Monday, October 20, 2008
Thursday, October 16, 2008
John the Ripper
Article: How can I reset the password?
Article: How to crack Mac OS X passwords
Article: Cracking Unix password files for beginners
Article: How Mac OS X Implements Password Authentication, Part 2
(Forum: Leopard Password Hash Files, semi-repeat of above)
Article: Mac OS X Single User Mode Root Access
Article: How to crack Mac OS X passwords
Article: Cracking Unix password files for beginners
Article: How Mac OS X Implements Password Authentication, Part 2
(Forum: Leopard Password Hash Files, semi-repeat of above)
Article: Mac OS X Single User Mode Root Access
Monday, October 13, 2008
Securing MAMP
I'm quoting this post to insure I don't loose this information:
Installing MAMP
To install MAMP, download the latest disk image file and mount the image and copy the “MAMP” folder to your Applications folder. Note that MAMP MUST be installed in the Applications folder to work properly. Once the copy is complete, the installation is complete and ready to use. MAMP in a freshly installed state is not safe to use in a production environment. The next few sections will explain how to secure your installation of MAMP.
Securing MySQL
If you are going to install a PHP/MySQL based application, the first thing to change is the MySQL root password. Open the terminal and type the following:
/Applications/MAMP/bin/mysql4/bin/mysqladmin -u root -p password NEWPASSWORD
Instead of NEWPASSWORD use the new password you want.
Afterwards, you also need to change the password for phpMyAdmin and other scripts which are running under MAMP. You can change the password for phpMyAdmin in the following file:
‘/Applications/MAMP/bin/phpMyAdmin-X.X.X/config.inc.php’
Be sure to edit this file in a plain text editor such as BBEdit or TextWrangler.
The password is set on line 86 of the document and by default is set to “root”.
$cfg['Servers'][$i]['password'] = 'root';
Change ‘root‘ to the password set previously in the terminal. Now you can close and save config.inc.php and phpMyAdmin is now using the new MySQL password you set.
The next script we will change is located at /Applications/MAMP/bin/mamp/index.php
$link = @mysql_connect(’:/Applications/MAMP/tmp/mysql/mysql.sock’, ‘root’, ‘root’);
The second instance of root is the password the script is providing to MySQL. Change this to your new root password. Once that is changed, you can save and close the file. Thanks for the catch Alexandre!
The next thing we will change is the stop MySQL script MAMP uses to stop the MySQL process. The file we are going to modify is located at ‘/Applications/MAMP/bin/stopMysql.sh’. The contents of the file is as follows:
# /bin/sh
/Applications/MAMP/bin/mysql4/bin/mysqladmin -u root -proot --socket=/Applications/MAMP/tmp/mysql/mysql.sock shutdown
You will notice that the script saves the MySQL user id and password in the file as -u root for the userid and -proot for the password. We are just going to change the password for the script so when we quit MAMP, MySQL will also quit.
In order to change the password, in the section that is -proot change this to -pNEWPASSWORD where 'NEWPASSWORD' is the password set previously in the terminal. Close and save this file.
If MAMP is running, go to the phpMyAdmin page and see if you can access the databases. If you are able to, then phpMyAdmin is configured correctly to use the new password. Now try to Stop the servers for MAMP, if successful, both servers should stop. If MySQL does not stop, check the stopMysql.sh script again and check the password.
Securing the Admin section of MAMP
You may have noticed that the ’start page’ for MAMP is located at ‘http://localhost/MAMP/’ and this is where you can administer your databases and other settings for MAMP. If anyone figures out you are running MAMP, (identifiable by the favicon), they would be able to go straight to the phpMyAdmin section and drop entire databases. This is a security hole that needs to be fixed. For this solution, we will use .htaccess and an .htpasswd file to secure the folder. The .htpasswd file is what will hold the encrypted password for Apache to authenticate. The .htaccess file is what tells Apache to look at the .htpasswd file to authenticate against. Go to Dynamic Drive’s online .htpasswd tool to create an .htpasswd file and corresponding .htaccess.
The first section wants a username that you will use to access the protected folder. This can be anything you want. The second box will want a password that is valid for the user you just input. This can also be anything you want. In the second section, this is requesting the path to the .htpasswd file. We will put these files in ‘/Applications/MAMP’. Once these file are in place if you try to navigate to http://localhost/MAMP/ you will be presented with a dialog box requesting userid and password. Type in your corresponding userid and password and you should then be granted access to the start page where you can then administrate your databases.
I hope you find this tutorial useful and if there are any corrections or additions you would like to see added, feel free to leave a comment or send me an email.
UPDATE 02-23-06
I’ve added Alexandre’s tip to the article and have fixed an encoding error which made the code bits messy and incorrect. Hat tip to Joshua! Thanks for the tips!
Wednesday, October 08, 2008
Drupaling
I'm just beginning to play with Drupal and have got one running in MAMP Pro, but I'm having some issues with setting up multi-sites.
Thursday, October 02, 2008
Legality of Recording Meetings
http://www.citmedialaw.org/legal-guide/recording-phone-calls-and-conversations
http://www.rcfp.org/taping/
I've recently downloaded "Recorder" for my iPhone and was happy that I could shelve yet another electronic gadget: my digital voice recorder.
I'm often so busy in meetings trying to understand some of the high-level topics, that it's difficult to take notes on all the details. Using a voice recorder was great in this regard. To be honest, I would just turn it on during meetings and review my recordings later to see what I missed.
I'm not really sure what got me thinking about the ethics and legality of doing so, but there's a lot out there that really put the breaks on for me. There are a lot of issues out there that need some careful thought and the plethora of digital options only makes the waters murkier.
What about recording sessions with Adobe Connect?
What about recording meetings with a Pulse Pen?
I'm going to think twice before I hit the red record button the next time. And I'm going to go through and delete any of the recordings I had made previously.
http://www.rcfp.org/taping/
I've recently downloaded "Recorder" for my iPhone and was happy that I could shelve yet another electronic gadget: my digital voice recorder.
I'm often so busy in meetings trying to understand some of the high-level topics, that it's difficult to take notes on all the details. Using a voice recorder was great in this regard. To be honest, I would just turn it on during meetings and review my recordings later to see what I missed.
I'm not really sure what got me thinking about the ethics and legality of doing so, but there's a lot out there that really put the breaks on for me. There are a lot of issues out there that need some careful thought and the plethora of digital options only makes the waters murkier.
What about recording sessions with Adobe Connect?
What about recording meetings with a Pulse Pen?
I'm going to think twice before I hit the red record button the next time. And I'm going to go through and delete any of the recordings I had made previously.
LionShare
I just found out that PSU has P2P capabilities and IM. I should really go through and try and catalog all of these technological resources.
