Slashdot Mirror

Good to see more security books are coming out and I agree an intro into stunnel would have been well worth it. Currently I wrap just about everything under stunnel, X, LICQ, pppd, and I love it. However on the other hand many people who don't understand SSL and are prompted for certificates would likely be offended to see an SSL cert created by something other than Verisign so the author should have attempted to debunk the idea that only Verisign or other vendor cert is law.

Maybe referencing Bruce Schneier's doc either by snippets or including a link to the document could've given clarity to those who don't understand some of the overhype about PKI.

Who says Gimp is so restricted and cannot achieve Photoshop like images. FYI I created (1 2 3 4 5) some pretty cool graphics over Gimp, and have used Photoshop in the past when I was a graphic designer. Sure it doesn't have all the features as PS, but provided its an Open Source project worked on by those who contribute on their own spare time, I would say it's good enough to get most jobs done.

Who says Gimp is so restricted and cannot achieve Photoshop like images. FYI I created (1 2 3 4 5) some pretty cool graphics over Gimp, and have used Photoshop in the past when I was a graphic designer. Sure it doesn't have all the features as PS, but provided its an Open Source project worked on by those who contribute on their own spare time, I would say it's good enough to get most jobs done.

Who says Gimp is so restricted and cannot achieve Photoshop like images. FYI I created (1 2 3 4 5) some pretty cool graphics over Gimp, and have used Photoshop in the past when I was a graphic designer. Sure it doesn't have all the features as PS, but provided its an Open Source project worked on by those who contribute on their own spare time, I would say it's good enough to get most jobs done.

Who says Gimp is so restricted and cannot achieve Photoshop like images. FYI I created (1 2 3 4 5) some pretty cool graphics over Gimp, and have used Photoshop in the past when I was a graphic designer. Sure it doesn't have all the features as PS, but provided its an Open Source project worked on by those who contribute on their own spare time, I would say it's good enough to get most jobs done.

Who says Gimp is so restricted and cannot achieve Photoshop like images. FYI I created (1 2 3 4 5) some pretty cool graphics over Gimp, and have used Photoshop in the past when I was a graphic designer. Sure it doesn't have all the features as PS, but provided its an Open Source project worked on by those who contribute on their own spare time, I would say it's good enough to get most jobs done.

Company: Airbus
Agency: NSA
Date: 1994
What: Information on an order for aircraft concluded between Airbus and the Saudi Arabian national airline
How: Interception of faxes and telephone calls
between the negotiating parties
Action: Forwarding of information to Airbus's American competitors, Boeing and McDonnell-Douglas
Result: The Americans won the contract (US$ 6 bn)
Source: "Antennen gedreht", Wirtschaftswoche Nr.46

TrollBot -- monitors the ip addresses of /. trolls then sends pissed off bots to their houses to teach em all a lesson

FairUseBot -- monitors bogus patent claims then visits the companies with bogus lawsuits and teaches them a lesson

VCBot -- cons more VC companies into dumping money as they did in the mid - late 90's.

ScriptKiddieBot -- monitors h4x0rs then reveals their entire life's information including SS, Addresses, etc, so webmasters can find the luzers and beat them

SourcePurgeBot -- monitors Source Forge for incomplete programs people started and never finished, tracks the (l)user and teaches them a lesson

JerrySpringerBot -- monitors the TV show and teaches all of those retards a lesson

RIAABot -- greps the Internet for the word Napster and threatens to sue everyone forcing a showdown between RIAABot and FairUseBot which can be televised

EmbedBot -- searches every single web page on the ner with embedded midi audio files in the source then tracks them and smacks em all silly

ScientologyBot -- continously posts on every forum around the world maintaining the lie that Scientology is not a cult, and John Travolta is a good actor. This bot also gets into showdowns with FairUseBot, but is the funniest bot to watch

Slashbot -- visits a site prior to being posted on /. and makes a mirror of an article to reduce the /. effect

Well I have my own Cisco based [1 2 3] information which sums up networking to a tee. Security Focus, Packet Storm, SpyKing, and Cryptome all cover the other areas for information when I need it. Is it me or in the past 2 years did everyone jump on the "Hacker" bandwagon writing books on information that's already a point and click away? Not taking anything away from the book, but Information Security Management Handbook 2001, Cisco's Routing TCP/IP, and other security books in my library have done me justice. Makes I guess a nice intro for newer users, but personally I don't like books with "Hacker" in them, they tend to be geared for those with little clues, and who are often too lazy or dumb to find information and study it on their own.

Well I have my own Cisco based [1 2 3] information which sums up networking to a tee. Security Focus, Packet Storm, SpyKing, and Cryptome all cover the other areas for information when I need it. Is it me or in the past 2 years did everyone jump on the "Hacker" bandwagon writing books on information that's already a point and click away? Not taking anything away from the book, but Information Security Management Handbook 2001, Cisco's Routing TCP/IP, and other security books in my library have done me justice. Makes I guess a nice intro for newer users, but personally I don't like books with "Hacker" in them, they tend to be geared for those with little clues, and who are often too lazy or dumb to find information and study it on their own.

