Google is becoming famous as a hackers best friend for exposing vulnerabilities. Now Google Desktop is doing the same.
Bruce Schneier talks about how it is showing up many poorley implemented programs and exposing cache's that shouldn't be there.
Bruce Schneier talks about how it is showing up many poorley implemented programs and exposing cache's that shouldn't be there.
Following on from this post, it seems plans are well on track for Bush to get rid of this bloody irritating hyper-power we call America.
According to Stephen Roach, the chief economist at investment banking giant Morgan Stanley:
"Roach sees a 30 percent chance of a slump soon and a 60 percent chance that ``we'll muddle through for a while and delay the eventual armageddon.''
The chance we'll get through OK: one in 10. Maybe.
In a nutshell, Roach's argument is that America's record trade deficit means the dollar will keep falling. To keep foreigners buying T-bills and prevent a resulting rise in inflation, Federal Reserve Chairman Alan Greenspan will be forced to raise interest rates further and faster than he wants.
The result: U.S. consumers, who are in debt up to their eyeballs, will get pounded."
He also has some scary facts to back up his case. Thank God America was so anal about trading with us and our currency is more reliant on the Euro which is doing fine, thank you. Not so lucky for my family, as my step-Dad is an expat who relies on his dollars.
According to Stephen Roach, the chief economist at investment banking giant Morgan Stanley:
"Roach sees a 30 percent chance of a slump soon and a 60 percent chance that ``we'll muddle through for a while and delay the eventual armageddon.''
The chance we'll get through OK: one in 10. Maybe.
In a nutshell, Roach's argument is that America's record trade deficit means the dollar will keep falling. To keep foreigners buying T-bills and prevent a resulting rise in inflation, Federal Reserve Chairman Alan Greenspan will be forced to raise interest rates further and faster than he wants.
The result: U.S. consumers, who are in debt up to their eyeballs, will get pounded."
He also has some scary facts to back up his case. Thank God America was so anal about trading with us and our currency is more reliant on the Euro which is doing fine, thank you. Not so lucky for my family, as my step-Dad is an expat who relies on his dollars.
I meant to blog about this. Buy Nothing Day is an initiative by Adbusters to educate people about consumerism. To quote their page:
"For 24 hours, millions of people around the world did not participate -- in the doomsday economy,
the marketing mind-games, and the frantic consumer-binge that's become our culture. We paused. We made a small choice not to shop. We shrank our footprint and gained some calm. Together we said to Exxon, Nike, Coke and the rest: enough is enough. And we helped build this movement to rethink our unsustainable course."
So next time you want to buy that meaningless trinket for the sake of it, or support a corporation responsible for human rights abuses, think about it, I mean really think about it.
"For 24 hours, millions of people around the world did not participate -- in the doomsday economy,
the marketing mind-games, and the frantic consumer-binge that's become our culture. We paused. We made a small choice not to shop. We shrank our footprint and gained some calm. Together we said to Exxon, Nike, Coke and the rest: enough is enough. And we helped build this movement to rethink our unsustainable course."
So next time you want to buy that meaningless trinket for the sake of it, or support a corporation responsible for human rights abuses, think about it, I mean really think about it.
SCO's website has been hacked, with the hacked page still up at the time of writing. The register has an article on it. A very tasteful hack with no silly 1337 sp33k or rude words. Of course this will give SCO and its supporters a chance to demonise the entire linux community as crackers now. Still it is quite funny.
Click the thumbnail below for a full picture.
UPDATE: It seems this wasn't the only SCO page hacked.
Click the thumbnail below for a full picture.
UPDATE: It seems this wasn't the only SCO page hacked.
I have paid the deposit and my first month's rent on the house I will be living in next year. I have also paid for most of the furniture I have bought. I did this all with my own money. It feels good to be independant. I will be living with eight people next year. We have a huge house and garden with a perfect spot for an outside bar. Outhouse included. I am looking forward to that immensley.
I then spent the day moving furniture and trunks around with the help of cliff, his bakkie, russell and cathy. I will be moving in officially on the 1st of Dec.
In the meantime I can't help thinking this is the end of an era. Shaggy is finally leaving after seven years, Robz is leaving, Ox is leaving and the last of the people I was in first year with are leaving too. Here's to anonymity, obscurity and getting some work done.
I then spent the day moving furniture and trunks around with the help of cliff, his bakkie, russell and cathy. I will be moving in officially on the 1st of Dec.
