One of the oft-mentioned weaknesses of Linux, fragmentation, just happens to be one of its greatest strengths. A broad range of choices in an immature market is a good thing. Of course, choice does come at a cost. For example, there may be no standard way to do a particular task. Further, development resources will sometimes be split among two or more projects. However, these are weaknesses in the short term only.One could similarly argue that evolution of species suffers from the same weakness of fragmentation. However, in the long term, the survival and consolidation of the best traits results in an improved breed. Eventually, one of the many approaches to some desktop task will rise to dominance and show the market the right way to do it, and, at the same time, reduce the fragmentation problem.
.::anti-abuse.com::.
Security Revealed
Archive for October, 2007
Linux vs. Windows: Why Linux will win
One of the oft-mentioned weaknesses of Linux, fragmentation, just happens to be one of its greatest strengths. A broad range of choices in an immature market is a good thing. Of course, choice does come at a cost. For example, there may be no standard way to do a particular task. Further, development resources will sometimes be split among two or more projects. However, these are weaknesses in the short term only.One could similarly argue that evolution of species suffers from the same weakness of fragmentation. However, in the long term, the survival and consolidation of the best traits results in an improved breed. Eventually, one of the many approaches to some desktop task will rise to dominance and show the market the right way to do it, and, at the same time, reduce the fragmentation problem.
Software patent abolition campaign will launch next month
What could make the Free Software Foundation (FSF), proprietary software companies, and at least one venture capitalist into allies? The End Software Patents (ESP) coalition, a new organization poised to swing into action next month under the leadersh…
First US GPL infringement case settled
The Software Freedom Law Center (SFLC) and Monsoon Multimedia announced yesterday that an agreement was reached to dismiss the GNU General Public License (GPL) enforcement lawsuit filed by SFLC on behalf of two principal developers of BusyBox. As this settlement prevents the case from going to court, the SFLC’s defence of the GPL remains untested in a US courtroom.
Quickly check for potential root-exploitable programs and backdoors.
One potential way for a user to escalate her privileges on a system is to exploit a vulnerability in an SUID or SGID program. SUID and SGID are legitimately used when programs need special permissions above and beyond those that are available to the user who is running them. Unfortunately, a poorly written SUID or SGID binary can be used to quickly and easily escalate a users privileges. This leads us to the need for scanning systems for SUID and SGID binaries. This is a simple process.
Quickly check for potential root-exploitable programs and backdoors.
One potential way for a user to escalate her privileges on a system is to exploit a vulnerability in an SUID or SGID program. SUID and SGID are legitimately used when programs need special permissions above and beyond those that are available to the user who is running them. Unfortunately, a poorly written SUID or SGID binary can be used to quickly and easily escalate a users privileges. This leads us to the need for scanning systems for SUID and SGID binaries. This is a simple process.
Bugtraq: Secunia Research: McAfee E-Business Server Auth Packet HandlingBuffer Overflow
Secunia Research: McAfee E-Business Server Auth Packet HandlingBuffer Overflow
Bugtraq: Secunia Research: CUPS IPP Tags Memory Corruption Vulnerability
Secunia Research: CUPS IPP Tags Memory Corruption Vulnerability
Bugtraq: SEC Consult SA-20071031-0 :: Perdition IMAP Proxy Format StringVulnerability
SEC Consult SA-20071031-0 :: Perdition IMAP Proxy Format StringVulnerability
Bugtraq: Re: Comments re ISC’s announcement on bind9 security
Re: Comments re ISC’s announcement on bind9 security
vizagfreeads.com XSS
BackDoor has discovered a vulnerability in vizagfreeads.com, which could be exploited by malicious people to conduct XSS attacks.
OpenMoko Media Player preview on YouTube
mokoNinja posted a video a few hours ago on YouTube showing the newly created media player application for the OpenMoko. This is a pretty standard feature for all smart phones, and since I am looking to replace the need for a portable media player when I get a Neo1973, it is nice to see that it is coming along nicely with all the standard features one would expect raised when raised in an iPod generation. While it seems to lack the polish of the iPhone interface right now, OpenMoko seems to be shaping up into a decent contender, and once all the basic functionality is covered, we will start seeing some real innovation that makes open source applications so exciting to use.
