Friday, October 29, 2004

Firefox nears final launch and a venurability in the current releases

A final test version of open-source browser Firefox has been released, giving users a peek at what are expected to be the official features of the free software.

The latest test version of Firefox 1.0 fixes about 250 bugs that have been reported since the preview release of the browser earlier this year, according to the Mozilla Foundation.

"If all goes well testing these builds, then we're on target for our 1.0 release in early November," Asa Dotzler, the Mozilla Foundation's community quality advocate, wrote in a Web log posting Wednesday.

The group is making the final test release of Firefox 1.0 available via FTP (File Transfer Protocol).

The organization also is calling on supporters to chip in on a full-page advertisement in the New York Times scheduled to coincide with the Nov. 9 launch of the browser.

As Internet Explorer has taken increasing heat for security woes, Firefox has gained in both stature and numbers. Version 0.8 of the browser was downloaded 3.3 million times within four months. Version 0.9 reached 6.5 million downloads in three months, and the preview release received 5 million download requests in just a month

BUG in the earlier versions including Mozilla Firefox 0.10.1

Mozilla, Mozilla Firefox, and Mozilla Thunderbird are all reported susceptible to an information disclosure vulnerability. This issue is due to a failure of the applications to properly ensure secure file permissions on temporary files located in world-accessible locations.

This vulnerability allows local attackers to gain access to the contents of potentially sensitive files. This may aid them in further attacks.

You can read it at

What ever it is but the browser is making its way into the PC's.

Nitin :)

Thursday, October 28, 2004

PuTTY Security Advisory!

PuTTY fails to do proper bounds checking on SSH2_MSG_DEBUG packets. The
"stringlen" parameter value is incorrectly checked due to signedness
issues. Note that this vulnerability is similar to the one described in
GLSA 200408-04 but not the same.

When PuTTY connects to a server using the SSH2 protocol, an attacker
may be able to send specially crafted packets to the client, resulting
in the execution of arbitrary code with the permissions of the user
running PuTTY. Note that this is possible during the authentication
process but before host key verification.

There is no known workaround at this time.

E-Voting Cos. Reveal Software to National Software Reference Library

SAN JOSE, Calif. - The nation's largest voting machine companies are submitting millions of lines of code to the National Software Reference Library to address sharp criticism from computer scientists about the secret software used in elections.

But executives at the voting machine makers said Tuesday they would not submit their most valuable data - their proprietary source code. And they might not provide the library with copies of software patches, updates and upgrades.

Computer scientists said the conciliatory gesture wouldn't help ensure the integrity of next week's presidential election, when as many as 29 million Americans will cast electronic ballots. Some researchers worry that hackers, software bugs, ill-trained poll workers or power outages could intentionally or accidentally erase or alter voting data.

"This is a step in the right direction," said Doug Jones, associate professor at the University of Iowa's computer science department. "I just wish these steps had been taken earlier. I say hooray, but it's a long-term benefit with some pretty glaring caveats."

Executives from the largest equipment makers in the United States - Election Systems & Software, Sequoia Voting Systems, Diebold Election Systems and Hart InterCivic - announced Tuesday that they had already submitted many versions of the software that will be used to tally votes next week. The library, run by the National Institute of Standards and Technology, also holds proprietary code from Microsoft Corp., Oracle Corp. and other technology giants.

Executives acted at the request of the U.S. Election Assistance Commission, a year-old federal agency created through the Help America Vote Act.

You can read rest of it at

Wednesday, October 27, 2004

SAP taps HP for software-as-service push

SAP has stayed on the sidelines of the pay-by-the-month software market, but that may soon change.

The German company, which specializes in business-efficiency programs, is getting ready to launch a service similar to those offered by subscription software companies and RightNow Technologies. SAP plans to discuss on Wednesday the details the initiative, which involves a new agreement with longtime partner Hewlett-Packard.

Under the agreement, SAP and HP will jointly market and sell SAP's business systems for a monthly fee as low as $325 per user, which includes technical support and installation services. HP will also offer to run and maintain the software for customers at its own data centers, requiring nothing but a Web browser to access the systems

You can read more on it here.

Monday, October 25, 2004

Fake Redhat Security Update Email

It's been reported that a fake email claiming to be from Redhat has been circulating. The fake message urges Redhat and Fedora users to download and apply a security update from fedora-redhat. Note that the real fedora site is located at The "upgrade" is actually a tarred binary that installs a trojan on the system.

Note from redhat regarding this issue:

Sunday, October 24, 2004

Vulnerability hits Java for cell phones

Hey Freinds Hope everyones having a lazy Sunday afternoon


Heres what i came across surfing the net about Java Based cell phones . Looks like soon our O2 are going to be bundled with AV software.

