security

fix broken login forms with greasemonkey

Not without pain, this evening I've learned how to write a small client side script with greasemonkey [1] . Even if conceptually very easy, I discovered (the hard way) that the firefox security model changed quite drastically with firefox 3.0 introducing XPCNativeWrappers. This page [2] explains the problem in details.

Anyway below it is a small js script to replace http with https in all forms on a page. It can be handy to force login using https on website that do not offer this option by default.

openssl vulnerability

Here I come. Following from the DSA announcement I've regenerated the ssh/openssl keys for cduce.org.

apt-get update
apt-get upgrade
rm /etc/ssh/*
dpkg-reconfigure -plow openssh-server

One the user side:

first ssh to the remote machine and remove the for ~/.ssh/authorized_keys . This will lock you out if you don't remember the passowrd for that machine !

Then, you should remove your ssh keys (from you local machine), and regenerate them with:

ssh-keygen
ssh-copy-id <host>

Syndicate content