Well I have my own Cisco based [1 2 3] information which sums up networking to a tee. Security Focus, Packet Storm, SpyKing, and Cryptome all cover the other areas for information when I need it. Is it me or in the past 2 years did everyone jump on the "Hacker" bandwagon writing books on information that's already a point and click away? Not taking anything away from the book, but Information Security Management Handbook 2001, Cisco's Routing TCP/IP, and other security books in my library have done me justice. Makes I guess a nice intro for newer users, but personally I don't like books with "Hacker" in them, they tend to be geared for those with little clues, and who are often too lazy or dumb to find information and study it on their own.

Well I have my own Cisco based [1 2 3] information which sums up networking to a tee. Security Focus, Packet Storm, SpyKing, and Cryptome all cover the other areas for information when I need it. Is it me or in the past 2 years did everyone jump on the "Hacker" bandwagon writing books on information that's already a point and click away? Not taking anything away from the book, but Information Security Management Handbook 2001, Cisco's Routing TCP/IP, and other security books in my library have done me justice. Makes I guess a nice intro for newer users, but personally I don't like books with "Hacker" in them, they tend to be geared for those with little clues, and who are often too lazy or dumb to find information and study it on their own.

Got bush? (fixed)

Got Bush

Sorry to sound like a pessimist here, but online books in my opinion are not that much to look forward to, well at least if I were an author I wouldn't look to creating an online book for simple reasons.

We've grown into reading books not an entire online book so its sort of second nature to pick up a nice soft cover or hard cover to read. When you go to work on the morning for those who commute via say buses, trains, etc., your going to want to read a book, not turn on a laptop to finish up on a chapter you didn't finish or start a new one.

When your going to lunch on a nice sunny day in the park, why would you want to lug around a laptop to read the book, when you could again grab a softcover or hardcover and enjoy the day without the added overhaul. This doesn't include having a network connection to connect to the site unless your going to fetch/wget the entire book beforehand.

Also, how much real money can you make before people start sharing account information (username/passwords) and your thoughts of making money suddenly get shot down the tubes by some moron with a w4r3z page?

What would be nice is a combination book with access to the online version so when you are at work and can't afford to be seen reading a book you could download a chapter, or maybe if your sitting behind your pc bored you could open it up, however an e-book I think will fail.

Also note that recent studies have shown that online magazines and newspapers don't fare as well as `old fashioned' purchases of the original. People want true content some times not just packets. And finally, that shit'd hurt my eyes reading an entire book online. I tried with "The Big Breach" finally ended up printing the darn thing to read it as if it were a real book.

Well good luck to the site, I hope its entertaining but you won't catch me there any time in this life.

Interesting one of my friends found FOIA information about weapons grade Uranium that was missing, stolen, eaten, disappearing, $INSERT_FAVORITE_TERM_HERE, throughout the 1940's - 1980's. Along with those disappearances, many people were killed, and it was alleged that a) enough was gone for 30 potent weapons, b) some had gotten into the water supply for experimentation, etc.

Anyways for those who're interested check out MKUraniumcide

Personally I think this would only help in a short term manner, and here's why. So you plan on selling say 100,000 shares of Mandrake stock at let's be fair with the price, in accordance to whats going on around NASDAQ, 6.00 (US) which would give Mandrake an extra 600,000.00 US which is enough to hold them for a short while.

A team of 20 developers at 35,000.00 a year would leave the company 100,000.00 a year under, not including office space, equipment, etc. So unless they plan on selling a massive amount of stock with people willing to continously buy from them, how could they expect to recoup any money to pay back investors who purchased it from them?

So there stock goes up let's say to twice that amount, because more people think it's a good idea. Ok eventually they'd still have to turn a hell of a lot of profit to keep the investors happy else they'd fall miserably, as many companies have within the past few years.

I wish them the best, but I doubt it would work. If you take a look at some of the strong companies in their field, let's say Baltimore Technologies, which is one of my favorites. They specialize in security based products, and have a strong market segment, yet their stock is doing poorly (under 3.00) so what makes you think a company like Mandrake could cut it in the market, when proven companies are having a hard time...

© Pimpfolio ghetto stocks all the time

The only way to calcel out these attacks is to disable valid services running in your network.

Actually your wrong. I wrote "Daemonic" when I was writing "Theories in DoS", a paper on higher network level based attacks such as BGP, OSPF based attacks. Now what Daemonic does is sends pseudo random garbage (spoofed) to any port you specify.

Simple lame little DoS attack right? Now even if you don't have the service running for the port your sending the data to, it'll still crap out your Windows2000 box with ease. Now if you send it with a multicast source address which is weirder (haven't benchmarked) things really get odd.

