Enllaços
Contingut actualitzat
Categories
Contingut antic
(ja no s'actualitza)
Versions anteriors
d'aquesta pàgina
Arxiu
|
|
 |
diumenge, 25 / abril / 2004 |
 Me'n vaig a Madrid, de dilluns a dijous... Objectiu: tancar temes.
Aquesta vegada m'estic a un hotel nou; és de la mateixa cadena (High Tech Hotels) que faig servir habitualment, però està situat molt més proper al centre (bé, de fet és ben bé al centre). Segons la pàgina web aquest també ofereix línia d'alta velocitat a cada habitació, així que no hi ha d'haver cap problema per continuar mantenint el weblog.
|
21:52 (# Enllaç permanent) ()
|
|
[OnLAMP.com] Entrevista als autors del tallafocs d'OpenBSD
P: The 3.4 release page shows five new features. How does each one work?
-
Packet tagging (filtering on tags added by a bridge based on MAC address).
Packet tagging allows you — as the name says — to add a "tag" to a packet, and read it out later on.
(...)
You can use tags to express trust relations between interfaces (tag int1 on interface int1, and allow all packets with this tag out on int2 unconditionally), you can use tags to split classification and policy (tag packets so you end up with several "groups", where each group is one tag, and do the pass/block decision based on tags only), and you can even tag from outside pf — that's what i did for the bridge filters, we can tag packets from there as well, based on mac address for example.
(...)
-
Stateful TCP normalization (prevent uptime calculation and NATdetection)
(...)
Stateful TCP normalization is a set of techniques to remove or resolve ambiguities in network traffic.
(...)
-
Passive OS detection (filter or redirect connections based on source OS).
(...)
The firewall can look at packets and determine which operating system they came from by looking at those differences. Not only can it differentiate between Linux and Windows, but it can tell between Linux 2.2 and 2.4; it can even determine if you're using Opera. The integration into the firewall allows the administrator to filter or redirect connections based on the operating system of the client.
(...)
-
SYN proxy (protect servers against SYN flood attacks).
(...)
pf's synproxy sits in between the vulnerable server and potential attackers (usually in form of a border firewall). Instead of forwarding TCP handshake packets as they are seen (when they are valid and allowed), the synproxy intercepts the SYN packet and first completes the TCP handshake itself with the source peer. Afterwards, it replays the SYN with the destination peer, completing the handshake itself again. Once the handshake is completed with both peers, further packets are forwarded as usual.
(...)
-
Adaptive state timeouts (prevent state table overflows under attack)
(...)
When your state table is completely full (i.e., you hit the states limit), no new connections are possible. Thus, you really want to prevent this. Now, when you don't have many states in the table, you might want to run with the "normal" timeouts (set optimization normal). The closer you get to the state table limit, the more agressive you want to be about timing out old states to prevent the said state stable exhaustion. This is exactly what adaptive state timeouts are for. One you hit the adaptive.start number of states, pf starts to scale down timeouts — the closer you get to adaptive.end, the more.
|
21:45 (# Enllaç permanent) ()
|
|
A continuació reproduïm el comunicat que Microsoft està fent arribar als seus clients, a través d'e-mail i la web, avisant sobre l'aprofitament de la vulnerabilitat per desbordament de memòria intermèdia al protocol Private Communications Transport (PCT) de la biblioteca Microsoft Secure Sockets Layer (SSL), descrita i solucionada al butlletí MS04-011.
Continuació...
|
21:37 (# Enllaç permanent) ()
|
|
El proper 7 de maig, divendres, a les 18:00 es farà la primera conferència FIST a la sala d'actes de la Facultat d'Informàtica de Barcelona (Campus Nord, edifici B6, carrer Jordi Girona Salgado, 1-3 --sí algú pot trobar en aquest 'mapa de situació' on es troba l'edifici, mereix un premi--) L'assistència a aquesta conferència és gratuïta i està oberta al públic.
El programa previst és:
- Introducció, per Edge-Security (patrocinador).
- Not only a XSS, per Toni Cortés (infohacking).
- Intrusion Prevention Systems, per Alex Quintieri (SCC)
- Descans
- The Other Application Security Test, per Pete Herzog (Isecom).
- Dubtes i preguntes
Per assistir a aquesta conferència es recomana omplir el formulari d'inscripció.
|
19:19 (# Enllaç permanent) ()
|
|
[News.com] Novell touts Linux as force for Innovation. Per Novell, Linux és una possibilitat per tal que la indústria informàtica continuï avançant
Linux threatened the proprietary software industry with innovation, rather than extinction, and accused companies such as Microsoft of failing to come up with exciting new applications.
"When was the last time that Microsoft Office got significantly better? It's been pretty much the same product for a while now," Asay said.
"As things stand, creativity has gone, and that's one reason that Linux on the desktop makes sense. It'll be good for Microsoft, too. They won't like it, but it will force them to innovate," he added.
|
16:21 (# Enllaç permanent) ()
|
|
Microsoft ha publicat a la seva web un avís, Information about code that attempts to exploit PCT in SSL, fent-se ressò de l'existència d'exploits que s'aprofiten de la vulnerabilitat PCT. Les recomanacions de Microsoft són:
If you are using a home computer or a non-Web server, you should install the update from Windows Update to help ensure that your systems are not at risk.
If you have installed and deployed Security Update MS04-011, you are not at risk for this issue.
All programs that use SSL could be affected. Although SSL is generally associated with Internet Information Services by using HTTPS and port 443, any service that implements SSL on an affected platform is likely to be vulnerable. These services include, but are not limited to, Microsoft Internet Information Services 4.0, Microsoft Internet Information Services 5.0, Microsoft Internet Information Services 5.1, Microsoft Exchange Server 5.5, Microsoft Exchange Server 2000, Microsoft Exchange Server 2003, Microsoft Analysis Services 2000 (included with SQL Server™ 2000), and any third-party programs that use PCT. SQL Server 2000 is not vulnerable because it specifically blocks PCT connections.
If you have deployed Windows XP or Windows 2000 and enabled SSL, you are at risk.
If you have deployed Windows Server™ 2003 and enabled PCT in SSL, you are at risk.
If you are still evaluating and testing Security Update MS04-011, you should immediately implement the mitigation steps detailed on this page.
|
14:44 (# Enllaç permanent) ()
|
|
Els avions acostumen a ser força fotogènics... en operacions com l'aterratge o l'enlairament es força fàcil aconseguir unes fotografies d'una gran bellesa visual. També mentre estan volant es poden aconseguir algunes imatges senzillament espectaculars.
Ahir vaig trobar dues webs, molt semblants, amb unes impressionants col·leccions de fotografies: JetPhotos.net i Airliners.net. En tots dos casos permeten cercar fotografies pel tipus d'avió, la companyia aèria, l'aeroport on s'han fet les fotos, diverses paraules clau... Pràcticament es poden trobar fotografies de qualsevol avió/companyia/aeroport que ens puguem imaginar, amb una qualitat i un detall impressionants.
|
10:06 (# Enllaç permanent) ()
|
|
© Copyright 2003-2004 Xavier Caballe. 
|
|
|
