Posts tagged with: security

Links of interest for 26 Jul 2010 - 6 Aug 2010: Using Oracle® Solaris 10 to Overcome Security Challenges - A great whitepaper that briefly explains and demonstrates a lot of the great security features Solaris has. This isn't a HOWTO, but more of a "look what we can do document". Well worth a read, even if you are a seasoned Solaris expert - you may just find a "I didn't know that" moment. Official Google Blog: Update on Google Wave - Good-bye Wave. I used you once to see what the fuss was all about and then promptly forgot... Continue reading ►

July this year saw Solaris starting to comply with Oracle's standard practice of releasing quarterly Critical Patch Updates (CPUs) containing security fixes. Unfortunately, it also saw Solaris complying with Oracle's policy to not actually provide a correlation between CVE numbers and the corresponding patches in the CPU itself (CPU July 2010). This naturally caused a lot of uproar in the Solaris install base with a lot of big customers very upset. Oracle have listened and a CVE-to-Patch list has now been released for the July 2010 CPU. Apparently the actual CPU will be updated to reflect this mapping too, ... Continue reading ►

Many people don't run the SSH that comes with Solaris 9 and later on their Solaris hosts, instead opting for OpenSSH or one of Tectia's SSH products. Some don't like SunSSH's versioning, as it makes it hard to determine if SunSSH is vulnerable to the same issues as OpenSSH (most often it's not or the issue has already been addressed), others rely on features on OpenSSH that haven't made it into SunSSH (there aren't many) and then there are those who's corporate guidelines only allow for a third party solution - probably for uniformity across platforms. Whatever the reason, all of these people are security conscious so they may also have an auditing (aka BSM) requirement too, and this is where the problem comes to light: they soon discover that it appears that not all events are being recorded for users who connect via this third party SSH software. Thankfully it's easy to get OpenSSH working with Solaris auditing thanks to the very generous code contributions made by Sun to the OpenSSH community, way back in 2001, that were finally included in OpenSSH 4.0 and later. However, despite these contributions, people still miss the details on getting BSM working as they expect and this is what I'll address here. Continue reading ►

Links of interest for 9 Mar 2010 - 21 Apr 2010: C language inventor spurns Google's language exam - Hey, maybe Google has a point, maybe Ken's gone crazy and forgotten everything, but highly unlikely. Apache Foundation Hit by Targeted XSS Attack - Wow!! What a detailed account of what happened. It's quite refreshing to see such an open account of a system hack. Nobody Killed OpenSolaris — Stop the FUD! - Nice to see someone outside of Sun/Oracle is actually seeing sense. Multicore requires OS rework, Windows architect advises - Errmm, I must be missing something here: doesn't Solaris... Continue reading ►

Links of interest for 27 Jan 2010 - 14 Feb 2010: eWEEK's Top 25 Technologies Of The Decade - Including Solaris 10 - "During the latter half of '00s, Sun Microsystems' Solaris 10 sat at the leading edge of operating system technologies, with unique capabilities that include Containers virtualisation, Dtrace system instrumentation and the ZFS file system. Solaris 10 also helped put a stamp of inevitability on the x86-64 architecture and on the open-source-as-a-platform licensing strategy." UK Govt Say "No Evidence" IE is Less Secure - Or more precisely, "There is no evidence that moving from the latest fully patched... Continue reading ►

Links of interest for 26 Sep 2009 - 14 Oct 2009: xkcd - Static - Hee hee hee Guest Account Bug in Snow Leopard Causes Data Loss - Ooops. Just as well I disabled this account a long time ago. MySQL ex-CEO tells EU to let Oracle buy Sun - Some very valid points here. Lets hope the EU listens and pulls finger. Their heel dragging is causing more harm than the acquisition would. Is cloud computing the Hotel California of tech? - Good point. I've not embraced "cloud computing" in this sense as I don't really need it, but... Continue reading ►

Links of interest for 28 Aug 2009 - 1 Sep 2009: Apache.org Compromised via stolen SSH keys - Best bit: "... we restored from a ZFS snapshot to a version of all our websites before any accounts were compromised." Now how's that for an advertisement for Solaris and ZFS? Oracle is likely to sell sun's hardware business to hp - The Inquirer - [Updated: My initial comments here have been removed as I may give people the idea that I actually have insider info on this. I DON'T.] New attack cracks common Wi-Fi encryption in a minute - ... Continue reading ►

Links of interest for 20 Jul 2009 - 15 Aug 2009: HTML5 Canvas and Audio Experiment - This is a brilliant display of some of the cool things you can do in HTML5 (Requires a browser that supports HTML5 like Firefox 3.5) How To Hijack 'Every iPhone In The World' - Oooops. Just as well I don't have an iPhone. Why does 1.6 beat 4.7? - BestPerf - People always forget the details, and it's often these details that competitors deliberately leave out too. Triple-Parity RAID-Z : Adam Leventhal's Weblog - ZFS has just got triple-parity RAID-Z support. Why? Alan... Continue reading ►

Links of interest for 12 May 2009 - 1 Jun 2009: Sun Security Toolkit at OpenSolaris.org - The SST (aka JASS) is now open source (under CDDL) and available for OpenSolaris too. Parallel Patching for Solaris 10 - Chris Armes's Weblog - This is a godsend if you've got a system with a lot of zones that needs patching. You can expect patch for patchadd for this sometime in June so you can get parallel patching before S10u8 What's New in OpenSolaris 2009.06 - The presentation slides used by Peter Dennis at Community One Sun seeks to build world's biggest... Continue reading ►

From the diary of ISC yesterday: While I'm aware that ISC readers probably don't have to be told, let's nevertheless try again to get the word out: If you are running any SSH server open to the Internet, and your usernames and passwords aren't at least 8 characters or so, your box is either owned by now, or about to be. It doesn't matter one bit what sort of device it is - those who run these scans have proven to be equally apt at taking over a Cisco router as they are at subverting an iMac. My own router... Continue reading ►