Sunday, February 29, 2004

Leap year, time to propose?

No, not yet, not ever maybe?

Well, it's a leap year, which means there are 29 days in February instead of the usual 28. It also means that the women can propose to the men!

Luckily for me, I won't be engaging in marriage any time soon yet, if at all!
Those unfortunate in being asked to get serious - shame!

Only joking, all the best - I hope you've had enough fun already, as the good times now end, well for some people they will!

Some common descriptions of marriage from a dictionary include:

* The legal union of a man and woman as husband and wife.
* The state of being married; wedlock.
* A common-law marriage.
* A wedding.

In this day and age, young people like myself are more interested in having a good time, without the serious side. Maybe that is one of the reasons why a lot of marriages, mainly younger couples - don't last very long living the married life. It seems there is one simple solution - avoid getting married in the first place.

Post ID: 290, posted by jase at 11:44 PM
Permalink | Post / View Comments (0) | TrackBack ID: 265, (6) | Category: Misc | Google Search

Saturday, February 28, 2004

Apache - log file size limit

Apache died yesterday, due to the error log growing to over 2GB in size. I didn't know it would complain and die then not restart over log size. I noticed it was down at 7am when I got in from work, which reminds me to get the monitoring system up and running.

I had a quick look to see what was up and thought it was something relating to log file size, but when looking at the sizes, I thought the access log was bigger so moved that and tried but it did not work. It turns out the error log was the bigger file, but I missed that fact due to being tired - still can't believe I didn't notice though!

So I left it for Ben to sort out when he got up. It goes to show when you can't figure something out, especially when being tired - leave it and come back to it later, it usually all fits together then and works.

Another issue we've noticed with Apache on this server, is that every now and again it appears to eat all the CPU power so we have to go in and kill it off. As yet we've not established what is causing it, so the investigation is ongoing.

Strange!

Post ID: 289, posted by jase at 08:34 PM
Permalink | Post / View Comments (0) | TrackBack ID: 264, (0) | Category: Software | Google Search

Friday, February 27, 2004

FreeBSD 5.2.1 Released

After the the recent release candidates that we have seen, FreeBSD 5.2.1-RELEASE is now available to download. With bugs fixed found in the release candidates this will be another great release and has plenty of updates and enhancements over previous releases.

Head on over to freebsd.org and download it!

Post ID: 288, posted by jase at 02:44 PM
Permalink | Post / View Comments (0) | TrackBack ID: 263, (0) | Category: BSD | Google Search

Thursday, February 26, 2004

ATM skimming

It's been talked about at the moment on various sites, but this kind of thing has been taking place for a long time. Only now, it seems to be on the rise as more people are installing devices on ATM machines to swipe user card details.

The units also incorporate a small camera so that pin information can also be captured. In some cases this information is transmitted to the criminals who could be located in a car close to the ATM.

It's important to watch out for these things, sometimes on certain ATM machines they will be pretty obvious, but in some cases to the untrained eye, they would sit there logging details for quite some time without being noticed.

Skimmers used in shops have been around for a long time but we are now seeing the migration to actual ATM's as well. There are various steps to take when using ATM's. In case there is a skimmer and camera present, it would be a good idea to cover the keys as you enter your pin, so if there is a camera present it will not have a shot at the keys being pressed which would invalidate the entire operation as most places are migrated over to chip & pin designs in stores.

I think there have currently been more reports of this taking place in the USA, but as skimmer units become more easily available as ready made units, we will see more people being targeted.

It all comes down to being alert and looking out for odd looking things on ATM's.
A bit of common sense helps a lot! If in doubt, don't use it and report the fact that something might be up, to the bank.

The question is, will banks cover any personal / business losses when you are the victim of this crime? If not, it's more out of order. If the banks cover the losses then it won't be as bad for the individuals pocket - banks can afford the losses, the general public cannot.