OpenMoko Media Player preview on YouTube
mokoNinja posted a video a few hours ago on YouTube showing the newly created media player application for the OpenMoko. This is a pretty standard feature for all smart phones, and since I am looking to replace the need for a portable media player when I get a Neo1973, it is nice to see that it is coming along nicely with all the standard features one would expect raised when raised in an iPod generation. While it seems to lack the polish of the iPhone interface right now, OpenMoko seems to be shaping up into a decent contender, and once all the basic functionality is covered, we will start seeing some real innovation that makes open source applications so exciting to use.
10.30.07-3.txt
iDefense Security Advisory 10.30.07 – Local exploitation of an integer underflow vulnerability in the dig program of IBM Corp.’s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within dns_name_fromtext function within the libdns.a library. This function is called when processing the ‘-y’ command line parameter to the dig program. By supplying a specially crafted TSIG key parameter, an attacker is able to cause an integer underflow, resulting in potentially exploitable heap corruption. iDefense has confirmed the existence of this vulnerability within AIX version 5.2. Previous versions are suspected to be vulnerable. AIX 5.3 is not vulnerable since the dig command is no longer installed set-uid root.
10.30.07-4.txt
iDefense Security Advisory 10.30.07 – Local exploitation of a stack buffer overflow vulnerability in IBM Corp.’s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the ‘-p’ command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.
Linux device driver project needs more unsupported devices to work on!
www.4payeh.net XSS
BackDoor has discovered a vulnerability in www.4payeh.net, which could be exploited by malicious people to conduct XSS attacks.
mangraovat.net XSS
BackDoor has discovered a vulnerability in mangraovat.net, which could be exploited by malicious people to conduct XSS attacks.
www.kitesurfshops.com XSS
BackDoor has discovered a vulnerability in www.kitesurfshops.com, which could be exploited by malicious people to conduct XSS attacks.
eWeek: What Is It Like Migrating Mission Critical Servers from Paid Linux (RHEL) to Free Linux (…
eWeek: What Is It Like Migrating Mission Critical Servers from Paid Linux (RHEL) to Free Linux (CentOS)?
Computer World: Some Leopard upgraders see ‘blue screen of death’
Reg Hardware: Tool opens iPhone, iPod Touch via web
Reg Hardware: Tool opens iPhone, iPod Touch via web
The Register: Gatwick reduced to anarchy by ‘computer glitch’ “clocks not going back on Sun…
The Register: Gatwick reduced to anarchy by ‘computer glitch’ "clocks not going back on Sunday morning"
somerbuys.com XSS
BackDoor has discovered a vulnerability in somerbuys.com, which could be exploited by malicious people to conduct XSS attacks.
www.vimoo.com XSS
BackDoor has discovered a vulnerability in www.vimoo.com, which could be exploited by malicious people to conduct XSS attacks.
www.nativeponiesonline.co.uk XSS
BackDoor has discovered a vulnerability in www.nativeponiesonline.co.uk, which could be exploited by malicious people to conduct XSS attacks.
etomotors.com XSS
BackDoor has discovered a vulnerability in etomotors.com, which could be exploited by malicious people to conduct XSS attacks.
etomotors.com XSS
BackDoor has discovered a vulnerability in etomotors.com, which could be exploited by malicious people to conduct XSS attacks.
www.50statesclassifieds.com XSS
BackDoor has discovered a vulnerability in www.50statesclassifieds.com, which could be exploited by malicious people to conduct XSS attacks.
www.50statesclassifieds.com XSS
BackDoor has discovered a vulnerability in www.50statesclassifieds.com, which could be exploited by malicious people to conduct XSS attacks.
Advertisments
Popular Tags
Recent Entries
- Info World: AT&T won’t stop Black Hat demo of cell phone eavesdropping “The operator denies rumors it will try to block a hacker’s demonstration of cell phone call interception at the Black Hat conference”
- c|net: Black Hat shines light on security (roundup)
- Bugtraq: CFP NcN 2010
- Bugtraq: [security bulletin] HPSBUX02556 SSRT100014 rev.2 – HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code
- Infocon: green
- Web Traffic Analysis with httpry, (Fri, Jul 30th)
- Bugtraq: [HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th
- 6 Ways to Make Sure Your Sex Life Stays Private
- Information Security Investigator: BlackHat 2010 Video! The ATM Hack and Jackpot
- The Register: UK population to be guaranteed mobile 768Kb/sec service
Recent Comments
- Keine Kommentare vorhanden.
