Slashdot Mirror


Slashback: Highness, Hominess, Hole-ines

Slashback tonight with updates on SSH vulnerabilities, the Queen's web server, the European answer to GPS (in danger, it seems) and your ever-thinner rights to use software for anything you don't have specific permission for.

Sometimes being British means self-flagellation. Ferox writes: "The November Web Site Survey from Netcraft reveals something interesting: 'Two years ago the Queen of England became an unlikely icon for the Linux revolution when her webmaster replaced Solaris as the platform for the Royal Family's site, citing the better price/performance of the Dell/Linux platform over the previous incumbent, Sun/Solaris. The open source community celebrated and speculated on when the Apache web server might receive the "By Royal Appointment" moniker. This week the site has changed platforms again, this time to Microsoft-IIS.'"

Keep your hands and passwords inside the car at all times. Niels Provos passed along word of his ongoing research into network security, with some slightly depressing news about the state of Internet security.

Even though the CRC32 bug has been found over a year ago, over 30% of all servers are still vulnerable today. Graph at http://www.citi.umich.edu/u/provos/ssh/crc32.png.

In February 2001, Razor Bindview released their "Remote vulnerability in SSH daemon crc32 compensation attack detector" advisory, which outlined a gaping hole in deployed SSH servers that can lead to a remote attacker gaining privileged access.

In November 2001, Dave Dittrich published a detailed analysis of the "CRC32 compensation attack detector exploit." This exploit is currently widely in use. CERT released Incident Note IN-2001-12.

At the Center for Information Technology Integration, Niels Provos and Peter Honeyman have been scanning the University of Michigan for vulnerable SSH server software to identify and update vulnerable SSH servers. However, scans of the Internet show that system and security administrators must react and update their SSH servers. At this writing, over 30% of all SSH servers appear to have the CRC32 bug.

A simple solution is to remove support for Version One of the SSH protocol. The majority of servers on the Internet support the SSH v2 protocol. To test whether your network has vulnerable SSH servers, you might use the ScanSSH tool.

References: "ScanSSH - Scanning the Internet for SSH Servers", Niels Provos and Peter Honeyman, 16th USENIX Systems Administration Conference (LISA). San Diego, CA, December 2001. This information is also available at http://www.citi.umich.edu/u/provos/ssh/

Don't play with your food, or your games. janolder writes "In the matter of the Civilization III translation project (articles on slashdot, apolyton and heise), the fans have gotten the short end of the stick. The project web site (translation.civ3.de) has been down for a while. Earlier this week, both the web site operator and Kai Fiebach, the project leader, signed Infogrames' cease and desists out of fear of further legal action. The legal position (not to mention the moral postion) of the fans did not appear to be too weak - EULA's are not binding in Germany and supplying patches to a program is certainly not the same as translating a book and distributing the translated manuscript.

Infogrames Germany has issued another press release (translation and my comments) justifying their legal action and position. It makes for an interesting peek into the mindset of a game publisher.

The good news is that Infogrames is considering a more timely release of Civilzation III in Germany.

The bad news is that the cease and desists apparently forbid any modification of Civ3 in any way, shape or form. So no more custom maps for your friends, custom rules or any such copyright infringing activity, please! Is it just me, or has the world suddenly become a less interesting place?"

Not as if Americans always know where we are, either. ByTor-2112 writes "Hate to be the bearer of bad news so soon after a story is posted, but as I commented on the previous story, it appears that galileo has some funding issues. Honestly, did anyone really expect the EU to go through with it? It took them long enough to agree on a common currency!"

3 of 285 comments (clear)

  1. BT,DT bought the shirt by Anonymous Coward · · Score: -1, Flamebait

    FIST post . . . (Score:-1, Troll)
    by Anonymous Coward on Tuesday December 04, @06:14PM (#2656738)
    right up your mutha-fucking ASS!
    [ Reply to This | Parent ]

    Re:FIST post . . . (Score:-1, Troll)
    by Anonymous Coward on Tuesday December 04, @06:20PM (#2656773)
    Shouldn't this be marked as off-topic or flaimbait? Oh-well, I just forced a stupid moderator to waste a point. The sooner the crack-whore moderators waste points, the sooner that decent moderators receive points again.

    BTH, FIST post, right up your ASS!

    [ Reply to This | Parent ]

    Great news! (Score:-1, Flamebait)
    by Ryu2 on Tuesday December 04, @06:15PM (#2656743)
    (User #89645 Info | Last Journal: Saturday August 18, @04:04AM)
    Good, the less cable lusers who send me spam, viruses, and spread stuff like Code Red and Nimda the better. Of course, this applies to DSL as well.

