Accountability

What to do with your hack attack server logs

Following is a bunch of hack attacks against my server which are trying to exploit the problem identified by the Computer Emergency Reponse Team (CERT) as CA-2003-09 Buffer Overflow in Core Microsoft Windows DLL (also see its CVE entry)

Essentially, my access logs fill up with lines like “SEARCH /x90x02xb1…” (for 32,000 characters), and my Apache configuration has proved very stubborn in filtering them out automatically. So it’s a bit annoying. Plus I don’t like 32KB getting sent to my server unsolicited, in much the way that spam is.

Identity Theft? Why not an instant-audit trail on credit card transactions?

You’d think, with financial fraud costing society about $35 billion last year (that’s over $100 per person), the credit institutions would do more to fix this. While they talk mightily about the fantastic biometric technologies on the horizon, they keep a lot of people employed handling all of this identity fraud and pitching “Identify Theft Solutions”. But they don’t have to. Here’s a breathtakingly simple solution: start having the major credit card companies, as well as the major credit bureaus, register people’s email and SMS addresses.

Syndicate content