Date: 09/24/05 (Java Web)    Keywords: security, linux

Firefox 1.0.7 is a security and stability release. It is strongly recommend that all users upgrade to this latest version. This version includes several security and stability fixes, including a fix for a reported buffer overflow vulnerability and a fix for a Linux shell command vulnerability. Details below. Specific changes in Firefox 1.0.7 Fix for a potential buffer [...]

Source: http://blog.taragana.com/index.php/archive/firefox-107-fixes-several-critical-vulnerabilities-recommended-upgrade/

Date: 09/26/05 (Open Source)    Keywords: linux

Patching is far more complex in the Linux world than in Windows, because systems and what they run are far more diverse. But it's worth someone's business plan.

Source: http://blogs.zdnet.com/open-source/?p=452&part=rss&tag=feed&subj=zdblog

Date: 09/27/05 (Security)    Keywords: security, linux

Media players running on Linux face a new security vulnerability that could leave users open to remote attacks, security experts say.

Source: http://news.zdnet.com/RealPlayer%2C+Helix+users+at+risk+of+attack/2100-1009_22-5884096.html?part=rss&tag=feed&subj=zdnn

Date: 09/27/05 (Application Development)    Keywords: linux

Linux leader says the next kernel is almost ready but few features are in the works for subsequent releases.

Source: http://news.zdnet.com/Linux+development+slows/2100-9593_22-5883466.html?part=rss&tag=feed&subj=zdnn

Date: 09/29/05 (Computer Geeks)    Keywords: linux, google

Google doesn't seem to be being very helpful, though I'm still looking.

The deal is: I have a drive where the boot sector seems to have gone bad. Attempting to access the only partition on the drive with Windows XP leads to the claim that the drive isn't formatted. According to the version of testdisk provided with Knoppix 3.7, the partition data is intact, but the boot sector does not have the magic number 0xAA55. As far as I can discern from Google, this is a Bad Thing.

My plan right now is to get another drive, create the same sized partition on it, and then dd if=/dev/hdb1 of=/dev/hdd1, which as far as I can tell should clone the contents of the partition onto the partition on the other drive, where that second drive ought to have a good boot sector (which that dd wont include).

However, I'm thinking that if I can just dump a new boot sector onto the drive, and use Linux fdisk to put the partition size data back in place, I ought to be able to get away with it without spending a chunk of my afternoon waiting for data to copy.

I suspect there's also a way to do it with testdisk, but I can't find simple instructions for that program -- yet. I will keep looking, though.

Any suggestions?

Source: http://www.livejournal.com/community/computergeeks/785373.html

Date: 09/29/05 (Open Source)    Keywords: linux

For a mass market in Linux to develop, such a market needs protection at consumer price points. And they need to see a variety of vendors offering this service.

Source: http://blogs.zdnet.com/open-source/?p=455&part=rss&tag=feed&subj=zdblog

Date: 10/01/05 (Mozilla)    Keywords: security, linux

On Thursday, September 29, mozillaZine officially announced that Mozilla Thunderbird 1.0.7 was available for download. Amongst other changes, this new release includes fixes for a return receipt regression introduced in version 1.0.2 (bug 289091) and the Linux command line URL parsing security flaw.

According to mozillaZine, the Linux command line URL parsing security flaw "could allow an attacker to execute arbitrary commands on a victim's system. The bug exists in the Linux shell scripts that Firefox and the Mozilla Application Suite rely on to parse URLs supplied on the command line or by external programs. If the supplied URL contains any Linux commands enclosed in backticks, these will be executed before Firefox or the Mozilla Application Suite tries to open the URL. Variables such as $HOME will also be expanded." For more information regarding this security flaw, click here

Thunderbird 1.0.7 can be downloaded from the Thunderbird Product Page

Note: It is recommended that all Thunderbird users upgrade to this latest version at their earliest convenience.

Source: http://www.livejournal.com/community/mozilla/324942.html

Date: 10/06/05 (Opera Browser)    Keywords: linux

I've been working on the style sheet for my blog and I've got a problem - the style is fine in normal viewing mode but if I hit F11 (to go to Full Screen) it's displayed more like Print Preview mode; hitting F11 again returns it to the correct style.

I have this problem with Opera 8.5 on both Fedora Linux and Windows 2000; I don't see the problem (i.e. it behaves as expected) with Firefox on FC3+Win2k and IE6 (spit!) on Win2k. (That's all the combinations I have available for testing.)

Any ideas? Does Opera use a different media type in Full Screen mode? (Sounds odd but that's all I can come up with.)

