Chronophage.net Blog

So…

It’s been awhile.

Recently, I’ve decided to make sure that all of my servers were IPv6 addressable. This was made infinitely easier by working at a forward thinking ISP. So a quick email to our network admin and bam! IPv6 routed to my vlan!
Now, what to do with it?

(continue reading…)

Maybe I’m in a children’s book mood while I wait for my daughter to be born, but that title popped into my head. It’s been awhile, sorry.

Anyways, I’ve got a semi-production set of virtual servers running on an ESXi machine, and I thought it was about time to firewall them off. One problem, firewalls are expensive. So I decided to set up a virtual firewall running pfSense.

(continue reading…)

“Sudo’s command matching routine expects actual commands to include one or more slash (‘/’) characters. The flaw is that sudo’s path resolution code did not add a “./” prefix to commands found in the current working directory. This creates an ambiguity between a “sudoedit” command found in the cwd and the “sudoedit” pseudo-command in the sudoers file. As a result, a user may be able to run an arbitrary command named “sudoedit” in the current working directory. For the attack to be successful, the PATH environment variable must include “.” and may not include any other directory that contains a “sudoedit” command.”
(From http://portaudit.FreeBSD.org/1a9f678d-48ca-11df-85f8-000c29a67389.html)

I actually read about this on Full Disclosure. This is very similar to an earlier exploit. Sudo is a great tool, but you always have to be *very* careful who you give sudo access to.

Certain…Parties… Have intoned I am  goofy for implementing weird “mail bouncy thing” that is sometimes frustrating and is a silly anti-spam technique. Well, that would be Greylisting, and while it’s weird, it also drops a lot of spam getting through.

(continue reading…)

It seems that they are being blocked. I called technical support and requested that the “Case be escalated.” From my limited experience, this seems to be an AT&T issue, as I can reach my Google Voice number from a landline, and I’m not getting a fast busy, or other such errors. If this is not resolved in 24 hours, I will be filing a complaint with the FCC and MN’s Attorney General.

People are so curious nowadays… Today I’ve received one NMAP ping from Colorado State (I’m guessing since I recently downloaded NMAP) and one “Version” query from ISC.org. Or at least, I think I have. Oh well, no harm done.

Say what you want about Kaminsky. I mean, the man is crazy. However, being on call when your employer, a regional ISP, reboots both the primary and secondary DNS servers, makes you appreciate how important DNS is in the grand scheme of internet things. Granted, his attack is fairly novel, but yeah… I’m glad ISC makes updating BIND nice and easy.

Where the hackers are crowing and exploits are flowing, seeding new ph34r.
It’s the most wonderful time of the year.
It’s the hap-happiest season of all,
when your software’s updating and admins are hating users not on the ball. It’s the hap-happiest season of all!

Seriously, can we spread out BH DefCon et al? I mean, not that I mind updating day after day…