Posted: August 29th, 2005
The Ubuntu Security Notices Analysis by John Moser gives a nice picture at what types of vulnerabilities show up in a linux distribution and their percentages. The actual analysis discusses what can be done to prevent or mitigate the vulnerabilities. From the conclusion: “Somewhere between 61.7% and 81.7% of vulnerabilities can definitely be stopped before they’re known“. There’s also the Proactive Security and a How to improve proactive security in Ubuntu wiki entry.
And in OpenBSD land there’s this Exploit Mitigation Techniques presentation.
Posted: August 28th, 2005
In the past two days my internet connection went down at around the same time (a while after 3am) which prevented me from blogging. Not much to say though. I finished The Chronicles of Riddick: Escape From Butcher Bay. The game is very short but at least didin’t use frustrating hard to defeat bosses to prolong its duration in terms of time or silly traps (stab at God of War). It was the best PC game (no point in making an unfair comparison with God of War) I played since Far Cry. Sorta the only one I can even remember though I’m certain I must’ve tried other games in the past year.
I’m going to a friends birthday right now. I’ll try to post something interesting tomorrow. For now I’ll leave you with some Thoughts on spam.
Posted: August 25th, 2005
I upgraded my PC, namely got the following components:
AMD Athlon 64 X2 3800+
Asus A8N-Sli Premium
Kingston 2x 1GB DDR 400
XFX NX7800GTX
I formated my computer and reinstalled Windows XP. I have and HD just for OSes and programs and I try to keep my data in another HD but I already noticed a major screw up: my backup opml file was old for some reason. That means there are a lot of feeds I’m gonna have to search for on the web and some I have to remove again. I still have a ton of stuff to install and configure… sigh.
I can say one thing: nothing beats the X2′s dual core desktop experience (except obviously dual processors – like my old xeon box) – it really lived up to the hype. The processor’s performance has so far exceeded my expectations. And it’s quiet too compared to my old pentium 4.
Posted: August 24th, 2005
What’s Old is NeWS Again
Nearly twenty years ago now, the father of the Java programming language spear-headed a rather different idea for its time. GUIs were still in their infancy, but James Gosling and David Rosenthal envisioned a system whereby rich applications could be seamlessly delivered over the low-bandwidth networks of the time. Even better, the system was designed such that if you could see it on the screen, you could print it. That system was called New extensible Windowing System, or NeWS for short.
Great blog entry (imo) about NeWS and AJAX.
The Kleptones
Go there and download “A Night At The Hip-Hopera”.
Posted: August 24th, 2005
If fear of data stealing wasn’t enough to get you to disable Bluetooth (and only enable it when you need it), now you got SPAM to worry about. Unfortunatelly some people need bluetooth enabled at all times – laptop thieves. Those people might want to consider a career as online extortionists, in that case they may want to read about How a Bookmaker and a Whiz Kid Took On an Extortionist — and Won (via TaoSecurity).
Sidenote: I can’t wait for CX717! it sounds a lot better than Modafinil.
Posted: August 22nd, 2005
There seems to be some sort of discussion going on in the portuguese blogosphere over an article written by Paulo Querido in a weekly newspaper (yeah actual paper – they still use that in the outstide world which is actually real contrary to what many seem to believe). The only part of the portuguese blogosphere I read is the part I get via Planeta Asterisco. And I skim read it at best. From what I understood in the 1min I wasted skim reading the discussion, it seems that the other blogs in Planeta * are of the opinion that the article in expresso (which I didn’t read and have no plans to do so) is inacurate in its portrayal of the portuguese blogosphere. One of the issues revolves around the importance given to sitemeter ratings and another one is of what constitutes a blog, namely if a site that is only used to post pictures of naked women is a blog. Knowing how incredibly incompetent and totally devoid of ethics the portuguese media is… bleh I couldn’t care less. And by the way, in case you’re wondering, I don’t have a sitemeter account. I used to occasionally check the stats via the NeACM stats page which was apparently removed (possibly because of referer-spam).
