tag:blogger.com,1999:blog-52963572011-04-21T13:46:09.022-04:00Network Managing, Engineering and Administration with an eye toward security. <BR><BR> Best practices meets the real world!Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.comBlogger4691100tag:blogger.com,1999:blog-5296357.post-1108592377288314572005-02-16T17:19:00.000-05:002005-02-16T17:19:37.286-05:00

I hope nobody is in the same shape that I'm in. I've been behind in getting Symantec AV 9.0.0 installed and found a break during a conversion to get it rolled out to the clients. For reference it's not required, but I imagine in the future it will be. Then, the day that I'm finishing the last of just under 400 users this comes out: Symantec UPX Parsing Engine Heap Overflow. You guessed it

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com1tag:blogger.com,1999:blog-5296357.post-1108592146914106922005-02-16T17:15:00.000-05:002005-02-16T17:15:46.913-05:00

Microsoft has been quiet for a while, and now in February they release 13 patches, with 8 of them critical. SANS-Internet Storm Center has a great wrapup of the bulletins, and an order to patch them in. They are up to all their usual tricks, including a stealth patch, and the number of vulnerabilities isn't 13, but at least 17. I read in their blog that they had to put out something like

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com1tag:blogger.com,1999:blog-5296357.post-1107371030590873212005-02-02T14:03:00.000-05:002005-02-02T14:03:50.590-05:00

Ran across this on Bruce Schneier's site and got a laugh out of it. Schneier on Security: The Weakest Link. Make sure you look at the picture.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com1tag:blogger.com,1999:blog-5296357.post-1106833771414528032005-01-27T08:49:00.000-05:002005-01-27T08:49:31.413-05:00

Cisco has released fixes for three new vulnerabilities. The three are BGP, MLPS, and IPv6 related. All three vulnerabilities cause reloads of the IOS which makes them pretty severe issues. So far, the worst one appears to be the Misformed BGP Packet Causes Reload problem. Malformed packet can cause a reboot of the IOS which used repeatedly can be a DOS issue. This can be mitigated somewhat

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com1tag:blogger.com,1999:blog-5296357.post-1106079454035917802005-01-26T20:01:00.000-05:002005-01-26T19:57:03.753-05:00

I've been doing some investigation lately into the security aspects of Linux, BSD, Solaris, and Windows. Before I go too much further let me just say that all of them have their merits, and to a large degree any of them can be configured securely. One of the things I've been looking at is the number of vulnerabilities that a product has and the severity of the vulnerabilities. What exactly have

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1105474079603130752005-01-11T15:07:00.000-05:002005-01-13T09:13:33.233-05:00

Microsoft has released three new security bulletins. They include three remote executable holes. The first notice MS05-001 is a cross domain vulnerability (CAN-2004-1043) affecting Internet Explorer 6. It affects Windows 2000, XP (including SP2), Windows Server 2003, and Windows 98/ME (Note: a default install of Windows Server 2003 is not vulnerable, only if you turned off IE's restricted mode

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1105225147291393682005-01-08T17:59:00.000-05:002005-01-10T22:11:15.560-05:00

This is a local privilege escalation flaw that requires local access to the server in order to exploit the flaw. This flaw is present in both the 2.4 kernel and the 2.6 kernel. All 2.4 releases through 2.4.29-pre3 are vulnerable, and all releases of the 2.6 kernel through 2.6.10 are also vulnerable. A flaw in the binary format loader layer allows a local exploit through the uselib() functions

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1105118675046284002005-01-07T01:15:00.000-05:002005-01-07T12:25:33.733-05:00

We've been talking about this lately at work, so it's a good subject to start with. We're all probably familiar with the 'Penetration Test' that scans external access to a network to see what vulnerabilities exist. What I'm referring to is an internal scan to see what vulnerabilities exist. Running a internal vulnerability scan can get into a debate, mostly about the differences between

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1104890312168146762005-01-01T20:00:00.000-05:002005-01-04T20:58:32.166-05:00

I didn't have a great 2004, but now that it's behind us, maybe 2005 will be better. At least I'm keeping a positive outlook. I've decided to try and work on this blog a bit more, especially with regards to both adding comments in to the stories that I've been reading / exploring on the net, but also adding in some of the research that I so often do (and don't post about). It means a bit more

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1084819498254096252004-05-17T14:44:00.000-04:002004-05-17T14:44:58.253-04:00

There's been several rumors and news stories about how Cisco's IOS code was stolen by a group of Russian Hackers. According to this cnet news article, cisco investigates source code leak, they acknowledge that an investigation is underway, and that it looks like their code that was posted to a Russian security web site. According to a Security Lab article, it looks like 12.3 and 12.3t were

