Is this a step up or a step down in the world of geekdom?
http://it.slashdot.org/article.pl?sid=07/03/02/1553253&from=rss
Funny part is. I didn’t say that. Arrigo did.
Saturday, March 3
I was Slashdotted, or, my name was.
Is this a step up or a step down in the world of geekdom?
http://it.slashdot.org/article.pl?sid=07/03/02/1553253&from=rss
Funny part is. I didn’t say that. Arrigo did.
http://it.slashdot.org/article.pl?sid=07/03/02/1553253&from=rss
Funny part is. I didn’t say that. Arrigo did.
Friday, March 2
Vista
Now, I have heard that Vista isn’t all it’s cracked up to be.
No surprise. I did play with it at CompUSA for a few minutes. It’s still Windows. All the GUI stuff you do Bill, can only make it better. But it’s still STINKOWS!!!
This ad from Apple says it best IMO:
apple-getamac-security_480x376.mov
Yeah it’s a bit exaggerated, but dude, annoying.
OSX does require you to put in a password, but to change SYSTEM stuff, and and things like that. That’s what I hear Vista is trying to be like, but I’ve heard it’s much more annoying. Anyone that has both want to weigh in on it?
Classic
Solaris Worm
Okay, so Sun made a whoopsie and committed some code to Login that apparently introduced a vulnerability that existed waaaay back in 1994. (Awesome)
Well it wasn’t long before someone coupled together a shell script and the exploit, packaged it up, and send it flying across the internet.
Now.
1) If you got infected, IMO, it’s your own dumb fault. If you are running Solaris (or ANYTHING) with a publicly facing open port 23 (telnet), you are nuts. Mmmkay?
2) If you didn’t patch or shutoff the vulnerable service when the vulnerability came out. You are just nuts..
Jose Nazario over at Arbor sent this into the Internet Storm Center: this article That outlines it.
If you look at the port graph over at the ISC: Check it out You can see the amount of port 23 scans have shot up.
The thing I want you to pay attention to, is the number of targets shot up to around 50K, but the sources were very very low. An isolated subnet in France. Hmmm..
Anyway, Sun made a “Worm removal script” here that you can use, but lets take a look at it.
The worm creates files in /var/adm and /var/spool/lp called “.profile” -- okay, makes sense.
/var/spool/lp/admins/.lp <-- okay.
/var/adm/sa/.adm <-- okay..
Heres the processes the worm spawns, and how to kill them:
/bin/pkill -9 -u lp 'lpshut|lpsystem|lpadmin|lpmove|lpusers|lpfilter|lpstat|lpd|lpsched|lpc'
/bin/pkill -9 -u adm 'devfsadmd|svcadm|cfgadm|kadmind|zoneadmd|sadm|sysadm|dladm|bootadm|routeadm|uadmin|acctadm|cryptoadm|inetadm|logadm|nlsadmin|sacadm|syseventadmd|ttyadmd|consadmd|metadevadm'
Have fun. While you are at it. get rid of Solaris.
Vista
Now, I have heard that Vista isn’t all it’s cracked up to be.
No surprise. I did play with it at CompUSA for a few minutes. It’s still Windows. All the GUI stuff you do Bill, can only make it better. But it’s still STINKOWS!!!
This ad from Apple says it best IMO:
apple-getamac-security_480x376.mov
Yeah it’s a bit exaggerated, but dude, annoying.
OSX does require you to put in a password, but to change SYSTEM stuff, and and things like that. That’s what I hear Vista is trying to be like, but I’ve heard it’s much more annoying. Anyone that has both want to weigh in on it?
Classic
Solaris Worm
Okay, so Sun made a whoopsie and committed some code to Login that apparently introduced a vulnerability that existed waaaay back in 1994. (Awesome)
Well it wasn’t long before someone coupled together a shell script and the exploit, packaged it up, and send it flying across the internet.
Now.
1) If you got infected, IMO, it’s your own dumb fault. If you are running Solaris (or ANYTHING) with a publicly facing open port 23 (telnet), you are nuts. Mmmkay?
2) If you didn’t patch or shutoff the vulnerable service when the vulnerability came out. You are just nuts..
Jose Nazario over at Arbor sent this into the Internet Storm Center: this article That outlines it.
If you look at the port graph over at the ISC: Check it out You can see the amount of port 23 scans have shot up.
The thing I want you to pay attention to, is the number of targets shot up to around 50K, but the sources were very very low. An isolated subnet in France. Hmmm..
Anyway, Sun made a “Worm removal script” here that you can use, but lets take a look at it.
The worm creates files in /var/adm and /var/spool/lp called “.profile” -- okay, makes sense.
/var/spool/lp/admins/.lp <-- okay.
/var/adm/sa/.adm <-- okay..
Heres the processes the worm spawns, and how to kill them:
/bin/pkill -9 -u lp 'lpshut|lpsystem|lpadmin|lpmove|lpusers|lpfilter|lpstat|lpd|lpsched|lpc'
/bin/pkill -9 -u adm 'devfsadmd|svcadm|cfgadm|kadmind|zoneadmd|sadm|sysadm|dladm|bootadm|routeadm|uadmin|acctadm|cryptoadm|inetadm|logadm|nlsadmin|sacadm|syseventadmd|ttyadmd|consadmd|metadevadm'
Have fun. While you are at it. get rid of Solaris.
Subscribe to:
Posts (Atom)
-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so... -
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
-
Let's say you're like me, an avid Omnifocus user, but you've been hearing great things about Reminders on MacOS/iOS/iPadOS, and ...