I started working on this problem for the NI team where I work. They went another direction, so I shelved my work for the time being. I didn't come up with much more than a prototype, but I had planned to produce the tool you're looking for. We'd also planned on integrating it with Nessus, so the tool could display warnings detected. I wanted (though NI was a little scared of the idea) to build router ACLs from the data in the table. That way, only traffic to registered applications/hosts would be permitted in to the network. That's the only way I can conceive of keeping the information up to date: make the tool the only way to get any applications working.
The prototype is here: http://phantom.dragonsdawn.net/~gordon/netw ork-map/
You might be able to find a less expensive option from Silicon Mechanics:
http://www.siliconmechanics.com/
Specifically:
http://www.siliconmechanics.com/c221/storage-ser ve r.php
You might even be able to order just the chassis, controller, and disks... but you'll have to figure that out on your own. We buy all of our stuff from them.
Please don't post links to bugzilla. Bugzilla is a database driven application, an linking to it directly from slashdot will certainly swamp that system. The information in the bugzill entry is:
Opened by mjc@redhat.com (Mark J Cox, Security Response Team Lead) on 2003-09-23 11:16
http://www.openssh.com/txt/sshpam.adv came out on Sep23 with two new vulnerabilities that affect OpenSSH.
Both these issues only affect OpenSSH 3.7 and 3.7.1. Red Hat Linux and Red Hat Enterprise Linux are not vulnerable to these issues as we ship with earlier versions (with the addition of backported security fixes for other issues).
Keeping this bug open for a few days to enable users searching bugzilla to find out that they are not vulnerable.
I was shocked to see them dropping mature popular window managers (fvwm et al), and classics like xtetris and xevil, as well as UNIX staples like fortune.
In all cases, it is because these programs conflict with the goal of selling the Redhat distro as a business desktop system, with minimum variations between installations and nothing "non-professional"
Actually, xtetris and fortune were both dropped for licensing reasons. Tetris is copyrighted, and Red Hat doesn't have the rights to distribute it. Fortune doesn't have copyrights to a large portion of the quotes in the standard databases. These items, along with mp3 software support were dropped as Red Hat (and everyone else) becomes more aware of the property issues that have from time to time been ignored.
Seems like it's a more open, community-oriented Rawhide. Is that accurate?
No, it's more like a more open, community-oriented GNU/Linux distribution. Rawhide will continue to exist as an unstable repository of packages that are being tested (as it's always been). Fedora will apparently be replacing the traditional "Red Hat Linux". Red Hat's "products" will include their Enterprise Linux distributions, developer tools, database product, etc.
I don't think it's childish at all. Rather, I think that it's conservative and responsible of them. I wouldn't hire anyone who'd been at SCO, ever.
They may be responding to what I think is one of the biggest dangers of "intellectual property". Employee's of SCO carry the taint of SCO's "IP" with them, wherever they go. SCO, being primarily a litigious corporation, may choose at any time to pursue suits againt those persons' employers at any time on the grounds that they may be using SCO's IP improperly. Those persons carry this with them beyond any NDA contract period. It's a permanent effect. All SCO needs to do is *claim* that the employee had access to SCO's code and took it with him/her.
A "your message was filtered" is maybe 2-3K including all headers (more likely under 1k), so responding to messages with Virus' in them adds 1-3% not 100% to the traffic.
There are bigger problems than just the total amount of traffic. Lets say you run a domain that's in thousands and thousands of address books and Internet cache files... like "real.com". Now lets say that a multithreaded virus starts emailing itself as rapidly as possible to all of the addresses it can find... like SoBig.F.
Care to guess what the result is? Something to the tune of 10,000 attempted connections PER MINUTE. That's way more than our mail servers are configured to accept (they're rate throttled). While load on the machines stayed acceptable due to their throttling incoming connections, access to port 25 was highly contended. People outside the company trying to send us mail obviously experienced delays. I can only imagine what was going on at better known domains.
Here's the hitch: The overhead of accepting a connection is greater than the cost of the rest of the message. Judging by the messages that actually did get through, probably only 1000 connections per minute of the 10000 were the SoBig virus. The other 9000 were bounce notices from other systems. So, in our case the traffic increase wasn't 1-3%, and it wasn't 100%, it was 900%. There's no good reason for it, either. Those bounce messages don't protect anyone from getting infected, they just waste bandwidth.
