Slashdot Mirror

Snake_Plisken writes "I checked Windows Update today on a lark and found that Windows 2000 Service Pack 4 has been released." You can read a short CNet article discussing the media player patches as well as one more about the fixes in SP4.

Snake_Plisken writes "I checked Windows Update today on a lark and found that Windows 2000 Service Pack 4 has been released." You can read a short CNet article discussing the media player patches as well as one more about the fixes in SP4.

TK-421 writes "According to an official Pioneer press release, 'Pioneer is revolutionizing home video recording with the introduction of the world's first DVD recorders featuring the TiVo service. These new recorders offer consumers the control provided by the easy-to-use TiVo service integrated with advanced DVD recording for the option of short-term storage on a hard drive or long-term archival of broadcast programming on DVD-R/RW discs.'" The options include both 80 and 120GB models, starting at a not-inexpensive $1199, and there's more information via a CNET News article.

adamsmith_uk writes "There's an article up on ZDNet summarizing an interesting speech from Jon "Maddog" Hall about non-US open-source, as well as protecting open-source from 'looters' - well worth a read: 'The open-source development community is an international treasure and should be protected as such, said veteran Linux advocate Jon "Maddog" Hall, in a talk in Birmingham, UK, that emphasized the role of open-source software outside the United States.'"

rekkanoryo writes "News.com is carrying a story in which the Director General of APNIC (Asia Pacific Network Information Centre) says that the "shortage" of IP addresses in Asia is a total myth. There's also some talk of IPv6 in this article."

rekkanoryo writes "News.com is carrying a story in which the Director General of APNIC (Asia Pacific Network Information Centre) says that the "shortage" of IP addresses in Asia is a total myth. There's also some talk of IPv6 in this article."

prostoalex writes "The low-cost Linux PC market so far dominated by Lindows got a new entrant. According to News.com, Linare plans to sell a $199 no-monitor model with 1GHz VIA CPU, 128MB RAM, 20GB HDD, KDE, OpenOffice. An extra $50 would get the user upgraded to a 2GHz Athlon. Company is located in beautiful Bellevue, WA, which, as News.com noted, is quite close to another Seattle suburb - Redmond, WA."

Call Me Black Cloud writes "This article (also here) briefly discusses a suit against Dell for royalties on US patent 5,594,621. This patent, titled "Motherboard for a computer of the AT type, and a computer of the AT type comprising such motherboard", concerns the layout of ISA and PCI cards on a motherboard. Tulip Computers International somehow managed to convince the USPTO that its arrangement of cards on a mobo was worthy of a patent. Fearing the orderly arrangement of my sock drawer was infringing on a patent, I was relieved to discover only a patent for a magnetic sock holder, which solves the "well known problem associated with everyday laundering...the disarray that can occur with paired items of clothing such as socks"

Shadow Wrought writes "The Register is reporting on (alternate ZDNet article) the latest list of the top 500 supercomputers in the world. Top of the list is the Earth Simulator Center in Yokohama, Japan, with a benchmark performance of 35.86 Tflop/s. HP and IBM claim 159 and 158 of the systems respectively. I wonder how many teraflops Deep Thought could have done?"

citking writes "CNet is reporting that 'network administrators and security experts continue to search for the cause of an increasing amount of odd data that has been detected on the Internet.' While this has been going on now for a few days and some experts have already declared victory against the 'trojan', others aren't so sure that the real culprit has been identified yet. Other stories can be found here(1) and here(2)."

sk8rboi writes "Missing in Wed.'s (CNet) reports about the Digital Home Working Group (DHWG) effort from âoeMicrosoft and Sony to make sure DVD players and cell phones can communicate with each other over a home wireless networkâ is the real reason for the work--it's a DRM (digital rights management) play in disguise. Look at it logically. Why would an industry alliance need to define a standard to share an MP3 file between a smart phone and a PC? According to EmbeddedWatch, the answer is, it wouldnâ(TM)t. The file can already be shared via wireless email or WiFi. And both can read the file, since both support MP3. Consumer-electronics systems and computers can already interchange all sorts of files. But what they canâ(TM)t do--and what companies like Microsoft and Sony wish they could--is regulate the transfer of such files (aka block them if theyâ(TM)ve been downloaded for free from KaZaa). (DHWG, by the way, is actually led by Intel.)"

Ian Lance Taylor writes "I signed the SCO NDA and visited them to discuss their claims against Linux. My essay about it is on the Linux Journal web site. The short version is that SCO's claims are unproven, as indeed I expected would be the case before I went. The amount of information they were willing to show me was extremely limited, and did not by itself prove that their claims were true, nor that their claims were false." Other SCO-bits: Sun is doing their usual foot-in-mouth routine, thinking that two FUDs makes a Solaris purchase, or something like that. IBM is now joining the contact the customers bandwagon. Eric Raymond has been keeping himself busy - here's a story about him. SCO hates BSD, too, but they're not taking it lying down. And of course Cringley has his two cents.

Joey Patterson writes "CNET News.com reports that the RIAA has sent cease-and-desist letters to four individuals for allegedly pirating its music on P2P networks." They have yet to publicly release the names of who they have contacted, but 4 of the 5 were Verizon subscribers involved with their previous high profile case.

asyn42 writes "CNet is reporting what should be no surprise, Microsoft appears to be readying itself to take on Google for a position as the top search engine. The long range impact on the relationship between MSN and Yahoo/Inktomi is likely at risk."

drdale writes "Declan McCullagh responds at CNET.com to a proposal by the Council of Europe to require Internet sites to publish replies by individuals whom the sites criticize. This would apply to all web sites, apparently, including blogs. Per McCullagh, the Council's proposals do not have the force of law, but often serve as the basis for new laws." Imagine the chilling effect if McCullagh's own politechbot and similar sites had to follow such rules.

