* Posts by Stuart Udall

9 publicly visible posts • joined 22 Jan 2008

Facebook homes in on world of Google

Stuart Udall
Alien

"the future of search is social"

No, the future is integration of these various functions, such as search, email, chat, and possibly some heavily filtered social media functions, into a single platform. And that platform is called the internet. Currently we see these functions performed by different sites and that is because the platform is not yet mature. Over the years various providers have attempted to provide the One True Portal, most notably Yahoo and Microsoft, and keep all the traffic inside their walled gardens, and sadly they are still trying. Eventually, open standards and protocols will overcome these obstacles, all these one-trick ponies will fade into the background and users will be able to pick and choose which providers supply which service via a common framework. This framework will be a shell running on the operating system of their device and will provide a suite of communication tools. A bit like Netscape Communicator.....

No secret to stopping XSS and SQL injection attacks

Stuart Udall
Boffin

strong datatyping

..in my world view it comes first:

1. strong data typing

2. cleansing

3. validation

4. escaping

5. parameterisation

6. stored procedures

PHP example:

$customerID=(int) $_POST["customerID"]; # cast as integer

Windows 7's dirty secrets revealed

Stuart Udall
FAIL

ZZZZzzzzzzzzz..........

wake me when.. oh.. what's this quote..

"Those who do not understand Unix are condemned to reinvent it, poorly." -- Henry Spencer

Virus arms race primes malware numbers surge

Stuart Udall
Alert

evacuation sequence start

If this trend continues, there will come a time when the amount of malware is so large, that anti-malware filters will need more power than the systems they are protecting are able to provide.

At this time, those systems will become essentially worthless, and unusable.

You can choose to leave now, or later. But you cannot choose to stay...

BT chief: People don't need fibre to the home

Stuart Udall
Alien

famously preceded by....

Tom Watson, then IBM chairman, who said in 1958: "I think there is a world market for about five computers."

AVG scanner blasts internet with fake traffic

Stuart Udall

rewrite rule is not silver bullet

> RewriteCond %{HTTP_USER_AGENT} ;1813\)$

> RewriteRule ^.*$ http://www.grisoft.com/ [R,L]

>

> This of course will redirect all hits from this rouge user

> agent to Girsoft's own servers.

Actually, on my Apache, it shows a 302 "Moved Temporarily" message. It does NOT redirect the user, they must click. Also from this I assume that the traffic will still be logged locally, thus not solving the skewed stats problem.

What the rewrite rule does do is kill the bandwidth problem.

Test the rewrite rule as follows:

curl -A "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" http://www.yourdomain.com/

Stuart Udall
Stop

note to AVG: its called beta-testing

Yes, its lame, fortunately my bullshit detector kicked in when offered the option to not install Linkscanner (I always do a custom install...)

Having inspected my logfiles after seeing this thread I can observe that Linkscanner will scan the same file 5 times, even if its the same user doing the search, eg., they search and are shown a link to my site, they ignore it but Linkscanner downloads and scans it anyway, they search again, and again are shown my link, so Linkscanner downloads and scans it again, etc etc!

I could easily block this with my referrer spam filter, which would solve the skewed stats problem. I'm not actually worried about bandwidth, but I DO want my server to be quick... so pointless automated traffic does deserve a plonk ...

I host several popular large files on my site, these are constantly searched and are thus being hammered.

So the new advice to all my customers, cos I do freelance support, is to hold off on the new AVG for as long as possible. I give the same advice to Windows users...

Poor old AVG though. Their acquisition was a lemon. And they put the ex-boss of the lemon company in charge of their technical dept. Oopsie....

Pakistan blocks YouTube

Stuart Udall
Alien

storm, teacup

Do we now await a whole range of "accidental" outages, in the name of some random's ideological beliefs? How can this happen?

Neil Fenemor @ NANOG sez:

"While they are deliberately blocking Youtube nationally, I suspect the wider issue has no malice, and is a case of poorly constructed/implemented outbound policies on [PT's] part, and poorly constructed/implemented inbound polices on [PCCW's] part."

