OS X Lion gặp lỗ hổng bảo mật, cho phép thay đổi mật khẩu dễ dàng

OS X Lion gặp lỗ hổng bảo mật, cho phép thay đổi mật khẩu dễ dàng:

Trên phiên bản OS X Lion 10.7, mật khẩu của người dùng được mã hóa và lưu trữ trong những tập tin gọi là “shadow file”, và được cất giấu tại những địa điểm an toàn trên ổ cứng. Khi có quyền truy cập hệ thống, người dùng sẽ có khả năng chỉnh sửa những tập tin này để thay đổi mật khẩu khi cần. Tuy nhiên, một phát hiện mới của trang blog Defense in Depth cho thấy phiên bản Sư Tử gặp một lỗ hổng an ninh, qua đó cho phép hacker có thể thay đổi mật khẩu của một máy tính bất kỳ mà không cần phải có quyền admin.

>> Apple phát hành OS X Lion 10.7.2 build, iCloud beta 7

>> Trải nghiệm Mac OS X trên PC

>> Người dùng chỉ cài được Windows 7 trên OS X Lion

>> Mac OS X Lion lộ password trong trạng thái sleep mode

Vào cuối năm 2009, Defense in Depth đã từng một lần phát hiện ra lỗ hổng bảo mật trên hệ điều hành OS X, cũng liên quan đến việc thay đổi mật khẩu. Để thực hiện được việc đó, hacker cần phải có quyền admin và vì thế quá trình trích xuất mật khẩu sẽ khó khăn hơn. Tuy nhiên, với lỗ hổng mới này, mật khẩu của máy tính có thể bị lộ, và thậm chí là thay đổi mà không cần quyền admin.

Trên Lion, quyền truy cập vào các shadow file vẫn là hạn chế để tránh nguy cơ thay đổi nội dung. Tuy nhiên, khả năng truy cập trực tiếp vào những tập tin này là có thể, bởi hệ thống lưu giữ những tập mật khẩu (password hash) trong một mục có tên directory services, và bất kỳ người dùng nào cũng có thể tiếp cận. Do đó, những tập mật khẩu có thể bị trích xuất mà không cần dùng quyền admin, sau đó đưa vào một số công cụ hack và mã hóa để có được mật khẩu chính xác.

Bên cạnh việc có thể trích xuất những tập mật khẩu, một người dùng bất kỳ có thể trực tiếp thay đổi mật khẩu của một người khác, bao gồm cả mật khẩu hệ thống, chỉ bằng một dòng lệnh trong Terminal: dscl localhost -passwd /Search/Users/USERNAME (chỉ cần thay USERNAME bằng tên của tài khoản mục tiêu). Khi chạy, lệnh này sẽ phản hồi như thể vừa có một lỗi xảy ra, nhưng nếu bạn nhập tiếp mật khẩu mới lên tất cả các mục hiển thị trong đó, thì mật khẩu của tài khoản sẽ bị thay đổi. Nên nhớ, một khi mật khẩu của admin bị thay đổi, hacker có thể truy cập bằng tài khoản admin và có 100% quyền tiếp cận vào hệ thống.

Điều kiện cần thiết để khai thác lỗ hổng này là hacker phải có quyền truy cập vào một tài khoản trên máy tính (local access) và phải tiếp cận được vào mục directory service. Do đó, trước khi Apple phát hành bản vá lỗi, người dùng có thể áp dụng một số biện pháp sau để tăng cường khả năng bảo mật của máy tính, như: tắt chế độ tự động đăng nhập, thiết lập mật khẩu cho chế độ ngủ và screensaver, tắt các tài khoản Khách (guest account) và cuối cùng là quản lý tốt hơn các tài khoản trên máy tính (chỉ nên dùng 1 tài khoản admin).

Theo Tinh Tế

Bị làng phạt 25 triệu và phá nhà vì... nói nhầm

Bị làng phạt 25 triệu và phá nhà vì... nói nhầm: (Dân trí) - Chỉ vì một câu nói nhầm, ông Pi đã bị một số người kéo đến phá nhà và bắt nộp phạt cho làng 10 triệu đồng để cúng Yàng, và 15 triệu cho gia đình trong câu nói.

