Monday, March 31, 2003

Config files

I think Sterling Hughes has hit upon a good idea: he's posting his Configuration Files via his blog. So far he has: zsh, windowmaker, vim, emacs, mutt and Xresources. As I only use one of those (vim), I guess I'll get around to posting mine: wharf, vim, procmailrc, fetchmailrc, etc.

Stay tuned!

Take it with a grain of salt

For those of you that are just getting started with surfing the Internet, heads up!

Tomorrow is April Fool's Day (aka All Fools' Day) and things might get a bit confusing. It's become somewhat of a tradition to "spoof" news articles (usually making fantastic and almost believable claims). Don't believe anything to read tomorrow unless it's collaborated by some other mainstream media. Then again, they've often been fooled to.

Anyone want to place bets on when we'll first see "Iraq Wins War, US/Britian Surrenders!"?

Information Overload

Okay, I'm deep into the deep information overload which happens whenever I discover a new tech, usually Internet based, but not always. This time, I'm dragging you with me, at least for a short distance.

Bare with me for a bit, I promise I'll pare down the links on the left. It may take a bit and might get worse before it gets better. For now, you can blame it on Amphetadesk (yep, another plug).

Sunday, March 30, 2003

Just Totally Disgusting, Like Really!

Gag me with a spoon!

Okay, I showing my age but I was playing around with Amphetadesk, fidgeting with the code and adding sites, when it hit me in the face like a wet fish. There a blogs devoted to B. Spears (they're listed in the "Add a Site" section)(I'm not going to add to the problem by typing her full name).

Blogs about work, yourself, or your dog are one thing. Blogs about specific other people (IMO) somehow borders on cyberstalking. Placing my own glass house at dire risk, let me say that someone needs a life.

Don't believe me? Google for "spears blog". I wonder if I can get Morbus to tweak the next release to skip over B. entries?

Amphetadesk Date Mod

I really like Amphetadesk, it allows me to rapidly wade through entries from various blogs without waiting for the remote website to load. While it does indicate if a site has been recently updated, it doesn't indicate the entry time for each story (not all feeds have this functionality). The following code will solve this problem (if the originating site uses dc:date in it's output)(I freely admit that I don't yet understand the differences between RSS, RDF, XML feeds and their variants.).

This mod sort of falls in with Ned Batcheld's and Morbus Iff's conversations about "Local Webservers as Applications" and "Amphetadesk Customizability".

Edit Amphetadesk/templates/default/headlines.html (in v 0.93.1). After the section which reads:

# display the actual item.
to_browser(qq{

\n});
to_browser(qq{ {link}" target="$link_target">\n}) if $item->{link};
to_browser(qq{ $item->{title} \n}) if $item->{title};
to_browser(qq{
\n}) if $item->{link};
to_browser(qq{

\n});

Add the following:

if($item->{"dc:date"}) {
   my ($itemdate,$itemtime)=split(/T/,$item->{"dc:date"});
   to_browser(qq{

\n});
   to_browser(qq{ $itemdate $itemtime });
   to_browser(qq{

\n});
}

Saturday, March 29, 2003

DDoS Stuff

A link page with a lot of links to tools, papers, etc.

PHP Security

O'Reilly's LAMP project has a good article on security for PHP coders. Topics include user-accessible variables, MySQL, and escaping HTML characters. Somewhat applicable to other CGI coders, too.

Friday, March 28, 2003

Faugh on Microsoft

From the Should-This-Fall-Under-A-Malicious-Vendors-Category? Category:

MS Win NT, XP, & 2000 are susceptible to a vulnerability in the RPC service which listens on port 135. A specially crafted packet causes the RPC service to shutdown, effectively becoming a very economical DoS.

The part of the issue that really stinks is that, while Microsoft has provided patches for XP and 2000, there will be no patch for NT. Microsoft claims that it would be "too hard" to fix.

Yes, there is an easy work-around (if you can live without port 135) but that's not the point. In my opinion, NT owners can consider themselves abandoned.

