It appears that if you are running Windows XP Service Pack 3 and using ZoneAlarm firewall software, when you install patch KB951748 (MS08-037) that came out yesterday’s “patch Tuesday” bunch, it breaks ZoneAlarm. You cannot access the Internet until you either uninstall the patch or turn off ZoneAlarm. This patch is related to the DNS poisoning exploit that came out recently, so it should be applied. What to do? Well, one suggested workaround (other than the two mentioned above) was to lower the security settings to medium in ZoneAlarm. At least then you don’t have to disable it entirely. Another suggested fix has been to leave ZoneAlarm at High and set the Internet Security Zone to Custom and add the following rule “Allow outgoing TCP Ports:80,443″. I cannot verify that these fixes work, I don’t use ZoneAlarm myself, but others hit by this problem have had success with them.

Here is the Microsoft link with information about the patch:

http://www.microsoft.com/ … /ms08-037.mspx

Here is the official link from ZoneAlarm about the problem:

http://download.zonealarm.com/ … /LossOfInternetAccessIssue.html

Another goodie from Slashdot:

“folks at GNU Citizen have been researching UPNP Vulnerabilities in home routers, and have produced a flash swf file capable of opening open ports into your network simply by visiting an unfortunate URL. Looks like Firefox & Safari users are safe for now.”

Wow.

Yet again my preachings of security ring true.  Vulnerabilities can hide anywhere!  This one is in an update tool from HP/Compaq.  Be careful!

Read more at Slashdot!

Anyone that reads much on this site will see a theme in many of my posts and articles, where I stress security quite a bit. Here is a prime example of security being the job of everyone, users and system administrators alike. Here is a snippet of an article from ars technica:

“Hackers successfully infiltrated Oak Ridge National Laboratory (ORNL),
one of the nation’s leading military research facilities. The attackers
gained access by sending e-mails infected with trojan horses to ORNL
employees. The lab claims that no classified information was retrieved,
but admits that the perpetrators managed to acquire a database
containing personal information about ORNL visitors and employees,
including Social Security numbers.”

Yikes! Read more about it …

I found an article today that I thought might be worth mentioning. It’s an interesting, if not scary read to say the least, but mainly I wanted to use it’s content as an example or reason for some of the stuff I preach here. The article is from ars technica, a great site, and it provides some sobering information about data loss. In fact, they tally up some numbers to find that in under three years, 159 million personal records have left the building. Yep, you read that right. Where am I going with this? Well, this is exactly why you would want to follow good system administration practice and secure your servers, you know actually manage them. Keep your data safe, use common sense, follow the rules and don’t break the rules just because it’s more convenient to leave telnet running and have a root password of dog. You for sure don’t want your own data captured by the nasties, and when you take hold of some customer’s data, you are taking the responsibility to keep their data safe too, as if it were your own. Don’t wind up a statistic, secure those servers, and in the words of “Madeye” Moody, practice constant vigilance!

Passwords, and why the heck are they so important?

Everyone has passwords, some have only a few, and some of us have bunches of them. In some cases, literally hundreds or thousands to manage, and let me tell you it’s a pain in the rear. However, password management is not the main thing this article is about, although it pertains to the subject. No, what I want to talk about today is the area of good passwords, strong passwords, passwords that will defend your server and shun any attack by the bad guys that try to get in while you are away playing Quidditch. I have seen lots of passwords in my day, and let me tell you that there are lots of servers that could be compromised using either “ncc1701″ or “corona”.

Read the rest of this entry »