Monday, May 31, 2004

Back to work

After a nice five days off, I am going back to work tomorrow. I'm not looking forward to it really, because you never do after time off. Plus I have other things which are on my mind and there is nothing worse than being at work in that situation.

I'm also weighing things up. Like getting a job closer to home amongst other things, since I am spending too much time travelling every day, I don't get time to do much else during the week. I want things to be back how they used to be, where I worked locally and had plenty of time to do what I wanted.

Life should not be about living to work, it should be working to live at the very worst!

Post ID: 395, posted by jase at 12:15 PM
Permalink | Post / View Comments (0) | TrackBack ID: 368, (6) | Category: Personal | Google Search

Sunday, May 30, 2004

Motor Show 2004

I'm off to the Sunday Times Motor Show 2004 tomorrow, to check out some top cars as well as some new cars. Now, which one shall I choose?

Post ID: 394, posted by jase at 10:53 AM
Permalink | Post / View Comments (0) | TrackBack ID: 367, (4) | Category: Personal | Google Search

Saturday, May 29, 2004

First 64 bit Windows virus

It seems that the first virus which can infect 64 bit Windows systems has been spotted in the wild. The code, which is proof of concept uses the Thread Local Storage structures to execute the viral code.

The virus is written in IA64 assembly language, it will not run on 32 bit systems but will run on 32 bit systems running 64 bit emulation.

It uses a small number of Win64 API's from the following libraries:

NTDLL.DLL
SFC_OS.DLL
KERNEL32

From NTDLL.DLL, it uses these functions:

LdrGetDllHandle()
RtlAddVectoredExceptionHandler()
RtlRemoveVectoredExceptionHandler()

To aviod crashing during infection, vectored exception handling is used.

The SfcIsFileProtected() function of SFC_OS.DLL is used to avoid infecting executables that are protected by the System File Checker (SFC).

The following 16 functions are used from KERNEL32.DLL to implement a standard file infection of a IA64 portable executable image:

CreateFileMappingA()
CreateFileW()
CloseHandle()
FindFirstFileW()
FindNextFileW
FindClose()
GetFullPathNameW()
GetTickCount()
GlobalAlloc()
GlobalFree()
LoadLibraryA()
MapViewOfFile()
SetCurrentDirectoryW()
SetFileAttributesW()
SetFileTime()
UnmapViewOfFile()

For the full details, see the Symantec bulletin.

Post ID: 393, posted by jase at 12:27 AM
Permalink | Post / View Comments (0) | TrackBack ID: 366, (0) | Category: Security | Google Search

Friday, May 28, 2004

Will it hold up?

Well, I'm off to Homelands 2004 tomorrow and I'm wondering if the weather will hold up? For the past two years the weather has been great. I don't think it will be as nice this year but hopefully it will be okay.

I guess I'll just have to wait and see!

Post ID: 392, posted by jase at 10:47 AM
Permalink | Post / View Comments (1) | TrackBack ID: 365, (7) | Category: Personal | Google Search

Thursday, May 27, 2004

The joys of automation

I've just spend a good few hours setting up a whole host of domains for varoius people, near enough thirty. It's taken ages to manually configure them all.

Now it's all done, it's out of the way but it made me happy to think that soon doing stuff like that will be all automated. Well, not totally, but mostly which will save a lot of time and effort.

Doing these manually was the only option, as they had to be done quite soon, but I've got them all sorted in advance - setting customer expectations and all.

Doind one or two manually is not a problem, but for bulk loads all in one go - automation is the only way!

Post ID: 391, posted by jase at 11:22 PM
Permalink | Post / View Comments (1) | TrackBack ID: 364, (10) | Category: Software | Google Search

Wednesday, May 26, 2004

Annoying is...

When restarting services such as Apache and other daemons, it is really annoying when there are various binaries and configuration files on the system and each time I come to edit the configuration and restart the daemon, things mess up because I restart the wrong binary or edit the wrong configuration file.

This calls for a clear out of defunct binaries and configuration files to make life easier. Also to note is the fact to find the log of standard procedures and processes to follow when carrying out tasks like this.