Still think it's not that important of an issue? Well, let me try another tack...

TechNet has an explanation of how Outlook connects to Exchange. (For those of you in a hurry, click on the link entitled "An Example of RPC Client-Server Communications".) Yes, the article also states that you shouldn't expose port 135 to the Internet but you're going to have to explain that to every small business on the planet that couldn't afford (or understand) a firewall after buying NT Server, Office, and Exchange.

Keep in mind this is only one example. Microsoft systems are commonly connected directly to the Internet by organizations and individuals that don't understand the need for a firewall (or couldn't afford one at the time). TCP port 135 is tied in with the operatio of DHCP, DNS, and WINS. It also has communications between clients and IIS, Active Directory and Exchange.

The end result is that small business owners have "one more reason to upgrade" which stinks (squeeze another $5K out of a small business that is already seeing lean times). That or Bob-from-Accounting won't be able to use his Outlook client from home.

Sources:

Thursday, March 27, 2003

CNN and BBC Feeds

For those of you that like your news in XML format:
  • CNN: http://www.newsisfree.com/HPE/xml/feeds/15/2315.xml
  • BBC: http://www.bbc.co.uk/syndication/feeds/news/ukfs_news/world/rss091.xml

Wednesday, March 26, 2003

Faugh on SecFocus

The Register has an article about a Security news startup whose intent is to replace SecurityFocus as a source of news. Ever since SecFocus's purchase by Symantec, they've conformed to the "responsible reporting ethic" which amounts to "don't let the public know what the bad guys know until the vendor has a patch".

Many, myself included, think this practice is dangerous and poorly designed. Example: If a hackers can gain access to my machine just because a specific feature is turned on in my web browser or mail client, I think I should know about it right away rather than quietly allowing 2-4 weeks for the commercial vendor to publish a patch. 2-4 weeks in Internet time is an eternity.

Anyways, quoting The Register:

Secunia makes no bones in saying that its Security Advisories mailing list initiative is a direct attack against competitor SecurityFocus. The Danes are highly critical of SecurityFocus and security clearing house CERT. And they hope that their Secunia mailing list will replace at the "one source of information regarding the latest vulnerabilities and the security patches released by vendors".

Hopefully, they'll live up to this one. I won't be giving up on SecFocus though, it's still a good source of information, delayed or not. I just wish they'd go back to the old interface on the web. The current one, while looking "pretty", detracts from the site's usefulness.

Tuesday, March 25, 2003

Myths About InfoSec

Information Security has an article about various myths when working in Information Security. While it's more of an article for managment than techs, it's still "a good read".

Monday, March 24, 2003

Perl Tutorials

35+ tutorials for doing specific things with Perl. Thanks to Ron on the DBI mailing list (and owner of the website) for pointing it out.

Sunday, March 23, 2003

HP Error Codes

Just so's I can remember it, this is a listing of common error codes for HP Printers.

News aggregator

It's still in alpha but visit here to view the output from my news aggregator.

Features include:

  • Grabber runs every two hours.
  • Filters for new items, ignores the rest.
  • Order follows the order in the "grab" file
  • Written in Perl and doesn't require any additional modules.

I would like:

  • Order to be chronological.
  • Better handling of various formats
  • Auto-truncating of long content (into a pseudo-description)
  • Better handling of encoded and non-encoded content.
  • A MySQL back-end (hint to the powers-that-be here!)

Eventually I'll build into into a CGI script and add a few other features. Suggestions? Comments?

DRDoS Theory

It's a year old but it's a very good explanation of Distributed Reflective Denial of Service Attacks. Includes a basic explanation of the three-way handshake and SYN flooding. Steve Gibson wrote it in response to an attack on his company's systems by "the Internet".

Saturday, March 22, 2003

Drawing a line in the sandbox

OMG!! Microsoft has been ordered (by the Advertising Standards Assn. of South Africa) to cancel an advertisement that was to run in various business and trade journals which claimed that the hacker will soon be extinct due to the security of Microsoft products. Reason: truth in advertising.

