centre{source}

There are two companies I’ve always said I don’t want to go against - Walmart & Microsoft. Anyone with the courage to take on Sony in the video game market - and start to win (Click here to read more) must be given respect. No monopolies… just raw power of money and influence.

Here’s the proof they knew what they were doing… thank goodness CentreSource is not in their sight!

Continue reading "Wired 13.06: The Xbox Reloaded"...

On or around the 10th of May, Sober.P suddenly stopped spreading and started checking some locations periodically, presumably to download a variant and continue spreading.

Yesterday, a new variation was detected, as expected, and was downloaded to these infected machines and has become active as of today.

This variant, however, rather than spreading, is simply sending out spam. Given the volume of proliferation that Sober.p enjoyed, this could be quite a headache.

Swirbo is blocking this new variant, although it doesn’t appear to be spreading via e-mail at this time.

Continue reading "new sober variation"...

A little weirdness this morning: Swirbo got hit with a few IPs just endlessly connecting and disconnecting as follows:

066.240.006.125.24775-067.019.187.050.00025: EHLO DSEXCH.DebtShield.net

067.019.187.050.00025-066.240.006.125.24775: 250-mta1.swirbo.net
250-PIPELINING
250-SIZE 30720000
250-VRFY
250-ETRN
250 8BITMIME

066.240.006.125.24775-067.019.187.050.00025: QUIT

067.019.187.050.00025-066.240.006.125.24775: 221 Bye

63.243.57.99 was the same, except it sent “EHLO dc1admin.admin.tecnicocorp.com”.

The two IPs were:

63.243.57.99/32 (Tecnico TEC42186 (NET-63-243-57-96-1))
66.240.6.125/32 (Optical Capital Group CMA1-OPTICALC-1 (NET-66-240-6-112-1))

Anyone run into this before? Can anyone think of a misconfiguration this would be a symptom of? If it was a DoS attempt it sure wasn’t a very good one.

We are big fans of Clam Anti-Virus, despite worries (by others) about whether or not an open-source product can compete with the big boys in the AV industry. I found some interesting statistics on the various Anti-Virus vendors’ response time on getting various worms added to their definitions updates:

• Sober.P
• Sober.L
• Sober.I

ClamAV was the first to get Sober.P out the door, third for Sober.I, and second for Sober.L. Particularly pathetic is Symantec coming in near-last for every one — For Sober.P, ClamAV had an update out at 18:36 on 5/2/2005; Symantec didn’t get theirs out till 3:38AM the next day.

Interested in a free copy of VMWare Workstation 5? They are running a promotion giving away free copies if you register for one of their upcoming seminars. If you sign up for the Nashville one, I’ll see you there!

I have written articles in the past about ways to use passphraseless SSH keys in a secure manner, by using the the “command” parameter in the authorized_keys file. The one inconvenience with this method is that it only lets you specify one command.

What if you want an account to be able to execute, say, two or three varying commands using the same key? For example, today I was setting up a script to rsync data using ssh. The process involved the command “rsync”, but with varying parameters. The answer, it seems, is to write a wrapper script. SSH makes the command passed available to whatever command you execute via the $SSH_ORIGINAL_COMMAND environment variable. Thus you can pretty easily write a wrapper script that checks $SSH_ORIGINAL_COMMAND against some pre-defined allowed commands and only execute certain ones.

Continue reading "passphraseless ssh"...

It’s long overdue, but it looks like with the introduction of Longhorn, Microsoft may be finally putting the famed BSOD to bed for good.

That’s right, folks, meet the RSOD — the Red Screen of Death. Looks good, but let’s hope it doesn’t make as many appearances as the BSOD.

Bill Gurley has a great breakdown of the battle between state legislatures and municipalities that want to provide low-cost broadband/wireless for their citizens. He outlines six reasons why states should not legislate against municipal initiatives to provide internet access, and provides a compelling case for each. Read his article for a great introduction to this issue.

The display of power by the incumbent telcos in trying to crush these initiatives is as shameless as the kowtowing of the state legislatures to their lobbying efforts.

Continue reading "municipal telecom"...

Bruce Schneier discusses the viability of a SSH worm using the simple fact that ~/.ssh/known_hosts contains visited hostnames and keys, along with the fact that a compromised user/password on one machine will likely work on any of the other machines listed in ~/.ssh/known_hosts.

Over at the Kaspersky blog, Roel talks about why this latest Sober.p variant was so successful. He also notes that the worm has stopped spreading and is now instead checking for updates in predefined locations, which means we could see some new variants soon.