Either way it'll bang up your network. Now FYI sending data through to a port thats not running still has to get there which means the network can still amass latency, which is where you would want to nip it at the butt with your router or firewall.

The only way to calcel out these attacks is to disable valid services running in your network.

Actually your wrong. I wrote "Daemonic" when I was writing "Theories in DoS", a paper on higher network level based attacks such as BGP, OSPF based attacks. Now what Daemonic does is sends pseudo random garbage (spoofed) to any port you specify.

Simple lame little DoS attack right? Now even if you don't have the service running for the port your sending the data to, it'll still crap out your Windows2000 box with ease. Now if you send it with a multicast source address which is weirder (haven't benchmarked) things really get odd.

Either way it'll bang up your network. Now FYI sending data through to a port thats not running still has to get there which means the network can still amass latency, which is where you would want to nip it at the butt with your router or firewall.

The attacked used a compromised Earthlink account. O.k. so then Earthlink could easily check their router's info since they all have caller ID to determine who the heck called the number.

I do feel sad for the guy, and the article was well written but I think it's sort of filled with FUD to give it that "OH MY GOD" kind of edge to it. Sorry don't want to be a troll but I see discrepencies in the article.

I wonder what will happen if some of my theories were crafted. Now you'd be looking at massive backbones going to hell.

So someone writes and says they're a 13 year old script kiddie who knows that the FBI will traceroute, etc, etc, etc., and this is believable? Highly doubtable. As for the attacks, I would say Mr. Gibson should have his uplink provider hire some clueful router administrators who would've fixed the problem in a heart beat.

Lack of understanding from those involved often create more harm than they help. UDP packets coming in to a website? And the admins couldn't think firsthand network skills SYN --> ACK --> SYN, 3 way TCP handshaking? They need to go back and study up using some Cisco Press material.

Anyways for those who haven't seen the page yet or are in charge of networking, and or firewall equipment, check out Stopping DoS which is a "do this now" tutorial to stop beating around the bush and cut DoS attacks at both the firewall, and network (router) level. It's not an rfc, not a write up of what a DoS attack is, simply a "fuck it's 3am and I'm getting DoS'ed now how do I stop this shit" paper.

Too many spammers have a variety of resources at their disposals to continue spamming, mixmaster remailers, horrible configurations of sendmail from corporations, and nickle and dime webservers, etc.

Now what may work, is going after those responsible for the advertisements contained in spam. Example www.joebloworsomething.com hires someone to promote their site, and those people send promotions out via way of spam, I feel holding the people at the site responsible is better fitted.

Now bear with me on this a second. Sure it can seem somewhat unfair, but no one asks for spam, and by using someone's resources (bandwidth, whatever) companies should be made aware of how much their actions cause versus the amount of people who actually reply to spam. Think about it, company X sends say 20,000 spam emails a day, of which 1 replies and actually buys something, but out of those 20,000 500 decide to take company X to small claims court bitching...

See the laws fail when they're passed because you can't have one country's law dictate what is law in another country, and many politicians fail to see that when they waste time and money with their so called AntiSpam bills. You don't cut weeds in the garden half assed, you cut them at the root.

Stolen Uranium, and unsolved murders? non fiction at its best

Certainly it's not dead, and with all the security incidences going on, more and more companies will eventually turn to other means of safeguarding data than the usual suspects (PKI, etc).

One of the problems with hw based encryption, is the pricing however major corporations esepcially in the financial markets look to hw, as does the military, but there are actually some restrictions on what can be sold due to crypto laws.

And FYI when you say hw crypto you should note that there are different types of hw, e.g. network, optical, embedded, datalink, etc.

network based
Caneware is capable of encrypting and decrypting at through put rates from 1200 bps to 750 kbps full duplex and supports I/O rates up to the T1 rate (1.544 Mbps). cost is $19,500.

embedded based
Fascinator can be used for non-tactical communication nets. It is approved for use at all classification levels. the MCX-100, NX 300, Portable Repeater, SABER, SPECTRA, SYNTOR X-9000, SYNTO X-9000 E, Console Interface Unit, and SPECTRA Mobile SVMS have been endorsed. This product is available from Motorola, Inc. The price ranges from $495 for hand-held to $1200 for portable repeaters.

optical based
KG-189 is a trunk encryptor designed to be compatible with Synchronous Optical Network (SONET) standard interfaces. It provides optical transport at both the RED and BLACK interfaces to communications systems. The KG-189 program currently consists of models supporting two standard SONET data rates. The OC-3 model operates at 155 Mb/s and the OC-12 model operates at 622 Mb/s. The development of a model supporting the SONET OC-48 data rate of 2.5 Gigab/s has been terminated. The KG-189 supports BENIGN fill capability, traditional key and remote loading of FIREFLY vectors. It is approved for use at all classification levels. The product was developed by Motorola GSTG and Nortel. Production of the KG-189 is provided by Motorola Sectel. The cost for the OC-3 model is $37,654, and the OC-12 model is $62,664.

datalink based
Motorola STU-III SECTEL serves as two-wire and four-wire switched telephone systems used in CONUS and Overseas. They are approved for use at all classification levels. The authorized vendor is Motorola, Inc. The cost for a STU-III Sectel is $3,795.