Ignoring that, a short extra credit quiz (1 point for each answer):

  • List the companies the learned the truth the hard way after claiming that their product was hackerproof. (2 extra points if the company no longer exists.)
  • List the companies that have done this more than once (5 extra points if the company no longer exists)
  • List the companies that are likely to be on hacker radar for making this type of claim (no points for answering the obvious).

I guess Microsoft still hasn't learned to properly reign-in their marketing types.

DEFCON Archives

DEFCON has various audio, video, and softcopy of various presentations from its first ten conferences. Thumb through them here.

Thursday, March 20, 2003

Online CISSP Quizes

I haven't played with it yet but this site might prove helpful for those of you/us studying for the CISSP exam. Thanks to InfoSysSec.com for pointing it out.

If you do take any of the quizes, please post a few comments here about your experience.

Wednesday, March 19, 2003

Removing ^M's from text

(Using Vi) The only hard part about this is figuring out the proper key combination to generate the regular expression. To remove the ^M's, type:

:1,$s/^M//g

or

:%s/^M//g

where:

  • "1,$" or "%" designates "do the following to the whole file"
  • "^M" is generated by hitting "Control-V Control-M" (that's a capital V and M)
  • "g" signifies "perform the substitution with every matching instance in each line"

Source: alt.unix.wizards newsgroup

Breaking the glass...

Tuesdays and Thursday are going to be light for awhile as I have class on those nights. Here's a bit of filler from the recent past:

Win32 is susceptible to a unique form of attack called a shatter attack. It involves a buffer overflow in the message queueing that occrus between onscreen windows, specifically those for user input. Chris Paget, the paper's author, states that the vulnerability is currently unfixable (requires a major rewrite in how Win32 does business). It's not as bad as it sounds though, the exploit requires physical presence at the console.

Tuesday, March 18, 2003

Forging OS Fingerprints

David Barroso Berrueta has released a paper about defeating Nmap OS fingerprinting.

Why would you want to do this? How about: it's one less piece of information that you're giving to hackers. David gives additional reasons in his paper.

Monday, March 17, 2003

Place your bets now!

Having served my time as Lord King Log File Reader at a large organization, I've become quite cynical when it comes to the use of the Internet as an entertainment tool. It's been an acknowledged "fact" that a major portion of Internet traffic is devoted to porn, be it e-mail, FTP, or web.

My question is: how long before we see pr0n blogs? (Do we call them bl0gs? b0rgs?) (heh)

Hey, we've seen spam show up in MT blogs as some miscreant tunes up his Perl scripts.

It's only a matter of time. Place your bets now!

Silly photo of the week



Did she really?
Give it to him, I mean!
The IPod, stupid! (Not it!)
Actually, it's a link to a bit about engraving your swag.

Source: http://nslog.com/archives/2003/03/16/my_ipod_engraving.php

Sendmail compiling for the no-server crowd

For anyone who only wants a box to e-mail it's own logs (and not run a server) and that's still trying to figure out how to get the newest version of Sendmail to run without the "Connection refused by 127.0.0.1" error:

   Edit /etc/mail/submit.cf so that the DS line contains the FQDN to your upstream mail server.

   Example: DSmail.myisp.com

You'll also need to set root:smmsp permissions on /var/spool/mqueue.

Hope this saves someone else some time (it took a bit of reading on my part).

Ganda (SwedenSux) Virus

Yet another mass mailing virus has been detected in the wild. Like others, it carries its own SMTP engine and grabs addresses out of the local Outlook address book. Side note: VE states that "initial analysis would also suggest that the sender's from: address is not spoofed."

By all appearances, this is another virus that's easily blocked by stripping executables at the gateway. As they've only captured 3 copies of the virus, analysis is still a bit thin. Read it here.

Sunday, March 16, 2003

We've been spammed

I used to run a newsgroup. It regularly got spammed. I regularly got pissed.

I used to manage a mailing list. It regularly got spammed. I regularly got pissed.

