I don’t believe it!

I just decided to step away a little bit from being Admin for the biology and focusing my attention more on the studies. For 2 weeks now I did nothing for the servers anymore, just watching it do the scheduled backups and copying them over to my pc every week…

Today the IT department calls me on my mobile, informing me that the server has been taken over by someone and was therefore disconnected from the internet till it is fixed and the vulnerability is patched.

Great!

It turned out that it is an exploit of the Mambo content management system in conbination with php and mySQL that allows any person to run code on a defaced system. Seems that linux is not the “safe haven” of the internet concerning worms and viruses anymore… :(
The more userfriendly it gets, the more vulnerabilities will show up.

For all of you running portals using mySQL and php (e.g. Mambo / Joomla! / WordPress / blogging) , get patches immediately! Anyone using the exploit can gain wwwrun-permissions easily and execute all kinds of shell commands remotely.

Update:
The whole thing is now called a Mambo-worm and it is spreading fast.

Linux/Elxbot is a backdoor for the Mambo vulnerability. It will search on Google for vulnerable targets. Once it infects a computer it will connect to a predetermined IRC server where the attackers will wait and have the possibility to gain access to the infected computer. The attackers may also perform various tasks such as:

* Execute arbitrary commands
* TCP flood
* HTTP flood
* UDP flood
* Search Google for more vulnerable targets
* Portscan

On certain systems it will also download a perl script which will allow the attacker to create a backchannel and spawn a shell on the infected computer with the same privileges as the running webserver.

Because I felt like it I lit myself a cigarette just now.. it was awful! :D

Anyway:
For these cold and wet days there is only one solution to make yourself feel cozy:
Get your favourite cat/human on your lap, hug him/her/it tightly and listen to the music of Jack Johnson, I recommend “Brushfire Fairytales”

…and the day will pass just like that, unnoticed and warm like a hug.

okay, the new term has begun, I have a new job, business as usual.

It’s really interesting that I now sit at work and I percieve it as “relaxing” to be working… compared to the last weeks this little working and studying is a piece of cake. And at least, now my days have structure and order again ;)

back to work, there is a new laptop to work for :)

The current candidate is the VAIO TX1

well, it’s not as sexy as the “835g light, 1cm thick, completely fanless” x505

but almost 8 hours of battery life are also tempting.. . I have to choose between sexiness and functionality. For me, this is extremely difficult.

Talking about reason, IBM/Lenovo has very nice notebooks for students aswell with great battery runtimes. But they don’t really look nice.. in fact, they look incredibly ugly compared to a VAIO and 2 kg are not really “portable”.. and they are not even cheap ;)

Update: SONY is thrown off the throne, Sharp has released the Actius MM20 – running on a Transmeta Efficeon (Transmeta, you know, the company of Linus Torvalds that nobody precisely knows what they are doing…)

It looks quite nice, weighs less than 1kg and costs much less, aaaand:
It goes at 1500 Dollars, that’s 2500 less than the Sony x505 which costs almost 4000.
I guess that’s the end of my days with sony.

Links:
PDF Datasheet
US Homepage

I just hope they’ll also release it in europe… can’t wait to get my fingers on it! :)
And as the processor is made by Transmeta, there shouldn’t be a problem with running linux on it ;)