spread the dot jenett.radio.randomizer - click to visit a random Radio weblog - for information, contact randomizer@coolstop.com

Cox Crow

Asking the Stupid Questions Since 1971
 Friday, September 12, 2003

Water Leaking through the Duct Tape

So the minimally competent programmers in the code mines of Redmond forgot to check another buffer. Swell. So some ISPs have blocked the ports used for the Microsoft RPC services involved, which leads Jon Udell talks about folks blocking tcp/135 and the subsequent loss of network neutrality. In the course of the article he mentions RPC-over-HTTP.

I don't agree with Internet access providers' blocking ports. It just causes the problem to move to another port. SOAP, RPC-over-HTTP, and other crap use HTTP as a transport because HTTP ports are assumed to be readily available. And they use HTTP because they can: the Internet Protocol is just that flexible. Besides, you can always capture some eyeballs to encourage patching.

On the other hand, I don't like the RPC portmapper, whether OSF DCE/Microsoft's or Sun's, because it's a pain-in-the-ass to secure. For one thing, it exposes too much information about a host. For another, the portmapper points to services that listen on arbitrary ports. That's its role. It's necessary because those services are available on arbitrary ports. Since the ports are abitrary, I can't block them at a lower level — I don't know where they will manifest themselves. I have to trust that they'll secure themselves.

Something which, as Microsoft has so adequately demonstrated over the past few weeks, they do not do.

2:02:22 PM # Google It!
categories: Security

Holey Broadcast, Batman!

CED Broadband Direct, Plug-and-play leaves "analog hole" open, and broadcast flag hanging:

"We concluded that, at this time, a flat ban on selectable output control is necessary in light of the extreme consequences of a (cable or DBS system's) use of that tool," Republican commissioner Kathleen Abernathy said.
"I plan to deliver to my colleagues a draft decision on the broadcast flag proceeding in the very near future," [Chairman Michael] Powell said. "All affected parties should be aware that this proceeding is in the on-deck circle."

10:42:02 AM # Google It!
categories: Media