lunes, 8 de agosto de 2005

Problemas con OpenVPN - Route addition via IPAPI succeeded

Despues de jugar con el "share network access", del accesotelefono a redes y de los interfaz, el openvpn sera incapaz de a?adirlas rutas que necesita para llegar al otro lado. Para que todo vuelva a funcionar correctamente, es necesario queno se comparta ninguna acceso. (-sic-)

viernes, 5 de agosto de 2005

Seguridad en Lotus Domino

http://www.cqure.net/tools.jsp?id=11
Lodowep is a tool for analyzing password strength of accounts on a Lotus Domino webserver system. The tool supports both session- and basic-authentication. It runs 20 simultaneous connection guessing passwords specified in a dictionaryfile against the supplied userfile. The tool is written in java and is released under the GPL version 2.

http://usuarios.lycos.es/reinob/
Lepton's Crack is a generic password cracker, easily customizable with a simple plug-in system. It can perform a dictionary-based (wordlist) attack, as well as a brute-force
(incremental) password scan, including enumeration of a regular expression
(useful if you know something about the password). Currently the formats supported are: standard MD4 hash, standard MD5 hash, NT MD4/Unicode, Lotus Domino HTTP password (R4) and SHA-1. LM (LAN Manager) support added by Piero Brunati, see below.

http://www.nestonline.com/lcrack/
Port de LCrack con soporte de otros cifrados.

http://packetstormsecurity.org/Crackers/dhb.zip
Lotus Domino HTTP password

http://packetstormsecurity.org/UNIX/scanners/DominoHunter-0.92.zip
Domino Hunter 0.92 is a Lotus Domino web server scanner, written in Perl. It attempts to access default NSF databases, as well as crawl user-defined bases. It tries to enumerate the database structure, enumerate available views, available documents, and ACLs set on documents. It also tries to retrieve documents from available views in order to check if ACLs are correctly set to restrict documents and not views. The scanner works in both anonymous mode or privileged mode if user supplied credentials are supplied to then be passed to the default names.nsf/?Login form.

http://packetstormsecurity.org/UNIX/scanners/domino.tar.gz
Domino.pl is a perl script which checks for remote vulnerabilities in lotus Domino servers.


DOCUMENTACION:
Es bastante pobre lo que hay:

Security HandBook (RedBook de IBM)

Lotus Notes and Domino R5.0 Security Infrastructure Revealed

ISS domino

jueves, 4 de agosto de 2005

FireFox popups in flash

Like you, I love Firefox for many reasons, including popup blocking. So
over the last few weeks I.ve been surprised to see occasional popups.

It turns out that some clever people figured out that you could launch
popups from Flash, getting around the Firefox default settings.

Fortunately, you can get around it:

1. Type about:config into the Firefox location bar.
2. Right-click on the page and select New and then Integer.
3. Name it privacy.popups.disable_from_plugins
4. Set the value to 2.

The possible values are:

* 0: Allow all popups from plugins.
* 1: Allow popups, but limit them to dom.popup_maximum.
* 2: Block popups from plugins.
* 3: Block popups from plugins, even on whitelisted sites.

From:
http://www.petebevin.com/archives/2005/03/10/firefox_popups.html