Microsoft's Masterpiece of FUD - analyzed and interpreted. Worth reading.
sysadmin - 7.3.2006 - 20.9.2006
Government wants to "close the last gaps" in computer criminal law - surely there will be plenty of gaps again, through which our freedoms will be further restricted. For example, what hacker tools are - farewell to practical helpers like nmap and co? With the "craftsmanship" quality of the Berlin bunglers (some call them government), I don't expect anything useful anyway ...
Spam opponents should pay 11 million dollars - I don't usually hold much of blacklist operators, but in this case I'm still on the side of spamhaus - because I hold even less of spammers and stupid US judges ...
OFF - Owner Free Filesystem. An interesting idea where only XOR-diffs between files are stored in a distributed manner and are designed so that each block of numbers can be combined with others to create various original files - which, according to the authors, makes the individual blocks of numbers not copyrightable, as they belong to different originals at the same time.
Merlin XU870 3G HSDPA 7.2 ExpressCard - Direct UMTS in the MacBook Pro?
AMD talks about ATI - possible open-sourcing of the drivers?
An AOL Searcher No. 4417749 Is Identified - it's one thing to say that the search queries published by AOL can be traced back to names. Another thing is to actually do it - the NY Times can not only fake photos, but sometimes also be investigative ...
O'Reilly's list of the most popular programming languages - absurd, how a publisher, who has long been facing competition in its core area from others (e.g. apress and manning), still acts as if they could provide some definitions. And not just trying to boost their own sales and define the market by selecting the topics published.
Hackers Clone RFID Passports - oh, great, the blackhats have demonstrated how easy it is to clone a German passport with RFID (i.e. the RFID part of it). Result? A blank piece of paper with an RFID chip that looks like the original ID to the electronic reader.
SCO is Distributing ELF Under the GPL Still. Yes. Now. Today. - strange. One would think that SCO would have already taken down all downloads that allegedly violate their rights. Wrong guess ...
How to Bypass Most Firewall Restrictions and Access the Internet Privately - system administrators and firewall operators should take a look at this.
Living with Errors - the Key to Scaleout - good article about system scalability.
Intershop continues to write losses - and Microsoft Word has bugs and in China a sack of rice fell over.
The Computer Club is back - Revival of the Wolf-Gang. But if this is a podcast - how are we supposed to notice when the fat one breaks everything again?
Metasploit: Internet Drive-By Shootings - interesting article about the possibilities of exploiting browser bugs.
Woe betide my Dell - quality tech support by Dell.
Debian-Hack: Intruder exploited known vulnerability - quick reaction and resolution, that's good. Kernel on a several-hundred-user system not updated in time, that's rather bad.
Galileo encryption cracked - and thus the door is open for free decoders.
heise online - Google convicted for links to counterfeit products
Google sentenced for links to counterfeiters
Filtering out the pages of counterfeiters would have been possible, explained the Paris Court of Appeal. This has shown the filtering of politically undesirable pages in China.
Well, exactly what could be expected. One's own fault - if on the one hand you preach free opinion and how great everything is that you do and how un-evil, then on the other hand you should keep your fingers off state censorship ...
Wells Grants in Part IBM's Motion to Limit SCO's Claims! In Large Part. - wow. SCO has been heavily rejected here.
Freenode hacked - Operator account compromised. If you have passwords there, better change them and make sure the passwords used there are not used elsewhere ...
Microsoft buries WinFS - which turns the hopelessly delayed Vista into a pure farce.
Microsoft's Calling Home Problem - about the latest approaches with which Microsoft spies on legal users.
US House of Representatives votes against "net neutrality" - we can probably assume that the worst possible variant will prevail ...
Caller ID Spoofing - what is worse than a broken authorization system? One that millions of people and machines trust.
The source code for UCSD-Pascal is free - for fans of old languages and old operating systems. Oh man, that was the first Pascal environment I hacked on at school almost 24 years ago ...
New MacBooks - sorry, but a notebook with chipset graphics instead of mobile ATI and then still 5 cm wider and 1 cm deeper - something like that is no replacement for a 12" PowerBook. I hope Apple comes to their senses ...
Debunking Linus's Latest - Shapiro also has a few thoughts to share about Linus's latest misstep.
Tanenbaum-Torvalds debate, Part II - Tanenbaum's counterarguments to Linus' Microkernel-stupid claim ...
Schneier on Security: Major Vulnerability Found in Diebold Election Machines - is this finally the end for this dreadful Diebold disaster? Or will they try to wriggle out of it again and suppress the reports?
Bluetooth SIG - Idiots at the Helm
Whoever wonders which Bluetooth hardware works with BlueZ (Bluetooth stack for Linux) will come across the following statement from the Bluetooth SIG on the compatibility list:
Whether or not you're selling them makes no difference. The problem is due to the distribution of them from your Web site. Please note that the use and distribution of non-qualified products is a violation of the Bluetooth License Agreement. As neither of these products have been qualified using Linux it is illegal to make them available for public use.