Post ID: 390, posted by jase at 11:05 PM
Permalink | Post / View Comments (1) | TrackBack ID: 363, (0) | Category: Software | Google Search

Tuesday, May 25, 2004

Mandrake 10 available

Mandrake Linux 10 is now available for all to download. You can buy a copy or download the ISO images. Mandrake 10 is one of the first commercially available Linux distributions to have the 2.6 kernel included as default.

Worth checking out if you have a spare box, want to upgrade from a previous version of Mandrake or swap distribution.

Post ID: 389, posted by jase at 11:57 PM
Permalink | Post / View Comments (0) | TrackBack ID: 362, (0) | Category: Linux | Google Search

Microsoft site defaced

Obviously MS has not been keeping the patches applied on its own web servers or at least there is a new vulnerability that has been exploited. The main MS site has been defaced slightly, not on the front pages, but a more subtle modification to hopefully go unoticed for longer.

More details are yet to follow, but indeed it is another blow for MS, with regards to security and the fact that even their own site can be hacked, which is not something new as it has happened before.

When will they learn?

Post ID: 388, posted by jase at 09:53 PM
Permalink | Post / View Comments (0) | TrackBack ID: 361, (6) | Category: Security | Google Search

Monday, May 24, 2004

The time has come.

It seems it's time for me to re-install my Windows box. For some reason, sometimes it is sitting there and taking ages to login, sometimes it does not even finish booting.

I've not figured out what is causing it, but I do it know it is annoying me. The only problem with wiping clean and starting again is the fact I loose a lot of software and configuration settings.

I think I'm going to have to make a Ghost image with Norton Ghost and use that for future installs. The other thing to consider is the fact it is a lot slower to boot, probably due to a lot of fragmentation on the boot disk.

Sometimes I wish I didn't have at least one reason to use Windows, but I do.
I'm going to have to attempt a re-install, maybe on Thursday or Friday.

Post ID: 387, posted by jase at 03:37 PM
Permalink | Post / View Comments (0) | TrackBack ID: 360, (4) | Category: Misc | Google Search

Sunday, May 23, 2004

In the run up to a launch

In the run up to launching a new service or product there are a lot of things to take into consideration. I'm going to be launching a few things in the near future, but more about them later. At the moment, things are still coming together. We;re looking at getting everything up and running. A marketing plan needs to be devised too, but most of this will be online based, via the usual methods.

We've also hit some delays, with a few things which we sourced out to other people to do. Those things are out of our control. Along with Ben, we've got a few projects that should be interesting, but they will take some time to implement.

We've been meaning to do do some of them for ages, but have finally got round to it. Now, if only we had of started on them ages ago, when we first thought it them - who knows how things would be now.

It's not just about making money, it's about personal achievement and sitting there thinking - I did that. Being proud of something in that respect, gives as much pleasure as the money you earn.

Post ID: 386, posted by jase at 01:05 PM
Permalink | Post / View Comments (0) | TrackBack ID: 359, (3) | Category: Misc | Google Search

Saturday, May 22, 2004

MT-Blacklist v1.64 released

MT-BL v.164 has been released, I've just upgraded. It would be wise to upgrade, since a bug effecting all versions has been discovered which could allow people to leave comment spam that is filtered by your blacklist.

I think some recent spam was delivered this way to my blog, since I added some entries to the blacklist yet MT-BL was not picking it up. After the upgrade, it's all detected.

Go and upgrade.

Post ID: 385, posted by jase at 10:06 PM
Permalink | Post / View Comments (0) | TrackBack ID: 358, (0) | Category: Software | Google Search

Friday, May 21, 2004

Yahoo Domain Keys

I'd heard of this recently, but reading Jeremy Zawodny's post reminded me about it. Off I went to read the details. It seems like a good idea and would probably work. The issue would be, getting as many different mail servers as possible to use it - actually, it might not be such a task as long as it is integrated with as many popular MTA's as possible.

It looks like that will be the case. It won't stop spam alone since spammers running their own servers could easily setup key pairs, although it would be easier to trace and then blacklist these servers. Also, if a mail server is an open relay, then won't it just accept and sign any incoming mail then pass it on?

Signed spam - delivered directly to you.

