RootAdmin.co.uk

Recent versions of Cisco IOS Software support RFC4893 (“BGP Support for Four-octet AS Number Space”) and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates.

These vulnerabilities affect only devices running Cisco IOS Software with support for four-octet AS number space (here after referred to as 4-byte AS number) and BGP routing configured.

The first vulnerability could cause an affected device to reload when processing a BGP update that contains autonomous system (AS) path segments made up of more than one thousand autonomous systems.

The second vulnerability could cause an affected device to reload when the affected device processes a malformed BGP update that has been crafted to trigger the issue.

Cisco has released free software updates to address these vulnerabilities.

No workarounds are available for the first vulnerability.

A workaround is available for the second vulnerability.

This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml.

Affected Products

These vulnerabilities affect only devices running Cisco IOS and Cisco IOS XE Software (here after both referred to as simply Cisco IOS) with support for RFC4893 and that have been configured for BGP routing.

The software table in the section “Software Versions and Fixes” of this advisory indicates all affected Cisco IOS Software versions that have support for RFC4893 and are affected by this vulnerability.

A Cisco IOS software version that has support for RFC4893 will allow configuration of AS numbers using 4 Bytes. The following example identifies a Cisco device that has 4 byte AS number support:

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#router bgp ?
  <1-65535>    Autonomous system number
  <1.0-XX.YY>  4 Octets Autonomous system number

Or:

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#router bgp ?
  <1-4294967295>  Autonomous system number
  <1.0-XX.YY>     Autonomous system number

The following example identifies a Cisco device that has 2 byte AS number support:

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#router bgp ?
  <1-65535>  Autonomous system number

A router that is running the BGP process will contain a line in the configuration that defines the autonomous system number (AS number), which can be seen by issuing the command line interface (CLI) command “show running-config”.

The canonical textual representation of four byte AS Numbers is standardized by the IETF through RFC5396 (Textual Representation of Autonomous System (AS) Numbers). Two major ways for textual representation have been defined as ASDOT and ASPLAIN. Cisco IOS routers support both textual representations of AS numbers. For further information about textual representation of four byte AS numbers in Cisco IOS Software consult the document “Explaining 4-Byte Autonomous System (AS) ASPLAIN and ASDOT Notation for Cisco IOS” at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/white_paper_c11_516829.html

Cisco IOS Software with support for RFC4893 is affected by both vulnerabilities if BGP routing is configured using either ASPLAIN or ASDOT notation.

The following example identifies a Cisco device that is configured for BGP using ASPLAIN notation:

router bgp 65536

The following example identifies a Cisco device that is configured for BGP using ASDOT notation:

router bgp 1.0

To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to “Cisco Internetwork Operating System Software” or “Cisco IOS Software.” The image name displays in parentheses, followed by “Version” and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output.

The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L:

Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 17-Mar-08 14:39 by dchih

The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M:

Router#show version
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 10-Jul-08 20:25 by prod_rel_team

The following Cisco products are confirmed not vulnerable:

• Cisco IOS Software not explicitly mentioned in this Advisory
• Cisco IOS XR Software
• Cisco IOS NX-OS

No other Cisco products are currently known to be affected by this vulnerability.

ObtainingFixed Software

Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco’s software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.

Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.

So your phones got wifi and blue tooth,  need to know the blutooth device address or your wlan mac address?

*#2820# (*#BTA0#) – This will display the Bluetooth device address for your Nokia

*#62209526# (*#MAC0WLAN) – This will show you the MAC address of the WLAN adapter on your nokia

Well as HTML 5 is not yet a standard, heres some brief info on it

“HTML 5 is the next major revision of HTML (“hypertext markup language”), the core markup language of the World Wide Web. Its first draft appeared on January 22, 2008.

HTML 5 is the next advancement of both HTML 4.01 and XHTML 1.0, as development on the next version of the latter has been ceased. HTML 5 was initially said to become a game-changer in Web application development, making obsolete such plug-in-based rich Internet application (RIA) technologies as Adobe Flash, Microsoft Silverlight, and Sun JavaFX.^[1] Such applications would be made obsolete by specifying a standard video codec for all browsers to use. However, in July 2009, the editor of the burgeoning draft specification dropped the recommendation of the free software Theora and Vorbis codecs, after opposition from Apple and Nokia. This means HTML 5 does not currently specify a common video codec for Web development.^[2]

The ideas behind HTML 5, originally referred to as Web Applications 1.0, were pioneered in 2004 by the Web Hypertext Application Technology Working Group (WHATWG); HTML 5 incorporates Web Forms 2.0, another WHATWG specification. The HTML 5 specification was adopted as the starting point of the work of the new HTML working group of the W3C in 2007. The working group published the First Public Working Draft of the specification on January 22, 2008.^[3] The specification is an ongoing work, and is expected to remain so for many years, although parts of HTML 5 are going to be finished and implemented in browsers before the whole specification reaches final Recommendation status.^[4] The editors are Ian Hickson of Google, Inc. and David Hyatt of Apple, Inc.^{[3]” – http://en.wikipedia.org/wiki/HTML_5}
You can read the draft standard for HTML 5 at http://dev.w3.org/html5/spec/Overview.html

Well its 1:53 am GMT at the momment and im trying to get on to the snort.org and sourcefire.com websites, it would appear the lights are out and no one is at home. Getting error messages when trying to connect. Tried my ISP, my 3g stick and my mobile phone,  none of which can connect.