${url}

Blogger VS Wordpress

Blogger is a wonderful free blogging platform, maybe the best one of the freebies out there, but it is still trailing from other, mostly when it’s faced against those which can be installed on propietary servers. In this case we’re talking about Wordpress, which is the reference CMS that comes to mind when we can have access to a server.

Pitting it against Wordpress.com doesn’t have much sense because its free version limitations leave it far behind Blogger.com. We also need to say that the fact we have Wordpress on a proprietary server gives it a lot of space ahead Google’s service, however I think that most of the things Blogger does not have (yet?) can be implemented with a little more effort on the developer’s team.

The features and functionalities I think Blogger needs to have to be like Wordpress are:
1. File hosting.

As we speak, CSS and Javascript need to be placed into the template itself which makes the loading process a bit slow, or hosted on a third-party service, which most of the time have a bandwith limit.
2. Developer Community

Even though it is one of the most used blogging platforms in the world, Blogger lacks a developer community around it, the few improvements come from the official developer team and this makes a much slower evolution compared to Wordpress.
3. Efficient Valid Code.

I’ve said this a lot of times before, Blogger’s code is very inefficient. I can understand that it is a lot stronger because of the template system they use, but a lot of their elements are loaded in some not-so-useful or plain useless code and validating it is a nearly impossible task.
4. Categories and labels.

Blogger’s current label system only uses one-level tags, which means, sub-tags cannot be created to at least simulate Wordpress’ sub-categories. Having more than one classification method comes really handy as the blog grows, as for the user as for the blogger.
5. Comment moderation.

It is true that Blogger made a great step ahead by adding the comment-form to the post page, by this time it doesn’t always work as it should. Comment management is completely manual, so you need to visit every post with new comments in order to read and reply. Also, there isn’t access to some of the commenter’s information like e-mail and IP address. And going a bit further, support to external services like gravatar.
6. Pages.

In Wordpress it is clear the differences to the uses of "Pages" and "Posts", the posts are the daily news, dynamic and the pages are for static contents like "About…", Contact, Advertising, Privacy policy, etc. These are exactly the kind of pages that do not exist on Blogger, we have to make a post with an old date or look for help on an external service.
7. Custom fields.

Even though it is not so common on Wordpress, these are magnificent tools to power a blog and it is missing on Blogger. With these you can create some more complex stuff quicker, a showcase or a "Read More" or a summary with examples.
8. Documentation.

In the counterpart of Wordpress, Blogger’s documentation is poor and rarely updated, added the fact the user community doesn’t produce too much information, it is logical the difficulty which represents this platform to someone who has quite some time using it and wants to customize it.
9. Image Management.

Gallery creation, image administration from the Blogger’s control panel (right now only available by Picasa), multiupload and an improved image uploader.
10. Trackbacks.

Theoretically, Blogger has built in a trackbacks system, but is nearly impossible to trackback a blog made on Blogger.
Conclusions

These 10 features are in my opinion the ones with the highest priority to be included on Blogger so they can be closer to Wordpress, but there are many other details in which Wordpress claims the lead, we have to admit Blogger has some great things over Wordpress, a few, but there.

What is striking is that these 10 points are really very basic things, any actual Wordpress user thinks of this as a problem from the past, but it is exactly what’s in front of Blogger users.

What do you readers think? Can Blogger catch up on the other platforms? Why do you think Blogger is getting left far behind considering the other Google services?

Free Studiopress Magazine Template for Blogger

VIEW LIVE DEMO

Features of this Template

• This is a two fixed free blogger Template.



• This Template is Google Adsense Optimized.


• This Template has got 6 tabbed menu.


• This Template has got sidebar enews and updates box.


• This Template has got the customized blogsearch engine


• This Template has got customized dropdown category(labels) widget with the menu bar.


• This Template has got breadcrumb menu to each posts.


• This Template has got two menu bars.

