Category Archives: Security

So much noise from Google about the attacks in China !?

And Google is making so much noise about that ?

If what is said is true, it nothing else but a trojan. A good one, but nothing new otherwise.

I would also say that the most targeted company was Microsoft. After all, it was an Internet Explorer 0-days breach that was exploited. Once the computer was infected, I bet that the trojan was doing much more than just targeting Gmail. To maximise the chance of an attack to succeed, a good trojan comes with a bunch of functionalities and harvest as many things as possible on the computer. Thus I doubt the target was only Google.

As Steve Ballmer said (hey, I didn’t think I would ever quote him here ! :D ), it happens every day. And it must not be something new in a country like China. And suddenly, Google cares ? Whereas they quietly applied censorship in China until then ? I always become suspicious when a multinational company claims it cares about human rights to the detriment of its business.

Maybe Google is just really wanting to get out of China for some reason (not so popular there with the competition of Baidu?) and is looking for an excuse. More details will certainly be coming so time will tell…

SSL/TLS RFC updated against CVE-2009-3555

A solution has been finally brought up to fix CVE-2009-3555 and the temporary solution that broke client authentication.

At least, the IETF agreed on a fix as Marsh Ray informs us, though it will still take some weeks for the whole validation process to complete.

Moreover, as it requires both the servers and the clients to be patched, it will take months before the patches can be applied and one can have a working client authentification architecture. The longest will be the client side, of course, so I feel sorry for those who have a large park to manage.

As far as I am concerned, fortunately, I will just have a few browsers that I manage directly to update. Anyway, still more patience is needed !

Netios 0.71

I release a new version of Netios : 0.71.

There are a lot of changes, starting with cosmetics, but the biggest one is the support of multiprocessing.

It is now able to process several routers at the same time, so using it on a large list of machines results in a big speed up.

A downside is that it now requires at least Python 2.6, as multiprocessing started to be supported with this version only. Most Linux distributions now include Python 2.6, but still not all. Anyway it will be more and more the case. If you can’t uprade your distribution, you can stick with 0.60 which still do most of the work fine.

It is also now able to fetch a configuration file remotly, but it requires more testing before I feel confident in the way it works.

The complete changelog :

2009-12-20  (0.71) phocean ;

2009-12-20  (0.71) phocean ;

* ciscoclass.py : handle correctly the cisco pager — More — so that “show run” mode should work even with large config files
* sshclass.py : allow to override terminal size system settings (make use of the cisco pager to avoid filling the buffer)

2009-11-16  (0.70) phocean (private release)

2009-11-16  (0.70) phocean (private release)

* implement multiprocessing
* improve code documentation
* clean up UI
* reduce useless logging
* netios.py : bug : missing startTime parameter in f_skip_error and f_command functions

I cross my fingers so that there are not too many bugs, but if so, please don’t forget to report it to me.

Check there (tools page) for more details and a download link.