This list has been spammed 8 times in the last two days by the same person. I wonder what the laws are concerning unsolicited advertisements in personal journals with fake return addresses. Any lawyers reading this? (The list is located in Virginia.)

If anyone sees spam in the comments, please e-mail me and I'll remove it. I'm off to find the owner of the website that was advertised.

Saturday, March 15, 2003

CMS testbed

Thinking about trying or buying a content-management system (CMS)? How'd you like to try some of them out before downloading them. OpensourceCMS.com has approximately 40 or so of 'em that you're allowed to try out for an hour, after which the content resets.

Wanted: Graphics

I'm currently searching for graphics to include in the subject line, to indicate what category each post falls into.

Help!!!

I wannabe the Guine Pig!

Phone scoop has a short on a design concept that I'd like to volunteer to be a tester for: Phone Scoop : Frog Design / Motorola Offspring Wearables Concept. Basically it's a wearable bluetooth network incorporating a cell phone, pda, and various other electronic swag. They're calling it a Wearable Digital Assistant (WDA).

TCP checksum manipulation

Phrack has an article about TCP checksum manipulation and using it to analyze networks.

Supposedly, you can supposedly trace MitM attacks with it. If you actually try this, would you forward the results to me? Possibly something for the security lab at school? Definitely a good project for CISSP certification: "How to trace MitM's".

Swapping two adjacent characters

Say, like me, you occasionally type with your feet (or it looks like you do). You get going so fast that you accidentally type "owrk" rather than "work". To quickly fix it, go back to the first wrong character (in this case, you can hit "B" to jump back to the start of the word) and hit "xp". This will effectively swap the two transposed characters.

Friday, March 14, 2003

XOR Tutorial

InfoSec Writers has a short tutorial on XOR theory. This is one of the basic ideas behind netmasks, cryptography (sessions keys negotiation!), and polymorphic viruses. It's well worth knowing how this works.

For those of you that need to know more of the basic: try LearnTCPIP.com to learn about TCP/IP, subnetting, DNS, and the OSI model.

Shell escape to AWK

Yep, I use Vi as an editor and am always looking for new tricks. As such, I'll include them here unless I notice sudden upswing in sales of pitchforks and torches to the villagers.

Following is a neat trick for pulling a document through awk from inside of Vi. Say you generate a file by typing:

   ls -l > myfile

"myfile" then contains like:

   -rw-rw-r-- 1 joat joat 610 Oct 29 10:28 whois

You can then generate a list of shell commands by typing:

   :1,.!awk '{print "cp",$9,$9 ".bak"}'

An alternative to this is:

   :%!awk '{print "cp",$9,$9".bak"}'

This takes the ninth field in each row and inserts it into an output line with the format of

   cp whois whois.bak

Source: UNIX IN THE ENTERPRISE newsletter for 13 March 2003.

If it still works, why throw it out?

The subject (above) has been a contention between my wife and I for years.

For years, I used a second-hand HP DeskJet 400. It was the only printer in the house for at least 2 years and I've owned it for at least 5. After two moves and a new computer purchase, it seemed easier to just push the file across to my wife's computer and onto the printer which was part of the purchase deal. I refused to throw the old printer out on the basis that "it still works". The ink cartridge had long sinced dried out (I'd run it low right before a move), and I wasn't willing to risk $30 to find out that the printer was dead, so my side of the argument was on shaky ground.

This last move was to a smaller house, meaning that there are a lot of cardboard boxes still in the garage after a year. In rooting around for a screwdriver set, I came across the nice case, that comes with the printer, that protects your alternate (black or color) cartridge. Surprise! There was still a bit of liquid ink in that one! Further digging revealed a 6' printer cable and my old SMC router.

What I now have is a nice remote printer which will allow me to dump stuff to printer first thing in the morning, go get ready for work, and grab the output on my way out the door. Now all I have to do is learn how to fish cables up (or down) through the walls.

