Archiv der Kategorie: English

Posts in English

Quick Fix for Firefox 2.0.0.17 Bug #456705: Crash on SSL Connect

English, , , , , , , , , , ,

[Get only posts in English]

After updating to 2.0.0.17, Firefox crashes if the FoxyProxy extension is installed. This renders the browser virtually useless. You won’t even be able to install the update that fixes this issue once there is one, since Firefox‘ automatic update function does, of course, use SSL. Some of the links in this post also point to HTTPS URLs, so if you are reading this post using Firefox because you have this problem, read to the end but don’t click anywhere.

To fix this issue and get Firefox to work again, you’ll have to uninstall the FoxyProxy extension before accessing any HTTPS URL. If Firefox is configured to start with a blank or non-SSL page and you do not want to restore a session containing HTTPS pages, you can probably do so from within Firefox. Go to Tools -> Add-ons, select FoxyProxy in the list that opens, and uninstall. Or is disabling FoxyProxy sufficient? Please leave a comment if you tried; I didn’t.

If Firefox for some reason tries to load an HTTPS page automatically when it starts, you will have to edit your Firefox profile. On Windows, profile data are usually found under C:\Documents and Settings\<your username>\Application Data\Mozilla\Firefox\Profiles\<random name>\. Note that Documents and Settings and Application Data may be named differently in localised versions of Windows. Under MacOS X the profile is stored under /Users/<your username>/Library/Application Support/Firefox/Profiles/<random name>, and on a Unix-style system such as Linux or *BSD you will probably find the path to you profile somewhere under your home directory. If you see a recently edited file named bookmarks.html, and the file contains your bookmarks, you found the right place.

Inside the profile directory you should see a subdirectory extensions and inside, one or more subdirectory. Find the one containing FoxyProxy, it will probably be named foxyproxy@eric.h.jung. Delete this subdirectory, or better move it elswhere just in case you made a mistake.

Now start Firefox again.

See also: Ubuntu Bug #274065; mozdev.org: FoxyProxy crashes Firefox 2.0.0.17 on shutdown; Firefox Support Forum: Firefox 2.0.0.17 crashes with foxyProxy 2.8.5, Bug #456705.

Update 2008-09-29: New versions of FoxyProxy are available. Installing version 2.8.6 or newer should fix the issue. The latest version is 2.8.8 now. If you haven’t updated your browser yet, it would be wise to update the extension first.

Interim Report on BA038 Accident

English, Safety, , , , ,

[Get only posts in English]

The U.K. Air Accidents Investigation Branch (AAIB) has published an Interim Report on the Accident to Boeing 777-236ER, G-YMMM at London Heathrow Airport on 17 January 2008, better known as the BA038 crash. As I mentioned before, aviation accident investigations are time-consuming. 8 months after the crash they are not finished yet, but they have an idea what the cause might have been. Their summary:

»The investigation has shown that the fuel flow to both engines was restricted; most probably due to ice within the fuel feed system. The ice is likely to have formed from water that occurred naturally in the fuel whilst the aircraft operated for a long period, with low fuel flows, in an unusually cold environment; although, G-YMMM was operated within the certified operational envelope at all times. (…)«

The report goes on discussing the issue and warns that other types of aircraft may be affected as well.

TAIC-PART Snippets

English, Forschung, Fundbüro, Unterwegs, , , ,

[Get only posts in English]

Besides taking place in a marvelous location, the TAIC-PART conference was also an inspiring and stimulating event. Here are a few snippets that I took away from it apart from the proceedings:

  • Les Hatton’s keynote, at the beginning of the conference, contained a few interesting figures. His slides are available on the Web. Slide #5 looks into the size of contemporary language specifications, and slide #10 tells a day in the life of a mail server in terms of the numbers of messages received in various categories.
  • Paul Gerrard presented a paper on Test Axioms as Thinking Tools, which is also being discussed in his blog.
  • Entirely new to me was the idea of test case prioritization, which Gregory Kapfhammer seems to work on. Might be useful in security testing as well.
  • For those who need samples for research, there are datasets and repositories:

Cumberland Lodge

English, Off Topic, Unterwegs, Zeitmaschine, , , ,

I wouldn’t go so far as to say the location is the best aspect of TAIC-PART, but it clearly contributes to the overall experience. Located in the Windsor Great Park and built on ground once appropriated from the crown by Oliver Cromwell, Cumberland Lodge is full of references to British history. Today as a conference venue it provides you with a quiet place free from distractions as well as a number of topics for smalltalk unrelated to the subject of the conference.

