|Navigate Spew||Show Archives|
|Day to Day (233)||[RSS]|
|Squirrel Thursday (61)||[RSS]|
My education is in Computer Network Technologies. I use my free thought, when any thoughts are present, to write and produce content in a wide spectrum format flow. One day I may explain a method for accomplishing a task on a BSD operating system, or spewing about my latest Sandalwood acquisition, and other times I will keep my thoughts I put to the screen more personal and opinionated with my current gush of text in relation to my tempered mood.
BLOGS & Friends Pages
Nothing To Do With Arbroath
Nature's Gift Blog
Team FreeBSD Home
Team FreeBSD Contributors Page
Team FreeBSD Statistics
My Cache Stats
Links Visited Daily
Hack a Day
My Content and Media
Freshly Published RSS
My BOINC Statistics
Geeky, Funny & Strange
The two recently discovered TrueCrypt and VeraCrypt vulnerabilities:
I would like to request two CVE identifiers for the two security issues described below affecting TrueCrypt 7.1a (latest version) and its fork VeraCrypt 1.14 (latest version) running on all versions of Windows.
These issues were reported by James Forshaw (Google).
Issue 1: Local Elevation of Privilege on Windows by abusing drive letter handling.
Issue 2: Local Elevation of Privilege on Windows caused by incorrect Impersonation Token Handling.
Issue 1 is critical.
A fix has already been developed. Version 1.15 of VeraCrypt will be released soon to address those issues.
For your information, I have sent a similar CVE request to mitre.org.
From: VeraCrypt Team <firstname.lastname@example.org>
And the OSS mailing list response:
> I would like to request two CVE identifiers for the two security issues
> described below affecting TrueCrypt 7.1a (latest version) and its fork
> VeraCrypt 1.14 (latest version) running on all versions of Windows.
> These issues were reported by James Forshaw (Google).
> Issue 1: Local Elevation of Privilege on Windows by abusing
> drive letter handling.
> Issue 2: Local Elevation of Privilege on Windows caused by incorrect
> Impersonation Token Handling.
> For your information, I have sent a similar CVE request to mitre.org.
That request was about 40 minutes earlier.
Sending the same CVE request to multiple addresses is typically not what MITRE wants, although you're certainly welcome to change your mind and decide that you had actually preferred that a CVE request be publicly archived from the beginning. (It's rare for a vendor to use oss-security for CVE requests related to "critical" vulnerabilities that don't yet have a fixed release. The issue descriptions here, in combination with vendor confirmation, probably make the vulnerabilities sufficiently public that they are within the scope of the oss-security list charter. We think the implication is that readers should look at
at a future time, if interested in other details.)
CVE assignment team, MITRE CVE Numbering Authority
A year ago I was writing...The Morning I Turned On World News Now And This Happened
I wrote about the Skeptre TV I purchased a few months back and it came with a few limitations. I currently have an old Sony analog audio/video receiver that I refuse to replace. Luckily I have two digital inputs, an optical port and a coax digital input that I can use to receive audio for a couple of devices but not all of them, the Raspberry Pi namely, has no digital output besides the HDMI link. The Skeptre TV refuses to pass through DTS audio of any kind most probably because of licensing issues. It did not matter whether the TV was passing through with the PCM or 5.1 settings. In addition to the Pi, I have a Western Digital HD Streaming device and a computer with a long HDMI cable to the entertainment center area. This is where an HDMI switch can turn a loving but aging AV receiver into a modern AV receiver and switch.
I decided on the Monoprice 4 port HDMI switch model 5557. This unit has one HDMI out for the display and four HDMI inputs for audio and video. The switch outputs audio simultaneously to three connections, a fiber and coax SPDIF outputs and a 3.5mm stereo jack. All three of my media sources may be controlled remotely with UPnP and/or DLNA and I did not want to have the TV screen on when doing so. Unfortunately my TV is an entry level large screen LED so the otherwise simple option of turning off the display while keeping the juices flowing is not available to me. With the 5557 you simply select one of the four HDMI inputs with the included remote or on the switch itself to parse the audio out of an otherwise multiplexed audio and video HDMI source link. No TV needed for digital audio from my desktop computer, Raspberry Pi (OpenELEC), or the WD HD Streaming device.
