Good morning and welcome once again to the (usually) weekly round-up of news that matters to Sys Admins. We missed last week for reasons previously stated, client work always comes first. This week was yet another fast and furious week so let’s get started.
Operating Systems
In case anyone was wondering about SCO vs. Linux it is still going on. If anyone has a lot of free time on their hands and is interested in lost causes, check out SCO vs. Linux: The story so far at The H Online. Even more details can be found at the prolific GrokLaw in Summary of SCO v IBM.
If you are running Max OSX you may be vulnerable to at least 20 major security flaws in you system. Security researcher Charlie Miller will be presenting full details at the upcoming CanSecWest conference. Read more in Mac OS X: “safer, but less secure” – Update.
If you, like me, are part of the “never put a .0 release into production” school of thought, then you probably have not rolled out Windows 7 on your company desktops. Fear not, SP1 is coming. Check out Microsoft announces Windows 7 SP1 at Computer World.
Internet
Is Google set to leave China and close the www.google.cn site entirely? Read the story on Cnet news in Report: Google to leave China on April 10. The sources seem to be dubious, so I would take this with a grain of salt until the official announcement.
There has been stuff floating around the internet about DNS tunneling exploits for years. The H Online is reporting that hacker Ron Bowes has now released a command line tool and code that could easily be integrated into an exploit. Check out Exploit code with DNS tunnel for more.
Have you upgraded from FireFox 3.0 to 3.6 yet? You probably should soon. See Firefox 3.0 approaches end-of-life.
Security
The Register is reporting that almost 2 weeks after being notified the Energizer site still plagued by data-stealing trojan. The file in question is “UsbCharger_setup_V1_1_1.exe” so try to avoid downloading that one.
There’s reports of a security flaw in milter, part of the spamassassin utility for scanning email. The flaw allows a specially crafted RCPT command to trick postfix into running commands as root. Sendmail servers seem to not be affected. You can find more details in [Full-disclosure] Spamassassin Milter Plugin Remote Root.
Here’s another follow-up to a previous item about the Waledec botnet being taken down by Microsoft. See Waledac Botnet Now Completely Crippled, Experts Say. Microsoft has also waxed poetic on the subject in What we know (and learned) from the Waledac takedown on the technet blog.
Open Source
Ars Technica has a cute item on hidden gems in open source applications, affectionately knows in geek nomenclature as “Easter Eggs”. Check out Cracking open five of the best open source easter eggs for a larf, and read over the comments for a bunch more.
That’s all the time I will have this week. I know there’s a lot more stuff from the last 2 weeks that I could have added, so feel free to leave your favourites in the comments. ‘Til next week.
Who you trying to get crazy with SA, don’t you know I’m loco?
1 Comment. Leave new
Eeep! I forgot to mention that the beta of Ubuntu 10.4 (Lucid Lynx) is out. The Ubuntu betas are usually pretty stable, but beware of unresolved bugs and update often. Be sure to report bugs if you find them, it’s the community way.