Posted: August 22nd, 2005
TVTEL my ISP is in the process of updating its services. It’s not official yet but it seems my internet connection is getting bumped from 512 Kbps to 2Mbps. I’ve enjoyed downloading the FreeBSD, OpenBSD and Ubuntu isos at 250KB/s. I just downloaded KDE for Ubuntu just for fun – not like it took long 
Posted: August 21st, 2005
FreeBSD 4.11 didn’t boot after I installed it… well, it booted it just said some stuff and didn’t work or something… it was too late in the morning for me to care. I probably could’ve got it working (or maybe not) but I wasnt in the mood so I just removed it and now my laptop only has Windows XP and Ubuntu. I’m getting less and less tolerant of crappy software. And by crappy I mean software that either doesn’t work, is a pain or is simply made with a “screw you user!” attitude. Have you looked at the OpenBSD installer? It’s stuck in the 19th century or something. It’s ugly and totaly user-hostile. just look at part of it (from the openbsd install guide or whatever it’s called):
fdisk: 1> e 1
Starting Ending LBA Info:
#: id C H S – C H S [ start: size ]
————————————————————————
1: 00 0 0 0 – 0 0 0 [ 0: 0 ] unused
Partition id (’0′ to disable) [0 - FF]: [0] (? for help) a6
Do you wish to edit in CHS mode? [n] y
BIOS Starting cylinder [0 - 2585]: [0] 203
BIOS Starting head [0 - 239]: [0] Enter
BIOS Starting sector [1 - 63]: [0] 1
BIOS Ending cylinder [0 - 2585]: [0] 2585
BIOS Ending head [0 - 239]: [0] 239
BIOS Ending sector [1 - 63]: [0] 63
fdisk:*1> p
Disk: wd0 geometry: 2586/240/63 [39100320 Sectors]
Offset: 0 Signature: 0xAA55
How much worse can it possibly get? OpenBSD developers have made an amazing job with the security features of th OS and it’s stable but the rest just sucks. And while there is a point to what they are doing would it really hurt to make it a bit more user friendly?
Ok Ok gonna end this pointless rant now.
Posted: August 19th, 2005
The Devil’s Infosec Dictionary made me laugh. Maybe I should start reading the Zone-H comics instead of reading the news, namely those about SHA-1. That doesn’t mean there isn’t funny stuff on the news like the Battle of the worms. And while on the subject of worms, there’s an interview with Jose Nazario at SecurityFocus. Anyway I got around to reading a bit of the 1.3 issue of the (IN)SECURE Magazine. This issue includes:
* Security vulnerabilities, exploits and patches
* PDA attacks: palm sized devices – PC sized threats
* Adding service signatures to Nmap
* CSO and CISO – perception vs. reality in the security kingdom
* Unified threat management: IT security’s silver bullet?
* The reality of SQL injection
* 12 months of progress for the Microsoft Security Response Centre
* Interview with Michal Zalewski, security researcher
* OpenSSH for Macintosh
* Method for forensic validation of backup tapes
I tink I’ll be finished reading it by the time I finish dowanloading and installing FreeBSD 4.11 on my laptop – an old 1Ghz IBM ThinkPad R30 with 256MB of memory and a 30GB harddrive. I would install the latest release from the 5.x branch but for some reason, the 5.x branch won’t install on my laptop. By tomorrow it will have the following installed:
- Windows XP Pro SP2
- FreeBSD 4.11
- Ubuntu 5.04
Well, better get started.
Posted: August 18th, 2005
This entry on the Red Hat People blog got me thinking about metrics in computer security. That’s the kind of subject I rarely care about, I much rather read about some new packet kung fu by someone like Dan Karminsky. So I decided to visit doxpara. There I find a link to a recent interview he gave. And guess what? On page 2 he mentions metrics, namely the Common Vulnerability Scoring System which is, at least in part, the work of Mike Schiffman – someone who you would expect to be spending his time on packets and stuff. The CVSS calculator looks cool and the presentation does show a few well known names for all the good that has done to standards in the past.