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com1tag:blogger.com,1999:blog-5296357.post-1084278427441919972004-05-11T08:25:00.000-04:002004-05-11T08:30:40.623-04:00

Blogger was updated recently, and I'm impressed with the changes, though I'd *love* to be able to post images, even if there's some limitation on it. Since blogger now allows comments, I'm switching over to the Blogger comments (as soon as I figure out how to :). Update: Seems that the comments will only work on new postings. Since I didn't have that many comments previously, I guess they

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com1tag:blogger.com,1999:blog-5296357.post-1083875399109598932004-05-06T16:29:00.000-04:002004-05-06T16:39:59.920-04:00

Most network security sites that I've been to during the last two days have reduced their overall security status to either a level 2, or level 1 since Sasser is well documented, and the threat has reduced. I've also seen some comments about the potential combining of Sasser and the Phatbot worm/virus. That's a scary thought. Joe Stewart of LURHQ has a nice writeup of the Phatbot worm/virus

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1083600686235018282004-05-03T12:11:00.000-04:002004-05-03T12:15:31.640-04:00

Sasser worm is now in the wild, with an A, B and C variant already documented and reports of a D variant waiting in the wings. Sans's Incident Storm Center is all over this one. They've updated their infocon to Yellow, Symantec is at a 3, ISS is at either a 2 or 3, and many virus vendors are following this one as well. The folks over at F-Secure have a nice Weblog in which they document some

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1083330643230592252004-04-30T09:10:00.000-04:002004-04-30T09:14:54.856-04:00

Well, I had a business trip this week and got to see the home of the King (Elvis), Beale St., and the Mississippi river. From what folks told me, it's changed, but it seems to be a nice place. Boy do they know how to eat over there. We went to the Rendezvous Resturant and had their famous ribs. The joke of the trip was that one person kept talking about goint to Huey's and having their

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1082817890233754792004-04-24T10:44:00.000-04:002004-04-24T10:48:53.560-04:00

Sorry about the down time lately. I havn't been updating this for a while, and it's not that I havn't wanted to, it's more about two issues. The first is, how much should I be doing this at work and the second is the time that I have to do this. I do have some time at work (like lunch, and in the mornings, and late in the day) to be able to hammer out a post (less than 5 minutes), but I

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1081779971112299832004-04-12T10:26:00.000-04:002004-04-12T10:29:58.793-04:00

This is almost funny. In an article in the Washington Post entitled "A Need for Greater Cybersecurity" it says that an 'industry task force' says that CEOs should assume 'direct responsibility' for securing their networks. These are the same folks that seem to bring viruses and worms in on their infected laptops, or is that only in my company :-) I think what they were trying to say here

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1080163047308886342004-03-24T16:17:00.000-05:002004-03-24T16:20:50.403-05:00

I was going to link to the eWeek article, or the cNet article, but (sigh) neither had a link to the actual documents that the EU released. Seems only GrokLaw's article: The EU Commission's Microsoft Decision has a link to the article itself and the real details of the decision. I do have to admire Microsoft to come out with the "Why this will destroy our IP!" argument. Most folks will never

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1080073225073246262004-03-23T15:20:00.000-05:002004-03-23T15:23:46.810-05:00

I liked this analogy that Mark Gibbs put out in his Backspin column: Affording monoculture. We need to embrace the differences and not let them become something to see as problems. Interesting analogy!

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1079474272688473192004-03-16T16:57:00.000-05:002004-03-16T17:01:04.670-05:00

There is a nice report over at anti-phishing.org on handling Phishing scams. It appears to be a nice writup from the DOJ: Special Report on Phishing (PDF).

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1079035271122122712004-03-11T15:01:00.000-05:002004-03-11T15:04:17.170-05:00

Here's another GrokLaw piece regarding the BayStar connection:Business Week: MS Did Ask BayStar If They'd Like to Invest in SCO. Seems that 'senior executives' at Microsoft told the managing partner of BayStar that he might be interested in investing in SCO. A Microsoft spokesman says that there is no "direct or indirect" relations with BayStar. Draw your own conclusions after reading all the

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1078860543272121022004-03-09T14:29:00.000-05:002004-03-09T14:32:06.280-05:00

This article over at the Register reminded me a lot of the SCO fiasco: BOFH: Protecting bodily waste in the public domain.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1078514127032928872004-03-05T14:15:00.000-05:002004-03-05T14:18:24.920-05:00

Here's a nice article over at NewsForge about getting A peek at script kiddie culture. There's some telling comments in there, but one very interesting admision. The DCOM exploit was being used in the wild for a while before it was patched. Despite what he says about agreeing with MS that the script kiddies pick this up afterwords, this does show that they do use things that arn't released

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1078512769880014472004-03-05T13:52:00.000-05:002004-03-05T13:59:11.140-05:00