Source: http://www.livejournal.com/community/opera_browser/46597.html

Date: 10/07/05 (C Sharp)    Keywords: software, linux

Is there any way (besides using winpcap) to capture outgoing packets in Windows XP using C#.NET? I have written a neat socket class that binds to an interface and does a great job at throwing events for every packet received, but I don't see a single packet that's sent.

I have also downloaded several "example" applications from various .NET repositories on the internet that purport to capture outgoing packets, but don't.

I have heard of some issue (that may or may not be imagined) that outgoing packets capture using the stock network socket tools in Windows 2000 but not Windows XP. I don't know why this would be true, or even if it is true, but I do not have any software firewalls running on any of my PCs (I have a Linux machine acting as a combination firewall/router/PPPoE (*shudder*)/DHCP/etc. device, but that's my gateway and has nothing to do with the computers from which I am attempting to capture outgoing packets.

Any help, information, or source code is appreciated.

Source: http://www.livejournal.com/community/csharp/37744.html

Date: 10/12/05 (Open Source)    Keywords: security, linux

There are great tools for Linux security, and Linux security management can be first-rate, but the process needs to be completely automated before the mass market trusts it.

Source: http://blogs.zdnet.com/open-source/?p=469&part=rss&tag=feed&subj=zdblog

Date: 10/12/05 (Open Source)    Keywords: java, linux

If your shop is running any of these applications, programs written for Windows and just ported to Linux (rather than being rewritten in something like Java or re-architected entirely), I'd sure like to know how it's running.

Source: http://blogs.zdnet.com/open-source/?p=468&part=rss&tag=feed&subj=zdblog

Date: 10/13/05 (IT Professionals)    Keywords: linux

hey all,

i need to clone a Win32 PC's hard disk (NTFS partitions). it's on a SATA controller.

i realize there's some solid commercial packages out there, but i wondered if anyone has any opinions on linux-based boot CDs for disk imaging. i've checked out g4u, which seems pretty good, though i've had problems booting it on specific laptop models. any recommendations, o i.t. gods and goddesses?

(xposted to itprofessionals, linux)

Source: http://www.livejournal.com/community/itprofessionals/25604.html

Date: 10/19/05 (Computer Help)    Keywords: linux

Okay. I've tried everything, but I just CAN'T seem to get the damn thing working, so I came here to plead for help.

I was recently given a laptop that refused to boot the version of Windows it was currently running: when it got past the loading bar screen, there'd be nothing but a black screen. As a lot of people here are programmers, or were, we tried to re-install it. Loading the drivers: nope. Formatting the entire hard drive and reinstalling the OS from CD: nope. Creating six Windows boot disks and trying to use them: nope. (This error continually occurs on Boot Disk #3: it keeps telling me 'File hal.dll could not be loaded. Press any key to exit Seup": and I've tried loading the file by hand.) Finally, someone told me to download and burn a Knoppix CD and use that -- great idea, I've always wanted to run Linux on a personal computer of mine. However, NONE of my downloads want to run... I have CoreFTP Lite, the same FTP utility I've always used, but I get nothing. Maybe I'm overtired and maybe the medication I'm on is fucking with my head... but HOW do I get a bootable CD from the list of files in the Knoppix Parent Directory, which is ALL I seem to keep getting?


Can ANYONE help me here? With either option? I'm going freaking insane, and I'd be eternally grateful. We NEED this computer, yesterday.


TIA

Source: http://www.livejournal.com/community/computer_help/512253.html

Date: 10/19/05 (Computer Geeks)    Keywords: linux

So my computer is a custom built computer, just a very generic computer as it's all my budget could afford at the time almost 3 years ago.
I have 2 hard drives, 512 memory, pentium 4, and a ECS Elitegroups motherboard. It's done pretty well since I got it minus a few hiccups, until recently that is.
Lately it's been running super loud, and so I changed out the CPU fan and cleaned up the other fans and it kind of quieted down for awhile, and now it's extremely loud and painful sounding. It's beyond a natural loudness of an old computer.
So I'm watching my system monitor which says my CPU is constantly at 100%, I've tried reinstalling both windows and linux (I dual-boot) to see if I had a config problem but nothing seems to help. I can't afford a whole new computer yet, does anyone have any reccomendations on how I can fix it? Should I just get a new CPU or should I just replace my entire motherboard? Opinions? How long will my computer last with my CPU constantly at 100%?
Anyone got a motherboard/CPU they're willing to give up? ;) Just thought I'd ask.

Source: http://www.livejournal.com/community/computergeeks/800239.html

Date: 10/22/05 (Microsoft Windows)    Keywords: linux, microsoft

x-posted to my own journal, and another Windows community. If you guys have *any* idea what may have caused this, just so I can let my wife know and have a better idea myself... it would be appreciated. I'm primarily a Linux OS guy, and often going beyond basics and advanced stuff in Windows is a bit beyond me. Even one of my MS engineer friends was a bit stumped as to *what* caused this.