Bootsy Collins writes "This evening on C|Net contains three new items. First, they've upped the damages they're seeking to $3 billion. Second, they claim that by making SMP technology generally available through Linux, IBM violated federal export controls and thus breached their contract with SCO through committing an illegal act. Finally, they elaborate on one specific technology they claim rights to which IBM inserted into the 2.5 kernel series -- the read-copy update memory management features which went in at 2.5.43. Unclear is why SCO thinks they have the rights to RCU, since the technology was originally developed by Sequent in the early 1990s."

boss_ton writes "Sony is launching its newest Clie handhelds(NX80V, NX73V ), a combination personal video player and personal digital assistant, to the United States.Its already a huge hit in Japan. Amazon is reporting the launch date as July 11th. The NX80V is priced at $600. Here's the scoop on CNet. The official product page is here."

David Buck writes "Today, the Council of Europe (an influential quasi-governmental body that drafts conventions and treaties) is to finalize a proposal that would force all Internet news organizations, moderated mailing lists and even web logs (blogs) to allow a right of response to any person or organization they criticize. This would mean that you would be required to post the responses as well as authenticate their origin and make the responses available for some period of time. This will likely have a chilling effect on Internet communication (at least in Europe)."

An anonymous reader writes "From this ZDNET article: Future hijackers may find that their buttocks betray them, if UK defense firm Qinetiq has its way. The company has developed a smart chair stashed with a thicket of seat sensors, according to New Scientist magazine this week. The same seats could also be used to warn cabin staff of illness among the passengers, potentially alleviating the risk of deep vein thrombosis or DVT."

aliebrah writes "CNet reports that Microsoft will not release any more major upgrades for Internet Explorer on MacOS. They cite competition from Safari as the reason for this decision, and say that Safari is a better browser for Macintosh systems. Ironically, they also say that they can't compete with Apple, because Apple has better access to the underlying operating system." Yeah, that must be rough. Today's SlashDotFunQuiz is to predict the order in which, impact when, and years until these other Mac products get the axe: Media Player, MSN Messenger, Office, Outlook, and Virtual PC.

Farrax writes "One of the first steps to nanotechnology, either strong or weak, is the ability to even talk about materials on this scale with precision. Thursday, with the successful test of a nano-tech "nose," that step was achieved: weight fluctuations of 5.5 femtograms were detected on a bar of gold. The dream of nano-technology moves forward: maybe we'll see it by 2020 after all."

The SCO must go on. Informationweek has a roundup. News.com has some analysis of the legal case. SCO reiterates their threat to revoke IBM's license. Reader hobsonchoice sends a blurb: "Also more from analysts who saw SCO/Linux code comparisons under NDA. Bill Claybrook, of Aberdeen Group Inc., says SCO changed their story to him about whether they had any "direct evidence" that IBM copied any System V code into Linux. Laura Didio of Yankee Group has answered some detailed questions about her code review process. Lastly Fujitsu Siemens have joined in the debate: they don't think SCO's case is going anywhere." One observer of the SCO case has compiled some notes about Caldera's active participation in the IA-64 project. And look on the bright side: if you follow the school of thought that all publicity is good publicity, at least this suit has gotten Linux mentioned in many places where it normally wouldn't be.

The SCO must go on. Informationweek has a roundup. News.com has some analysis of the legal case. SCO reiterates their threat to revoke IBM's license. Reader hobsonchoice sends a blurb: "Also more from analysts who saw SCO/Linux code comparisons under NDA. Bill Claybrook, of Aberdeen Group Inc., says SCO changed their story to him about whether they had any "direct evidence" that IBM copied any System V code into Linux. Laura Didio of Yankee Group has answered some detailed questions about her code review process. Lastly Fujitsu Siemens have joined in the debate: they don't think SCO's case is going anywhere." One observer of the SCO case has compiled some notes about Caldera's active participation in the IA-64 project. And look on the bright side: if you follow the school of thought that all publicity is good publicity, at least this suit has gotten Linux mentioned in many places where it normally wouldn't be.

macrealist writes "CNET is reporting that Apple will discuss the use of HyperTransport in Macs at the Developer's conference. The interesting thing is that the article claims that Apple is not likely to use hypertransport to link the CPU to the memory, but instead to link chipsets together because IBM would have to 'to adapt it to the Power architecture.' But according to arstechnica, the 970 does have a frontside bus that operates at similar speeds to Hypertransport."

NumberField writes "The fight against Spam is making for some strange bedfellows. A new bill sponsored by Senator Charles Schumer (D-NY) and the right-wing Christian Coalition that would let individuals sue spammers for $1000 per message. What isn't clear is how they will define spam broadly enough to outlaw it, but narrowly enough to avoid making it a bonanza for lawyers. For more information, see Schumer's fact sheet (PDF), or his press release." Update: 06/13 14:20 GMT by M : The draft bill (pdf) is available.

Jerrry writes "CNET News reports The Open Group is suing Apple over unlicensed use of the Unix trademark, after Apple used the term in conjunction with its Mac OS X marketing. Apple, meanwhile, is countersuing to have the Unix trademark declared invalid because the term has become generic."

RugbyHoe writes "Silicon.com's Will Sturgeon reports that more than two-thirds of mobile phone users have received spam on their cell phones and raises the concern that spam will become as much of a problem on this medium as it is with e-mail. He continues with a warning that many companies that offer downloadable ring tones are guilty of 'harvesting' your phone number. Think about that the next time you think you need to annoy your neighbors with the latest and greatest fiddy-cent ring tone."

Pii writes "News.com is running a story about Penguin Computing acquiring Scyld Computing, a company founded by Donald Becker, of linux ethernet driver and Beowulf cluster fame. Becker will stay on as Penguin's Chief Technology Officer, and the companies claim they don't expect any layoffs as a result of the merger."

