Is your mail server part of the problem?

SANS Internet Storm Center, InfoCON: green is discussing Spam Backscatter, (Mon, Oct 9th). “Over the weekend I dealt with the rather massive after effects of a spam campaign spoofing a domain” …(more)

I'll second that! As the article goes on to indicate, many innocent mail administrators are a part of the problem by not changing naive settings of their servers. We need to encourage all the mail server software authors to change their default behaviors to fail to deliver mail silently: bounces from non-existant mail addresses are clogging the internet's pipes with replies to spoofed senders. “No such postbox” and “mailbox filled” are courteous, but since your server likely doesn't really know the sender, it's not just a waste of effort, but a an imposition on others to read your counter-spam. Let's all be a little quieter and learn more from listening than responding.

MS6-053 an Internet Explorer Cross-Site Scripting exploit?

Swa Frantzen is manning the SANS Internet Storm Center, InfoCON: green desk today, and struggles to work out the exploit Microsoft documents without admitting in MS06-053 revisited ?, (Thu, Oct 5th). “When we first read MS06-053 we ended up discussing and not fully understanding what Microsoft was…” (more)… The article explores what appears to be an IE cross-site scripting exploit but with the character set UTF-7 (yes, seven! – who knew!) and some advice to webmasters to help avoid spreading the problem by echoing a bad URL back to the user.

Fonality acquires TrixBox

Slashdot post: Fonality Acquires Trixbox. An anonymous reader writes “MySQL's Brian Aker has a good commentary on the big news in acquisitions today that Fonality has acquired Trixbox, the Linux Telephony distribution.” From the article: “So why is this big news? Trixbox is the distribution for telephony on Linux today. They have put together a vertical Linux distribution dedicated to telephony. It combines Asterisk with a web based interface backed by MySQL, integrated into the SugarCRM solution. As Redhat today is the LAMP of the IT Enterprise and Web Framework, (Linux, Apache, MySQL, Perl/PHP), Trixbox is the LAMP stack of the Telephony market, Linux , Asterisk, MySQL, Perl/PHP.”

Good news. I saw TrixBox (nee Asterisk @ Home) demonstrated at the MonadLUG group by Tim Lind, who's gone on to do a couple of very successful Asterisk installs, and it's on my “I'd really like to try that out if only I had more time” list.

Making the Switch

I had hoped to exclaim “Microsoft-Free in 2003!” but I’ve been a little busy.

Interoperable is not just the slogan of the blog, but a philosophy that all tools work better than any single one; a group of minds is greater than their sum. So, this is no abandonment of anything, rather an expansion of possibilities.

I’ve had several dual-boot machines for years, and have learned to work on them pretty interchangeably.

At the end of September 2006, I booted into the Ubuntu 6.06 distribution I had on the laptop and three days later I’m still working there. There are things I need other OSes for, but the transition is getting easier each time.

Ubuntu print to PDF

Working on a new install of Ubuntu 6.06 and needed the functionality of printing to PDF out of a variety of applications. OpenOffice.org has it built-in, but other apps don't. There's lots of support in Linux for PostScript as the preferred output format, but the magic of invoking pstopdf is magick to me. Enter cups-pdf, a printer driver that generates PDF files. Following the instructions here (especially the hint in comment 15), I was up and running and generating PDFs in ten minutes. Way cool!

DLSLUG, October 5th, 7 PM: Protecting a Windows Server with a $50 Linux Box from Staples

Bill McGonigle announces Thursday's Dartmouth-Lake Sunapee Linux User Group: “Protecting a Windows Server with a $50 Linux Box from Staples” presented by Lloyd Kvam:

“Lloyd will talk about OpenWRT, the open source linux distribution that targets small routers such as the Linksys WRT45GL. He recently used one to make a bridging firewall, where a Windows computer needed protection, but there was no access to the router.”

“Lloyd will talk about hardware organization, installing packages, the layout of the default configuration, and how to customize the routing and firewall operations… Lloyd works at software development, preferably in Python.”

Should be a fun meeting. Hope to see you there!

Yet another ActiveX control exploit for IE

SANS Internet Storm Center weekend monitor is reporting “WebViewFolderIcon ActiveX control exploit(s) in the wild, (Sat, Sep 30th). Rise and shine. This vulnerability is being actively exploited in the wild …” (more)

If you must run IE, restrict ActiveX controls to the highest level possible. And use a safer browser, like FireFox or SeaMonkey or Opera or Konqueror or Camino or Safari for all those web sites that don't require you to use IE.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.