Thursday, March 13, 2003

Code Red F

Code Red is coming around again, this time it's the "F" variant. More at

A couple news articles about older variants:

Various groups analysis of variants:

Wednesday, March 12, 2003

SecurityFocus on IP Spoofing

SecurityFocus has an article on IP Spoofing that is a quick read and a good intro to basic concepts.

Prosthetic Brain

The New Scientist has an article talking about a prosthetic hypocampus. Supposedly they're about to start "testing in California". Hey, new mind control devices for the People's Republic of California. No, not really. Mice are first, working up through the usual levels of testing to Alzheimer's patients.

However, this does make Logan Whitehurst somewhat of a visionary. Prosthetic Brain has been out for a couple years now. For more good/odd/silly Jr. Science, check out When Werewolves Collide, Waffle of Death and Happy Noodle vs. Sad Noodle (if you can find it) (WARNING: Happy Noodle is one of those that takes up residence in your head).

Good background noise for coding.

Tuesday, March 11, 2003

Milter.org is back online and is using MT!

They're baaccckk..............

(heh) I just love Trackback!

The Sky is Falling! The Sky is Falling!

ZDNet should be ashamed of themselves. A recent article is entitled "Worm paves way for crippling DDoS attack" but somehow falls short of living up to its title.

"Although the experts are not yet rating this worm as a high-risk to users, the technical make-up of the Trojans it leaves behind is of concern. " To tell the truth, I don't think this worm will ever rate high on anyone's scale. It supposedly replicates by exploiting weak password protection on network shares. This has been tried before.

Botnets used in DDoS attacks we've seen before. What makes this one different? Because VNC is included? It's an interesting twist but not something that would make this a dangerous worm.

"The SANS Institute's Internet Storm Centre, a research group that monitors the Internet for attacks, have lifted their alert status from green to yellow." Really? It's green right now (20 hours after the release of the article) on both the SANS and ISC websites (okay, they're the from the same source).

VNC and DDoS should not be used in the same phrase. VNC exports your desktop rather than allowing access to the services below. In other words, it allows use of your mouse and desktop and requires individual interaction with a user. While you CAN script mouse actions and key presses, I doubt it's a viable vector for DDoS attacks (remember, VNC on Microsoft boxes share a common desktop with the local user).

ZDNet, please explain! We've seen botnets before. What's worse about this worm? What's the worms name? Why is the article so vague?

While this type of article might make for great reading amongst non-techies (and for ratings overall), it hurts the industry in the long run.

If I'm full of it, fire when ready! Otherwise, faugh!

Sunday, March 9, 2003

Playing with Amphetadesk

Finally got an aggregator to work on my Linux box: Amphetadesk. I've gone completely off the edge and into information overload. It'll take me a few weeks to pare the stuff back to just the subjects/sources I'm interested in. I did this with Usenet News in the early 90's and it took me a couple years to settle on specific groups to participate in. Hope it doesn't take that long with this!

Now to hack it into tiny pieces and rebuild the way it should be!

Review: Paketto Keiretsu

Paketto Keiretsu(the docs are translated from Greek with a few confused bits) is a group of tools available in one download from DoxPara Research. Written by Dan Kaminsky, the tools in the tar ball include:

ScanRand - A very fast stateless port scanner which can also trace routes to machines. Stateless, in this case, means that the scanner does not maintain state between sending out a packet and listening for the return from that packet. Rather, the sending portion of the program screams out query packets as fast as it can and there's a separate listener (which can be run on a different machine entirely) which records any responses and reports to the user.

Amongst the tools, this is the one that I've gotten the most use out of. Because it is much faster than nmap, it's good for initial queries across a large range of IP's.

It does have it's shortcomings though. It takes a bit of experimenting to figure out a useful setting for the timer that the listener uses. Improperly configured switches (which abound) causes reporting failures. Some NIC's cannot handle the high counter turnover if you're repeatedly scanning all 65,535 ports on a large number of IP's.

MineWT - A very odd tool to have (unless you're trying to hide something). Allows multiple hosts on the same network to share an IP address. Why would you want to do this? How about: you want to download GIG's of MP3's using your employers network but you don't want the download to be traced to your machine. MineWT effectively maps multipe MAC addresses to the same IP address and routes traffic between them.

