RSS

Category Archives: security

>Firefox 2.0.0.14

>Firefox 2.0.0.14 was released. Nothing much, ‘just’ a single security issue was fixed, a crash in the JavaScript garbage collector.

 
Leave a comment

Posted by on 21 April 2008 in firefox, firefox2, mozilla, release, security

 

>Firefox 2.0.0.13 released

>Firefox 2.0.0.13 was released. No features added, just some security vulnerabilities fixed.

 
Leave a comment

Posted by on 28 March 2008 in firefox, firefox2, security

 

>Disabling functionality prior to security fix

>
Normally, a security issue is known days if not weeks before a fix is available. In the meantime, systems are left vulnerable.

A solution for this could be to allow the security provider (typically the provider of the original software) to disable or reconfigure certain functionality in the target software.

Of course, this would require the software (such as an OS or application) to be configurable in such a manner, but a lot of applications these days already have thousands of configuration settings. Try about:config in Firefox, for instance.

Some system administrators might even choose to have such work-arounds applied automatically.

An example:

A security issue is found in Apple Quicktime, in combination with Firefox. Before doing anything else, Apple or Mozilla release a work-around patchset for Firefox that just disables the Quicktime plugin in Firefox.

 
Leave a comment

Posted by on 16 July 2007 in patch, security

 

>Remote VNC via SSH tunnel

>Quick tip: To use VNC through an SSH tunnel, make SSH bind to a local port while connecting it to a remote port. Then just connect your VNC master application to the local port.

Setting up an SSH tunnel goes as follows:

ssh -N -Llocalport:remoteip:remoteport intermediate_machine

For example, if you have a remote machine at 10.0.0.1 behind a server some.domain.com you can connect to with SSH, do:

ssh -N -L5900:10.0.0.1:5900 some.domain.com

Press Ctrl-C to kill the tunnel.