Hacker Public Radio - Linux Security

ep0387 :: Linux Security

Hosted by Mark Clarke on 2009-06-24
Filed under Episode | Comments (0)

In the episode Darlene and I chat with Mohammed Ayad, a Linux Sys admin from Lybia about Linux security and the first Linux Day held in Libya.


*Copied from the Hacker Public Radio site

Bing vs. Google

I've read about it but never tried it , Bing.com , the search engine from Microsoft , as a human habit when we start with something and get satisfied by it , we don't give a chance for the change.
I've tried Bing vs. Google, since Google is the most popular search engine we all use.

first I tried searching about Sun cloud computing, the layout of the results , is more friendly and smooth than google, and when you move the mouse over the link paragraph, it opens a small cloud including the text and contains of the page, which i like big time.


Second , I tried searching for a movie , comparing Google with Bing , Bing's result page is more favorable




in addition , when browsing the image results , when you point the mouse to an image it enlarge it for you with its information. which is also a nice feature to attract users.


When click on videos , the videos appear to you as thumbnails, this is not it, when over the video with the mouse pointer, it starts to play , so you don't have to open the video to check if this is what you're looking for.


When searching for an equipment using part number and hit the search buttom , a result page appeared, but on the left side when i clicked on Shopping, I got a page with prices and pictures of the product.

also I noticed that the left menu dynamically changes according to what you're searching for

through my experience with bing , I've been satisfied and pleased, The big question that pops up now, would I be satisfied on the long term , or I'll reach a point where i need to go back to Google??

This I will know by time.... Try it and add your comments ^_^

StrongWebMail Challenge

Newly launched mail service company called " StrongWebMail" accounced her secure email service with high authentication level, the owner receive a verification call on his pre-registered phone number, and the user should send back a PIN number by sms. to get access to the email, the username and password are not enough, access is needed to the owner's phone.

They were confident, They posted a challenge on their website for everybody to try and hack their CEO mail, and they provided his username and password.


This is not the news, The news is , they lost it.

Aviv Raff, Lance James and Mike Bailey successfully hacked the CEO email using persistent cross-site scripting (XSS), by sending an email to the company's CEO, which exploited an XSS flaw when it was opened and took control of the account.

{Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. Cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities as of 2007.^[1] Often during an attack "everything looks fine" to the end-user^[2] who may be subject to unauthorized access, theft of sensitive data, and financial loss}Wikipedia