Posted: August 29th, 2005 | Author: lrei | Filed under: Security | Tags: html, linux, Security, ubuntu | Comments Off
The Ubuntu Security Notices Analysis by John Moser gives a nice picture at what types of vulnerabilities show up in a linux distribution and their percentages. The actual analysis discusses what can be done to prevent or mitigate the vulnerabilities. From the conclusion: “Somewhere between 61.7% and 81.7% of vulnerabilities can definitely be stopped before they’re known“. There’s also the Proactive Security and a How to improve proactive security in Ubuntu wiki entry.
And in OpenBSD land there’s this Exploit Mitigation Techniques presentation.
Posted: August 28th, 2005 | Author: lrei | Filed under: Security | Tags: games, html, Networking, Personal, Security | Comments Off
In the past two days my internet connection went down at around the same time (a while after 3am) which prevented me from blogging. Not much to say though. I finished The Chronicles of Riddick: Escape From Butcher Bay. The game is very short but at least didin’t use frustrating hard to defeat bosses to prolong its duration in terms of time or silly traps (stab at God of War). It was the best PC game (no point in making an unfair comparison with God of War) I played since Far Cry. Sorta the only one I can even remember though I’m certain I must’ve tried other games in the past year.
I’m going to a friends birthday right now. I’ll try to post something interesting tomorrow. For now I’ll leave you with some Thoughts on spam.
Posted: August 25th, 2005 | Author: lrei | Filed under: Uncategorized | Tags: Hardware, Personal, Ui | Comments Off
I upgraded my PC, namely got the following components:
AMD Athlon 64 X2 3800+
Asus A8N-Sli Premium
Kingston 2x 1GB DDR 400
XFX NX7800GTX
I formated my computer and reinstalled Windows XP. I have and HD just for OSes and programs and I try to keep my data in another HD but I already noticed a major screw up: my backup opml file was old for some reason. That means there are a lot of feeds I’m gonna have to search for on the web and some I have to remove again. I still have a ton of stuff to install and configure… sigh.
I can say one thing: nothing beats the X2’s dual core desktop experience (except obviously dual processors – like my old xeon box) – it really lived up to the hype. The processor’s performance has so far exceeded my expectations. And it’s quiet too compared to my old pentium 4.
Posted: August 24th, 2005 | Author: lrei | Filed under: Programming | Tags: Entertainment, html, Internet, Networking, Programming, Software, Tech, Ui | Comments Off
What’s Old is NeWS Again
Nearly twenty years ago now, the father of the Java programming language spear-headed a rather different idea for its time. GUIs were still in their infancy, but James Gosling and David Rosenthal envisioned a system whereby rich applications could be seamlessly delivered over the low-bandwidth networks of the time. Even better, the system was designed such that if you could see it on the screen, you could print it. That system was called New extensible Windowing System, or NeWS for short.
Great blog entry (imo) about NeWS and AJAX.
The Kleptones
Go there and download “A Night At The Hip-Hopera”.
Posted: August 24th, 2005 | Author: lrei | Filed under: Security | Tags: book, html, Security, xml | Comments Off
If fear of data stealing wasn’t enough to get you to disable Bluetooth (and only enable it when you need it), now you got SPAM to worry about. Unfortunatelly some people need bluetooth enabled at all times – laptop thieves. Those people might want to consider a career as online extortionists, in that case they may want to read about How a Bookmaker and a Whiz Kid Took On an Extortionist — and Won (via TaoSecurity).
Sidenote: I can’t wait for CX717! it sounds a lot better than Modafinil.
Posted: August 22nd, 2005 | Author: lrei | Filed under: Uncategorized | Tags: News | Comments Off
There seems to be some sort of discussion going on in the portuguese blogosphere over an article written by Paulo Querido in a weekly newspaper (yeah actual paper – they still use that in the outstide world which is actually real contrary to what many seem to believe). The only part of the portuguese blogosphere I read is the part I get via Planeta Asterisco. And I skim read it at best. From what I understood in the 1min I wasted skim reading the discussion, it seems that the other blogs in Planeta * are of the opinion that the article in expresso (which I didn’t read and have no plans to do so) is inacurate in its portrayal of the portuguese blogosphere. One of the issues revolves around the importance given to sitemeter ratings and another one is of what constitutes a blog, namely if a site that is only used to post pictures of naked women is a blog. Knowing how incredibly incompetent and totally devoid of ethics the portuguese media is… bleh I couldn’t care less. And by the way, in case you’re wondering, I don’t have a sitemeter account. I used to occasionally check the stats via the NeACM stats page which was apparently removed (possibly because of referer-spam).