In the meantime I can't help thinking this is the end of an era. Shaggy is finally leaving after seven years, Robz is leaving, Ox is leaving and the last of the people I was in first year with are leaving too. Here's to anonymity, obscurity and getting some work done.
Thanks to Russell for pointing out this story (Register, BBC, Guardian). It describes how an attempt to upgrade from Windows 2000 to Windows XP caused BSOD's across the entire organisation. This is a great demonstration of three points relating to my thesis:
This entry is more a bookmark for a great example to include in my write-up.
- Always test any changes in a test lab first.
- NEVER apply a change 'live' without testing.
- Stories like this one are why people are scared to patch.
This entry is more a bookmark for a great example to include in my write-up.
Our department held its year-end steering committee meeting with industry sponsors on Thursday morning. Some of the post grad strudents gave presentations on their work.
Continue reading "Industry Sponsor Presentation"
Network World Fusion had a debate between all the major patch players. The full debate can be seen here.
The very rough summary is that everyone but Shavlik said that patching is part of a larger configuration/security management and their products seem to follow suit. Shavlik on the other hand recons that because patching is so difficult a singular focus is needed.
I tend to agree with Shavlik here. By developing something which just does patch managment with all the dependencies this implies, you will have an extremely complex system. To extend this further is over scoping. Get the more important part, patching, right then use the developed infastructure to provide other services later. This is far closer to the unix philosophy of "do one thing and do it well".
And nobody is doing it well.
The very rough summary is that everyone but Shavlik said that patching is part of a larger configuration/security management and their products seem to follow suit. Shavlik on the other hand recons that because patching is so difficult a singular focus is needed.
I tend to agree with Shavlik here. By developing something which just does patch managment with all the dependencies this implies, you will have an extremely complex system. To extend this further is over scoping. Get the more important part, patching, right then use the developed infastructure to provide other services later. This is far closer to the unix philosophy of "do one thing and do it well".
And nobody is doing it well.
It seems Oracle has jumped on the regular patch scheduling idea. They will be releasing 'critical' patches quarterly. That just seems completely ridiculous to me. How can you leave your customers without 'critical' patches for 3 months? I understand the need for scheduling, but come on?
UPDATE:Gartner agrees with me, but in more detail.
UPDATE:Gartner agrees with me, but in more detail.
Security Focus has a great guide on setting up ssh-agent. It took me a while to figure most of this out when I first tried it and this article would have been usefull. It also had some tips I wasn't aware of such as the '-c' flag to ssh-add to make it popup a confirmation dialog when the agent is used.
After my rantings on the unpatched IFRAME vulnerability, something did go wrong.
Early last Saturday morning it was discovered that the Register's banner ads contained a redirect to a compromised comedy central site containing malicious code utilising the IFRAME exploit. It took a few days to contain the fire and several thousand machines where probally successfully hit. To quote the Register:
If you may have visited The Register between 6am and 12.30pm GMT on Saturday, Nov 20 using any Windows platform bar XP SP2 we strongly advise you to check your machine with up to date anti-virus software, to install SP2 if you are running Windows XP, and to strongly consider running an alternative browser, at least until Microsoft deals with the issue.
As this was a banner ad service that was hit many other sites utilising this service would have been distributing the malicious code. SANS has an excellent write up of what happened on their side, with Vital Security having compiled a complete report along with malware analysis.
Early last Saturday morning it was discovered that the Register's banner ads contained a redirect to a compromised comedy central site containing malicious code utilising the IFRAME exploit. It took a few days to contain the fire and several thousand machines where probally successfully hit. To quote the Register:
If you may have visited The Register between 6am and 12.30pm GMT on Saturday, Nov 20 using any Windows platform bar XP SP2 we strongly advise you to check your machine with up to date anti-virus software, to install SP2 if you are running Windows XP, and to strongly consider running an alternative browser, at least until Microsoft deals with the issue.
As this was a banner ad service that was hit many other sites utilising this service would have been distributing the malicious code. SANS has an excellent write up of what happened on their side, with Vital Security having compiled a complete report along with malware analysis.
Continue reading "IFRAME Banner Ad Attack"
Following on from my previous entry I have redesigned my SUS reporting tools. Right now they can provide pretty much all the details you would need. I have written a few output scripts to demonstrate that. I have also provided a fair bit of detail as to how they work.
There is a lot of commonality in the way stuff is outputted so I will soon be adding a mini-query language with which new reports can be made very easily.
I am also going to add the ability to output to XML and CSV and hopefully provide some nice stylesheets.