It appears that Yahoo has submitted the RFC to the IETF so I'll have to have a read through that, at first glance it looks like an interesting idea.

There is also the alternative Sender Policy Framework, which already has quite a large amount of users. With that in mind, from the perspective of a new user, which method should be the one used? Maybe if you were able to implement both, you would have the best of both offereings.

Microsoft has also submitted its RCF draft to the IETF, regarding their Caller ID anti-spam idea.

It looks like some of the big names are really looking at the issues of spam more now which is a good thing. I've had my Yahoo Mail account since 1998 and I used it to sign up to loads of different things. As you would imagine, by now I get a lot of spam. Until Spam Guard, it was all being delivered to the inbox. With Spam Guard, most of it was being caught and delivered to the bulk mail folder, which could be deleted there & then or automatically later on.

Now you can submit mail as spam, for the odd one or two that do get delivered to the inbox, I submit. For a while I was submitting a lot, but as more mail is submitted by many users, it can be flagged and all future mail filtered.

With the addition that bulk mail does not count towards your account quota as well as the quota size going to increase - the Yahoo Mail offereing is a lot better.

Since the 15th of May to now, 292 emails have been caught and devliered to the bulk mail folder in my account. I've had to mark about 5 as spam that were not caught. That is not bad going and a lot better than it was. I'm sure more improvements will be made as well.

When using web based mail, you really need good spam filtering as it is more of task to keep adding your own rules and you can't use a proper mail MTA unless you use POP3, which means you can't have the benefit of using other applications to catch spam as well.

These methods look promising to use, in addition to spam filtering applications. I'll be giving some of them a try to reduce the amounts of spam I am getting to my other accounts which are not free / web based.

Post ID: 384, posted by jase at 09:14 PM
Permalink | Post / View Comments (0) | TrackBack ID: 357, (1) | Category: Internet | Google Search

Thursday, May 20, 2004

Slow software

I hate slow software, more than I hate slow machines. When the specification of the system is high, you would think that the applications would run fine. It's annoying having to wait around. I probably spend half the day waiting for our internal case management tool, which is written in one of our own technologies - Java.

The problem with it is it the amount of users, the face it is single threaded and also the fact the database is sitting in the USA, when I'm in the UK which causes some more latency issues.

There are some plans to make changes to help speed things up, but I think we'd need some major changes to get it working to an instant response, with no delays.

Post ID: 383, posted by jase at 02:32 PM
Permalink | Post / View Comments (0) | TrackBack ID: 356, (0) | Category: Software | Google Search

Wednesday, May 19, 2004

CVS & Subversion bugs

The flaw realting to CVS, affects all versions of the software released before May 19 2004.
The heap overflow issue occurs because data from the users is not checked enough. The CVS Project and various vendors have already posted advisories and patches.

The Subversion issue is much easier to exploit, it is caused by an error in the way the code parses dates, which could allow remote code execution.

If you use CVS or Subversion, update or patch!

Post ID: 382, posted by jase at 03:52 PM
Permalink | Post / View Comments (0) | TrackBack ID: 355, (0) | Category: Security | Google Search

Tuesday, May 18, 2004

They go for the money

Well it seems that people close to the author of the Sasser worm, reported him in as they wanted the reward money. The individual, admitted it. Maybe that was not such a bright thing to do, but it depends on the evidence on the plate and how good you are at getting out of situations.

The Microsoft Bounty Program, looks like it is working.

Indeed though, we see here another fine example where the money issue, takes over everything else such as respect & trust in order to receive a nice payout.

It's very tempting, could you resist?

Post ID: 381, posted by jase at 08:08 PM
Permalink | Post / View Comments (0) | TrackBack ID: 354, (0) | Category: Internet | Google Search

Monday, May 17, 2004

An interesting thought...

With working longer hours and spending a lot of time per week going to and from work, it means one thing - the weekend comes more quickly. Since I have been working more hours recently, I find the weekend comes and goes, but then is back again pretty quickly, which is nice.

I look forward to the fact I don't have to get up two out of every seven days, even though at the moment the earliest time I start is 12pm, so it is not that bad, but I like starting early as then you can get out and enjoy the summer nights, as they appear to be coming here now!