And the list goes on

Didn't slashdot touch off on this a few months back http://slashdot.org/articles/01/02/22/0124253.shtm l ... IMO, I think Usenet is solely trying to protect another company from ripping something they purchased, they have every right to, however for them to even attempt to go after every nickle and dime site mirrorring archives would be costly for them.

So I see this solely as something of a warning to companies who may think of making money of some sort in the future nothing more. Aside from worthless jokes, cheesy porn, and millions of 31337 hax0r3r posts 98% of which make no sense, I've found Usenet useless 95% of the times, and have found better private mailing lists for my needs, so I see no big deal with this news.

Murder, Genocide, MKUltra, and stolen Uranium .. born in the USA

If only I could get early dibs on the lottery results, NASDAQ tips, and the latest mention of Nix releases

Project Megiddo a year and we still waiting

Finally things start appearing which show the legal inconsistencies of DVD regarding law (decrypting DVD's, financial irregularities) however due to the fact that the MPAA has a lot of "juice" involved with the whole monopoly of it all... *oops* control of it, I doubt Australians could make enough of a dent with their case, in fact I would think they'd be like mosquitos picking at a Moose or something similar.

Instances like this where a small market makes noise would quickly be hushed, what they should have done, is contact other countries facing similar problems with this and then make noise. And if all else fails!@

They could always throw Russell Crowe in the Gladiator suit and send him to set things straight for those "mates" down under.

Echelonomics 101

The Wall Street Journal just ran this something similar.. (haven't checked the zdnet doc lagging on dl's) [mirror]

Anyways I doubt its impossible for the NSA to splice it, however when companies take the corrective measures to ensure this won't happen what are they going to do...

Example, say a company takes the time, and money to protect their fiber say inside inexpensive pvc pipes or something similar, who does the government expect to blame when a company finds out that 100 miles away from any shoreline, their casing has been breached? Certainly its not Joe Fisherman doing this.

Anyways aside from that nothing is going to help them when that fiber line is carrying IPSec data all the way through the connections, along with messages that have been encrypted before even being sent. So many people have little to worry about.

For those interested in Crypto Equipment and such (especially those working in the ISP segments) you can check out the Crypto Equipment Guide. Hopefully many companies will start looking at their clients (whether their employees, subscribers, etc.) more serious. I know Earthlink is taking that approach.

The Wall Street Journal just ran this something similar.. (haven't checked the zdnet doc lagging on dl's) [mirror]

Anyways I doubt its impossible for the NSA to splice it, however when companies take the corrective measures to ensure this won't happen what are they going to do...

Example, say a company takes the time, and money to protect their fiber say inside inexpensive pvc pipes or something similar, who does the government expect to blame when a company finds out that 100 miles away from any shoreline, their casing has been breached? Certainly its not Joe Fisherman doing this.

Anyways aside from that nothing is going to help them when that fiber line is carrying IPSec data all the way through the connections, along with messages that have been encrypted before even being sent. So many people have little to worry about.

For those interested in Crypto Equipment and such (especially those working in the ISP segments) you can check out the Crypto Equipment Guide. Hopefully many companies will start looking at their clients (whether their employees, subscribers, etc.) more serious. I know Earthlink is taking that approach.

Nicely written document although they should have focused likewise on posting some methods to circumvent DoS attacks. Many networking, and security admins, know of the problems arising from DoS, yet there are scores of them who know little about protecting their infrastructure from an attack.

Personally I think its a trivial job to halt denials of service attacks, but it can be done, and what someone should create is a framework for ISP's, Colleges, whoever has a networking propagating info out, to follow that shows them how to enable engress filtering so no attacks come out of their network, and an equally likewise doc that shows preventive measures.

Everyone, and their BOFH mother thats on the net, knows the effects of a DoS attacks, or what a DoS attack is, but a fraction of them know what to do about it.

Anyways for some of those admins, I have a doc called Stopping DoS which is a die hard "this-is-what-you-do-on-this-hadware" to limit DoS attacks, as well as a s(emi)tudy paper called "Theories in DoS" which is a higher protocol level look at Denials of Service, which provides a framework look into future avoidances of them.

P.S. These are docs I wrote out of spare time, etc. nothing more, so don't expect any RFC based documents such as this paper thats linked.

Nicely written document although they should have focused likewise on posting some methods to circumvent DoS attacks. Many networking, and security admins, know of the problems arising from DoS, yet there are scores of them who know little about protecting their infrastructure from an attack.

Personally I think its a trivial job to halt denials of service attacks, but it can be done, and what someone should create is a framework for ISP's, Colleges, whoever has a networking propagating info out, to follow that shows them how to enable engress filtering so no attacks come out of their network, and an equally likewise doc that shows preventive measures.

