Posts

Posted on

AIX Most secure OS? Think not.

IBM’s Xforce published their new 2008 annual report. In it they had this chart:
xforce2008

Surprising is that IBM put’s one of their own OS’s near the bottom of the list. Some of my opinions are :

1. No one uses AIX that much, so no one looks for holes in the code.
2. Any one who uses AIX, doesn’t have it directly connected to the Internet.
3. It is so cost prohibitive to use, that people are looking at Solaris/Linux or Windows to run their business on.

But the funniest thing about this is the last I used AIX the following were still done on install by IBM:
1. telnet enabled
2. root logins allowed remotely
3. no ssh comes with the OS, you have to install a crappy “linux toolkit”, and then install another 10 different packages to get SSH enabled.
4. No RBAC
5. Syslog configuration does not exist
6. Root does not even have a password on install

Seems to me that IBM needs to fix some fundamental issues with their OWN OS before they can say it is not one of the “Most Vulnerable Operating Systems”.

The funniest issue with this is for MacOSX to be listed at the top, all most all of those require some one to actually run something on the machine with administrative privileges.

Posted on

Courtyard Marriott $10,000 a night?

While looking for a place go to for a holiday, I went to Expedia.com to look for a trip to Clearwater Florida. The Results for the hotel search showed me this:
expediafail

No way I would pay $10,000 a night for a queen bed at a courtyard marriott…

An so I click on the link for the $10,000 a night, here we go:
expediafail2

Posted on

MySQL root password recovery

Quick steps to recovering (aka resetting) the root password on MySQL:

1. Find the PID of the mysql process
ps -aef | grep mysqld
root 11889 11090 0 Jun 10 ? 0:00 /bin/sh bin/safe_mysqld
mysql 11909 11889 0 Jun 10 ? 525:44 /local/mysql-5.0.45-solaris10-i386/bin/mysqld --basedir=/local/mysql-5.0.45-sol


2. Kill the mysql process; kill 11909 Make sure not to use a -9…
3. Create a file that the user that runs mysql can access; and place in it the following:

UPDATE mysql.user SET Password=PASSWORD('FozzyBear') WHERE User='root';
FLUSH PRIVILEGES;

4. Start mysql: mysqld_safe --init-file=/path/to/file &
5. Try to connect as root now, if it works, delete the temp file; stop and restart mysql.

Granted, the above can be done by any one who knows the password for the account that MySQL runs under, or has root access to the machine. I usually leave the mysql UNIX account in a locked state, so no one can su to it, so you have to have access to root, to be able to su to it.

Posted on

New fail pictures

Couple of “fails” i saw today….

Would have been nice to see what happened once the snow melted under this jeep today:

Parking Fail

Were are the cops when they are needed:
Multi Car Fail

Posted on

DTV Switch

Now that they have finally set the date, and hopefully won’t move it, we can only expect more video’s like this coming from the various comedy outlets: