I have written a script that will tidy up majordomo config files as follows…

• Only shows lists you are subscribed to with the ‘lists’ command
• Does not allow anyone to use the ‘who’ command to get addresses
• Doesn’t allow anyone to use the ‘which’ command to get addresses

This can either be run once or added to /etc/cron.daily so that any new lists created are forced to the correct settings.

Simply download the file, change the directory path at the top of the file if required and execute. Download Here.

Securing Majordomo is a post from: Dogsbody.org

We already have mobile phone tracking sites that allow you to find out where in the country a phone is logged on (to quite a good resolution too). While most of these sites require some form of authentication with the phone for public use the information is obviously there to phone company employees and the people behind these sites, who knows who has access to this info.

The other security concern is the vulnerabilities of the phones, apparently with Coldplays latest album, posters in London were offering to upload a free mp3 track from the album to bluetooth phones passing by. Nearly all first generation phones that support bluetooth are hackable with new vulnerabilities being discovered on phones all the time. Bluetooth can already be used to control a vulnerable phone, for example to make it call a premium rate number without the owner knowing. If I were to use Internet Explorer as a browser I could pick up spyware just by visiting a webpage, now people will be infecting their phones by playing affected MP3′s that they have downloaded for free from rogue posters. Neither of these techniques are new but in this ever mobile age the transport methods are changing and the speed these changes are implemented are getting faster.

Bluetooth security and advertising is a post from: Dogsbody.org