It's getting hard to keep up with the SCO news! First they sue AutoZone, then they sue Daimler-Chrysler on the same day that they report more losses in a quarterly financial report. Then ESR comes out with "the memo" detailing how Microsoft is funneling money into SCO through other companies. Then we find out that the Judge tells IBM to give them the basic AIX files, but SCO has 45 days to

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1078511882559741902004-03-05T13:38:00.000-05:002004-03-05T13:41:00.090-05:00

Here's a real nice article regarding the birth of Spam: Netcraft: Spam's Tenth Birthday Today. It goes through the rise of Spam to it's current form from it's simple beginnings as a usenet posting.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1076116222712497642004-02-06T20:10:00.000-05:002004-02-06T20:12:43.890-05:00

To paraphrase Winston Churchill: This is not the end, this is the beginning of the end. Groklaw has a nice series of articles on the latest hearing in the SCO lawsuit. The headlines read that SCO ups damages to 5 billion, but the real headline is that SCO is dropping the "heart" of it's case, the contact dispute. They are back with the "millions" of lines of code in the press, but in court

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1075755071722948062004-02-02T15:51:00.000-05:002004-02-02T15:53:26.810-05:00

Microsoft has (finally) released a new Cumulative Security Update for Internet Explorer (832894). This fixes a number of issues (at least 3) in IE including the infamous @ problem.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1075323978527335652004-01-28T16:06:00.000-05:002004-01-28T16:08:27.670-05:00

Infoworld has an article entitled New Explorer hole could be devastating. Actually it's more amunition for the phishing folks more than anything, and the kicker is that Microsoft may not be able to provide a fix. Seems to me that we need to find a balance between allowing users ease of use an allowing them to do things that they shouldn't be.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1075315280662229782004-01-28T13:41:00.000-05:002004-01-28T13:43:29.326-05:00

Tom Vogt has written a nice article on Attacking the Client. What he is talking about is that permeter defense get's you only so far, and what you need to have is each system (including workstations) locked down so that they are not targets as well. You also need procedures for doing things so that simple things (such as running as Admin or Root) aren't done all the time. Interesting article

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1075231403764747972004-01-27T14:23:00.000-05:002004-01-27T14:25:32.140-05:00

New virus infects PCs, whacks SCO. What the headline misses is the fact that it also starts up a backdoor trojan, and a keystroke logger. Nasty little bugger. Seems that it could be used by spammers and phishers so it'll be interesting to see how this one is used.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1075151802006381142004-01-26T16:16:00.000-05:002004-01-26T16:18:48.343-05:00

I always find these types of stories interesting. Reminds me of Kevin Mitnick in that they are seen as hacking when they are more of a social engineering than hacking. Seems the Republicans in the Senate Judiciary committee had access to their democratic colleagues files, even the secret files:Infiltration of files seen as extensive. Should be interesting to see how it plays out.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1074712407506917422004-01-21T14:13:00.000-05:002004-01-21T14:15:27.153-05:00

It's been a while when I've read an article in the mainstream press that's as accurate as this one is: Consumers deluged as fake e-mails multiply. The only thing I found 'wrong' with it is the suggestion that corporations will use certificates with email to solve this problem. Seems to me that the phishers can match this with ease ("We had to renew our certificate, click here to accept" or

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1074284027408257392004-01-16T15:13:00.000-05:002004-01-16T15:15:40.576-05:00

Study: Most Spam Not Compliant With Law Duh?

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1074283886674117272004-01-16T15:11:00.000-05:002004-01-16T15:13:19.873-05:00

According to this cNet news article, PC viruses spawn $55 billion loss in 2003. This is up from $20-30 billion in 2002 and $13 billion in 2001 the article goes on to say.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1074115092755143662004-01-14T16:18:00.000-05:002004-01-14T16:20:03.263-05:00

Symantec has a nice little bug in their Live Update engine: Symantec Automatic LiveUpdate Local User Elevation of Privilege. It seems that under the right circumstances a privilege escalation can occur. An update to the 2.x versions fixes this issue. If memory serves me correctly this isn't the only issue with Live Update recently.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1074114581660963612004-01-14T16:09:00.000-05:002004-01-14T16:11:32.280-05:00

CERT has issued an advisory on the VoIP issues here: CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP). Specifically, there are a number of types of vulnerabilities to this issue including DOS, unstable system behaviors and unauthorized privilege escalations. There also is a list of vendors including Cisco, Microsoft, and Nortel.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1074114041745291982004-01-14T16:00:00.000-05:002004-01-14T16:02:32.466-05:00

