Hashemian Blog
Web Tools, Financial Markets, Technology
Thursday, August 28, 2008
DNS Vulnerability
While programming is my main focus at my company, one of my side jobs at work is networking. I have no complaints as I'm curious and interested in the inner workings of computer networks. Our IT department handles most of the networking tasks, but I usually find myself getting involved in setting up connectivity in the company. Whether it's a firewall, a router, a reverse proxy, or a DNS server, I find the networking field too fascinating to ignore.
That's why when the latest DNS vulnerability, discovered by Dan Kaminsky, came to light in April 2008, I began investigating our DNS servers to determine the risk factors. Dan's site contains a simple tool to assess the risk and it identified all of our caching DNS servers as vulnerable. A patch from Microsoft took care of our Windows-based DNS servers, but there was also a Fedora server in the mix running an old version of BIND that needed attention. Patching that server would have required upgrading to a newer version of Fedora.
I knew I could buy some time using the safety-in-numbers logic, but today I finally decided to tackle that server and plug the hole. My intention was to install the newest version of Fedora (version 9) on a new hardware and then add a patched version of BIND on top. BIND is a great name server product but it has a large footprint that seems like an overkill as a caching server. There are several other free DNS products out there so I began to look for an alternative.
My search eventually led me to PowerDNS (PDNS) and I decided to give that product a try. After installing Fedora 9 on the server, I downloaded the latest RPM of PNDS and promptly installed it on the server. PDNS comes in two flavors. The authoritative version and the caching version, known as Recursor which is the one I was interested in. The install was a breeze and the configuration was as easy as importing some of the data from the old BIND server and making some quick edits to the recursor.conf file. A server restart to make sure everything is in order, and I had the new caching server up and running, resolving names.
PDNS has been free of the DNS cache poisoning vulnerability for a few years now, and Dan's site confirmed that the new server was indeed running at much safer levels.
There is little doubt that the bad guys are hard at work to poison as many DNS servers as they can get their hands on. If your unpatched servers haven't been targeted yet, it's only a matter of time before they are. Whatever method or product you use to avert this risk, the sooner you do it, the better. As a quick alternative, you can use one of several free and already safe services like the one offered by OpenDNS.com as direct name servers or as forwarders on your caching servers.
dns,dns vulnerability,dns hack,fedora,bind,powerdns,opendns,networks,namedLabels: computers, hackers, networks < DNS Vulnerability>
// posted by rh
Wednesday, August 27, 2008
Online Car Registration Renewal, Finally
It's taken a long time. Perhaps a decade late for the Connecticut Department of Motor Vehicles to carry out some transactions online, but better late than never. While most of the private industry has shifted their operations online, the government is painfully behind on that front. The reasons range from the government being generally slow, to having under-paid technology workers and to shunning change. But change is inevitable and the DMV has finally taken some steps to that end.
When I received my registration renewal papers in the mail a couple of weeks ago as I have for years, I started to reach for my dusty checkbook to write a check and mail it in. that's when I noticed a new section on the paperwork detailing their online renewal service. I thought this was one of those payment processing sites that handle credit card payments on behalf of the government offices and charge an extra fee. But no, this was the real deal. An actual DMV site that handled renewals and accepted credit cards with no extra fees.
It took a mere couple of minutes to take care of the business on the site and I had an email confirmation soon after. The renewal document and sticker followed about a week later. It took them quite a long time to get on with the technology but I'm happy that they finally made it. I just hope that enough people make use of it and there are no major glitches to force them back to the old way. Online payment sure beats writing checks and licking stamps.
dmv,car registration,online paymentsLabels: cars, web < Online Car Registration Renewal, Finally>
// posted by rh
Wednesday, August 13, 2008
Herniated Disc, Six Months Later
It's been nearly 6 months since I was diagnosed with a herniated disc. During that time I have had to make some lifestyle changes, but looking back, the adjustments haven't been as drastic as I might have feared initially. Or perhaps I am now just used to dealing with the condition.
