Ebay hacked. Change your passwords.

Filed in SecurityTags: , ,

(edit: s/Changed/Change/g)

Maybe I should turn this into a security blog.  Seems I can’t go a week or three without a post about yet another major corporation getting hacked.  This time it’s Ebay.   Took them a couple of months to figure it out too.

What makes this one extra special is that it wasn’t through some SSL bug or other exploit.  It was through compromised (week?  social engineered?) employee passwords.

They got hacked back in March. and only discovered it a couple of weeks ago and announced it today.

Though no Credit card or bank info was in the compromised database, enough info on there for a good shot at identity theft was:

“The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.”

Ebay’s blog post about it at the link below.

New GNU Screen – 4.2.1 – first in 6 years.

Filed in LinuxTags: , ,

For all you console junkies (the command console, not that WeePlayBOne thing), Amadeusz Sławiński and friends have released the first new update to GNU Screen in six years.  I’ve pulled the source and compiled it (under CentOS 6.5, GCC 4.4.7, Kernel 2.6.32, bash 4.1.2).

You can find the new source here: GNU Screen 4.2.1

I’ll be putting the new options and features through their paces over the next few days as I go about my day to day Ops duties.  I use screen much more now than in the past, so this should be an adventure.

I’m interested in hearing other’s take on the new features.  Drop them in the comments below.




And the hits keep on rolling.. AOL hacked; passwords taken.

Filed in SecurityTags: , ,

And the Internet Security Trifecta is complete.   AOL announced on their blog today that they have “determined that there was unauthorized access to information regarding a significant number of user accounts“.  The information access includes “users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions.

So head on out to AOL and change your passwords and sec questions.   Might want to change any passwords for any sites you use AOL email as the security contact for as well.


And… Another one. This time in Flash.

Filed in Linux, Microsoft, OS-X, SecurityTags: , , , , ,

Look.  Another security exploit.  This time in that bastion of ultimate security.. er.. hang on.. what’s this?  It’s in Flash?  This is news?  Oh, a *NEW* one in Flash.  Got it.

Ok.  Where were we?  Looks like another security vuln in the wild.  This one’s in Flash and effects all three major OSes.  Yep, that’s right you penguins..  Linux is included in this one.  So get your YUM and APT repos spun up and update those boxen.

Krebs has the details here: Adobe Update Nixes Flash Player Zero Day

So there you have it.  Two major web exploitable vulns in two days.  Waiting for the other two shoes to drop; Java and Acrobat.

PS: Is it strange that I’m using a terminal window to cut/paste text from websites to strip it of hidden formatting?  Yes?  It is?  Good.

Code execution flaw in ALL versions of IE since 6.

Filed in Microsoft, SecurityTags: , , , ,

April has been the month of monumental holes in security on the net.  First there was Heartbleed (and as always, XKCD has a great explanation of what the Heartbleed vulnerability is: http://xkcd.com/1353/)

Not to be outdone by a mere open source project, Microsoft has announced a new 0-day vulnerability in all versions of IE since IE 6.  How you can call something “0-day” when it’s been there 12 or 13 years I’m still kind of fuzzy on.

As I understand the bug, it allows an attacker to use a specifically crafted html page execute arbitrary code on the user’ machine under the credentials IE was assigned at launch.   If you’re running as an administrator (who does that in Windows??), you’re pretty much wide open.

Microsoft released a tech bulletin about the flaw over the weekend that goes into a bit of depth about the flaw and lists what versions of IE are vulnerable.  Basically all of them.  If you’re running Server 2008 R2 or later, you *should* be ok if you’re still running IE under limited credentials.

The bulletin is here: Microsoft Security Advisory 2963983

Microsoft hasn’t released a patch yet, but I suspect we’ll see something in a day or so as an out-of-band release.  I can’t imagine even Microsoft waiting around for this one.


A short rant about Amazon’s EC2.

Filed in Amazon EC2, CloudTags: , , ,

Intellectually I understand why, but “Why can’t I change the Security Group of an instance after I built it?”  WHY??????????????

It sucks working a couple of hours to troubleshoot a group of servers only to find that you picked the wrong sec group for them.  Kill em and start over is the only answer I can find.

If some of you big brains out there have a solution, drop me a hint in the comments.


About those Hugos.

Filed in Hugos, SF&F, UncategorizedTags: , , , ,

There has been quite kerfuffle going on all over the blogs and facebooks and twitters about this year’s Hugo Award nominations.   Rather than confine myself to short quips or not so short screeds buried in a dozen blogs or facebook threads, I’ll just leave my thoughts here.

Some links about the Hugo Kerfuffle.  From there you can dive as deep into this issue as you want.  Ultimately, it all started with a flare up over some presenter for the awards being not politically correct enough for a certain vocal minority of SF&F readers.

Ok, enough.  Links:

I’m sure there are other links out there.  Go google them for yourself.

Now my take on all of this:

Something that bears remembering is how the Hugo nominations work.    Anyone (and I do mean *anyone*) with $40 or $50 can purchase an associate level membership to WorldCon and nominate their choice for the Hugos.  That’s it.  It’s a popularity contest, decided by *the READERS and FANS* of the SF&F genre.