I know one thing, it's going to be another good summer, mind you - I always make sure I make the most of them!

Post ID: 380, posted by jase at 09:05 PM
Permalink | Post / View Comments (1) | TrackBack ID: 353, (0) | Category: Personal | Google Search

Sunday, May 16, 2004

Do spammers work at weekends?

I was thinking about this earlier and I've come to the conclusion - I don't think that they do work at weekends. As such, working in this sense is spamming - I would not call this work really, but it will do for the purpose or my thoughts.

I've noticed that the levels of spam that I receive to certain addresses really does drop at the weekend. So it would seem that spammers maybe do have real lives. I was also thinking, do they just spam to annoy us, sell their or customer products or a bit of both? I'd think it is both.

I mean, they must know that people are not going to purchase stuff relating to half of what spam is reklating to or am I just assuming? Maybe there are some people that actually purchase this stuff?

I'd be inclined to think that people selling these products, go to the spammers and get them to help out for a fee. The spammers probably don't care what the spam is relating to or if it will convince anyone to buy the products, they just want their money. The spammers also probably know that most people will not care for these mails and probably enjoy the fact it annoys most people.

I've recently updated some of my spam filter rules, there are about 100 at the moment. The mail which tests as positive, is simply deleted from the server and not downloaded.

Saves on bandwidth too, it's all good.

Post ID: 379, posted by jase at 11:37 PM
Permalink | Post / View Comments (1) | TrackBack ID: 352, (44) | Category: Misc | Google Search

Saturday, May 15, 2004

MT 3.0 Developer Edition

I've recently been reading the announcement made by Six Apart regarding the release of Movable Type 3.0 and the changes to the licensing. It seems that a lot of people are suprised at some of the points made and the thought of having to now pay for a product which was essentially free.

At first glance, I thought (instead of jumping the gun / assuming) people running versions previous to 3.0 would not have to pay, which is correct.
One thing to remember, is that Six Apart spends a lot of time working on the development of MT, especially the change to 3.0 and obviously have to make a living in real life. Since all the time is spent on MT, it needs to become a feasible business project.

If you use MT and are going to upgrade, depending on how it is implemented with Type Key, you may well have to pay to be given any access to Type Key to use on your blog. A move like this would ensure that more people would purchase a license.

The initial public release is called Movable Type 3.0 Developer Edition. It's for use by everyone, but is basically the foundations on which great plugins can be made. Along with it comes other changes, to help developers to work with Six Apart to make MT 3.0 even better.

So, if you keep using a version previous to 3.0, you will not have to pay anything. If you want to use version 3.0, then you can choose the free version. You could of course make a payment, which I shall call a "donation" that will enable you to receive support and a list of other things.

In the time that MT has been produced, it has been done so at the time and cost of the developers and if you like it and want to thank Six Apart then you now know how to do so.

At some point, I'm sure I'll get round to upgrading, but I normally allow the dust to settle on new major releases before doing so.

Post ID: 378, posted by jase at 05:36 PM
Permalink | Post / View Comments (3) | TrackBack ID: 351, (0) | Category: Software | Google Search

Friday, May 14, 2004

Dabber

A new worm called Dabber appears to be spreading via a vulnerability in the recent Sasser worm. Dabber is different, in that it is one of the fist to spead by exploiting an actual programming error in Sasser.

Dabber scans for infected Sasser hosts, on port 5554. If it finds an infected system it then uses code from a Sasser FTP exploit to take control of the box.

After Dabber has installed itself it then deletes the registry keys of Sasser and other worms / viruses. Dabber opens up port 9898 as a backdoor. To remove dabber, you would need to kill the "package.exe" process & then delete the file as well as removing the "sassfix" registry key.

It can be found in the following locations:

%System%\package.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\package.exe

%Windir%\All Users\Main menu\Programs\StartUp\package.exe

It appears to delete a list of entries from other registry keys, check out the Symantec Alert for full details. It looks like this might be another trend that appears, as obviously even malicious code has bugs.