TheSync writes "News.Com has an article by Declan McCullagh that says the FCC is considering a new tax of up to 9.1% on the revenue of cable modem providers. This is an expansion of the existing universal service fund, which currently does not apply to cable services. The USF could even be expanded to wireless IP and VOIP providers as well, expanding the fund to over $13 billion."

miladus writes "The GIF patent (held by Unisys) will expire on June 20. C|Net wonders whether that will also mean that PNG "will lose its original reason for being". Remember Burn All GIFs? " My hope would be that at this point PNG can stand on its own technical merits, rather then on ideological merits.

securitas writes "Declan McCullagh interviews Bruce Sterling about Total Information Awareness (renamed Terrorist Information Awareness and raising concerns) or 'Poindexter's nutty scheme' as Sterling thinks of it. He predicts TIA will destabilize the government and lead to internal KGB-style coups. Whether you agree with him or not it makes for thought-provoking reading."

rkuris writes "Oracle has launched a 5.1 billion dollar cash hostle takeover bid against Peoplesoft. PeopleSoft's CEO Craig Conway (a former top executive for Oracle) called Oracle's offer 'atrociously bad behavior from a company with a history of atrociously bad behavior.' 'Obviously it is a transparent attempt to disrupt the [1.7 billion dollar friendly] acquisition of J.D. Edwards by PeopleSoft announced earlier this week.' The week's events have reopened old wounds between the companies, which have a history of hostility and name calling."

rkuris writes "Oracle has launched a 5.1 billion dollar cash hostle takeover bid against Peoplesoft. PeopleSoft's CEO Craig Conway (a former top executive for Oracle) called Oracle's offer 'atrociously bad behavior from a company with a history of atrociously bad behavior.' 'Obviously it is a transparent attempt to disrupt the [1.7 billion dollar friendly] acquisition of J.D. Edwards by PeopleSoft announced earlier this week.' The week's events have reopened old wounds between the companies, which have a history of hostility and name calling."

SCO has discovered an amendment to their contract with Novell that may clarify that they did purchase the copyright to System V after all. Heise has an interview in German with a former employee. Cringely says SCO probably was responsible for any duplicated code itself, with a theory that is quite plausible. One non-programmer corporate analyst has looked at SCO's alleged evidence. And SCO has another press conference today.

Brushfireb writes "Republican Sen. Sam Brownback is pushing a bill that will limit the ability of record labels, movie studios and others to use anticopying technology on their products. Most notably, this is important because it states that people will be able to resell their used DVDs, along with putting a concrete limit on this behavior of DRM/anticopying schemes by the RIAA and MPAA."

JulisJ writes "NYTimes reports that Verizon will turn over the names of online subscribers accused of swapping music. This could be a big blow to the file-swapping community, even if you're swapping legit." There's also a story on News.com. See our previous story for background.

Slashback tonight with a round of corrections and updates to recent (and not recent) Slashdot postings. Read on to find out more on the fate of Larry Ellison's thin-client Linux machine, OpenTV vs. GNU, getting satisfaction instead of defective hard drives, and more. Enjoy!

Was it ahead of its time or vice versa? BreadMan writes "After limping along for years, the New Internet Computer (NIC) company finally went under. Founded by Larry Ellison, NIC sold a diskless workstation running Linux targeted at home users that wanted internet access. From the spec sheet it looks like this would be fun as a hacking platform if you can get one on the cheap."

Way to GNU! xarium writes "Seems that in response to pressure from the FSF OpenTV has released the source code to all of its compilers. You can download the full package here (~18meg)."

Because a hard drive should not be a rhythm section. Dynamoo writes "As previously noted in Slashdot, Fujitsu MPG3xx series hard drives have been failing in huge numbers. The U.S. law firm, Shepherd Finkelman Miller & Shah is currently conducting a class action against Fujitsu and HP for knowingly distributing faulty drives. According the this article in The Register, Gateway has now been lined up as a defendant.

The fault appears to impact MPG3102AT, MPG3204AT, MPG3307AT and MPG3409AT units manufactured in early 2001. If you have one of these, then it has probably failed already, if not you should replace it asap. If you're a customer of HP/Compaq you can visit the HP Hard Disk Drive Replacement Program site.
We had about 40 of these things fitted to Compaq DeskPro EXDs, and I can assure you the failure rate is pushing 100%."

In the public domain, no one knows you're a dog. smiff writes "United Press International reports on Dastar v. Twentieth Century Fox. Reversing lower court rulings, the Supreme Court unanimously ruled that Dastar did not violate the origin-of-work provision of the Lanham act. Dastar had taken public domain video, made some modifications, and sold it as its own product. Twentieth Century Fox sued claiming they should have been given credit for the video. According to Antonin Scalia, Dastar would have violated the Lanham Act if it had simply repacked the material and sold it as its own. But since Dastar made some minor changes, the Lanham Act doesn't apply.

While Dastar has been cleared under the Lanham Act, the Supreme Court sent the case back for a rehearing. The Fox video entered the public domain in 1977, but the book it was based on is still protected by copyright."

... or get off the pot. Brazilian Joe writes "The LinuxTag folks, as you may know, are responsible for a restraining order against SCO's claims in Germany. As a result, SCO has shut down its Germany web site. Story here."

Slashback tonight with a round of corrections and updates to recent (and not recent) Slashdot postings. Read on to find out more on the fate of Larry Ellison's thin-client Linux machine, OpenTV vs. GNU, getting satisfaction instead of defective hard drives, and more. Enjoy!

Was it ahead of its time or vice versa? BreadMan writes "After limping along for years, the New Internet Computer (NIC) company finally went under. Founded by Larry Ellison, NIC sold a diskless workstation running Linux targeted at home users that wanted internet access. From the spec sheet it looks like this would be fun as a hacking platform if you can get one on the cheap."

Way to GNU! xarium writes "Seems that in response to pressure from the FSF OpenTV has released the source code to all of its compilers. You can download the full package here (~18meg)."

Because a hard drive should not be a rhythm section. Dynamoo writes "As previously noted in Slashdot, Fujitsu MPG3xx series hard drives have been failing in huge numbers. The U.S. law firm, Shepherd Finkelman Miller & Shah is currently conducting a class action against Fujitsu and HP for knowingly distributing faulty drives. According the this article in The Register, Gateway has now been lined up as a defendant.

The fault appears to impact MPG3102AT, MPG3204AT, MPG3307AT and MPG3409AT units manufactured in early 2001. If you have one of these, then it has probably failed already, if not you should replace it asap. If you're a customer of HP/Compaq you can visit the HP Hard Disk Drive Replacement Program site.
We had about 40 of these things fitted to Compaq DeskPro EXDs, and I can assure you the failure rate is pushing 100%."

