A few days ago, VMware Server 1.0.7 has been released.
The update mainly cares about security issues:
More info can be found in VMware’s Release Notes
If upgrading from ASG 7.200 to newer versions fails, apply the following fix [as root]:
rpm -q ep-asg && cd /tmp && \
wget http://www.testastaro.com/files/rpm/ep-asg-7.2-23.i686.rpm && \
rpm -Uvh /tmp/ep-asg-7.2-23.i686.rpm
More info at Astaro Knowledge Base Article #288713.
SUSE Linux 10.1 has reached End of Life : /
Quote from the opensuse-security-announce mailing list:
With the release of an mysql security fix on August 13 we have released
the last update for SUSE Linux 10.1. (Actually 10.1 was discontinued on
May 31st, but the queue took a bit longer to flush from all updates.)
See: http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00004.html
The password of the user with the lowest ID (typically an administrator) can be reset by an unauthorized user in Joomla 1.5.x installations prior version 1.5.6 because of a bug in the password remind functionality.
All 1.5.x installations prior to and including 1.5.5 are affected
The Joomla developer team advises to upgrade to 1.5.6 (or patch the /components/com_user/models/reset.php file with the code below).
After global $mainframe; on line 113 of reset.php, add:
if(strlen($token) != 32) {
$this->setError(JText::_('INVALID_TOKEN'));
return false;
}
See: Joomla! Developer - Password Remind Functionality
The latestet release of suPHP (v.0.6.3) has been published on Mar 30th, 2008.
It’s a security fix release eliminating two symlink race-conditions.
Users are strongly advised to update immediately.
RBLs - yes / no.. a big discussion always..
Right now, I can recommend zen.spamhaus.org & ix.dnsbl.manitu.net (<- especially for german MXs).
I’ve never seen a false positive on these lists ..
Nevertheless, use the lists for scoring (i.e. with spamassassin), not for instant blocking!
Nowadays, prosecuting “backscatter”, sender callouts, etc. seems to be a new trend - and it could be useful in future..
I’ve tested the only free list I know - backscatterer.org.
Don’t you use that one for immediate blocking!
Scoring can be ok, but even there - watch your logs!
Some “hits” (from a test run) to show what I found:
…
2008-03-04 17:17:42 H=lizzard.sbs.de [194.138.37.39] - possible backscatter
2008-03-04 17:21:59 H=mail.space.net [195.30.0.8] - possible backscatter
2008-03-04 17:25:33 H=relay4.ptmail.sapo.pt [212.55.154.24] - possible backscatter
2008-03-04 17:32:46 H=relay23.arbeitsagentur.de [212.204.77.151] - possible backscatter
2008-03-04 17:33:38 H=mout1.mail.vrmd.de [81.28.224.19] - possible backscatter
2008-03-04 17:48:33 H=dgate1.fujitsu-siemens.com [217.115.66.35] - possible backscatter
2008-03-04 17:50:05 H=mailout05.sul.t-online.de [194.25.134.82] - possible backscatter
2008-03-04 17:51:27 H=relay0-0.brigade.com [209.249.158.73] - possible backscatter
2008-03-04 18:04:42 H=mailout07.sul.t-online.de [194.25.134.83] - possible backscatter
2008-03-04 18:11:21 H=bay0-omc2-s24.bay0.hotmail.com [65.54.246.160] - possible backscatter
2008-03-04 18:13:37 H=mail.space.net [195.30.0.8] - possible backscatter
2008-03-04 18:13:42 H=smtp1.versatel.nl [62.58.50.88] - possible backscatter
2008-03-04 18:15:29 H=mailout09.sul.t-online.de [194.25.134.84] - possible backscatter
2008-03-04 18:16:33 H=ip17.be3a.com (be3a.com) [213.92.9.17] - possible backscatter
2008-03-04 18:18:12 H=gamwsm02.mwga.mailwatch.com [216.157.255.16] - possible backscatter
2008-03-04 18:20:15 H=aps67.muc.ec-messenger.com [195.140.186.67] - possible backscatter
2008-03-04 18:22:56 H=mout1.mail.vrmd.de [81.28.224.19] - possible backscatter
2008-03-04 18:25:46 H=mail.gmx.net [213.165.64.20] - possible backscatter
2008-03-04 18:27:56 H=mail004.thyssenkrupp.com [149.211.153.66] - possible backscatter
2008-03-04 18:30:43 H=mailout04.sul.t-online.de [194.25.134.18] - possible backscatter
2008-03-04 18:33:06 H=mailout03.sul.t-online.de [194.25.134.81] - possible backscatter
2008-03-04 18:39:33 H=mail.gmx.net [213.165.64.20] - possible backscatter
2008-03-04 18:45:20 H=mail.schule.bayern.de [194.95.207.92] - possible backscatter
2008-03-04 18:48:56 H=skibayf20.kirche-bayern.de [141.78.101.100] - possible backscatter
…
A lot of the BIG players (german companies in this example mainly) are found on the list ..