Dan Kaminsky explains it this way: Network Address Translation maps IP's. Arp maps MAC's. MAC Address Translation (DK's term for it) combines the two.

I still haven't found time to experiment with this but will update this document when I do.

LinkCat - (lc) is to network protocols as NetCat is to network connections. You can use it to view traffic in Hex or to capture and play it back.

ParaTrace - Another traceroute utility. However, this one is "passive" in that it does not set up a TCP connection of it's own. Rather, it "replays" (slightly modified) recent packets. Shortcoming: this only works for existing paths to remote machines (you have to have a connection to the remote IP)(i.e., this is path detection rather than path discovery). The author states that this is able to get past stateful firewalls (If the firewall allows a connection to an internal machine, it'll also allow the paratrace traffic.).

Phentropy - Makes interesting looking pictures of TCP/IP sequence numbers. Quoting Dan Kaminsky: "This is an extension of Michel Zalewski's excellent Phase Space Analysis of TCP/IP Sequence Numbers, done with an incredibly interesting tool called OpenQVIS." Only useful to those people who like to analyze TCP/IP stack implementations, I guess.

These tools have been out for almost a year now. I haven't seen widespread use of them probably because of their "niche uses" and/or other, more robust, tools already exist for legitimate uses. Very interesting code though.

Corporate schizophrenia

Okay, we've all heard that SCO is suing IBM over IBM's promoting the use of Linux. One question I haven't heard anyone ask yet is: "Is SCO going to sue itself for selling SCO Linux?" Or how about: "Is SCO going to sue itself for participating in United Linux?"

A close look at SCO's announcement doesn't help. Rather it further confuses the issue by including the following:

  • "SCO is in the enviable position of owning the UNIX operating system," said Darl McBride, president and CEO, SCO.
  • SCO, SCOsource, UnixWare and the associated SCO logo are trademarks or registered trademarks of Caldera International, Inc. in the U.S. and other countries.
  • UNIX, used under an exclusive license, is a registered trademark of The Open Group in the United States and other countries.
  • Linux is a registered trademark of Linus Torvalds.

Further questions:

  • Until recently, didn't Caldera sell Linux? (Is this the reason they stopped?)
  • What about Sun/Oracle/SCO/Microsoft's exerimentation with Linux? Are they next?
  • SCO is laying claim to all Unix. Are they going to want licensing fees from Linux users too?
  • Or is all this just like the recent patent problems?

Saturday, March 8, 2003

TK Worm still a threat

iDEFENSE has an article about the TK Worm still being a threat.

Please bear with me...

... as I experiment with CSS, skins, blogging and the like. I'll settle on an appearance soon.

He does it for the same reason that my cellphone clucks

Saw this one on memepool.



Source: http://www.ai.mit.edu/~rahimi/coolmf/

Microsoft Root Kits

The Register has an interesting article about the current and future state of Microsoft-based root kits.

Mozilla features

Here's some stuff that you probably didn't know about Mozilla. It starts out with a pretty dry read (stuff I already knew), but then starts describing features that I didn't know about. Interesting ones!

First impression of TMDA

"Jeremy Zawodny's blog: TMDA Filtering via procmail?" talks about using the Tagged Message Delivery Agent (TMDA) scheme as a method for combatting spam. I'll have to agree with him. It's a horrible solution (the cure is almost as bad as the sickness).

My reasons for not liking TMDA as a solution:
  • Electronic mail was never designed to be "instant messaging". Depending on how the mail is handled, it can take 1-30 minutes (on a good day) for the message to be delivered. TMDA does not take into account firewalls, virus scanners, forwarders, etc.
  • You want to to send another message to okay the one I just sent just so I can get on your whitelist? grrr...
  • Once I'm on your whitelist, do I get kicked off when someone gets infected with Kazaa and the virus just loves my address when forging headers of infected messages.
  • The technical level of the solution will confuse the majority of the people who use e-mail. In other words, it's not "transparent" and will probaby be avoided by people who have dial-ups and only use them for e-mailing out pictures of the grandkids. (This level of user vastly outnumbers the people who'd understand the use of TMDA.)(IMO)

Personally, I like spam-scoring and then sorting the flagged messages into a separate folder for manual deletion. Yeah, a few still get by the filters, but I don't lose that forwarded content that my Mom thought I'd find useful.