Wonder if its a new site launch or if its just tech problems? hmmm Interesting

I’ll dig around and see what I can find

Its official, Windows seven is now no longer RC, its RTM!  In a post by Brandon LeBlanc over at the windowsteamblog.com he says

“I am pleased to announce that Windows 7 has RTM’d!

As I mentioned previously, RTM officially happens only after sign-off occurs. What happens is a build gets designated as a RTM contender after going through significant testing and meeting our quality bar for RTM. Then, it goes though all the validation checks required for RTM including having all languages of that build completed. If all the validation checks have passed – sign-off for RTM can occur. Today after all the validation checks were met, we signed off and declared build 7600 as RTM.

Not only is RTM an important milestone for us – it’s also an important milestone for our partners. Today’s release is the result of hard work and collaboration with our partners in the industry to make Windows 7 a success. We delivered Windows 7 with a predictable feature set on a predictable timetable that allowed OEMs to focus on value and differentiation for their customers.

Our customers told us what they want (and expect) and we defined those specific experiences and then built features to support them (like HomeGroup and the Windows Taskbar enhancements). Our customers also told us that “fundamentals” on both the hardware and software side was extremely important. Windows 7 today runs great on the broadest array of hardware types ranging from netbooks to high-end gaming machines. We worked closely with OEMs so that their PCs delight customers with the new features in Windows 7.

Of course, today’s release is also the result of the amazing amount of feedback we received from the millions of people who tested Windows 7 – from Beta to RC. We actually had over 10 million people opt-in to the Customer Experience Improvement Program (CEIP). That’s a lot of people opting in to help us make Windows 7 a solid release.”

Over 60 open-source companies and organizations have established Open Source for America.

OSA have 4 Principles which are

“Open Source for America and its members agree to the following founding principles.

1. While respecting the right of every developer to choose the license that it believes best reflects its desires and needs, we support the four freedoms in the Free Software Definition.

1. • The freedom to run the program, for any purpose (freedom 0);
   • The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this;
   • The freedom to redistribute copies so you can help your neighbor (freedom 2); and
   • The freedom to improve the program, and release your improvements (and modified versions in general) to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.

2. We applaud the commitment of the Administration to make the U.S. Federal government more transparent, participatory, secure, and efficient, and urge the U.S. Federal government to pursue this goal by leveraging the advantages of free and open source software.

3. We believe that the community can drive collaborative innovation in the U.S. government space, resulting in greater efficiencies and national competitiveness.

4. We believe the decision to use software should be driven solely by the requirements of the user, and not by a mandate for a particular brand, vendor, or development model.”

On the OSA board we have some big players including

Mark Shuttleworth – The creator of Ubuntu

Eben Moglen, – GPL Legal

Jim Zemlin – Linux Foundation executive director

and  Michael Tiemann -  Red Hat’s vice-president of open-source affairs

The OSA’s Founding Members are:

Word has it that the Draft 11.0 standard for 802.11n produced by IEEE Task Group n – aka TGn may now be the final version of the stanard that could now be submitted to IEEE for ratification potentially later this month – This is good news because now we can maybe look at 802.11ad, designed to deliver even speeds- Gigabit speeds in the 60GHz band.

Chop Chop – get on with it!

Users have seen that Mysql.com has been down since about 5am Pacific time today, apparently this is because of major power outage at Uppsala Sweden where their servers are located. Its appears to be affecting www.mysql.com, dev.mysql.com, bugs.mysql.com, and forum.mysql.com

MySql was aquired last year by SUN, SUN might be getting aquired by Oracle. I wonder what will happen with MySQl is Oracle do aquire SUN.

As the UK has gone silly with the amount of cameras in the uk with Det Ch Insp Mick Neville of the Met police’s CCTV unit calling for no more camera’s saying “What I would say is we’ve got enough cameras, let’s stop now, we don’t want any more cameras.

he continues by saying “Let’s invest that money that’s available and use it for the training of people, and the processes to make sure whatever we’ve captured is effectively used.”

for more information see http://news.bbc.co.uk/1/hi/uk/8158942.stm

these guys took 24 256GB Samsung MLC SSD’s and put them in RAID to make this awesome computer!
YOU HAVE TO CHECK THIS OUT!

*should have mentioned i saw this on YaManicKill’s blog over at http://alimckinlay.110mb.com/ – all kudos to him