1) Never run commands in auto-commit mode. (Keep in mind the rollback segment is only for data modifications. Can't rollback alteration of tables, procs, triggers, constraints, etc)
2) Always verify if the result is what you intended before commit.
3) Run commands from a script (tested beforehand on a sandbox) before trying it live on customer's data.
4) Keep those scripts preciously and log in the database at execution.
5) Always be careful with production environments!
Eh... reminds me about War Surfing
on
War Kayaking
·
· Score: 1
This slashdot comment and any attachments thereto may contain private, confidential, and privileged material for the sole use of the intended recipient named in the original comment to which this message was attached. Any review, copying, or distribution of this comment (or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please return this slashdot comment to the sender immediately and permanently delete the original and any copies of this comment and any attachments thereto.
Not only bind variables are more secure, but they also increase database performance where it counts.
Bind variables permit databases to match a query with cached queries even if parameters are different. It will then be able to fetch the appropriate execution plan instead of making a new one for each similar request.
To: BugTraq Subject: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS Date: Jan 6 2003 8:05PM Author: Global InterSec Research Message-ID: In-Reply-To:
As some may have gathered, the advisory recently posted by mmhs@hushmail.com was indeed a fake, intended to highlight several unclear statements made in GIS2002062801.
The advisory in question is currently being updated with more detailed information and will be re-posted at: http://www.globalintersec.com/adv/openssh-20020628 01.txt as soon as it becomes
available.
Note that the kbd-init flaw described in GIS2002062801 was proven to be exploitable in our lab although not all evidence to demonstrate this was provided in the original advisory. A mistake was made in the original advisory draft, where chunk content data was shown, rather than the entire corrupted malloc chunk. This will be amended in the revision.
Also note that to our knowledge there are currently no known, exploitable flaws in OpenSSH 3.5p1,
due to its use of PAM as suggested by mmhs@hushmail.com. It is almost certain that the posted bogus advisory was also intended to cause alarm amongst communities using OpenSSH, through miss-information.
Global InterSec LLC.
--- end cut & paste ---
The original advisory I was talking about can be found here.
Sorry for misguiding you, humble slashdot readers.
Of course it is now easier to create software than before.
First of all, source management software wasnt available 25 years ago. Try creating a huge piece of software without any way to rollback changes, share the same source tree with other developpers, etc... (cvs/sourcesafe/starteam/etc)
Second, profiling tools. Hey, you want to know where that memory leak is? Where that CPU bottleneck is? Pretty hard to do when you were coding in cobol many years ago... Doing the same is way easier now with OptimizeIt and stuff like that.
Basically, an operating system is the software responsible for managing memory, cpu, storage, devices and input/output. It is the software that lets you run other software on a computer.
You are lost if you think DOS was not an operating system.
http://howstuffworks.lycoszone.com/operating-sys te m.htm
Slashdot Mirror
Tips:
1) Never run commands in auto-commit mode. (Keep in mind the rollback segment is only for data modifications. Can't rollback alteration of tables, procs, triggers, constraints, etc)
2) Always verify if the result is what you intended before commit.
3) Run commands from a script (tested beforehand on a sandbox) before trying it live on customer's data.
4) Keep those scripts preciously and log in the database at execution.
5) Always be careful with production environments!
Another misuse of technology: Intel surfboards
:)
What next? War Fishing? War Hunting? War Serial-Mudering?
And Seagate suggests the drives work best with the new Sempr0n AMD processor.
Most of these worms exploit buffer overflows.
Just like most exploits under Unix systems.
I think we'll see less occurances of theses worms when NX-compatible processors become common.
Like AMD64 processors...
This slashdot comment and any attachments thereto may contain private, confidential, and privileged material for the sole use of the intended recipient named in the original comment to which this message was attached. Any review, copying, or distribution of this comment (or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please return this slashdot comment to the sender immediately and permanently delete the original and any copies of this comment and any attachments thereto.
Not only bind variables are more secure, but they also increase database performance where it counts.
Bind variables permit databases to match a query with cached queries even if parameters are different. It will then be able to fetch the appropriate execution plan instead of making a new one for each similar request.