Microsoft released three new security bulletins yesterday: January Security Bulletins. They include a critical ones for MDAC, and ISA Server, and a moderate one for Exchange Server 2003. The MDAC bug is a remote code execution one, and the ISA one is releated to the H.323 bug that's been floating around recently.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1074112358230974052004-01-14T15:32:00.000-05:002004-01-14T15:34:28.483-05:00

Kevin Poulsen over at Security Focus has a nice article about how Microsoft has not fixed a bug in their software (IE) entitled: No relief from Microsoft phishing bug. In case you havn't seen it, the bug allows the url on the addres line to be faked. This is great for phishers, but isn't of much use to anyone else. This bug was found and documented on December 9th and still hasn't been fixed.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1074025649128928092004-01-13T15:27:00.000-05:002004-01-13T15:30:35.170-05:00

I ran across references to this one a while back, but never did see any details as to the site. Seems the savanna.gnu.org site was cracked and they had to do a rebuild of the system, and from this announcment: IMPORTANT: Information Regarding Savannah Restoration for All Users you can see that they also reorganized the security for the systems involved. Another site that I read occassionaly

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1073946381217685562004-01-12T17:26:00.000-05:002004-01-12T17:28:09.153-05:00

eWeek has a very interesting article saying that: Novell to Offer Linux Indemnification Program. The best part of the article is at the bottom when it mentions that they (Novell) are going after SCO from a contractual point of view also. Let's see, that's IBM, Red Hat and now Novell that are against SCO. OSDL, HP and Novell will offer indemnification (something not necessary -- Microsoft

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1073943006752863262004-01-12T16:30:00.000-05:002004-01-12T16:31:54.513-05:00

cNet is reporting some information about the Xombe Trojan that was released on Friday: Xombe Trojan poses as Microsoft warning. Seems some av vendors are listing this a minor issue and some as a more serious one. Symantec still hasn't updated it's corporate definitions (Live Update) and probably won't until 1/14. You can download the defs manually to check this and install them. Nice of

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1073941522532244002004-01-12T16:05:00.000-05:002004-01-12T16:07:10.576-05:00

Groklaw and others have a good story about how: Intel Steps Up to the Plate -- New Legal Defense Fund For Linux Users. This fund will handle the legal bills for Linus, among others.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1073595734369742672004-01-08T16:02:00.000-05:002004-01-08T16:03:57.186-05:00

PJ has a nice piece regarding SCO's Missing Risk Factor. It seems that SCO hasn't disclosed in it's SEC filings that Novell is contesting it's copyright claims to Unix. This is a major risk to it's lawsuit with IBM, and could have implications on earnings something both stockholders and analysts should have been aware of. It makes for compelling reading and for a lot of questions about what

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1073595398715765902004-01-08T15:56:00.000-05:002004-01-08T15:58:20.796-05:00

GrokLaw has a nice piece entitled Thinking Small in which PJ discusses a post by a contributing editor to BYTE magazine about how Linus might be tainted. Of course, SCO leaves everything vauge enough that they can't be completely tied up with what they said, but they do leave enough FUD in their wake that one might actually believe them if you don't have any other information. I do love what

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1073588100118594452004-01-08T13:55:00.000-05:002004-01-08T14:09:52.403-05:00

I've been checking out 2003 to see how things were last year. I wrote up the following summary for the folks where I work and thought you might gander a peek: Most experts consider 2003 to be the worst year ever for viruses and worms. There were several significant virus events, including: SQLSlammer Worm, BugBear, Blaster Worm, Sobig, and Swen. These caused a significant number of

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1072131198484291702003-12-22T17:13:00.000-05:002003-12-22T17:14:38.840-05:00

Well today's been a red letter day for SCO, and not in a good way. See Groklaw for all the news that's fit to print, and they have a huge number of articles and info on what's been happening.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071611120294686482003-12-16T16:45:00.000-05:002003-12-16T16:46:32.403-05:00

Not quite sure what to make of this one yet: Check Point Software Technologies to AcquireZone Labs. I wonder how this will pan out.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071509205217564972003-12-15T12:26:00.000-05:002003-12-15T12:27:56.640-05:00

For those of you running some of Cisco's Firewall products, take note: Cisco Security Advisory: Cisco FWSM Vulnerabilities. Mostly this looks like a DOS condition thru the admin console, and SNMP v3.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071505282871350322003-12-15T11:21:00.000-05:002003-12-15T11:22:33.593-05:00

Here's another GrokLaw exclusive: Tigran Aivazian Says His SMP Contributions to Linux Kernel While at SCO Were Approved by his Boss. Seems that SCO itself is responsible for some of the software that they are blaming IBM for stealing. In this well researched and well documented article PJ and Alex Roston go over a number of details showing that this was clearly supported by SCO and that the

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071504756662981802003-12-15T11:12:00.000-05:002003-12-15T11:13:47.466-05:00