Post ID: 287, posted by jase at 06:58 PM
Permalink | Post / View Comments (0) | TrackBack ID: 262, (2) | Category: General | Google Search

Wednesday, February 25, 2004

OpenSSH 3.8 released

OpenSSH version 3.8 has been released which contains various bug fixes and also a number of new features, which include:

* Supports sending application layer keep-alive messages to the server.
* Forced changes of expired passwords via passwd.
* Uses untrusted cookies for X11 forwarding.
* Improved sftp batch file support.
* Support for host keys in DNS.
* GSSAPI support replaced with "gssapi-with-mic" to eliminate attacks.

As well as more bug fixes and memory leak fixes. Although not mandatory, if you can see the new features being of use and you have the desire then go ahead and upgrade.

Post ID: 286, posted by jase at 11:25 PM
Permalink | Post / View Comments (0) | TrackBack ID: 261, (0) | Category: Security | Google Search

More secure with XP SP2

Bill Gates has outlined various improvements that will be made to systems when users update to service pack 2 after its release. Changes such as switching on the firewall will be welcomed, as the amount of people who don't have much of a clue about computers that leave their systems unpatched sitting online launching DDOS attacks and various other things will be reduced.

Since if the firewall is enabled then the worms and trojans won't be able to connect in the first place - or at least, if most users of XP upgrade to service pack 2 future attacks that exploit vulnerabilities in services such as Blaster, will not be able to spread at such at rate.

I would think that Microsoft would have included some AV and firewall technology in Windows a long time ago - the firewall is the to be used, but not enabled by default, why? Something that allows automatic updates to rules and definitions, such as with Symantec products for example, would have proven effective against some of the backdoors and such like that we have seen in recent times.

It can only be a good thing that MS are addopting this approach now, even though a bit late - it will be an improvement. On the other hand, I think the monthly updates are a bit stupid, especially if critical updates to patch vulnerabilities are also only published as part of the monthly updates. One would expect that critical patches would be made available as soon as possible, but other things that did not have such an impact could be worked on over a longer period of time.

Given that some vendors release patches straight away and work on fixing bugs as soon as they are notified, it only seems fair that a company the size of MS should invest more time & money to ensure that security is at the top of the priority list. It could only be Microsoft that has been notified about various bugs in applications such as Internet Explorer and Windows, yet has failed to release fixes a long time after they were notified.

If the general computing world decided not to accept the current state of affairs, I'm sure that more effort would be made. Things will have to change and it seems they are beginning to.

Post ID: 285, posted by jase at 03:39 AM
Permalink | Post / View Comments (0) | TrackBack ID: 260, (0) | Category: Security | Google Search

Tuesday, February 24, 2004

Air conditioning systems

It's cold here at work - the air con is blowing cold air out. As far as regulations go, I thinkwe can actually go home because the room temperature is not within allowed limits. People have been trying to figure out the control panel, but they have had no luck.

I've just managed to get the system to switch over to the correct mode and warm air seems to be coming out now. Let's just hope that nobody messes with it again tomorrow during the day else when we get back in, it'll be cold again.

This is a prime example of when an instruction manual would actually be of use - and we don't have one, I think we need to get in touch with the facilities staff. It's usually either too hot or too cold.

Post ID: 284, posted by jase at 10:42 PM
Permalink | Post / View Comments (0) | TrackBack ID: 259, (21) | Category: Misc | Google Search

Monday, February 23, 2004

Working nights

I'm working nights this week and next, which is okay apart from it being freezing outside and there is not much of the dark night left when I get in, but I doubt I will be woken up by the light of the day as I will be in a nice deep sleep.

At least it means I've got the days free to do things, unless I end up sleeping the entire time!

Post ID: 283, posted by jase at 12:33 PM
Permalink | Post / View Comments (0) | TrackBack ID: 258, (0) | Category: Personal | Google Search

Sunday, February 22, 2004

You know what they say...

About messing / playing with things when they work perfectly fine. You always end up breaking something! So the moral is - if it works don't touch it.

Although, sometimes you have to as something might work, but not in full or how you would like. I've just upgraded my FreeBSD 5.2 box to FreeBSD 5.2.1 RC2, but I broke it. Anyway, since I'd only just installed 5.2 recently and there was nothing on the system, I just installed 5.2.1 over the top.

