標籤:Linux

如何自動將網站的 http:// 網址轉址為 https://

弱點掃瞄

弱點: Site does not enforce HTTPS

The site responds to HTTP requests without ultimately redirecting the browser to a secure version of the page. Since the site allows plaintext traffic, a man-in-the-middle attacker is able to read and modify any information passed between the site and the user. There are a variety of situations in which an attacker can intercept plaintext traffic in a man-in-the-middle position, including but not limited to:

  1. Open Wi-Fi Hotspots
  2. WPA/WPA2 encrypted hot-spots where the attacker connected before the victim
  3. Malicious Wi-Fi access points
  4. Compromised switches and routers
  5. ARP poisoning on the same wired network

It's important to remember that in many of the above situations, an attacker can not only read traffic, but also actively modify the traffic. Even if a site that does not contain sensitive information, an attacker can still inject malicious content to a user’s browser.

  • Severity: High
  • Risk: Site does not enforce the use of HTTPS encryption, leaving the user vulnerable to man-in-the-middle attackers (who can falsify data and inject malicious code).
  • Recommendation: Any site served to a user (possibly at the end of a redirect chain) should be served over HTTPS.

繼續閱讀

[Android Auto]如何解決導航時 GPS 的訊號不良、訊號中斷問題

Android Auto 車機的 GPS 定位問題

我的車機是 Pioneer AVH-Z9250BT,手機是小米 12,我通常是使用無線的方式連接車機的 Android Auto

不過在車機上的 Android Auto 使用 Google Maps 導航時,偶爾會出現行車位置漂移、GPS 訊號中斷、正在搜尋 GPS 訊號,或無法顯示地圖...之類的問題! 但是同一時間,如果我開啟手機上的導航王來查看,導航王的定位卻又無比正確!

原本以為是我的車機太爛,或有相容性的問題,上網尋找答案,又發現很多網友有同樣的問題,其中也不乏一些百萬名車內建的車機! 幸好有找到解決方法!
繼續閱讀

CentOS 5/6 改為可用的 yum 套件庫來源 (2022)

若執行 yum 出現:

http://mirror.centos.org/centos/6/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
To address this issue please refer to the below knowledge base article

表示系統預設的 yum 套件庫可能已經不存在!

我們可以在 vault.centos.org 找到可用的套件庫來源:

  • vault.centos.org: http
  • archive.kernel.org: http - rsync (rsync://archive.kernel.org::centos-vault/)
  • linuxsoft.cern.ch: http - rsync (rsync://linuxsoft.cern.ch/centos-vault/)
  • mirror.nsc.liu: http - rsync (rsync://mirror.nsc.liu.se::centos-store/)

繼續閱讀

CentOS 安裝 xrdp (yum)

安裝流程

1. xrdp 是放在 EPEL 套件庫,所以我們要先安裝 EPEL。依據不同版本的 CentOS 請參考: CentOS 如何加入第三方 Yum 套件庫: EPEL
2. 安裝 xrdp 及 tigervnc server:

yum install xrdp tigervnc-server

3. 啟動 xrdp

service xrdp start

4. 加到開機自動執行

chkconfig xrdp on

PS. 只要啟動 xrdp 即可,tigervnc server 裝好後就不用理它了。

設定與登入

設定與登入的方式與之前的教學一樣,請自行參考。

參考網頁

  1. 安裝 xrdp v0.6.0 (原始檔)
  2. Linux 上的遠端桌面中繼程式: xrdp (v0.4.2)
  3. CentOS 如何加入第三方 Yum 套件庫: EPEL