So if you forget to lock a window in your home, and a burglar comes in and steals your stuff, and the burglar gets caught, YOU should be prosecuted for burglary for leaving the window open?
I don't see how that relates in any way to what the parent post said, but as long as you're making stupid analogies:
In the real world, negligence is frequently the cause of legal action. If you leave your windows unlocked and a burglar comes into your home and finds a loaded gun which he then uses to kill others, you might be liable. Your property/equipment was used without your permission to attack others, just as in a worm exploiting your computer and using its resources to spread further.
Who's guilty of negligence? You are, for one. You didn't use any firewall. You didn't keep your patches up. You didn't lock your doors and windows. Microsoft is too, I'd imagine. They did not take sufficient measures to insure that their customers knew how to lock their windows and doors, or even that they should. Unfortunately, at this point, Microsoft is fucked. Their customers hate and mistrust them so much that most of them aren't willing to communicate with Microsoft enough to actually get the advisories and instructions.
A lot of cultural changes are needed to fix this situation, which I think gets overlooked when people talk about the technological changes needed to fix these problems.
The parent process doesn't handle user requests, so there's not much you can do to exploit it remotely.
sshd *always* runs as root
Authentication is handled by a highly audited, very small portion of the sshd. All encryption/decription, terminal emulation, port forwards, and everything else is handled by a separate thread that's running as a non-privileged user. Once again, the practice is to limit the activities of the privileged process.
It's not even that Win32 platforms don't provide these capabilities. They do. Application authors just don't use them. Application vendors are largely responsible for the remote exploits in Win32 platforms. Microsoft themselves are the vendor for many of those applications, and share the responsibility for disregarding the security mechanisms provided by the Win32 platform.
I find your condescending attitued laughable. I know damn well how to implement a stateful firewall. However, this is a laptop. It's not always going to sit behind some external device. Most of the cheap devices only work for broadband anyway, and this connection is dial-up.
I turned on Windows' firewall, and scanned the box remotely. Is it too much to expect that a security feature, once enabled, won't be turned off by some software running on the system which finds the firewall inconvenient?
You can also turn on the firewall in Windows XP and download the patches. That's what I did on my girlfriend's PC.
Funny thing is I had her computer about a month ago, and I applied all of the available patches, followed the HOWTO's I could find on shutting off services to secure XP, and turned on the personal firewall on her dialup connection, and she *still* got hit. I guess RPC isn't in the list of services that you should disable... What freaks me out is that something turned off that firewall, though. I have no idea what. Does anyone know of any common Windows software that turns off XP's firewall?
don't fool yourself into thinking that a common distribution like RedHat 8/9 is secure out of box.
A common distribution, like Red Hat Linux 8/9, has a firewall on by default.
Re:Will receive email for work.
on
Replacing SMTP?
·
· Score: 1
The recipient will only accept the mail once the work unit has been done.
Yeah, and how does the recipient know that the work was actually done? It'll have to do the work itself, meaning that your mail server load is going to skyrocket.
You could hand out the same work unit over and over, but senders would just cache the results for the questions you ask.
Respect for upstream software (like, Debian doesn't call Apache "httpd", they call it "apache").
You're obviously referring to httpd in recent Red Hat Linux distributions. Someone should have mentioned to you that the Apache Software Foundation renamed the project when they released Apache httpd 2.0. You can probably learn more on http://httpd.apache.org/
That's easy. Red Hat's customers wanted a compiler that was compliant with the C++ spec. They also wanted a compiler that worked across all of Red Hat's supported platforms. Released versions of gcc could not meed these needs. The Red Hat employees who are also gcc maintainers recommended that a specific, stable snapshot be branched and maintained until the release of gcc 3.0.
Hacker means a number of things, and none of the computer related interpretations has any "right" to be preferred, other than what is common usage.
When I was working in computer repair, I heard so many people refer to the computer (chassis and enclosed parts) as the "hard drive", that I'd call it common usage, as well. I will not, however, acknowledge that meaning of the term "hard drive" as legitimate.
