Slashdot Mirror

"Our country certainly lacks knowledge of manned flight technology," said Yoshifumi Inatani, an associate professor at Japan's Institute of Space and Astronautical Science.

Why would someone even take the chance here when clearly they're stating they acknowledge issues surrounding their space projects.

Last November, the National Space Development Agency of Japan was forced to explode a H-2 rocket and satellite by remote control when it veered off course after lift-off.

The consolation was that it was unmanned.

Now lets do the math 25k x 50 is only about 130k per flight which means at that rate the 628 million (U.S.) would be paid in upteen years. Sounds like a plan I guess they're probably gonna have flatscreens with Doubleclick banners on the way up.

No space suits needed

Others have claimed the same thing before and everyone is quick to push gimmicks and dreams. There was recently a company who now offers 'mile high flights'. Where for a few hours they'll take you up in the sky to get your jolly's off.

Wonder what they're going to do when things become erratic in outer space like with what happened on British Airways when someone wants to crash a shuttle. How much would insurance cost in the case of a meteor shower, where will the pilots be trained (hopefully there won't be any from the crew who launched those mars probes else you may never see your grandma again).

26k for a novelty flight is a bit steep and I doub't they'd be able to recoup much monies spent on advertising through customers, after all how many people have 26k to drop for a few hours joy?

Firestone Tire Spoof

First company I was at that did the same thing was a company called CollegeBoardwalk.com/LavaSpoon.com. The CEO (Crappily Experienced Officer) was a friend of a friend of a friend of one of the investors (they were owned by the same owners of GTInterActive and Perform.com). Anyways this CEO blew through 6million in VC faster than a girl named Monica and a man named Bill.

First he let go of two or three employees in which we all knew what was coming, then he re-hired them to finish on a promise things would continue but his underlying factor was he needed them to finish some book keeping stuff first and after it was done he fired them. (what a snake) While this was going on most of us were thinking he would work things out or something and decided to give it another week or so. Instead one day we come back to have everyone's belongings packed in boxes including personal stuff in which I had to fight to get my Sun Ultra1 and routers out of there. I mean literally threaten to bust this idiots ass.

Shit happens whether or not its a dot.com or other business. Its funnier online since it reaches a larger audience but its typical business.

Firestone Tire Spoof

Someone contact AOL/Time Warner, Microsoft, or some other capitalist company and buy out this guys technology!!

I would like to see something good happen for Apple, after all Steve Jobs returning and the iMac did the company some justice this year, this however is like a slap in the face if you ask me. His idea will never fly... liTTerally

Firestone Tires Spoof

Lazy or busy Admins
Try getting your lazy or busy admin to try and delegate programs such as this over +1000 machines and then tell him he has to trust someone else sharing this information.

Updates Updates
Name a single source entity to poll information from, it definitely shouldn't be one source since last I recalled SecurityFocus and MS had issues as does collaboration between CERT, HERT, SANS, and every other acronymed advisory board on a one shot Advisory system. (everyone wants their last words in somehow)

Policing
Who would be in overall charge of this system, the admins of the network or should they trust some shared information with others, or should we just give all trust to big brother?

Providers, ISP's, Co-lo providers
Yes competition is in a rush to share information with each other. What makes anyone think there would be uniformity when half of all ISP's, Co-lo's, and misc. providers, can't even create simple access lists on their routers let alone join together on a massive project.

Salesman Mumbo Jumbo
What about those who would take a semi nice idea and create a 'for-profit' product only to become somewhat of a PKI'ish joke where everyone thinks they need this "NEW" thing whereas theu could do fine with some other Managed Intrusion Detection Service?

DAMN!@ I bitched about nothing sign me up for 2!

Firestone Tires Spoof

Just great another movies about the media's portrayal of hax0rs. Level 9 which is another lame hax0r show uses what seems to be Windowsmaker and references the word script kiddies. I hope no one takes these shows and movies serious, else after the movie we'll see a flurry of AOL retards wanting to be '1337'

Redhat Spoof (script kiddiesh too)

Microsoft has enough issues to be dealt with and I think anything can be construed as racism depending on the way people tend to take things, remember that microsoft scandal with the monkey bars and a picture of little black kids playing on those monkey bars.

People's instinct to overblow many situations don't help, I don't see anyone complaining about the rotten situations Mexicans must deal with when they're stereotyped to be low wage workers in almost all instances, or Arabics to be stereotyped as 7-11 workers or taxi drivers. All you hear about is the media hyped bullshit which makes for juicy gossip enough to bring in the hits to those websites or sales to those magazines, newspapers, etc.