In the public domain, no one knows you're a dog. smiff writes "United Press International reports on Dastar v. Twentieth Century Fox. Reversing lower court rulings, the Supreme Court unanimously ruled that Dastar did not violate the origin-of-work provision of the Lanham act. Dastar had taken public domain video, made some modifications, and sold it as its own product. Twentieth Century Fox sued claiming they should have been given credit for the video. According to Antonin Scalia, Dastar would have violated the Lanham Act if it had simply repacked the material and sold it as its own. But since Dastar made some minor changes, the Lanham Act doesn't apply.

While Dastar has been cleared under the Lanham Act, the Supreme Court sent the case back for a rehearing. The Fox video entered the public domain in 1977, but the book it was based on is still protected by copyright."

... or get off the pot. Brazilian Joe writes "The LinuxTag folks, as you may know, are responsible for a restraining order against SCO's claims in Germany. As a result, SCO has shut down its Germany web site. Story here."

Roundeye writes "So the folks at monsterpatterns.com dumpster-dive to get envelopes containing discontinued sewing patterns and sell the envelopes via their website. The sewing pattern company McCall invoked the DMCA to get the site shut down. Monsterpatterns is now suing to protect their 'fair use rights' to advertise and sell the discarded patterns. You might recall that this isn't the first time the sewing industry has cracked down on bootlegging grandmas and their suppliers."

Brushfireb writes "In a move that most Slashdotters will find suprising (/sarcasm), the RIAA has once again sued Morpheus, over a service that Morpheus never launched, known as StreamCast Networks. This comes not long after the RIAA lost the case to Morpheus, as you may remember from this Slashdot article."

sckienle writes "ZD-Net has an article about Microsoft's plans to overhaul their patch system. 'Ninety-five percent of attacks happen after a patch for a known software vulnerability has been issued' says Scott Charney, chief trustworthy computing strategist at Microsoft. Basically, Scott is promoting the idea that Microsoft can do a better job, in many ways, so people will trust and be able to install patches quickly. Microsoft has a transcript of Scott Charney's talk on their site." As reader sweeney37 summarizes, " Microsoft's plan is to reduce the patch installers from eight to two, they want to have one patch installer specifically for the OS side and one specifically for the applications." Sweeney37 points out this InformationWeek article on the planned change.

mysterious_mark writes "Sun has a new initiative promoting Java for game development, according to a story at CNET News." Interestingly, the company is trying to convince game makers that you can make state-of-the-art titles in Java as easily as simpler browser or phone games: "Java also has been used to build a number of simple online PC games, such as card games, but the language can be used to create sophisticated graphics for A-list games, Melissinos said. 'Some people may have the misconception that Java can't do great, high-performance graphics, and that's absolutely not true.'"

Still more links on SCO's assorted allegations of copyright infringement. They say they're going to sue Novell. Software analysts refuse to be part of the hoax - also some good quotes from Linus here. SCO and UNIX: a Comedy of Errors. Salon has a story on SCO too, but sadly it's not available to read freely. And Wired has an old story which I think sums up the SCO claims pretty well.

dano1992 writes "From Cnet: Computers replace petri dishes in biological labs. "The life sciences field is poised to spend billions on IT due to a need to manage an explosion in biosciences data, and a desire on the part of drug companies to streamline drug development." But the folk who'll catch the best part of the wave are those who can work with clusters, databases and storage on a massive scale."

darthv506 was among several to point out a Cnet story describing a new "1.5GB HD on a 1" Platter. Samsung is releasing a sub 600 buck video camera that is "Smaller than a pack of cigarettes" featuring the drive. The drive is actually in production, and apparently goes for $65 in volume.

mesozoic writes "News.com is reporting that Kazaa and Altnet are unrolling a setup where users are paid to distribute 'authorized content.' The article also mentions something about getting rid of unauthorized files, but is unclear on when and how. I'll be paying close attention to whether this P2P business model pans out; Sharman _has_ shown some shrewd business sense in the past."

An anonymous reader submits this story that Searchking has lost its suit against Google for lowering search rankings. Silly lawsuit, good riddance. See our original story.

dmehus writes "America Online, parent company of Nullsoft, has pulled what it views as a controversial project called WASTE from Nullsoft's servers. This is not the only time it has stepped in to Nullsoft's doings. It had quickly taken down Gnutella, developed by Nullsoft co-founder Justin Frankel, and shut down an MP3 search engine. CNET's News.com has more details." For those not keeping track, WASTE was only recently released.

You asked nmap creator Fyodor many excellent questions, and his answers (below) are just as excellent. You'll want to set aside significant time to read and digest this interview, because Fyodor didn't just toss off a few words, but put some real time and energy into his answers.

1) Interesting stories involving nmap?
by Neologic

Nmap has obviously become a huge success in the *nix world. I would wager that practically all sysadmins and security folk use nmap. With this sort of use by such creative and lazy people, there must have been some interesting stories involving nmap, perhaps unusual uses of it, or funny anecdotes. Are there any you would like to share?

Fyodor

The coolest use ever was undoubtedly when Trinity used it to try and save the human race :). But the use I find most gratifying are the Chinese students and residents who have written me about how they use Nmap to locate open proxies. These proxies allow for surfing the uncensored Internet, including the news, educational, pornographic, religious, open source software, government, political, search engine, and human rights sites that are blocked by the Great Firewall of China.

Many of the best features in Nmap came from the user community in ideas if not implementation. For example, the protocol scan (-sO) determines what IP protocols (TCP, UDP, GRE, etc.) a host is listening for. I had not thought of this, but the idea and patch came out of the blue one day in an email from Gerhard Rieger. On another day, a guy named Saurik sent a patch called Nmap+V that allows Nmap to do basic service/version fingerprinting against open ports. It has attracted a cult following, and I plan to add similar functionality to Nmap this year. The initial Windows port by eEye arrived similarly. Despite all these great suggestions, certain other user-contributed ideas are not on the agenda.

Then there are a small handful of users who detect problems nobody else would ever notice, like 4 byte/host memory leaks. They send me error messages with notes saying the bug happens "about once per 700,000 IPs". I have no idea what these guys are up to, but some have been sending me this kind of mail for years. They can't be spammers, as they are intelligent and also use more sophisticated scan techniques than you would need to just find SMTP servers.

