Today I clocked up 3 000 hits by actual browsers on my PPhlogger. It has been just under 3 months since I got 1 000 hits on the 7th of January 2004 which shows a good growth curve.
The lucky 3 000’th visitor was someone looking for Nikon D70 information.
A new security advisory has been released by the FreeBSD team that affects all versions of the operating system.
I. Background
The Transmission Control Protocol (TCP) of the TCP/IP protocol suite
provides a connection-oriented, reliable, sequence-preserving data
stream service. When network packets making up a TCP stream (“TCP
segments”) are received out-of-sequence, they are maintained in a
reassembly queue by the destination system until they can be re-ordered
and re-assembled.
II. Problem Description
FreeBSD does not limit the number of TCP segments that may be held in a
reassembly queue.
III. Impact
A remote attacker may conduct a low-bandwidth denial-of-service attack
against a machine providing services based on TCP (there are many such
services, including HTTP, SMTP, and FTP). By sending many
out-of-sequence TCP segments, the attacker can cause the target machine
to consume all available memory buffers (“mbufs”), likely leading to
a system crash.
They supply patches for FreeBSD 4.8, 4.9 and 5.2 and you can either apply those and rebuild just the kernel or upgrade your world to recent releases.
I noticed on Boing Boing Blog a story about the FBI shutting down a whole ISP, shifting its servers to their HQ for data mining purposes in order to investigate a single suspected attack launched from their IRC servers.
This is a truly shocking example of the kind of freedom that Americans really enjoy, the privacy of citizens is non existent if the FBI can just pitch up and copy terabytes of data not belonging to the individual they are pursuing. Read all about it on the poor ISP’s News Page. This is the kind of story that a few decades ago would be shoved in your faces as an example of the atrocities of Communism by these very same self righteous Americans.
The FBI executed a search warrant issued by the United States District Court for the Southern District of Ohio regarding the IRC network that we host. According to the warrant, it appears that the Bureau is investigating whether someone hosted on our network hacked and attacked someone else.
After several hours of attempting to track down, inspect and audit the terabytes of data that we host, the FBI determined that it was more efficient (from their point of view) to remove all of our servers and transport them to the FBI local laboratories for inspection. This was completed at 7:00 pm EST same day.
UPDATE: This is covered here as well, link via slashdot.org
The Viagra Prank is a must read! Thanks to Jay Allen for posting the link its a hose.
This guy takes you through the process of buying viagra from a spammer and testing out some of its insane claims, a good laugh!
For anyone who has been reading my pages about Fighting email harvesters and other unfriendlies. using .htaccess and other methods, here is a new one to add to your black lists.
ac903d6b.ipt.aol.com – – [18/Feb/2004:22:41:30 +0000] “HEAD / HTTP/1.1” 200 0 “http://blog.johnkerry.com” “StarProse Referrer Advertising System 2004”
Hopefully this is some hill billy John Kerry fan (Presidential candidate) and not the man himself being silly.
The Gallery team has sent out a urgent notification that all users should upgrade to the latest version due to a security problem. Upgrade is dead simple if you use the patch file, just replace 3 files on your machine.
Things are a bit dead here for a short while as I am in Cape Town for a few weeks on business and being kept pretty busy and without reliable net access from home.