We could also make spam more expensive without changing a single bit of infrastructure by simply fixing all those damned open relays to either not listen on SMTP (in the case of old Unix boxes only running sendmail because it was the default), or to relay only for their local nets and AUTHenticated users. Suddenly spammers actually have to pay the full costs of their spam bandwidth, rather than the small fraction that they pay before they steal your bandwidth (yeah, YOU, the guy running that open relay) and force their costs on to you. You're probably not even paying enough attention to know that YOU are paying the spammers bills, you tit.
An infrastructure change is probably less likely to happen as fixing the existing hosts, for the same reason they're not fixed. There's a whole lot of admins out there that know dick about what they're doing, and are too lazy to figure it out and fix it.
If you want a client fix, how about this one: In addition to the INBOX in your mail client, you have a "New Senders" option. Your client filters mail from people you know into the INBOX (or wherever your rules have it go) and everything else ends up in a temporary location. The INBOX displays a count of new messages from people you know, the "New Users" window shows a count of new senders. You can go into the "New Users" window and see who is sending you mail and whitelist them. For mailing lists, you can also whitelist destinations. Each of these actions should be just one mouse click (or keyboard shortcut). There should be a big ass "Purge all" button for when you're done. PGP signed messages should be highlighted as likely honest new senders which should be previewed.
I'm sure someone with more time can expand that idea to better clarity, or rip it to shreds. Whichever suits you.
Slashdot Mirror
I started working on this problem for the NI team where I work. They went another direction, so I shelved my work for the time being. I didn't come up with much more than a prototype, but I had planned to produce the tool you're looking for. We'd also planned on integrating it with Nessus, so the tool could display warnings detected. I wanted (though NI was a little scared of the idea) to build router ACLs from the data in the table. That way, only traffic to registered applications/hosts would be permitted in to the network. That's the only way I can conceive of keeping the information up to date: make the tool the only way to get any applications working.
w ork-map /
The prototype is here:
http://phantom.dragonsdawn.net/~gordon/net
Look if you like. Ignore it if you don't.
You might be able to find a less expensive option from Silicon Mechanics:
r ve r.php
http://www.siliconmechanics.com/
Specifically:
http://www.siliconmechanics.com/c221/storage-se
You might even be able to order just the chassis, controller, and disks... but you'll have to figure that out on your own. We buy all of our stuff from them.
Please don't post links to bugzilla. Bugzilla is a database driven application, an linking to it directly from slashdot will certainly swamp that system. The information in the bugzill entry is:
Opened by mjc@redhat.com (Mark J Cox, Security Response Team Lead) on 2003-09-23 11:16
http://www.openssh.com/txt/sshpam.adv came out on Sep23 with two new
vulnerabilities that affect OpenSSH.
Both these issues only affect OpenSSH 3.7 and 3.7.1. Red Hat Linux and Red Hat
Enterprise Linux are not vulnerable to these issues as we ship with earlier
versions (with the addition of backported security fixes for other issues).
Keeping this bug open for a few days to enable users searching bugzilla to find
out that they are not vulnerable.
If that's true, all you have to do is get it in writing, and Red Hat will surely begin including MP3 software in their distribution again.
I was shocked to see them dropping mature popular window managers (fvwm et al), and classics like xtetris and xevil, as well as UNIX staples like fortune.
In all cases, it is because these programs conflict with the goal of selling the Redhat distro as a business desktop system, with minimum variations between installations and nothing "non-professional"
Actually, xtetris and fortune were both dropped for licensing reasons. Tetris is copyrighted, and Red Hat doesn't have the rights to distribute it. Fortune doesn't have copyrights to a large portion of the quotes in the standard databases. These items, along with mp3 software support were dropped as Red Hat (and everyone else) becomes more aware of the property issues that have from time to time been ignored.
Seems like it's a more open, community-oriented Rawhide. Is that accurate?
No, it's more like a more open, community-oriented GNU/Linux distribution. Rawhide will continue to exist as an unstable repository of packages that are being tested (as it's always been). Fedora will apparently be replacing the traditional "Red Hat Linux". Red Hat's "products" will include their Enterprise Linux distributions, developer tools, database product, etc.
Redhat is going to wait until after their next release to try again.
