Whitepaper regarding cross site request forgery attacks. Written in Spanish.

continue reading.....

So what’s up with Linux in Amsterdam? That’s a front-burner question for me right now because I’ll be spending the next three days there, and would like to pick up on a story or few while I’m there.

read more

continue reading.....

Filed under: robots hacks

It’s caturday, so let’s post some freaking cats. With a little research we found commercial, hobbyist, research, and cyborg cats.

First up is NeCoRo. Released in 2001, this is probably the most recognized commercial robot cat; renowned for its creepiness.

Not wanting to be shut out of a market Sega has developed their own creepy cat. Yume Neko Smile is available for $72 and as the video demonstrates, gets very annoyed when you pull its tail.

Household robot cats aren’t a new invention. Straight out of the “Teddy Ruxpin era”, comes Petster Deluxe. The fur covered robotic lump can avoid obstacles, respond to claps, or use a wired remote.

Philips Research’s entry into this feline nightmare is the iCat. It’s a 38cm tall cat equipped with 13 servos to control facial movements. The goal is to have shared platform for researching man machine interaction: man’s interaction with weird looking cats.

Hobby robot company Dynamizer took the popularity of humanoid robots and developed an entry level cat robot. It’s designed to be cheap and easy to expand with new sensors.

Above is a cat robot scratch built by Lim Tian Siak.

Finally, we have Elvis, the cyborg cat. He lost use of his hind legs in an accident, so his BattleBot building caretakers created a bot he could drive by pressing on two buttons. It seems, given the right equipment cats would spend their days spinning clockwise.

Permalink | Email this | Linking Blogs | Comments

continue reading.....

XEROX DocuShare versions 6 and below suffer from a cross site scripting vulnerability.

continue reading.....

ASUS DPC proxy versions 2.0.0.16 and 2.0.0.19 remote buffer overflow exploit that binds a shell to port 4444.

continue reading.....

PHP Booking Calendar version 10d remote SQL injection exploit that retrieves the administrator login and password hash.

continue reading.....

CMS from Scratch versions 1.1.3 and below suffer from a directory traversal vulnerability in image.php.

continue reading.....

PHP Booking Calendar version 10d arbitrary file upload exploit.

continue reading.....

Dot Net Nuke versions 4.8.3 and below suffer from a cross site scripting vulnerability.

continue reading.....

Apple Mail versions 3.1 and 3.2 suffer from a denial of service vulnerability when reading a specially crafted e-mail.

continue reading.....

HiveMaker Professional versions 1.0.2 and below suffer from a remote SQL injection vulnerability.

continue reading.....

Remote SQL injection exploit for the Mambo mambads component version 1.0 RC1 Beta and 1.0 RC1.

continue reading.....

Now SMS/MMS Gateway version 5.5 remote buffer overflow exploit that binds a shell to port 4444.

continue reading.....

Secunia Research reported a vulnerability that allows for the execution of arbitrary code in smbd. This defect is is a result of an incorrect buffer size when parsing SMB replies in the routine receive_smb_raw(). Samba versions 3.0.0 through 3.0.29 are affected.

continue reading.....

Cisco Security Advisory – CiscoWorks Common Services contains a vulnerability that could allow a remote attacker to execute arbitrary code.

continue reading.....

HP Security Bulletin – A potential security vulnerability has been identified with HP-UX running ftp. The vulnerability could be exploited remotely to create a Denial of Service (DoS). The Denial of Service (DoS) affects the ftp server application only.

continue reading.....

Mandriva Linux Security Advisory – Testing using the Codenomicon TLS test suite discovered a flaw in the handling of server name extension data in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If OpenSSL has been compiled using the non-default TLS server name extensions, a remote attacker could send a carefully crafted packet to a server application using OpenSSL and cause a crash. Testing using the Codenomicon TLS test suite discovered a flaw if the ‘Server Key exchange message’ is omitted from a TLS handshake in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a malicious server with particular cipher suites, the server could cause the client to crash.

continue reading.....

Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability

continue reading.....

VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues

continue reading.....