Windows2000 Spoof

According to this story the F.B.I. recently arrested some script kiddies under suspicion, not evidence, but suspicion, that they were going to create denials of service attacks. These script kiddiots in turn turned over some other Israeli script kiddiots in an effort perhaps to save their own ass.

So ponder this question a bit and toss it into a conspiracy theory if you want; The F.B.I. who can track down the persons responsible for bombing the U.S.S. Cole can't keep track of script kiddies?

I think the bigger picture should be clear that certain agencies know damn well who these kids are and allow them do wreck havoc until damages of hundreds perhaps millions of dollars occur and then they use them as script kiddiot snitches in hopes of catching more morons to make themselves look good.

If you take a few minutes to view the cases at Cybercrime you can notice that most arrests occur monthly and the damage done on these crimes are at a very high price with the perps often getting little to no time as is seen in Coolio's case in which he's getting sentenced for misdemeanors while commiting felonies at an adult age. There is a lot more going on behind the scenes than most people realize or maybe care to know.

As for minors securing a network I don't see how exactly the intend on allowing this to fully materialize when half of these rootards don't even understand the meanings of IS-IS, IPSec, ISAKMP, CA, let alone fully understand upper crust protocols.

Theres a lot more thats happening thats not being mentioned here.

removing the dot in dot.com

Napster Spoofed

How long will it be now that Napster has commercialized itself, that it'll end up on F*ckdCompany. Does anyone even use Napster anymore last I checked most of my friends were ditching it after lenghty complaints of not being able to access songs the way they once did.

According to the prior posting here as well which states most Napster (l)users actually purchased more music, do folks over at BMG still make it to be the devils tool or are they hoping to ride the coattails and make up the money I forsee them losing?

What was Metallica's final view on it after all the hooplah they caused? I haven't read much about the mention of the two after trials either. Do they see it as a good thing now that royalties may be heading down the way or did commercialism butter their attitude and bring forth Napster in a whole new light?

FreeBSD Spoofed

It could've been worse for the guy had they bombarded him for 366 days of William Shatner singing those annoying ass songs of his.

What he should've done is enrolled in one of those collegegirlsellingherassonacam.com and enjoyed those wasted days with better company.

SourceForge Spoof

Its nice to see this information for educational purposes at this point since its outdated. What would be nice however is if they released some new information on their projects.

SourceForge spoof

Why shouldn't I have said that when its true, there are plenty of programs I could sift through and point out that are only taking up space and will never be followed up on. Maybe you misread the intent so I'll leverage it:

While SourceForge provides a hell of a lot of nice idea and schematics for some great tools, its sad to see some efforts aren't followed through on a lot of those great idea.

Redhat Spoof

Vapourware!*@ I hear SourceForge is changing its domain name to VapourwareSource.com soon.

While SourceForge provides a hell of a lot of nice ideas and schematics for some great tools, its sad to see efforts aren't followed through on a lot of those great ideas.

How long will it take before ideas run dry especially when some of these prodcuts are thought up then hung out to dry never to be followed through? Maybe some of these developers should get together with others and focus on a strong product before just spitting an idea out, getting hopes raveled in the process only to drop it after a few months.

Corporations love this notion that the OpenSource industry can't get their act together and this is a major pitfall on the Unix side of the industry in hopes of creating the `Euphoric' notion of OpenSource being a better alternative than commercial ventures.

It can be viewed as a laugh to have such strong techological advances in the OpenSource field go up against the big guns only to have them fall on their asses because there were never any standardizations or follow-ups to keep the pressure on and prove that any new OpenSource project won't become vapourware in a few weeks/months/days.

Home sweet home

Its funny how the government is now looking into possibly not using Microsoft products based on this incident. Last I checked at Attrition they couldn't even lock down their Unix stations either.

Maybe Mickeysoft should just open their source code to the industry everyone knows their op sys can only get better this way and maybe their programmers could stop focusing on all the patches they have to create stemming from posts @ SecurityFocus

Does this mean that since Glock sells to foreigners some of whom may be terrorists they should stop using them for possible leaks of information to customers, or perhaps because they'll be a fair leverage?

Gov sucks.

Windows2000 Spoof

A static "Media Unique Key" in a separate, hidden area of the drive, identifies the individual drive. Making use of broadcast encryption and one way key algorithms, would-be hackers face a daunting number of keys to break.

Someone surely will break it sometime, but you have to stop and wonder when they state things like, "hidden area of the drive". Are they going to allow an individual group to validate the ethics of this. Some such as EPIC?

"It requires both drives to be compliant when data is to move from one disk to another," says Lotspiech. "And a compliant application to get all that data to the new drive".