Anything to back that up? From all that I've heard, they're still planning on deploying this release of Red Hat Linux as a community project.
Does this mean that scientists are starting to understand the materials they collected at Roswell?
I don't think it's childish at all. Rather, I think that it's conservative and responsible of them. I wouldn't hire anyone who'd been at SCO, ever.
They may be responding to what I think is one of the biggest dangers of "intellectual property". Employee's of SCO carry the taint of SCO's "IP" with them, wherever they go. SCO, being primarily a litigious corporation, may choose at any time to pursue suits againt those persons' employers at any time on the grounds that they may be using SCO's IP improperly. Those persons carry this with them beyond any NDA contract period. It's a permanent effect. All SCO needs to do is *claim* that the employee had access to SCO's code and took it with him/her.
A "your message was filtered" is maybe 2-3K including all headers (more likely under 1k), so responding to messages with Virus' in them adds 1-3% not 100% to the traffic.
There are bigger problems than just the total amount of traffic. Lets say you run a domain that's in thousands and thousands of address books and Internet cache files... like "real.com". Now lets say that a multithreaded virus starts emailing itself as rapidly as possible to all of the addresses it can find... like SoBig.F.
Care to guess what the result is? Something to the tune of 10,000 attempted connections PER MINUTE. That's way more than our mail servers are configured to accept (they're rate throttled). While load on the machines stayed acceptable due to their throttling incoming connections, access to port 25 was highly contended. People outside the company trying to send us mail obviously experienced delays. I can only imagine what was going on at better known domains.
Here's the hitch: The overhead of accepting a connection is greater than the cost of the rest of the message. Judging by the messages that actually did get through, probably only 1000 connections per minute of the 10000 were the SoBig virus. The other 9000 were bounce notices from other systems. So, in our case the traffic increase wasn't 1-3%, and it wasn't 100%, it was 900%. There's no good reason for it, either. Those bounce messages don't protect anyone from getting infected, they just waste bandwidth.
So if you forget to lock a window in your home, and a burglar comes in and steals your stuff, and the burglar gets caught, YOU should be prosecuted for burglary for leaving the window open?
I don't see how that relates in any way to what the parent post said, but as long as you're making stupid analogies:
In the real world, negligence is frequently the cause of legal action. If you leave your windows unlocked and a burglar comes into your home and finds a loaded gun which he then uses to kill others, you might be liable. Your property/equipment was used without your permission to attack others, just as in a worm exploiting your computer and using its resources to spread further.
Who's guilty of negligence? You are, for one. You didn't use any firewall. You didn't keep your patches up. You didn't lock your doors and windows. Microsoft is too, I'd imagine. They did not take sufficient measures to insure that their customers knew how to lock their windows and doors, or even that they should. Unfortunately, at this point, Microsoft is fucked. Their customers hate and mistrust them so much that most of them aren't willing to communicate with Microsoft enough to actually get the advisories and instructions.
A lot of cultural changes are needed to fix this situation, which I think gets overlooked when people talk about the technological changes needed to fix these problems.
Goal 4) teaching proper iteration.
apache parent process runs as root
The parent process doesn't handle user requests, so there's not much you can do to exploit it remotely.
sshd *always* runs as root
Authentication is handled by a highly audited, very small portion of the sshd. All encryption/decription, terminal emulation, port forwards, and everything else is handled by a separate thread that's running as a non-privileged user. Once again, the practice is to limit the activities of the privileged process.
It's not even that Win32 platforms don't provide these capabilities. They do. Application authors just don't use them. Application vendors are largely responsible for the remote exploits in Win32 platforms. Microsoft themselves are the vendor for many of those applications, and share the responsibility for disregarding the security mechanisms provided by the Win32 platform.
so does postgresql
It's already been pointed out that you're wrong.
Read up on how to make a "stateful" firewall.
I find your condescending attitued laughable. I know damn well how to implement a stateful firewall. However, this is a laptop. It's not always going to sit behind some external device. Most of the cheap devices only work for broadband anyway, and this connection is dial-up.
I turned on Windows' firewall, and scanned the box remotely. Is it too much to expect that a security feature, once enabled, won't be turned off by some software running on the system which finds the firewall inconvenient?
