Domain: nmrc.org
Stories and comments across the archive that link to nmrc.org.
Comments · 6
-
Re:Time for a message from captain obvious
This was found in 2005-2006 (see e.g. http://www.nmrc.org/pub/advise/20060114.txt). After that it has been reported in mainstream technology press at regular intervals. At this point the story does feel like a rehash and yesteryears news -- even if _you_ hadn't seen it before.
The sad thing is, the bug was also fixed (according to MS) a long time ago. The fact that this still goes on tells us that a lot people are running Windows XP that hasn't been patched in many years.
-
Re:So... WTF is "Free Public WiFi" really doing?
I don't think it was malicious and can confirm this was a significant issue at my work place. There was a hotfix that prevented it from happening and it was definitely addressed in SP3. Microsoft Windows Silent Adhoc Network Advertisement
-
Ahh, the old "Free Public WiFi" issue
Ever notice an SSID for "Free Public WiFi" just pop up while you're at your place of work?
When I first saw these, I assumed "someone got infected with some trojan which sets them up to pretend to be an open WiFi either to do a man-in-the-middle attack, or to infect my system with some kind of worm."
After a bit of digging, I discovered that this was actually not malicious, but was a viral-like spread due to some strange way that one of the MS Operating systems was handling ad-hoc wireless connections.
Here's a 2006 advisory on the issue
http://www.nmrc.org/pub/advise/20060114.txtHere's a less technical explanation (in case you have to convert it to "boss speak")
http://erratasec.blogspot.com/2007/01/ad-hoc-wifi-virus.htmlSo, pretty much everyone says it's harmless.
However, my initial suspicians (about MitM or worm infections) could easily be made to come true, and anyone who google'd it would say "oh, I guess it's that 2006 thing, no worries"
Of course, being an ad-hoc node, it'll be kinda obvious to most geeks... and of course, most geeks would probably make sure they were tunneling or otherwise using the network safely anyhow.
John Q. Public on the other hand? hoo boy.
... AND it doesn't help that so many products, in the name of making things easier on John Q. Public, will just auto-associate when they see an available connection.I don't really know where I'm going with all this except to say "Never trust any network outside your own, never EVER trust the Interwebs, and only trust your own network as far as you have to in order to make things work... especially if you're not the only one using it.", but you knew that already.
-
ncrypt
-
Re:The Paperless Revolution!
The Complete FreeBSD I have this, but to be honest have not read much of it, been reading Bruce Schneier's Secrets & Lies (An easy read actually, quite entertaining). I have heard that The Complete FreeBSD is the definitive reference however. I am just having trouble pulling myself away from my System V roots (Solaris) and moving to BSD.
Firewalls, and Building Linux and OpenBSD Firewalls How is this as a book? I have heard good and bad things about it. I have OpenBSD 2.7 and plan to make a firewall out of it, but then again I can build a firewall out of Red Hat 6.2 and ipchains in about 30 Min, so I am lazy and I stick with what I know. (And that BSD initd thing gets in the way too. :)
I should give you a good link to some books. I am amassing every book that is in this list. Each and every book on that list is excellent. -
Re:UselessNope, not useless. If I want to get on my soapbox, here's a way of doing it. Or, can you say "DeCSS source code"?
The trouble is, it cannot carry any warez, or MP3, and that puts it waaaay behind Freenet and similar efforts.
The totally distributed PTP type network model like Freenet will be the next Internet killer app. And watch entrenched institutions like RIAA, MPAA, FBI, MI5, MI6 etc turn blue as they try to regulate and control.
Once you get this sort of PTP nettech together, imagine wireless networks getting together, all communicating as mini routers, DNS etc, you basically have a network that is pretty hard to compromise... I think the Nomad Mobile Research Centre has something to say about this... Interesting reading...
Strong data typing is for those with weak minds.