Fleximus Blog http://www.fleximus.org/blog Articles to *BSD, networking stuff and computer security plus other fancy stuff in my blog en-en Felix Ehlers Wed, 08 Sep 10 22:23:10 +0200 pfSense mirror in Germany http://www.fleximus.org/blog/2010-07-28/0x46/pfsense-mirror-in-germany pfSense in Germany. As of this writing Fleximus is the only mirror located in Germany.

pfSense is a customized firewall and router distribution with FreeBSD under it's hood. pfSense started as a fork of the m0n0wall project in 2004.]]> Wed, 28 Jul 2010 00:00:00 +0200 http://www.fleximus.org/blog/2010-07-28/0x46/pfsense-mirror-in-germany Playstation 3 exploit released to the public http://www.fleximus.org/blog/2010-02-01/0x44/playstation-3-exploit-released-to-the-public George Hotz alias geohot released his playstation 3 exploit to the public. It gains control of the hypervisor which could be used to run pirated PS3 games and game backups on the hacked machine.

You can find more details in his blog and also an article which explains what the exploit does for the less technical people.]]> Mon, 01 Feb 2010 00:00:00 +0100 http://www.fleximus.org/blog/2010-02-01/0x44/playstation-3-exploit-released-to-the-public Squid vulnerable to DoS attack: issue in DNS handling http://www.fleximus.org/blog/2010-02-01/0x43/squid-vulnerable-to-dos-attack-issue-in-dns-handling

Vulnerable versions


Squid still using the obsolete dnsserver are not vulnerable.

The ignore_unknown_nameservers option affects the severity of this vulnerability. When set to "on" (the default) risk is low. When set to "off" the vulnerability risk is increased.
All unpatched Squid-3.0 versions up to and including 3.0.STABLE21 are vulnerable.
All unpatched Squid-3.1 versions up to and including 3.1.0.15 are vulnerable.
All unpatched Squid-2.x versions are vulnerable.

Workarounds


Using all of the following steps are required to protect a vulnerable Squid from this and other forms of DNS attack.
  • Ensuring the ignore_unknown_nameservers is turned on.
  • Ensuring that DNS packets cannot be sent to Squid from untrusted nameservers or other machines.

The most secure implementation of these requirements is to use a nameserver running on the localhost IP dedicated for secure use by Squid and any other services on the Squid machine.

Link to full advisory


http://www.squid-cache.org/Advisories/SQUID-2010_1.txt]]> Mon, 01 Feb 2010 00:00:00 +0100 http://www.fleximus.org/blog/2010-02-01/0x43/squid-vulnerable-to-dos-attack-issue-in-dns-handling Avira malware extension stats for Jan 2010 http://www.fleximus.org/blog/2010-01-31/0x42/avira-malware-extension-stats-for-jan-2010 January 2010.

The most common extension used by malware is .exe (53.29%) followed by no file extension (18.99%) and the third place goes to .txt (10.37%).]]> Sun, 31 Jan 2010 00:00:00 +0100 http://www.fleximus.org/blog/2010-01-31/0x42/avira-malware-extension-stats-for-jan-2010 BSD magazine becomes free online publication http://www.fleximus.org/blog/2010-01-10/0x41/bsd-magazine-becomes-free-online-publication BSD magazine announces that the BSD Mag is now becoming a free monthly online publication. You can sign up to their newsletter and get every issue straight to your inbox.]]> Sun, 10 Jan 2010 00:00:00 +0100 http://www.fleximus.org/blog/2010-01-10/0x41/bsd-magazine-becomes-free-online-publication