A lot of ppl are posting exploits on Symbian handsets. I am hot having links handy for the symbian phone but will be posting as soon as i can search it from my History. :D

A Polish researcher has found two vulnerabilities in the cell phone version of Sun Microsystems' Java software that under unusual circumstances could let a malicious program read private information or render a phone unusable.

The flaws are difficult to exploit because malicious programs must be tailored to a specific model of cell phone, said Adam Gowdiak, a 29-year-old security researcher with the Poznan Supercomputing and Networking Center who discovered the vulnerabilities. He figured out how to attack a Nokia 6310i mobile phone, but the effort took four months, he said in a Friday posting to the BugTraq vulnerability mailing list.

Before the vulnerabilities could be exploited, a phone user would have to download and run a malicious Java program, called a midlet, Gowdiak said in an e-mail interview. He's not aware of a way to automate an attack.

He notified Sun of the vulnerabilities in August, and the company said it sent Java licensees a patched version of the vulnerable component, called the Java bytecode verifier, within two weeks.

You can read more of it here.

I am off out with my friends. Have a great evening Ahead :)

Saturday, October 23, 2004

Microsoft Internet Explorer JavaScript Method Assignment Cross-Domain Scripting Vulnerability

A vulnerability exists in Microsoft Internet Explorer that may allow cross-domain/cross-zone scripting.

It is reported that the vulnerability presents itself due to a failure to properly validate trust relationships between method calls that are made in separate Internet Explorer windows. This may make it possible for script code to access properties of a foreign domain or Security Zone.

Exploitation may permit execution of arbitrary code as the victim user.

If you are a IE6 SP2 user then you are safe.

Clicking on the link below will also give you steps to make ur secure from the below venurability.

You can read more on it here

Gaim Multiple Vulnerabilities

Many of us have GAIM as their IM GUi using GAIM which i admin is too good but its vendor disclosed a few venurablilites as below :

The following specific issues have been disclosed by the vendor:

Gaim is reported prone to a remote arbitrary command execution vulnerability during the installation of a smiley theme.

The Gaim client is reported prone to a remote heap overflow vulnerability when processing data from a groupware server.

A remote buffer overflow vulnerability exists in the URI parsing utility.

A buffer overflow vulnerability arises when the application performs a DNS query to obtain a hostname when signing on to zephyr.

Another buffer overflow presents itself when the application processes Rich Text Format (RTF) messages.

A malicious server can trigger a buffer overflow vulnerability in Gaim by supplying an excessive value for the 'content-length' header.

These issues affect Gaim versions prior to 0.82. Some of these issues may have been reported previously. This BID will be updated and divided into individual BIDs as more information becomes available.

You can read more on it here

Sun Solaris LDAP RBAC Local Privilege Escalation Vulnerability

Sun Solaris is affected by a local privilege escalation vulnerability due to LDAP and RBAC implementation issues. The problem likely presents itself due to a design error.

A local attacker may exploit this issue to gain superuser privileges on an affected computer.

Sun Solaris 8 and 9 are affected by this.

You can read more of it here.

Friday, October 22, 2004

Happy Dussera

Happy Dussera to my friends and Fellow readers. A big thank you to all for giving me so many mails within a very short span to starting writing the blog.

For those who wanna know what Dussera is ??

Dussera is a religious festival celebrated all over India.

For more info click here.


Wednesday, October 20, 2004

cisco port chanelling / Trunking how-to

Here's how i channeled 2 ports of a 2950G and 2970G.

The hostname is same as the model number.

Some theory for thrunking before we proceed ahead.

A point-to-point link configured on a single Fast-Ethernet, Gigabit Ethernet, or Fast- or Gigabit EtherChannel bundle and another network device, such as a router or second switch. Trunks transport the packets of multiple VLANs over a single network link.

The available trunking encapsulation types for Ethernet are:

Inter-Switch Link (ISL) - a Cisco-proprietary trunking encapsulation that adds a 26-byte header and 4-byte trailer to the frame.
IEEE 802.1Q (dot1q)- an industry-standard trunking encapsulation that does not change the size of the frame. Because multiple vendors support dot1q, it is becoming more common in newer switched networks.
Negotiate - The port negotiates with its neighbor port to mirror its encapsulation configuration, either ISL (preferred) or 802.1Q trunk. This configuration option is only available in switch software release 4.2 and later.
There are five trunking modes:

