Author Archives: Kirrus

phpmyadmin in ubuntu now being exploited en-masse

Leave a reply

Update: ubuntu patched this issue a couple of days after this post. If you’re reading, thanks guys! You just made my job a lot easier 🙂

At some point, I might try to look at helping maintain this, and other packages like it in the ubuntu archive. No idea how, though a colleague may be able to help…

———————–

The versions of phpmyadmin in ubuntu (at least Dapper – Intrepid) are susceptible to arbitrary code execution, as the web-server’s user. A bug1 was reported on the 15th of June about this issue, and marked as high priority on the 21st.

The phpmyadmin team patched this problem in their software on May the 24th. 2

Debian patched this in their system on the 25th of June.

I tried talking to people on #ubuntu-security about this problem. They said “motu” and “we’re not interested, its in universe”. I tried talking to people in #motu, and they talked about work-arounds.

The main questions now are:

  • Please can someone work on the bug?
  • Why did it take so long between upstream report and launchpad report?
  • Why has the bug been left to the point where it is getting automatically exploited, en-masse? 3
  1. https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/387215
  2. http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
  3. http://seclists.org/fulldisclosure/2009/Jul/0021.html

BBC – Mixed results for green IT goals

3 Replies

BBC NEWS | Technology | Mixed results for green IT goals.

Nice new BBC news article, about how the majority of govt~ IT managers don’t know that they’re supposed to be reducing their carbon footprint.

One of the hints is that the “proliferation” of “air conditioning of server rooms” (among other things) is the cause.

I’d like to see you run a datacentre (tonns of computer servers, really big pipe to the internet etc) without airconditioning. If we turn ours off for 10 minutes, the temperature gets swealtering. 30 minutes and old harddrives start failing. Dumb.

Dear Apache

2 Replies

Dear Apache. My idea of fun is not to find out about a missing log directory, when I test a website after a restart. My idea of fun would be for apache2ctrl configtest to actually, you know, work. Or, even better, don’t utterly die when you’re missing a log directory.

GRRRRR

Dear Customer. Please make sure you remove apache configuration, when you delete your users. I don’t enjoy being woken at 6am because logrotate restarted apache. Athough, on the upside, at least I get paid for it.

Youtube Comments…

2 Replies

Johnathon: http://www.youtube.com/watch?v=LqUfPhMxmAg&feature=related
Paul: Q Ruled
Paul: There’s something very impressive about that clip
Paul: read the comments.
Paul: they’re youtube belmer free!! That’s stunning no “WAT IS THIS? THATS GAY!”
Johnathon: Probably the vidoes uploader has been doing some filtering
Paul: maybe
Johnathon: well, what’s the likelyhood that youtube has suddenly become a haven for well-spoken, well-mannered individuals? 😉
Paul: Some combination of incredibly unlikely events
Paul: a pig flying through hell as it freezes over during a blue moon at midnight
Paul: on feb 30th during a centenary leap year
Paul: the last bit is only once every 400 years

Games and Stuff

Leave a reply

My xbox 360 is currently in the dreaded red-ring-of-death stage, so of late, I’ve been playing computer games on my PC more than anything else.

Turns out, if you don’t play Real-Time-Strategy games enough for a long time, you get really bad at them. I used to be able to wipe the floor with 3 brutal AI’s in Red Alert 2. Went back to it the other day, to get swiftly crushed by one brutal, one medium, and one easy AI 🙁

Still, means I’ve been spending a little more time in Fallout3.. First time I played it through, I concentrated on the primary storyline mission. The game finishes when you complete that mission! GRRR… Finally got the will to go back and try to complete the game, fully, this time. Even set off the nuke, just to see it go boom! Then I restored from my previous save.. I’m not that evil 😉

Due to err.. circumstances beyond my control, I’m living with my father again, commuting back and forward to work. He’s got a bread-maker, and we set it going for the first time last night… to find we’d used yeast 9-years out of date! :S Still, new yeast, means I’ve just had a breakfast of warm bread and jam. Yum 🙂

Got t-shirts for JaydenAndCrusader.com! Postman delivered them yesterday.. they’re pretty nice 🙂 We’ll sell one, probably on ebay, later this year.

Snow

2 Replies

A while back, we had a tonn of snow in the UK. Remember that? Well, whilst the Ubuntu-UK lot are off enjoying the release parties here, I’m stuck at home. So I decided to finally upload at least one of the photos I’ve taken of late. In fact, these the best of the few photos I’ve taken. Somehow, taking photos in London doesn’t seem as fun, or rewarding, as taking them in the middle of nowhere, in Wales.

So, for your pleasure, here they are:

The road I used to live on, Ealing.

The road I used to live on, Ealing.

The main road in West Ealing.

The main road in West Ealing.

Fried Brain.

3 Replies

Of late, I’ve had a little bit of a fried brain, especially after working a full day. I’ve come close to total overload a couple of times, which is a scary experience, especially when you’re in the middle of a supermarket.

A couple of days ago, I also started loosing my grip on reality, a scary experience in any circumstance. I think It might have something to do with needing glasses – the headaches can be debilitating. (So far, reality loss was the only time I’ve used pain killers – I don’t like pills.)

Fun fun. Heading to my family home this weekend. Looking forward to it! Maybe, just maybe, I’ll actually get time to go out looking for something to photograph. That’ll make a change 😉