Solaris 10,11 telnet 0-day vulnerability

How long does it take to remotely hack fully patched Solaris 10 installation with telnet enabled? As long as it takes to type this simple standard system command:

telnet -l"-fusername" host

i.e.

telnet -l"-fbin" solaris10-server

or

telnet -l"-fsys" 127.0.0.1

Yeh, it's that simple. Here's a screenshot:

Information about this 0-day vulnerability appeared on a security news list today and spread like wildfire.

Certainly, most organisations which take security seriously will use SSH and disable telnet. However, considering that this vulnerability affects a default system installation, it is likely that companies using Solaris 10 and not implementing strong security configuration, will be seriously affected.

That's truly a return of the "good" old days for hackers, when hacking into any server was a trivial task that required only a simple command. To see this type of vulnerability these days is extremely unusual and pretty much shocking for IT security community. Most of all, it is a terrible embarrassment for Sun Microsystems.

Jakarta Flood 2007 - Wednesday

I went back to Kelapa Gading to copy some data from my workstation. I moved out of Kelapa Gading on Monday evening, so I had the opportunity to see how the flood condition changed. The news is good. Basically, the flood is off the major streets of Kelapa Gading area, but most houses are still flooded. It is also rather difficult to get into the area using a regular car as all the access points to Kelapa Gading are still flooded:

Jl. Kayu Putih

Jl. Kayu Putih, on the left people waiting for submarine busway

Pulomas

To get to my place I first went with some truck from Superindo (near Pulomas) to La Piazza - driver didn't request any payment but accepted small tip. Then I was picked up by some truck whose driver was heading to Priok - this time driver didn't even accept any tip, shake of my hand was enough, nice to see such a good people around. We've brought some powder milk for children 1-3 years old and water for refugees and it seem that's exactly what they needed as small children don't like instant MSG loaded food to much and instant food is a type of food usually distributed around. Beside, the support for refugees in this areas seem to be working well. No people starving, just looking for some place to stay for a while.

Area near Mc. Donalds Kelapa Gading

I'm already starting to think about the best methods of helping local communities. In my opinion the best method of helping victims of Jakarta 2007 flood is to help in restoration of local schools that were affected by the flood. According to a brief report by Sampoerna Foundation, “As many as 1,489 schools in Jakarta were inundated. Specifically 1,295 SD, 174 SMP, and 30 SMU,'' said the Head of the Elementary Education Department of DKI Jakarta, Sylviana Murni". Definitely lots of help is required to rebuild all damaged schools.

When I was a kid and our school was badly damaged by the flood, I must say as a kind I truly appreciated to see rebuilt school that looked even better than before. I hope I can do something to make local kids enjoy the same feeling. Thus, if you know of any schools that need help in flood damage restoration, please let me know. I'll try to make list of such schools and try to organise some help.

Note: More information about the flood on WHO web-site.

Evacuated

Living isolated in Kelapa Gading has become unbearable, thus yesterday I moved out of the area. My evacuation vehicle was a Teh Botol SOSRO truck. More than 10 trucks from SOSRO were picking up people all around Kelapa Gading area and transporting to safe location. I'm not sure if SOSRO knows about it, I've tried to ask but they web-site is not updated since 2001, all contact details are wrong and I can't get their phone number.

SOSRO truck - evacuation vehicle

Several things surprised me over past few days:

1. I've found this on The Jakarta Post web-site "Less rain will be fall in all municipalities in the capital. If the rains fall, it will not be so heavy. Heavy rains may occur in Puncak, Bogor".

Oh, that's very interesting what Indonesian Meteorology and Geophysics Agency (BMG) says, because it was raining like crazy in Jakarta last night. Has BMG prognosis been correct at least once? I've also tried to use their RSS data feed but it never worked, their server was down like half of the time. I start to be more curious about this agency.

2. Thuggery. Well, I had to pay to cross the only path across the river. Few thugs controling the path ensured that those who could not pay had to go thorugh shoulder deep stinky water. The SOSRO truck drivers have also told us that some areas of Kelapa Gading were controled by criminals who stopped their trucks and demanded money.

3. Attitude of some people. The SOSRO drivers were very helpful, didn't ask any money and took something like 30 people out of the area on the same truck. Many of those people had cars waiting for them around Arion mal. When we arrived, truck driver stopped near a gas station (around Superindo mal) and informed everyone that he needs to buy gasoline to get back for more people. He asked for any contribution. Now guess how many people contributed? Just me and my wife. All the other people on the truck just left without even saying thank you! I could not believe my eyes. Note: Most of those people were not poor. They were shooting pictures with fancy digital cameras all over the truck like they were on some safari or something.

4. Profesional building management. I'm very surprised how Gading Mediterania Residences building management handled the disaster. They were truly prepared. They had enough gasoline to run power generators for a few days, organised well managed flood refugees centre servicing neighbour areas. Clean water was available at all time and the place was well secured. I must say I'm impressed. Great job guys!