Check also:
Security Report: Windows vs Linux
Posted: August 15th, 2005
AH AH AH AH
Relax MSNed me this story from MSFN:
Computer firm Apple may have to pay Microsoft £6 for each iPod it sells after a huge licensing lapse. Lawyers at Bill Gates’ firm filed a patent for technology behind the hugely successful digital music player two months before Apple.
The US Patent Office has ruled that Microsoft has the right to charge competitors a licence fee for each iPod sold. A furious Apple has said it will appeal the decision, but at the moment it looks as though the firm will be paying a high price for the success of its product.
The iPod was launched in November 2001 but Apple waited until July 2002 to file for a patent; Microsoft snuck in to license some of the technology the previous May. David Kaefer, Microsoft’s director of intellectual property licensing, said it was open to letting other firms patent its innovations.
Posted: August 13th, 2005
It’s amazing how we keep seing senseless acronyms in video games and computer software.
Update: This one, if you don’t already know, is from a game called F.E.A.R.
Posted: August 12th, 2005
I started playing The Chronicles of Riddick: Escape From Butcher Bay – Developer’s Cut (Review) yesterday. It was one of the titles in my list of games for this summer. There’s this scene were Riddick is taken to his cell by two guards. One of them is speaking and the voice sort of sounded familiar so i looked at that guard and I was like “OMG! LOL! XZBIT!”. Later in the credits I noticed another familiar name – Joaquim de Almeida. A list of the voice actors can be found in the usual place.
My first impressions are so far all positive except for one anoying feature: the game is checkpoint based – instead of being able to save anywhere, you’re limited to checkpoints. That’s a cheap way for developers to make games last longer without actually extending it (by making new levels or making levels bigger or something like that). It’s anoying and frustrating. Other than that the game is quite good: characters’ look is impressive and graphics overall are quite good. The ways characters move is also quite more realistic than in most games. The stealth system should be a must in all FPSs. Overall the game seems fun but I have to play a bit more to give a final opinion. Doom 3 initially looked fun and it later turned out to be one boring game I will probably never finish.
Posted: August 12th, 2005
By now it’s old news. I’d just like to leave the link here to Schneier’s blog entry on this subject: Cisco Harasses Security Researcher.
And here’s a list of links to Lynn’s presentation:
- http://www.milw0rm.com/sploits/lynn-cisco.pdf
- http://illmob.org/0day/lynn-cisco.zip
- http://cryptome.org/lynn-cisco.zip
- http://42.pl/lynn/lynn-cisco.pdf
- http://attrition.org/misc/ee/lynn-cisco.pdf
- http://www.viruswatch.nl/info/lynn-cisco.pdf
- http://www.securitylab.ru/_Exploits/…/lynn-cisco.pdf
- http://security-protocols.com/whitepapers/lynn-cisco.pdf
- http://s48.yousendit.com/d.aspx?id=1EOE4MPD1E6U53…
- http://www.purpleandgrey.com/free/lynn-cisco.pdf
- http://www.jwdt.com/~paysan/lynn-cisco.pdf
- http://files.bitchx.ru/…/&file=lynn-cisco.pdf
- http://www.megaupload.com/?d=31GTUIFR
- http://www.dfconsultants.com/lynn-cisco.pdf
- http://www.security.nnov.ru/files/lynn-cisco.pdf
- http://www.mininova.org/get/81889
- http://www.stephencollins.org/…/linn-cisco.pdf
- http://teknews.net/~radio/lynn-cisco.pdf
- http://snafu.priv.at/download/lynn-cisco.pdf
- http://www.darkgrid.com/lynn-cisco.zip
My copy was downloaded from http://security-protocols.com/whitepapers/lynn-cisco.pdf.
Posted: August 7th, 2005
“Everybody Loves Eric Raymond�? is an online comic. It depicts the real lives of Richard Stallman, Eric Raymond and Linus Torvalds as accurately as comedically possible.
Their real lives, which include living together in a house, with dynamic dimensions, without their wives or girlfriends. Also, they always wear the same clothes. And don’t move their eyes much.
It’s put together entirely using GNU/Linux machines (mostly with The Gimp) and published weekly, each Tuesday.