Berkeley CSUA MOTD:Entry 20295
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/05/24 [General] UID:1000 Activity:popular
5/24    

2001/1/11 [Computer/SW/Security, Computer/SW/OS/Windows] UID:20295 Activity:high
01/11   If you or anyone you know is running a version of Borland's Interbase
        released in the past 8 years, forward the following information:
        http://www.kb.cert.org/vuls/id/247371
        http://www.interbase2000.com
        [yes, this is a /. repost; urgency justifies it, as far as
         i'm concerned]     -alexf
        \_ Uh, "compiled into the source between 92 and '94".  Does interbase
           come as partial source + binaries-with-no-source?  What about the
           whole open source many eyes thing?  If someone can sneak in a back
           door account for 6+ years, what's the point of it all?  Might as
           well use MS products for all the good OS did in this case.
           Normally, I'd purge this as /. repost but I find this interesting
           although not urgent.
           \_ it was not open-source whatsoever until ~6 months ago. being a
              huge body of code, it's not too surprising that it took 5 months
              to find the backdoor (especially since no one would've been looking
              for it directly)
        \_ uh, why would anyone be running Interbase. -tom
           \_ good question. not my concern. -alexf
                \_ My point is, it's not urgent because no one is running
                   it.  -tom
                   \_ grow up man.  the real world won't always conform
                      to your sense of aesthetics. at your age you should have
                      learned that by now.
                   \_ ^no one^no one you know of
                      there's a large difference between the two
                        \_ ^no one likely to be reading the MOTD you twink^
                           \_ ah so tom knows everyone reading the motd (and
                              everyone else those people know; see original
                              tom doesn't know me: 3
                              tom doesn't know me: 4
                              post). impressive, tom.
                              Let's try a motd poll --
                              tom knows me:        0
                              tom doesn't know me: 6
                        and if i ever meet the bastartd, ill kick his ass:2
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/05/24 [General] UID:1000 Activity:popular
5/24    

You may also be interested in these entries...
2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/9/20-11/7 [Computer/SW/Unix, Finance/Investment] UID:54482 Activity:nil
9/20    How do I change my shell? chsh says "Cannot change ID to root."
        \_ /usr/bin/chsh does not have the SUID permission set. Without
           being set, it does not successfully change a user's shell.
           Typical newbie sys admin (on soda)
           \_ Actually, it does: -rwsr-xr-x 1 root root 37552 Feb 15  2011 /usr/bin/chsh
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/12/18-2013/1/24 [Computer/SW/Languages/Perl] UID:54561 Activity:nil
12/18   Happy 25th birthday Perl, and FUCK YOU Larry Wall for fucking up
        the computer science formalism that sets back compilers development
        back for at least a decade:
        http://techcrunch.com/2012/12/18/print-happy-25th-birthday-perl
        \_ I tried to learn Perl but was scared away by it.  Maybe scripting
           lanauages have to be like that in order to work well?
	...
2012/3/15-6/1 [Computer/SW/Languages, Computer/SW/OS/Windows] UID:54340 Activity:nil
3/15    Why does MS put double-quotes around the '8' in Windows Server 8, like
        the following?
        - Windows 8
        - Windows Server "8"
        \_ Because when they didn't do it, code didn't see the '\0'
           and went over?  Looks better than '8','\0' *shrug*
	...
2011/3/7-4/20 [Computer/SW/Languages/C_Cplusplus] UID:54056 Activity:nil
3/7     I have a C question.  I have the following source code in two identical
        files t.c and t.cpp:
                #include <stdlib.h>
                int main(int argc, char *argv[]) {
                  const char * const * p1;
                  const char * * p2;
	...
2009/10/29-11/3 [Computer/SW/Database, Industry/Jobs] UID:53480 Activity:nil
10/28   I live in the Los Angeles area and a lot of jobs near me hire
        people who are 1) Front End developer 2) ASP .NET Developer and/or
        3) MS SQL DBA. Are these things common in Silicon Valley? I don't
        remember seeing so much M$ requirements when I lived in the
        Bay Area several years ago.
        \_ tons for it and enterprise apps. more rarely for cool startups
	...
2009/7/28-8/6 [Computer/SW/Database] UID:53213 Activity:nil
7/27    I have an actual technical question here. My MySQL DBA tells me
        that I can't expect a MySQL port to be able to run effectively
        on more than a two CPU box, he says that the extra CPUs will
        sit there unused. Is this true? I have a bunch of new quad core
        servers that I would like to use as Database machines. -ausman
   \_ It's not that simple.  If you stress test your new fancy multi core
	...
2009/5/30-6/5 [Computer/Companies/Google, Computer/SW/OS/Windows, Computer/SW] UID:53058 Activity:nil
5/29    Is there any good software to generate timeline / milestone similar
        to the Google timeline?
        \_ MS Project? Fastrack?
	...
2009/4/17-23 [Computer/SW/OS/FreeBSD] UID:52867 Activity:low
4/17    If you have a general access AssOS machines, this is worth
        taking this seriously. --psb
  http://c-skills.blogspot.com/2009/04/udev-trickery-cve-2009-1185-and-cve.html
        <DEAD>admin.fedoraproject.org/updates/udev-127-5.fc10<DEAD>
        \_ What does this have to do with MS Windows?
           \_ psb is a bsd lover.
	...
Cache (1731 bytes)
www.kb.cert.org/vuls/id/247371
Description Interbase is an open source database package that is distributed by Borland/Inprise. The server contains a compiled-in backdoor account with a known password. This LOCKSMITH is the user account in question compiled into the code with full-access to the security accounts database by default. Once the LOCKSMITH account is compromised, the SYSDBA account priviledges can be used to gain control of all database objects (tables, records, fields, stroed procedures, etc). Once database access is gained, user defined functions (UDFs) can be used to implant trojan horses and programs which can be used to gain root (system) privileges on the system hosting the server. This vulnerability was not introduced by unauthorized modifications to the original vendor's source. It was introduced by maintainers of the code within Borland. The back door account password can not be changed using normal operational commands, nor can the account be deleted from existing vulnerable servers. The best solution at this time is to upgrade vulnerable binaries and source code with fixes that are being distributed by Borland and the Firebird Project (IBPhoenix). Impact This backdoor allows any local user or remote user able to access port 3050/tcp gds_db to manipulate any database object on the system. This includes the ability to install trapdoors or other trojan horse software in the form of stored procedures. In addition, if the database software is running with root (*NIX) or System (NT) privileges, then any file on the server's file system can be overwritten, possibly leading to execution of arbitrary commands as root or System. Solution Install the patch being distributed to change the backdoor server account password.
Cache (880 bytes)
www.interbase2000.com
Networking 10 Printers 11 Mouse Pads 12 Virus 13 Computer Training 14 Backups 15 Inkjet Printers 16 Business Software 17 Monitors 18 Computer Memory 19 Linux 20 Databases 21 Help Desk Top Searches 22 Travel 23 Health 24 Cars 25 Mortgage 26 Computers 27 Gifts 28 Flowers 29 Insurance 30 Jobs 31 Homes 32 Diet 33 Education 34 Shopping 35 Music 36 Games 37 Electronics 38 Cell Phones 39 Debt Consolidation 40 Investing 41 Credit Cards Go Sponsored links for DATABASE 1. Receive quotes from local and national database experts. Designed for all enterprises, Oracle's database delivers availability and scale out on-demand with RAC. Competitive rates, quality development, exceptional customer service. Simply register to post your project and connect with IT talent for free. Features xbase file compatibility, multi-platform support, royalty-free distribution, and a small footprint.