So don’t get yourself in trouble with users that complain all day long and think about what you’re blocking ..
Any suggestion/comment ist highly appreciated.
Tested on: openSUSE 10.2, Squid 2.6 <-> Windows Server 2003
Goal: User authentication should be possible without “extra login” on the squid proxy.
Here we go …
Read More »
Die deutsche Telekom oder T-Com oder T-Online oder T-DSL Business
Irgend ein T-* hat für Ihre Kunden heute nachmittag mal eben schnell die DNS-Server gewechselt - selbstverständlich ohne jemanden vorher zu informieren..
Besonders aufgefallen ist dies bei div. T-DSL Business Kunden. Auf einmal war kein surfen mehr möglich, Mails konnten nicht mehr (über DNS) zugestellt werden, etc.. Stattdessen erhielt man folgende Meldung:
Hinweis zur Abschaltung von DNS-Servern
Wie alle Systeme im Internet müssen auch Server ständig aktualisiert und den Erfordernissen angepasst werden. Der von Ihnen genutzte DNS-Server wird durch leistungsfähigere Systeme ersetzt und steht deshalb nicht mehr zur Verfügung. Normalerweise werden Ihrem Computer / Router die DNS-Server automatisch zugewiesen, so dass die Abschaltung alter DNS-Server keine Auswirkung für Ihr System hat.
....
Überprüfen Sie bitte, ob im Router ein DNS-Server fest eingetragen
wurde. Entfernen Sie ggf. den Eintrag.
Wirklich informativ für Systeme, die den DNS-Server nicht dynamisch beziehen können. Fast lustig ist, dass dies eben hauptsächlich “Business-Kunden” betraf, von denen viele den DNS-Server fest im System hinterlegt haben…
Vielen Dank an atelier89.de/users/dirk - hier wurde man schliesslich doch noch fündig, nachdem die Hotline ausschliesslich auf google verweisen konnte: “suchen Sie mal bei google - da werden Sie das schon finden”.
Wow - das war mal wieder Service .. Danke T-Com :-/
PS:
Die DNS-Server werden anscheinend nach Standort zugewiesen, z.B.:
217.237.148.102 / n-lb-a01.isp.t-ipnet.de - Nuernberg
217.237.151.115 / m-lb-a01.isp.t-ipnet.de - Muenchen
…
PPS:
Die Server sind nur aus den T-Netzen erreichbar; Anfragen aus anderen IP-Bereichen werden abgelehnt.
Do you know this? You need an email account for a registration or for any acknowledgement and you don’t want to post your “real” email address to prevent spam.
Visit http://10minutemail.com/ for an account that exists for 10 minutes (or longer).
Nice tool ; )
Thanks to Konsensmilch for the hint.
Maybe only interesting for german readers and security specialists.
The german government accepted a law that forbids the usage of programs that can be used by hackers and crackers in illegal activities. What they obviously forgot is the simple fact, that you have to use some of these programs to prevent your system from being hijacked. Or what is more probably:
People without any technical knowledge decided once again what is good for us.
Thank you b**ches!
What the CCC thinks about that (german)
heise Security (german)