I need to sort out X, but apart from that everything is okay!

Post ID: 282, posted by jase at 11:44 PM
Permalink | Post / View Comments (0) | TrackBack ID: 257, (5) | Category: Misc | Google Search

Saturday, February 21, 2004

Downloading

I could really do with some more drive space - either that or I need to start burning data to DVD/CD as I'm usually always low on space these days.

There's something to work on this weekend I think!

Post ID: 281, posted by jase at 04:17 PM
Permalink | Post / View Comments (0) | TrackBack ID: 256, (0) | Category: Internet | Google Search

Friday, February 20, 2004

MT-Blacklist v1.63 beta (rc2)

The second release candidate of MT-BL v1.63 has recently been released, which comprises of bug fixes only over v1.63 beta rc1. v1.63 rc2 supports some new features available in MT v2.661 and is currently undergoing testing for an official production release.

Check them out.

Post ID: 280, posted by jase at 02:13 PM
Permalink | Post / View Comments (0) | TrackBack ID: 255, (3) | Category: Software | Google Search

Thursday, February 19, 2004

More mobile phone scams

There appears to be a number of mobile phone scams taking place at the moment. I've got a mail from a friend telling me about one, it appears that number beginning with 0709 are personal numbers which can be obtained and forwarded to other numbers. The scam involves getting a missed call from one of the numbers being used to scam and the victim calls the number back.

They are then re-routed to a premium rate number which is charged at very high rates. After getting a bill with the call on, they contact their mobile operator to find out what has happened. Currently it appears to be legal, but is being clamped down on.

So, if you get calls from numbers that you don't know that begin with 0709, be wary!

Post ID: 279, posted by jase at 02:50 PM
Permalink | Post / View Comments (17) | TrackBack ID: 254, (3) | Category: Misc | Google Search

Wednesday, February 18, 2004

Increased levels of spam

With all of the worms spreading around on the Internet at the moment, it's hardly a shock to see that most of us are receiving a lot more spam and worm related mail than in recent times. Of late, it has been news of worm after worm, which I thinkwill probably now continue.

So what can we do? Ensure that our anti-virus software is always updated and setup proper filtering to ensure that these mails don't even reach our inboxes.

I've been getting so much junk lately that I've got loads of unread mail as I have not had time to go through and sort it all out. I'm going to employ new filtering to lower the amount of rubbish coming through to various addresses.

I suppose as far as commercial spam goes, people must buy stuff that is advertised via spam else there would be no point in sending it all out - on the other hand though, maybe spammers just spam to annoy people, knowing that people will not buy their products or the ones that they are just advertising anyway.

And we thought it was bad at the moment...

Post ID: 278, posted by jase at 03:34 PM
Permalink | Post / View Comments (0) | TrackBack ID: 253, (0) | Category: Internet | Google Search

Tuesday, February 17, 2004

RC5-72 distributed.net project

I'm sure you are all aware of the challenges that RSA security set to crack encrypted messages which allows us to understand how secure a specific algorythm is. Distributed.NET works on these projects via means of distributed computing and brute force.

I've worked on previous projects in the past such as RC5-64, back in 1998 and I continued to work on it until completion. I had the advantage of having a lot of machines at college working on the project for me and at the peak I usually had around 5-10,000 blocks a day being submitted for me which all went to the team I was part of (alt.ph.uk). Looking at the stats, I can see that in total I submitted 832,603 blocks, not bad at all.

