Found on Full Disclosure, a weired but troubling connection of two security affairs : the OpenBSD backdoor rumor and the stuxnet worm.
Wow, this article and especially one of its comments saved my day.
My computer crashed and one of the VMware machine hosted on it could not start anymore :
“Cannot open the disk ‘path of vmdk’ or one of the snapshot disks it depends on.
Reason: the specific virtual disk needs repair.
Checking on the VMware forums, I quickly found the command that was supposed to help :
$ vmware-vdiskmanager -R /path/to/disk.vmdk The virtual disk, '/path/to/disk.vmdk', is corrupted but the repair process has failed.
Damned ! I almost resigned restoring the last backup and loosing a week of work when, by chance, I found the article mentioned above.
As recommended, I downloaded the Virtual Disk Development Kit 1.2 from VMware, untared it and still doubtfully launched :
$ ./bin64/vmware-vdiskmanager -R /path/to/disk.vmdk The virtual disk, '/path/to/disk.vmdk', was corrupted and has been successfully repaired.
Saved! Thanks so much to the guys. I would have never thought about trying it, I wonder how they could find it.
But how is it possible that the utility coming with vmware workstation 7.1 suck so much and is not on par with other versions ?
Well, following a suggestion from my wife, I decided to bring up a mascotte for this website.
I admit that it was a lot of fun playing with Gimp and Inkscape, which are really great tools.
So please welcome our new little spiky friend :
I hope that you have nothing against hedgehogs, which should be inspiring the security industry !
Tomas Touceda advertised a new project on Full Disclosure.
The idea sounds good, so I will keep an eye on this very interesting project.
Though I would like to know more about the methods that were used for encryption and stenography.
Code and explanations are on the ESFS project homepage.
Beyond the pratical usage, I wonder if it can offer anyhow better resistance to statistical analysis that usually defeat stenography. The author addresses partialy the point on the mailing list:
What I meant with hide is that, since it uses the LSBs, you can pick
any image, and “find data” in them, so it makes it a little bit harder
to know where you actually have data, and if you really do.
To this, a reader named stormrider pointed out an interesting research document (PDF), which is a state of the art of the limitations of stenography and the attacks against it. Is it really a dead-end ?
This is indeed a very interesting field of research.
Ravan is a new password cracking tool based on Javascript.
Wait, what ? Javascript ? Yes, as the author explains, modern Javascript engines are not so slow anymore, and in addition HTML 5 brings a new “feature” with webworkers which allow the browser to run Javascript in the background (e.g without waiting on the page executing the script).
Combine it with several computers connecting to the same page executing a password cracking script and you get easily quite a powerful distributed password cracker.
Visit this page for more details.
Interesting article on the latest Apache and ModSecurity techniques to prevent DoS HTTP attacks.
The attacks are well explained. I personally knew about Slowloris but didn’t about RUDY and post attacks.
How the hell is it possible that after so many months, the fix for OpenSSL renegociation has not been yet included in either Chrome (6.0.4) or Opera (10.61)? I haven’t tested other browsers though, except Firefox which at least has fixed the issue since several months.
Console-Kit spawns 35 threads on my system, which is a waste considering that I use at most 7 vty. But it is definitely useless on a server (you don’t need fast switching stuff). Dbus and Hal are also not useful on a server and consuming resources for nothing.
Unfortunately, they are settled with the default basic installation and they have some dependencies (e.g the kernel and zypper) that make them impossible to simply uninstall .
Here is a way to at least deactivate these services at startup on openSUSE 11.2 (it might also work with 11.3).
First, ConsoleKit is not a standalone daemon anymore on the latest versions of openSUSE. It is started along with dbus (you will see that if you stop dbus, all the ConsoleKit thread will magically vanish).
But trying straight to remove dbus from the startup doesn’t work, because of dependencies among services. On my system, it complained like this:
# chkconfig dbus off insserv: Service dbus has to be enabled to start service bluez-coldplug insserv: Service dbus has to be enabled to start service network insserv: Service dbus has to be enabled to start service haldaemon insserv: Service dbus has to be enabled to start service earlyxdm insserv: exiting now! /sbin/insserv failed, exit code 1 [1] 7954 exit 1 chkconfig dbus off
So, let’s remove the bluetooth stuff:
# zypper remove bluez
Then, we just deactivate the services that can’t uninstalled:
# chkconfig earlyxdm off # chkconfig network-remotefs off # chkconfig haldaemon off
You will probably want to keep the network service on, otherwise your configurations scripts won’t be read anymore. In fact, we will just edit the dependency of the startup script itself, by editing /etc/init.d/network and editing these lines:
# Required-Start: $local_fs dbus # Required-Stop: $local_fs dbus
What we do is just deleting the dbus word, so that the script section looks like it:
### BEGIN INIT INFO # Provides: network # Required-Start: $local_fs # Should-Start: isdn openibd SuSEfirewall2_init # Required-Stop: $local_fs # Should-Stop: isdn openibd SuSEfirewall2_init # Default-Start: 2 3 5 # Default-Stop: # Short-Description: Configure the localfs depending network interfaces # Description: Configure the localfs depending network interfaces # and set up routing ### END INIT INFO
Now we are done and we should be able to definitely turn dbus off:
# chkconfig dbus off
Bingo! I didn’t monitor the memory precisely, but I believe I saved around 50 MB, which is always welcomed on a small server.
I don’t know if it is the best way – I may have missed something – however I am pretty happy as it now works as I wanted. Please let me know if you have a better tip.
