SCO

I’m just waiting for SCO to declare itself in violation of its own trademarks, and sue itself.

OpenType Font File causes Windows to crash

Had a good time investigating this:

OpenType Font File causes Windows to crash.

Microsoft hasn’t acknowledged the bug’s presence, nor have they issued a fix. So right now, if you’re running Win2K or XP, you’re vulnerable. In my case I was able to lock up a Win2K machine so badly that it refused to ever boot again, claiming that some device driver was missing or corrupted.

Whee! Go Microsoft.

Update: (08/25/2003) This is repaired in Windows 2000 Service Pack 4. I can’t speak for XP.

Proliferation of Poorly-Configured Linux Boxes

Someone in ;login: magazine a few issues back talked about the proliferation of poorly-configured Linux boxes, and how the volume of these will eventually outstrip the quantity of poorly-configured Windows boxes as Linux increases in popularity. The notion that Linux is more secure than Windows falls apart when you have clueless users who willfully follow directions like those listed on Ximian‘s website to install Ximian Desktop 2.0:

There is nothing to download first, just follow the instructions below.

<snip>

Open a terminal window.

Using the su command, become superuser (root).

Type the following command or cut and paste it into your terminal: wget -q -O - http://go.ximian.com |sh

Great job, Ximian. Encourage people to download a shell script, as root, and blindly execute it — no MD5 sanity check, nothing. I mean, it makes me want to compromise go.ximian.com and replace the index page with a text file containing “rm -rf /”. It’s also fabulous that they advocate using the -q (quiet) switch with wget, so that I could now hack the httpd.conf to send a redirect to my own website, which could provide a text file containing “rm -rf /” — and the 302 Temporarily Moved code would NEVER be seen by the user.

What is wrong with these people? Isn’t it blazingly obvious that this is a stupid thing to do?

I mean, you all know Microsoft blows… admit it!

At work we’ve been trying out a wonderful tool from Dave Aitel of Immunity Security called SPIKE. I haven’t tried to actually use SPIKE to generate any DCE RPC calls that would actually cause a Windows box to detonate, but partly it’s because that’s not really my job; I don’t detect the vulnerabilities, I just reproduce them. Also I really don’t give two hoots about Windows and I really couldn’t be bothered to go out there, attach a debugger to something like lsass.exe and see what fails.

Still, SPIKE seems to be a great tool if that (deciphering obscure and complex protocols) is your cup of tea. I’ll spare you the lecture on how shitty Microsoft’s protocols are, except that if you ever analyze a conversation between a bunch of Windows boxes using something like Ethereal, you’ll see how there is very nearly a status flag for everything. Clearly, protocols like LSA over DCE-RPC over SMB over NetBIOS < !!!!> were never clearly thought out by anyone, and this is the result. I joked to a colleague that the only reason we need 100Mbps Ethernet is to carry around all this excess Microsoft baggage whenever Windows boxes need to talk to each other. Honestly, Windows boxes are just as chatty as Netware machines running IPX. All you really have to do is capture the traffic on a Microsoft LAN that’s destined to the broadcast address, and you can glean an incredible amount of information.

Go get SPIKE here and enjoy yourself. (Warning: We had problems compiling under GCC 3.x. Stick to 2.x for now; 2.95.3 seemed a good choice.)

XFree86 “Crisis”

So there’s this big flap about whether or not XFree86 should be forked. Doesn’t it seem like we go through this every few months with every other large open source project? I mean some operating systems are a direct result of forking. And then you have Linux with its -dj, -ac, -my_dog_spot branches, and myriads of different releases — 2.0.x, 2.2.x, 2.4.x, 2.5.x. It’s crazy. Not that the Linux development model (a/k/a complete and utter chaos) should be emulated by anyone.

Mike Harris has an interesting diary entry on why people are so fed up with XFree86, but my point, as I’ve made it above, is that the problems the XFree86 project have are endemic to any large open source project. After a while, any “core” development team becomes so insular it becomes a little “old boys’ club”, and unless there are folks willing to help reverse that trend, you end up with a lot of people outside core being very pissed off, and threatening to fork the code, etc. By and large I think code forks are a Bad Thing except in cases where the project is trying to do two different technical things at the same time. But forking code due to the inability of people to cooperate, and due to the core team becoming so insular — that’s not beneficial to anyone.

IP block renumbering day

… it’s only our internal 10.10.10 netblock, but still, a lot of grunt work.

I managed to reconfigure all the switches without locking anyone out (or myself), and MRTG didn’t complain that much. All that remains is to renumber the dev server, and hopefully doing a perl -p -i -e 's/10.10.10.20/10.10.10.5/' /etc/* will do the trick.

Then the IT department can appropriate that new Cisco (the one which has about 4 out of 10 ports in use, when a bunch of bimaps on our firewall could do the trick) for ourselves 🙂