The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,444 other followers

Archive for December 4th, 2018

Update NOW! CVE-2018-1002105, with root access. ​Kubernetes’ first major security hole discovered | ZDNet

Posted by jpluimers on 2018/12/04

From [WayBack] ​Kubernetes’ first major security hole discovered | ZDNet in reverse order:

Fortunately, there is a fix, but some of you aren’t going to like it. You must upgrade Kubernetes. Now. Specifically, there are patched version of Kubernetes [WayBackv1.10.11,  [WayBack] v1.11.5, [WayBackv1.12.3, and [WayBackv1.13.0-rc.1.

[WayBack] Red Hat said, “The privilege escalation flaw makes it possible for any user to gain full administrator privileges on any compute node being run in a Kubernetes pod. [WayBackThis is a big deal. Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall.”

And the bug, [WayBackCVE-2018-1002105, aka the Kubernetes privilege escalation flaw, is a doozy. It’s a [WayBackCVSS 9.8 critical security hole.

Via [WayBack] ​Kubernetes’ first major security hole discovered | ZDNet – Ondrej Kelle – Google+

–jeroen

Posted in Cloud, Containers, Docker, Infrastructure, Kubernetes (k8n), Power User, Security | Leave a Comment »

Uptime Robot on Twitter: “Sorry all that the API and status pages fluctuated since the last 18 hours. The issue is completely fixed and it is all back to normal now.”

Posted by jpluimers on 2018/12/04

[WayBackUptime Robot on Twitter: “Sorry all that the API and status pages fluctuated since the last 18 hours. The issue is completely fixed and it is all back to normal now.”

[WayBackJeroen Pluimerson Twitter: “Some are still broken, especially the ones with IDs 778601760 778601763 778601765 778601777 778601814 779973649 779677530 779677532 All of them reachable through various ISPs, but UpTimeRobot marks them down since about 11 hours”

See:

Failing:

Edit 20181205

Found out what happened: the IP got blocked on some spam lists. This is odd:

Even though the SMTP server behind it has relay blocked apart from the 2 domains it is primary MX for, somebody found a trick around it, I think by sending mail to the primary domains that

  1. are not caught yet by the installed backlist filters
  2. later bounce when forwarded to their forward address because their blacklist filters are by now more up-to-date,
  3. then the bounce email being flagged as SPAM.

MXTOOLBOX

The trick caused the IP to appear on 3 blacklists according to MXTOOLBOX:

Blacklist Reason TTL ResponseTime
 LISTED CBL 80.100.143.119 was listed  Detail 806 0 Ignore
 LISTED Hostkarma Black 80.100.143.119 was listed  Detail 805 0 Ignore
 LISTED Spamhaus ZEN 80.100.143.119 was listed  Detail 300 281 Ignore

Checking these revealed all to be around CBL:

CBL:

This IP address was detected and listed 6 times in the past 28 days, and 0 times in the past 24 hours. The most recent detection was at Tue Dec 4 02:25:00 2018 UTC +/- 5 minutes

Hostkarma Black:

Your reverse DNS is correct! – snip.xs4all.nl
The IP address for the reverse lookup name matches the original IP – RDNS Information

This is a list from our log files showing the activity from IP address 80.100.143.119. Our system stores information for 4 days.


/ip-log/karma.log.06:black 80.100.143.119 auth-bad ID=79648-15207 X=mxbackup H=snip.xs4all.nl [80.100.143.119]:40353 HELO=[[127.0.0.1]] SN=[M.ASMMSS.06446644586518723606@terrain.gov.harvard.edu] AUTH=[antonio] T=[irena.getheridge2018@outlook.fr] S=[Re: RcPT[(ALERT) | 0644664458]]

Spamhaus ZEN:

80.100.143.119 is not listed in the SBL

80.100.143.119 is not listed in the PBL

80.100.143.119 is listed in the XBL, because it appears in:

dnsbl.spfbl.net

Further research also found an entry in dnsbl.spfbl.net:

Check result of IP 80.100.143.119

This is the rDNS found:

This IP was flagged due to misconfiguration of the e-mail service or the suspicion that there is no MTA at it.