This article over in The Register kinda sums up my experience with software "projects": Massive MyTravel losses blamed on botched IT system install. Seems as though the software (which other companies use -- and make a profit) was installed to help the bottom line actually cost the bottom line. They thought they were making 40-60 (pounds) per sale instead it was costing them around 50 (pounds)

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071497714506691722003-12-15T09:15:00.000-05:002003-12-15T09:16:25.170-05:00

I know this isn't computer network news, but it is news: Saddam Hussein seized in Raid on Tikrit.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071245289549883292003-12-12T11:08:00.000-05:002003-12-12T11:09:16.436-05:00

I love the way this article was written up: Dump Lindows name or we'll take all your money, says MS. Makes Microsoft look like the bully that they are. Now they'll go before the EU and tell them they are in favor of competition :).

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071157744581935072003-12-11T10:49:00.000-05:002003-12-11T10:50:09.513-05:00

Here's an article regarding SCO on eWeek: Denial-of-Service Attack Knocks SCO Group Offline. The fun thing about this one is that over at GrokLaw they have an article that basically rebuffs the whole issue of SCO being DDOS'ed: Security Experts Doubt SCO Was Attacked. In the article they talk about how SCOs ftp site was working, someone mentions that email was working and in the comments

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071157345549560492003-12-11T10:42:00.000-05:002003-12-11T10:43:30.576-05:00

Here's an eWeek article on the Internet Explorer Spoofing Vulnerability Found. There's a link to the advisory from Secunia that has a test page to show how well it works. BTW: I *have* to say that I don't like Secunia because they take stuff off of Full-Disclosure and re-brand them as though they are finding and reporting them.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071102402248128362003-12-10T19:26:00.000-05:002003-12-10T19:27:46.686-05:00

Over at Groklaw, the've got a nice piece on why the financials were delayed until the 22nd: Yeah, That's the Ticket. It's A Contingency Arrangement.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071102106332896062003-12-10T19:21:00.000-05:002003-12-10T19:22:50.826-05:00

Oh yea, take a read at this article: Internet worms and critical infrastructure by Bruce Schnider. He backs up some of the theory that's been floated about with the Blaster worm and the blackout that happened in August. Interesting read.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071101966444636132003-12-10T19:19:00.000-05:002003-12-10T19:20:30.966-05:00

I thought this article was a riot: Mystery patch blots Microsoft's fix-free month. Kinda figured something was wrong on Tuesday when there was no release. Wonder if they are 'further' fixing that messenger bug issue. Lately they seem to take two or three attempts to fix some of these issues. Also wonder what else is broken that they've decided (without letting us know) to wait till January.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071101780082464402003-12-10T19:16:00.000-05:002003-12-10T19:17:24.640-05:00

I saw this this morning over at eWeek: Security Experts Warn of New Way to Attack Windows. Seems that the messenger bug has more holes in it (a new attack vector via UDP). The strange thing was the quotes attributed to Core. They stated that even if you had blocked the port at the firewall, you were still vulnerable. Then the article goes on to say that this is a new vulnerability and the

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071101455178336102003-12-10T19:10:00.000-05:002003-12-10T19:11:59.810-05:00

Somone's at it again: Data attack cripples SCO Web site. The only thing that some folks noted was 2 things: 1) Their FTP site worked like a champ, and 2) Why was their internal intranet site listed as being down?? Someone else noted that the press release stated 'for further information contact us at: www.sco.com' (or words to that effect).

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071101281423274572003-12-10T19:08:00.000-05:002003-12-10T19:09:06.093-05:00

I've been tracking this since Tuesday on the Full Disclosure mailing list. At first, I thought it was just another way for folks to obfuscate an address (there are many). Then after seeing some posts today, it's clear that: IE bug lets fake sites look real. The only problem with the headline is that the other browsers (Mozilla, Netscape, Opera, etc) do the redirect but show the obfuscation

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1071002449919629752003-12-09T15:40:00.000-05:002003-12-09T15:41:52.623-05:00

Ok, it's the second Tuesday of the month, where o where are the patches: "Microsoft has no security bulletins to release as part of the monthly release cycle for December." Somehow I think they missed a couple, but I'll let it go for now and let others digest this one.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1070918203385085452003-12-08T16:16:00.000-05:002003-12-08T16:17:45.140-05:00

Here's a follow up artcile to one that ran earlier this year over at Security Focus: FTC investigates PetCo.com security hole.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1070896839747711032003-12-08T10:20:00.000-05:002003-12-08T10:21:41.123-05:00

Here's a news article from cNet on Friday's SCO hearing: Judge orders SCO to show Linux infringement. Of course they got a couple of things wrong including the name of the Judge, but it's balanced better than some other articles I've seen so far.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1070662794237223782003-12-05T17:19:00.000-05:002003-12-05T17:20:52.716-05:00