Friday, March 7, 2003

Posting from Perl

I'm just learning about TrackBack and posting to the blog from perl (via Jeremy Zawodny's blog about the Perl interface). I'll let you know how it goes.

Thursday, March 6, 2003

InfoSec Books

Here's a site that's just coming online: InfoSec Books. It's run by a local SANS mentor and deals with reviewing books related to Information Secuirty.

Anti-Spam Research Group

A group to suggest standards/methods for fighting spam has been formed. It's called the Anti-Spam Research Group. Quoting the website:

The Anti-Spam Research Group (ASRG) focuses on the problem of unwanted email messages, loosely referred to as spam. The scale, growth, and effect of spam on the Internet have generated considerable interest in addressing this problem. Once considered a nuisance, spam has grown to account for a large percentage of the mail volume on the Internet. This unwanted traffic stands to affect local networks, the infrastructure, and the way that people use email.

I'm not sure if anything will come of it. My views include:

  • automatic deletion of detected spam is doomed to failure as it is never 100% accurate (you still lose a few messages from Mom). Rather you should tag messages as spam, automatically move them to a separate folder, and make the user delete the messages.
  • Like virus detection, it's an arms race. Spammers will always be one step ahead.
  • Most of us have joined various opt-in lists via IWon, Pogo, or a vendor's site. Violent reaction to apparent spam could lead to legal problems.

So... I'm not holding my breath. I will keep my SpamAssassin config up-to-date though.

Wednesday, March 5, 2003

Cut my feet off, too!

Well, someone has come up with the exploit code for the Sendmail buffer overflow vulnerability. How long until it's included in a worm? How long before people are serious enough to patch their systems?

Monday, March 3, 2003

Watch me do my headless chicken imitation!

Sendmail, Inc. has issued an advisory concerning its MTA product: Sendmail.

The vendors advisory is available here and a better explanation of the actual vulnerability is available here.

Short version: An attacker can exploit a buffer overflow via specially crafted message headers and possibly execute code due to a flawed security check in Sendmail versions 8.12.7 and below.

Really simple version: An attacker can break into your computer by sending e-mail.

I hereby invoke Godwin's Law

I hereby invoke Godwin's Law on PETA (who's national headquarters is in the old NOAA building, here in Norfolk). Seems that PETA's recent campaign has pissed off a few people.

For the uninformed, Godwin's Law states that if at any point a conversation contains a comparision to Hitler or Nazi's, any further participation in the conversation is deemed pointless and unproductive.

Sunday, March 2, 2003

Spam from the Admin.

I've actually seen this in action, as term paper spam on the local college campus: "Wired's" article on alert spamming.

The Care and Feeding of Introverts

I just love it! Just read Caring for your Introvert over on The Atlantic. Thanks to trainedmonkey for pointing it out.

Bloggrolling

I really like Blogrolling's idea for maintaining a database of links that you can display on any web page. A really "good idea" was the bit of JavaScript code that allows you to add URL's without having to log onto their site. There's a couple things I'd change though:

  • Add the blogroll name to the button that we keep in our bookmarklets bar
  • I don't like the "one blogroll unless you donate $$$" rule

As such, I'm going to be adding a script to the local server and am taking requests for features (can't let outsiders access the service but you can have the code for your own site).

Saturday, March 1, 2003

Ah, youth.

Just when you thought college students were motivated to improve the world, something like this happens:

Spammers hiding behind students

Did you say Bono?

Every time it happens it gets stranger and stranger. Bono has been nominated for a Nobel peace prize?

Who's next? Sean Penn?