presentations...with Wink

[rejetto]

http://www.debugmode.com/wink/

i just found this great freeware software for capturing movies from the screen.
i will use it for improving HFS documentation.
you guys can make movies instead of screenshots.
imageshack support uploading flash movies so no problems about hosting.
i may include your more meaningful movies in official documentation.

[maverick]

Thanks.  Something new to play with.  The file sizes it creates is HUGE.

[moondog]

Great ty ohh so much

[Anonymous]

i will use it for improving HFS documentation.
you guys can make movies instead of screenshots.
i may include your more meaningful movies in official documentation.

Great tool, I made some HFS movies:

http://underbyte.homeip.net:230/HFS/Tutorials/
User:spock
Pass:vulcan

They are made on a german Windows, but the main thing is the english HFS, so there should be no problems.
The server is not online all the day, but it is mostly between 4pm and 8pm.
Weekend online time highly depends on my sleeping time, so i can't predict  
If you are interested and we always miss, i would upload them to imageshack.

[Martok]

Sorry, this was me. Forgot to login first....

[rejetto]

just got them
i will have a look later
anyway, the german template is a problem for inserting in an official documentation

[Martok]

anyway, the german template is a problem for inserting in an official documentation

If I have some free time, i could redo them with the default template. But this  days, the school is very stressing here, all teachers give huge amounts of homework  :cry:

[rejetto]

thank you for your availability
i will have a look at it so i can give you other advices

[~GeeS~]

Martok!

Nice site. Tutorials take up about .5 Mb each. To big to my taste. Presentation is nice but somewhat to fast for me.

Important!
Never ever give access to your actual hfs.ini or hfs.vfs.
All your user:password are easily decodeable ...as you have seen just some minutes ago. (inclusively your homip account!)
I've already forgotten them, maybe others haven't. Please change them asap. and check your logs.

THere was something strange with your security: with the given password I could go back to /HFS/ . Everytime a login window appeared and could clicked away.

[Martok]

Martok!

THere was something strange with your security: with the given password I could go back to /HFS/ . Everytime a login window appeared and could clicked away.

Thank you for telling me, i just noticed  :#)  :#)
And the thing with the /HFS/ was a misconfiguration, I wanted to prevent Spock from going above /HFS/, in the new one it should work. But this time, without getting 'root'. There is nothing more present.

Thank you. (Was it me making the 'Security tutorial'?? :rage:
I think this event should be mentioned in the new tut.)

[~GeeS~]

Thx for taking it serious. :^:  

I've posted this some month before already:

:!: The only security issue with HFS is, that f.e. with Opera the user:password can be guessed/bruteforced endlessly without an "access denied" screen.
Workaround: none , but choose a "strong" user:pass combination!

:!: Never make your (unedited) hfs.ini available. It contains the encoded user:pass combinations, eventually your dyndns login information and some other private info. (You don't share your windows system files too, don't you?)

:!: With the ~files.lst command files from a protected directory can be listed, not downloaded. This could be a privacy issue.
Workaround: Place an empty directory inbetween (and don't publish its name).

:!: If you want to respect the privacy of your visitors,- i hope you do-, never give access to your logfiles, too! (And don't put one of these infamous statcounters on your site, which has often the same or even worse effect!)

Maybe a "sticky", Rejetto?

[rejetto]

:!: The only security issue with HFS is, that f.e. with Opera the user:password can be guessed/bruteforced endlessly without an "access denied" screen.
Workaround: none , but choose a "strong" user:pass combination!

well, the fact opera behaves this way is not an extra danger.
for security you can never rely on the client side.
people can even forge an ad-hoc client.
security mechanisms must be server side.

if any of you is interested, you can write down several tips, or a guide, for hfs related security. it would be a good idea. a new thread, sticky, where everyone can comment, and one edits, caring of user comments.

[rejetto]

:!: With the ~files.lst command files from a protected directory can be listed, not downloaded. This could be a privacy issue.
Workaround: Place an empty directory inbetween (and don't publish its name).

AFAIK, it should have been fixed months ago...! (just tested)

[~GeeS~]

Rejetto wrote:

well, the fact opera behaves this way is not an extra danger.
for security you can never rely on the client side.
people can even forge an ad-hoc client.
security mechanisms must be server side.

100% ACK. But isn't it possible to implement a mechanism in HFS which serves an "Access denied" after 3 faulty attempts to login?

AFAIK, it should have been fixed months ago...! (just tested)

Sorry, but I just tested again with beta 44: created a (virtual)directory "test", droppped and dragged a file in it, protected the directory and file with a password, but was still able to list the file:
86.80.17.209  Login: Guest:Guest     goto Test and get the login screen, then try: 86.80.17.209/test/~files.lst  (The user:pass for test is easy guessable and different from Guest:Guest)

[rejetto]

100% ACK. But isn't it possible to implement a mechanism in HFS which serves an "Access denied" after 3 faulty attempts to login?

sure, otherwise it wouldn't be in the to-do list

Sorry, but I just tested again with beta 44:

that is not strange by itself... it would if you also enabled "list protected items only for allowed users". So....was it enabled?