Linux on Laptop working again

Oh, it’s a good night, thanks to some hard work by others (with me cheering along, and lending what little help I could), some hardware changes, and a little fiddling on my part, I’ve got Fedora Core 5 running VERY well on my laptop now. I’ve so missed Linux on it, WinXP Pro just didn’t really have what I needed. Anyways, there is more information here:

Update for the FC3 Install guide (Untill I write up the FC5 Guide)

I’ll be writing up a Fedora Core 5 install guide in the next week or so hopefully, just been swamped recently with stuff.

Posted in David, Linux, Technology | Leave a comment

Security issue with IE

There are a couple of new security threats out for Microsoft Windows and Internet Explorer. The primary one of concern is this one:

http://www.theregister.co.uk/2006/03/27/another_ie_security_flaw/

Basically, if you click on a malicious website, that website could run any software it wants on your computer and take it over. The reason for this warning is that there is proof of concept code out already, and that means that it is more likely that someone may actually develop a >malicious program (virus/trojan) to try and take advantage of this.

Currently, there is not a patch for this. It is possible to disable activeX in Internet Explorer, but this will also disable a lot of functionality you may be used to.

The best protection is to not open any web links in emails sent to you, and avoid visiting websites you do not trust.

As of now, Microsoft plans to wait till April 11th before releasing a patch for this. If we are lucky, maybe they will release it earlier.

Posted in Security, Technology | Leave a comment

RFID tags can be infected with a computer virus

Oh, this is a good one. If you’re not familiar with RFID tags, they are tiny chips (tiny as in they can be woven into fabric so that they are invisible to careful scrutiny) that can help provide information on an item that is easily scannable by computers from a short distance.

Now, the above statement is almost correct, except that “item” should be read as meaning anything (piece of clothes, box of cereal, your pet, you) and “short distance” should mean as far as someone is willing to build their scanner to read from (think 100+ feet possible).

Well, besides the privacy concerns, now it looks like the companies that use them have to be worried. An RFID tag could contain a virus that can infect their scanning systems and the databases they connect to, and this can be spread to other RFID tags.

Here is the article from The Register

Posted in Security, Technology | Leave a comment

Security issue in GPG signed messages

Looks like there is a bug in GPG that would allow someone to inject misc. data into a cyptographically signed or encrypted message without invalidating the signature of the message. Basically, it means that checking the signature status of a GPG email will not guarantee that the message is what the original sender sent.

Seems to effect all versions prior to 1.4.2.2, there are updates available.

More information here.

Posted in Security, Software | Leave a comment

Bad Ideas for Laws

Oh this is a good one.  Apparently, someone in the New Jersey Legislature has decided that true anonymous posting should be illegal. To make it more fun, the forum owner is the one that can be taken to court.

So, if you run any kind of forum (this can include a BLOG), and you allow posting by users, you must collect all users legal name and address, and you must verify that they are their legal realnames. If you don’t, and someone takes you to court over someone’s post on your forum, you are liable for copensatory and punitive damages as well as the cost of the lawsuit. And no, your forum doesn’t have to be based in NJ, it counts even if someone can access your forum from NJ.

More information here:

http://yro.slashdot.org/yro/06/03/06/1736234.shtml
http://www.njleg.state.nj.us/2006/Bills/A1500/1327_I1.HTM

I would be very surprised if this ever passed, but you never know, worse laws have made it through.

Posted in David | 1 Comment

Two cool new tools for SELinux

Well SELinux has begun the long needed improvement in simplification this week. Tresys Technology (I used to work for them for about a year), has released two new tools to make SELinux Policy writing easier. They are both very early additions (consider them Beta), and they are opensource.

SELinux Policy Development IDE (SLIDE)

CDS Frameworkd IDE

The CDS IDE is more for a very targeted audience (If you don’t know what CDS means, it’s probably not a priority for you), but the other tools are a nice first step towards making Policy writing within the reach of mere mortals (and not just Policy gurus). There is still more work needed, but I think the people at Tresys know what is needed and are trying to get there in baby steps.

Posted in Linux, Security | Leave a comment

Cell phone Trojan (Virus)

Well, here’s an interesting one, a cell phone Java based trojan. It’s not a huge threat at the moment (requires a lot of user interaction), but good to know about anyway:

Description of Trojan

This just means that like your normal computer, you should not open files that you don’t know about or trust 100%. It will only affect phones with Java, and only if you let it (i.e., you click on the link and say yes to it sending SMS messages).

What’s more important are the possibilities, this isn’t as much a failure of technology as a failure of user education if this goes anywhere. Get used to this, it’s the future. 🙁

Posted in Gadgets, Security | Leave a comment

Mac OSX Security Issues

In case you missed it, some interesting things came out concerning Mac OSX security issues. Apparently, there is an issue where an web link or email attachment that may look like a file (say a jpeg image) can actually cause software to be run instead without a user knowing it. So, if you click on a link in safari or an attachment in Apple Mail, instead of seeing an image as you would expect, some form of malicous code could run on your computer with full user rights (admin rights if you user has admin permissions). And there is no warning to the user. Currently there is no patch, more info here:

Unpatched Mac OS X hole poses critical risk

Advisery

Also affects Apple Mail

I should probably post these kinds of things closer to when I actually find out about them as opposed to weeks later. Still got to get used to this blog thing…

UPDATE:

They fixed the security bug, and there is now a patch available from Apple, so no worries, just update 🙂 Article Here

Posted in David, Security | Leave a comment

Snowy Day at Home

Ok, meant to put this up earlier, but I got a great picture of what our backyard looked like after the Blizzard of ’06 ( actually just a northeaster, but they REALY want to call it a blizzard…)

Snow Day Shot
Posted in David | 2 Comments

ShmooCon

I was attending ShmooCon this weekend and have to say it was one of the best conferences I’ve attended yet! Incredible show, LOTS of great info and great speakers. I learned a lot. A must do for next year. Oh, and if you don’t know, ShmooCon is an east coast hackers convention. Incredible amount of computer security knowledge at that show.

ShmooCon

Posted in David, Security, Technology | Leave a comment