Domain: geek-girl.com
Stories and comments across the archive that link to geek-girl.com.
Comments · 15
-
catching up to emacs
finally, word is catching up to emacs 1988!
-
TECO begot Emacs; ed begot vi
The bad news is: 'TECO' r00ls; 'ed' suX0rs.
Foreshadowing Emacs vs. vi? The first version of Emacs was a set of TECO macros. Vi was originally just a visual interface to ex, which was an extended version of ed.
-
www.geek-girl.com
Yes, there are geek girls. This particular one carries quite an impressive resume: I started Carnegie Mellon University in Electrical and Computer Engineering with a double major in Cognitive Science. My final degree, though, is in Mathematics, with a concentration in Biomedical Engineering. In December 1995, I received a Ph.D. in the field of Neuroscience from Northwestern University. My thesis is entilted ``The Role of the Plant Properties in Point-to-Point Arm Movements: A Neural Network Approach''
I'm pretty fortunate myself. My fiancee is into computers (and likes to sysadmin, too), although she's a Geology major. (I'm an EE myself, but honestly, I'm really just a software jock. The last hardware I built used 7400-series TTL.) You can look outside your major and outside your career, you know. Just remember, if you're not looking, you won't find anything, and if you're looking but not finding, you need to change your search space or your search criterion!
--Joe
-- -
Re:buffer overflows and script kiddies
Yes some operating systems do have non-executable stacks, I am unsure if Digital UNIX is one of them but it wouldn't surprise me. I do know Solaris has this feature (though there are/were some flaws, search bugtraq archives for more info). Linux does as well through Solar Designer's secure-linux patches (http://www.false.com/security/linux/ index.html ). This may only work with Intel Linux, I haven't used it elsewhere. Gory details of how it works are include with the patches. Beware however that these are not perfect and can be defeated. Also note that there are good uses for executable stacks, search on "gcc trampolining" for some examples and discussion.
-
info: security distributions & resources
see the Linux Weekly News' Security page for information on Linux security projects which are already under way:
Secure Linux Projects Bastille Linux
Khaos Linux Secure Linux
Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive
Distribution-specific links
Caldera Advisories
Debian Alerts
Red Hat Errata
SuSE Announcements
Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
Linux Security Audit Project
OpenSEC
Security Focus
SecurityPortal -
Re:elitists?
And UNIX is invunerable? I beg to differ! GO take a look at the Bugtrq Archives and tell me how secure UNIX is! Hmm?
If you are going to make a virus, why can't it be non-destructive? How about, "Your computer has proved to be vunerable by exploiting this library, please report it to the nearest computer-security professional."
Let's be CON-structive here.
-AP
-
Benevolent Virus? Guerilla Attck?
It might be interesting to read this.
It seems that the virus is also found in mails from some engineers from microsoft which might mean that this virus is constructed to hit Microsofts source.
I'm not such an conspiracy believer, but this could explain why this virus is explicitely hitting code files, which is not anything normal windows users would have a lot on it's disk -
Re:A Nastier Virus Still....
You will be ok with Linux... as long as you don't read your mail with pine!
http://www.geek-girl.com/bugtraq /current/0094.html
This one ONLY affects Linux... the *BSD systems are safe, but only because pine's locking is broken.
-
Re:Da patch...Vladinator's post, which you replied to, asked for a link to the actual patch, not explanations of file placement, programming style, etc...
Whereas with this kind of security bug, I would personally wait and only upgrade my own kernel when a new version is released (and I think any newbie should wait at least this long as well), the patch can be applied manually as explained in the original post, or applied using a traditional patch that can be found in Alan Cox's bugtraq post.
-
General Linux (and unix) security links
Use shadow passwords. That way, a malicious web writer can't grab the encrypted passwords and try to break them. It's easy: "pwconv" is the (only) command to run if your system is relatively modern (this may be somewhat specific to the Linux implementation of the shadow password system?).
If you need to protect the users from each other, you might consider:
- Using Apache's suexec system. However, some people say that the system is so complex that there is risk of actually decreasing security due to misunderstandings; your milage may vary.
- If you use PHP, consider running it in 'safe mode'
Some general purpose Linux/unix related security links:
- The Security-HOWTO
- Kurt Seifried's Linux Administrators Security Guide (LASG)
- The IPCHAINS-HOWTO (packet filtering)
- The Firewall-HOWTO (rather out-dated)
- The World Wide Web Security FAQ
Finally: Keep your system up-to-date with the latest official patches. Consider joining the BugTraq mailing list.
-
Re:what? what?
Yes, a piece of exploit code has been posted today on BUGTRAQ that panics Linux-2.2 boxen. See the archives at Geek Girl
-
There's a little more info in the Bugtraq post.
From the archives at www.geek-girl.com
Linux kernel 2.2.x vulnerability/exploit
Piotr Wilkin (pwl@WOTAN.2SLO.WAW.PL)
Tue, 1 Jun 1999 17:43:17 +0200
Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Salvatore Sanfilippo -antirez-: "whois_raw.cgi problem"
Previous message: aleph1@UNDERGROUND.ORG: "New Allaire Security Bulletin (ASB99-09)"
I'm sorry if this has been noticed before, but since I did't find anything
in the archives, I post it here.
There seems to be a bug in kernels 2.2.x (tested on 2.2.7 and 2.2.9), that
causes them to panic when they are sent a large number of specific ICMP
packages. I think the problem comes from the combination of the mangled
header length (shorter or longer ihl's don't cause hangup) and the random
ICMP packets (random type/subtype and source address) this program sends.
Windows 9x and FreeBSD 3.0 seem to be unaffected.
I think the most interesting thing is the date, though... I'm sure I'm making a timezone mistake here, but isn't that 8 hours ago? Is that faster or slower than the Linux teardrop fix?
It's annoying to find out about a new DOS attack, but the resolution is all that you could hope for.
It's a little less annoying that there don't seem to be any outstanding instant-crash attacks against Win98 to laugh about - they finally fixed the series of attacks that crashed 95 for 8 months straight, and I haven't seen anything since. Did Microsoft finally get their IP stack right? -
Re: Free Software Security Issues
Just to add/refute abit on the 'obvious part' of your comment. The tactic of hauling in a legal team is different than that taken in free software. However, there is a very split set in the security sector on the appropriate way to find and discuss bugs.
Almost monthly, you'll get flames start up Bugtraq about this. Bugtraq is a full disclosure unix security list - often, raw exploits are posted to it, or tools that someone used to replicate a problem they may have found in software (free or not). Very often, you'll have the author - a vendor, a coder, or a maintainer - or another person bitch about this, because they weren't given prior notice or warnings, etc. Example: The lsof bug of February ( thread starts here).
These threads sometimes, in fact, revolve around people posting for credit or ego/status. While Intel is acting very different, our free movement is not always the clean "thank you" we'd like. However, that's often justified - especially with free software, its better to come bearing patches rather than problems.
Of course, regardless, our bugs get fixed faster. -
I'm dumb, answer to my own question
http://www.geek-girl.com/bugtraq/1999_1/1079.html
i found it, tee-hee. details of the bug and its exploit.
-
yeah - bugtraq & lwn...