• 28.Jan.15
    GHOST Vulnerability: glibc gethostbyname buffer overflow news, security | rafacas | (0)
    The GHOST vulnerability was discovered and disclosed by Qualys. It is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials. CVE-2015-0235 has been assigned to this issue. Qualys researchers discovered a buffer overflow in the __nss_hostname_digits_dots() function of glibc. This bug can be triggered both locally and remotely via all the gethostbyname*() functions. Applications have access to the DNS resolver primarily through the gethostbyname*() set of functions. These functions convert a hostname into an IP address. They have developed a full-fledged remote ...
  • 28.Jun.11
    The Sibyl going to the No cON Name network, news, security | pfortuny | (0)
    Both rafacas and pfortuny are going next September to Barcelona to the No cON Name conference, to talk about The Sibyl, of which we have already written here. If any of you is interested in IT Security and can make it to Barcelona in September (14-17), it would be nice to meet you there.
  • 08.Dec.10
    The savannah.gnu incident and the Sibyl news, security | pfortuny | (0)
    The compromise in December 2010 is another example of the weakness of system passwords: there will always be someone using a brute-force attackable key. And that is the weakest link. I just want to point out to all our readers out there that the Sibyl is precisely an idea to implement a secure way to store hashes of passwords and prevent brute-force attacks. It is not computationally cheap or even the simplest of setups, but security has a price. At least, it is, but for the hardware part, which depends on your implementation, 'gratis' and BSD-licenced. Hope you like it.
  • 05.Dec.09
    SysAdvent Calendar 2009 news | rafacas | (0)
    SysAdvent is a project started by Jordan Sissel last year. It consists of sysadmin related posts. A post a day from 1st to 25th Dec. Jordan takes that idea from the Perl Advent Calendar. This year there are some bloggers helping Jordan on this task. I recommend subscribing to it, their posts are quite useful.
  • 13.Apr.09
    OpenBSD’s pf null pointer dereference network, news, security | pfortuny | (0)
    We have talked quite a few times about pf, OpenBSD's Packet Filter (firewall). Well, a bug has been discovered which may trigger a kernel panic. There exists a solution, be sure to patch your boxes asap. Notice that the 'editing' solution works on all platforms and versions (at least from 4.2 upwards and probably on older ones).
  • 24.Mar.09
    Linux Kernel 2.6.29 released news | rafacas | (0)
    Via Slashdot I have found out that Linus Torvalds has just released the Linux 2.6.29 kernel. There is a temporary change of logo to Tuz, a Tasmanian Devil, wich is an endangered species. Besides the logo, some of the new important features are: Support for kernel mode-setting on Intel hardware. "Mode setting" is for setting up things like screen resolution and depth mode, in other words, configuring whatever is necessary on the graphics card for displaying things on the screen. Btrfs: is the next-generation Linux filesystem, developed from scratch following the design principles of filesystems like ZFS, WAFL, etc. Squashfs: is a highly compressed ...
  • 25.Feb.09
    Bash 4.0 released news | rafacas | (0)
    Via Slashdot I found out about bash version 4.0 being out. Bash is the GNU Project's Bourne Again SHell, a complete implementation of the POSIX.2 shell spec, but also with interactive command line editing, job control on architectures that support it, csh-like features such as history substitution and brace expansion, and a slew of other features. The new version fixes several bugs in the 3.x releases and introduces a bunch of new features. The most notable ones are associative arrays, improvements to the programmable completion functionality, case-modifying word expansions, co-processes, support for the `**' special glob pattern, and additions to the shell ...