Post ID: 377, posted by jase at 04:22 PM
Permalink | Post / View Comments (0) | TrackBack ID: 350, (0) | Category: Security | Google Search

Thursday, May 13, 2004

Watchmoor Park is going to close

The Sun Educational Services training site, at Watchmoor Park in Camberley is going to close. It seems that in another cost cutting exercise, around four million pounds a year will be saved by moving the training operation to the main Sun UK site, just down the road over at Guillemont Park.

Word has it that the move is going to take place in about six weeks, so in the run up to this, gradually things will be moved over there. I think the training will move to one of the existing buildings over there so there will be a bit of a move around. Obviously it'll need to be kept seperate from Sun itself, since training buildings have a lot of non Sun people involved in training courses.

Guillemont Park is nice, in face I would not mind working there - all nice and new, onsite gym, and really nice site and building layout and design. The only thing with working there would be the location, there is not a lot to do around here - I'd probably live in London or on the outskirts.

You may remember that not so long ago the Sale site closed, as far as training was concerned and they moved everything to Watchmoor Park. Now, instead of wasting money on the lease of this building, the entire operation will move onto Sun owned buildings and thus saving the most cash.

It's not official yet, but one hundred percent going to happen. I will prefer going to Guillemont Park in future.

Post ID: 375, posted by jase at 01:05 PM
Permalink | Post / View Comments (2) | TrackBack ID: 349, (5) | Category: Misc | Google Search

Wednesday, May 12, 2004

Rather bored

I must say, that I am really bored this week down in Camberley. The course is, well nothing exciting really and the nights are even more boring due to the fact there are not many of us down here.

I can't wait to get back home to be honest!

If there had of been more of us down here then it would be okay, but since there is only 5 of us, and 3 of them desert us every night - there are two of us left.

Let us hope that this does not happen again. I was planning on going back up north tonight with one of the other guys and then coming back in the morning, but he's not going home tonight, so that idea is out of the window.

As for the course, well - I have learnt some things, but some of the stuff we have been doing does not really help in the learning process, but instead makes me feel tired and not interested.

Maybe these are comments I should bring up later, when they ask for our feedback. They might take more notice as well, since we are Sun internal staff.

Post ID: 374, posted by jase at 12:45 PM
Permalink | Post / View Comments (0) | TrackBack ID: 348, (0) | Category: Personal | Google Search

Tuesday, May 11, 2004

Google Adsense

Whilst trying to access Adsense just now, I'm getting a 502 server error.
We have to expect these things now and again, but even so - they always seem to happen at the wrong time, which indeed is any time they appear and you see them.

I shall try later, as I only wanted to see what the stats are for my account at the moment.

Post ID: 373, posted by jase at 10:17 AM
Permalink | Post / View Comments (2) | TrackBack ID: 347, (0) | Category: Misc | Google Search

Monday, May 10, 2004

Linux Kernel 2.6.6 released

The latest update to the Linux Kernel has just been released, version 2.6.6.

So, if you've not got a lot to do at the moment, then why not upgrade?
You can of course see the changelog as usual, also the patch between 2.6.5 is available.

You should know where to go...

Post ID: 372, posted by jase at 03:04 PM
Permalink | Post / View Comments (1) | TrackBack ID: 346, (4) | Category: Linux | Google Search

Nigritude Ultramarine

I just noticed this over on Slashdot, so thought I would put my little entry in. There are not that many results found on Google at the moment, but from my experience, I think I'll head in on the first page - but we'll see.

I'm sure there will be a load of other bloggers and such having a bash, so it should be an interesting test. What Nigritude Ultramarine is, I don't know. Sounds okay though.

Let the games begin! Also check out www.seochallenge.com

That reminds me, I still need to implement that function button fix for Netscape / Mozilla, so I can do hyperlinks without having to manually enter all of the html.

Post ID: 371, posted by jase at 11:40 AM
Permalink | Post / View Comments (0) | TrackBack ID: 345, (0) | Category: Misc | Google Search

Sunday, May 9, 2004

Camberley - here I come!

It's time again, time for me to head down to Camberley to do another course. This one is for the midrange / enterprise kit, spread over 4 days. There are only five of us going to be down there this time, which is a little less than normal so it probably won't be as crazy as past trips.

But it'll be good regardless!

