Domain: securityandthe.net
Stories and comments across the archive that link to securityandthe.net.
Comments · 12
-
Re:Great, an OS that requires you to be online.
Already happened.
http://securityandthe.net/2008/08/22/rumor-confirmed-both-fedora-and-redhat-servers-hacked/
In connection with the incident, the intruder was able to sign a small
number of OpenSSH packages relating only to Red Hat Enterprise Linux 4
(i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64
architecture only).http://www.computerworld.com/s/article/87516/Debian_Project_servers_hacked
http://www.cio.com.au/article/369912/free_software_foundation_software_repository_hacked/
Oops wrong OS! Please continue with the regularly scheduled bashing, i mean programming, Slashdot.
-
Re:Fail.
It's only a security threat if you can't trust the site that the programs are originating from. Sure, this search engine *may* be able to dump a tracking code into their output and therefore break the TOR privacy[1], but you have to ask how likely to happen is this? And my answer: very unlikely.
Please. If you do not understand the fucking problem. Do the world a favor and shut the fuck up.
http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-gregory_fleischer-attacking_tor.pdf
http://ha.ckers.org/blog/20060704/cross-site-scripting-vulnerability-in-google/
http://www.xssed.com/news/41/A_new_critical_Google_XSS_vulnerability_promptly_corrected/
http://shiflett.org/blog/2005/dec/googles-xss-vulnerability
http://blogoscoped.com/archive/2007-09-28-n28.html
http://www.h-online.com/security/news/item/Google-fixes-cross-site-scripting-vulnerability-in-YouTube-comments-1032988.html
http://ibnlive.in.com/news/orkut-attacked-by-bom-sabado-worm/131714-11.html
http://www.geek-news.net/2010/09/twitter-hit-with-major-xss-hack.html
http://lynnepope.net/twitter-xss-attacks
http://nemesis.te-home.net/News/20090407_Metasploit_Decloaking_Engine_and_TOR.html
http://securityandthe.net/2008/12/23/finding-a-hidden-ip-address-just-got-easier/ -
Re:TinyDNS
Has anyone ever tried TinyDNS? It's creator isnt the most cooperative guy when it comes to Debian standards in terms of binary locations and therefore Debian refuses to add it to their repository.
It's creator, Daniel J. Bernstein (DJB), isn't the most cooperative guy, period. His reputation precedes him as "extremely intelligent, but kind of an asshole", each and every time his name is mentioned.
It has never been DNS cache poisoned, it has never been hacked at all. In fact there is a reward for anyone that can.
It has been cache poisoned, on February 25, 2009 Matthew Dempsky disclosed a vulnerability, he claimed the $1,000 prize a week later.
Security Issue in djbdns
djbdns misformats some long response packets; patch and example
Dan Kaminsky, twitter feed: Dempsky's bug in djb's tinydns...
Dan Bernstein Confirms Security Flaw In DjbdnsHere is another unrelated DNS cache poisoning paper by Kevin Day, published date February 9, 2009.
Any developer who offers a monetary prize for security bug quashing is going to eventually part with their money.
-
Other SHA-3 news: conference starts this week!
In other news, the first SHA-3 conference will be held in Belgium this week. The NIST hopes to be able to reduce the amount of contestants for the SHA-3 contest to a more manageable level by the end of that; for more info read on here.
-
Re:censorship is completely right sometimes
The people need to be protected from such images
:-http://securityandthe.net/wp-content/uploads/2008/12/virgin_killer_lego.jpg
-
Re:A firm date from Google?According to the mac status page for Chromium, the browser currently fails 10% of the Webkit layout tests; work hasn't even started on building a user interface yet. So I think a release within six months is a bit optimistic.
If you'd like to get a preview of the Mac release, there are up-to-date builds available here so you don't have to compile it yourself.
-
Re:Neat - Mac OS X ? Linux?
There are
.dmg's of the current version at http://securityandthe.net/chrome/ if you want to give it a try. These are based on the current SVN tree. -
Re:Google Chrome
Well you can use it anyway... There is a crossover version for both Mac and Linux, you can build your own version for both Mac and Linux, and there's a recent Mac build here. I'm sure there are lots of other builds available as well.
-
Mac build of Chrome(ium)For those that are interested: there is no "official" mac build yet, but I regularly compile "TestShell", a simple testing application for MacOS that is used by Google engineers to test the Chrome rendering engine.
The latest version can be found here. It renders
/. so it must be good, right? -
Deal between HavenCo and Sealand
This presentation outlined a brief history of the deal between HavenCo and Sealand.
HavenCo has to pay Sealand considerable amount to keep the business running there. Therefore, the recently financial crisis would hit HavenCo badly. -
More details and a correction re failure ratesMinor correction: according to the article the failure rates nearly doubled. There were 1000 servers in a trailer; 500 with and 500 without AC. The ones with AC had a 2.45 percent failure rate, and the ones without 4.46 percent. That's an 80% increase, not 0.6%.
Sun is also running a comparable experiment with Belgacom and allows you to log in to a live interface to view stats on in- and outlet temperatures and more at http://wikis.sun.com/display/freeaircooling/Free+Air+Cooling+Proof+of+Concept For more details and analysis see http://www.datacenterknowledge.com/archives/2008/09/18/intel-servers-do-fine-with-outside-air/ or http://securityandthe.net/2008/09/18/intel-sees-the-future-of-datacenters-and-it-does-not-include-airconditioning/
DC Knowledge also has a nice video of this experiment at http://www.datacenterknowledge.com/archives/2008/09/18/video-intels-air-side-economization-test/
-
Re:Not surprising, but not really about data cente
Actually, their earlier post about Bear Stearns was right on the mark. In this case they are way off, see the calculations here: http://securityandthe.net/2008/09/17/how-much-is-a-data-center-worth/