rejetto forum

presentations...with Wink

rejetto · 16 · 5357

0 Members and 1 Guest are viewing this topic.

Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13438
    • View Profile
http://www.debugmode.com/wink/

i just found this great freeware software for capturing movies from the screen.
i will use it for improving HFS documentation.
you guys can make movies instead of screenshots. :)
imageshack support uploading flash movies so no problems about hosting.
i may include your more meaningful movies in official documentation.


Offline maverick

  • Tireless poster
  • ****
    • Posts: 1052
  • Computer Solutions
    • View Profile
Thanks.  Something new to play with.  The file sizes it creates is HUGE.
maverick



Anonymous

  • Guest
Quote from: "rejetto"
i will use it for improving HFS documentation.
you guys can make movies instead of screenshots. :)
i may include your more meaningful movies in official documentation.

Great tool, I made some HFS movies:

http://underbyte.homeip.net:230/HFS/Tutorials/
User:spock
Pass:vulcan

They are made on a german Windows, but the main thing is the english HFS, so there should be no problems.
The server is not online all the day, but it is mostly between 4pm and 8pm.
Weekend online time highly depends on my sleeping time, so i can't predict  :D
If you are interested and we always miss, i would upload them to imageshack.


Offline Martok

  • Occasional poster
  • *
    • Posts: 88
    • View Profile
Sorry, this was me. Forgot to login first....
Cheers,

Martok


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13438
    • View Profile
just got them
i will have a look later
anyway, the german template is a problem for inserting in an official documentation :(


Offline Martok

  • Occasional poster
  • *
    • Posts: 88
    • View Profile
Quote from: "rejetto"
anyway, the german template is a problem for inserting in an official documentation :(
If I have some free time, i could redo them with the default template. But this  days, the school is very stressing here, all teachers give huge amounts of homework  :cry:
Cheers,

Martok


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13438
    • View Profile
thank you for your availability
i will have a look at it so i can give you other advices


Offline ~GeeS~

  • Tireless poster
  • ****
    • Posts: 270
  • "The web was made for sharing..."
    • View Profile
Martok!

Nice site. Tutorials take up about .5 Mb each. To big to my taste. Presentation is nice but somewhat to fast for me.

Important!
Never ever give access to your actual hfs.ini or hfs.vfs.
All your user:password are easily decodeable ...as you have seen just some minutes ago. (inclusively your homip account!)
I've already forgotten them, maybe others haven't. Please change them asap. and check your logs.

THere was something strange with your security: with the given password I could go back to /HFS/ . Everytime a login window appeared and could clicked away.
~GeeS~


Offline Martok

  • Occasional poster
  • *
    • Posts: 88
    • View Profile
Quote from: "~GeeS~"
Martok!

THere was something strange with your security: with the given password I could go back to /HFS/ . Everytime a login window appeared and could clicked away.

Thank you for telling me, i just noticed  :#)  :#)
And the thing with the /HFS/ was a misconfiguration, I wanted to prevent Spock from going above /HFS/, in the new one it should work. But this time, without getting 'root'. There is nothing more present.

Thank you. (Was it me making the 'Security tutorial'?? :rage:
I think this event should be mentioned in the new tut.)
Cheers,

Martok


Offline ~GeeS~

  • Tireless poster
  • ****
    • Posts: 270
  • "The web was made for sharing..."
    • View Profile
Thx for taking it serious. :^:  

I've posted this some month before already:

:!: The only security issue with HFS is, that f.e. with Opera the user:password can be guessed/bruteforced endlessly without an "access denied" screen.
Workaround: none , but choose a "strong" user:pass combination!

:!: Never make your (unedited) hfs.ini available. It contains the encoded user:pass combinations, eventually your dyndns login information and some other private info. (You don't share your windows system files too, don't you?)

:!: With the ~files.lst command files from a protected directory can be listed, not downloaded. This could be a privacy issue.
Workaround: Place an empty directory inbetween (and don't publish its name).

:!: If you want to respect the privacy of your visitors,- i hope you do-, never give access to your logfiles, too! (And don't put one of these infamous statcounters on your site, which has often the same or even worse effect!)

Maybe a "sticky", Rejetto?
~GeeS~


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13438
    • View Profile
Quote from: "~GeeS~"
:!: The only security issue with HFS is, that f.e. with Opera the user:password can be guessed/bruteforced endlessly without an "access denied" screen.
Workaround: none , but choose a "strong" user:pass combination!
well, the fact opera behaves this way is not an extra danger.
for security you can never rely on the client side.
people can even forge an ad-hoc client.
security mechanisms must be server side.

if any of you is interested, you can write down several tips, or a guide, for hfs related security. it would be a good idea. a new thread, sticky, where everyone can comment, and one edits, caring of user comments.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13438
    • View Profile
Quote from: "~GeeS~"
:!: With the ~files.lst command files from a protected directory can be listed, not downloaded. This could be a privacy issue.
Workaround: Place an empty directory inbetween (and don't publish its name).
AFAIK, it should have been fixed months ago...! (just tested)


Offline ~GeeS~

  • Tireless poster
  • ****
    • Posts: 270
  • "The web was made for sharing..."
    • View Profile
Rejetto wrote:
Quote
well, the fact opera behaves this way is not an extra danger.
for security you can never rely on the client side.
people can even forge an ad-hoc client.
security mechanisms must be server side.
100% ACK. But isn't it possible to implement a mechanism in HFS which serves an "Access denied" after 3 faulty attempts to login?

Quote
AFAIK, it should have been fixed months ago...! (just tested)
Sorry, but I just tested again with beta 44: created a (virtual)directory "test", droppped and dragged a file in it, protected the directory and file with a password, but was still able to list the file:
86.80.17.209  Login: Guest:Guest     goto Test and get the login screen, then try: 86.80.17.209/test/~files.lst  (The user:pass for test is easy guessable and different from Guest:Guest)
~GeeS~


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13438
    • View Profile
Quote from: "~GeeS~"
100% ACK. But isn't it possible to implement a mechanism in HFS which serves an "Access denied" after 3 faulty attempts to login?
sure, otherwise it wouldn't be in the to-do list ;)

Quote
Sorry, but I just tested again with beta 44:
that is not strange by itself... it would if you also enabled "list protected items only for allowed users". So....was it enabled?