###

How's this for insane? We had decided that my 512 RAM chip (same models, everything across the board as my wife's box, which always had worked, responded, even sounded flawless) should go to her to give her a full gig of RAM. The machine boots, but with no video, at all. Odd. Try swapping back the old 256 chip instead (the old PCs have only two slots on the board). Video, but... Windows failed to load because it can't find:

c:\windows\system32\config\system

Huh? WTF? We have no Windows media (or much anything right now) due to being technically in-move from one location to another so after getting blank CDs at Target, we get a Recovery Disk burned from an .iso found online. Sure enough, I can get in. But... her user is gone. The computer name is gone. Profiles, gone, and the entire system appears defaulted back to the OEM Windows installation. The main logon is passwordless and named "Owner" now, rather than my wife's name. The PC name is reset. All network settings, and all her personal data all still there in the folders for the user profile, however.

Gets better: the machine is "wobbly" now, in the words of our Microsoft engineer friend, who was utterly dumbfounded by what happened as I talked to him about it and worked on the system. Two vaguely plausible long shots: power surge as I powered down or up to install the new RAM, or "shite bad luck". He's very British. Any and all response to... anything on the system is very clippy and choppy now, regardless of what RAM is installed. Wife is in the process of backing up all her data to CD right now (1/2 way done so far).

Sunday I'm reinstalling Windows clean on her machine most likely.

Source: http://www.livejournal.com/community/ms_windows/48421.html

Date: 11/01/05 (PHP Community)    Keywords: php, linux

Well, I was coding a BBCode Parser (rather unconventional because the parser will allow multiple attributes to a BBCode tag like [tag attrib1="" attrib2=""]...[/tag])

Anyway, I was coding to allow escaped characters to appear inside the attribute values and I came across this weird sprintf behaviour which I wonder if it's a PHP bug.
code:

ABC

ABC

Source: http://www.livejournal.com/community/php/362176.html

Date: 11/09/05 (Java Web)    Keywords: php, xml, web, linux

There are few reports of an attack by a new Linux worm called Lupper which exploits a well known PHP XMLRPC implementation vulnerability. PHP XMLRPC implementation is used in a large number of popular web applications such as PostNuke, Drupal, b2evolution, Xoops, PHPGroupWare, TikiWiki etc. Most of these packages have updated to provide a [...]

Source: http://blog.taragana.com/index.php/archive/linux-worm-exploits-php-xmlrpc-vulnerability/

Date: 11/13/05 (Computer Geeks)    Keywords: software, security, linux

If you have heard about SonyBMG's newest DRM technique, you will know that it opens you up to a lot security problems. Here is how to get rid of the software that they install:

This is copied from: http://www.freedom-to-tinker.com/?p=924

This DRM system operates only on recent versions of Windows. If you’re using MacOS or Linux, you have nothing to worry about from this particular DRM system. The instructions here apply to Windows XP.

How to tell whether the rootkit is on your computer: On the Start menu, choose Run. In the box that pops up, type this command:

cmd /k sc query $sys$aries

and hit the Enter key. If the response includes “STATE: 4 RUNNING”, then your machine is infected with the rootkit. If the response includes “The specified service does not exist as an installed service”, then your machine is not infected with the rootkit.

How to disable the rootkit: On the Start menu, choose Run. In the box that pops up, type this command:

cmd /k sc delete $sys$aries

and hit the Enter key. Then reboot your system, and the rootkit will be permanently disabled.

Note that this does not remove or disable the main anti-copying technologies. It only turns off the rootkit functionality that hides files, programs, and directory entries. The main DRM software is still present.

Source: http://www.livejournal.com/community/computergeeks/815884.html

Date: 11/15/05 (Open Source)    Keywords: linux

Had not SCO tried to shake down IBM on behalf of its claimed Linux rights, the community might never have seen the wisdom in standing-down and sharing patents.

Source: http://blogs.zdnet.com/open-source/?p=497&part=rss&tag=feed&subj=zdblog

Date: 11/17/05 (Web Development)    Keywords: oscommerce, linux, shopping

I am new to this online store thing but I found a program that seems to be pretty easy, free, and works with Dreamweaver. www.oscommerce.com

However, there are only downloads for windows and linux. I'm using Mac OS 10.4 Does anyone know of a program like this (sets up store and shopping cart) for OS X????

Thanks very much for the help!

Source: http://www.livejournal.com/community/webdev/270837.html