Get this Template

5 better ways for bloggers to connect with their readers

1. Reply to their Comments and Email

Its the responsibility of every blogger to answer the query of their readers and make them find the solution for their problem regarding blogging.Your readers always query you either by writing the comment or by sending you the Email.If you answer them in a good manner and make satisfied with your answer, you will surely be considered good by that reader and he will also try to promote you through their blog/site.This will surely maintain a good relation with your reader and your blog.
2. Write the Post what your readers want

Noone is going to read your blog is your blog doesn’t contain the things what people are interested or what the want.So yo should always write the post according to the will of your readers.you can run a poll or survey inyour blog to know what your readers would like to read on your blog.If you post according to their will then they will surely read your posts and it also makes them feel you are with them.
3. Give your readers a chance to write on yours

Yes I am talking about the guest posts section run by many blogs.You can too give the chance to your readers to write the post onyour blog .But you can implement some rules and regulations for writing the guest posts.Your readers will be very happy to post on yours and will be surely more connected toyour blog.
4. Accept them or Follow them Back

I am talking about the different Social networking sites or micro blogging sites.If your reader add you as a friend or follow you then its your responsibility to accept their request and follow them back too.This will also surely maintain a good relation between you and your readers.
5. You got it give them Free

You got many contents in our blogs.Some might be the blogger templates,wordpress Themes, ebooks or other valuable things.So if possible distribute theme free to your readers.They will surely consider your hard work and they will surely help you promote and hence your readers will be more connected withyour blog.

10 things to do once you start a blog on Blogger

Every time you’re told about the advantages of a blog it is always mentioned the ease of creating one. And even thou this is true, after starting the blog the path is not so clear and now it’s time to have our say about the 10 things to do after starting a blog on Blogger.

1. Write a description for the blog.

Go to the Settings tab and in the "Basic" option you will find the text field in which you can put the description. This is useful for newcomers and it might be helpful for search engines too.

Dashboard → Settings → Basic

2. Get a nice template.

There are many websites with Blogger Templates (as a matter of fact this is one) in which you can find a great variety of designs.

Do not base your decision only on the graphic side (headers, buttons, icons, etc) but also in the structure (number of columns, accessibility, etc) and remember always to read the instructions for each template because usually they are important in order to get the right visualization of it.

3. Buy a domain and use it with your blog.

I’ve always said that a domain has to be the blogger’s first investment and by less than 10 dollars you can have a proper name with a lot of advantages, this is heavily advisable. Have a look on adding your own domain on Blogger.

Dashboard → Settings → Publishing

4. Change your blog’s feed for a Feedburner one.

Feedburner is a Google service that allows you to have stats of how many people read you via this method. From the Blogger’s Control Panel it is possible to add feedburner to your blog.

Dashboard → Settings → Site Feed

5. Correct the comment link.

A little detail that improves your blog’s accessibility. To correct the comment check it has to be done by hand.

6. Change the images of your template to a new host.

Many templates have their images hosted on free services which limit the traffic to them (bandwidth) which makes it possible to sometimes none of the images load properly. Hosting them on Blogger seems like the best option.

7. Add the basic gadgets on your sidebar.

In the "Layout" tab select "Page elements" it is possible to add gadgets. the most basic of them are: Labels, Blog Archive (list mode) and Subscription Links.

8. Embed the comment form in the entries’ individual page.

As this feature is still on test phase it is necessary to do it by hand in customized templates or automatically in Blogger’s default templates.

Dashboard → Settings → Comments

9. Add your stats-tracking code.

It doesn’t matter if you use whether Google Analytics, SiteMeter or any other stats system, the important thing is to add their tracking code before the </body> that is in the "Layout" tab, "Edit HTML" option, almost at the end of the code.

Dashboard → Layout → Edit HTML

10. Add Google Tools to your blog.

The Google Tools allow you to keep track of your search stats and errors related to your site. Its use is really intuitive and free.

After doing all this your blog will be a more effective tool, you’ll have more control about your stats, it’ll look better, it will have better negotiations with the search engines but on top of that, it will be a better space for your visitors.

Source: Btemplates