Everyone, and their BOFH mother thats on the net, knows the effects of a DoS attacks, or what a DoS attack is, but a fraction of them know what to do about it.

Anyways for some of those admins, I have a doc called Stopping DoS which is a die hard "this-is-what-you-do-on-this-hadware" to limit DoS attacks, as well as a s(emi)tudy paper called "Theories in DoS" which is a higher protocol level look at Denials of Service, which provides a framework look into future avoidances of them.

P.S. These are docs I wrote out of spare time, etc. nothing more, so don't expect any RFC based documents such as this paper thats linked.

This is great marketing for both IBM, and Linux. First off I think this is more of a marketing tactic than IBM trying to be helpful to any developer. By having thousands of developers do their thing on the machine, they could always turn around and pimp the results as both an IBM, and joint Linux effort which is pretty cool for Linux marketing...

However on the flip side of the coin, I hope the developers rush to fill these slots as opposed to some troll who's going to use those accounts for silly shit like h4x0rf00.c programs they wanna throw up, or uneccessary other shit...

Let's kill some Americans and blame Cuba

Ok so don't blame Canada, but don't blame Big Blue either, it wasn't them who set out to have someone commit this crime, it was a publicist/marketers fault for this stupid action, and it was someone else's stupidity for not drawing the line regarding morals, and money.

If Sig Sauer had paid someone to promote their guns, and some idiot decided to do something like shoot up a crowd, it would be wrong to place blame on Sig Sauer for the actions of any other than themselves. (poor example I know but I was reading Guns and Ammo earlier so sue me)

Listen there is nothing wrong with advocacy, so don't think this is a bash Linux post, it's nothing more than a reality check. You don't commit a crime (vandalism) because someone pays you to do it, that'll make you as guilty as the one who conspired the crime. The guy should have known what he was doing was wrong and opted not to do it. As for the punishment, he should do the community service for it, and be given a swift kick in the ass for being dumb.

What is Deviation v.1?

We do agree with any arguments anyone from there would care to give for the right to register the domain, however there is no one from 2600 that can realistically justify using Ford's bandwidth against Ford's will.

Who at antionline.com can justify the use of abcnews.go.com's and akamai.com's bandwidth, in their "cocksucking" abc news spoof.
Thought so. I didn't look at the other "spoofs", but i suspect they are just more of the same use of unauthorized bandwidth against the "spoofed" company's will.
At least Goldstien doesn't eat with the same hole he shits.
Next!

We all know that in theory we should have the right to express ourselves as we feel, as it is amended, but one thing 2600 won't point out is that by creating the "FuckGeneralMotors.com" site and pointing it to Ford.com's website, they are using Ford's resources via way of bandwidth which I'm sure is unauthorized. Why not just make a virtual directory with pictures, and or information of a competitor instead of trying to reverse engineer killing two birds with one packet.

Well hopefully their AOL followers don't attempt to h4x0r me for writing this, but enough is enough, time to grow up guys. We do agree with any arguments anyone from there would care to give for the right to register the domain, however there is no one from 2600 that can realistically justify using Ford's bandwidth against Ford's will.

On the X Files the guys rocked because it was something new. With their own show we expected to see something as serious as the X Files in the form of the hackers which never happened. Comedy? The show flat out sucked, and it was surprising it lasted as long. Same happened with Level 9 which aired for about 4 weeks that I know of. For those who never even heard of it, it was supposed to be I guess what people think the NSA are, a bunch of hacker crime fighters which never materialzed.

I watched that show once or twice till I heard them say "his website WHATEVERTHENAMEWAS.com is untraceable, he keeps moving IP address." or something along that line, and quickly thought "stupid ass clueless producers don't even do research."

Family Guy is funny as hell tho' Stewie just owns.

Sad to see the Lone Gunmen go, maybe Chris Carter will script them into X-Files a bit more since they do have that role under lock down. But by themselves... they're boring.

Lone Gunman

Besides, statewatch is part of the same leftist agenda as organisations like IMC, who fear that if their "privacy" is breached, then they can't continue their terrorist campaigns against innocent people who work towards ensuring global prosperity.

You say toe * may * toe I say toe * mah * toe. One thing I will say from my perspective on this which doesn't count for shit in the real world, but I like to look at things from all angles.

Global Prosperity: Things were just fine before bills such as this, so why would you want to introduce one to ripple the waves in still water?

If you don't know the EU is passing a Cybercrime Treaty document which would (hopefully for them) give Law Enforcement Agency's the right to cross investigate crimes and act on them which at first seems like a good idea. But what's forseen is abuse.

Take the FBI who seeks a warrant and gets denied in the United States. That same agent will be able to seek another country to serve that warrant up for them, circumventing the laws of this land. See a problem with this or notion of future abuse?