Post ID: 370, posted by jase at 04:06 PM
Permalink | Post / View Comments (0) | TrackBack ID: 344, (3) | Category: Misc | Google Search

Saturday, May 8, 2004

The more you have, the more you need.

That goes for a lot of things, it seems.

In this instance though, I'm talking about disk space. After recently buying another drive for one of my boxes, I've nearly filled it but that is due to moving data over from another drive and wiping that clean.

So, I do have space at the moment. Although, at the rate I'm filling the disks, I'm going to have to burn some data to DVD, which I have been doing but just got a little lazy.

Now, a few 400GB SATA disks would be nice, or a nice StorEDGE array full of scsi drives.

Post ID: 369, posted by jase at 04:02 PM
Permalink | Post / View Comments (0) | TrackBack ID: 343, (0) | Category: Misc | Google Search

Friday, May 7, 2004

DVD Shrink

I've just had a play with DVD Shrink and from the first lot of results, I'm impressed. In addition to the fact it is freeware, it does a nice job of backing up DVD's. No messing around with compression or anything, as it does it all for you.

You can be sure that a source DVD will fit on a DVD-R or DVD+R disc. It does not take that long to process a source DVD, I did the deep scan which will ensure the end result will be of good quality - In fact, you can't notice any difference - it's a complete image of the original, with all the extras and menu system too.

With the advent of the dual layer drives and media coming around now, we'll have even better options to choose from. As long as the software keeps up, it'll be interesting. You can burn direct to another DVD or create a DVD image file.

I'd really suggest checking it out, if you're looking for this kind of thing.

Post ID: 368, posted by jase at 10:21 PM
Permalink | Post / View Comments (1) | TrackBack ID: 342, (0) | Category: Software | Google Search

Thursday, May 6, 2004

Projects, finding the time.

I've got a few projects on the go at the moment, which will begin to take up more time as they evolve and expand. At the moment, I'm not getting much time to work on them, so I'm wondering how I will manage when they require more time than at present.

Well, we all know that a busy person will always find time to do stuff, so when someone says "I'm busy, I'll do it later" you usually know it will get done, but you might have to wait a while.

On the other hand, there are the other kind who will always put things off until tomorrow or the next day. I think I fall on both sides of the fence, it just depends on which - it's an unpredictable variable. With these points in mind and a distinct lack of time, I'll need to work on some more time management modifications.

At the moment, I spend around three hours per day going to and from work. I don't mind, but I do think how much better that time could be used if saved - I know I could cut it down to about 2 hours per day, which will come soon.

That would work out to be five extra hours per working week, to use more effectively. One thing I could wish for, is more hours in the day and or the complete eradication of the need for sleep.

Damn, I'm sure most of us would have more than enough time to do a lot of things then - Only I would bet that would cause a lot of us to become more lazy and switch to the "I'll do it later" method, simply because we would calculate we have enough time, but that time would just get wasted doing not a lot of anything productive, due to the fact we would think we have plenty to spare.

Post ID: 367, posted by jase at 11:17 PM
Permalink | Post / View Comments (0) | TrackBack ID: 341, (0) | Category: Misc | Google Search

Wednesday, May 5, 2004

Gmail

It seems more people are being given Gmail accounts and indeed a number of invites to pass out to other people, who can then get accounts.

I noticed JZ had some, but they were already gone by the time I saw the post, stating he's running out of invites.

I guess I'll just have to wait. I don't mind though, I'm sure it will be worth it.

Post ID: 366, posted by jase at 11:58 PM
Permalink | Post / View Comments (7) | TrackBack ID: 340, (0) | Category:

Tuesday, May 4, 2004

Google Adsense

I signed up to Google Adsense before, but was not accepted due to this being a personal site. Google sent me an email stating that they had evaluated it again and would now include it. I'm just giving it a go, to see what kind of ads will be shown. At the moment there is only one advert shown at any one time, but I might increase it - just as a test - I'm not expecting to actually get any revenue from one advert or say four adverts but if I do then I'd happily welcome it.

In addition to that, since it seems the links so far that I have seen are blog related, I might find some good sites to check out, you may do too. They state you can add as many other sites to your account as well, once you have the initial account accepted so I might try putting the code on some other domains and see if ads are directed to appropriate content on those, like it states would be the case.

