Dark Views

Yay ^_^

Sometimes, you’ll need a catchy example why “security by obscurity” is such a bad idea. Here’s one: “Starring The Admin.”

The gist is that a developer of an application was too lazy to implement proper user roles. So the solution was “if the login has ‘**’ in it, I’ll grant admin rights”. That’s it. Anyone can get admin rights just by appending “**” to their login (the app will remove the “**” from the login before checking the it so no changes to the user database are necessary).

Cool, eh? And so simple!

This one drove me nuts. After upgrading to openSUSE 11.2, I couldn’t compile the NVIDIA (warning: Big flash welcome) or the VirtualBox drivers. Well, the compilation was working but loading failed with:

no symbol version for module_layout

This post finally pointed me in the right direction. To fix the issue, just run zypper in kernel-default-devel as root (or kernel-desktop-devel if you use the desktop kernel).

Finally, 20’001 points on SO

The war against spam is mostly lost. People don’t care about the security of their PCs (if they even know what that means). Bot nets are here to stay. But the bots need crawlers that harvest mail addresses and scientists at the University of Indiana have found out that these come from a relatively small number of IP addresses. Blocking these would effectively cut off the spammers – from getting new addresses.

Until they train their bot nets to crawl.

Link: Blick in die Spammer-Trickkiste (German)

Just a little celebration that I finally reached 10K on SO