2) Recent increases in anal-retentiveness...?
by Zeriel

There's been a marked increase in system administrators thinking that anything even remotely resembling a network scan is eeeeevil (case in point, last year I almost got kicked out of college for scanning port 80 on my dorm subnet looking for interesting websites to read)...

What do you think can be done to make scanning IP addresses/ports have less of a negative stigma? This is in the same sort of category as legit vs. illegit uses of anything else (P2P, whatever)--what's the rationale for punishing something that could maybe lead to criminal activity, and how can we make network scanning tools have practical uses again?

Fyodor

That is an excellent question, and one that concerns me as well. But first, I think your final statement is too extreme. I would guess 90% of network scanning is non-controversial. You will rarely be badgered for scanning your own machine or the networks you administer. The controversy comes when scanning other networks. There are a lot of (good and bad) reasons for doing this sort of network exploration. Perhaps you are scanning the other systems in your {dorm, department, cable LAN, conference LAN} to look for publicly shared files (FTP, SMB, WWW, etc.). Or perhaps your just trying to find the IP of a certain printer. Maybe you scanned your favorite web site to see if they are offering any other services, or because you are curious what OS they run. Perhaps you are just trying to test connectivity, or maybe you wanted to do a quick security sanity-check before handing off your credit card details to that ecommerce company. You might be conducting Internet research, or be bored on a rainy afternoon. Or are you conducting reconnaissance in preparation for a breakin attempt?

The remote administrators rarely know your true intentions, and do sometimes get suspicious. The best approach is to get permission first. I've seen a few people with non-administrative roles land in hot water after deciding to "prove" network insecurity by launching an intrusive scan of the entire company or campus. Admins tend to be more cooperative when asked in advance than when woken up at 3AM by an IDS alarm claiming they are under massive attack.

You compared Nmap to P2P tools in having a "negative stigma". In both cases, one effective way to fight the stigma is to limit your own use to "legitimate" purposes. Use BitTorrent to download RedHat ISOs, but not Matrix Reloaded. Use Nmap to secure and monitor your computers, but not to attack other networks. And if you decide to attack other networks anyway, please be courteous and set the evil bit.

Now I'll admit that I don't always obtain explicit permission before scanning other networks. I don't believe (but IANAL) that a simple port/OS scan of a remote system is or should be illegal. Any machine connected to the Internet will be scanned so often that most admins ignore such "white noise" anyhow. But scan other networks often enough, and someone will eventually complain. So my advice would be:

1. Don't do anything controversial from your work or school connections. Even though your intentions may be good, you have too much to lose if someone in power (boss, dean) decides you are a malicious cracker. Do you really want to explain your actions to someone who may not even understand the terms "port scanner" or "packet"? Spend $10 bucks a month for a dialup or shell account. You didn't really violate this rule, as scanning your dorm subnet for just port 80 should not even be remotely controversial!
2. Target your scan as tightly as possible. If you are only looking for web servers, specify -p80 rather than scanning all 65,535 TCP ports on each machine. If you are only trying to find available hosts, do an Nmap ping scan. Don't scan a /16 when a /24 will suffice. The random scan mode now takes an argument specifying the number of hosts, rather than running forever. So consider -iR 1000 rather than -iR 10000 if the former is sufficient. Use the default timing (or even "-T Polite") rather than "-T Insane".
3. Nmap offers many options for stealthy scans, including source-IP spoofing, decoy scanning, and the more recent Idle Scan technique. But remember there is always a trade-off. You will be harder to detect if you launch scans from an open WAP far from your house, with 17 decoys, while doing followup probes through a chain of 9 open proxies. But if anyone (such as Tsutomu Shimomura) does track you down, they will be mighty suspicious of your intentions.

I occasionally consider adding some sort of "notification packet" prior to a scan that would give hosts the chance to respond and opt-out. This would be like the /robots.txt directives currently used to control polite Web robots. Perhaps the format could even include a text string that IDS systems could log, like: nmap -sS -p- -O -m "Direct questions about this scan to ops at x3512" 192.168.0.0/16 nmap -sS -p- -O -m "mY n4m3 iZ Zer0 |<00L and I'll 0wn j0o%#@" targetcompany.com/24 Of course Nmap would have an option to omit the notification or to send it and ignore any negative responses. Some scanners, such as ISS Internet Scanner already send out NetBIOS popup messages to scanned hosts by default, and other scanners use syslog. I won't be adding any features like this to Nmap unless I see substantial demand and the obvious issues are worked out.

3) OS fingerprinting
by neoThoth

What are the latest advances in fingerprinting networked devices that seem most promising to you? I have started reading papers on HTTP fingerprinting and such and wonder how these will figure into the NMAP architecture. What are the most elusive OS's that aren't on the NMAP OS fingerprint database?

Fyodor

There are a number of OS detection techniques I hope to add this year. One is to guess (or calculate) the initial TTL of response packets, since this varies by OS. Some operating systems also "reflect" your own chosen TTL under various circumstances. Then there are some newer TCP options, such as selective ack that I might test for. Explicit Congestion Notification (RFC 2481/3168) also shows promise. I'll probably add all of these at once later this year, after discussions with the Nmap-dev list. If you wish to participate, you can join that list by sending a blank email to nmap-dev-subscribe@insecure.org. There is also a low volume, moderated list for announcements about Nmap, Insecure.org, and related projects. You can join the 15,000 current members by mailing nmap-hackers-subscribe@insecure.org [archives].

While adding new fingerprinting techniques is fun and exciting, improving the signature database often ads more value. The DB now contains more than 850 signatures, from the Acorn RISC OS and Aironet wireless LAN bridge to the ZoomAir wireless gateway and Zyxel Prestige routers. We're talking gaming consoles, phones, PBX systems, PDAs, webcams, networked power switches, you name it! New fingerprints are submitted daily.

Application level fingerprinting (including HTTP) is coming. I usually regret stating dates, but I hope to develop this functionality within the next 3 months.

4) Stepping into a network security career
by Anonymous Coward

I'll be graduating this month with a shiny new BS in Computer Science. I've done plenty of Unix sysadmin work throughout college and even deployed some high-interaction honeynets. I'm very interested in network security and systems programming. Do you have any advice for people in my situation who want to head into a career in network security?