Since Google is expanding the program so it seems, I think that there will be a lot more people now able to use the program, to drive traffic to sites or make some cash from showing adverts.

Post ID: 365, posted by jase at 01:48 PM
Permalink | Post / View Comments (0) | TrackBack ID: 339, (2) | Category: Internet | Google Search

Monday, May 3, 2004

Sasser worm

So, yet another day and yet another worm. Only this one is not spreading via email. It is spreading by exlpoiting a recent vulnerability in MS Windows operating systems.

XP, 2000, 2003 are all affected, however if you applied all of the patches recently which addressed 20 vulnerabilties, you are safe - well your box and network is. If not, I'd suggest installing the updates, updating your AV and running a scan, just in case your systems are already infected.

The main problem this worm may cause is increased bandwidth usage on your network as infected hosts scan for other machines to infect. The reports of new worms are common place these days, most via email though and the odd one like this or Blaster which exploit a vulnerability.

Sasser exploits a bug in the Local Security Authority Subsystem service. See the MS bulletin for more information regarding the vulnerability.

It creates the following resitry key:

[SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avserve.exe" = "%WinDir%\avserve.exe"

So that only one copy of the worm is running it creates a mutex called 'Jobaka3l'.

Ports used by the worm are:

445/TCP - The worm attacks using this port
5554/TCP - FTP server, running on infected systems
9996/TCP - Remote shell opened by the exploit on vulnerable hosts

So get updating, if you have not already!

Post ID: 364, posted by jase at 11:14 PM
Permalink | Post / View Comments (0) | TrackBack ID: 338, (0) | Category: Internet | Google Search

Sunday, May 2, 2004

OpenBSD 3.5 released

As always, there are new features, improved security and various fixes. As well as more hardware support, as with any new OpenBSD release.

As included in the announce email, here is some of what is new / changed:

* New ptm device (see pty(4)) that allows non-privileged processes to
allocate a properly-permissioned pty. As a result any process can
now open a pty easily, meaning xterm(1) and xconsole(1) are no longer
setuid root. (In 3.4 they were setuid root, but privilege revoking).

* malloc(3) chunk randomization and guard pages. This helps to detect
out-of-bounds reads and writes.

* Privilege separation added to allow complex operations to occur in an
untrusted, unprivileged process, resulting in much greater security
for the following processes:
- isakmpd(8)
- named(8) (Previously privilege revoking, but this had a small breakage).
- pflogd(8)
- tcpdump(8)

* Many improvements and bug fixes in the ProPolice stack protector.
Several other code generation bugs for RISC architectures were also
found and fixed.

* Major improvements in the pf packet filter, including:

* Atomic commits of ruleset changes (reduce the chance of ending up in
in an inconsistent state).

* A 30% reduction in the size of state table entries.

* Source-tracking (limit number of clients and states per client).

* Sticky-address (the flexibility of round-robin with the benefits
of source-hash).

* Invert the socket match order when redirecting to localhost (prevents
the potential security problem of remote connections being identified
as local).

* Significant improvements to interface handling.

* New tools for filtering gateway failover:

* CARP (the Common Address Redundancy Protocol) carp(4) allows
multiple machines to share responsibility for a given IP address
or addresses. If the owner of the address fails, another member
of the group will take over for it. A discussion of the history
of CARP can be found here.

* Additions to the pfsync(4) interface allow it to synchronise
state table entries between two or more firewalls which are
operating in parallel, allowing stateful connections to cross
any of the firewalls regardless of where the state was initially
created.

* Performance improvements:

* Improved connection/socket lookup - about 100 times faster at
10000 sockets than 3.4.

* TCP SYN cache. Greatly reduces the memory cost of half-open TCP
connections.

* Implemented TCP adjustments recommended by RFC3390, controllable
via sysctl.

* OpenSSL speedup on i386, up to 100% improvement for md5, sha1,
blowfish, des, 3des, rsa, dsa and bn.