Posted: August 22nd, 2005 | Author: lrei | Filed under: Uncategorized | Tags: Networking, ubuntu | Comments Off
TVTEL my ISP is in the process of updating its services. It’s not official yet but it seems my internet connection is getting bumped from 512 Kbps to 2Mbps. I’ve enjoyed downloading the FreeBSD, OpenBSD and Ubuntu isos at 250KB/s. I just downloaded KDE for Ubuntu just for fun – not like it took long 
Posted: August 21st, 2005 | Author: lrei | Filed under: Uncategorized | Tags: html, Software, ubuntu, Ui | Comments Off
FreeBSD 4.11 didn’t boot after I installed it… well, it booted it just said some stuff and didn’t work or something… it was too late in the morning for me to care. I probably could’ve got it working (or maybe not) but I wasnt in the mood so I just removed it and now my laptop only has Windows XP and Ubuntu. I’m getting less and less tolerant of crappy software. And by crappy I mean software that either doesn’t work, is a pain or is simply made with a “screw you user!” attitude. Have you looked at the OpenBSD installer? It’s stuck in the 19th century or something. It’s ugly and totaly user-hostile. just look at part of it (from the openbsd install guide or whatever it’s called):
fdisk: 1> e 1
Starting Ending LBA Info:
#: id C H S – C H S [ start: size ]
————————————————————————
1: 00 0 0 0 – 0 0 0 [ 0: 0 ] unused
Partition id (‘0′ to disable) [0 - FF]: [0] (? for help) a6
Do you wish to edit in CHS mode? [n] y
BIOS Starting cylinder [0 - 2585]: [0] 203
BIOS Starting head [0 - 239]: [0] Enter
BIOS Starting sector [1 - 63]: [0] 1
BIOS Ending cylinder [0 - 2585]: [0] 2585
BIOS Ending head [0 - 239]: [0] 239
BIOS Ending sector [1 - 63]: [0] 63
fdisk:*1> p
Disk: wd0 geometry: 2586/240/63 [39100320 Sectors]
Offset: 0 Signature: 0xAA55
How much worse can it possibly get? OpenBSD developers have made an amazing job with the security features of th OS and it’s stable but the rest just sucks. And while there is a point to what they are doing would it really hurt to make it a bit more user friendly?
Ok Ok gonna end this pointless rant now.
Posted: August 19th, 2005 | Author: lrei | Filed under: Security | Tags: html, Personal, Security, ubuntu | Comments Off
The Devil’s Infosec Dictionary made me laugh. Maybe I should start reading the Zone-H comics instead of reading the news, namely those about SHA-1. That doesn’t mean there isn’t funny stuff on the news like the Battle of the worms. And while on the subject of worms, there’s an interview with Jose Nazario at SecurityFocus. Anyway I got around to reading a bit of the 1.3 issue of the (IN)SECURE Magazine. This issue includes:
* Security vulnerabilities, exploits and patches
* PDA attacks: palm sized devices – PC sized threats
* Adding service signatures to Nmap
* CSO and CISO – perception vs. reality in the security kingdom
* Unified threat management: IT security’s silver bullet?
* The reality of SQL injection
* 12 months of progress for the Microsoft Security Response Centre
* Interview with Michal Zalewski, security researcher
* OpenSSH for Macintosh
* Method for forensic validation of backup tapes
I tink I’ll be finished reading it by the time I finish dowanloading and installing FreeBSD 4.11 on my laptop – an old 1Ghz IBM ThinkPad R30 with 256MB of memory and a 30GB harddrive. I would install the latest release from the 5.x branch but for some reason, the 5.x branch won’t install on my laptop. By tomorrow it will have the following installed:
- Windows XP Pro SP2
- FreeBSD 4.11
- Ubuntu 5.04
Well, better get started.
Posted: August 18th, 2005 | Author: lrei | Filed under: Security | Tags: html, linux, Security | Comments Off
This entry on the Red Hat People blog got me thinking about metrics in computer security. That’s the kind of subject I rarely care about, I much rather read about some new packet kung fu by someone like Dan Karminsky. So I decided to visit doxpara. There I find a link to a recent interview he gave. And guess what? On page 2 he mentions metrics, namely the Common Vulnerability Scoring System which is, at least in part, the work of Mike Schiffman – someone who you would expect to be spending his time on packets and stuff. The CVSS calculator looks cool and the presentation does show a few well known names for all the good that has done to standards in the past.
Check also:
Security Report: Windows vs Linux
