Security

Uninstalling JRE 1.6.0_01

Leave a comment

I don’t know about you, but the latest release of the Java Runtime Environment is screwing up some apps for systems I deal with. After troubleshooting a bit, I decided I would remove it. Major dilemma, since it has some fixes I want, but functionality is broken.

Since remotely navigating Windows GUI is such a pain, here’s the fancy CLI shortcut suggested by Sun:

MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0160010} /qn

Just in case you are curious, the versions are easy to insert for any other recent release. Note the difference in the 1.5.0_11 command:

MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150110} /qn

WARNING: uninstalling the JRE can remove all the associated Java applications.

Energy, History, Security

Kansas recovery hampered

Leave a comment

Interesting to find the Governor of Kansas indirectly criticizing the President and Iraq war:

Kansas Governor Kathleen Sebelius also visited the town, which lies about 120 miles (200km) west of Wichita in southern Kansas.

She said the state’s response would be negatively affected because emergency equipment such as trucks, tents and trailers had been sent to Iraq.

“Not having the National Guard equipment, which used to be positioned in various parts of the state, to bring in immediately is really going to handicap this effort to rebuild,” she said, the Associated Press news agency reports.

Compare this sentiment with how she prepared the state with a news release from 2003:

As your governor, I would like you to know that we are taking every possible step to protect Kansans in every corner of the state. At the conclusion of the President’s remarks Monday night, the Homeland Security Alert level in Kansas was raised to “High” or “Orange.” In accordance with that higher level of alert, I have increased the activity and visibility of the National Guard and Highway Patrol, paying special attention to important locations in the state, such as public buildings, bridges, and power plants. We are also constantly monitoring our vast agricultural resources, including our crops and our livestock, to ensure they remain productive and secure. And we need our public health systems to stand ready to respond.

Kansans should not take these steps as cause for alarm, but rather as prudent steps in a time of war. I have been briefed by the Secretary of Homeland Security, Tom Ridge, and have been assured that currently there are no specific threats to Kansas. We have no particular reason to believe we are in danger. But we must always be vigilant and prepared. I call on all Kansans to be aware of their surroundings, to report suspicious activities, and to fully cooperate with law enforcement officers as they perform their important additional duties.

No terrorist attacks in Kansas yet, so the system must be working.

Shame about those natural disasters that seem to happen regularly, have advance warning, and (usually) have trained responders with equipment nearby. No need for resources to deal with those when the absence of terrorist threat is a top priority.

Seems to me Sebelius should have labeled tornadoes some kind of terrorist plot, or maybe even a terrorist group (the infamous “Al Tornadoes”). Then the state would have been awash with Halliburton contractors and the Blackwater fundamentalist mercenaries looking to lend a hand on the federal taxpayer’s dollar. Of course, that brings other risks, perhaps even worse than natural disasters:

The former New York Times Mideast Bureau chief warns that the radical Christian right is coming dangerously close to its goal of co-opting the country’s military and law enforcement.

[…]

This effort signals the final and perhaps most deadly stage in the long campaign by the radical Christian right to dismantle America’s open society and build a theocratic state. A successful politicization of the military would signal the end of our democracy.

I bet someone is saying the incompetence of the Bush administration proves that private armies in America could do a better job of securing the citizens. Abe Lincoln must be rolling in his grave.

Security

Axis Camera Remote Exploit

Leave a comment

The ActiveX control provided for Axis surveillance cameras has a critical vulnerability due to a buffer overflow, according to US-CERT note #355809:

Axis Communications provides an ActiveX control for viewing motion JPEG streams in Microsoft development tools and Microsoft Internet Explorer. The ActiveX control, provided by AxisCamControl.ocx, is known as “CamImage” or “Axis Camera Control.” The SaveBMP() method of this control contains a stack buffer overflow.

Axis Communications lists the following products as being affected

AXIS 2100, AXIS 2110, AXIS 2120, AXIS 2130 PTZ, AXIS 2420, AXIS 2420-IR, AXIS 2400, AXIS 2400+, AXIS 2401, AXIS 2401+, AXIS 2411, AXIS Panorama PTZ

Options are to install a new version, disable it, or disable ActiveX entirely. Expect more of these vulnerabilities in surveillance systems as the physical and information security worlds continue to collide.

History, Security

US education sites make Chinese network security look good

Leave a comment

While reading about proxy abuse I noticed someone on Digg pointing out some disturbing security issues at a “liberal arts” college in the US:

Using proxies and other methods to bypass firewall restrictions, etc, aren’t just useful for viewing Myspace. I’m about to graduate from a liberal arts college with Baptist affiliations. When I started school here, it was a well-regarded school in the South, and the religious convention was only loosely associated with it Then the fundamentalist cultists came along, and that all changed. Now, the school uses its IT dept. not to set up decent Internet access or upgrade computers, but to block methods of reaching the anti-administration forum that was set up by students.

Over 80 faculty and staff have been terminated, forced into retirement, or have resigned because they couldn’t stand to see the school turned into a Southern Baptist madrassa. Guess I’m venting, but when college administrators lie, violate SACS policies with impunity, and destroy academic freedom, even a dinky little proxy is a satisfying (but small) way to speak out.

What’s the matter with education in the US? Here is another example:

While students in campus owned housing are living with mold, rats, and other dangerous conditions (due to a lack of funds, according to res-life) — our tuition money is now being spent on appliances to actively support the RIAA and MPAA, two private entities which have no legal authority. Additional money is being spent on hardware to actively block Access Points on campus, which unfortunately blocks AP’s for off-campus residents in the surrounding neighborhood as well. Due to a lack of response from [the VP of IS], this situation is now being reported by the victim to the FCC and other state and federal agencies as we speak, as this is completely illegal per Title 18 of the COMPUTER FRAUD AND ABUSE ACT and referenced multiple times in the USA PATRIOT ACT.

I also keep hearing about translation tricks, both language and format (e.g. mobile devices). I’m not talking about residents in Communist countries learning English, I’m talking about Americans using foreign languages to evade corporate controlled information feeds to read the news. Even an attorney I met at a social the other day told me s/he was using it to bypass a firm’s overly harsh restrictions on browsing.