Using screen to connect multiple users to a shell session
August 24th, 2006I NEVER knew you could use screen for this…. Let multiple users connect to the same Console (command shell/bash shell) session simultaneously. I’ve looked at screen before. It’s a great *nix utility that’s available for most linux distributions. The primary use I’ve seen for it is to be able to have a shell open, and use screen to be able to disconnect and reconnect to a session. Let’s say you have software compiling, you can use screen to get it started from one location and then re-connect to your screen session from another machine. Think…. VNC for the command line. Well, much like VNC it’s possible for multiple users to view and use the session.
Apple next with 1.8 million laptop battery recall
August 24th, 2006A bit over a week ago Dell had a massive recall announced for potentially hazardous laptop computer battery issues. (Flaming laptops.) Now, it’s Apple’s turn. It seems as though Sony is the common supplier for both issues. The BBC has an overview here. Here’s a link at Apple’s site giving more information on getting a replacement and identifying if your battery is affected.
Wireshark 0.99.3
August 24th, 2006Wireshark, various vulnerabilities disclosed
August 24th, 2006There used to be a tool called ethereal and then it changed it’s name to wireshark. Today a number of security vulnerabilities were disclosed. A new version is available and workarounds. Please upgrade if at all possible.
IE7 will have many css fixes
August 24th, 2006They’re doing what they can at Microsoft to put to rest the notion that IE7 won’t make drastic strides in CSS compliance. One of the fronts they’re pushing is this detailed listing of CSS fixes that will be found in Internet Explorer 7 when it is released.
Good sarc monitoring tip
August 23rd, 2006Sarc is still in their month of security tips per day and todays is another good one. Todays tip is about monitoring machines, particularly those that “defend” your network. (Mail antivirus scanners/ proxy fitlers/scanners/etc.) The core of the advice is to not just ping – that only tells you if the system exists and is online – it doesn’t tell if things are working. They suggest scripting tests (antivirus scanner can be tested via the EICAR test signature for instance.) They note that doesn’t tell if the av scanner is updated (I prefer a crontab output of the days updates – looks like there were around 9 clamav signature updates yesterday.
Hiding malware may evade antivirus
August 23rd, 2006Sans had an interesting malware analysis this morning about a blob that appeared to be ascii text (gibberish) that was retrieved by a piece of malware. It turns out that the ascii text was a cleverly encoded exe file (windows executable or program file.) It took several iterations of their analysis to uncover the actual file. A followup referred to a study of “hiding” malware in various Microsoft Word supported formats and how successful (or unfortunately UNsuccessful) several antivirus programs tested were able to identify it. This was performed by running the files through virus total and the virus was the EICAR test pattern.
But it’s brand new, how could it have so many updates?
August 23rd, 2006This morning I was doing a fresh install of Windows XP SP2 into a Virtual Machine. So far, things are fine I went through windowsupdate and found 3 updates the first time, then rebooted and hit windowsupdate again to see 55 updates available. A lot of times when I set up a new pc for somebody they wonder why I want to check windows update multiple times. They’ll usually say something along the lines “but it’s brand new there shouldn’t be any updates.” Well, this install was from a SP2 disk and there have been a large number of updates since that was released. Many manufacturers use fairly sophisticated techniques to roll out the default install images they use, but it’s still very possible that your machine will have several updates waiting for it when you get it.
More Microsoft Patch problems MS06-042
August 22nd, 2006This has been one of the “problem child” patches this time around and it looks as though it’s worse than initially thought. Apparently, instead of “just” crashing IE SP1 when viewing compressed http 1.1 web pages on WinXP SP1 or Windows 2000 SP4…. as stated in Microsoft’s bulletins, this could also lead to a buffer overflow allowing for code execution. Microsoft is saying that they are not aware of that vulnerability being exploited or impacting customers at this time. The issue that was originally reported is detailed in this knowledge base article.
