Sam Crawford • User • The Register Forums

Microsoft kicks Ubuntu update in the hardy herons

Monday 14th July 2008 09:07 GMT Sam Crawford

Methodology

Hrmmm, what is this test actually doing anyway? If it's just pinging the servers then that's not really a fair test. The application server (IIS / Apache in this instance I assume) could be offline, or the storage could be unavailable, or a million other things.

Pinging the server alone does not tell you service uptime - synthetic transactions need to be run against the service in question (something that I imagine is rather challenging with Windows Update).

I suspect all this was testing was the providers network connection and the VIP that their boxes sat behind...

0 0

Mass web infection leaves researcher scratching her head

Sunday 13th January 2008 16:17 GMT Sam Crawford

@Richard Bishop

It doesn't serve the JS once per IP. I automated 100 requests to three of the sites listed (whilst they were still running) and the JS was inserted between 3 and 10 times on each. Interestingly, the frequency of which it was present declined as the number of requests increased (i.e. it was always there on the first, then usually the third, then the tenth, then maybe around 20-30, etc...).

I agree that there will be some kind of hash table storing information about recent visits, but I imagine that it's probably an in-memory table, and not likely one that you'll find on disk anywhere.

I too would be interested in having access to a compromised server (not that I'm volunteering one of my servers!!)

0 0

Saturday 12th January 2008 11:51 GMT Sam Crawford

Common software

Of the hosts that responded with a "Server" HTTP header, all of them had mod_bwlimited/1.4 installed. Versions of Apache, PHP, etc varied. It looks like most of them are old cPanel installations (mod_bwilimited was widely included with that).

My suspicion is that someone broke in via SSH (probably using brute force) and then built a new mod_bwlimited module after gaining root (via an old exploit, as these systems all seem to be quite old). All of the hosts seem to have SSH and just about every other service imaginable open to the world.

The Javascript is not always embedded in responses (it seems fairly random), and the random nature of the js filename suggests some server side scripting to generate the name. Since the majority of the pages infected are plain HTML, I believe the malicious code is embedded in one of the Apache modules.

0 0

Sun introduces first Intel workstation in two decades

Tuesday 23rd October 2007 09:21 GMT Sam Crawford

Availability?

Looks pretty good actually, and the prices aren't bad. Anyone know when it will be available?

0 0

Silent bandwidth battles at BT

Monday 13th August 2007 12:47 GMT Sam Crawford

21CN and ISDN

Unless I've misread the article, I believe it to be quite misleading. Yes, old ISDN products are being "retired", but they're being replaced by ISDN2e, ISDN30 and ISDN30e.

See http://www.switchedonuk.org/corporate/product/ for information on product retirements and replacements within 21CN.

You can also see BT Wholesale's plans for ISDN migrations on to 21CN all over the btwholesale.com/consult21 website. For example, in a powerpoint slide show not even two weeks old BT were discussing ISDN migrations (See Slide 15, Steering Borad Slides, http://www.btwholesale.com/content/binaries/21_Century_Network_Community/C21_SB_output_310707v1.zip)

Sure, I don't doubt that the eventual plan is to knock ISDN on the head at *some point*, but it's certainly not going to be any time soon!

0 0

Topics

Special Features

Vendor Voice

Resources

User topics

Article topics

Posts by Sam Crawford