I’ve got a home project to run more network cable here lately and found techtoolsupply to be an interesting resource for network and other cabling supplies. I don’t recall who I ordered from last time, it’s been several years (and those big spools of cable last for years unless you do a LOT of cabling.) On other notes…. There are many very good do it yourself wiring resources from electrical like this link to network wiring. Many people think that wireless means that it’s just backwards to install network cabling. (I don’t know how many people told me “why don’t you just use wireless” when I mentioned that when we built I wanted to get cat5 cable installed.) Well – here goes – wired is 1)faster and 2) more secure – yes I’ve heard of WPA for wireless, but my wired lan is between 10 and 100 times faster than my current wireless (yes, I’m running 802.11b still and an upgrade to the wireless wouldn’t get it up to the same speed yet either. then my wired network would be 2-20 times faster. (Of course that’s best case – clear line of sight to the wireless access point.)
Tag: LOT
-
Virtualbox virtualization open source availability
This last week virtualbox announced that they have released a version of their virtualization software as open source. There is a pay version as well with more features. (*read on for features available in the full version.)
While I appreciate them making the core virtualization open source and currently they are likely the most advanced open source virtualization software out there… it is a bit disappointing to see some of the really juicy features in the non-open source version. However, it should be noted that the full version is free for personal use or evaluation.
-
Skype and linux audio issues
One of the things I didn’t mention in my first skype post was the “getting skype to work with linux” bit… The version available via urpmi in Mandrake was 1.2, so I installed it (before I had the usb audio phone) and gave a try. It gave consistent errors trying to access the audio device (/dev/dsp). I looked and it seems that the older 1.2 version used OSS exclusively for this and had LOT’S of problems. I did find that version 1.3 that can use either OSS or ALSA seemed to work flawlessly on the three systems I tested. (Two of them Mandriva 2006 and the test box Ubuntu 6.06.1) The testbox didn’t have a sound card prior to the usb phone, the other two had built in sound and that is what was tested.
-
MS06-040 update
MS06-040 is one of last weeks Windows updates and is the one that was probably the biggest target for “wormable” activity. There’s a good deal of news from over the weekend with regards to this. First: Snort signatures, the MS06-040 exploit was spotted actively “in the wild”, and of course, our perennial friends in the spamming world didn’t waste much time in making use of this one.
-
Wireless war rocketing?
There were several articles about a new “wardriving” technique that was talked about at Defcon (this topic and a bit more Defcon coverage here). In fact, this takes the driving out of the mix and involves launching a rocket. Essentially rockets were equiped with access points and launched to get a 6000+ foot view (for the largest) of the wireless landscape. Now, they didn’t turn up a LOT, but they did see an impressive range of area *(50 square miles for the largest). One of the smaller rockets made it to 2000 feet. It was a rural area where this was done, so they didn’t pick up much. Although it had a range of 4 miles, the big rocket could only find 2 networks.
-
Wget user agent avoidance
I use wget a LOT. Many times in working with a website I’ve got a ssh console opened to the site and if there’s a plugin that I’d like to download it doesn’t make sense to download and then upload, I want to just download it directly from xyz.com webserver to the website where it will be installed. However, many times people have set up rules to block wget downloads. Yes, I know people use wget to suck down entire websites, it uses up bandwidth, etc. etc. Well. Wget is capable of sending a different user-agent.
-
Cross browser javascript vulnerability
It sounds like this vulnerability would take a great deal of user interaction, but cio-today is reporting on a browser vulnerability that affects pretty much every javascript enabled browser. According to Symantec …. “This issue is triggered by utilizing JavaScript ‘OnKeyDown’ events to capture and duplicate keystrokes from users,” and is a way that the attacker could scrape/log things that are typed in (bank information, passwords, etc.) Also, they say “In one scenario, a crafty programmer might be able to trick users into entering personal data into a seemingly secure field on an online payment form, giving the hacker access to anything typed within the field.”
-
Bad malware storms brewing
ADTMAG.com has an interesting article talking of the convergance of spyware and more sophisticated phishing attacks. They talk about the convergance of viruses and spam engines that happened in 2003 as a real shift in the dynamic of WHERE junk mail was coming from. Today botnets account for about 90% of the spam online, and of course, the botnets are the zombie armies that can be (and are being) utilized to bully web pages off the net, or extort large amounts of $$ due to denial of service attacks.
-
Speaking of botnets….
I seem to be getting the second flood of trackback spam attempts on the day. LOT’s of ip addresses, from all corners of the globe – most seem to be casino-related trackback spam. I guess botnets are being used for comment spam? It sure looks like a “100 pcs for an hour to do your bidding” kind of thing going on… There have been literally hundreds today alone (which is the first time I’ve actually seen this heavy a spam-storm. By the way…. I haven’t yet seen one slip into the actual comments… I attribute that almost entirely to a very useful WordPress 2.x plugin…