I hope no-one blames Professor Pillinger for this. He did a great job under the circumstances and he deserves a chance to try again - this time with funding and commitement from ESA.
Apple are actually being slower to patch than Microsoft. For a hole this serious - and this is about as serious as security holes get - this is unforgivable. It was a stupid design decision in the first place.
...you can of course spin up Apache on another box, preferably not the firewall, and set it up in proxy mode to forward the requests. Though this generates some SSL issues. Mabye you could even use mod_balance and have a security appliance / load balancer?
Of course Checkpoint already offer this functionality in FW-1 NG to a limited degree, and Netscreen are introducing it across their range as a free update (for those with a software subscription) in ScreenOS 5 later this year or early next.
I would argue that even for the sender domain must resolve check we could be ok here - instead of checking the domain resolves, check they have an MX. After all if they haven't got a mail exchanger, you can't reply, so why are they sending you an e-mail?
James
At least the SPAM checks etc can still happen - Verisign aren't advertising fake MX's. Means a bit of re-writing work for us network people but could be worse. Still though... Bastards!
Well I don't want to get in to the argument over performance - that one has been done to death.
I want to talk about my experience with my iBook. In short I love it. Yes it is only an 800MHZ G3 but there is no perceptible lack of power, in fact I sometimes find myself marvelling at just how well it multitasks. RAM is the key with OS X, I bought a 512MB DIMM from Crucial at the same time as I bought the machine. Cheap and works a treat.
The machine is a joy to use, I hate touchpads, but I have got used to this one.
The keyboard is quite good, though on UNIX having to press alt-3 for # is annoying (I must find some software to remap that silly double s key to hash lol). The terminal software is fantastic once you have it set to green on black with transparency. Things like tomcat are easy to install. The machine is light and seems fairly robust. I use it all day at work in one user account for managing UNIX servers and writing proposals in Word, then take it home in the evening and use it for browsing the net and checking my mail. The display is wonderful. OmniGraffle is far superior to Visio and I the only MS tax I paid was for the heavily discounted version of Office I bought with the machine.
Last night after a couple of drinks I saw a PC laptop in standby. It looked so ugly with that horrible flashing green LED and its big silver case... I work with rack mount servers, I'm not obsesses with looks, but give me the dimming-brightening standby light on my nice white iBook anyday.
The build in Ethernet is great. The USB is great. All it needs is a serial port for console management - and you can get them cheaply enough.
>I feel that C needs to be retired, much the same way that Fortran, Cobol and Perl have been
What makes you say Perl has been retired? From the number of scripts I write using it, the number of systems I see glued together by it and the sheer volume of Websites using it, I would say it is anything but a retired language.
MacOS X 10.1.3 (latest version as of now) includes OpenSSH 3.0.2p1. I wonder how long before Apple get a patch out... I don't really want to rebuild from source on MacOS X, even though it did only take 5mins to build 3.1p1 on my FreeBSD firewall.
Slashdot Mirror
Yup, both of those, and the only e-mail server software suite to have never had a serious security hole.
I hope no-one blames Professor Pillinger for this. He did a great job under the circumstances and he deserves a chance to try again - this time with funding and commitement from ESA.
>Show me a Unix system that doesn't use /etc/aliases!
At the risk of being pedantic, any qmail system!
In the UK pumps don't stick on. You have to actually hold the lever to pump the fuel, but they still click off if the tank fills.
Apple are actually being slower to patch than Microsoft. For a hole this serious - and this is about as serious as security holes get - this is unforgivable. It was a stupid design decision in the first place.
WOW - Your old enough to remember the 60s?
...you can of course spin up Apache on another box, preferably not the firewall, and set it up in proxy mode to forward the requests. Though this generates some SSL issues. Mabye you could even use mod_balance and have a security appliance / load balancer?
Of course Checkpoint already offer this functionality in FW-1 NG to a limited degree, and Netscreen are introducing it across their range as a free update (for those with a software subscription) in ScreenOS 5 later this year or early next.
I don' know about Scroll Lock but what the heck it this squiggly S thing at the top left?
Apparently, no-one has registered verisucks.com.......
I would argue that even for the sender domain must resolve check we could be ok here - instead of checking the domain resolves, check they have an MX. After all if they haven't got a mail exchanger, you can't reply, so why are they sending you an e-mail? James
In the UK most internet users (the ones using Freeserve or AOL etc) are behind transparent web proxies. For once this could be a good thing!
Please, ISP admins, redirect all HTTP requests to 64.94.110.11 and any other relevant addresses to a helpful "domain not found" error page!
At least the SPAM checks etc can still happen - Verisign aren't advertising fake MX's. Means a bit of re-writing work for us network people but could be worse. Still though... Bastards!
....what about pen tests.... they may be doing evil but have no evil intent... we need a pseudo-evil bit too!
Sounds more like Yoda to me.
Well I don't want to get in to the argument over performance - that one has been done to death.
I want to talk about my experience with my iBook. In short I love it. Yes it is only an 800MHZ G3 but there is no perceptible lack of power, in fact I sometimes find myself marvelling at just how well it multitasks. RAM is the key with OS X, I bought a 512MB DIMM from Crucial at the same time as I bought the machine. Cheap and works a treat.
The machine is a joy to use, I hate touchpads, but I have got used to this one.
The keyboard is quite good, though on UNIX having to press alt-3 for # is annoying (I must find some software to remap that silly double s key to hash lol). The terminal software is fantastic once you have it set to green on black with transparency. Things like tomcat are easy to install. The machine is light and seems fairly robust. I use it all day at work in one user account for managing UNIX servers and writing proposals in Word, then take it home in the evening and use it for browsing the net and checking my mail. The display is wonderful. OmniGraffle is far superior to Visio and I the only MS tax I paid was for the heavily discounted version of Office I bought with the machine.
Last night after a couple of drinks I saw a PC laptop in standby. It looked so ugly with that horrible flashing green LED and its big silver case... I work with rack mount servers, I'm not obsesses with looks, but give me the dimming-brightening standby light on my nice white iBook anyday.
The build in Ethernet is great. The USB is great. All it needs is a serial port for console management - and you can get them cheaply enough.
>I feel that C needs to be retired, much the same way that Fortran, Cobol and Perl have been
What makes you say Perl has been retired? From the number of scripts I write using it, the number of systems I see glued together by it and the sheer volume of Websites using it, I would say it is anything but a retired language.
Free software dosen't usually mean bad software, e.g. QMail
Commercial software often dosen't mean good software, e.g. Windows.
MacOS X 10.1.3 (latest version as of now) includes OpenSSH 3.0.2p1. I wonder how long before Apple get a patch out... I don't really want to rebuild from source on MacOS X, even though it did only take 5mins to build 3.1p1 on my FreeBSD firewall.
A touch redundant perhaps but at least I actually got round to registering a user to do it :)
Congratulations to you both!!!!