Building The Net

What exactly is a DoS Attack?

In simple terms, a DoS or Denial of Service attack is when a system or group of systems, create traffic to a web site or network service, that causes an overload of the equipment and forces the web site or network service to drop or ignore real requests.

What we know at this time.

At the time or my writing, Twitter had gotten some control over this problem, and can now display web pages again, but are not accepting posts.

Facebook appears to have slowed down as well, but this is being attributed to the increased traffic to Facebook due to the Twitter problem.

— Stu

Choosing the right software for your dynamic web content management is important.

There are tons of hosted and installable software packages out there that do web content management. Some good, some not so good. Only one thing is certain, you’ll have your work cut out for you if you choose the wrong one.

I’m going to talk about a few of the most popular open source packages that are out in the wild. Each are different, and do things differently. The one that’s right for you, depends on what your endgame is.

Read more »

Facebook has gone on the record stating that there has been no changes in it’s privacy policy.

Recently, a rumor that Facebook was allowing 3rd party advertisers to use members photos without their explicit permission, has turned out to be just that, a rumor.

Strangely, what appears to be fueling the rumor is a setting under privacy -> news feeds & wall, called facebook ads. This setting reads as follows:

“Facebook occasionally pairs advertisements with relevant social actions from a user’s friends to create Facebook Ads. Facebook Ads make advertisements more interesting and more tailored to you and your friends. These respect all privacy rules. You may opt out of appearing in your friends’ Facebook Ads below.”

This is set to “only my friends” by default. The rumor text is recommending you change this setting to “no one”.

When I found this, I felt a bit taken advantage of, I would have thought the proper default for this would be “no one”, but I guess that was why I got a “D-” in marketing…

The truth is, this rumor brought to light a privacy setting that everyone should be made aware of. The default setting in my opinion is clearly wrong.

Please read the Facebook Blog for more on this.

— Stu

Firefox 3.5.1 released!

After announcing a critical but in their new javascript engine on the 16th, Mozilla turned around a fixed release in hours!

This is an important release, and Mozilla as well as the rest of the security experts are recommending you upgrade immediately.

I have to say, even I am shocked at how fast this fix came out! Hat’s off to Mozilla for getting it done!

This corrects the error in their code I posted on last night.

— Stu

Mozilla announced today that it’s new browser, Firefox 3.5 is vulnerable to a new JavaScript exploit that was introduced in the new TraceMonkey JavaScript Engine that was added to the new release.

This exploit could allow someone to hijack a users machine. THIS IS BAD!

The exploit went public today, July 16th, 2009 and there is currently no patch available. If you are running the new Firefox browser, it is recommended that you turn off the “just-in-time” component of the TraceMonkey engine.  To do this, you should enter “about:config” in your browser’s address bar, type “jit” in the filter box, then double-click the “javascript.options.jit.content” entry to set the value to “false.”

— Stu

With hotter temperatures, your electronics are at higher risk of failure. Are you backed up?

If you’ve been around electronics for any period of time, you know that as the weather gets hotter, equipment failure rates also climb. With the increased use of digital cameras and digital video, as well as all the other information we store on our digital devices, the failure of any electronic device could result in information loss.

Here are some quick tips that might save you from having to deal with data loss. Let’s just call them words to live by in a digital world.

Read more »

Microsoft announced an ActiveX exploit in their Internet Explorer browser product on July 6, 2009. Read the Microsoft Bulletin.

The exploit allows a website to send an ActiveX control that can execute whatever evil or destructive code it wants to, with the permissions of the user doing the browsing. It does all this without the user even knowing that it is happening. THIS IS VERY BAD!

Currently, there are no patches available for this. Microsoft recommends turning off ActiveX controls on your browser.

Isn’t it ironic, that one of the things that force people to use IE on certain websites is now a 0 day exploit…

My recommendation? Use Firefox for all your web browsing…

Till the next time!

— Stu

Well, it’s that time of year again. We are heading toward the Black Hat conference the end of July, and the net is a buzz with exploits and rumors of exploits.

One such rumor has to do with a package that is the backbone of network and server management on the web. OpenSSH or “Secure SHell” is used by every *nix administrator in the world to manage servers. The thought of an exploit against this package sends shivers down every administrator’s spine.

Read more »