The switch has two audio modes, 2 channel or 5.1 channel output. With either option all three audio out links are encoded, decoded, or rendered appropriately. You can safely keep this on the 5.1 setting since the unit will auto detect the audio input and handle it accordingly. The 2 channel mode will give you the ability to take a 5.1 speaker arrangement and convert it to two channels.
My HDMI devices were able to detect compatibility for most audio profiles old and new such as DTS Digital with DTS-HD support, and Dolby Digital including True HD. You are not stuck with just a 5.1 speaker arrangement. Uncompressed audio such as LPCM is fully supported. This is my use case at the moment: a desktop computer with an output of 48KHz s32le 24-bit (32-bit little-endian), a Raspberry Pi with an output of 48KHz s16le 16-bit, and a WD media device with an output of 44.1 and 48KHz at 16-bits. I have tested the switch using 96KHz 24-bit audio with no problems as to be expected since the unit will handle up to 192KHz audio.
This Monoprice model has one input on the front of the device for plug and play situations therefor if you have more than three HDMI sources, you will need to route a fourth one to the front, and the front is where the Monoprice 5557 makes itself known. The status lights are very bright, overly bright, to the point of hurting my eyes. It took two layers of colored sticky post it note paper to dim the visual modes to a level I could use in a darkened environment. The overly bright lights is my only complaint of the switch.
The switch does 192KHz audio but you may be wondering how the video is handled and switched into the output channel. The HDMI output and all four HDMI inputs are specification 1.3b and supports HDCP protected content at up to 1080p video resolution. The switch handles 12-bit color which I tested on a Western Digital HD Streaming with no problems (36bits on all channels). The Skeptre has a static color gamut but I still notice a big difference on supported 1080/24p playback. Each channel runs at 225MHz/2.25Gbps for a total of 6.75Gbps bandwidth.
How much power you may ask? For electric costs less than my 8 watt LED lights perhaps. The switch includes an AC to DC power source and uses 2 amps and 5 watts at 5 volts. This was a good buy for my needs so if you have the same needs or a similar situation and can easily handle masking tape for the overly bright lights, this is a no brain complete solution.
A year ago I was writing...Zenphoto Lighttpd Rewrite Rules
The Webalizer is an HTTP server log file analyzer that generates visual output statistics and graphs for your Internet website(s) and visitors. One of the features of The Webalizer is the search engine search strings (keywords, search text) logging. Each search engine uses a URL parameter that contains a query or a search string from the referring site that may direct traffic to your website(s). Webalizer uses the search query parameter to generate a list of 'Search Strings' that may be viewed and referenced by rank, hits, and percentage of hits.
SearchEngine name variable
Allows the specification of search engines and their query strings. The name is the name to match against the referrer string for a given search engine. The variable is the cgi variable that the search engine uses for queries. See the sample.conf file for example usage with common search engines.
The following is a list of search provider names and their corresponding query variable for generating Webalizer search strings statistics. I will update these periodically. Some search strings require Webalizer 126.96.36.199 or later.