Cumberland Lodge weiterlesen

Design by Committee

English, ,

Just a quick quote & link:

»Finally, some of the OMG’s early object services specifications, such as the life cycle, query, concurrency control, relationship, and collection services, were not only complex, but also performed no useful function whatsoever.«

(Michi Henning: The Rise and Fall of CORBA)

This quote is from a really good article, which analyzes how and why CORBA failed. I’m glad I never wasted any time on CORBA.

Protect Yourself from Earthquakes and Tsunamis

English, Safety, , , ,

[Get only posts in English]

To make your holidays safer, the German Research Centre for Geosciences (GFZ) has published information on earthquakes and tsunamis, comprising:

Most of their recommendations may seem like common sense, but even simple measures are easily forgotten if one is used to living in low-risk areas.

Black Hat EULA Enforcement

DRM, English, Geschäft, Nebenwirkung, Security, ,

What is the purpose of antivirus companies? They produce tools to detect and remove malicious software on a large number of computers. Their basic process is pretty simple. They collect samples of new malicious software from various sources, including the general public. You, too can send a piece of software to antivirus companies if you suspect it might be malicious. Each sample will be analyzed by the antivirus company. If it really is malicious, a signature will be produced and disseminated to all users of the company’s products through an automated mechanism. After receiving the new signature, antivirus software is capable of detecting the new malicious software and often also stopping it from working in one way or the other.

Sounds innocent, but the bad guys discovered this might be a suitable infrastructure to enforce end-user license agreements. If you rent a botnet and fail to comply with its operators‘ terms, they threaten to forward your bot to antivirus companies. I really like that idea, although I see a couple of pitfalls here, as do the guys who originally reported this.

What is security testing?

English, Security, Unterwegs, ,

[Get only posts in English]

The Sectest08 workshop, which I attended today, was of typical workshop size, so my plan to use the flipchart rather than PowerPoint did work out well.

The Keynote speaker, David Litchfield, gave a pretty good introduction into the kind of security testing that he is doing—bug-hunting of various kinds. He included a live presentation of format string vulnerabilities, presented the notion of surety for what might be missed by the too formal approaches to security and described security testing as exploring interesting avenues and evaluating implications. His talk pretty much covered the issues and topics of my own world of security testing. He embraced the idea that (this type of) security testing might be an art, claiming that the bug-hunting type of security testers were often also into artistic activities such as painting or photography and that teams of testers would work best if they included scientific and artistic types of persons. What is security testing? weiterlesen

20 Layers of Security … and One Attack Vector

English, Security, , , , , ,

[Notice for our international readers]

I knew the TSA blog would yield something for me right when they started it. I didn’t expect this to happen so soon, though. Today they proudly present their 20 layers of security. Twenty! The TSA has twice as many layers of security as the average U.S. worker gets paid vacation days. This is impressive. Look at their diagram for a while (slightly larger version here). Impressive, marvelous, rainbow-colored, magnificent, fantastic. 20 Layers of Security … and One Attack Vector weiterlesen

Phishers now keeping track of state?

English, Phishing, Security, ,

[Notice for our international readers]

Yesterday I received this phishing mail:

To: ****@********
Date: Wed, 19 Mar 2008 10:49:50 +0000
From: Wachovia Connection banking Consumer support <news@wachovia.com>
Subject: Wachovia Connection Web application security

Dear Wachovia Connection Bank Customer:
Due to the emergency situation with our server room and the closing of
the New Orleans Branch of the Federal Reserve, Wachovia Connection
Bank is presently unable to process wire transfers. Therefore we are
asking that customers please refrain from initiating wire transfer
requests through Wachovia Connection until further notice. All wires
initiated before 12:30 PM CDT will be processed; however, there may be significant delays in doing so.

IMPORTANT: All customers must validate personal information.

(...)

and today, a followup message reminding me: Phishers now keeping track of state? weiterlesen

Friday the 13th – End of the World?

English, Forschung, Fundbüro, Risiko, Safety, ,

Not quite, but with a 1-in -300 chance the end of certain lifeforms on the surface of this planet:

»You may want to put this date in your diary: April 13, 2029. It’s a Friday. Friday the 13th. This is the day, Nasa announced four years ago, on which the Earth is most likely to be struck by a civilisation-destroying asteroid.«

(The threat to Earth from space is minimal – Times Online, via)

Time to un-quit smoking?