"According to a recent article on C|Net a new worm is swiftly spreading via AIM to many computers. It delivers a brutal root-kit which bypasses security software and takes control of a PC." From the article: "The worm was spotted in an AOL IM chatroom and infected one of the PCs that FaceTime uses for worm bait. The company said it also has seen the pest hit other computers. 'It is still out there, and it is definitely something the user should be leery of ... The rootkit is designed to not be detected, and that is the scary part.'"
(from slashdot)
Monday, October 31, 2005
Sunday, October 30, 2005
GNU/Linux style Halloween
"In a cool contest with a Halloween theme, BitDefender is inviting Linux enthusiasts to crash test their upcoming antivirus solution for Linux e-mail servers. The most thorough beta tester will receive 1,000 German beers and a trip to BitDefender's corporate headquarters in Romania, where they will attend meetings with Count Dracula, the BitDefender development team and other local luminaries."
Awww... I wish I had enough resources to participate. I want to go meet Count Dracula.
Article here.
In similarly themed news; TEH Halloween Computer is here. and it totally pwns you.
Awww... I wish I had enough resources to participate. I want to go meet Count Dracula.
Article here.
In similarly themed news; TEH Halloween Computer is here. and it totally pwns you.
Sunday, October 16, 2005
MySpace security flaw
Saturday, October 15, 2005
Lockout
name lockout
version 0.2.3-2
group misc
size 100000
file-size 12862
description
A self-imposed discipline and productivity enforcer Lockout is a tool that imposes discipline on you so that you get some work done. For example, lockout can be used to install a firewall that does not let you browse the Web. Lockout changes the root password for a specified duration; this prevents you from secretly ripping down the firewall and then browsing the Web anyway. In case of an emergency, you can reboot your computer to undo the effects of lockout and to restore the original root password. See also http://thomer.com/lockout/
Well, I think I might need to install this. ._. Sadly.
version 0.2.3-2
group misc
size 100000
file-size 12862
description
A self-imposed discipline and productivity enforcer Lockout is a tool that imposes discipline on you so that you get some work done. For example, lockout can be used to install a firewall that does not let you browse the Web. Lockout changes the root password for a specified duration; this prevents you from secretly ripping down the firewall and then browsing the Web anyway. In case of an emergency, you can reboot your computer to undo the effects of lockout and to restore the original root password. See also http://thomer.com/lockout/
Well, I think I might need to install this. ._. Sadly.
Saturday, October 08, 2005
Thursday, October 06, 2005
Off the record
A dear friend pointed me to this fine plugin and I want to share it with you.
Enter OTR. Off the Record messaging. This plugin aims to protect your privacy, making sure no traces of your conversation are left on your computer.
Quoting from the site:
The plugin is available for GNU/Linux (several distributions), Windows and OSX users using gaim and Adium (and Trillian, I think.)
For Debian, I just did apt-get install otr-gaim and it was fetched from the repositories and installed without a glitch.
This is a very fine tool for those concerned with their privacy, especially if you are sharing a computer (ex, work environment).
Update: October 13th:
Newsforge is running a very nice article about this plugin and general privacy in IM's. Don't miss it.
Enter OTR. Off the Record messaging. This plugin aims to protect your privacy, making sure no traces of your conversation are left on your computer.
Quoting from the site:
Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing:
Encryption
No one else can read your instant messages.
Authentication
You are assured the correspondent is who you think it is.
Deniability
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised.
The plugin is available for GNU/Linux (several distributions), Windows and OSX users using gaim and Adium (and Trillian, I think.)
For Debian, I just did apt-get install otr-gaim and it was fetched from the repositories and installed without a glitch.
This is a very fine tool for those concerned with their privacy, especially if you are sharing a computer (ex, work environment).
Update: October 13th:
Newsforge is running a very nice article about this plugin and general privacy in IM's. Don't miss it.
Microsoft does it again
From NewsForge.
