Scott's Weblog The weblog of an IT pro specializing in virtualization, networking, open source, and cloud computing

Zero-Day IE Exploit

This article discusses a newly-discovered zero-day exploit for Internet Explorer, including IE on fully-patched Windows XP SP2 systems. (Apparently, only Windows Server 2003 with the Enhanced Security Configuration is immune.)

(Read more...)

Just About Ready

This new blog is just about ready for public consumption. I just finished configuring the permalink structure so that all posts have a static URL, using a pretty common structure that includes the date of the post in the URL. (This seems to be a reasonably well-accepted practice.)

(Read more...)

Sony Keeps Digging Itself Deeper

The furor over the rootkit technology used by Sony in their DRM software continues to grow. After Mark Russinovich unveiled the truth, Sony released a patch that supposedly allows for the DRM technology to be uninstalled. Of course, Mark reviewed the uninstallation, and he found it left a little bit to be desired (putting it mildly). Basically, it left you at risk of a blue screen of death. And Mark’s not the only one not satisfied—this article cites several other security experts as well who are not happy with this situation.

(Read more...)

Can Somebody Help Me With MapFS?

A pair of recent articles (this article at eWeek and this article at NewsForge) have me a bit perplexed. What’s the real value of MapFS? I know I have to be missing something here. Somebody send me an e-mail and explain it to me, or give me an example (other than the Live CD example mentioned in one of the articles above) of how this could be used effectively.

(Read more...)

It Was Bound to Happen

To a certain extent, I agree with the belief that operating systems and applications that don’t have a significant market share like Windows, IIS, and Exchange won’t get targeted as frequently and therefore will have a “better” security track record. I don’t agree that this is the only reason that Linux, Mac OS X, and others haven’t seen as many security vulnerabilities and the oh-so-fun network worms that invariably accompany them. But I will agree that as these alternatives gain in popularity, more hackers are going to target them.

(Read more...)

Current Tech Projects

Every now and then, I like to post out here a list of my current “tech projects.” These are the things that I’m working on for my own network, things that I may or may not start recommending to or supporting for customers.

(Read more...)

OpenBSD pcn0 Driver Issue Resolved

Well, sort of resolved. I was never able to make the pcn driver (from OpenBSD 3.8) actually work under VMware, but I did find information on how to disable the pcn driver and revert to the older le driver.

(Read more...)

Rootkit Technology in Sony DRM

A very in-depth article by Mark Russinovich unveiled that DRM technology shipping with recent Sony BMG CDs actually installs rootkit components onto your system. Now, I don’t know about you, but I don’t like the idea of a vendor unknowingly installing software on my computer(s) that contain rootkit components—especially when those rootkit components could be used by malicious software packages to hide themselves.

(Read more...)

Small OpenBSD 3.8 Speed Bump

My attempts to deploy the latest version of OpenBSD, version 3.8 (released yesterday), have run into what I hope is only a small speed bump.

(Read more...)

LSB Recognized by ISO

News surfaced today that the International Organization for Standardization (ISO) has approved the Linux Standards Base (LSB) as an international standard. The LSB 2.0.1 core specification has been accepted by the ISO and will be published as International Standard 23360.

(Read more...)