On - Forces the port to become a trunk port, even if the neighboring port does not agree to the change.
Off – Forces the port to become non-trunking, even if the neighboring port does not agree to the change.
Desirable - Causes the port to actively seek to convert the link to a trunk. The port becomes trunked if the neighboring port is set to either “on”, “desirable”, or “auto” modes.
Auto - Makes the port available to serve as a trunk link. The port becomes a trunk port if the neighboring port is set to either “on” or “desirable” modes. This is the default mode for both Fast- and Gigabit Ethernet ports.
Nonegotiate - Puts the port into permanent trunking mode but the neighboring port must be manually configured as a trunk port in order to establish a trunk.
Trunking Facts:

For trunking to be auto-negotiated on Fast Ethernet and Gigabit Ethernet ports, the ports must be in the same VTP domain.
Not all switches support all encapsulation methods; for instance the Cat2948G and Cat4000 series switches support only 802.1Q encapsulation. In order to determine whether a switch supports trunking, and what trunking encapsulations are supported, look to the hardware documentation or use the "show port capabilities" command.
For trunking to be enabled on EtherChannel bundles the speed and duplex settings must be configured the same on all links. If part of an EtherChannel bundle fails, traffic will still be passed, but at a slower rate.

The Blow 2 Commands would do the trick.

The 2950G supports only dot1q and willnot give you an option.

Before you do anything Just in cable on one of the ports and very the switches can talk to each other and check the

2950G# show cdp neighbour detail

This should show the other 2970G as the neighbour along with other information.

On the 2950G enter the commands below going to the ports you need to channel

2950G(config-if)# switchport mode trunk

On the 2970G enter the commands below going to the ports you need to channel

2970G(config-if)# switchport trunk encapsulation dot1q (you can use isl too if the other switch supports it)
2970G(config-if)# switchport mode trunk

Just Plug in the second cable on the ports configured and within some time it will bring up the channel. If you feel that the channel has not come up and its causing a packet storm then you can pull off one of the cable and you are back to normal.

The command to verify that the channel is up is :

2950G# show trunk
2970G# Show trunk

Soon would be putting on how to channel in enhanced IOS switches like 2948 and how to channel router interface and switch ports.

Manage you growing bandwidth the smart way. Nitin :)


Honeytokens: The Other Honeypot

One of the greatest misconceptions of honeypots is they have to be a computer, some physical resource for the attacker to interact with. While this is the traditional manifestation of honeypots, its not the only one. Take into consideration the definition of the honeypot, as defined by the honeypot mailing list.

"A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource."

A nice in depth article can be read at SecurityFocus Site here.

Monday, October 18, 2004

Cisco Port Chanelling / Trunking

Hey to all my readers.

Been a wonderful week lots of work done and this time had trunked up a few ports between swiches and switches to balance or sooth up the traffic.

Soon writing on how i channeled up ports for a cisco 29XX and 29XX Gig compatible switches.

Keep the sugessions flowing and time to hit the sacks.

till then

Nitin ;)

Apache mod_ssl SSLCipherSuite Access Validation Vulnerability

Hope every one had a good weekend

I am not sure if most of us are aware of this mod_ssl apache venruability.

Apache 2.x mod_ssl is reported prone to an access validation vulnerability. This issue presents itself when mod_ssl is configured to be used with the 'SSLCipherSuite' directive. It is reported that this vulnerability allows a client to use any cipher suite allowed by the virtual host configuration regardless of cipher suites specified for a specific directory. This can allow an attacker to bypass security policies and access potentially sensitive data.

Apache versions 2.0.35 to 2.0.52 are reported vulnerable to this issue.

You can reaad more of it at SecurityFocus site here.

Friday, October 15, 2004

Bug found in phpMyadmin

This is a notice to all my developer friends .

Users of the increasingly popular, open-source MySQL database may be at risk from remote attacks due to a bug in phpMyAdmin, a widely used Web-based MySQL administration tool.

On Wednesday the phpMyAdmin project warned of a bug in the way the tool's MIME-based transformation system handles "external" transformations. Attackers could exploit the hole to execute arbitrary commands on a Web server with the privileges of the server's user, the project said in a statement.

I too had used a lill of phpMyadmin (actually coppied conf files from the server already configured).

You can read more on the bug here along with the detials to download the patch here.

Tuesday, October 12, 2004

A small how-to on how to chroot a user in bash shell

I know i have been bad in promises but this is now to chroot in bash shell.

The first and foremost is that you become the root or else use sudo on each step.

