Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Privacy

Journal: Charter Communications To Start AD Hijacking

Journal by Sillygates
Today, I received a letter from Charter Communications citing new 'enhancements' that they are planning on sending my way. In the body of the letter, they gave a basic description of deep packet inspection, and AD hijacking.

I have never been a satisfied customer with Charter, its the least reliable internet access that I have used in several years. This letter just adds to my disappointment.
Red Hat Software

Journal: Zeroday privilege escalation exploit In RedHat Linux

Journal by Sillygates
After fooling around with one of my freshly installed, fully patched Fedora linux systems, I found a serious flaw in autofs's configuration file, which can lead to lead to a local user gaining root access without a password in an "out of the box install".

After looking further into the problem, I realized that this configuration vulnerability also affects a default load of CentOS 5 (which is a direct clone of RHEL 5, RedHat's current enterprise linux platform). Coupled with a common PHP script vulnerability, this flaw might even open the door for arbitrary code to be executed as root, from remote, on a webserver.

While /net seems like a nice little feature, it allows any user, with access minimal access on a system, to mount remote nfs filesystems. Is that really the type of power sysadmins need to give to their users?

Life would be so much easier if we could just look at the source code. -- Dave Olson

Working...