    Seriously, there needs to be some sort of exam, like a driver's license, before people can get net access...
    [ Reply to This | Parent ]

    Why require a test? (Score:3, Insightful)
    by sweetooth on Tuesday December 04, @06:18PM (#2656760)
    (User #21075 Info | http://slashdot.org/)
    We'll still have just as many morons on the Net as we have morons on the roads.
    [ Reply to This | Parent ]

    Re:Why require a test? (Score:2)
    by Moonshadow on Tuesday December 04, @06:57PM (#2656989)
    (User #84117 Info | http://capacitor.tachyonsix.com/)
    Easy test:

    Step 1: Press Alt-F4 to start the test.

    Step 2: If you can read this, you passed.
    [ Reply to This | Parent ]

    Re:Great news! (Score:1)
    by bozo42 ((moc.emoh) (ta) (24ozob)) on Tuesday December 04, @06:19PM (#2656771)
    (User #68206 Info | http://localhost/fubar.shtml)
    AMEN!!

    And the federal Government will administer the test using Micro$oft software......

    DOOOOOOH!!!

    [ Reply to This | Parent ]

    We should all be as enlightened as you (Score:-1)
    by egg troll on Tuesday December 04, @06:22PM (#2656790)
    (User #515396 Info | http://www.microsoft.com/ | Last Journal: Wednesday August 29, @05:16PM)
    Seriously, there needs to be some sort of exam, like a driver's license, before people can get net access...

    Thats a mighty smug attitude to take. This elitist attitude is bullshit in general, and is the biggest thing that pisses me off about Linux. Assholes like yourself who think that only they have the proper knowledge to use something are the biggest obstacle to Linux ever gaining common acceptance. Microsoft, for all its flaws, doesn't have this attitude and this is why its steamrolling Open Source.

    Christ almighty you're a dumbfuck.

    [ Reply to This | Parent ]

    Re:We should all be as enlightened as you (Score:-1)
    by The Turd Report (the_turd_report@hotmail.com) on Tuesday December 04, @06:34PM (#2656868)
    (User #527733 Info | http://slashdot.org/ | Last Journal: Tuesday December 04, @02:48PM)
    I agree with this post
    [ Reply to This | Parent ]

    Re:Great news! (Score:2, Insightful)
    by AstroJetson (gmizell@@@carpe-noctum...net) on Tuesday December 04, @06:22PM (#2656794)
    (User #21336 Info | http://slashdot.org/)
    Seriously, there needs to be some sort of exam, like a driver's license, before people can get net access...
    Not a bad idea, but who do you think would end up in charge of administering these exams? Yup, you guessed it, just another revenue stream for our friends in Redmond.

    I think instead, there should be some sort of natural selection at work. If the lusers spreading Code Red and Nimda (not to mention Goner [slashdot.org]) were somehow made to pay for their transgressions, they might be motivated to learn how to be responsible netizens.
    [ Reply to This | Parent ]

  2. Re:So instead.. by czardonic · · Score: 0, Flamebait

    How about security: every time Microsoft releases a bug fix, they introduce a new bug.

    Bzzt. Try again. Got a non-knee-jerk-propganda example? No?

    --
    Takahashi Rumiko made beats! DON, taku, DON, taku. . .
  3. The sad sorry history of IIS by Anonymous Coward · · Score: -1, Flamebait

    HISTORY REPEATS ITSELF

    +MONDAY MORNING+
    Cmdr Taco: I will not suck any more dick ever again.
    +MONDAY EVENING+
    Cmdr Taco: *slurp* *slurp* *slurp*

    +TUESDAY MORNING+
    Cmdr Taco: I will not suck any more dick ever again.
    +TUESDAY EVENING+
    Cmdr Taco: *slurp* *slurp* *slurp*

    +WEDNESDAY MORNING+
    Cmdr Taco: I will not suck any more dick ever again.
    +WEDNESDAY EVENING+
    Cmdr Taco: *slurp* *slurp* *slurp*

    +THURSDAY MORNING+
    Cmdr Taco: I will not suck any more dick ever again.
    +THURSDAY EVENING+
    Cmdr Taco: *slurp* *slurp* *slurp*

    +FRIDAY MORNING+
    Cmdr Taco: I will not suck any more dick ever again.
    +FRIDAY EVENING+
    Cmdr Taco: *slurp* *slurp* *slurp* *slurp*

    +SATURDAY MORNING+
    Cmdr Taco: I will not suck any more dick ever again.
    +SATURDAY EVENING+
    Cmdr Taco: *slurp* *slurp* *slurp*

    +SUNDAY MORNING+
    Cmdr Taco: Today is the Lord's day.
    +SUNDAY AFTERNOON+
    Cmdr Taco: *slurp* *slurp* *slurp*