I've recently started working on RC5-72 now, but this time I have the advantage of using 2 Sun Fire V880's, that both have 8 UltraSPARC-III processors & 32GB of RAM as well as a few other machines P4/Athlon XP based.

distributed.net client for Solaris Copyright 1997-2003, distributed.net
RC5-72 SPARC assembly by Didier Levet and Andreas Beckmann
Please visit http://www.distributed.net/ for up-to-date contest information.

dnetc v2.9005-484-CTR-03042808 for Solaris.
Please provide the *entire* version descriptor when submitting bug reports.
The distributed.net bug report pages are at http://www.distributed.net/bugs/

[Feb 18 13:55:01 UTC] Automatic processor detection found 8 processors.
[Feb 18 13:55:01 UTC] Loading crunchers with work...
[Feb 18 13:55:01 UTC] Automatic processor type detection found an UltraSPARC-III processor.
[Feb 18 13:55:01 UTC] RC5-72: using core #5 (AnBe 2-pipe).
[Feb 18 13:55:01 UTC] RC5-72: Loaded 53:9A5FEBB8:00000000:1*2^32 (6.80% done)
[Feb 18 13:55:02 UTC] RC5-72: Loaded 53:9947E99C:00000000:1*2^32 (6.70% done)
[Feb 18 13:55:02 UTC] RC5-72: Loaded 53:9583A941:00000000:1*2^32 (6.80% done)
[Feb 18 13:55:02 UTC] RC5-72: Loaded 53:9B417340:00000000:1*2^32 (6.80% done)
[Feb 18 13:55:02 UTC] RC5-72: Loaded 53:98C860A2:00000000:1*2^32 (6.70% done)
[Feb 18 13:55:02 UTC] RC5-72: Loaded 53:90F00E5E:00000000:1*2^32 (6.70% done)
[Feb 18 13:55:03 UTC] RC5-72: Loaded 53:98DFFC29:00000000:1*2^32 (7.00% done)
[Feb 18 13:55:03 UTC] RC5-72: Loaded 53:9E7DB352:00000000:1*2^32 (6.80% done)
[Feb 18 13:55:03 UTC] RC5-72: 192 packets (192.00 stats units) remain in buff-in.r72
[Feb 18 13:55:03 UTC] RC5-72: 0 packets are in buff-out.r72
[Feb 18 13:55:03 UTC] 8 crunchers ('a'-'h') have been started.
.....10%.....20%.....30%.....40%.....50%.....60%.....70%.....80%.....90%....100

snip ..

[Feb 18 14:33:05 UTC] RC5-72: Completed 53:90F00E5E:00000000 (1.00 stats units) 0.00:38:02.27 - [1,755,119 keys/s]
[Feb 18 14:33:06 UTC] RC5-72: Loaded CA:8072EC53:00000000:1*2^32
[Feb 18 14:33:06 UTC] RC5-72: Summary: 8 packets (8.00 stats units) 0.00:38:07.08 - [14.00 Mkeys/s]
[Feb 18 14:33:07 UTC] RC5-72: 184 packets (184.00 stats units) remain in buff-in.r72
Projected ideal time to completion: 0.15:26:31.00
[Feb 18 14:33:07 UTC] RC5-72: 8 packets (8.00 stats units) are in buff-out.r72

That's 8 blocks done in no time already on the one Sun Fire, the same amount are being kicked out on the other Sun Fire too. I wonder if I will be able to get my rate up to the level I had it at in the past? Anyway, if you're interested in joining and helping out by donating your idle CPU cycles then head on over to www.distributed.net - If you want to sumbit your blocks to the team I am part of then join up to Valve Media.

Post ID: 277, posted by jase at 02:03 PM
Permalink | Post / View Comments (0) | TrackBack ID: 252, (3) | Category: Security | Google Search

Monday, February 16, 2004

MS source code leak - bugs already

As expected, after the code leak there have already been some bugs discovered which just goes to show how bug infested MS code probably is. If it was released to the open world, a lot more audting could be done and the code would be a lot better.

The first bug was discovered some time ago, but a working exploit was not produced or not released anyway. Days after the source appeared and started to quickly spread a proof of concept exploit was released. The other bug found affects bitmap processing code in IE 5 & some versions of Outlook Express, a working exploit has also been released.

Since MS releases the source code to selected partners and such, maybe they should just do everyone a favour and release it to everyone. Or more people at least, so a proper audit can take place which would make things a lot better.

Bugs, some very complicated to reproduce can still be discovered even with closed source. The debate about closed source being more secure, via security through obscurity is pointless - as proven by these latest events.