Fyodor

Congratulations on your graduation! Unfortunately (for newcomers), the security field is one that often expects substantial experience and references. This is partly because these jobs require extraordinary trust, and also because of an aversion to mistakes. Everyone makes mistakes, but they can be extraordinarily costly in security and neophytes tend to make more of them. But don't lose hope! Talented security minds are still in very high demand, just be aware that you will have to work even harder to prove yourself.

Here are my suggestions for anyone starting out in network security, whether for fun or profit:

Step 1: Learn everything you can

1. You may wish to start with reading a general overview of security, such as Practical Unix and Internet Security 3rd Edition.
2. Reading alone won't teach you much. Hands-on experience is critical, so I would set up at least a basic test network. At the very minimum you should have a Unix box or two and a Windows machine (because these are very common in the real world). You can use very cheap machines, or even emulate a large network with virtualization software such as VMWare.
3. Next you should learn more about how attacks are performed. Take a look at the excellent and free Open Source Security Testing Methodology Manual (OSSTMM). This document aims to provide a comprehensive framework for security testing. But it mostly lists tasks to perform, without specifying how to do so. You will gain a lot from this manual if you research the tasks you don't know how to complete, and if you actually try performing the tasks on your test network. If this manual is too curt or hard to follow, you could try a more verbose book on vulnerability assessment, such as Hacking Exposed 4th Edition.
4. Now that you understand many of the general security ideas, it is time to get current. This is one area that has actually become easier in the last decade. The thinking used to be that vulnerability information should only be distributed to well-known and trusted administrators and security researchers through private digests such as Zardoz. This was a disaster for many reasons, and the full disclosure movement was born. In the last couple of years things have started to shift toward more limited ("responsible") disclosure and there is also a disturbing pay-money-for-early-disclosure trend. But information is still much more available than it used to be. Most of the news is carried on mailing lists, and I archive the ones I consider the best at Lists.Insecure.Org. You must subscribe to Bugtraq, and I would also highly recommend pen-test, vuln-dev, and security-basics. Read at least the last 6-12 months of archives. Choose other lists that correspond to your interests. SecurityFocus also offers a security-jobs list which is an excellent resource for finding jobs or just understanding what employers desire.

   There are two major reasons for reading Bugtraq. One is that you must react quickly to new vulnerabilities by patching your servers, notifying your clients, etc. You can get this by simply scanning the subject lines or advisory summaries for bugs that directly apply to you. But then you will miss out on another crucial purpose of Bugtraq. Actually understanding a vulnerability helps you defend against it, exploit it, and identify/prevent similar bugs in the future. When you are lucky, the advisory itself will provide full details on the bug. Check out this excellent recent advisory by Core Security Technologies. Note how they describe exactly how the Snort TCP Stream Reassembly vulnerability works in detail and even include a proof-of-concept demonstration. Unfortunately, not all advisories are so forthcoming. For bugs in Open Source software, you can understand the problem by reading the diff. The next step is to actually write and test an exploit. I would recommend writing at least one for each general class of bug (buffer overflow, format string, SQL injection, etc.) or whenever a bug is particularly interesting.

   Be sure to read the latest issues of Phrack and the research papers posted to the mailing lists. Send your comments and questions to the authors and you may start interesting discussions. Read well-regarded books on the security topics that interest you most.

   I can't emphasize enough that you should intersperse hands-on work with all of this reading. Install unpatched RedHat 8 (or whatever) and run Nmap and Nessus against it. Then compromise it remotely, maybe via the latest Samba hole. Start out with a prewritten exploit from Bugtraq, which isn't quite as easy as it sounds. You may have to modify the 'sploit to compile, brute force the proper offset, etc. Then break in again using a different technique, and your own exploit. Install Ethereal and/or tcpdump and ensure you understand the traffic on your network during both your exploitation and normal network activity. Install Snort on an Internet-facing machine and watch the attacks and probes you'll experience. Wander around your neighborhood with Kismet, Netstumbler, or Wellenreiter on your Laptop or PDA to look for open WAPs. Install DSniff and execute an active MITM attack on an SSH or SSL connection between two of your computers. Take a look at my Top 75 Tools List and ensure you understand what each does and when it would be useful. Try out as many as you can.

5. Take a vacation, or at least a weekend camping! You deserve it! The steps above would probably take at least 3-12 months full-time, depending on your motivation level and the depth and breadth of your research.

Step 2: Now apply your newfound knowledge

Now you have learned enough to be dangerous. At this point, you would have little trouble obtaining most certifications, after studying the specifics of each topic. If your main goal is to find a job quickly, perhaps adding these extra feathers to your cap might be worthwhile. But I think your best bet is to prove your knowledge by joining and contributing to the security community. While this does indeed help others, it isn't an entirely selfless act. It improves your skills, leads to important contacts, and demonstrates your knowledge and ability in a constructive way. The latter is important if securing a career is one of your goals. These steps should also be fun! If not, perhaps you should keep looking at other fields. Here are some ideas:

Start participating with insightful comment and answers on the mailing lists. This is very easy and serves as a great learning experience, way to meet people, and garners some name recognition. If a security manager with a stack of 60 resumes recognizes your name, that is a huge win!

When a new worm or a big new vulnerability comes out, everyone wants to know the details. If you stay up all night disassembling the worm/patch and write the first comprehensive analysis, many folks will find that valuable. And you will learn a lot. Let your first priority be quality - if someone beats you to it, just compare your results with theirs to see if you (or they) missed (or misinterpreted) anything. You can also post your own exploits, although that is more of a political hot potato.

Attending security conferences is a great way to learn, party with fellow hackers, and network (in every sense of the word). Much better is to speak at these conferences. This field changes rapidly so there are always new topics and technologies to discuss. You don't have to be a well-known expert with a long history - just learn your topic well and put in the effort for a quality presentation. You could present at Defcon, at one of the more commercial events, or at a smaller regional con like ToorCon, CodeCon, Hivercon, etc. Among other advantages (often free admission/travel/hotel), this is a great way to meet people with similar interests. I spoke at the latest CanSecWest and have submitted a proposal for the next Defcon.