More updates from GrokLaw: Judge Tells SCO: No, *You* Have to Show the Code First. There were a couple of folks there looking in on what was happening. Interesting reading. Very telling that even at the end SCO was asking for a postponment of the 30 days.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1070658771228899042003-12-05T16:12:00.000-05:002003-12-05T16:13:49.153-05:00

GrokLaw is reporting that SCO didn't do well at today's hearings: First Report from Grokker Inside Hearing: IBM Wins Both Motions to Compel. They are reporting that SCO has 30 days to comply 'with specificity' and refused to rule on SCOs motion until well after the 30 days are up. Interesting stuff... Let's see how it plays out.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1070653361007505542003-12-05T14:42:00.000-05:002003-12-05T14:43:43.060-05:00

Gee, where did I miss putting this in the wrap-up from earlier: Microsoft Plays Intellectual Property Licensing Catch-Up. This is a mess because they've let all this stuff sit and run without requiring payment or licensing for years and years.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1070652031572481262003-12-05T14:20:00.000-05:002003-12-05T14:21:29.233-05:00

Here's a nice piece that GrokLaw posted about: Linus Digs Into Copyright Law and Notices Something Useful. It's part of the responses to Darl & Co about the open letter, and clearly shows how the GPL and Open Source is protected within the Copyright framework.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1070644388489758922003-12-05T12:13:00.000-05:002003-12-05T12:17:35.733-05:00

Here's another article on the Darl letter: McBride letter continues SCO's Linux attack. Linus makes a lovely quote from this mess: "If Darl McBride was in charge, he'd probably make marriage unconstitutional too, since clearly it de-emphasizes the commercial nature of normal human interaction, and probably is a major impediment to the commercial growth of prostitution." Jeffrey Neuberger (an

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1070643362672667802003-12-05T11:56:00.000-05:002003-12-05T11:56:59.700-05:00

Where to start.... I guess here is as good as any: Another open letter from Darl McBride, CEO of SCO. I won't touch this one as it seems to be quite strange. This letter is eloqunently debunked by Lawrence Lessig here: More SCO fud, this time insulting the constitution. Over on SlashDot they have a nice article rounding up yesterday's SCO news: SCOrched Earth. I've saved the best for last

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1070488005073424702003-12-03T16:46:00.000-05:002003-12-03T16:47:40.076-05:00

Here is another Linux distribution server that's been compromised: Gentoo rsync Server Compromised. First, GNU, then Linux Kernel, then Debian, and today Gentoo. This doesn't look like it's coincidence especially when it's happening within a few months. It should be interesting to see, especially with the Debian and Gentoo breakins, what the forensics turns up as to a source for the breakins

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1070389172062571742003-12-02T13:19:00.000-05:002003-12-02T13:20:25.840-05:00

Well, the results are in: LWN: Debian Investigation Report. Sure looks interesting, they used a sniffed password to login to a box, then use a local privilege escalation attack to get root and install a root-kit. This was done on more than one machine, and they used a comprimised account to attack another machine. This is a very interesting attack and well described as to how it happened,

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1070042415499813502003-11-28T13:00:00.000-05:002003-11-28T13:01:04.186-05:00

I always get a kick out of reading these prognostication: No Letup In Security Threats To Business. My favorite part of this one is the discussion of "in depth defense". Rational security folks have known this for years. Microsoft is now in late 2003 talking about "protecting the perimeter". Something that should have been done a good while before this. The problem comes about when you

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1070031984337031892003-11-28T10:06:00.000-05:002003-11-28T10:07:12.780-05:00

Here's a nice article on SlashDot about the famous letter that SCO sent out: SCO Letter to Fortune 1500 Now Online. Check out the GrokLaw link as well as PJ has some nice commentary.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1070029809631963522003-11-28T09:30:00.000-05:002003-11-28T09:30:57.733-05:00

Here's an update on the Debian security breach. This Slashdot article links you to a preliminary write up on what went wrong: More Info on Debian.org Security Breach. From the writeup it looks like a local user account was sniffed over the wire, and the bad guys used a escalation exploit (that Debian still hasn't figured out) to get root. They used the same attack vector on a couple of boxes

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069882916870673622003-11-26T16:41:00.000-05:002003-11-26T16:42:42.543-05:00

I'm sure some of you already have seen this article (I'm showing SlashDot, but other articles are out there): Could Google Be SCO's Next Big Target?. I'm also wondering if Orbitz could be a target as they are a BIG Linux user, and owned by several Airlines. That could be even jucier to the SCO PR machine than Google as it would be tracked more in the mainstream media.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-106988228729908792003-11-26T16:31:00.000-05:002003-11-26T16:32:13.123-05:00

