看了 Slashdot 這篇報導差點沒 !@#$%^ 罵出來:Windows 2003 and XP SP2 Vulnerable To LAND Attack。
LAND attack… 八年前的東西了 -_-
Category Archives: Security
Security :p
UnHash
Bank of America 的後續
在紐約時報上提到了 Bank of America 資料遺失一些更完整的消息:(Bank Loses Tapes of Records of 1.2 Million With Visa Cards)
Bank of America said yesterday that it had lost computer backup tapes containing personal information about 1.2 million federal employees, including some senators, with Visa charge cards issued by the bank.
除了個人資料以外,連信用卡卡號都…
PS:關於 Visa charge card 的說明,可以在台灣 Visa 網站找到:認識Visa商務卡。
The Art of Computer Virus Research and Defense
在 TaoSecurity 看到 The Art of Computer Virus Research and Defense 這本書,看起來 (看 Customer Review) 相當有趣啊,列入書單…
向使用者敲詐
在 Boing Boing 看到 ISP 向使用者敲詐的新聞:Paying Canadian teclo an extra $50 makes IRC and ftp secure, somehow,事情的起因是這樣的:
Ports used by such ftp, telnet and IRC servers, among others, have been blocked. According to Telus, ‘These security measures are designed to reduce illicit traffic.’
換句話說有點像國內某些學校的搞法?*grin*
不過呢,你可以選擇被敲詐,這樣這些 port 就不會被 block 了:
But if home users upgrade to a business account (for $84.95 a month, rather than $29.95) the blocked ports magically become unstuck. There’s no mention, however, of increased security measures in the upgraded business accounts. Interpret this how you like.
Spybot Result
這不是我的電腦 (我不跑奇怪軟體、不用 IE 看網頁 :p),只是我更新了一下 Spybot 然後掃一掃而已,看起來還蠻壯觀的 -_-
OpenVPN
OpenVPN
有人試過在 FreeBSD 上使用 OpenVPN 2.0rc16 + natd 的嗎?(用 dev tap 或是 dev tun 都可以)
我現在的問題是,client (10.8.0.2) -> natd 正常、natd ->> Internet 正常、Internet -> natd 正常,但是 natd 到 client 傳不過去。
用 tcpdump 檢查,發現 tap0 與 tun0 都沒有封包,用 ping 直接 ping client 10.8.0.2 發現不會通,而且 tap0 與 tun0 都沒有封包…
看起來是 FreeBSD routing 的問題 (跟之前 gif0 的問題超像),弄到我快起笑了 -_-
Bank Of America
在 Slashdot 看到 Bank Of America Loses 1.2 Million Customer Records,而造成資料遺失的原因是備份要送到 Backup Center 時不見了 (喂喂),引用 CNet 的 Bank of America loses a million customer records:
A “small” number of backup tapes with records detailing the financial information of government employees were lost in shipment to a backup center, Bank of America said on Friday.
微軟的 Anti-spyware 願意賠償 bug 所造成的損失?
Slashdot 報導「Microsoft Will Pay If Its Bugs Damage Your Data」,不過原來在 CNet 的標題更機車:「Microsoft offers $5 windfall for errant software」XD
不過光看標題是不夠的,內文是:
According to the AntiSpyware Beta end-user license agreement (EULA), Microsoft will reimburse direct damages up to $5 for problems associated with the new downloadable tool that wards off spyware, adware and any other “potentially unwanted software.”
只有 AntiSpyware,歸類到 Joke 去 -_-
這讓我想到「每當機一次就賠 USD$1」的笑話 :P