Social Network
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Sep | Nov » | |||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 | ||||
Subscribes
Meta
Archives
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- August 2005
- July 2005
- June 2005
- May 2005
- January 2005
- November 2004
- October 2004
- September 2004
- October 2002
- December 2001
- January 1970
- December 1969
Also
rss
- SANS Internet Storm Center, InfoCON: green
- SANS Internet Storm Center, InfoCON: green
- (IN)SECURE Magazine Notifications RSS
- 0DayCar
- A Day in the Life of an Information Security Investigator
- All about Linux
- All about Linux
- AlterNet.org Main RSS Feed
- AlterNet.org Main RSS Feed
- Astalavista.net – Directory
- Astalavista.net – Exploits
- cmw.me blogs
- Confessions of a Penetration Tester
- Darknet – The Darkside
- Darknet – The Darkside
- Debian GNU/Linux System Administration Resources
- Debian GNU/Linux System Administration Resources
- DesktopLinux.com
- DesktopLinux.com
- F-Secure Antivirus Research Weblog
- F-Secure Antivirus Research Weblog
- Got Root Articles
- Got Root Articles
- Got Root Blogs
- Got Root Blogs
- Got Root Library and Wiki
- Got Root Library and Wiki
- Hack a Day
- Hack a Day
- HowtoForge – Linux Howtos and Tutorials -
- HowtoForge – Linux Howtos and Tutorials -
- izik
- izik
- Joomla! powered Site
- kaos.theory: fractal blog
- kaos.theory: fractal blog
- Latest Secunia Advisories
- Librenix.com | Linux Sysadmin Central
- Librenix.com | Linux Sysadmin Central
- Linux Gazette
- Linux Gazette
- Linux Journal – The Original Magazine of the Linux Community
- Linux Journal – The Original Magazine of the Linux Community
- Linux.com :: Feature
- Linux.com :: Feature
- LXer Linux News
- LXer Linux News
- milw0rm.com
- milw0rm.com
- ModSecurity Blog
- ModSecurity Blog
- nixCraft Linux Sys Admin Blog
- nixCraft Linux Sys Admin Blog
- Open Source Networking
- Open Source Networking
- Own-the.net – Web application security and SEO
- Packet Storm Security Advisories
- Packet Storm Security Advisories
- Packet Storm Security Exploits
- Packet Storm Security Exploits
- Packet Storm Security Headlines
- Packet Storm Security Headlines
- Packet Storm Security Last Files
- Packet Storm Security Last Files
- Packet Storm Security Miscellaneous Files
- Packet Storm Security Miscellaneous Files
- Packet Storm Security Tools
- Packet Storm Security Tools
- RootPrompt — Nothing but Unix
- RootPrompt — Nothing but Unix
- Rootsecure.net
- Rootsecure.net
- SecuriTeam
- SecuriTeam
- SecurityDocs
- SecurityDOT Articles
- SecurityDOT Articles
- SecurityDOT Exploits
- SecurityDOT Exploits
- SecurityDot News
- SecurityDot News
- SecurityDot Vulnerabilities
- SecurityDot Vulnerabilities
- SecurityFocus News
- SecurityFocus News
- SecurityFocus Vulnerabilities
- SecurityFocus Vulnerabilities
- Spyware Warrior
- Spyware Warrior
- TaoSecurity
- TaoSecurity
- TechCrunch
- The Ethical Hacker Network RSS News Feed
- The Ethical Hacker Network RSS News Feed
- The most recent articles from vnunet.com
- The most recent articles from vnunet.com
- US-CERT Cyber Security Alerts
- US-CERT Cyber Security Alerts
- US-CERT Cyber Security Bulletins
- US-CERT Cyber Security Bulletins
- US-CERT Cyber Security Tips
- US-CERT Cyber Security Tips
- US-CERT Technical Cyber Security Alerts
- US-CERT Technical Cyber Security Alerts
- VulnWatch
- VulnWatch
- XSSed syndication
- XSSed syndication
- XSSed syndication
- XSSed syndication