Adding new pgp keys to apt September 22, 2008
Posted by maxmil in : Debian, Security , add a commentI’ve had to search for this too many times its about time that i jot it down here.
After adding a new repository to my /etc/apt/sources.list i often get an error something like
W: GPG error: http://some.address Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY XXXXXXXXXX
The solution is a two liner
gpg --keyserver hkp://subkeys.pgp.net --recv-keys XXXXXXXXXX
gpg --export --armor XXXXXXXXXX | sudo apt-key add -
Where XXXXXXXXXX is the key in the original error message.
Setting up sudoers on SUSE August 20, 2008
Posted by maxmil in : SUSE, Security , add a commentJust been given a SUSE box to set up. The default configuration of sudo is different to what i’m used to. By default sudo will ask for the password of the targetted user (that is root in most cases) not the users own password.
To change this back to asking for the users own password just comment the line (and possibly the line following it:
Defaults targetpw
Subverting Ajax January 13, 2007
Posted by maxmil in : Ajax, Security, javascript , add a commentSecurity risks related to Ajax and ways to execute javascript using XSS.
http://www.wisec.it/vulns.php?page=9
http://www.wisec.it/rdr.php?fn=Projects/1158-Subverting_Ajax.pdf