How did Vox Day and Larry Correia and other such “controversial” authors make it onto the ballot this year?   Fans.  Their fans voted them there.   That’s it.

Now, as to whether the Hugo administrators should *let* someone with controversial views onto a ballot, I am firmly in the camp of “if the votes are there, they’re on the list”.

Where has SF&F genre fiction gone when something as trivial as contrary political or social views of an author, or even a book, leads to such an outcry of “burn him!” within the fandom communities?

SF&F is about pushing boundaries, testing ideas, playing with mores and social constructs, expanding horizons.   It is also, and much more importantly, about entertainment.

Each of us, as a purchaser and reader, must make a value judgement when we set out to exchange our energy for the energy of the author.   Energy in the form of our money and his effort to put a story down on paper.   We have to ask ourselves if the return we get from this book, be it entertainment, education, etc..  is of more value to us than the energy (ie.. money, time to drive to library, etc..) we must expend to acquire it.

If not, then don’t.  The reason, outside your own decision, is irrelevant.  It simply does not and can not matter to another human why you made that choice.

The people screaming from the top of the blogosphere with all their voice and pageviews about these two and a few select other authors have done just the opposite of what they want to happen.  They’ve given them a platform and a notoriety they otherwise would have had to expend significant amounts of their own energy to attain.

Calls for boycotts, ‘approved’ and ‘disapproved’ lists for awards or conventions or panels, reeks of McCarthyism.  “He doesn’t toe the line on XYZ! Burn him!”.

I had hoped that in 2014, we were beyond that.  I had hoped that, finally, in an era of communications technologies undreamed of by the greats of SF&F just two generations ago, we had gone beyond the nanny-ism I’m seeing.   “He offended me!  Make him stop!”

So I say to you, read what you want to read.  Recommend what you want to recommend.  Complain about what you want to complain about.  I’ll defend you to any power you name.  But gods help you if you deny my right to do the same.


Where is everyone?

Filed in Uncategorized

I’ve always hated those “where have I been?” posts bloggers make when they don’t update for a while.  It is a new year, however,  and I have yet to inflict sufficient pain on all of your to get your brains moving. So, without further ado, here’s where I’ve been!

Since my last post in August, I’ve been laid off (something about not needing *two* linux/unix experts in a department almost entirely focused on Windows / HyperV virtualization) and had a 2 month vacation.

I’m still working in the VOIP world, but for a smaller, more agile company that doesn’t have a lot of legacy analog telco baggage in the way it does things.  It feels a lot like working for $weatherandclimatereportingwebsiteandtvnetwork.com again.

I’ll have a lost more to post as I dive deeper and deeper into the wonders that are Amazon private clusters, distributed storage, cloud front caching, and (joy of joys) wordpress (don’t ask).

So sit back, relax and enjoy the ride.  Or I’ll strap you to the fender and play bumper cars.

On shopping online and the shortsightedness of giants.

Filed in retailTags: , , , ,

Where’re JC Pennys and Sears when I need them? I have, for the first time in my 41+ years of life, ordered clothes from Amazon. I’ve bought dozens of geek-t-shirts and “specialty” adornments from online retails for years. But never have I bought something as plebeian and normal as blue-jeans online.

Back in the nascent days of the internet, both JCP and Sears were the gods of mail order retail. They had the store fronts, return depots, logistics, IT infrastructure, everything in place. All they needed was a way to efficiently put their catalogs online. A digital storefront.

They both had the trust of over 100 years of catalog sales. Sears would sell you a fraking HOUSE through their catalog at one point. Everything Amazon and other retailers had to struggle for years to do JPC and Sears already had in place.

What was their response to this new fad, the internet? They saw, for the first time, legitimate competition and market loss so they packed up their toys and went home. They gave up instead of competing. And now they’re both marginalized, inconsequential retailers struggling to stay open.

How different would the landscape online be if either or both of those retail giants had done something as simple as put their catalogs online?

A bit of fiction: “Wizards”

Filed in FictionTags: ,

This is rough, off the top of my head, stream of consciousness and unfinished. Will finish it later. But thought I’d share:

The long bearded, corpulent man grunted and hummed as he removed the chain from around his kneck. Hanging from that chain was a small amulet, shiny with the sigils of it’s maker upon it in indeilible ink. He moved the puck around the surface of the table, occasionally stopping to point at a particular image or sigil on the screen. Satisfied with the configuration of symbols before him, he inserted the amulet, or “key” as he called it, into the receptical on the front of the steel case next to the table.

Almost as if by magic, additional symbols appeared before him. With the sure confidence of a grand master of his trade, his hands few across the keys, typing incantations in a language that appeared almost, but not quite, english.

With a flourish and a firm snap, he hits the “enter” key and submits his request, nay, his demands, to the powers that inhabit the spaces in between. A cybernetic space of electron clouds and magnetic particles where the knowledge of the human race floats, ready to be “wikied” and “googled”.

(to be continued)

Click to view/hide
Click to view/hide
August 2018
« Feb