A little assumption before i start :

juser : username of the user who logs in to the chrooted BASH shell
jailed : group the above user belongs to :)

1. Creat a new shell file as


Contents of /bin/chroot-sh are

if [ "$1" = "-c" ];
then i=0; PARAMS=""; for param in $*;
do if [ $i -gt 0 ];
then PARAMS="$PARAMS $param";
fi let i++; done;
sudo /usr/sbin/chroot /home/$USER /bin/su - $USER -c "$PARAMS"
sudo /usr/sbin/chroot /home/$USER /bin/su - $USER fi;

2 .Add the user specifying the shell like

#useradd -d /home/juser -s /bin/chroot-shell juser

3. Creat the directories for the user sees as below.
mkdir /home/juser
mkdir /home/juser/etc
mkdir /home/juser/dev
mkdir /home/juser/bin
mkdir /home/juser/lib
mkdir /home/juser/usr
mkdir /home/juser/usr/bin
mkdir /home/juser/home
chown juser:jailed /home/juser/home

4. A dummy password and group file for the user



5. Coping the required files and linking them.

cp /bin/bash /home/juser/bin/

ldd /bin/bash

cp /bin/su /home/juser/bin/
ldd /bin/su

6. Install fileutils aka file manupulation commands

cd /bin;
cp ln ls rm mv cp du /home/juser/bin/

thats it you can give him telnet / ssh access now

Hope it helps you all .

Till the next post take care and have a great time.

Coming Up in some Hours time how to chroot bash shell

This is for my childhood friend Gaurav Masand who needs to do it for his college Tech Festival. He is a linux freak and is resposible for the lab setup in the college for the Tech Festival.

I had done it quiet some time back for one of the servers and will be posting how i did it in some hours time from now.

Hope how to chroot bash shell by me helps gaurav.

BTW you can check gaurav's sourceforge project at

Monday, October 11, 2004

SNMP Monitoring

Hey all sorry for the Delayed Posts.

Just had a look at nagios for monitoring the network over the weekend.

Its a great tool but had a lill difficulty in getting the GUI up with libpng and libjpeg. After 3 hours of work its up and running fine and bingo you can monitor servers to your best advantage. The graphic tool is too great too.

You can download nagios from here.

If you have any difficulties configuring it you can always ping me.

Last but not the least you can have nagios send sms and email alerts to you. For SMS alerts sent ideally you need to have connection to an operators SMSC or if that is not available then you can use many free sms service providers.

Happy MOnitoring and lazy sundays


Friday, October 08, 2004

AT&T Tests Linux to Replace Microsoft's Windows on 70,000 PCs

Another small blow to Microsoft.

I am still an XP freak for Desktops.

Read more on it here


Wednesday, October 06, 2004

Venurability in Debian telnetd 0.17 -25

Debian GNU/Linux Telnetd Invalid Memory Handling Vulnerability

The solution is to upgrade telnetd as also pointed out by Debian.

You can read more on it here.

Monday, October 04, 2004

India mulls tough ID rules for cybercafés

Looks like India is finally taking cyber crime seriously.

Thanks to a lot of IT savvy diplomats aka beaurocrats.

Internet cafés in parts of India face closure if new regulations forcing them to provide police with names and addresses of all their customers are introduced. Under the new rules, visitors to Internet cafés will have to show their ID cards or be photographed. The governor of Karnataka State in southern India is reported to be close to passing the new law, which is desinge to fight cybercrime. Similar measures are also being mulled for Mumbai and Maharashtra State. Media rights group Reporters Without Borders condemned the law change as "a threat to [the] confidentiality of cybercafés". "Rules about to be adopted in Karnataka and Maharashtra states do not observe the standards of a democracy in protecting personal freedoms. The fight against terrorism and cybercrime should not lead to systematic monitoring of Internet users," said the organisation. Indeed, critics warned that the measures will do little to prevent cybercrime and could lead to many cybercafés closing as users shun the regulated cybercentres.

The rest of the article can be found here.

Patent Office Rejects Microsoft's FAT Patent

Microsoft's Patent for FAT rejected.

NEW YORK -- In the reexamination proceeding initiated earlier this year by the Public Patent Foundation ("PUBPAT"), the United States Patent and Trademark Office has rejected all of the claims of Microsoft's patent on the FAT file system, which Microsoft describes as "the ubiquitous format used for interchange of media between computers, and, since the advent of inexpensive, removable flash memory, also between digital devices."

Relying predominantly on evidence provided by PUBPAT when the reexamination was requested, the Patent Office made multiple rejections of the Redmond, WA based software giant's patent. Microsoft has the opportunity to respond to the Patent Office's rejection, but third party requests for reexamination, like the one filed by PUBPAT, are successful in having the subject patent either narrowed or completely revoked roughly 70% of the time.

You can read more of it here.

Friday, October 01, 2004

Cost Comparison Using Linux And Windows

Hey all,

Been a looong time away form blogging. Was off to party over the weekend and then loads of work.

Just came across a nice piece of article at Linux Journal on cost comparison between Microsoft Windows and X-terminals.

You can check it out here

Happy weekend to my friends.

.... Nitin ;) .....