I'm sure there will be more to come...

Post ID: 276, posted by jase at 10:31 PM
Permalink | Post / View Comments (0) | TrackBack ID: 251, (1) | Category: Security | Google Search

Sunday, February 15, 2004

I made it!

I'm back home and after having a mad three days, it's good to sit down. Last night at Hed Kandi was quality, lots of funky tunes and plenty of people enjoying it. I came back home by car so did not have to mess around with trains which was good.

I think I'll be having an early night tonight, especially with having to get up early in the morning.

Post ID: 275, posted by jase at 08:40 PM
Permalink | Post / View Comments (0) | TrackBack ID: 250, (0) | Category: Personal | Google Search

Saturday, February 14, 2004

Turnmills

Gallery at Turnmills last night was wicked, all the way to the end at 7.15am! Then I had a mission around London today & finally went to Kent where I am now, ready to have a good night tonight at Hed Kandi, which is at The Loft in Maidstone.

Can't wait!

Post ID: 274, posted by jase at 06:20 PM
Permalink | Post / View Comments (0) | TrackBack ID: 249, (0) | Category: Personal | Google Search

Friday, February 13, 2004

Windows 2000 source code leak

You would not think it (Due to Source Safe) and other measures, but MS Windows 2000 source has been leaked. But not from Microsoft & it does not appear that all of it has got out.

It seems the code has been taken from a Linux box, so the types of protection used by MS will not be in place, especially since the leak appears to have come from a third party called Mainsoft.

Details are limited at the moment, but MS have launched an investigation with the FBI. I would think that the most that is at risk for MS is intellectual property.

More information is available from Neowin & Betanews.

Post ID: 273, posted by jase at 07:25 PM
Permalink | Post / View Comments (0) | TrackBack ID: 248, (3) | Category: Security | Google Search

London, woohoo!

Even though I'm down here, I had to get just a bit of Internet access to check mail. Since I don't have a phone that can allow me to ssh and such at the moment, I've popped into Easy Everything on Tottenham Court Road.

Last night I came down here after work and went to some bars. Today I've been drinking in various pubs around Leicester Square, ready to have a great night tonight at Turnmills.

I'll be heading out of there at 7am - then either somewhere else or to Kent.

So far so good.

Post ID: 272, posted by jase at 07:15 PM
Permalink | Post / View Comments (0) | TrackBack ID: 247, (0) | Category: Personal | Google Search

Thursday, February 12, 2004

Off to London (again)

I'm heading down to London again tonight for the weekend. Tonight shall probably see me going out somewhere in London, not sure where yet though. I'll be staying in central London and then going to Kent tomorrow, later on tomorrow I'll be making another trip back to London to have a wicked night at Turnmills for Gallery, which ends at 7am. I should then head back to Kent, what a mission - not anywhere near as mad as some in the past but even so I think I might get bored of the trains!

I might just stay in London at a hotel until Saturday when I'll be going out in Kent, then back home early on Sunday to miss out on all the engineering work being done on the West Coast Main Line.

I'll be going to London again soon and spending all weekend there, spending a lot of money I'm sure so I could do with keeping this trip a bit cheaper, the expenses of travel will be cheaper than staying in hotels anyway. Especially since I'll be staying in the 4 star I like - only this time I don't think I will be able to get the Penthouse Suite for 79 like I did last time (I think they over booked). The usual cost of a Penthouse Suite in that hotel is 525 per night so I was lucky there.

Let the fun begin!

Post ID: 271, posted by jase at 07:08 PM
Permalink | Post / View Comments (0) | TrackBack ID: 246, (0) | Category: Personal | Google Search

Fedora Core 2 (Test 1) released

This new release incorporates the 2.6 Linux kernel, Gnome 2.5, KDE 3.2. I'll be downloading this later, along with Knoppix 3.4. I did attempt getting Knoppix already but the torrents I tried were not working at the time. I'll probably choose one of these two distributions to put along with FreeBSD on my Athlon box.

Or then again, I might choose something else...