Why shouldn't citizens have the same right to privacy as governments tout. If anything the governments should not be the ones to hide anything for any reason, we put them there, and we have every right to know what our government is doing.

Just because you have people that keep a close watch on government doesn't mean they're criminals, and I suggest you read the interview I did with John Young from Cryptome.org who shed light to dispel those anti government theories here.

So while you see things one way, doesn't mean its wrong, doesn't mean someone else is wrong, but there are always alternative sides to an issue which you may not see so clearly.

Kudos to the person who made this one, although I'd still be leary about with even this one "worm" especially when groups like s0ftproject keep creating these sometimes outrageous backdoors.

Someone should set out to write an informative document which isn't so bloated with too many tech terms for the newbie Linux admin that shows them how to lock down their Linux systems on an install. I wrote a lame one about 2 1/2 years ago, but never bothered following up on it.

Education, education, and more education. I wonder how come many complain about security, when so little take a few hours to actually inform themselves of the risks/fixes for typically easy problems.

2600 is being run by Peter Pan

Kudos to the person who made this one, although I'd still be leary about with even this one "worm" especially when groups like s0ftproject keep creating these sometimes outrageous backdoors.

Someone should set out to write an informative document which isn't so bloated with too many tech terms for the newbie Linux admin that shows them how to lock down their Linux systems on an install. I wrote a lame one about 2 1/2 years ago, but never bothered following up on it.

Education, education, and more education. I wonder how come many complain about security, when so little take a few hours to actually inform themselves of the risks/fixes for typically easy problems.

2600 is being run by Peter Pan

Kudos to the person who made this one, although I'd still be leary about with even this one "worm" especially when groups like s0ftproject keep creating these sometimes outrageous backdoors.

Someone should set out to write an informative document which isn't so bloated with too many tech terms for the newbie Linux admin that shows them how to lock down their Linux systems on an install. I wrote a lame one about 2 1/2 years ago, but never bothered following up on it.

Education, education, and more education. I wonder how come many complain about security, when so little take a few hours to actually inform themselves of the risks/fixes for typically easy problems.

2600 is being run by Peter Pan

About a month ago I watched a television show about people with disabilities. During the show they had this mind control based program attached to a person's head which allowed them to think of which way to turn things. The program was dropped by the USAF (or they said it was) but continues for paraplegics.

I don't recall the complete set up they had, but it seemed like electrical wiring attached to the backside of the persons head allowed them to think about moving objects in a specific direction, sent signals to their wheelchairs or in another case implanted motors in one crippled persons hand to commit the actions.

Anyways the USAF was testing it previously since they were stating that pilots had too many buttons, controls, gauges to monitor, so they were looking for alternative methods of having them manuever the aircraft when they were flying. If I'm not mistaken it (the technology) was highly used in NASA as well.

So aside from all this semi informative stuff. I would rather have NASA spend time fscking around to get things done properly then to keep having them waste money crashing, and losing aircraft.

2600 being run by Peter Pan

Verisign is somewhat of a joke as is PKI (Bruce Schneier doc) but their financial impact is what's going to give them the upper hand no matter what anyone thinks about them. (1)

FUD comes into the game by Congressmen/women who've forgotten to take vitamin clue, and don't fully understand tech, often becoming confused by most of the matters thrown before them. So most are going to be quick to believe the obscure information Verisign throws at them thinking that Verisign is a martyr or meat behind whatever they (Verisign's people) place in their (congressmen/women's) path.

*.Biz I browsed the top post claiming business should have first dibs on registering a .biz TLD, so here's an argument for many to think about where naming is concerned since Apple was cited. Why shouldn't that little mom and pop shop in Littleville USA named Apple have rights to register the domain if they beat Apple to the punch doing so? Shouldn't they have the same rights as the bug boys or are you suggesting that if you have money you should be able to buy your way into something just because government is passing cruddy laws allowing you to do so?

As for ICANN, its truly a shameful organization thats leaning towards catering to their own needs when they had previously set out to make sure no one entity took control of the .com, .net, org, $INSERT_YOUR_TLD_HERE, when now it seems they want to for some reason have total control of it all, when they're only supposed to be laying down the law. Funny organization. Even funnier arguments.

venona: hardcore crypto

Verisign is somewhat of a joke as is PKI (Bruce Schneier doc) but their financial impact is what's going to give them the upper hand no matter what anyone thinks about them. (1)

FUD comes into the game by Congressmen/women who've forgotten to take vitamin clue, and don't fully understand tech, often becoming confused by most of the matters thrown before them. So most are going to be quick to believe the obscure information Verisign throws at them thinking that Verisign is a martyr or meat behind whatever they (Verisign's people) place in their (congressmen/women's) path.

*.Biz I browsed the top post claiming business should have first dibs on registering a .biz TLD, so here's an argument for many to think about where naming is concerned since Apple was cited. Why shouldn't that little mom and pop shop in Littleville USA named Apple have rights to register the domain if they beat Apple to the punch doing so? Shouldn't they have the same rights as the bug boys or are you suggesting that if you have money you should be able to buy your way into something just because government is passing cruddy laws allowing you to do so?

