by R.I. Pienaar | Oct 30, 2003 | Front Page
I somehow missed the initial mention of this on Bugtraq and the other usual sources but finally picked up on it via SANS.
There is a vulnerability in the Sun JVM that is used in browsers to execute applets that can be exploited by a malicious web site or HTML email to bypass all security restrictions imposed by the applet sandbox. This is a major issue as it will allow for mass exploitation of machines – not just Windows but all desktops with Java enabled browsers – by spammers, worms and other nasties.
This may possibly be the entry point that could lead to the first true multi platform worm. Developing such a worm would be a big challenge especially if it is to be truly multi platform, but you would only need to target certain distributions of Linux and Windows in general to make a big impact. The days where every Unix user will notice an additional process on his box is also long gone, how many of the masses of recent Linux converts run ps regularly and even if they did can tell you what the processes mean?
by R.I. Pienaar | Oct 29, 2003 | Front Page
CNet News.com has a very interesting article on the stance that RedHat and others are taking on the 2.6 Linux Kernel.
The bottom line is that there seems to be some lack of trust in the stability of the kernel at release time and that the big players will rather wait and spend money on backporting features from 2.6 to 2.4 and stick to 2.4 for a while. RedHat also has unfortunate timing with the release of its Enterprise Edition that came out recently and they stick to making yearly releases of that.
I think finally the world has learnt from the burning it took on the 2.4 kernel branch, the file corruption and other bugs that was present in a number of “production” kernels, and is now being more cautious about what it will take and what it will not. This is a very good step one that may bring Linux – in my mind – back to being something you can trust in production. I can only hope that the Linux developers learn from this and treat the stable branch more like a stable branch and less like a play pen.
by R.I. Pienaar | Oct 24, 2003 | Front Page
Derek Wyatt MP has some brilliant ideas about spam and he is not afraid to sound off about it in public. On his site he has a short write up about his plans which involves incorporating a post code in all email addresses in order to track spammers to their homes. He suggests putting the postcode inside the domain name, so user@whatever.co.uk would become user@whateverpostcode.co.uk – visionary. In true British don’t-even-think-of-looking-at-my14-year-old paranoia fashion he even has a plan for minors who do not want to hand out their postcodes – a PIN number instead of the postcode and the PIN would be assigned by none other than the Information Commissioner. Read the whole proposal here
This is the man who in his own biography says he went into politics because “I thought the British people deserved better.”
NTK has the following to say, and I really cannot do any better.
Derek, unfortunately, appears to be fighting the good fight with the Shield of Wholesale Technical Misunderstanding and the U-Shaped Gun Of Shooting One’s Own Mouth Off.
Derek is the Chairman of the All Party Parliamentary Internet Group it really is encouraging to see such capable hands in charge of such an important group, from their website they state their mission as:
The All Party Parliamentary Internet Group exists to provide a discussion forum between new media industries and Parliamentarians for the mutual benefit of both parties. Accordingly, the group considers Internet issues as they affect society informing current Parliamentary debate through meetings, informal receptions and reports. The group is open to all Parliamentarians in both the House of Commons and House of Lords.
So much for living in the first world.
by R.I. Pienaar | Oct 23, 2003 | Front Page
A number of welcome items in the news in this week regarding Spam.
Yahoo introduced a feature where users can create unique email addresses that can be disabled later on. Hot on the heels of this announcement Hotmail has announced plans to introduce a White List for users.
On a larger scale the US Senate has passed a bill that promises to get tough on spam, the bill is a good start but The Reg mentions some concerns with this bill.
On my own little system I have introduced a black list that blocks mail at SMTP time to blacklisted recipients this has kept about 2000 spam messages from entering my box this month, a very welcome change. This was made easy by my reporting module for iScan that puts detailed meta information about all mail handled by my machine into a SQL server, using this I can track down big spam recipients and trends and target those with specific fixes or safe guards.
by R.I. Pienaar | Oct 17, 2003 | Front Page
Today Aaron Caffrey was acquitted for hacking. The bbc has the following bit in their story.
Prosecutor Paul Addison asked him whether if he had seen the film Hackers.
Elite is the name given to the best of the group targeting the FBI in the film.
The teenager said he had seen the film but denied there was any link to his group.
I really pity anyone being put on trial for any hacking – or any computer crime – today, the legal system just has no clue.
by R.I. Pienaar | Oct 13, 2003 | Front Page
Well I have now moved to my new place and BT managed to get my ADSL in 2 days in advance of their projected install date, so far it seems nice and stable and I can finally sleep soundly again knowing I wont be stuck with dial-up for the next 6 months