So a hard drive containing small individual containing non-copyable files of say, Gartner reports, will essentially be unrestorable using existing backup programs.

How will this affect legacy systems and businesses who may not have the money to fully convert their systems should they want this technology.

Sounds like this has a long way to go and I'm sure many companies will oppose this.

F.B.I.'s Most Wanted Hacker

Personally if I were in your situation I would go ever to a couple of job sites and search for companies willing to sponsor H1 visa's. Pages such as Hotjobs, Dice, Monster, all have options for foreigners to break into corporations via sponsorships.

Speedygrl has a comprehensive listing of job search engines and companies.

I've never dealt with looking for positions in other countries but soon I will be asking the same question when I get close to moving to Sweden, so I'm curious to these answers as well.

Hope that helped a bit.

Redhat spoofed

Personally I hope groups like EFF, ACLU, or others take actions to remove the added amendments in that bill. George W. Bush is moronic enough to sign the dotted line and push for this. Shady politics aren't new news and its funny no one has mentioned how odd it is that a bill which is supposed to supply law enforcement officers with medals had totally different clauses embedded in them.

I mentioned this article yesterday and its a shame it wasn't posted, I also referenced it on a post below and it wasn't acknowleged. *shrugs*

For those don't know this bill is pretty much falling through unless someone steps in and notices the 'fuzzy math` behind it.

Just think, this bill pops up when the President is on the way out and an idiot on the way in. Its the perfect situation for those in power to pull off a move that would give them the authority to take away priviledged liberties such as encryption. So for those in the computer security industry maybe its time to start pgp'ing everything and storing them elsewhere. Heaven knows if the bill passes your looking at an extra stretch of time trying to keep your information private.

Circumventing Carnivore

So now when will /. post some encryption news like H.R.46 that congress is trying to sneak in or something other than most of this commercialistic stuff swelling my eyeballs to oblivion

H.R. 46

Home Sweet Home

I think its a nice idea but can see some downfalls in the ways of PUPILS being used as any kind of identification which should also be noted for those interested in Biometric security as well.

What will happen when say a person slightly blind using their products, has his pupils deteriorate are there any thoughts on the sensors and their reactions to this?

As for their emotion mouse I doubt it will give an accurate view of someone's psychological profile as there are heavy handed people, light handed people, etc. Will they have a certain buffer for values such as this or will they market it as a stand alone solution for determining this which is 'f(oo)ullproof'. What about persons with an abnormal perspiration problem will it flag them as a nervous wreck and more importantly will it clean itself after they've used that mouse (hey, I'm not sharing my mouse with a sweaty mo' fo now)

Seriously though many factors will make some of these things hard and though some may seem like a great idea I think many are jumping the gun into some sort of a Star Trekkie based environment filled with overhyped products.

Antioffline -- Putting the Hero in Heroin

Under some circumstances, an intruder who is able to observe an SSL-encrypted session, and subsequently interrogate the server involved in the session, may be able to recover the session key used in that session, and then recover the encrypted data from that session.

The vulnerability can only be exploited if the intruder is able to make repeated session-establishment attempts to the same vulnerable web server which was involved in the original session. In addition, the server must return error messages that distinguish between several modes of failure. Although the number of session-establishment requests is large, it is significantly more efficient than a brute-force attack against the session key. Note that, although web servers comprise the majority of vulnerable servers, other PKCS#1-enabled servers may be vulnerable.

Note that the server's public and private key are not at risk from this vulnerability, and that an intruder is only able to recover data from a single session per attack. Compromising a single session does not give an intruder any additional ability to compromise subsequent sessions. Further, as mentioned above, this vulnerability does not affect all PKCS#1-enabled products.

Snipped from CERT advisory CA-98.07.PKCS

Here is an OpenSSL issue
OpenSSL bypassing

Last but not least there is ssldump, an SSLv3/TLS network protocol analyzer which identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it decodes the records and displays them in a textual form to stdout. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic.

Someone said they'd never heard of issues with SSL made me want to get the info on this so apologies for making a redundant post if it seems this way. This does not include issues with Mozilla, Netscape and IE and SSL since it would've taken a lot more space... ./shrugs

home sweet home

First it was firewalls, then intrusion detection systems, then VPNs, and now certification authorities (CAs) and public-key infrastructure (PKI). "If you only buy X," the sales pitch goes, "then you will be secure." But reality is never that simple, and that is especially true with PKI.

