I haven’t been overwhelmed with VMware server’s web interface. You can start a virtual machine, or see statistics, but you can’t create virtual machines. Well, from the VMWare forums I did find a couple interesting “hidden” features. First, is a file manager at https://youriphere:8333/fm-properties and second is a GSX interface (which gives the ability to create a NEW virtual machine) at https://youriphere:8333/overview (the direct link to creating a new vm is https://yourip:8333/vmcfg-gsx )….
Tag: NEW
-
Internet Explorer 7 final release – AND first vulnerability…
Looks as though IE 7 release is imminent and will be in automatic updates on November 1st. Here’s one persons take on the user interface “improvements”. Now, there are many improvements in core functionality, but I’m annoyed by the user interface changes. I have spent quite a while with people getting use to the way the interface for windows programs have been for the last 10 years, now I feel like many of them will take another 5-8 years to get used to a NEW way to expect programs to be laid out….
-
Internet Explorer 0-day (take 2 of the last few days…)
The last zero day (activeX) seems to be less interesting than this NEW zero-day that really made a news splash in the last day. It looks as though this NEW 0-day affects VML… Incidents.org has good coverage here. Microsoft has an advisory up and they expect to release a patch on the next scheduled patch day (earlier if needed…. ahem….) Sunbelt is blogging about the “epic loads of adware” being pushed into systems via this vulnerability. Now, some workarounds….
-
Fairuse4wm back on top
In the struggle between fairuse4wm and Microsoft DRM, it appears that fairuse4wm is out on top again. Just to sum up – the last few weeks saw a release of fairuse4wm that stripped DRM from Microsoft DRM protected media files, then MS fixed their DRM to break fairuse4wm and now fairuse4wm has released a NEW version that breaks Microsoft’s fix and strips DRM from Microsoft DRM protected media files…. DRM software arms race, kind of fun to watch.
-
Vista’s fatal flaw?
Backwards compatibility. It’s something that many vendors strive for and Microsoft is certainly one that has placed a value on making things backwards compatible for third party software. According to this story at Sci-Tech Today, Symantec thinks this eagerness to be backwards compatible may be a big issue for Vista’s security. They expect several “privilige escalation” vulnerabilities to be found and say that if those such vulnerabilities are discovered in the prompt for user consent…. well essentially all of the systems security precautions could be undermined. The whitepaper on the details talks about several issues that have been patched at this stage in the Vista development process, but the main question is how many are out there?
-
Phantastic site for Phishing research….
By way of Sunbelt blog… The Phishtank at Internet Defence has a realtime archive of phishing emails as well as real time information on the status of their host sites. On their phishing site monitor it says…
-
IPtables magic, or… Blocking Aggressive Outbound Traffic with IPtables
Blocking Aggressive Outbound Traffic with IPtables.
For starters, I’ve tested this on a test system that started out with NO iptables rules, and then moved on to an IPCop install (the vmware download from vmwarez.com…)
I’ve detailed previously one dilemma that I had with regard to my own cable connection which made me question how one could SAFELY host a wireless access point (in the clear) for guest web browsing, without allowing a wireless user to port scan the outside world/aggressively spread viruses/etc. Traditional firewall setups are typically oriented towards protecting the internal network. This post is an attempt to give an explanation of how to implement the idea put forth in this post.
-
Vandals banging on the door of ssh….
Sometimes I wish I wasn’t curious about things…. The other night I was working on something on the testbox in the back room and saw the switch lights flickering fairly actively between the server and the internet gateway. At first I thought maybe it was some mail coming in, but it was awfully persistent. So, I started nosing around. I saw that sshd was showing up in the process list and on checking /var/log/messages…. found hundreds of ongoing attempts to break in through the ssh server. (sigh….) Now, there was a time when I’ve kind of snickered when I’ve seen these futile attempts, because I have a VERY short list of allowed ssh users. (AllowUsers username can be set in /etc/ssh/sshd_config) But, this was fairly persistent and there was more variety to the usernames than I’m used to seeing.
-
NEW exploit for the WMF vulnerability
Just when you thought we had a good understanding of the recent zero-day WMF (Windows metafile exploit) it’s worse. Sans is reporting on a new variation on the exploit released today. They have gone to yellow (again) to warn people. Here are some details. This exploit was “made by the folks at metasploit and xfocus, together with a anonymous source.”
-
PCworld top 100 products of 2005
Although some of the linked reviews are old, PCWorld has released their list of top 100 products of 2005. It’s nice to see a number of familiar products in the list, several Google offerings are listed (main search engine, desktop, and GMail at #2). Ubuntu makes #26 which is noteworthy. I notice Wikipedia is in there as well. Many of the items on the list of course, have been out a bit longer than a year so it’s not 100 top NEW products, just 100 top products. Mozilla Firefox tops the list at #1.