Continue reading "TAC and SAMA are taking Minister of Health and Rath to court"
This entry was thought up while discussing the value of the SANS Top 20 vulnerabilities over at the OSVDB blog. OSVDB tends to split vulnerabilities up, while other databases, most notably CVE tends to group issues under one reference. Here are some disclosed vulnerability trends across databases:
- 2005
- OSVDB: 6161
- Secunia: 4120 (very rough, taken from values observed here)
- CVE: 4125 (not 3888)
- 2004
- OSVDB: 4628
- Secunia: 3190 (also very rough)
- CVE: 2327 (not 2283)
- 2003
- OSVDB: 2628
- Secunia: 2780 (did I mention this was rough)
- CVE: 1247 (not 1246)
Continue reading "Vulnerability stats"
I don't have much experience with 'in the field' as yet, but I haven't met many unix administrators who don't care or assume their networks and hosts are safe by virtue of their operating system. I have seen clueless administrators who just don't know how to set a box up properly and end up with every service possible running and most of it mis-configured. However, that is due to stupidity rather than complacency.
I liked the name so much I changed my blog description to 'mechanical derangement'. In my previous entry on the subject I was referring to a great sci-fi short story I had once read about a future where "millions of common, everyday objects—your toothbrush, your coffee maker, your shoes, the box of cereal on your shelf—began to exhibit massive processing power and interobject communication" which can sometimes lead to the creation of a "spontaneous assemblage—or 'bleb,' as most people called such random accretions of intelligent appliances and artifacts, after the biological term for an extrusion of anomalous cells."
It won a Nebula (I think) and is available on-line:
And the Dish ran away with the Spoon
by Paul Di Filippo
Cody sat back and began to laugh. "Is that all? My god, what a trivial thing to worry about. Blebs just happen, Kaz, anytime, anywhere. You can't prevent them. And they're mostly harmless, as you well know. You just knock them apart and separate the components." Cody snorted in what I thought was a rather rude and unsympathetic fashion. "Blebs! It's like worrying about—about robber squirrels or vampire pigeons or running out of SuperMilk."
Blebs were a fact of life. Cody was right about that. But they weren't always trivial or innocent.
One had killed my parents.
I have had this entry in draft for far too long, I have been meaning to finish it, but since that doesn't look like it is happening. Here it is.
Originally written: 2005-07-20 03:14
Recently on commentary.co.za there has been a flurry of pro-sweatshop activity. There has been a lot said and not all of it is in one place. I will attempt to respond to the main points, but please point out if I have missed something.
Continue reading "Sweatshops are bad, mmmkay"
At first I thought this was a new exploit, then thought it was an old one, but now realise it is a new exploit. It seems that this was first discovered by Benjamin Tobias Franz several months ago, however it was only a DoS then. It appears he didn't disclose the flaw responsibly. However, Computer Terrorists figured out how to turn the DoS into code execution and made no additional effort to report the flaw to Microsoft. That's not cool. This does not free Microsoft of responsibility, they should have seen the DoS and fixed it six months ago, but they couldn't have seen this version coming.
Computer Terrorists, your actions will contribute to a rise is spyware and support the idiot criminals who make the internet a bad place. This is an obvious piece of glory hounding and you deserve to lose clients for your lack of ethics.
UPDATE: There's a snort signature. FrSIRT also has the sploit.
UPDATE II: The ISC just raised the InfoCon Threat Level to yellow.
UPDATE III: Microsoft has released an advisory.
1I don't want to contribute to their pagerank, I am sure you can figure out the proper link.
I am filling out transport insurance forms to get my stuff moved from our sleepy University town to the big city. I am told that the insurance covers 'mechanical derangement' unless otherwise specified. I was wondering what the likelihood of mechanical derangement is? I once saw my vacuum cleaner, iron and iPod bond together to form some sort of pseudo-intelligent animal that tried to murder my brother. Insurance wouldn't let me claim on the iron burns, sneaky tricksters.
This is a chance to share your story, have you been a victim of mechanical derangement.
Rollyo is a pretty cool idea.
I recently started using Gmail and am quite concerned over the lack of transparency.