At BrainShare 2008 in March, Novell introduced a set of Linux certifications for administrators. Rather than being directed at higher-end Linux managers, like the Red Hat Certified Engineer (RHCE) or Novell’s own Novell Linux Certified Engineer (NLCE), the new certifications are meant for entry-level Linux administrators, one step above the Linux Professional Institute’s entry-level LPIC-1.

continue reading.....

As OpenSuse 11 has gone through its various betas, the screenshots, particularly of the installer, have continually been impressive and the RC screenshots are certainly cool, too.

continue reading.....

XEROX DocuShare URL XSS Injection Vulnerabilities

continue reading.....

Here is PlayOnLinux version 3.0 as announced, the release of your favorite front-end to Wine, PlayOnLinux.

continue reading.....

I’ve proxy (mod_proxy) enabled for Apache under Debian Linux 4.0 server. I’d like to use this to improve performance, but I don’t want an open proxy that can be used by anyone on the Internet? How do I secure my proxy as limiting access is essential as I’m using a forward proxy?

Answer to “How To Secure Apache Proxy Server (mod_proxy)“

Copyright © nixCraft. All Rights Reserved. Support nixCraft when you shop at amazon. Thanks!

continue reading.....

Channel Register: French police bust 22 youths in alleged hacking network "suspects are thought to have broken into the websites of thirty four businesses based in France, Russia and Iceland"

continue reading.....

(Posted 27 May 2008 by Ray)

continue reading.....

Filed under: news

Medgadget recently published a post about a soccer competition for nanobots at RoboCup. The nanobots compete on a field that measures 1500 by 2500 micrometers with goals on the long sides jutting 500 micrometers out. Like normal soccer athletes, the nanobot teams attempt to push the ball – in this case, a silicon dioxide disc with a 50 micrometer diameter – into the goal. The nanobot competitors are monitored by an optical microscope and are remotely controlled by magnetic signals sent across the arena.

The National Institute of Standards and Technology (NIST) and RoboCup have already held two nanobot competitions in the last year. Nanobots made by different teams from various universities compete to test various abilities that will be critical for their practical applications in medicine, manufacturing, and other industries.

Though it is referred to as nanosoccer, the competition is actually a triathlon. The bots must sprint to the goal with the ball in one event, then maneuver the ball around stationary “defenders” and into the goal in the next event, and finally score as many goals as possible within 3 minutes. NIST and RoboCup hope to show the practical potential of nanobots with this competition and have a little fun in the process.

[via Medgadget]

Read | Permalink | Email this | Linking Blogs | Comments

continue reading.....

CNet has published an interesting information about Google data center and estimates that they have 2,00,000 servers spanned across 36 data centers across the globe. From the article:

On the other hand, Dean seemingly thinks clusters of 1,800 servers are pretty routine, if not exactly ho-hum. And the software company runs on top of that hardware, enabling a sub-half-second response to an ordinary Google search query that involves 700 to 1,000 servers, is another matter altogether.

Google doesn’t reveal exactly how many servers it has, but I’d estimate it’s easily in the hundreds of thousands. It puts 40 servers in each rack, Dean said, and by one reckoning, Google has 36 data centers across the globe. With 150 racks per data center, that would mean Google has more than 200,000 servers, and I’d guess it’s far beyond that and growing every day.

(Fig.01: Google data center [credit:cnet news])

I’m well aware of HA and clustering technologies but this is massive setup with tons and tons of systems. Google uses distributed storage system and other in house developed tools.

Sounds like a great place to work

=> Google spotlights data center inner workings

Related Posts:

• Sun blackbox – data center on wheels
• Running Google earth on Linux (upcoming Google port)
• Using google to attack on your personal web server
• Download Linux Google desktop application
• Cisco Nexus 7000 Network Switch Can Route 15 Terabits Per Second

© Google Data Center Information – nixCraft – Support nixCraft when you shop at amazon. Thanks!

continue reading.....

Thousands of miles of the rainforest may be flooded because of dam likely to cause a dramatic rise in greenhouse gas emissions.

continue reading.....

“The Americans should concentrate on maintaining security and not doing missionary work.”

continue reading.....