Computer Tips -Tech Info

Category: Linux Software

Linux Local kernel vulnerability

SANS has a story on another local kernel vulnerability for linux. I’ve got to say that I typically haven’t looked as much at “local” vulnerabilities on this site as I have talked about remote vulnerabilities. Usually local vulnerabilities are flaws that allow a user that’s already logged into a system to escalate their user rights to control the system. So, IF you allow logins for various users, you definitely need to pay attention to local vulnerabilities.

(more…)

July 14, 2006
Open Source NTFS driver for linux with Read and Write support

Linux has full support for so many file systems. Fat32, which is the filesystem of the Win98 and ME systems has had full read-write support as long as I can remember, but NTFS has not. In fact, NTFS has had read-only support in the main open source driver, but NO write support. (Or at least VERY limited and risky write support.) There was the captive ntfs project which used Windows own NTFS driver, but…. it looks like we’re getting very close to a true open source, read write NTFS driver for linux (and really, for any other OS that wants to implement it.)

(more…)

July 14, 2006
VMWare server 1.0 final release

I’ve been keeping an install of Vmware virtual Server through their beta and Release Candidate phase and have seen several places that they’ve released the 1.0 version today. This release is free (as in no charge.) Although support is available….

(more…)

July 12, 2006
Now we know what’s taking Crossover Office 6 so long…

I just read that Codeweavers has managed to get World of Warcraft working in Crossover Office in their development builds it should be possible. Of course, it’s been possible for some time to run it via Transgaming’s Cedaga. But codeweavers seems to be working on it in their Crossover product as well and are “testing it extensively”…. NOW I know why it’s taking so long for 6 to come out….

July 10, 2006
Mozilla Firefox use above 15% in the US…

and Internet Explorer use has dropped below 80% in the US. Currently 12.93% of online users browse with Firefox. Almost 40% of German web-browsers use Firefox to view the web. It’s nice to see Firefox’s share gaining. I, personally wouldn’t mind seeing SEVERAL competing, standards-compliant browsers with significant share’s. (Opera has moved above 1%.) I think (and hope) the day will come when it doesn’t matter a bit what browser you use (as long as it’s standards compliant.) Hopefully we’re moving towards that.

(more…)

July 10, 2006
Windows 98 and ME in final days of support (6 by my count)

July 11th will mark the end of Microsoft’s support for Windows 98 and ME. Which means that there will be no further security updates for those systems after that date. In SOME ways, those systems may find comfort in the security through obscurity approach as much malware MAY not run on those systems, but that’s kind of a risky angle to play. For those that are willing to experiment…

(more…)

July 5, 2006
Fasten your seatbelts – Browser vulnerability a day to be announced in July

I hope there aren’t too many browser developers that have planned on taking July off….. I ran across browserfun.blogspot.com where it is planned to release information on a web browser vulnerability EACH DAY for the month of July. This comes to us from HD Moore of Metasploit. Judging from This securityfocus article, most of the vulnerabilities may just lead to a browser crash, but some seem to be remote code execution vulnerabilities. Microsoft Internet Explorer is where they found most of them, but other browsers were NOT immune and did find at least one remotely exploitable vulnerability to gain remote access for each browser tested.

(more…)

July 3, 2006
Vandals banging on the door of ssh….

Sometimes I wish I wasn’t curious about things…. The other night I was working on something on the testbox in the back room and saw the switch lights flickering fairly actively between the server and the internet gateway. At first I thought maybe it was some mail coming in, but it was awfully persistent. So, I started nosing around. I saw that sshd was showing up in the process list and on checking /var/log/messages…. found hundreds of ongoing attempts to break in through the ssh server. (sigh….) Now, there was a time when I’ve kind of snickered when I’ve seen these futile attempts, because I have a VERY short list of allowed ssh users. (AllowUsers username can be set in /etc/ssh/sshd_config) But, this was fairly persistent and there was more variety to the usernames than I’m used to seeing.

(more…)

July 2, 2006
OpenOffice.org security update

Version 2.0.3 of OpenOffice.org has been released. It includes quite a few bugfixes, including three security related fixes. The security vulnerabilities were apparently found in an internal audit. One of the improvements in 2.0.3 is an integrated update check, to be able to check for available updates directly from within OpenOffice. I think this is an important area to be improved.

(more…)

June 30, 2006
chkconfig for ubuntu or other debian based linux systems

As I’ve mentioned I’ve got an ubuntu based test system. Most of my linux experience has been from a red-hat derivitive-based background and for that, at the command line, you have chkconfig which is a good tool for checking the configuration of services to run at startup. It is a red-hat derivitive thing… However, I found this forum post where someone contributed a “chkconfig” script that does the same thing. I tried it and it’s somewhat slow compared to it’s red-hat derivitive counterpart, but…. it does the job.

(more…)

June 26, 2006