The only reason I mention this article (which is about the same 6 vulns that I reported on yesterday): New critical vulnerabilities discovered in IE is that they quote a bulletin released by Secunia. This company trolls Full Disclosure and BugTraq and then rebrands the advisories and information disclosed there as their own advisories. Poor job of reporting by IDG.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069882087409716042003-11-26T16:28:00.000-05:002003-11-26T16:28:53.263-05:00

Here's an interesting article over at Information Week: Wells Fargo Offers $100,000 Reward For Stolen Computers. From reading the article it seems that the laptop in question was stolen from another site and not from the bank's site. What was customer information doing there? This has a strange feel to it for me, usually Wells Fargo is very good about stuff like that.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069797461306671922003-11-25T16:57:00.000-05:002003-11-25T16:58:26.263-05:00

Here's another reason why the monthly patch regiment from Microsoft is a BAD idea: Scripting flaws pose severe risk for IE users. As the article suggests, Microsoft probably won't come out with patches to fix the bugs (6 in all) until December 9th, it's usual patch day.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069787797242790512003-11-25T14:16:00.000-05:002003-11-25T14:17:21.793-05:00

Well, well, Deibold finally admitted what a few of us had already thought happened: Diebold ATMs hit by Nachi Worm. Seems these machines got hit from infected machines already within the firewall. Some interesting comments from the Slashdot crowd, but some of the comments are way off base. Also, Deibold isn't the largest manufacturer of ATMs as I believe NCR is.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069699778838525472003-11-24T13:49:00.000-05:002003-11-24T13:50:20.560-05:00

Here's another eWeek article, this one regarding the recent position paper by Eben Moglen regarding the SCO saga: Paper Calls SCO's Position 'Desperate'. Read the paper (SCO: Without Fear and Without Research ) BTW, it's very well written. For some reason they didn't reference it in the eWeek article (wonder why?).

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069699546679367392003-11-24T13:45:00.000-05:002003-11-24T13:46:28.450-05:00

Here's something you don't see every day, a nice article on open-source and Linux from eWeek: Attack Didn't Harm Source Code. The article is almost glowing with how Debian handled the issue. My only problem is that like most articles these days the "who, what, where, why, and how" arn't fully disclosed. What I'm interested in is how. I've heard that it was a simple password hack, but that

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069426806311842162003-11-21T10:00:00.000-05:002003-11-21T10:00:44.560-05:00

According to this NewsForge article: Some Debian project machines compromised. The annoucement states that only some of the machines were hacked, but the acutal source code machines weren't. Should be interesting to see how this pans out. This is the latest string where the hackers are targeting production software systems to make changes to the source and put bugs and/or backdoors in the

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069426436270838862003-11-21T09:53:00.000-05:002003-11-21T09:54:33.780-05:00

This looks to me like the real reason that Novell has bought both Ximian and Suse: Novell looks to Linux to pull it out of the red. They are still posting losses for thier "Novell" products.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069362927168278212003-11-20T16:15:00.000-05:002003-11-20T16:16:04.233-05:00

Well, well it seems that at least one analyst has gotten a clue about the whole SCO mess: Gartner Recommends Holding Onto The SCO Money. Among the tidbits is to not pay SCO, not allow SCO to audit you, and if your a SCO customer look to migrate away from SCO within 2 years.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069362175859167242003-11-20T16:02:00.000-05:002003-11-20T16:03:33.076-05:00

This GrokLaw piece is so interesting you have to read it: Did SCO Really Reveal the Code to IBM, as Darl Claims?. The article basically shows how poor the SCO argument is that they have provided IBM with the information on their IP. I love the part about people who "likely have knowledge.." as the email address: fubar@us.ibm.com. Got to love it.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069359738162242262003-11-20T15:22:00.000-05:002003-11-20T15:22:55.076-05:00

Here is a nice article on the BSD development that SCO recently talked about: BSD developers speak out on SCO campaign. There's some good comments from BSD developers on the second page.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069356777158101302003-11-20T14:32:00.000-05:002003-11-20T14:33:33.873-05:00

Here's an intersting use of the OnStar system: Court limits in-car FBI spying. It seems that manipulating the system to spy turns off the emergency roadside assistance and other emergency features. The court ruled that this is a no-no.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069356649946208012003-11-20T14:30:00.000-05:002003-11-20T14:31:26.686-05:00

Here's a nice article talking about how Check Point looks beyond the perimeter. I'm very familiar with Checkpoint's Firewall-1 offering, and what I see happening is that Firewalls (especially statefull firewalls) have headed toward commodity items (at least they are going in that direction) and Checkpoint's pricing isn't going there fast enough. They are trying to stave things off by adding

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069356381082623012003-11-20T14:26:00.000-05:002003-11-20T14:26:57.890-05:00

This is one of The Register's better "joke" articles: We reveal major UNIX™ IP violations. Of course the answer is that SCO's old company Caldera released old Unix source under a BSD license. It's still hilarious!

