Earlier while trying to SSH to a device from a Terminal windows on my Macbook Pro running OSX version 10.8, also known as Mountain Lion, I received an error when attempting to connect to a 64 Bit Windows 7 Professional server. The error in the Mac Terminal window stated that the terminal failed to initialize. After troubleshooting I realized that the Windows 7 Pro server, which is running WinSSHD as an SSH server, didn’t like the default terminal emulation that the Terminal window, which is xterm-color256, in OSX Mountain Lion uses. Below we describe the error message in more detail and how to resolve this issue within the Terminal window itself or by installing iTerm2.
While testing some tools in Backtrack Linux I was working with some Bluetooth tools including btscanner, BlueProPro, bluediving, etc. and wanted to know more about the Bluetooth Class of Device/Class of Service also know as just Bluetooth CoD. Not only how it was formatted but also what exactly it meant and what it could tell me exactly about Bluetooth devices. In the end I feel I have a pretty good understanding of Bluetooth CoD and what it can tell you about various hardware devices even though it appears the standard for assigning CoD numbers is fairly loose most people appear to adhere to it somewhat. It should be noted that Bluetooth CoD is easily modified such as on Linux you can set it using hciconfig and thus could provide fasle information if you wanted to do so. Obviously not many people are going to understand this or know how to accomplish this so typically if you are scanning for Bluetooth devices you will be getting whatever the manufacturer has set when the item was manufactured. Below we describe more specifics about Bluetooth CoD including what the CoD hex means and some examples of Bluetooth CoD. Check out our Bluetooth Class list by clicking here.
“You have X amount of Cross-Site Scripting vulnerabilities”. That is a phrase most web developers have heard at least one time, what is a Cross-Site Scripting vulnerability?
OWASP defines Cross-Site Scripting as:
“Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.”
I typically use Amazon’s AWS EC2 cloud services which include Route53 for DNS however I have certain clients that prefer RackSpace and therefore require RackSpace Cloud DNS services. One of the primary reasons for not just using an external DNS service such as Amazon’s Route53 DNS service is because when you setup large cloud deployments you typically are going to need internal DNS entries for communication between cloud instances and DNS services such as Route53 will not respond externally to RFC1918 or private IP space for those DNS entries. Anyhow one thing that is well documented or easy to accomplish on Route53 is creating A records with multiple IP’s for round robin DNS which provides a cheap easy to configure load balancing of sorts for different services such as MySQL. I could not find any documentation or mention of round robin DNS setup on RackSpace Cloud DNS so I wanted to explain how I was able to accomplish this.
While doing some testing this evening on Backtrack Linux 5 R3 I had issues with apt or aptitude complaining about some dependencies for packages I had compiled from source. One of the packages I first ran into issues with was bluez which is installed by default on Backtrack. I wanted to apply a patch to the source code and then reinstall bluez which I was able to accomplish. The issue started after that when apt started complaining that bluez was not installed any longer. Below I describe how I modified the apt dependencies tracker file which fixed my unmet dependencies errors.