* OpenSSL now directly uses the new AES instructions some VIA C3
processors provide, increasing AES to 780MBytes/second (so you get to
see a fan-less cpu performing AES more than 10x faster than the
fastest cpu currently sold).

* Directory hashing makes lookups in large directories much faster.

* New features and significant bug-fixes included with 3.5

* Replacement of the GNU bc(1), dc(1), nm(1) and size(1) commands
with BSD licensed equivalents.

* pty(4) devices are now allocated on demand, up to a configurable limit.

* The closefrom(2) system call has been added.

* TCP MD5 signatures (used by nc(1) and bgpd(8)).

* Network boot support for i386 and amd64, using pxeboot(8).

* The i386 8GB boot loader limitation has been removed.

* spamd(8) gains greylisting support. This allows greylisting (a very
powerful spam reduction technique) to be done on a firewall for many
mail hosts, no matter what MTA is being used.

* Interface 'cloning', accessed by ifconfig(8) commands create and destroy.
E.g. `ifconfig vlan100 create'.

* ifconfig(8) can now be used with a generic interface name, for listing
all such configured interfaces. E.g. `ifconfig carp'.

* The MAKEDEV(8) manual pages are now generated, and hence, accurate.

* Complete rewrite of package tools in perl.

* syslogd(8) now supports logging to memory buffers, to be read using
syslogc(8). This is useful for diskless or flash-based computers.

* IPsec ESP in UDP encapsulation.

* authpf(8) now tags traffic in pflog(4) so that users may be associated
with traffic through a NAT setup.

* XFS has been added to the GENERIC kernels so that afsd(8) may be started
easily, eliminating the need to recompile the kernel to use AFS.

* AFS can now be used anonymously by enabling it in rc.conf(8) with no
further configuration.

* The ps, top and w utilities no longer break when changes are made in
kernel structures.

* A poll interface has been added to the rpc routines in the standard C
library. Use of poll over select can result in better performance for
programs with a large number of open file descriptors.

* dhclient(8) now detects when the interface it configured is modified and
gracefully exits. e.g. repeatedly running it against the same
interface leaves only the last instance active.

* New tools:
- sensorsd(8), monitoring hardware sensors.
- procmap(1), to examine a process' memory map.
- bgpd(8), implementing the BGP-4 routing protocol.
- pkill(1) and pgrep(1), finding or signalling processes by name.

* OpenSSH 3.8.1.

* Many, many man page improvements.

* The "ports" tree is greatly improved (http://www.OpenBSD.org/ports.html)

* The 3.5 CD-ROMs ship with many pre-built packages for the common
architectures. The FTP site contains hundreds more packages
(for the important architectures) which we could not fit onto
the CD-ROMs (or which had prohibitive licenses).

* The system includes the following major components from outside suppliers:

* XFree86 4.pre4.0 (+ patches).
* gcc 2.95.3 (+ patches and ProPolice)
* gcc 3.3.2 (+ patches and ProPolice) on sparc64, amd64, and cats
* Perl 5.8.2 (+ patches).
* Apache 1.3.29 and mod_ssl 2.8.16, DSO support (+ patches).
* OpenSSL 0.9.7c (+ patches).
* Groff 1.15.
* Sendmail 8.12.11.
* Bind 9.2.3 (+ patches).
* Lynx 2.8.4rel.1 with HTTPS and IPv6 support (+ patches)
* Sudo 1.6.7p5.
* Ncurses 5.2.
* Latest KAME IPv6.
* Heimdal 0.6rc1 (+ patches).
* Arla-current.

To see a full list of changes between 3.4 & 3.5 go here.

Post ID: 363, posted by jase at 04:08 PM
Permalink | Post / View Comments (0) | TrackBack ID: 337, (6) | Category: BSD | Google Search

Saturday, May 1, 2004

I'm off to the country..

To party like mad tonight!

It'll be something different, since it is on the grounds of some mansion. The lineup is great, with the likes of Sasha and Digweed back to back, should be good since it is the first time they have played together for Renaissance in ten years. Not to forget all of the other DJ's, too!

Lock & load!

Post ID: 362, posted by jase at 03:55 PM
Permalink | Post / View Comments (0) | TrackBack ID: 336, (0) | Category: Personal | Google Search