Michael Webster on Long White Virtual Clouds has posted a handy guide on how to change vSphere 5’s SSL certificates

I’m hoping that the information in this article will help and encourage more people to change out the default certs (to improve security), and make the process far more reliable and easier to achieve with vSphere 5. This article will focus on successfully changing the default VMware SSL certificates on ESXi 5 hosts with CA signed certificates using a Microsoft CA (it will also work with public and OpenSSL CAs, but I have not tested it yet).

The Guardian tosses a beautifully written review at the Daily Mail over a story called “Rightwingers are less intelligent than left wingers, says study”.

The Mail’s report went on to detail the results of a study carried out by a group of Canadian academics, which appears to show some correlation between low childhood intelligence and rightwing politics. It also claimed that stupid people hold rightwing views in order to feel “safe”. Other items they hold in order to feel safe include clubs, rocks and dustbin lids. But those are easy to let go of. Political beliefs get stuck to your hands. And the only way to remove them is to hold your brain under the hot tap and scrub vigorously for several decades.

As you might expect, many Mail Online readers didn’t take kindly to a report that strived to paint them as simplistic, terrified dimwits. Many leapt from the tyres they were swinging in to furrow their brows and howl in anger. Others, tragically, began tapping rudimentary responses into the comments box. Which is where the tragi-fun really began.

Charlie Brooker, the author, is a comedian fast becoming part of my required Monday reading. He runs a weekly slice of The Guardian. Here’s a recent piece he wrote on privacy and the risk of social networks

When Sony launched the Walkman back in the late 70s, its main appeal was that for the first time in history you could stroll down the high street listening to Neil Diamond belting out Sweet Caroline and no one could judge you for it. It made you the master of a private world of music. If the Walkman had, by default, silently contacted your friends and told them what you were listening to, not only would no one have bought a Walkman in the first place, its designers would have been viewed with the utmost suspicion.

In June of 2010 I wrote about upgrading the iPhone on Linux. I just noticed a report (CVE-2012-0065) that there is no boundary specified in the “SerialNumber” field of usbmuxd (USB multiplexor daemon for iPhone) in the “receive_packet()” function (libusbmuxd/libusbmuxd.c), as shown in a recent update and diff on git.marcansoft.com

diff --git a/libusbmuxd/libusbmuxd.c b/libusbmuxd/libusbmuxd.c

index e06ee61..98e92df 100644 (file)

--- a/libusbmuxd/libusbmuxd.c
+++ b/libusbmuxd/libusbmuxd.c
@@ -189,7 +189,7 @@ static int receive_packet(int sfd, struct usbmuxd_header *header, void **payload
                                char *strval = NULL;
                                plist_get_string_val(n, &strval);
                                if (strval) {
-                                       strcpy(dev->serial_number, strval);
+                                       strncpy(dev->serial_number, strval, 255);
                                        free(strval);
                                }
                                n = plist_dict_get_item(props, "LocationID");

It could lead to a heap-based buffer overflow. Not all versions are affected. RedHat indicates the flaw was introduced after 1.0.5 last July along with plist-based support. That’s why Canonical shows Ubuntu 10 as not-affected but 11 needs a patch.