identify the cracker? If he is on a static ip? if he is on a dynamic ip? Contributed by Bhavani Shankar | ||
If he is on a static ip? if he is on a dynamic ip? Contributed by Bhavani Shankar | # If I leave xmms playing mp3 from a stream for several hours (+10 hours), it may get to consume more than 1GB of memory.. How to triage this bug? Contributed by Bhavani Shankar. | ||
# If I leave xmms playing mp3 from a stream for several hours (+10 hours), it may get to consume more than 1GB of memory.. | |||
How to triage this bug? Contributed by Bhavani Shankar. | |||
# Generate easily rememberable passwords using markov chain simulation in perl.. Contributed by Bhavani Shankar. | # Generate easily rememberable passwords using markov chain simulation in perl.. Contributed by Bhavani Shankar. | ||
Have got an idea? Add it here. Want to work on an idea? Add you name, link it to user page, give your contacts there and talk to one of the contacts. | Have got an idea? Add it here. Want to work on an idea? Add you name, link it to user page, give your contacts there and talk to one of the contacts. |