Now that you've seen and understand a wide variety of software vulnerabilities from your Bugtraq research, start finding your own. You can start by downloading any PHP app from Sourceforge. Most of those are hopelessly vulnerable to Cross-Site-Scripting, SQL injection, and/or remote code execution by "remote include" directives. Many (if not most) Windows shareware daemons are also vulnerable to simple buffer overflows and format-string bugs. Notify the authors and then write an advisory. After a few of these "easy targets", try breaking some more widely deployed programs.

Write a security tool! I could list some suggestions, but by this point you will have many of your own ideas as to what is needed. Scratch an itch.

I hope this helps. If you want more suggestions, Ask Slashdot. From that story, I found this post particularly insightful, especially the emphasis on "people skills". I don't claim to have any, but understand the value :).

5) Have you ever been tempted to use your gifts...
by Tim_F

...in a negative manner?

Have you ever hacked into someone else's computer? Have you ever considered it? What would cause you to think of doing this? Would your tools (nmap, etc.) be enough to allow you to do this?

And if you haven't, why is that the case?

Fyodor

I never do script-kiddie style "hack any random vulnerable box on the Internet" cracking. But sometimes I will launch targeted attacks at specific companies. I'll usually start with just a web browser and various search engines to learn everything I can about my target. I need to understand what the company does, who it partners with, and whether it has any corporate siblings, subsidiaries, or parents. Beyond that, posts by individual employees can be a gold mine. Besides providing names and titles for social engineering and brute force password attacks, the IPs in the mail/news routing headers can be very valuable. One of the reasons I run my own mailing list archive is to maintain access to the raw mail folders which contain the routing info and X-no-archive posts that web archives strip out. Another advantage to locating employees is that you can send them trojan executable attachments, which can be a very effective way into the network.

Next I'll gather known IP network information on the companies via DNS, whois, regional registries like ARIN, routing info, Netcraft, etc. Then comes the scanning (I tend to use Nmap), application-probing, vulnerability discovery, and exploitation stages.

Of course, I only do this when the company is paying me to do so. Performing these pen-tests offers several advantages over blackhat activity:

1. You don't go to jail (If you've worded your contract carefully.)
2. Instead of having to keep your übertechniques secret to avoid prosecution, you get to demonstrate them to management.
3. They actually pay you for this! And you are helping to protect them and the privacy of their customers.

Now some people might ask how you gain these skills without practicing on other networks first. Cheap hardware and the evolution of free UNIX operating systems have made this much easier than in the past. See the previous answer for some suggestions. And remember that you can always work together with friends, or participate in hacking contests like Defcon's Capture the Flag.

6) You'll have seen a lot of breakins.
by Hulver

During your time running Honeypots, you'll have seen a lot of compromised systems. Is there any incident that's really stuck in your mind because of the audacity of the attempt, or the stupidity of the person attempting the breakin.

Fyodor

On the humorous front, one attacker was was running a public webcam during his exploits, so we were able to watch him crack into our boxes in real time :). I will resist the urge to link a screenshot. His rough location was determined when we noticed Mrs. Doubtfire playing on his TV and correlated that with public schedule listings. He was working with a Pakistani group, but was actually on the US East Coast.

In the "disturbing audacity" front, this year we found that a group of crackers had broken into an ecommerce site and actually programmed an automated billing-sytem-to-IRC gateway. They could obtain or validate credit card numbers by simply querying the channel bot! Expect a more detailed writeup soon.

7) What makes a honey net enticing?
by cornice

It seems that many of the honey nets that the average hobbyist would run are built to attract a lesser cracker. What I mean is that ports are left open that normally would not be left open. Services are running that normally should not, etc. I think that a really smart fish would see this as nothing but a cheap lure and refuse the bait. Do you think it's possible to fool the really smart fish? Is is possible to bait with something enticing enough without tipping off the big fish? Does publication of your work make this task more difficult?

Fyodor

Excellent question, and I had many of the same concerns upon joining the project. Then I remembered that most of the attacks and real-world compromises are committed by these marginally skilled script kiddies. So there is still a lot of value in understanding their tools, tactics, and motives. Despite this apparent limitation, I have been surprised by some of the sophisticated things we have found. For example, the first known "in the wild" attack using the Solaris dtspcd vulnerability was caught by one of our honeynets and resulted in this CERT advisory. Then one of our Honeynet Alliance members had their Win2K honeypot compromised and joined into a botnet with 18,000 machines! Attackers on such a grand scale won't even know all of the companies they have compromised, much less whether any of the systems are honeynets.

I do believe baiting the "smart fish" might be possible, but I have never done this. Is not legally entrapment, as we aren't any sort of police force, but I am not very comfortable with the idea. If someone attacks my box that is just unobtrusively sitting on the network, I believe the attacker should have no expectation of privacy for his activities on the system. Things become more complex if I try to lure the attacker.

8) IPv6
by caluml

Do you think that with the very large address space of IPv6 that random scanning for a certain port will die off? (I notice nmap doesn't support random IPv6 address scanning - maybe you've already come to the same conclusion?) Simply put, the chances of finding a machine if it's not advertised anywhere will be very much reduced. Will this make people lazy and complacent, trusting on the large numbers involved to protect them?

Fyodor

Finding a machine by by pinging a completely random 128-bit address will probably never be effective. Fortunately, we won't have to! Nmap does not even do that for 32-bit IPv4 addresses - it is smart enough to skip huge blocks of address space that are unallocated or used for private (RFC1918, localhost) addresses. We will also see patterns emerge for IPv6. For example, they may often be allocated sequentially so that finding one leads to many others. I am waiting until adoption rises and we start seeing these patterns emerge before I can implement them appropriately in Nmap. Certain new DNS features may also prove useful for locating IPv6 machines and networks.

9) standalones and small home nets
by zogger

it seems like most of the emphasis is on enterprise networks, but that still leaves millions and millions of home machines and small home networks just stuck. What do you see as some of the trends and solutions for those people? Their data and system integrity is just as important to them as any corporations is, and usually not having the appropriate skill set, is even harder to implement.

