Archive | July 18, 2005

Remote Desktop Protocol flaw can lead to DOS and crashed servers

Computerworld News notes Microsoft warns of remote access protocol flaw. “Microsoft is warning users that a flaw in the software used to remotely access computers running the Windows OS could leave them vulnerable to a denial-of-service attack.”

This is the RDP flaw I blogged last week. Affected machine include Win2K as well. It appears that scanning for the affected port is on the increase, too, according to the Internet Storm Center. I’m advising clients to turn off port 3389 at the firewall, and only enable it (via ssh, for example) when needed.

Whither .NET – additional ramblings

Andy Kramek posts a follow-up to his well-received essay: “Well, my little article on “Whither .NET” certainly prompted a variety of responses! I suppose it was to be expected that most of my regular readers are fellow FoxPro travelers and are probably pre-disposed to agree with my point of view. However what I found revealing was the comments from some people who obviously read something into my article that simply was not there.”

USA Patriot Act renewal controversy

Compare and contrast:

Amendment IV: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Patriot Act Section 213: With respect to the issuance of any warrant or court order under this section, or any other rule of law, to search for and seize any property or material that constitutes evidence of a criminal offense in violation of the laws of the United States, any notice required, or that may be required, to be given may be delayed if–

(1) the court finds reasonable cause to believe that providing immediate notification of the execution of the warrant may have an adverse result (as defined in section 2705);

(2) the warrant prohibits the seizure of any tangible property, any wire or electronic communication (as defined in section 2510), or, except as expressly provided in chapter 121, any stored wire or electronic information, except where the court finds reasonable necessity for the seizure; and

(3) the warrant provides for the giving of such notice within a reasonable period of its execution, which period may thereafter be extended by the court for good cause shown.’.

— Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT)

There’s loads more good info at the ACLU’s Reform the Patriot Act website. Read, heed, and contact your Senators.

“He who would give up Liberty in exchange for temporary security, deserves neither
Liberty nor security” — Benjamin Franklin.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.