HB blog

Dan Kaminski discovered flaw in foundations of internet - DNS servers. Even he kept silence about the details exploit was published on internet. So if you want to be safe visit his blog to check your DNS servers.

Without them everyone should maintain theit own hosts name linking IP address and FQDN (fully qualified domain name such as “blog.hbcom.info” or “www.google.com”). For more information about DNS systrem check here.

There is a lot of discussions on internet. Just a sample of them:

http://addxorrol.blogspot.com

http://blogs.zdnet.com/security/?p=1546

http://rdist.root.org/2008/07/21/dns-novice-discovers-secret-flaw/

http://www.centos.org

and many more…

For me is unclear how this flaw affects the users behind caching only server. My understanding is that for cache to be poisoned it should accept the request first. So it could be done only from insiders. So majority of users are not affected. And the flaw affects more ISP’s and other similar setups.

Also we (users) should have more explanations since it seems that alll patches only randomize the source port of the request. If this is the solution there is no need to apply patch just change the configuration to randomize he ports.

Note: This is serious flaw and nothing could guaranteed.

Recently I remarked that my Foxmarks do not sync anymore…

After going to Log file I discovered that I have error 400 (unknown error) .

Quick search on Foxmarks site showed me that I’m not the only one.

Automatic fix did not work for me, so I was forced to do manual fix.

Be sure that you have latest version of your bookmarks on the PC you do the fix. Otherwise you may have problems with missing bookmarks.

Recently a lot of work was done in exploiting browsers cross site scripting (XSS) vulnerabilities.

Now research by Aaron Weaver showed the possibility to use browser connected to malicious site to send print jobs to network printers. This may be big problem for companies - usually home users use only locally connected printers.

It is just matter of time to create a tool and sell it to the spammers. Then we can say welcome to “printer” spam.

Source

When trying to install CentOS 5 in Xen DomU via http I received following error:

“Could not find an installable distribution the install location”

The problem was that instead  pointing to root of folder containing mounted disk images I should point to disk1.

That solved my problem.

New(old) PcTools tool detected my wget.exe as keylogger. After submitting the issue to tech support they concluded(surprisingly fast for free product) that most probably it is false positive and after further study they will update their rules.

For now just add wget.exe to safe processes.

Few hours after Adobe released patch for Acrobat reader exploit was released.

Currently you may receive e-mail with YOUR_BILL.pdf or INVOICE.pdf as attachment. When user opens file Trojan horse is installed to the system.

It is HIGHLY recommended to update to Acrobat reader 8.1.1.

How?

Launch acrobat and go to help –> check for updates.

Multiplication bug in Microsoft Excel 2007 has been reported to Microsoft.

How to verify if your Spreadsheet has the same problem?

Simply put =850*77.1 in any cell the correct result is 65,535, but MS Excel 2007 calculated it as 100000.

There are several other “buggy”combinations reported by other users:

What’s even stranger is this:  Suppose the formula is in A1.
=A1+1 returns 100001, which appears to show the formula is in fact 100000
and a very Serious problem.
And if you multiply be say, 2 you get something else:
=A1*2
returns 131070, as if A1 had 65535. (which it should have been)
=A1*1
Keeps it at 100000.
=A1-1 returns 65534
=A1/1 is still 100000
=A1/2 returns 32767.5
Using MAX() on a range appears not to see 100000.

I use wine from rpmforge repository.

It works well, but all system (bitmap) fonts are missing. DAG could not confirm this as bug, but several other CentOS users confirm that this problem exists.

How to fix:

Install wine (You need rpmforge repo enabled)

yum install wine

Install msttcorefonts

Follow these instructions

move /usr/share/wine/fonts to fonts.old (if already exist remove c:\windows\fonts folder too)

cd /usr/share/wine

mv fonts fonts.old

It is done.

You can use wine and all fonts appear.

Recently site http://apt.sw.be/redhat/el5/en/mirrors-rpmforge went down and this broke my YUM. Here is the error:

Setting up repositories
Could not retrieve mirrorlist http://apt.sw.be/redhat/el5/en/mirrors-rpmforge error was
[Errno 4] IOError: <urlopen error (-2, ‘Name or service not known’)>
Error: Cannot find a valid baseurl for repo: rpmforge

As a solution I’ve edited manually my /etc/yum.repos.d/mirrors-rpmforge

vi /etc/yum.repos.d/mirrors-rpmforge

And commented out problem site.

Then edited /etc/yum.repos.d/rpmforge.repo

vi /etc/yum.repos.d/rpmforge.repo

And commented live list and uncommented file. Like this

#mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge

Now YUM it is back. Still get some mirroring errors, but at least I can use it.

After the hype of security in marketing campaign run by Microsoft about new security “pearl” Vista, there are the first reports of how easily someone can crash the system….

Just press Win+E - this is well known shortcut for launching Explorer and hold it for 20 sec this will cause the launch of multiple Windows Explorer instances resulting lack of system resources and crash of the system.

Unfortunately this cannot be stopped in Task manager….

Wait for patch for MS and hope that somebody will not write a hoax using this vulnerability.