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-106927886577308802003-11-19T16:54:00.000-05:002003-11-19T16:55:01.030-05:00

There's an interesting article over at NewsForge: SCO: Winners and Losers. They breakdown the players into "Winners", "Loosers", and "Null" with some commentary on the score thrown in. Interesting, but I'd have put the SCO stockholders as "Null" because they did get a return on their investement and if the pulled out in time that'd be ok. Definitely humerous at times though....

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069277432666541202003-11-19T16:30:00.000-05:002003-11-19T16:31:08.233-05:00

Well, so far so good: Downtown Miami remains calm as protesters make their case in seminars and rallies. They protested at Burdines (Department Store), and I'm told that the cops outnumbered protesters. The tail end of the article talks about a guy throwing "something" at the FHP (Florida Highway Patrol) -- it was a smoke bomb. If you ask me, the FTAA protestors have already won. Downtown

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-106927678885108702003-11-19T16:19:00.000-05:002003-11-19T16:20:24.560-05:00

Here's a nice Network World article on Tallying the true cost of spam. It talks about a 300 person Law firm and the problems that they had with SPAM. I'd have to say that it's markedly similar to our experiences here (we're around 400 folks, but the rest is about the same). We outsourced to Postini and that made a significant reduction in the amount of SPAM that we received. The dollar

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069269782480031032003-11-19T14:23:00.000-05:002003-11-19T14:23:38.013-05:00

Lots more on SCO in this SlashDot article: SCO Hints at *BSD Lawsuits Next Year, And More.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069269621991440092003-11-19T14:20:00.000-05:002003-11-19T14:20:57.560-05:00

Busted: Novell Statement on SCO claims regarding a non-compete clause in Novell-SCO contracts

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069254411173273672003-11-19T10:06:00.000-05:002003-11-19T10:07:26.716-05:00

Here's another Slashdot article about SCO: McBride Speaks, In Person And In Print. I read both articles and some of the commentary and it's worth a few mintues to read the CRN link especially. From what I can gather he seems to think that everything in SCO system V Unix is "owned" by SCO and that SCO has copyrights on all of it. This is very wrong, because during it's history it

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069183903110839782003-11-18T14:31:00.000-05:002003-11-18T14:32:17.373-05:00

Slashdot saved me the trouble: SCO News Roundup. They cover a wide ranging list of topics from the SCO lawyer's compensation, to the Novell purchase of Suse being competition, to the extension of the $699 discount rate deal. Nice coverage all around. Check out some of the comments also.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069169547850742432003-11-18T10:32:00.000-05:002003-11-18T10:33:01.763-05:00

Ah, another fact finding mission discovers more information that SCO doesn't want you to know about: SCO admits: Linux jihad is destroying our business. Read some of the information that is in the SEC filings.

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069106700686345362003-11-17T17:05:00.000-05:002003-11-17T17:05:34.013-05:00

In case your wondering what my days have been like, you might check out this page: Miami FTAA 2003. Check out the Traffic, and Road Closures pages. It's really interesting to see a city ready for riots :-) The major buildings are ringed with security fences, police in riot gear are walking the streets, and shotguns are easilly visible. Of course today's a very quiet day, hopefully it'll

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069094729516263282003-11-17T13:45:00.000-05:002003-11-17T13:46:02.280-05:00

I kinda like what the Judge had to say in this case: Garage door DMCA case dismissed. He bascially stated that people expect third party door openers, so if someone reverse engineers a universal garage door opener then that's ok. This could set a precident for those of us that don't like the DCMA (and it's a good precident too).

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1069094482953173392003-11-17T13:41:00.000-05:002003-11-17T13:41:55.763-05:00

This public safety message is being brought to you by Security Focus. This is a reminder to those of you sitting out side of Best Buy, Home Depot, or Lowes with your wireless cracking kit every night of the week. Your going to get caught: Wireless hacking bust in Michigan. It also doesn't help that you actually hacked into the computers of said companies. War dialing is one thing, breaking

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0tag:blogger.com,1999:blog-5296357.post-1068754450699427452003-11-13T15:14:00.000-05:002003-11-13T15:14:38.593-05:00

There's a nice article over on Security Focus reviewing the current crop of Banking Scams: Banking Scam Revealed. They've got a good breakdown on the scams and how they work (technically) including all the relevant headers (email) and logs. Quite a good bit of detective work here, but not totaly complete (for obvious reasons).

Davidhttp://www.blogger.com/profile/04657584582034899962noreply@blogger.com0