SearchEngine facebook. q=
SearchEngine fastbrowsersearch.com q=
SearchEngine image.youdao.com q=
SearchEngine kvasir.no q=
SearchEngine eureka.com q=
SearchEngine hotbot.com MT=
SearchEngine infoseek.com qt=
SearchEngine mamma.com query=
SearchEngine sensis.com.au find=
SearchEngine frontier.com q=
SearchEngine pavlovmedia.com q=
SearchEngine zoominternet.net q=
SearchEngine mediacomcable.com q=
SearchEngine webcache.googleusercontent.com q=
SearchEngine www.google. q=
SearchEngine www.google. as_q=All Words
SearchEngine www.google. as_epq=Exact Phrase
SearchEngine www.google. as_oq=Any Word
SearchEngine www.google. as_eq=Without Words
SearchEngine www.google. as_filetype=File Type
SearchEngine search.yahoo. p=
SearchEngine search.yahoo. va=All Words
SearchEngine search.yahoo. vp=Exact Phrase
SearchEngine search.yahoo. vo=Any Word
SearchEngine search.yahoo. ve=Without Words
SearchEngine search.yahoo. vf=File Type
SearchEngine bingj. q=
SearchEngine bing. q=
SearchEngine msn.com q=
SearchEngine about.com terms=
SearchEngine alltheweb.com q=
SearchEngine altavista.com q=
SearchEngine aol.com query=
SearchEngine ask.com q=
SearchEngine looksmart.com qt=
SearchEngine lycos.com query=
SearchEngine netscape.com query=
SearchEngine search.com q=
SearchEngine search.alot. q=
SearchEngine search.comcast.net q=
SearchEngine search.conduit. q=
SearchEngine search.pro q=
If you have a small cloud instance or a server with little resources you will often need to adjust a handful of SMTP settings appropriate for the scope of your server's capabilities. In conjunction with MTA tweaks, an MTA milter, milter-greylist, allows you to defer incoming mail (rate-limit) based on several possible rate conditions, rate matching, and index keys.
Lets have a look at these two milter-greylist rate-limit examples:
ratelimit "defaultlimit" rcpt 60 / 1m key "%r"
racl greylist rcpt /^.*$/ ratelimit "defaultlimit" delay 31m autowhite 0m msg "Message rate exceeded"
ratelimit "globallimit" rcpt 120 / 1m key "globallimit"
racl greylist rcpt /^.*$/ ratelimit "globallimit" delay 31m autowhite 0m msg "Message rate exceeded"
We first need to set a rate-limit variable with the limit of hits per a period of time and include a key to store the current MTA load on your system. The key "%r" is the recipient e-mail address and "globallimit" is a generic non formatted string.
The racl declaration in these two examples match all recipient e-mail addresses. The first example will keep record of the rate-limit in a variable of the recipient e-mail address "%r" and defer the sender by 31 minutes if the ratelimit parameter is exceeded for that recipient address. After the 31 minute defer time the message will be accepted regardless of any other milter-greylist declaration. The second example is a global rate-limit using the generic key "globallimit" that applies the same recipient matching as the first example. This second example however will only allow the MTA to accept e-mail at a rate of 120 messages or lower per minute globally. Order of operation is key here and you generally want to place these access control lists after blacklists and before whitelists.
You are not limited to just recipient matching or a specific format string key. In addition you could match an ACL based on message data (dacl) containing a URL or a block of text inside a message. See 'format strings' in the greylist.conf man page for possible key variables.
A year ago I was writing...Dictionary.com - Godless is Godless Synonym
The ability to support diversity on-line with a massive number of your peers for Pride, a global festivity happening in one place on an otherwise random corner of the Internet, is now possible. Prepare to celebrate LGBTQ and diversity by creating an Android Droid representation of yourself for the event occurring on the weekend of June 27th and 28th. Android is the name of Google's smartphone operating system. A Droid (robot) often represents Google's Android.
Google is putting on a global virtual Pride parade named #AndProud where your self-designed Droid will march. You may use Androidify to create a Droid with several choices of hair and color, shirt and pants, with a persona of your own. Optionally you may identify your Pride march Droid with a name and (or) location.
Along with the virtual global pride event happening on-line, your Droid may be chosen to be displayed on a large screen on a parade float during Google's physical support of diversity in the San Francisco, London, and New York parade locations.
A year ago I was writing...A Look at the Aspire ET-S BDC Glassomizer