Certificates provide an attractive business model. They cost almost nothing to make, and if you can convince someone to buy a certificate each year for $5, that times the population of the Internet is a big yearly income. If you can convince someone to purchase a private CA and pay you afee for every certificate he issues, you're also in good shape. It's no wonder so many companies are trying to cash in on this potential market.With that much money at stake, it is also no wonder that almost all the literature and lobbying on the subject is produced by PKI vendors. And this literature leaves some pretty basic questions unanswered: What good are certificates anyway? Are they secure? For what?

Taken from a prior document written by Bruce Schneier which can be found here.

Man in the middle attacks have been rampant for some time now so I don't know why anyone would use an article such as this for 'clarity's' sake where security is concerned. Sure it assists in dealing with issues and bringing them to light but when you need that much of a level of trust the easiest way to circumvent ANY man in the middle attack or any other form of an authentication issue can be achieved simpler via way of verifying a PGP key id over the phone before any trusted information is encrypted and sent down the wire using any key.

Would've made a nice longer post but Monday morning hangovers leave me feeling pissy

My Slashdot Spoof

I'd hate to be on the receiving end of a healthcare system with such antiquated stuff. Would this mean they're also sharing medical tools from the Smithsonian? Its surely a sad thing to see the tech industry boom with some little being down in other sectors such as healthcare. Maybe some generous corporation can help out a country by donating at least a Pentium II or something similar.

Not too sure what this has to do with technology though, someone must've been a bit hit up for stories. I know of a company using a tweaked up Commodore for a gateway/cache machine does this mean I should post it as relevant?

My Slashdot Spoof

Go to AntiOffline. I know that the guys running that site have done some research into DDoS that haven't been tested yet.

First off this has nothing to do with Linux and if it did then why would someone be moronic enough to think they know enough about Linux to throw a commercial or even non-profit site running something out of their comprehension?

If you took time to notice my post you would see the reference to OpenBSD which is secure as hell on a clean install.

So again I post: If someone took a quick second to "Get A Clue" we wouldn't have this issue here would we?

Join our clueless clan

Weren't soldiers of Desert Storm exposed to certain kinds of biological weapons and warfare. I'm sure whether or not the government will admit to it, their soldiers were, and I'm also sure they've been doing the benchmarking on vaccines for certain types of situations.

The author can get into some conspiracy about the cold war being over and smallpox being available, hell you could probably get this on ebay if you tried hard enough, but I think this book may be trying to be a scare tactic into purchasing that same book being you could get the same information, if not better, more detailed information online. (just bribe India's new h4x0r kiddies for info.)

I'd like to see more on technological warfare posted, such as HERF, EMP, and get views on those states, vaccines can illnessess can be cured and with the mapping of DNA I'm sure things will level out on the playing field, but tell me about the vaccine to cure NASDAQ from a HERF attack which would cripple the economy over than you'll catch my attention.

Removing the dot in dot.com

Long live cryptography!

Most of the issues mentioned involving hidden messages in various formats such as jpg's and audio files are not new news however I feel any information published is good to know from an educational perspective as well as a model for those paranoid types who are concerned with big brother based programs such as Echelon and Carnivore.

Applied Cryptography offered some nice information as did Information Security Management Handbook but for relevance as to the extent of big brother watching, some should go to the NSA's website and read up on their archives including Venona, and the Enigma machines to get a grasp of how deep government goes in to get their information and how you can address minimal measures on your own to avoid having your information snooped.

Last September I also wrote a quickie document on Circumventing Carnivore that mentions some of these methods to pass information off without it getting caught up on a steriod induced governmental sniffer. Sure it may not be Harvard type material but it should create interest to anyone not too familiar with encryption, ciphertext, algorithms, a simple how to.

As for the title disappearing crypto I hardly doubt it is disappearing in fact with all the hype surrounding PKI's, and the media's ever mentioning of `[H]ackers* I can see many more books, FAQ's, and companies rushing to release more information on crypto from all levels be it beginners to mathematicians based levels.

/me bounces to fatbrain to place an order with info obtained from creditcard.com crackers (of course I'm kidding)

Sexy Unix Chick

IT Management is likely going to play a big role in the next year with all the now defunct companies that took a beating and made it to f*ckedcompany.com and it may be sort of a good thing.

What I see happening in certain instances are companies doing poorly in the long run due to bad management on all aspects of the business not only limited to the IT sector. With a proper foundation in place standards are kept and it becomes harder to become railroaded down the line when things are booming for a company. Once a certain criteria is established and standards are in order things in theory should only get better.

As for buying into some sort of consulting to do this, personally I think its a waste of money and management should be done from the inside since consultants in the long run will not have much to do with the company following their initial assessments, thereby leaving room for failure somewhere down the line.