As for ICANN, its truly a shameful organization thats leaning towards catering to their own needs when they had previously set out to make sure no one entity took control of the .com, .net, org, $INSERT_YOUR_TLD_HERE, when now it seems they want to for some reason have total control of it all, when they're only supposed to be laying down the law. Funny organization. Even funnier arguments.

venona: hardcore crypto

Personally to me crypto its not a matter of "hiding criminal evidence from the feds" which is the basis of every single argument they'll thwo into the loop. As a citizen of the US you should be entitled as Amended to your right to privacy. What people rarely see is the level of abuse the Feds partake in regarding technology nowadays, abuse that happens on a scale that is barely told out of fear from sounding like an "anti-government" looney ranting about rights.

As I posted in a prior thread, taking a look at some of the cases going down with tech (Jerome Hackenkamp, Jim Bell, and others) its regretful to see no one has truly questioned the methods of the FBI regarding tech. What we do hear about are overhyped situations fed to the media, in order for Big Brother to look like a martyr. (e.g. Notice every month they announce a so called "cyberwar", or expected DoS attacks?) Rarely does any media outlet post situations like the Hackenkamp situation or the Max Vision situation, and the judge flat out gagged the media on the Jim Bell case.

So why is this done? Simple government does not want you to have the right to privacy when it comes to encryption, should they want to screw you as they have others, crypto makes everything more difficult for them to do so. Now when I say screw I literally mean screw. For those who have read the cases what happens is, when gov wants someone they'll use every resource in the book to get them. Even if its something as minimal as spitting on the floor. So to proactive people like Jim Bell, and Max Vision, who are likely to use crypto this makes their job that mich harder, so they take a "crypto is for criminals" attitude on the situation in hopes of proving that because some have used crypto for bad purposes in the past, everyone will as well. Argumentative however this isn't done when dealing with issues such as firearms. Why? Because when you have people like the NRA to voice out and pay politicians off, the situation quickly gets hushed, as opposed to tech where you have a handful of associations which attempt to help but are understaffed/underfunded/underadmined such as EPIC, EFF, and others.

Privacy for life

Personally to me crypto its not a matter of "hiding criminal evidence from the feds" which is the basis of every single argument they'll thwo into the loop. As a citizen of the US you should be entitled as Amended to your right to privacy. What people rarely see is the level of abuse the Feds partake in regarding technology nowadays, abuse that happens on a scale that is barely told out of fear from sounding like an "anti-government" looney ranting about rights.

As I posted in a prior thread, taking a look at some of the cases going down with tech (Jerome Hackenkamp, Jim Bell, and others) its regretful to see no one has truly questioned the methods of the FBI regarding tech. What we do hear about are overhyped situations fed to the media, in order for Big Brother to look like a martyr. (e.g. Notice every month they announce a so called "cyberwar", or expected DoS attacks?) Rarely does any media outlet post situations like the Hackenkamp situation or the Max Vision situation, and the judge flat out gagged the media on the Jim Bell case.

So why is this done? Simple government does not want you to have the right to privacy when it comes to encryption, should they want to screw you as they have others, crypto makes everything more difficult for them to do so. Now when I say screw I literally mean screw. For those who have read the cases what happens is, when gov wants someone they'll use every resource in the book to get them. Even if its something as minimal as spitting on the floor. So to proactive people like Jim Bell, and Max Vision, who are likely to use crypto this makes their job that mich harder, so they take a "crypto is for criminals" attitude on the situation in hopes of proving that because some have used crypto for bad purposes in the past, everyone will as well. Argumentative however this isn't done when dealing with issues such as firearms. Why? Because when you have people like the NRA to voice out and pay politicians off, the situation quickly gets hushed, as opposed to tech where you have a handful of associations which attempt to help but are understaffed/underfunded/underadmined such as EPIC, EFF, and others.

Privacy for life

Could it be the author wrote this book left it on the shelf and avoided the problems which are plaguing the industry at this current time?


This is a future in which the sovereign individual is freed to become as much as she allows.

Wrong, this is a future where many are going to have to tiptoe through all sorts of scenarios to avoid having a future littered with legal worries from all sides of the spectrum. How can you become "freed" from anything when at the rate the tech field is going, we've seen a surge of lawsuits from all walks of life ranging from patents, to copyrights, to any other fabled scenario a company wants to spend money litigating?

Looking at that aspect, I'd say many would become rather restricted and reluctant to promote "the next best thing", or even themselves out of fear of retribution.

Secondly amidst all that nonsense, for those who either don't notice, or ignore the warnings, taking a look at the legal system itself regarding tech, it will only get worse, as laws (which are often so broad and obsolete to a circumstances) prohibits many from acting. (e.g. Jerome Hackenkamp, Max Vision, Keith Henson, Napster [corporations aren't free from actions either], Jim Bell and the list goes on) to promote or revolutionize, or even speak in today's world.