Due to this idiotic attitude, it is no longer possible to refer to the compatibility of Bluetooth products with Linux on holtmann.org. Can it get any more stupid?
Rotten Effort - how Microsoft tries to pressure consultants in companies with almost extortionate tactics ...
This was the Roots: How the Internet came to Germany - and not a word about the IN e.V. at Heise either - which was also significantly involved in private internet activity.
Network Games
Well, that's the thing with games or virtual worlds that are operated somewhere on the internet. You have access, your own access is running smoothly. And the operator's servers are also working fine. Only some stupid backbone provider in between has a faulty router in the route, with around 30 percent packet loss over longer periods of time. Which of course makes playing significantly more difficult.
But: where do you complain now? I mean, he's taking away my evening entertainment, that damn place
AOL.de Zugang - WiFi Hotspots. And yes, that's the devil. But what can you do when network withdrawal threatens ...
Critical security vulnerabilities in Mac OS X - yuck. Please people at Apple - get your act together and use current and fixed versions of the various libraries. Otherwise, I might as well install Windows in the long run ...
Metasploit: Exploit Development: GroupWise Messenger Server - those who still convince themselves that the time from the discovery of a software vulnerability to an exploit is correspondingly long: forget it. Here someone shows an example development of a complete exploit one day after a hole in the GroupWise Messenger Server became known ...
Open Letter to D-Link about their NTP vandalism - why you should simply avoid D-Link products.
Virtual Worlds and Attack Scenarios
What do you get when you have virtual worlds with scriptable objects? Cracker attacks, of course. In this case, a user in Second Life built objects that, via script, produce further objects. This is a classic attack scenario in such worlds - overloading servers through high load, i.e., a classic DOS from within. What was interesting about this attack was that these objects catapulted every avatar a few million meters into the air - possibly to hinder cleanup efforts.
Cleanup efforts? Yes. The system of Second Life is a virtual world with many scripted objects - so you can't just throw everything away, as this would destroy the users' content. Instead, all regions (in principle, a region is a server in a large server farm) that were attacked had to be cleaned of exactly the affected objects. To do this, the Lindens (the employees of the operator) first approached these objects inworld (i.e., within the simulation environment) to examine them. Presumably, the operator will have tools for mass cleanup of malicious objects, but nevertheless, the entire work took several hours!
Well, one might say that this is trivial - after all, it's just a virtual world on a server cluster, nothing more. But Second Life is more - among other things, it is a micropayment system. And a lot of money is transacted there - thousands of US dollars per hour (and not just to the operator, but also among the users themselves!). There is therefore direct economic damage from the downtime. Not to mention the interactions of users in the system and events taking place - for example, on that evening, there were two major openings of new clubs with live music. The musicians were completely disconnected from the system by the events, as they no longer received any feedback, they did not know whether they were still live or not (although the streams usually continued to run) and of course, a lot of people's party was ruined. And the club owners certainly had a different idea of their opening party.
All in all, of course, predictable - because any system with influence possibilities will be misused by people, even if it is out of sheer malice - but nevertheless extremely annoying.
Apple Converts Xserves from PowerPC to AMD
Wow, I didn't realize that Apple is transitioning the XServe to AMD processors. I wonder if Intel agrees with their assessment of server performance?
Deutsche Bahn becomes a DSL provider - ok, this is definitely one of them. For the WDR, this is damn good.
IP addresses for vanity - yes, the date can sometimes be important.
WordPattern - probably the next one for today?
IBM offers bounty for Exchange customers - clear message (although Notes vs. Exchange is like "driving out the devil with Beelzebub" to me)
TUD:OS - TU Dresden Operating Systems - a few determined individuals keep the idea of the microkernel alive. Good so!
Shit hits Fan with Debian?
When Joey throws in the towel - and does so publicly - then the story must really be hitting the fan. Because normally he just quietly fades away ...
Mac OS X Security Challenge
The Mac OS X Security Challenge by the University of Wisconsin is a much more realistic variant of the rather dubious "30-minute hack" that is currently haunting the press and blogs. Because on the box hacked in 30 minutes, the attackers had a user account - it was therefore a simple privilege escalation, not a remote hack. The latter is quite different to set up, as you first have to get access to the machine.
Nevertheless, Apple should of course also take privilege escalations seriously - because, for example, on publicly accessible computers there are already some attack scenarios that are quite problematic - especially with alleged security features. For example, the encrypted home directory becomes a farce if multiple users can be logged in at the same time on the computer - the home directory is opened and mounted when the first user logs in, the second user can then simply look in. Apple should already improve at such points, of course also at the points where an unprivileged user can get root rights - because these are attack vectors for viruses and Trojans.
Hey, I don't feel like having similar nonsense like under Windows in the long run, so make sure you close the holes at Apple!