January 13, 2010

Datenleck bei der Spielegrotte

Wer bei Spielegrotte.de schonmal etwas bestellt hat, dürfte heute eine Mail im Postfach gefunden haben und sollte diese gründlich lesen.

Mehr zu dem Thema ist auch hier zu finden:
myDealz.de: Spielegrotte – Konto- und Kundendaten waren einsehbar
PC Games: Datenleck beim Online-Händler Spielegrotte: Kundendaten für jedermann einsehbar
nexgam: Spielegrotte: Stellungnahme zum Hacker Angriff

December 19, 2009

WordPress 2.9 is here

WordPress 2.9 has been released, containing some nice features. Over 500 bugs and tickets have been handled including new features and such.

Good work guys.

December 18, 2009

cool snow theme

I just switched to a cool snow-theme. It has brilliant snow on each character. Well, you may not see it because it’s as white as the background. Sorry.

December 17, 2009

pretty cold these days

ice on a window

ice on a window

This was taken outside being -8°C / 18°F.

December 16, 2009

Firefox

Today, Mozilla Firefox 3.5.6 has been released and can be downloaded from here or via the automatic update.

Pretty soon we’ll have Firefox 3.6 as well. A beta can be downloaded from this page, but it’s not intended for daily use. Some add-ons still need to be updated.
On Friday, December 18, there will be a Testday for this version. Read about it here.

Spread Firefox Affiliate Button

December 15, 2009

flash game

Some simple, but funny flash game, made by a friend of mine:

http://www.neckermann.at/pages/X-mas-Welt/Snowman.html

Merry Christmas!

November 26, 2009

Empathy/telepathy-gabble opens unneeded s2s connections [Update 5]

This post will be about how I discovered a (security) bug in an open source project and how it has been handled. I’ll try to update this post or add new ones if the situation changes. However I think it’s good to have something in public, as not everyone is reading all those bugtrackers around.

First a few things:

  • Openfire is a Jabber/XMPP server by Jive Software and the Igniterealtime Community. It’s open source and free. Besides ejabberd one of the top Jabber/XMPP servers out there. It has a neat webinterface, etc.
  • Empathy. Ubuntu (GNOME??) introduced a new standard messenger, Empathy. It has a Jabber module called “telepathy-gabble” which handles connections and stuff. Basically every user new to Ubuntu will use this messenger in favor of Gajim or PSI (which I would prefer).

I maintain an Openfire server for my family and some friends. It’s not locked down, so it allows outside connections to other Jabber/XMPP users out there, e.g. Google Mail, GMX, web.de, JabJab. As there are only a few users only at the same time, it’s easy to see what outside connection are open currently. (If you don’t know what Jabber is, read on Wikipedia – in short: it’s a decentralized instant messaging protocol)

So recently I discovered my server having more server-to-server connections open than I’d expect. A few of the additional ones are:

  • proxy.fsinf.at
  • proxy.jabber.minus273.org
  • proxy.jabber.planetteamspeak.com
  • proxy.jabber.tf-network.de
  • proxy.jabjab.de
  • proxy.jabster.pl
  • proxy.schokokeks.org
  • proxy.ubuntu-jabber.net
  • proxy.verdammung.org
  • proxy.911910.cn
  • proxy.vke.ru

Especially the last two can be fun for a server admin. Server-to-server connections to unknown servers in Russia and China. Yay! Fun!

Ok, so what now? Where to start?
Continue reading “Empathy/telepathy-gabble opens unneeded s2s connections [Update 5]” »

« Older Entries
Newer Entries »