Wikipedia:Reference desk/Archives/Computing/2012 August 11

= August 11 =

WebDAV
I have mapped a file storage-related web site to my Win7 system using WebDAV (using SSL). Can anyone comment on the security/privacy implications of this setup? Does this drive mapping "open up" my computer in any way to the remote web site (or others), or is it more like a conceptual equivalent of FTP? I'm just trying to be safe since a) I have no reason to trust the web site; b) this is Windows; and c) this setup requires no intermediating software--the remote folder sits right there in Windows Explorer.  Is it fair to say that this drive mapping is completely passive and that the connection can have no impact on my system other than the alteration of files on that drive--which of course, is not actually my system? Thanks, Riggr Mortis (talk) 00:26, 11 August 2012 (UTC)
 * It's like FTP, although as with any software there could be remotely exploitable bugs. It's as safe as viewing a PNG image. :-) -- BenRG (talk) 03:36, 11 August 2012 (UTC)

What OS are computers running on LAN
Is it possible (from a linux machine) to find out what operating systems other computers on the same LAN are running? If yes, how? bamse (talk) 08:53, 11 August 2012 (UTC)


 * nmap uses various means to identify the OSes run by various hosts, which it does by profiling various characteristics of their TCP/IP stacks. You should consider the legal implications of port scanning before running nmap or its like on a network you don't control. -- Finlay McWalterჷTalk 09:59, 11 August 2012 (UTC)


 * We also have a TCP/IP stack fingerprinting article. -- Finlay McWalterჷTalk 11:01, 11 August 2012 (UTC)


 * Thanks. In this case I have access to all computers on the LAN, so there should not be any legal issues. bamse (talk) 14:42, 11 August 2012 (UTC)

Encrypted .dmg
Hello. I've done something silly, and forgotten the password to an encrypted .dmg that I made a few years ago. Am I just out of luck, or is there some way I can still open/mount it? If it matters, the file was made using Finder commands in OSX 10.6.8. Thanks, SemanticMantis (talk) 16:21, 11 August 2012 (UTC)


 * My understanding is that dmg is encrypted with AES — which you aren't going to break through before the end of the universe. Your best bet would be, I suppose, to rig up some sort of dictionary attack using the sorts of passwords that you know yourself to use (simple words? words plus a few numbers? random numbers and letters? etc.). This page contains a straight dictionary attack program made for the DMG files. But basically, the answer is, there is no simple way to do it, no, but there may be ways around it, considering that you are likely to know your password styles better than the average person. --Mr.98 (talk) 17:36, 11 August 2012 (UTC)
 * Thanks. I suspect I'll be better off trying to find the original material stashed someplace else :-/ SemanticMantis (talk) 13:10, 12 August 2012 (UTC)

Was my Gmail account hacked ?
An email was sent, not by me, but from my account. It seems to have gone to random people in my address book. The title was "(no subject)" and the sole contents of the email was a link to this web page: link redacted

I'm reluctant to pick on the link. What should I do to prevent this from happening again ? StuRat (talk) 20:18, 11 August 2012 (UTC)


 * What makes you think it was sent from your account? Having you in the From: field means nothing; that's trivial to forge. Remember also that if Dave is in your address book, it's likely that many of the people in Dave's address book are also in yours - so it may be Dave's account that's was hacked.  Make sure your Google password is properly secure (and change it if you're worried); make sure the security questions are unguessable (my mother's maiden name is XIFOEIJFEi7, apparently); consider enabling 2-step authentication. -- Finlay McWalterჷTalk 20:23, 11 August 2012 (UTC)


 * It's in my sent folder. My password uses a combo of numbers and letters, so I'd think it would be good, but perhaps I'd better change it anyway. StuRat (talk) 20:26, 11 August 2012 (UTC)


 * Eek. I'd do that on a clean machine (e.g. one you'd booted into a live cd), in case you have a keylogger - and then thoroughly check every machine you've used gmail on. -- Finlay McWalterჷTalk 20:31, 11 August 2012 (UTC)


 * I echo Finlay's comments. I would, however, add that it could be case of password reuse coming back to bite you: always use a different password for your email account from *all your other accounts*. - Jarry1250 [Deliberation needed] 20:36, 11 August 2012 (UTC)


 * Yes. I'm an advocate of Keepass and having it generate unique passwords. -- Finlay McWalterჷTalk 20:44, 11 August 2012 (UTC)


 * Do I see a pun in that name ? The single P changes it from "keep pass" to "keep ass", as in "keep your ass safe with Keepass". :-) StuRat (talk) 08:52, 12 August 2012 (UTC)


 * How exactly do I change my gmail password ? I don't see the button to allow me to do so. StuRat (talk) 20:40, 11 August 2012 (UTC)


 * http://support.google.com/mail/bin/answer.py?hl=en&answer=6567 -- Finlay McWalterჷTalk 20:44, 11 August 2012 (UTC)


 * Changing the password involves clicking on a gear ? And here I was looking for an eccentric cam to click. :-) StuRat (talk) 23:54, 11 August 2012 (UTC)


 * It's part of Google's general design language to have "options" with a single cogwheel icon. They use this on most of their web properties, on Google Chrome, and on Android. -- Finlay McWalterჷTalk 10:39, 12 August 2012 (UTC)


 * You might also consider enabling two-factor authentication in the future (it means that once a month, you have to let a robot at Gmail call you and read you some numbers; every time someone tries to access the account from a new computer, they need to have access to one of your phone numbers as well). Remember, your e-mail address is the skeleton key to every other website you use it on. It's worth being a little paranoid about it. --Mr.98 (talk) 22:01, 11 August 2012 (UTC)

OK, I changed my password to a more complex one, and the problem hasn't recurred. StuRat (talk) 20:59, 14 August 2012 (UTC)