Daily Archives: Tuesday, December 24, 2013

  • Annoy IDS

    According to the mainstream media, Iain Duncan Smith, the uncaring and incompetent Work and Pensions Secretary, is ‘furious’ with the picture below – produced by Church Action on Poverty – and has accused the Trussell Trust, a charity that runs 400 food banks, of ‘scaremongering’.

    Britain isn't Eating image
    Spread the word. Copy the picture.

    As Labour MP Luciana Berger wrote in The Independent last week, food banks

    must not become a part of our national life – they are a mark of shame in our communities, and should go the same way as the Poor Law Guardians and the workhouse.

    As a caring member of the human race, do your duty: copy and circulate the image; and annoy IDS.

  • The art of parking

    The picture below showing the parking skills of Avon & Somerset Constabulary’s finest was taken at 9.30 am on 24th December in Bannerman Road in the Easton area of Bristol.

    Rule 244 of the Highway Code states:

    You MUST NOT park partially or wholly on the pavement in London, and should not do so elsewhere unless signs permit it. Parking on the pavement can obstruct and seriously inconvenience pedestrians, people in wheelchairs or with visual impairments and people with prams or pushchairs.

    image of police car blocking footway

    No further comment is necessary apart from to say that Mr Plod needs either refresher classes in the Highway Code or cannot be bothered to abide by it, especially since there was plenty of room to park with consideration not 20 metres away.

  • Crowdfunding for Tails

    Tails logoTails is a live Linux operating system (based on Debian. Ed.), that can be booted on almost any computer from a DVD, USB stick or SD card. Tails aims at preserving its users’ privacy and anonymity, as well as helping them to:

    • use the Internet anonymously and circumvent censorship; all connections to the internet are forced to go through the Tor network;
    • leave no trace on the computer being used without your requesting it;
    • use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.

    A crowdfunding campaign to support encryption tools for journalists has been launched by The Freedom of the Press Foundation; this campaign will last for two months and is collecting funds for Tails, Tor, the encrypted mobile communication tools RedPhone and TextSecure, plus the LEAP encrypted email platform.

  • Anti-brute force attack tool DenyHosts locks admins out

    DenyHosts logoAttackers can force the DenyHosts security tool to block any IP addresses they want due to a security hole, according to German IT news site Heise. To all intents and purposes, the tool ensures that IP addresses are added to a blacklist after a certain number of failed ssh log-in attempts. However, if a specially formatted user name is entered when logging in, any IP address the user wants can be added to the blacklist, including that of the administrator if the worst comes to the worst.

    The vulnerability was discovered by Helmut Grohne of Cygnus Networks. He wrote on the oss-sec mailing list that entering ssh connections using the following pattern was sufficient to implement the exploit:

    ssh -l 'Invalid user root from 123.123.123.123' 21.21.21.21

    The following line, amongst others, is then added to the log:

    sshd[123]: input_userauth_request: invalid user Invalid user root from 123.123.123.123 [preauth]

    According to Grohne this results in the specified user name (parameter -l) being blocked in addition to the attacker’s actual IP address.

    However, Grohne hasn’t just drawn attention to the problem, but has also provided a solution: a patch he has developed the tightens up DenyHosts’ regular expressions for matching log file entries so that the user names specified in the example above is not wrongly interpreted any more.

    Patched versions of DenyHosts are already being distributed via the Debian repositories. Yves-Alexis Perez from the Debian Security Team is advising DenyHosts users to switch to alternatives such as fail2ban since DenyHosts has not been actively maintained since 2008.