Cmdr Taco reads Slashdot?
And the password for VCL's installation was "ChibaCity"...
Wow how can I remember something like this?
This is why I use SimpLite with Trillian (or MSN Messenger)
Encrypts everything, works very well.
Try this Elgoog :)
ERRATA:
8 01.txt as soon as it becomes
--- begin cut & paste ---
To: BugTraq
Subject: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
Date: Jan 6 2003 8:05PM
Author: Global InterSec Research
Message-ID:
In-Reply-To:
As some may have gathered, the advisory recently posted by mmhs@hushmail.com
was indeed a fake, intended to highlight several unclear statements made in GIS2002062801.
The advisory in question is currently being updated with more detailed information and will
be
re-posted at: http://www.globalintersec.com/adv/openssh-2002062
available.
Note that the kbd-init flaw described in GIS2002062801 was proven to be exploitable in our lab
although not all evidence to demonstrate this was provided in the original advisory. A mistake
was made in the original advisory draft, where chunk content data was shown, rather than the
entire corrupted malloc chunk. This will be amended in the revision.
Also note that to our knowledge there are currently no known, exploitable flaws in OpenSSH 3.5p1,
due to its use of PAM as suggested by mmhs@hushmail.com. It is almost certain that the posted
bogus advisory was also intended to cause alarm amongst communities using OpenSSH, through
miss-information.
Global InterSec LLC.
--- end cut & paste ---
The original advisory I was talking about can be found here.
Sorry for misguiding you, humble slashdot readers.
You guys should know that a trivial remote root hole for SSH was released today on bugtraq.
:)
Someone who wants karma bad enough should reply to this with the advisory
IE: the best increase in security for the least inconvenience, is a very important thing.
:)
Are you advocating that Internet Explorer has a better security/inconvenience ratio than Mozilla?
(This might not be very funny, but not everyone can be a good humorist)
Don't say you weren't warned. I'm not reading them. I finished re-reading TTT saturday, and am ready to see Ents walk.
:)
Since when the editors read the articles anyway?
I wish I had enough mod points to mod you +10 Must Read, size 24, with blinking bold characters.
that is lego death!
You must be kidding.
Of course it is now easier to create software than before.
First of all, source management software wasnt available 25 years ago. Try creating a huge piece of software without any way to rollback changes, share the same source tree with other developpers, etc... (cvs/sourcesafe/starteam/etc)
Second, profiling tools. Hey, you want to know where that memory leak is? Where that CPU bottleneck is? Pretty hard to do when you were coding in cobol many years ago... Doing the same is way easier now with OptimizeIt and stuff like that.
I could go on and on but I must leave for work =)
Imagine what games will look like in 15-20 years from now.
I can see people playing a sim-like game with 3D googles, 12hrs/day 365days/year.
Scary stuff
I can't beleive 3598 signed that petition...
Halliburton Air Farce? "This news report on Iraq is brought to you by... Shell! Shell, for a clean and affordable energy source."
Basically, an operating system is the software responsible for managing memory, cpu, storage, devices and input/output. It is the software that lets you run other software on a computer.
s te m.htm
You are lost if you think DOS was not an operating system.
http://howstuffworks.lycoszone.com/operating-sy
The current version is useful for watching TV, AVIs, DVDs, playing MP3/OGG and viewing images. TV recording should be coming shortly.
Come on! I've been watching TV since 1995 on my P200 under Linux with a simple bttv878 tv tuner.
If "Freevo" cannot record tv shows, how does it compare to Tivo or any other PVR?
How can you think that Freevo is more newsworthy than this PVR?
God, what do you do with 13,200 CDs? Those are all music CDs you bought? Or full of open-source software?
Or of homemade videos? (Probably not - else you would have got a DVD burner)
Actually, the next PkZip generation will support the L-Zip compression.
Lossy compression is very secure, (combined with lossy crypto).
Jamais j'aurais cru que quelqu'un puisse prendre ce message au sérieux.
Bien sur que c'était du sarcasme!