Mitteilungen - Seite 4 - Frank Berger, IT-Dienstleistungen

10.06.200624.02.2011

I hate doing Webdesign

Web design is an subject of its own. Some designers do really cool things. Others always struggle to make an layout look the same in all kinds of web-browsers.

My problem with web design is most of the time - keeping the web browser from crashing :-D. I don`t know why and I don`t pretend to be an webdesigner... but especially CSS is my favorite... an "vertical-align: top;" at the wrong position and buff... you have a lot of fun with IE.

02.06.200617.01.2013

Freshmeat for the Weekend 22/06

VMware Server RC 1 (Build 24927) got released! It is free, so grab a copy and give it an test drive. I just want to outline two advanced topics:

Linked Clones is an concept to use one basedisk for several VMs. Changes made by the VMs are written to snapshot images. That helps you to safe diskspace when using a lot of VMs. You can read more on how to do linked clones with VMware Server in the following thread on VMTN.
Use arbitrary block devices as Physical Disks in VMs. VMware normally allows you to use /dev/sd* and /dev/hd* devices. So you may run in to problems if you wanted to use LVM, soft-RAID (md) or things like AoE (ATA over Ethernet). vmware-bdwrapper solves such problems. Read how to get vmware-bdwrapper working with VMware Server in that thread.

But VMware Server RC1 was not the only release you should check out, get the following things as well if you are interested:

Firefox and Thunderbird got out in version 1.5.0.4 including security fixes!
Finally WordPress is now at version 2.0.3.

23.11.200517.01.2013

22C3 is coming up

Wow, the end of 2005 is coming, so - same procedure as every year :-D
In my case that will be the 22nd Chaos Communication Congress. Just finished booking the train ticket and hotel.

The line-up of interesting talks is quite overwhelming this year. There are a lot of talks about buffer overflows and related topics - I am very curious about new approaches and developments concerning that craftwork...

The degree of collateral damage for this years congress will also be very amusing :-D. Last year we got a mass defacement for over 18.000 websites. Well nothing spectacular, but it hit the news and makes up the reputation...

If you are interested in digital life and/or computer security you may want to check out the 22C3 webblog or the schedule.

You also attend the 22C3? If you like get in touch with me... I am always happy to meet new and interesting people.

16.05.200517.01.2013

21C3 Video Recordings

Wow, it finally happend - the video recordings from the 21th Chaos Communication Congress are in the Torrent! Just have an look at the offical BitTorrent tracker.

Well I have my own list of favorite talks:

013 The Art of Fingerprinting
019 Verdeckte Netzwerkanalyse
057 SUN Bloody Daft Solaris Mechanisms
070 Fnord-Jahresrueckblick
074 Hacker-Jeopardy
097 Das Literarische Code-Quartett
105 Honeypot Forensics
109 Anti-Honeypot Technology
123 Gentoo Hardened
146 Mehr Sicherheit fuer HostAP-WLANs
176 Passive covert channels in the Linux kernel
308 MD5 To Be Considered Harmful Someday

To play the videos I had to make some small adjustments to mplayer. The AVI-Files use H.264 as videocodec and AAC (MPEG4) ID 0x706D as audiocodec. To get the audio I had to register libfaad2 for the ID 0x706D to hear the audio within mplayer. But that was all I had to do.

13.05.200517.01.2013

Software Releases of the Week

Ok, here are some new Software Releases I stumbled into this week:

WordPress 1.5.1
It is mainly a maintenance release with a lot of bugs fixed. To get the feeds working (RSS2 etc.) I needed to patch wp-blog-headers.php (see ID1323: Feeds return 304 when no new posts have been made Description Bug).
I am using an paranoid setup with to different websites (wp-admin on localhost and only public stuff on the internet) I had to patch wp-includes/functions.php to reflect some changes for the get_settings('home'||'siteurl') function to get correct absolute URLs throughout the links.
Bugzilla 2.18.1
No big deal in updating that, checksetup.pl a few times and guess what - after starting mysqld - bugzilla just worked fine :-D.
Gaim 1.3.0
Hehe, the usual security issues CAN-2005-1261 and CAN-2005-1262 .
GNU ddrescue 1.0-pre1
That tool saved my life several times during recovery from a bad harddisc. So make sure that you always have a copy of it on your rescue cdrom. It is much much faster than normal dd when it comes down to bad blocks.
Metasploit Framework 2.4
If you have some time and some vulerable test systems you have to try that one out by yourself!
Rootkit Hunter 1.2.6
*little bit ashamed* that tool was new to me, I used chkrootkit and AntiExploit before.
Clover 1.3.7 and Spike PHPCoverage 0.6
Wow, two releases of test coverage software in one week, so if you have to perform some coverage analysis during for your tests you may want to check them out.
John the Ripper 1.6.38
In case you lost/forgot your password John may help you to "remember" it.
Grand 0.7.1
Got lost with your target dependencies in Ant? Grand uses Graphviz to produce some nice pictures for you.