For the delist key can be sent, select the e-mail address responsible for this IP:

  • add a PayPal user’s email for 6.00 BRL.
  • add a PayPal user’s email for 1.50 USD.
  • <abuse@xs4all.nl> qualified.
  • <postmaster@snip.xs4all.nl> qualified.
  • <postmaster@xs4all.nl> qualified.

The rDNS must be registered under your own domain. We do not accept rDNS with third-party domains.

A chicken-and-egg situation here: since snip.xs4all.nl is blocked because of the blacklist entry, I cannot request a validation email for the blacklist entry.

But then there was MultiRBL showing that most DNS black lists are aggregators of others.

jeroen

Read the rest of this entry »

Posted in Uncategorized | Leave a Comment »

Trying to get golang working on a new system I learned a few things…

Posted by jpluimers on 2018/12/04

From a G+ post a while ago, but they still hold after seeing much more golang projects: [WayBack] Trying to get golang working on a new system I learned a few things today: … – Jeroen Wiert Pluimers – Google+

This is too bad as it indicates a lot of golang programmers are not that aware of maintaining projects for the longer term, nor about the real meaning of cross platform over time.

  • many golang developers have a hate relationship towards non-standard systems, especially Windows, likely because history has not proven to them yet that systems over time are distinctly different, even in the same family of operating systems
  • much golang tooling radiate “showing progress or logging is for whimps, it it takes time, wait, or watch a process monitor like ps, task manager or activity monitor), like for instance this issue that has been open for a year https://github.com/golang/dep/issues/1001 [WayBack]
  • few golang developers understand that there are older versions of make (especially the Borland one) with different syntaxes. The ones that do not, sort of get mad, failing to understand developing software is 80+% maintenance, meaning keeping old stuff around so you are sure you can build things depending on that old stuff.
  • many of the Makefile entries are filled with bashisms which makes it hard to use with different shells

Fun: [WayBack] Capitalization of GoLang should actually be golang. It’s also not automatic… | Hacker News

–jeroen

Posted in Development, Go (golang), Software Development | Leave a Comment »

Hi there. Is it possible to get RTTI information for IDE “built-in” classes …

Posted by jpluimers on 2018/12/04

For my link archive: [WayBack] Hi there.Is it possible to get RTTI information for IDE “built-in” classes with an OTA Wizard?Let’s say I create a TRttiContext object in my wizard…. – Fl Ko – Google+

Here is an IDE explorer that helps: [WayBack] GitHub – DGH2112/Delphi-IDE-Explorer: A RAD Studio IDE wizard / expert / plugin that allows you to browser the internal fields, methods, properties and events of the IDE.

–jeroen

Posted in Debugging, Delphi, Development, Software Development | Leave a Comment »

Mac OS X/MacOS: Capturing yourself in Photo Booth without being mirrored

Posted by jpluimers on 2018/12/04

Quite a while back I wrote [WayBackViewing an USB camera on Mac OS X without mirroring.

I still use the solution Quick Camera mentioned there, but also found a solution that works with the Photo Booth application:

Just made a QTZ to counteract the annoying mirror-image which is considered “normal” in Photo Booth. I borrowed a patch from the “Effect.qtz” which is located inside the Photo Booth.app, and I edited it in Quartz Composer . Please note that this will NOT affect the mirror-image which occurs using other effects; they will STILL be mirror images of your subject.

This patch fixes the preview, photos AND video. This patch fixes the SOURCE of the video, not the resulting output images.

[WayBackUN-MIRROR yourself in Photo Booth – patch | MacRumors Forums

Steps to manually create the Quartz file are at [WayBackCamera question: Why is the camera a mirror effect? | Mac Forums

So I learned about Quarts Composer and composition plugins which are basically a visual programming language:

This is unlike another QC that got killed.

–jeroen

[WayBackpicture-2-png.195665 (1314×897)

Read the rest of this entry »

Posted in Apple, Mac OS X / OS X / MacOS, Power User | Leave a Comment »

 
%d bloggers like this: