Archive | September, 2005

The Six Dumbest Ideas in Computer Security

The Security Thread – September 11, 2005 over at  Doc Searls’ IT Garage –points out that “Marcus Ranum brings a strong analytical frame of mind in his brilliant analysis The Six Dumbest Ideas in Computer Security. You need to read it!”

I saw pointers to the article from at least four of my RSS subscriptions and Ed Leafe pointed it out on the ProFox list this morning. With all those recommendations, it must be good… just finished reading it. Good stuff!

Patching FireFox to avoid the international web link exploit

Slashdot post: Patch & Workaround for Firefox Flaw Available. mcc writes “Yesterday Slashdot reported on a Firefox vulnerability which could allow remote code execution. Today Firefox has a patch and a configuration workaround, both of which immunize against the bug. If you are using Firefox you should immediately go to the URL ‘about:config:’, type ‘network.enableIDN’ into the box, and verify that ‘network.enableIDN’ is set to ‘false’.”

Happy Software Freedom Day!

Software Freedom Day is September 10th. Check the link for an activity going on near you. If you’re in New Hampshire, swing by the Milford village green and say hi to the volunteers who’ve set up a booth there for the day. Anywhere in the world, you can check out the OpenCD offered by the Software Freedom Day folks. Inserted into a Windows machine, it offers quite a bit of information about Open Source software, including the text of several books, including “Free as in Freedom,” “The Cathedral and the Bazaar” and “Open Sources”. Also on the disk is a catalog of Open Source saoftware that runs in Windows, with the ability to install it right off the disk. Software includes 7-Zip, AbiWord, Audacity, Battle for Wesnoth, FireFox, Gaim, GIMP, Notepad2, OpenOffice.org, PDFCreator, Really Slick Screensavers, NVU, Sokoban, Thunderbird, and TuxPaint. Reboot with the disk in your CD-ROM and you’ll get to test-drive the LiveCD version of Ubuntu. It’s a great disk to pass along to friends considering Open Source, or just looking for some quality software.

The press is picking up on the event, too. Here’s an Infoworld article.

FireFox flaw found; researcher releases details prematurely; temporary fix available

Computerworld News reports Firefox flaw found: Remote exploit possible. “Computers running the Firefox Web browser could be open to remote attack as a result of a buffer overflow vulnerability reported today by a security researcher.”

In what sounds like a pretty irresponsible act, MozillaZine reports According to the News.com article, Ferris reported the flaw to the Mozilla Foundation on Sunday, in line with the Mozilla security bugs policy. However, he decided to make the vulnerability public “after a run-in with Mozilla staff”.

A description of how to disable the flaw is described in the article (also in the comments) and a patch will be forthcoming soon. Note that the flaw the same researcher reported to Microsoft last month (and did not disclose publicly) has still not been patched.

MonadLUG: Tim Lind demos four Open Source Firewalls

Saw a great presentation by Tim Lind at the Peterborough/Monadnock LUG this evening comparing four Open Source firewalls: Smoothwall, IPCOP, Sentry and M0N0Wall.Each comes as a bootable CD-ROM, some install to a hard drive, m0n0wall runs off the CD-ROM with settings stored on a floppy (or, optionally, a Compact Flash or USB storage). Each supports a variety of tools, including DCHP, DNS, some varieties of VPN, intrusion detection, logging, NTP, ssh, and a couple of acronyms that flew right past me. Tim uses these to set up clients with internet access, re-using an old clunker PII-350 they clients have laying around, and getting a statefull firewall with some pretty impressive tools.

Get S.M.A.R.T.

I spent yesterday afternoon recovering from a hard drive failure on my ThinkPad A31p. The internal drive, running Windows XP, got flaky in the middle of working on some documents. Explorer.exe “failed to initialize with error 0xc000006,” networked drives disappeared. I had used SpinRite 6 to repair this drive at the end of August, and suspected it was approaching end-of-life. What I didn’t realize is how much information the drive could supply.

On SourceForge, you’ll find SmartMon Tools, a set of utilities available for Windows, OS X and Linux, that communicate with the S.M.A.R.T. interfaces available on most modern hard drives. I had not appreciated the capabilities of the interface: it stores recent errors, performs short and long self-tests, and displays logs of tests. Details on using SmartMonTools are available on the SourceForge site as well as this Linux Journal article.

Running tests on the drives confirmed my worst fears. Multiple read errors were scattered over the drive. With 19k run hours, it was in pretty bad shape. Luckily, I had anticipated this. Using Norton Ghost 2002 and the Open Source equivalent g4U, I had backed up and now restored the partition images to a spare hard drive. Swapping the new hard drive to the internal slot and the bad drive to the expansion slot, I rebooted into Knoppix to read the recently changed files off the bad drive and onto a USB tab. Rebooting into Windows, I copied the files from the USB tab onto the new drive. Why two-step? I’m a bit shy of writing to an NTFS partition within anything other than Windows, as the file system format is proprietary and not completely documented. Back up and running!

Check out the SmartMonTools, though. It looks like you can set them up to run tests in the background and on a regular schedule. Catch the hard drive failures before they become real trouble.

Doc: Power From the People

Over at The Doc Searls Weblog, Doc has a heavily-hyperlinked article on Katrina, its causes and effects and how we can do better in the future, Power from the people. When you have a few hours to read through the assembled documents, I’m certain it will be worth your while. That’s why I’m bookmarking it here.

Massachusetts’ worries over patents drove OpenDocument decision

Slashdot post: Massachusetts Explains Legal Concerns for Open Documents. Tontoman writes “ZDNet is running a story that sheds new light on the decision by Massachusetts to switch to open formats for the commonwealth’s official documents. This issue has previously been discussed on Slashdot, first The Massachusetts Office Party and then Microsoft Lashes out at Massachusetts IT Decision . From the article: ‘Eric Kriss, Secretary of Administration & Finance for the Commonwealth of Massachusetts, told CRN on Friday that Massachusetts had concerns about the openness of Microsoft XML schemas as well as with potential patent issues that could arise in the future.’ The article also quotes a Microsoft executive on further reason that Microsoft’s upcoming Office 12 will not support OpenDocument.”

Sun releases OpenOffice.org under LGPL

OSNews notes OpenOffice.org Goes LGPL. “On 2nd September 2005 Sun announced the retirement of the Sun Industry Standard Source License. As a consequence, no future Sun open-source project will use the SISSL. Projects currently using the SISSL under a dual-license scheme, such as OpenOffice.org, are dropping the SISSL and thus simplifying their license scheme as soon as the development cycle allows. Effectie with the announcement that Sun is retiring the SISSL, OpenOffice.org will in the future only be licensed under the LGPL (.pdf). A FAQ is also available.”

Kudos to Sun MicroSystems for dropping their license and making Open Source that much simpler.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.