From the Orient

What keeps attacks like the one that slowed the internet today going is failure by admins to patch their systems. According to NGSSoftware, the problem was reported to Microsoft in May 2002. Microsoft produced a patch in June 2002.

And yes, people will probably use this as another excuse to slam Microsoft or Windows. But a badly setup Unix machine is as vulnerable as an unpatched Microsoft box. Its inertia and laziness not to apply patches. Our customers moan constantly about our requests for them to be on the latest patchset.

The reason is that applying patchset can result in problems; problems that the administrator just doesn’t want to waste time sorting out. They think they don’t need to apply the patchset or upgrade because their system works, and they don’t need the new features. However, the best way to get security fixes to customers is through patchsets and insisting the customer be on the latest one. No number of bulletins will make the customer listen.

PRIMES is in P (from New Scientist)

“Prof. Manindra Agarwal and two of his students, Nitin Saxena and Neeraj Kayal (both BTech from CSE/IITK who have just joined as Ph.D. students), have discovered a polynomial time deterministic algorithm to test if an input number is prime or not.”

Eratosthenes came up with the first foolproof way of telling if a number is prime back in 240 BC, but the time the method took grew exponentially with the size of number, so for numbers the size that cryptography use, you’d need longer than the age of the universe to find out if the number is prime.

This new solution is the first to give the answer in a resonable amount of time. This doesn’t really affect cryptography as it doesn’t offer a real advantage over current methods that estimate the probability of whether a number is prime or not.

But as Carl Pomerance of Bell Labs points out “If there is a simple test for primality, there may well be a simple way to determine prime factors that we’re currently overlooking”

The router has arrived, and is lovely blue and has lots of flashy lights and a big manual on how to set it up in Windows (nothing about Linux). Our phone line went dead this morning for fifteen minutes. I have a bizarre hope that this was because BT were doing something to the line and setting us up.

Once I’ve got set up and running, I’ll be able to address my linux problem, ahem, Aquarius will be able to ssh in and address my linux problem
Can someone point me to a good link for linux network security. Clearly, I’ll need to brush up on that area too. I think I’m fairly safe on Windows with my ZoneAlarm firewall.

Something I know virtually nothing about : Web Services Security [via Simon Fell]

Now I know a little more.

A javascript url can be run when a user presses the backbutton in IE 6.0, according to a Security Focus article.

What did I do after reading this. I clicked the backbutton. But, that’s okay, because I use Mozilla.