Practical Technology

for practical people.

April 28, 2008
by sjvn01
0 comments

Is Microsoft at fault for Web site cracking spree?

Last week was a lousy week for Web site administrators. Depending on your expert of choice anywhere from just over a hundred-thousand to half-a-million plus Web pages had been hacked to turn this into malware-spewing portals.

Panda, the security company, suggested that a recently unveiled ‘elevation of privilege’ flaw that could be used on XP SP2, Vista, and, far more significantly, Windows Server 2003 and 2008 could be at fault. While the elevation of privilege vulnerability can’t be used to gain full-control of a system, it can be used to get control of accounts that are often used to run Microsoft’s IIS (Internet Information Services) custom applications. So, for example, if you’re running a Web application that uses ASP.NET in full trust mode, your site is crackable.

Microsoft, however, is denying that this wave of attacks have anything to do with IIS or with this particular security hole. Instead, Bill Sisk, a communications manager at Microsoft’s Security Response Center, said the attacks appeared to be ordinary SQL injection attacks.

OK, so whose fault is it then? Much as I like to pound on Microsoft, this time it doesn’t seem to be their fault. Well, not entirely the boys from Redmond’s fault anyway.

More >

April 28, 2008
by sjvn01
0 comments

SCO gets it Day in Court

Years into its legal wars against Linux, SCO gets another chance to go to court on April 28th. However, the case at hand, one last attempt to show that it, and not Novell, owns Unix’s copyright isn’t the case, SCO wanted. Instead of threatening the legality of Linux, this four-day trial will only determine whether the hot water SCO is in is boiling or scalding.

Continue Reading →

April 27, 2008
by sjvn01
4 Comments

Shuttleworth Acknowledges Ubuntu’s Debt to Debian

New comers to Linux sometimes think that Ubuntu sprang forth from Linux as a totally new creation, the next generation of Linux. Old-hands at Linux know better. Now, Mark Shuttleworth, CEO of Canonical, the company behind Ubuntu, sets the story straight for those to whom Ubuntu 8.04 is the be-all and end-all of Linux.

In his latest blog posting, Shuttleworth once more acknowledges the debt Ubuntu owes to other open-source developers and projects. After opening by thanking the Ubuntu community, Shuttleworth moved on to thanking the larger free software world.

Shuttleworth wrote, “I’m very conscious of the fact that Ubuntu is the pointy edge of a very large wedge – we are the conduit, but we exist only because of the extraordinary dedication and effort of thousands of other communities and projects.”

In particular, “We all owe a great deal to the team who make Debian’s ‘unstable’ repository possible, and of course to the upstream projects from GNOME and KDE through to the Linux kernel. We hope you will be proud of the condition in which we have carried your excellent work through to the users of Ubuntu.”

Continue Reading →

April 25, 2008
by sjvn01
2 Comments

Vista Network Speed-Up Tip

I hate Vista, but since one of the things I do is track operating systems, I keep it running on one (1) system.

One of the things I find remarkably disagreeable about this junker of an operating system is that its network software is just awful. For example, it took me quite a lot of digging before I found a way to get Vista to work at all with most NAS (Network Attached Storage) devices.

An eternal problem with Vista, and one I’m not alone in finding, is that it’s slower than the guy in the left-hand lane who doesn’t understand the concept of ‘passing’ when it comes to transferring files across my network. How slow as it? There were times, on a 100Mbps connection when I was averaging a MB transferred ever 7 seconds. That would be great, if I were transferring files over my 3Mbps DSL Internet connection, it’s horrible on a LAN.

I had hoped that Vista SP1 would solve this problem. It didn’t.

Continue Reading →

April 25, 2008
by sjvn01
0 comments

CAPTCHA Meltdown

It seems like it was the just the other day that I was writing about how CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) was quickly becoming completely useless for Web security. Actually, it was just the other day-two days ago-but I was wrong. CAPTCHA is already completely useless.

I found the proof of this in the Web security company WebSense’s Sumeet Prasad, a threat analyst, latest blog. There, he declared that there’s now a botnet-based program that can beat Google’s Blogger CAPTCHA.

The program’s not terribly good at breaking Blogger’s CAPTCHA. WebSense estimates it has an 8% to 13% success rate and it takes about 35-seconds per attempt. But, with hundreds to thousands of zombied home PCs doing nothing but trying to create fake blogs, the program doesn’t have to be very good at it.

More >

April 24, 2008
by sjvn01
0 comments

Sorry, I’m not feeling social today

Please. I don’t want to Link In with you today. I don’t want to see your Face, or read your Book. It’s not that I don’t like you. I do. I’d Twitter with you anytime. It’s just that if I get asked to join one more social network, I’m going to scream.

You wouldn’t like that. I wouldn’t like that.

I get social networking. I really do. I’ve been a member of online communities since the 80s. I’ve managed mailing lists using LISTSERV and Mailman; supervised online discussion groups on CompuServe; and I use LinkedIn and Facebook on a regular basis. I’m also on, but almost never use, Plaxo; Twitter and half-a-dozen others that I don’t even recall joining.

These networks have been invaluable to me over the years for maintaining friendships over thousands of miles and years of time; finding both freelance and fulltime work; and sharing good times and bad times with those who are near and dear to me. So, please understand me when I say, in the nicest possible way, “Enough is enough! Do not; do not ask me to join another social network!”

More >