To reduce the database size and server load, all articles from 2004 or earlier are archived here.
- December 2004 (52)
- November 2004 (33)
- October 2004 (54)
- September 2004 (43)
- August 2004 (41)
- July 2004 (57)
- June 2004 (82)
- May 2004 (53)
- April 2004 (45)
- March 2004 (49)
- February 2004 (40)
- January 2004 (46)
- December 2003 (44)
- November 2003 (48)
- October 2003 (57)
- September 2003 (45)
- August 2003 (54)
- July 2003 (62)
- June 2003 (46)
- May 2003 (47)
- April 2003 (51)
- March 2003 (63)
- February 2003 (69)
- January 2003 (72)
- December 2002 (63)
- November 2002 (70)
- October 2002 (72)
- September 2002 (73)
- August 2002 (41)
- July 2002 (39)
- June 2002 (19)
- May 2002 (3)
- April 2002 (1)
Sat, 25 Jan 2003
Microsoft SQL Server vulnerability
Microsoft SQL Server 2000 contains a vulnerability that allows remote attackers to create a denial-of-service condition between two Microsoft SQL servers. This was responsible for a widespread internet slowdown earlier today.
Description
The SQL Server Resolution Service (SSRS) was introduced in Microsoft SQL Server 2000 to provide referral services for multiple server instances running on the same machine. The service listens for requests on UDP port 1434 and returns the address and port number of the SQL server instance that provides access to the requested database.
In addition to providing referrals, the SSRS is capable of replying to "ping" messages from other SQL servers to confirm its presence on a network. When the service receives such a message, it replies to the transmitting host with an identical reply message. In normal operation, the SSRS service is responsible for replying to ping messages sent by an SQL Server and does not initiate them. However, an attacker can create a forged ping message to one instance of the SSRS (Victim A, port 1434) that appears to originate from another instance (Victim B, port 1434), causing Victim A and Victim B to continuously exchange messages. This cycle will continue to consume server and network resources until one of the servers stops sending packets for one of several reasons, including a restart of the SQL Server, a reboot of the server host, or a network failure.
This vulnerability allows remote attackers to initiate a denial-of-service attack between two affected servers.
Solution
Microsoft has published Security Bulletin MS02-039 to address this vulnerability. For more information, please see
http://www.microsoft.com/technet/security/bulletin/MS02-039.asp
As a workaround, system administrators can use a firewall to block port 1434/udp at an appropriate network border, thus preventing external attackers from exploiting this vulnerability.
For more information, visit http://www.kb.cert.org/vuls/id/370308.
This is yet another reason to use alternatives such as MySQL.
Code your way to world domination!
Sillysoft announces the LuxAgent SDK and Lux version 1.3. Lux brings the classic game of world domination to the modern age. Put your strategery to the test against ten different enemy agents on over a billion different worlds!
Everyone has taken over the world by utilizing the tried and tested point-and-click method, but now there's another way. Sillysoft is proud to introduce the LuxAgent SDK, with everything you need to code your own AI for Lux.
The SDK includes detailed API documentation as well as the full source code of all the agents that ship with Lux. This example code is licensed under the GNU GPL. (The programming language used is Java).
The SDK can be found at http://sillysoft.net/LuxAgentSDK.php
To accompany the SDK, Sillysoft has also released version 1.3 of Lux. In addition to supporting third-party AI's, version 1.3 introduces multiple board themes (with instructions to make your own), a record book, and a fresh 20 game trial period.
Lux is being distributed as shareware. The demo version is limited to 20 games.
Registration costs $10 US.
Details and screenshots are available at http://sillysoft.net.
Or download Lux directly from http://sillysoft.net/Lux.dmg
(mirror: http://www.cs.mcgill.ca/~dsacks/Lux.dmg)
Terragen for Macintosh
The first public beta of Terragen, a high-quality photorealistic landscape generator, is now available for Mac OS X and MacOS 9 with CarbonLib.
Terragen for Macintosh has some unique features that the PC version does not. Some of these features will likely make their way into the PC version at some point in time, but many of them will remain unique to TG Mac. For more information on what Terragen can do in general, please visit the official Terragen website.
Terragen for Macintosh takes advantage of QuickTime, OpenGL, AltiVec, and AppleScript.
For more information and to sign up for the public beta, visit http://www.planetside.co.uk/terragen/mac/index.html.
Apple iLife Delayed Until Next Week
Although not officially acknowledged by Apple yet, iLife has been delayed until next week (possibly February 1st). iPhoto 2 and iMovie 3 downloads have also been postponed until later on as well. Speculation has it that Apple will release Mac OS X 10.2.4 first. (The new OS is already installed on new shipping PowerBook G4 12").