Fyodor

I am afraid the focus by security companies on enterprise networks will continue, as that is where the money is. The good news is that securing small home networks is far easier. But that doesn't make it simple, nor mean that many people will bother. I would categorize the risks into 3 categories:

Traditional network server vulnerabilities: Your average home user doesn't need to run any network daemons or have any TCP/UDP ports open to the Internet. Most of the time they only have 1 IP, used either by a standalone PC or a NAT device (e.g. "broadband router") in front of their small network. This is a good configuration, as it limits what attackers can reach directly. But you need to be sure that the IP doesn't have any unnecessary ports open. You can verify this by running 'netstat' on the Windows or UNIX machine using the IP. I would also recommend confirming using a port scanner such as Nmap. Here are example commands:

nmap -p- -sS -T4 -v -O [your IP]
nmap -p- -sU -v [ your IP ]

The TCP and UDP scans could be combined into one execution, but are listed separately since the TCP scan may go much faster. Remote UDP scans are also less reliable against some heavily filtered hosts. You may have to rely on the netstat info or configuration details in this case.

Any open ports found should be evaluated with extreme prejudice. Unless clearly necessary, close Windows file sharing, external NAT device admin ports, and everything else found.

Don't forget the wireless backdoor! Blocking the Internet link from your private machines is insufficient if anyone can hop on your open WLAN and attack your machines. WEP isn't perfect, but the 104-bit (so-called 128-bit) version should at least keep people from accidentally connecting to your network or sniffing your data. Be sure to set a good password and upgrade to recent firmware for your WAP and other network devices.

Subscribe to the security advisory lists for all the operating systems (and devices, if available) you run. Major vendors such as RedHat, Debian, FreeBSD, Mandrake, and Microsoft all offer these. Most even offer automatic updates if you desire that.

Client vulnerabilities: Once you close the services you don't need (ideally all of them), client vulnerabilities must be addressed. Keeping your web browser and mail reader up-to-date is particularly crucial. Also harden them as much as possible. For example, IE is full of holes but at least has a good interface for site-by-site security policies (Tools -> Internet Options -> Security). Go through and neuter the "Internet zone" settings by disabling ActiveX and Java. In the rare case that sites need this, find an alternative site or add them to the trusted zone. If your are really serious about security, neuter "trusted sites" and "local intranet" privileges as well. Many recent IE vulnerabilities trick the browser into using the wrong zones. Consider using a different browser. Also configure your mailer to disregard HTML and JavaScript.

Remember to pay careful attention to security warnings, whether they come from IE, Mozilla, your ssh client, or anything else. Don't just click OK. And don't shoot yourself in the foot when configuring your apps. It is hard to entirely blame the vendor when users tell P2P apps or Windows filesharing to share their whole drive without any password. Failing to change default passwords or enable basic restrictions on X Window or FTP servers is only slightly more forgivable. All of these errors happen frequently! The apps/devices should be secure by default, but you have the ultimate responsibility for protecting your data.

Malware: This is what I consider the biggest problem on desktops: people running applications they can't trust. Email borne viruses, worms and trojans are an obvious example. Be very careful what you click on. Unfortunately, it is very difficult to know what to trust. Mail is trivial to forge, and even the "proper" installers for many P2P applications infest your computer with loads of invasive spyware. Even Intuit TurboTax was caught writing to customers' boot information track.

What can you do? My honest suggestion is to run peer-reviewed open source applications on a free OS such as Linux or FreeBSD. You still have to be careful, but these problems are far less prevalent on UNIX platforms, which also have better tools and procedures to deal with them.

What if dumping Windows is not an option? Run NT/2K/XP instead of Win9X/ME, and try to run everything you can as an unprivileged (non-administrator) user. Be extraordinarily careful about what you install and run, and make frequent backups. You might also want to look into a personal firewall such as Zone Alarm (limited free version.

10) What is your favourite tool?
by Noryungi

I have just read your top 75 security tools list. Thank you for posting all this information, which I am going to study very carefully.

One question though: in all these tools, which one is your personal favourite? (This excludes Nmap, of course).

Fyodor

I have far too many favorites among this great group to choose just one! But here are a few developers and tools that are particularly worthy of mention:

One of the people I most admire in the security field is Solar Designer. He is a guru in networking, security, and low level kernel/assembly/architecture details. He has also created many tools that security professionals use daily. Yet he never exhibits the arrogance, elitism, and egotism that sadly characterizes so many "stars" of the security community.

Among SD's tools is John the Ripper, my longtime favorite local password hash cracker. It has been around forever, but was written with a flexible and powerful interface while keeping extensibility in mind. So it is still as useful in these days of shadowed password files and MD5/Blowfish hashes as it was back in the days of crypt() and unprotected /etc/passwd. Lately SD has been working on the Owl secure GNU/Linux distribution, which can be installed on disk for hardened systems like firewalls, or booted and run from CD as an easy way to run security tools such as John and Nmap.

Another of those "brilliant yet still nice" security developers is Dug Song. Even after the seminal "Insertion, Evasion, and Denial of Service" paper by Ptacek and Newsham, many IDS vendors continued to ignore the problem. When Doug released Fragrouter (now fragroute), which implements some of these attacks, vendors finally took notice! He has also written the excellent libdnet library, but my favorite of his tools is DSniff, a suite of tools for advanced network sniffing and "monkey-in-the-middle" attacks. It even handles ARP poisoning and other techniques for sniffing hosts on a switched LAN.

While I'm on this topic, let me also give "mad props" to the Hping2 packet prober, Kismet wireless stumbler, Ethereal packet decoder, Netcat, recent THC releases, Snort IDS, the Nessus vulnerability scanner, and all the other great Open Source tools out there!

I would also like to thank Slashdot for granting me this interview and to everyone who asked such excellent questions. I only wish I had time to answer more of them. Then again, I have probably rambled on enough. Now it is your turn to ramble in the comments :).

Cheers,
Fyodor

scubacuda writes "According to News.com, California Attorney General Bill Lockyer called DVD-cracking software DeCSS a tool for "breaking, entering and stealing" during a hearing before the California Supreme Court on Thursday. "The program DeCSS is a burglary tool," Lockyer told the judges, adding that the movie studios lose millions of dollars because of piracy over the Internet. (CopyLeft offers this "burglary tool" on a t-shirt)" If you've forgotten what this case is about, see EFF's page about it.