What world is the author living in I'd like to visit?

However, Gilder does miss one important point; in the abundance of bandwidth, there becomes a new scarcity of content. In the end, Gilder's book
may best be thought of as a call to arms: start wasting bandwidth, and start working on solving the next problem -- one of novel creation.

How can you expect to solve the next problem when the ones in front of you are ignored? What about taking a realistic approach to focusing on whats on the table now before crying over spilled milk later?

Microsoft has hired Al Gore as a consultant while they plan on having TPC recount the benchmarking process which they labeled as unfair.

"This is ludicrous, no way are those results in any way proof of anything more, and with a 52 billion dollar budget allocated to marketing we'll prove it." stated an anonymous Microsoft spokesperson.

According to an insider, MS is also planning on declaring war on SGI for not using their ZX-10 servers for the test. An SGI spokesperson simply states, "We tried to use the fucking server, but the shit just bluescreened before we even turned the son of bitch on, so we kicked it a few times and chucked that shitty OS for the benchmarking test. Look, in all fairness we tried, but until Microsoft gets their shit together, we're going to try to capitalize on using a free OS such as Linux. Our company isn't do so great anyways so Microsoft can take their licensing and shove it."

After conceding to SGI, Microsoft then contacted Mr. Gore in efforts to gain insight on what not to do when asking for a recount. "We called Al to see where he screwed up asking for a recount so we don't fall victim to the same outcomes. We then tried to have him sell XP licenses at Columbia, but he conceded when pushed too hard." stated the anonymous MS employee.

Stay tuned as things get ugly

AO -- removing the dot in dot com

Chip Maker Trustworthy announced today they'll be cutting to the chase and releasing a 5terrahertz chip which is the fastest on any market, touting a catchy slogan "Powered by God."

"We didn't want to get involved in the whole marketing game at all. We've had these chips for years but had to sell all other lower speed chips in order to make money. Well all that is in the past, from now on we will release things to the public immediately. No more lies." stated Swedish born CEO Karl Karlssson who is now a converted Born Again Christian Chipmaker.

The company however faces a lengthy delay after residents of South Beach Miami claimed to own the patents to create the sand used to make the silicon used to make the chips. "What about dew prossis" claimed a big breasted South Beach Miami blonde wearing an Intel t-shirt looking in the mirror.

"We decided to give the chips to the people, without any side stepping. As is, and we're confident the powers of the Pope will annoint this chip and smoat the "Blue Man Group" of Intel who resemble satanists." stated Karl.

Stay tuned for this lengthy battle.

Q & A with John Young of Cryptome.org

Team up with Starbucks to hurry and send rockets to Mars, then have Starbucks help them hurry to deliver that horrible coffee they so often dispose on the public....

Honestly though, they should take as much time preparing to get it right. I would rather see them wanting to wait 19 more years at the cost of a couple billion tax payer dollars, then see them spend a couple billion per year in failed missions going there. If all else fails, they could always fake pictures of lannding on Mars (har har) or explore another planet. Whats the big fascination with Mars anyways, there are so many others involved. Are they leaking out something they don't want the public to know?

I've never heard any major stories surrounding any trips to other planets. Come to think about it, aside from Mars and the Moon, I've never even heard of any trips to places like Jupiter, Saturn, Neptune, etc. Do they know something they don't want others to know?

An overpaid Unix admin? Take your so called overpaid Unix admin and compare them to a Windows admin. Oh yes those point and click, drag and drop warriors using MS, versus the Unix admin who usually has a good knowledge of programming that has to specially tweak systems, via scripts as opposed to purchasing more products to throw on top of a precompiled executable you can't do anything with.

Yes that overpaid Unix administrator who often has to understand many other aspects of computing such as networking, configuring servers, building servers, benchmarking the products that will work, in comparison to the point-and-click/drag-and-drop Microsoft warrior which still comes out cheaper than hiring a networking guru, along with an MCSE (Must Consult Someone Experienced), atop of all the programs you still have to pay for, ATOP OF EVEN THAT the TCO of other budled software your going to buy to get your network running "slightly" the way you could get it with Nix based systems.

Wow you'd be a poor bookeeper there if you didn't scope out the whole scenario and all everything in its entirety up. Don't you know that MS kills when all is said and done? MS sure has a high Total Cost of Ownership which I wouldn't be willing to pay.

Don't get me wrong I'm not bashing Windows, I know most business would have a hard time migrating over to something more feasible at this point, being they've been marketed to death and frozen into the MS way, this I won't argue, however you have to remember this generation will be tomorrow's CTO's which is MS' biggest hidden fear

The purpose of this paper is to dispel the popular notion that the Linux operating system is free and to arm retailers with the key areas they need to take a serious look at when considering Linux in their enterprise.