Practical Technology

for practical people.

May 6, 2008
by sjvn01
0 comments

Pondering when your next break-in will happen

As my friend Ryan Naraine, soon to be security evangelist for anti-malware company Kaspersky Labs, recently observed, “This list of 0days is always a source of content for me.” The list in question is the Zero Day Initiative’s list of vulnerabilities.

This list is perfect for any cyber cynic. It shows for the whole world to see who’s been good and who’s been naughty about working on zero-day vulnerabilities. These aren’t, we hope, publicly known security holes. They’re the ones that have been discovered by researchers, who then turned over their results to Tipping Point. No one, we hope, know about them except their discoverers, Tipping Point’s engineers and the vulnerable software’s programmers.

The list serves two purposes. One is, of course, to get you to buy Tipping Point’s IPS (Intrusion Prevention System) device. The other, and the one I also rather enjoy, is that it’s an attempt to shame the big software vendors into cleaning up their programs, if not their acts.

More >

May 6, 2008
by sjvn01
0 comments

Malware vs. anti-malware, 20 years into the fray

As I recall, Nov. 2, 1988, started as an ordinary day at Goddard Space Flight Center where I was working in the data communications branch. By the end of the day … well, actually, that day never ended. We just kept fighting to bring our servers and networks back to life. Our SunOS and VAX/BSD systems, which were connected to the Internet, had slowed to a stop.

We didn’t know it yet, but we were fighting the first Net-propagated malware program: the Robert Morris Internet worm. Twenty-four hours into our “day,” we received a fix developed by the University of California at Berkeley, and we were back online.

As it turned out, the Morris worm wasn’t a deliberate attack. It was a self-replicating program with a bug that caused it to reproduce at a rate so fast that it brought down the (then much smaller) Internet. That was almost 20 years ago, and eventually it came to light that Robert Morris Jr. didn’t intend to wreak the havoc he did. He was simply trying to get a hard number as to how many systems were attached to the Net.

In contrast, today’s malware causes less overt havoc but far more deliberate harm. Most 21st-century crackers aren’t making malware to show off their skills or wreck systems for the sheer malicious fun of itall. They’re making malware that hides in your system so they can use your personal information and PC resources to make money. Welcome to the era of capitalist hacking.

More >

May 5, 2008
by sjvn01
0 comments

As the SCO rolls

Reality, as good writers know, is sometimes stranger than fiction. SCO’s recent performance in the U.S. District Court in Utah is a perfect example. With years to prepare, SCO executives made some remarkable statements in their attempt to show that SCO, not Novell, owns Unix’s copyright.

While this case is not about SCO’s claims that IBM and other companies placed Unix IP (intellectual property) into Linux, Novell’s attorneys decided that they would address this issue as well. One presumes that, since this may be their one and only chance to attack SCO’s Linux claims in a courtroom — what with SCO facing bankruptcy — they decided to address this FUD once and for all.

Before getting to that, though, Novell hammered on Christopher Sontag, one time head of SCOSource, the division of SCO devoted to selling Unix’s IP. Sontag, while dodging around what code SCO was actually selling — UnixWare code or the whole Unix tree leading to UnixWare — was finally cornered into admitting that SCO had received $16,680,000 from Microsoft and $9,143,450.63 from Sun and did not report these deals or income to Novell as it was required to do under the terms of the Novell/SCO APA (Asset Purchase Agreement).

More >

May 5, 2008
by sjvn01
0 comments

The Bounceback Backscatter Blues

At first I thought it was just me. I’d open up my e-mail inbox in the morning to find over a hundred messages telling me that people at OhMyGoshAndGoodness.com or NowWhatWasThatAllAbout.com didn’t need my spam. Spam? Me? I don’t think so!

So, I checked my systems to see if somehow or the other one of my systems had gotten a case of spam-spewing malware. Yes, I practice safe computing, but there’s always some new trick out there and maybe this time someone had gotten one by me.

Nope. It wasn’t that.

More >

May 5, 2008
by sjvn01
10 Comments

OpenSolaris Arrives just to Die

OpenSolaris, Sun’s open-source take on its Solaris operating system, has finally arrived. Some people, like Jason Perlow at ZDNet think that this is great news and that Sun’s latest operating system will give Linux a real challenge.

Maybe it will, maybe it won’t. I’m inclined to doubt it simply because OpenSolaris has failed to develop a strong developer community. For more on that see Ted Ts’o, noted Linux developer and CTO of the Linux Foundation, blog posting, What Sun was trying to do with Open Solaris. T’so wasn’t playing OS religious wars, he was pointing out that while “OpenSolaris has been released under an Open Source license,” it doesn’t have “an Open Source development community.”

That’s a real problem. OpenSolaris’ biggest trouble is that while it’s taken three years for OpenSolaris to reach a point where general techie sorts will get it a try, the Linux distributors, especially Red Hat, Novell/SUSE and Ubuntu, has been moving in strength both to the public and to enterprise customers.

Still, all that said, I think OpenSolaris could survive, and possibly even thrive, if it wasn’t for one sad, simple fact. Sun may not have the IP (intellectual property) rights to open-source Solaris in the first place.
Continue Reading →

May 4, 2008
by sjvn01
0 comments

Microsoft’s Yahoo Pratfall

In the business textbooks of 2025, Microsoft’s slow collapse will be attributed to many things. The failure of Windows Vista to hold the desktop market; Microsoft’s inability to successfully move from a PC product based company to an Internet service based enterprise; and Ballmer’s inability to pull off the Yahoo buyout.

Now, buying Yahoo wasn’t going to guarantee Microsoft transition from a 20th century product-oriented company to a 21st century SAAS (Software as a Service) business, but it was a better shot than the Microsoft continuing to push its confusing mish-mash of Windows Live programs.

As it is, Microsoft’s brand is losing value; Google is beating the pants off the company on the Internet; and Linux and Apple are making gains on the desktop. Adding insult to injury, open-source programs like Firefox are gaining marketshare at the expense of Microsoft’s own products.

More >