Post ID: 270, posted by jase at 06:58 PM
Permalink | Post / View Comments (0) | TrackBack ID: 245, (4) | Category: Linux | Google Search

Nachi-B aka Welchi

Yet another worm appears to have surfaced, spreading via exploiting the same vulnerability that Blaster did. It appears to be another one looking for MyDoom infections which if found it clears up. It also downloads the patches from Microsoft to fix the DCOM RPC service hole which allowed it to gain access.

These kinds of clean up another infection seem to be happening more often these days, it's kind of like a game various authors are playing with each other to outwit each other by releasing worms and virii that clean up someone else's previous attempts.

In some respects this is good - especially if something like MyDoom was not programmed to self destruct and become dormant.

This new version of Nachi could cause problems, like the original did in terms of a lot of network activity generated. It creates a file called "svchost.exe" in Windows\System\Drives.

A trojan that has just surfaced is called Mitglieder.H. It creates an SMTP proxy that listens on port 35555. This will be enjoyed by spammers unfortunately, if it spreads a lot. It creates the following registry key:

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ssgrate.exe" = "%winsysdir%\system.exe"

It also creates [HKCU\SOFTWARE\DateTime].

This is another piece of malware that is exoploiting the backdoor left by MyDoom. On the day the MyDoom stops its attack on SCO.COM and stops spreading, the problem of the backdoor staying active remains which will give rise to the amount of variants and other things that will use this backdoor. Since the amount of infected hosts is so high and the rate at which MyDoom spread, I'm sure we will see a lot of side effects caused by other malware using the traces of MyDoom left behind.

Time to upgrade your AV again, if it's not done automatically.

Post ID: 269, posted by jase at 06:16 PM
Permalink | Post / View Comments (0) | TrackBack ID: 244, (3) | Category: Security | Google Search

Wednesday, February 11, 2004

Nokia Bluetooth vulnerabilities

I read the article on Slashdot on Tuesday about the bugs that have been found regarding certain Nokia handsets and their Bluetooth inplementations. It seems a few flaws exist which can allow for data to be extracted from your handset without you even knowing - another reason for you to keep Bluebooth switched off when not in use - especially if you have a handset which is vulnerable.

Check out Bluestumbler for the full low down on the bugs, or see the ZD Net article.

These issues are obviously raising concern as personal and confidential data could be extracted fairly easily. Nokia is aware of the issues, but won't really be able to do much about it with existing handsets unless people were to upgrade the fireware.

Phone contact details from the address book is amongst some of the data that could be extracted.

So turn off Bluetooth when not in use!

Post ID: 268, posted by jase at 11:38 PM
Permalink | Post / View Comments (0) | TrackBack ID: 243, (0) | Category: Security | Google Search

Tuesday, February 10, 2004

Knoppix 3.3 / 3.4 CT Edition

I've just noticed that 3.3 has been released, with a lot of updates and improvements - 3.4 including 2.6 kernel support & 3.3 kernel 2.4. The ISO's are available for download on various FTP sites. I shall be checking it out tonight as I have been waiting for 2.6 support on Knoppix for a while.

Post ID: 267, posted by jase at 02:40 PM
Permalink | Post / View Comments (1) | TrackBack ID: 242, (0) | Category: Linux | Google Search

MyDoom-C aka Doomjuice & Vesser aka Deadhat

Yet more worms appear to be spreading around, these two looking for machines already infected by MyDoom and MyDoom-B. It seems that Doomjuice first appeared yesterday and Vesser was first picked up by AV firms on Saturday. MyDoom-C does not spread by email at all and doesn't launch an attack on SCO - instead it's going after Microsoft.

Doomjuice copies itself to the system directory, calling itself "intrenat.exe".
And adds the following rigistry keys:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gremlin HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gremlin

Vesser spreads via MyDoomA/B and also via the Soulseek network.

The following registry key is added
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KernelFaultChk and the file "sms.exe" is added to the machine. It removes any previous MyDoom infections from the machine and spreads via Soulseek by adding itself as various files to the shared directory. There appears to be an IRC backdoor and remote update feature. It also tries to kill processes with certain names, common AV applications and scanners.

