Continue reading "Opera 8"
It appears that Microsoft has disabled raw sockets completely when the new MS05-019 (kb, exploit) patch is applied. This originally only affected XP SP2 but now affects SP1. Windows 2003 is still unaffected. The quote from the SP2 page is:
Restricted traffic over raw sockets
A very small number of Windows applications make use of raw IP sockets, which provide an industry-standard way for applications to create TCP/IP packets with fewer integrity and security checks by the TCP/IP stack. The Windows implementation of TCP/IP still supports receiving traffic on raw IP sockets. However, the ability to send traffic over raw sockets has been restricted in two ways:
- TCP data cannot be sent over raw sockets.
- UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped.
Why is this change important? What threats does it help mitigate?
This change limits the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets, which are TCP/IP packets with a forged source IP address.
Thsi doesn't make sense to me or others (Fydor of nmap fame). First, I don't think disabling a useful feature to prevent it from being used maliciously is a good way to do things. Second, if the Windows TCP/IP stack wasn't broken this wouldn't be a particularly big problem. Finally, almost every other OS allows the use of raw sockets, which means that the 'malicious behaviour' they discuss can still be pursued. Then in a bizzarre twist, Microsoft allows W2K3 to still use raw sockets? I think they are hoping to reduce the amount of malicious traffic coming from unpatched home machines. If this is the case it would be nice if they could provide an optional 'allow raw sockets' patch.
The petname tool will be enabled anytime you visit a site using SSL strong encryption. Initially, the petname tool will display the text "untrusted". If you decide to form a relationship with the site, overwrite this text with a reminder note describing the new relationship. The petname tool will remember this reminder note and display it every time you visit the site. Be sure to always check that the petname tool is displaying the expected reminder note before sending personal information to a site. If you have the misfortune to land on a spoof site, you'll know it because the petname tool will be displaying the text "untrusted", instead of your expected reminder note.
Continue reading "Website Security with Petnames"
I got this from yesterday's ISC handler's diary. Is it better to release a patch as soon as possible after a vulnerability, mark it as unstable until it can be properly tested, then move it to stable when it is, or to release them all once a month?
There are problems with both models, not the least of which is how much information you are releasing to attackers as most exploits we are seeing are reverse engineered from the patch. However, is it better to deal with one or two exploits over a month or deal with them all for a day or two (or three), and does not releasing the patch for a month actually prevent people from coding exploits?
If you have been reading this blog for much time at all you would know my answers to these questions. I would like to hear yours however.
Continue reading "Patch Tuesday"
Continue reading "15 Myths About Shaka Zulu"
- Attribution. You must give the original author credit.
- Noncommercial. You may not use this work for commercial purposes.
- Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one.
After some further thinking I decided to slap on the new, developing nations license:
- Developing Nations. You may exercise the above freedoms in developing nations only.
I am hoping this will:
- Attribution: Reduce instances of cheating in my realtionship as my girlfriend will now be forced to shout out my name if she uses any of my 'moves'.
- Noncommercial: Prevent prostitution when I am out of my room. I have at least two housemates I wouldn't put it past.
- Share Alike: Help spread the Creative Commons and not just STIs if any cheating does occur.
- Developing Nations: Scare off all those American exchange students who keep pinching my bum.
Yesterday was Taekwon-Do's 50th anniversary. Taekwon-Do was originally started around 1950 for use by soldiers in the Korean and Viêt-Nam. It makes use of scientific principals from physics, particularly the sine wave, to generate pwoer. In 1955 the name Tae Kwon Do, which means "the way of feet and of the hands", was official chosen for the new art by a committee header by Taekwon-Do's founder General Choi Hong Hi. The International Taekwon-Do Federation(ITF) was then formed in 1966. The name was modified slightly in General Choi's 1968 book to Taekwon-Do instead of three seperate words. This was to "emphasize the need of balance between physical and moral or spiritual training (the Do)".Even with such a short history, Taekwon-Do is already an olympic sport and has over 16 million active members worldwide. Rhodes University has a Taewkon-Do club, headed by Bo-Sabum Matt, and is affiliated to the South African ITF (SAITF).
I should have blogged about this about a month ago, and thought I had, but when I went to update the entry with some links gleaned from Susan Bradley, I realised I didn't have one.
A friend of mine, Cyrese, sent me these pictures of the storm over Cape Town last night. Click on the thumbnails for the bigger picture. Wow.
I took a few days off last week and had a relaxing weekend playing Warcraft with my house mates. I am feeling much better.
In the mean time I have come up with a very cunning idea, I will be working on it with Darb and a few of my other RUCUS geeks. I am keeping it secret for a while, at least till I have a decent proof of concept. It will be called "Kujingle", a word derived from some local slang.
The server that hosts my site and many others is having some trouble. The machine has been rock solid for the six years I have been using it, but recently it goes down more than a drunken whore (now thats in poor taste). The problem has never been seen before by anyone in FreeBSD land and they are beginning to suspect foul play. Russell and Drs have been working hard to try and resolve it. I may get a chance to get a snort session up to see what's going on. I am hoping to find an alternative hosting solution for when I leave next year, but I think I may want to sooner.
Continue reading "del.icio.us"