Pretty sure she doesn't know how, so unless Messenger asks "would you like to disable that pesky firewall", that's probably not it.
OTOH, if Messenger does ask, then that is probably exactly what happened.
You can also turn on the firewall in Windows XP and download the patches. That's what I did on my girlfriend's PC.
Funny thing is I had her computer about a month ago, and I applied all of the available patches, followed the HOWTO's I could find on shutting off services to secure XP, and turned on the personal firewall on her dialup connection, and she *still* got hit. I guess RPC isn't in the list of services that you should disable... What freaks me out is that something turned off that firewall, though. I have no idea what. Does anyone know of any common Windows software that turns off XP's firewall?
don't fool yourself into thinking that a common distribution like RedHat 8/9 is secure out of box.
A common distribution, like Red Hat Linux 8/9, has a firewall on by default.
The recipient will only accept the mail once the work unit has been done.
Yeah, and how does the recipient know that the work was actually done? It'll have to do the work itself, meaning that your mail server load is going to skyrocket.
You could hand out the same work unit over and over, but senders would just cache the results for the questions you ask.
It's a stupid idea. Let it go.
The bug you're seeing is in XFree86, not the kernel:
g i? id=76959
https://bugzilla.redhat.com/bugzilla/show_bug.c
It looks like it will be fixed in the next version of XFree86:
http://www.xfree86.org.ru/develsnaps/
However, this doesn't address the problem you're having with the kernel being slow.
Respect for upstream software (like, Debian doesn't call Apache "httpd", they call it "apache").
You're obviously referring to httpd in recent Red Hat Linux distributions. Someone should have mentioned to you that the Apache Software Foundation renamed the project when they released Apache httpd 2.0. You can probably learn more on http://httpd.apache.org/
That's easy. Red Hat's customers wanted a compiler that was compliant with the C++ spec. They also wanted a compiler that worked across all of Red Hat's supported platforms. Released versions of gcc could not meed these needs. The Red Hat employees who are also gcc maintainers recommended that a specific, stable snapshot be branched and maintained until the release of gcc 3.0.
http://www.redhat.com/advice/speaks_gcc.html
You can get a number of units that will be smaller, cheaper, quieter, and produce less heat than either Mini-ITX or a laptop.
For instance:
http://www.soekris.com/
It's an X86 PC that boots off of a CF card. Perhaps you could use this with an external HD enclosure, or network-mounted storage?
2/3 of their songs are not available for burning to CD
1/3. 200,000 of 330,000 are available for burning. I don't see info on which songs will be available for burning in the future.
Hacker means a number of things, and none of the computer related interpretations has any "right" to be preferred, other than what is common usage.
When I was working in computer repair, I heard so many people refer to the computer (chassis and enclosed parts) as the "hard drive", that I'd call it common usage, as well. I will not, however, acknowledge that meaning of the term "hard drive" as legitimate.
We could also make spam more expensive without changing a single bit of infrastructure by simply fixing all those damned open relays to either not listen on SMTP (in the case of old Unix boxes only running sendmail because it was the default), or to relay only for their local nets and AUTHenticated users. Suddenly spammers actually have to pay the full costs of their spam bandwidth, rather than the small fraction that they pay before they steal your bandwidth (yeah, YOU, the guy running that open relay) and force their costs on to you. You're probably not even paying enough attention to know that YOU are paying the spammers bills, you tit.
An infrastructure change is probably less likely to happen as fixing the existing hosts, for the same reason they're not fixed. There's a whole lot of admins out there that know dick about what they're doing, and are too lazy to figure it out and fix it.
If you want a client fix, how about this one: In addition to the INBOX in your mail client, you have a "New Senders" option. Your client filters mail from people you know into the INBOX (or wherever your rules have it go) and everything else ends up in a temporary location. The INBOX displays a count of new messages from people you know, the "New Users" window shows a count of new senders. You can go into the "New Users" window and see who is sending you mail and whitelist them. For mailing lists, you can also whitelist destinations. Each of these actions should be just one mouse click (or keyboard shortcut). There should be a big ass "Purge all" button for when you're done. PGP signed messages should be highlighted as likely honest new senders which should be previewed.
I'm sure someone with more time can expand that idea to better clarity, or rip it to shreds. Whichever suits you.