I'll try to post some updates when I get back to Kelapa Gading. However, I'm not sure when as it looks like the current condition is not getting better.

By the way finally I understand why so many villas in neighbour areas like to use Venice/Greek a like motives:

Water is a perfect match, isn't it?

PS: Lots of people have sent me e-mails asking about safety of travel to Jakarta, thus let me answer. It is safe to travel to Jakarta, you can get from the airport to main business district, but before you come here please make sure that you have a hotel room booked. Most hotels are at almost full occupancy rate, thus it could be a problem to get a room without prior booking.

Flood related posts by other bloggers: bricolage, Jakartass (aftermath), Unspun.

Jakarta Flood 2007 - Sunday

Another day of the Jakarta flood. Today, I had to go through the flood to Cempaka Mas to buy some food. Surprisingly, there was actually more water in Kelapa Gading area than yesterday and I barely managed to cross the river to get to Cempaka Mas mal. Well, and when I already got there it was a completely different world. Business running as usualy, shops and restaurants open, supermarkets full of food etc. Meanwhile in flooded areas of jakarta the flood forced around 300,000 from their homes. Anyway, here are some photos that I took on Sunday afternoon:

Jl. Gading 7 on Sunday afternoon

Jl. Gading 7 on Saturday afternoon

Clearly the water level has increased since yesterday. It also does not look like the conditions would get better anytime soon.

Flooded school.

Area of Cempaka Mas.

As I've previously mentioned I'm amazed with the way locals handle various disasters and keep their positive nature in worst conditions. Today, I got several SMS representing positive nature of Indonesians, one goes like this: "BREAKING NEWS. Jakarta Governor Sutiyoso proudly WELCOMES TO THE GRAND OPENING of his new project, the Jakarta SUPER GRAND WATER WORLD 2007. Full of special attractions such as submarine-bus way and spectacular views of largest WATER WORLD in ASIA. FREE entry for all citizens, don't miss it!".

I just wonder who came up with this funny joke, but it could be related to this post at Blog Tempo Interaktif.

Flooded Jakarta at night

Water is an excellent conductor of electricity which makes electrocution a number two cause of death in floods. Knowing this Indonesian state electricity company PLN (Perusahaan Listrik Negara) has cut electricity in areas of Jakarta affected by the February 2007 flood:

I took the above photos on Sunday around 4AM, just after a heavy rain. The first one shows area of Cempaka Mas (view of South-West skyline), the second photo shows area of Sunter (view of city's West skyline). It is an extremely odd view as during regular night Jakarta shines with tens of thousands of lights. Last night most lights were still on but today it is just dark space with only a few lone candlelights. A truly gloomy view of Jakarta.

Jakarta Flood, February 2007

This week Jakarta experienced disastrous flood triggered by the high intensity of rain in the city and surrounding areas. It all started with a very heavy downpour on Thursday night which caused floods in some areas of Jakarta. Next morning number of offices reported missing employees who most likely could not get through the traffic havoc caused by the flood. I was myself stuck in the traffic jam on Friday morning and could not attend several meetings. Soon after I got informed that several of my clients have executed their Business Continuity Plans (BCP) and switched to teleworking. It wasn't without problems as telecommunication networks were also affected by the flood - apparently some telecommunication firms did not plan their DRP well. Fortunately, wireless networks were working well as I was able to access my e-mail from the car using 3G service.

Looking at the horrible traffic conditions and worsening weather, I decided to get back home. Luckily, I was back home early enough to avoid major downpour that happened around noon and caused major floods in South, central and North Jakarta. The area of Kelapa Gading was isolated by flood since 2pm and only trucks could get in or out of the area. I've spoken with taxi drivers who parked on a dry piece of road in front of Gading Mediterania Residences. They all were seriously troubled with the flood, as not only they were not able to make any earnings, but also they could not get back home. Moreover, they were all surrounded by people asking for a ride just to hear that there is no way out of the area as every road out is flooded.

Most shops and restaurants in the Kelapa Gading area were flooded. Those few which were still open were all out of stock by 10pm – fortunately I bought some additional supply earlier, fearing the rain will continue.

On Friday night very heavy downpours - an I mean heavy even by Asian standards - caused even greater flood. Water raised quickly and most roads turned into rivers. On Saturday morning I walked through the flood from Kelapa Gading area to Cempaka Mas mall. There was basically only one way through a very small bridge covered with water, the other option was to rent "mini-boat" which were quickly built by locals.

Anyway, here are some photos of the flood that I took around Kelapa Gading area:

Some shots from the local news:

Kelapa Gading (left), Sunter (right) - massive traffic jam on the Priok-Cawang tollway.

Sunter flood near Menara SMR - just near the Sunter exit from Cawang-Priok tollway

Flooded train station.

In summary, more than 100.000 people had to leave their homes and electricity was cut in several districts. To make it even worse, more rain is expected on Saturday evening.

Updates: flooded jakarta at night, Sunday, evacuated, Wendesday.