Bill Gates' Microsoft caught in a bald-faced lie about HD DVD-ROM discs.
As a commenter duely noted, Microsoft spreading FUD (Fear Uncertainty and Doubt) and providing inferior solutions is not really news. What I find fascinating is that people continue to use a product made by a company that blatantly lies to their faces.
If it was any other kind of product, people would switch.
I guess the reigning ignorance of the average Joe User has a lot to do with this. Most people not only do not know they are being lied to, they additionally do not know they have options outside of Microsoft.
This is why people need to be educated about freedom and taught about their options.
Bill Gates' Microsoft caught in a bald-faced lie about HD DVD-ROM discs.
As a commenter duely noted, Microsoft spreading FUD (Fear Uncertainty and Doubt) and providing inferior solutions is not really news. What I find fascinating is that people continue to use a product made by a company that blatantly lies to their faces.
If it was any other kind of product, people would switch.
I guess the reigning ignorance of the average Joe User has a lot to do with this. Most people not only do not know they are being lied to, they additionally do not know they have options outside of Microsoft.
This is why people need to be educated about freedom and taught about their options.
Tuesday, October 04, 2005
Spread Firefox.com under attack again.
The Spread Firefox Team became aware this week that the server hosting
Spread Firefox, our community marketing site, has been accessed by
unknown remote attackers who attempted to exploit a security
vulnerability in TWiki software installed on the server. The TWiki
software was disabled as soon as we were aware of the attempts to
access
SpreadFirefox.com. This exploit was limited to SpreadFirefox.com and
did not affect mozilla.org web sites or Mozilla software.
We have scanned Spread Firefox servers and at this time do not believe
any sensitive data was taken, but as a precautionary measure we have
shutdown the site and will be rebuilding the web site from scratch. We
also recommend that you change your Spread Firefox password and the
password of any accounts where you use the same password as your Spread
Firefox account. We will notify you again when the site is back up
with
instructions on how to change your password. (Note: We do use MD5
hashing on the passwords, but MD5 cannot protect all passwords against
off-line dictionary style attacks.)
After Spread Firefox was compromised in July, we instituted procedures
to ensure that we apply all security fixes to the software running the
site (Drupal and PHP) as soon as they become available. Unfortunately,
those procedures overlooked the installation of the TWiki software
since
it is not used by the main Spread Firefox site. When the system is
rebuilt, all the software will be audited to ensure that security
updates will be applied in a timely manner. We deeply regret this
incident and any inconvenience this may have caused you. Sincerely,
Spread Firefox Team
Mozilla Foundation
Spread Firefox, our community marketing site, has been accessed by
unknown remote attackers who attempted to exploit a security
vulnerability in TWiki software installed on the server. The TWiki
software was disabled as soon as we were aware of the attempts to
access
SpreadFirefox.com. This exploit was limited to SpreadFirefox.com and
did not affect mozilla.org web sites or Mozilla software.
We have scanned Spread Firefox servers and at this time do not believe
any sensitive data was taken, but as a precautionary measure we have
shutdown the site and will be rebuilding the web site from scratch. We
also recommend that you change your Spread Firefox password and the
password of any accounts where you use the same password as your Spread
Firefox account. We will notify you again when the site is back up
with
instructions on how to change your password. (Note: We do use MD5
hashing on the passwords, but MD5 cannot protect all passwords against
off-line dictionary style attacks.)
After Spread Firefox was compromised in July, we instituted procedures
to ensure that we apply all security fixes to the software running the
site (Drupal and PHP) as soon as they become available. Unfortunately,
those procedures overlooked the installation of the TWiki software
since
it is not used by the main Spread Firefox site. When the system is
rebuilt, all the software will be audited to ensure that security
updates will be applied in a timely manner. We deeply regret this
incident and any inconvenience this may have caused you. Sincerely,
Spread Firefox Team
Mozilla Foundation
Subscribe to:
Posts (Atom)