When I was in the throes of the torturous pain, all I could think of was that my life as I knew it had ended. There would no longer be any running, no motorcycle rides, no hiking and no getting in and out of the car without the excruciating pain. Fast forward 6 months and those dramatic changes I was afraid of didn't quite materialize. There has been some changes to be sure. No lifting of heavy objects, no fast running, and occasional pain in the lower back and down the leg to contend with. But with daily exercises, sleeping on a hard surface, and avoiding long periods of sitting, I have been able to reclaim some of the freedom I used to enjoy.
Thankfully, so far I have been able to avoid steroids shots or more drastic measures like surgery. I have done quite a bit of research during this time and realize that many people aren't as fortunate as I have been, but at the same time many others live normal lives with their herniated discs.
As far as I can tell and as explained by my doctor, the herniated mass has probably shrunk with time, relieving the pressure on the spinal cord and affording me more freedom of movement. That is not to say that I am completely pain-free. There are occasional bouts with pain and discomfort which I manage with patience and a few doses of pain killers. But generally, I have resumed a relatively normal life. The prospect of another attack is on my mind every day, but I try not to let it rule over my life.
My approach to my condition has been not to succumb to a state of hopelessness. It's difficult not to, but after accepting the situation, I decided that the best way to manage it was to continue with my activities the best I could. Ditching the bed for a thin pad on the floor has helped. So have daily back exercises and conditioning. As much as I wanted to continue with my running routine, I initially down-shifted to walking. Even that was painful at first, but as time passed I was able to slowly incorporate some jogging in my daily walks until I was ready to completely switch over to jogging. On good days, I would increase the distance to 4 or 5 miles. Currently I'm on alternate days of jogging and walking and that has been relatively steady. I have also learned not push it too far. When there's pain during a jog, I heed my body and slow down to a walk. There's no reason to be stubborn and risk paying a big penalty later on.
The point is that if you are an active person who has suddenly been struck with a herniated disc don't lose hope and wallow in grief too long. It doesn't have to be all or nothing. There's always a middle ground. Accept what has happened and then make the right adjustments to battle your way back. You may never be the same as before, but concentrate on what you can salvage rather than fussing over what has been lost.
herniated disc,back pain,running,walking,joggingLabels: health, running < Herniated Disc, Six Months Later>
// posted by rh
|
Links
Technorati Profile
TMCnet.com
ARCHIVES
09/01/2003 - 10/01/200303/01/2004 - 04/01/200404/01/2004 - 05/01/200405/01/2004 - 06/01/200406/01/2004 - 07/01/200407/01/2004 - 08/01/200408/01/2004 - 09/01/200409/01/2004 - 10/01/200410/01/2004 - 11/01/200411/01/2004 - 12/01/200412/01/2004 - 01/01/200501/01/2005 - 02/01/200502/01/2005 - 03/01/200503/01/2005 - 04/01/200504/01/2005 - 05/01/200505/01/2005 - 06/01/200506/01/2005 - 07/01/200507/01/2005 - 08/01/200508/01/2005 - 09/01/200509/01/2005 - 10/01/200510/01/2005 - 11/01/200511/01/2005 - 12/01/200512/01/2005 - 01/01/200601/01/2006 - 02/01/200602/01/2006 - 03/01/200603/01/2006 - 04/01/200604/01/2006 - 05/01/200605/01/2006 - 06/01/200606/01/2006 - 07/01/200607/01/2006 - 08/01/200608/01/2006 - 09/01/200609/01/2006 - 10/01/200610/01/2006 - 11/01/200611/01/2006 - 12/01/200612/01/2006 - 01/01/200701/01/2007 - 02/01/200702/01/2007 - 03/01/200703/01/2007 - 04/01/200704/01/2007 - 05/01/200705/01/2007 - 06/01/200706/01/2007 - 07/01/200707/01/2007 - 08/01/200708/01/2007 - 09/01/200709/01/2007 - 10/01/200710/01/2007 - 11/01/200711/01/2007 - 12/01/200712/01/2007 - 01/01/200801/01/2008 - 02/01/200802/01/2008 - 03/01/200803/01/2008 - 04/01/200804/01/2008 - 05/01/200805/01/2008 - 06/01/200806/01/2008 - 07/01/200807/01/2008 - 08/01/200808/01/2008 - 09/01/200809/01/2008 - 10/01/200810/01/2008 - 11/01/200811/01/2008 - 12/01/200812/01/2008 - 01/01/2009
|