Go and update your signature files now.

Post ID: 266, posted by jase at 01:52 PM
Permalink | Post / View Comments (0) | TrackBack ID: 241, (2) | Category: Security | Google Search

Monday, February 9, 2004

Nokia 6600

After seeing this model and having a play about with the one my friend has just got, I think I am going to get one. It'll only cost me 10 as well in four months as it'll be my upgrade. If I just get one now it will cost a lot more.

The 6600 is packed full with features and has quite a nice design. Main things for me is the Bluetooth features and ability to run N-Gage games, as of course this is a Symbian phone. There are also a number of handy applications available, from Putty through to MSN messenger clients.

The list of features is long and varied - this is a nice handset!

For a good review, with pictures and specifications check out the review on Hardware Zoom.

Afterwards when I get a nice new PDA / laptop - this handset will be great to use with them.

Post ID: 265, posted by jase at 10:49 PM
Permalink | Post / View Comments (0) | TrackBack ID: 240, (4) | Category: Hardware | Google Search

Sunday, February 8, 2004

Port Knocking

I just noticed a post on /. about this idea - from what has been said so far it could be quite a handy security measure and would add to the existing security measures we all have in place. There is plenty of information regarding this on portknocking.org

So the idea behind it?

Well, you connect you a certain number of ports in a certain way and boom - you are then allowed to connect to a specific service. For example, you could limit ssh to not only run on a different port but also only allow connections to the ssh daemon after the correct knocking has been done. It could be incorporated with a firewall which adds dynamic rules on demand so you can connect to the SSH server from your current host for a certain time period after the knock, afterwards the firewall rule can be removed and you can no longer connect.

The port to which you finally connect could also be dynamic and change with each use, which also increases security. Users could use a script to initiate the knocking automatically so no extra work is needed. I think there is a lot that could be done with this, looks like an interesting project. Obviosly it's only going to be of use in certain situations and for certain services where only known users will be connecting.

For services like http and smtp which are generally public there would not be much use. But for private services such as SSH, POP3 or non anonymous FTP for example this is perfect. There is a lot of information on the site - I'm going to have a full read later. Make sure you check it out.

Post ID: 264, posted by jase at 11:39 PM
Permalink | Post / View Comments (1) | TrackBack ID: 239, (0) | Category: Security | Google Search

Saturday, February 7, 2004

Infosec Europe 2004

It's about time to pre-register for this event if you are planning on going because it is free at the moment. If you turn up on the day you will have to pay. I've registered every year for the past how many and not actually got round to going. But this year, I will make it.

There will be a lot of companies there showing off their new products and also lots of different seminars to visit. I've already registered, so now just got to wait for the pack to come through.

Infosec Europe 2004

Post ID: 263, posted by jase at 06:27 PM
Permalink | Post / View Comments (0) | TrackBack ID: 238, (3) | Category: Security | Google Search

Friday, February 6, 2004

OpenBSD 3.4 remote crash

A bug has been discovered that could allow someone to remotely crash a box running OpenBSD 3.4, but since this is an ipv6 related issue, you have to have access to the system via ipv6 to be able to cause the crash. Since most people won't be using ipv6 this is not an issue for most people although for the systems out there that are, they should be upgraded.

Since the release of 3.4, as yet there have not been many issues discovered so once again this is a fine release. I've still got to get round to upgrading my machine at home from 3.3 to 3.4. I have another server which I've still got running on 3.0 so will have to also get around to upgrading that at some point. Although, on the other hand - why upgrade when it works? Well, once the patches have been applied and the system is as current as it can get, it would still be worth upgrading for new features and stability. If the system runs fine and you don't need anything new adding - it can be left for longer.

Post ID: 262, posted by jase at 02:15 PM
Permalink | Post / View Comments (0) | TrackBack ID: 237, (0) | Category: BSD | Google Search

Thursday, February 5, 2004

Linux kernel 2.6.2 released

In case you did not know, 2.6.2 has been released. The updates includes a lot of PPC and other fixes.
If you have not already upgraded to the 2.6 version of the kernel, now would be a perfect time to do so.