Hopefully these will be at 'production' level soon.
There is a lot of commonality in the way stuff is outputted so I will soon be adding a mini-query language with which new reports can be made very easily.
I am also going to add the ability to output to XML and CSV and hopefully provide some nice stylesheets.
Hopefully these will be at 'production' level soon.
I recently got SUS up and running and got hold of Ken Hoover's perl scripts to provide some reporting ability. I then spent all night extending them. Here are the fruits of my labour.
I am still working on them, so please send me feedback.
UPDATE:
I realised that output specific scripts were not the way to go and came up with a whole new system. This one should make producing different outputs/reports much easier. Still early work.
I am still working on them, so please send me feedback.
UPDATE:
I realised that output specific scripts were not the way to go and came up with a whole new system. This one should make producing different outputs/reports much easier. Still early work.
Thanks to Susan Bradley for pointing out that Microsoft has announced the release of the first WUS Public Beta.
Windows Update Service(WUS) is the successor to the Software Update Service(SUS) that Microsoft has been promising for a while. WUS promises to improve upon SUS quite a bit, primarily by providing the ability to patch more products and provide much better reporting.
I just got SUS set up for myself and am busy working on some reporting tools and will be testing it along with other patch management software in one of our public labs next week. I think WUS will be an excellent addition to these tests.
WUS depends on BITS 2.0 beta being installed. Get it fo Windows 2000 Server or Windows Server 2003.
UPDATE:
According to Yahoo! the final release date is a year later than the original schedule. With the growth in patch management this year I can understand there must have been a lot of scope creep.
Windows Update Service(WUS) is the successor to the Software Update Service(SUS) that Microsoft has been promising for a while. WUS promises to improve upon SUS quite a bit, primarily by providing the ability to patch more products and provide much better reporting.
I just got SUS set up for myself and am busy working on some reporting tools and will be testing it along with other patch management software in one of our public labs next week. I think WUS will be an excellent addition to these tests.
WUS depends on BITS 2.0 beta being installed. Get it fo Windows 2000 Server or Windows Server 2003.
UPDATE:
According to Yahoo! the final release date is a year later than the original schedule. With the growth in patch management this year I can understand there must have been a lot of scope creep.
The ISC has been talking about an increase in SSH brute force scanning attempts around the world. Here are some of their posts:
This resulted in some activity from our sysadmins resulting in this e-mail sent to the organisation, detailing how to lock down your ssh. The snip I am interested in is:
"Over the last month or so, Rhodes has seen a significant increase in the number of attempts to break into systems running SSH daemons. These attempts take the form of a dictionary style attach against the root user account and are often logged as failed attempts in the system logs. At peak times we're seeing roughly six hundred attempts a day on various systems at Rhodes. So far at least one student machine has been compromised through a weak root password."
I am not a sysadmin nor am I part of running our Universities systems, which gives me the luxury of comment. Was this the best way of handeling this incident? If the ISC has been warning about SSH attacks since August and the sysadmin's had been seeing the same things here, then why not issue this warning before a successfull attack? There are other issues involved and I wouldn't mind some feedback. For example is this a 'scare tactic' that will eventually get security warnings ignored? Does anybody running a Unix machine even read Toplist?
- http://isc.sans.org/diary.php?date=2004-08-22
- http://isc.sans.org/diary.php?date=2004-08-29
- http://isc.sans.org/diary.php?date=2004-08-30
- http://isc.sans.org/diary.php?date=2004-09-11
- http://isc.sans.org/diary.php?date=2004-11-02
- http://isc.sans.org/diary.php?date=2004-11-04
This resulted in some activity from our sysadmins resulting in this e-mail sent to the organisation, detailing how to lock down your ssh. The snip I am interested in is:
"Over the last month or so, Rhodes has seen a significant increase in the number of attempts to break into systems running SSH daemons. These attempts take the form of a dictionary style attach against the root user account and are often logged as failed attempts in the system logs. At peak times we're seeing roughly six hundred attempts a day on various systems at Rhodes. So far at least one student machine has been compromised through a weak root password."
I am not a sysadmin nor am I part of running our Universities systems, which gives me the luxury of comment. Was this the best way of handeling this incident? If the ISC has been warning about SSH attacks since August and the sysadmin's had been seeing the same things here, then why not issue this warning before a successfull attack? There are other issues involved and I wouldn't mind some feedback. For example is this a 'scare tactic' that will eventually get security warnings ignored? Does anybody running a Unix machine even read Toplist?