17 Oct 2000 jfs   » (Journeyer)

Another day at work.... I have for the moment been able to post a new notice in barrapunto (spanish version of slashdot) regarding Microsoft's latest and worst client vulnerability. If someone told you that NetBIOS and SMB was secure, you will think it twice after reading bugtrack and Network Security Focus. announce. I tackled smbclient's sources, but was unable to properly code an exploit, alas, the Nsfocus team posted an exploit last monday (which worked perfectly BTW).

I find it fun that I can work with Debian GNU/Linux 100% of the time and contribute with bug reports (for example xfig strange, but at the same time, understandable behavior with WMaker, description here, and make new packages. I have just submitted to the upload queue:

  • libexpect-perl_1.08-1_all.deb
  • libio-stty-perl_0.02-1_all.deb
  • libio-tty-perl_0.04-1_i386.deb
  • libnet-snmp-perl_3.6-1_all.deb

Taken from CPAN, which I needed in order to make Vlad work. BTW there are a lot of CPAN packages, someone should try to check automatically which are not yet packaged in Debian.

I'm seriously thinking on joining Debian's security team, since I keep track of bugtrack now (spend at least 1h a day reading advisories) they are overloaded, and I find it fun to play with the source in order to find a reasonable exploit... Another good thing of my work is that you need to learn a lot (I read yesterday an article on buffer overflow, wirtten by mixter, boy was it good!)

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!