Two factor authentication is increasingly becoming a strongly recommended way of protecting user accounts in web applications from attackers by requiring a second method of authentication in addition to the standard username and password pair.
Although two factor authentication can encompass a wide range of techniques like biometrics or smart cards, the most commonly deployed technique in web applications is the one time password. If you have used applications like Gmail, you are probably familiar with the one time password generated by the Google Authenticator app that’s available on iOS or Android devices.
The algorithm used for the one time password in the Google Authenticator app is known as the Time-based One-Time Password (TOTP) algorithm. The TOTP algorithm is a standard algorithm approved by the IETF in (RFC 6238) totp-rfc.
Do you have a GMail or Google account and use Google Calendar? Have you ever needed to view multiple calendars in iCal, but can’t? Getting your Google Calendar into your iCal is fairly easy with a few simple steps.
To begin, you will need to do is fire up iCal, in iCal “Preferences,” and click on “Accounts” at the top. Then under “Account Type” select “Google” and fill out your username and password. After the window disappears go to “Server Settings” and make sure the server address is www.google.com, and that the port “use SSL” is checked. After you have checked over those things you will need to click on “Delegation” which should be right next to “Server Settings.” Click all the boxes of Calendar Categories that you would like to have in iCal and it in a few minutes your calendar should have the events from Google Calendar. iCal will automatically bring in new changes every 15 minutes; however, if you wish to have it done faster, just change the rate in the “Refresh Calendars” box.
There you go, all of your Google Calendars should now be in iCal, now you don’t have to view Google Calendars’ “Microsoft looking” interface.
La remontée d’alerte par SMS (“Short Message Service”) est un plus non négligeable dans le monitoring de systèmes d’informations critiques.
Les services gratuits permettant d’utiliser les SMS depuis le système restent rare.
Depuis plusieurs années déjà, “Google Agenda” propose à ses clients des rappels de rendez-vous par SMS. Rapidement, ce service Google fût détourné pour être utilisé comme source de remontée d’alertes (exemple : “SmsAlert : Envoyer des SMS gratuitement depuis ses serveurs” sur le site Macsim’s Mind qui utilisait le script PHP d’ Alexander Skakunov pour remonter des alertes par SMS).
Bien que très efficaces, la plupart de ces détournement sont implémentés en PHP qui n’est pas installé sur tous les serveurs.
L’idée de cet article et d’utiliser la même technique mais implémentée en BASH.
Principe de fonctionnement
Le principe est de créer un événement dans un agenda Google Calendar débutant dans 5 minutes et X secondes et d’avertir l’administrateur par SMS 5 minutes avant le début de l’événement. Le SMS sera donc envoyé après X secondes.
Using Gmail SMTP: Suppose you want to configure a Linux app to send out email messages from your server or desktop. The email messages can be part of email newsletters, status updates (e.g., Cachet), monitoring alerts (e.g., Monit), disk events (e.g., RAID mdadm), and so on. While you can set up your own outgoing mail server to deliver messages, you can alternatively rely on a freely available public SMTP server as a maintenance-free option.
One of the most reliable free SMTP servers is from Google’s Gmail service. All you have to do to send email notifications within your app is to add Gmail’s SMTP server address and your credentials to the app, and you are good to go.
One catch with using Gmail’s SMTP server is that there are various restrictions in place, mainly to combat spammers and email marketers who often abuse the server. For example, you can send messages to no more than 100 addresses at once, and no more than 500 recipients per day. Also, if you don’t want to be flagged as a spammer, you cannot send a large number of undeliverable messages. When any of these limitations is reached, your Gmail account will temporarily be locked out for a day. In short, Gmail’s SMTP server is perfectly fine for your personal use, but not meant for commercial bulk emails.
With that being said, let me demonstrate how to use Gmail’s SMTP server in Linux environment.
Google Gmail SMTP Server Setting
If you want to send emails from your app using Gmail’s SMTP server, you need to adjust the security setting of the Gmail account to be used. Go to the Google account settings, and enable the option to allow less secure apps, which is off by default.
Then you will need to provide your app with the following details.
Outgoing mail server (SMTP server): smtp.gmail.com
Use authentication: yes
Use secure connection: yes
Username: your Gmail account ID (e.g., « alice » if your email is alice@gmail.com)
Password: your Gmail password
Port: 587 (TLS) or 465 (SSL)
Exact configuration syntax may vary depending on apps. In the rest of this tutorial, I will show you several useful examples of using Gmail SMTP server in Linux.
Send Emails from the Command Line
As the first example, let’s try the most basic email functionality: send an email from the command line using Gmail SMTP server. For this, I am going to use a command-line email client called Mutt.
First, install Mutt as follows.
For Debian-based system:
$ sudo apt-get install mutt
For Red Hat based system:
$ sudo yum install mutt
Create a mutt configuration file (~/.muttrc) and specify in the file Gmail SMTP server information as follows. Replace <gmail-id> with your own Gmail ID. Note that this configuration is for sending emails only (not receiving emails).
$ vi ~/.muttrc
set from = "<gmail-id>@gmail.com"
set realname = "Dan Nanni"
set smtp_url = "smtp://<gmail-id>@smtp.gmail.com:587/"
set smtp_pass = "<gmail-password>"
Now you are ready to send out an email using mutt:
$ echo "This is an email body." | mutt -s "This is an email subject" alice@yahoo.com
To attach a file in an email, use « -a » option:
$ echo "This is an email body." | mutt -s "This is an email subject" alice@yahoo.com -a ~/test_attachment.jpg
Using Gmail SMTP server means that the emails appear as sent from your Gmail account. In other words, a recipient will see your Gmail address as the sender’s address. If you want to use your domain as the email sender, you need to use Gmail SMTP relay service instead.
Another note is that if you are concerned about placing your SMTP password in the plain-text .muttrc file, you can encrypt the password using GnuPG.
Recently we wrote about ApacheKiller that freezes Victim Server in seconds. While this new findings by IHTeam express that Google+ Servers can be use for DDoS attack. Lets talk about this ant script, Hey.. but it is worthy.
How DDoS Attack Using Google+ Servers works?
When you post a URL on your Google+ status it fetches URL Summary (It includes Image + Short description) using Google+ Proxy Servers.
Advisory report says; vulnerable pages are “/_/sharebox/linkpreview/“ and “gadgets/proxy?“
So if you send multiple parallel requests with a big number e.g 1000 that can be turn into DDoS attack using Google+ Servers huge bandwidth.
How to use DDoS script to launch a DDoS attack Using Google+ Servers?
NOTE : Make sure your workstation is capable to handle this huge number else your workstation will freeze and you will have to force fully restart your own workstation ?
e.g 1000 is very big number.
You will see anonymous source instead of Real Source IP: See sample apache webserver log below