Head on over and get it!

Post ID: 261, posted by jase at 02:04 PM
Permalink | Post / View Comments (0) | TrackBack ID: 236, (4) | Category: Linux | Google Search

Wednesday, February 4, 2004

Fire alarm

The fire alarm in the office went off again today, which makes it the 2nd time this week. The first time it was caused by a projector, I'm not sure what caused it this time. The first one went off just as I was opening a door, but I tried to open the door without swiping my pass so I thought that might have had something to do with it - which would have been wierd, but it turns out it was just a coincidence.

With the weather the way it is right now we could do without false alarms. Two fire engines turned up on both false alarms, so they must be getting annoyed. If it keeps happening companies can loose the auto response when the fire alarm system is linked directly to the fire brigade. Of course if these alarms were drills then they would not have turned up.

If someone had to call them out manually each time, even though a required action it is still not needed twice in a week. Maybe the fire alarm system needs tuning? It is new, much like the entire building and everything inside.

Post ID: 260, posted by jase at 03:35 PM
Permalink | Post / View Comments (0) | TrackBack ID: 235, (1) | Category: Misc | Google Search

Tuesday, February 3, 2004

MyDoom.B - Non impact

It seems that very few copies of MyDoom.B have been stopped in the wild, by firms like Message Labs, compared to over 18 million copies of MyDoom stopped in the past week by Message Labs alone, according to an article on The Register.

That said, I don't think MS have anything to worry about at the moment - but a list of new variants and future worms attacking various sites will probably become more common in the future, causing problems much like SCO are having & there is not a lot that SCO or other companies can do to protect from it.

Post ID: 259, posted by jase at 10:39 PM
Permalink | Post / View Comments (0) | TrackBack ID: 234, (0) | Category: Internet | Google Search

Monday, February 2, 2004

SCO.COM - No DNS

It seems that SCO.COM does not have any DNS entries for the moment.

host -t ns sco.com.

sco.com NS ns.calderasystems.com
sco.com NS ns2.calderasystems.com
sco.com NS nsca.sco.com
sco.com NS c7ns1.center7.com

host -t soa sco.com.

sco.com SOA ns.calderasystems.com hostmaster.caldera.com(
2004020105 ;serial (version)
3600 ;refresh period
900 ;retry refresh this often
604800 ;expiration period
1800 ;minimum TTL
)

host -t mx sco.com.

sco.com mail is handled (pri=10) by mail.ut.caldera.com

host -v -t any www.sco.com.

Host not found.
rcode = 3 (Non-existent domain), ancount=0

SCO.COM works as normal, since the worm isn't attacking sco.com (only www.sco.com). So if you really want to visit the SCO site - http://sco.com for now.

Of course, removing the DNS will stop a lot of bandwidth usage and keep the server(s) from falling over. The attack on MS will start soon with the world moving over to the 3rd of February.

I wonder how MS will deal with it, if the attack is as big?

Post ID: 258, posted by jase at 10:22 PM
Permalink | Post / View Comments (1) | TrackBack ID: 233, (2) | Category: Internet | Google Search

FreeBSD RC 5.2.1

I've just noticed that v5.2.1 is available for download now. Since I'm running v5.2 on my other new box I can CVSUP to this version. I will do at some point anyway. Major points to not on this release are - bug fixes.

I'm sure there is some other stuff in there too, will have to check out the changelog. Go get it.

Post ID: 257, posted by jase at 10:07 PM
Permalink | Post / View Comments (0) | TrackBack ID: 232, (6) | Category: BSD | Google Search

Sunday, February 1, 2004

SCO.COM hit

As expected, SCO.COM is now unavailable, as of earlier today. From tomorrow we will probably see MICROSOFT.COM hit as well.

I wonder if the sites will be down for the duration of the attack?

Post ID: 256, posted by jase at 11:54 PM
Permalink | Post / View Comments (0) | TrackBack ID: 231, (0) | Category: Internet | Google Search