John van Oppen @ NANOG sez:

"... PCCW allows unfiltered route-announcement capability to a large number of their customers..."

Simon Lockhart @ NANOG sez:

"So, from the tit-bits I've picked up from IRC and first-hand knowledge, it would appear that 17557 leaked an announcement of 208.65.153.0/24 to 3491 (PCCW/BTN). After several calls to PCCW NOC, including from Youtube themselves, PCCW claimed to be shutting down the links to 17557. Initially I saw the announcement change from "3491 17557" to "3491 17557 17557", so I speculate that they shut down the primary link (or filtered the announcement on that link), and the prefix was still coming in over a secondary link (hence the prepend). After more prodding, that route vanished too.

Various mitigations were talked about and tried, including Youtube announcing the /24 as 2*/25, but these announcements did not seem to make it out to the world at large.

Currently Youtube are announcing the /24 themselves - I assume this will drop at some time once it's safe.

It was noticed that all the youtube.com DNS servers were in the affected /24. Youtube have subsequently added a DNS server in another prefix."

Steve Bellovin @ NANOG sez:

"...a number of us have been warning that this could happen. More precisely, we've been warning that this could happen *again*; we all know about many older incidents, from the barely noticed to the very noisy. (AS 7007, anyone?) Something like S-BGP will stop this cold.

Yes, I know there are serious deployment and operational issues. The question is this: when is the pain from routing incidents great enough that we're forced to act? It would have been nice to have done something before this, since now all the world's script kiddies have seen what can be done."

Patrick Gilmore @ NANOG sez:

"How many of those [incidents] would be stopped with transit providers filtering their downstreams? Which doesn't require rolling out a new technology like SBGP. And, I would argue, if we cannot even get transit providers to filter their downstreams, there is no way in hell we can get transit providers to filter on some RR or doing authentication on individual prefixes."

Matsuzaki Yoshinobu @ NANOG sez:

"I am in the APRICOT meeting in Taipei now, and met a guy from PCCW/AS3491. I have showed him this thread, and have suggested

1) validating prefixes from downstreams before accept, and

2) setting an inbound prefix-filter to their downstreams."

Michael Dillon @ NANOG sez:

"The real solution to the YouTube issue is for people to pressure other network operators to raise their game and pay attention to how they manage their BGP trust relationships and filter announcements. In addition, more people need to get involved in information sharing arrangements like Routing Registries, MyASN, alert services and so on. "

Stu sez:

So it seems that it's unlikely that a site can be maliciously hijacked in this way. It's simple enough to filter the rogue route announcements, however in this case the world's ISPs did not have to do this to restore YouTube, they simply waiting for PT's upstream to filter the announcements for them. If in the future some group of cyber-warriors wanted to hijack, say the Reg, they would need the co-operation of the Reg's ISP, plus the other upstream providers involved. They would also then need the world's ISPs to ignore this activity. All very unlikely. Because the internet is comprised of thousands of separate networks, managed by separate companies and individuals, it is not possible to maintain control of this type of hijack. And therefore, if attempted, it would amount to nothing more than a stunt.

This incident has highlighted the importance of "transit provider downstream announcement filtering", and has revealed that filtering is not well-implemented at some transit providers. However, no amount of technology will prevent a mistake at a trusted provider from advertising false routes. Pressure applied by PCCW's peers (other transit providers) was sufficient to prompt a fix in this case. If a rogue transit provider consistently advertises false routes, that provider will be filtered by its peers. If this turns into a nasty intractable problem, SBGP will apparently ride to the rescue.

Microsoft tries to CTRL-W WordPerfect lawsuit again

Stuart Udall
Gates Horns

what has changed?

Isn't this still happening today, in various guises? Aren't APIs still either protected, or constantly changing? I always thought it was due to either incompetence, or a desire to charge people to learn new ways to do old things... but now we learn it's to constantly trip up the competition...