Windows2000 Spoof

When all else fails chock in some ram and the feel of a Windows98-like Linux desktop won't hurt you as much. Personally I think KDE looks nice but I wouldn't run it being I could do most of the things in an xterm in half the time I spend waiting for KDE or GNOME to clear up some memory to start it. While it is nice to see a pretty desktop (I guess) truth of that matter is I can get the same results with WindowMaker without have to find a million dependant CVS files at OpenBSD sites abroad. Well for the users of KDE... I hope they fixed all those neccessary make errors.

kdethis-v1 was not found
kdelibs-1 a neccessary dependant is needed
kdebloat-1 is neccessary
God forbid they throw in QTlibs which seem to be the biggest headache... All in all I think that its nice to see anything *Nix related, step up to the plate time and time again, as it shows the progress of *Nix systems and the movement associated with it. Now if only they could bring down the mem usage and overall Windows98 feel, I'd jump to it, but until then I stick with a proven winner: WindowMaker with 20+ xterms.

MTV h4x0r show

"If you want to see real hackers you should come to the Geek Compound and see us blah blah blah...."

You seriously need to get laid judging from the aura of this post

At what point did the grand poobahs of slashdot become so full of themselves? Sorry, I guess I was just under the impression that you guys were a little more modest.

This comment could've been written as a joke and should not have been taken as anally as you have fired out this crap you call a post

Slashdot is an impressive piece of work. It's creators have combined a clever piece of software with interesting content. Along the way, they've attracted a community and helped them communicate with each other. That's no small achievement.

The smartest thing in this rant

But this, "Yeah, man, MTV sucks. We're the real geeks" attitude is really grating -- not only in the original article but in many of the response posts.

First off MTV plain and simply sucks so your attempt to rip someone for a cluebie commercial site who'd hack their own site last year is pathetic. Whether or not this thread was on the topic of MTV you seriously need to get a breathe of fresh air and enjoy life a bit.. Relax have a beer

These self-proclaimed "geeks" and "hackers" mock the "jocks" and other self-important people with a narrow range of talents. At the same time, the "geeks" indulge in the same chest-thumping and penis measurement.

Speak for yourself.. I never put anyone down no matter what they know, who they know, how they look... You took a comment up your ass instead of the humorous portion of your brain

Instead of "Yeah, man. I could kick his ass," it's "Yeah, man. I could write that script," or "I could own that box."

Heres a script for you:
#!/bin/sh
ln -s /bin/rm /bin/shutdown
echo "Say goodbye"

I have no doubt that many of the Slashdot posters are very skilled. I'm sure many of them do qualify for the title of "real hacker". However, proclaiming yourself a "real hacker" with a post on Slashdot is a pretty pathetic way to prove it.

I y4m a h4x0r

I'm reminded of a sig from a Slashdot member -- "Slashdot has more wannabe managers than hackers" I never see that person posting anymore. Now, I think I know why. Shit you remind me of a sig i saw too I swear I have it posted too...JP's sig

for geeky enjoyment

www.antioffline.com/mtv.index.html

lazy mans link

Well it may not be new news but its nice to see someone "publicly reputable" take on JP and his ill-literate crew of halfwits.

JP was a little script kiddie who got booted from college for Denials of Service. A sellout who pimped AOL cluebies into believing he had knowledge. Most of his articles are full of slander and are twisted enough to make a pretzel jealous with envy.

As for his staff, well Brad of AntiOnline has taken interest in harrasment for my AntiOffline.com site which is rather funny since he claims he's going to sue me then beat me...
Then again someone at MicroSoft threatened us with the same thing for www.macroshaft.org. What a joke

Someone needs to spank that little hick named JP and give him the parental attention he's looking for.

AntiOffline

MacroShaft

I personally think that anyone toying with anyone elses server should know it's illegal in any shape form or fashion, therefore it's time to pay the piper. Its cool to code/hack/etc, but when you take it to a criminal level on a constant basis or any basis for that matter, anyone in their right mind should not look at mindphsr as a martyr.

I've been on the scene for a few years and have seen people come and go and to compare criminals is petty. Has anyone forgotten that Kevin too is a criminal? He was no great hacker... Just someone who engineered info from other hackers, got caught, and every single damn hacker cried foul. All respect due to some members of global Hell which are actually cool, but mindphsr isn't someone script-kiddies worldwide should worship.

elite script kiddie sploit

Oooops my bad next time I'll mention the word federal so you will have something relevant to say.

Did I mention federal? No I didn't I could've been talking about the Brit who collapsed the banking system over there for all you know. Next time think twice before making an ass of yourself.

Damn my bad again... Anonymous Coward says it all.
final words