Domain: nnov.ru
Stories and comments across the archive that link to nnov.ru.
Comments · 17
-
Re:Apatrides
I am aware of such a workaround, but it does not refute my argument, it is simply a special case - "the Russian Federation has friendlier^ citizenship procedures for one who was born on the territory of the Soviet Union". At that point you become Russian, and
.ru is your new home.
^http://www.newsru.com/russia/17oct2003/grazhdanstvorf.html
* I've heard it in various discussions, but found no official document that formally describes the procedure. In fact, if I dig around, I find out that theory is different from practice:
http://www.svobodanews.ru/Transcript/2007/06/11/20070611140011877.html
http://www.ppl.nnov.ru/?doc=956
I don't know whether this is the norm, or the cases above are just exceptions. Perhaps this is different from country to country (and you are a resident of a state which gets special treatment when it comes to such matters).
The second point is that the 'hack' you described does not resolve the problem entirely.
Some people don't need Russian citizenship. Why would I need it if I was born in Uzbekistan, and then moved to Kazakhstan? (make it Ukraine -> Moldova, or vice-versa; or pick any other couple)
IANAL -
Re:Firefox
everybody switch to lynx.
The only safety is vigilence
KFG -
Many VoIP phones have vulnerabilities...
Many VoIP phones, in particular 802.11b/g handsets, have serious software vulnerabilities out-of-the-box ranging from hardcoded credentials, remote debugging access left in from development, vulnerable applications (like embedded webservers), and other issues. My personal research and evaluations on these VoIP wifi phones have documented several of these vulnerabilities across multiple vendors' phones, take a look here: http://www.security.nnov.ru/source12976.html Crypto is a start, but if attackers can simply telnet to a open port on the phone and conduct low-level debugging, make calls, etc...well, that's a problem. Thanks, Shawn Merdinger, Independent Security Researcher
-
The rate of fission isn't the issue
it's the heat caused by the fission. A meltdown is dangerous because it generates heat, and if the heat comes in contact with stuff that burns, it makes fire, smoke, explosions & spreads radiation.
Water (esp. in oceanic quantities), prevents the heat from building up (we're also talking about a small reactor with a small core in this case). If the core was well above the water, then you might get a steam explosion when it hits. However, in this case, the core is just above the bottom of the ship.
Regarding the waste issue, it seems a real stinky fish to me, if there is human civilization in 10,000 years, even if the rate of technological advance slows down dramatically, it seems to me it will still be less of a problem than the one we're causing by burning all the coal and oil.
I don't think the radioactivity of coal is at all a red herring. Rather it points out that we make choices in our energy policy, and blocking modern nuclear plants from being built leads to other, much more destructive* (if less dramatically so) technologies being used.
Coal is a dirty, stupid, primitive way to generate power, and nuclear power is the only current technology with the energy density to replace it.
* between explosions in coal mines, black lung, radiation, mercury, and nitrogen oxides, coal has certainly killed far more people per megawatt year than nuclear. -
Birth Control included - no extra charge!
The $200,000 figure is too good to be true, unless
these are retired icebreakers (that's what this reactor was designed for.) If they are retired icebreakers, then yeah, these may cost $200,000, but you won't be able to build new ones for that.
The reactor was proposed for a desalinisation project which would generat 1.4m gallons of water per day at a cost of .43 per gallon. How do you reconcile a price of $619,000 per day with $200,000 up front costs? Maybe they learned something from inkjet manufacturers. -
Re:one of two methods...
Or just get your Cedega fix from some Russkie and be on your way.... http://www.uic.nnov.ru/~gaav10/winex4/
Next? -
Re:Tis good!
Pirating?
You mean like this - http://www.uic.nnov.ru/~gaav10/winex4/?
Man... is that guy gonna get screwed by TG or what ;-). -
Holy shit, batman!
Cowabunga!
Is this guy gonna get hosed by Transgaming or what - http://www.uic.nnov.ru/~gaav10/winex4/ -
Re:Anti-DDOSYou could have a look at
:
http://www.agk.nnov.ru/drbl/en/index.html
They have a distributed network.
Also a while ago I saw a document describing a form of P2P network with Blocklists. Dunno the URL anymore but it was a kind of nice idea, it included Signatures. So that the network could not be injected with false information.
But from that point of view you could also use web of trust structure.
Most Anti-Spam sites use servers located at diffrent sites/parts of the internet.
Example spamcop.net:
# dig bl.spamcop.net ANY
; <<>> DiG 9.2.1 <<>> bl.spamcop.net ANY
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45125
;; flags: qr; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 8
;; QUESTION SECTION:
;bl.spamcop.net. IN ANY
;; ANSWER SECTION:
bl.spamcop.net. 172800 IN NS blns9.spamcop.net.
bl.spamcop.net. 172800 IN NS blns7.spamcop.net.
bl.spamcop.net. 172800 IN NS blns10.spamcop.net.
bl.spamcop.net. 172800 IN NS blns11.spamcop.net.
bl.spamcop.net. 172800 IN NS blns6.spamcop.net.
bl.spamcop.net. 172800 IN NS blns8.spamcop.net.
bl.spamcop.net. 172800 IN NS blns5.spamcop.net.
bl.spamcop.net. 172800 IN NS blns4.spamcop.net.
;; ADDITIONAL SECTION:
blns9.spamcop.net. 172800 IN A 208.39.222.166
blns7.spamcop.net. 172800 IN A 216.234.115.20
blns10.spamcop.net. 172800 IN A 206.67.234.112
blns11.spamcop.net. 172800 IN A 209.92.188.201
blns6.spamcop.net. 172800 IN A 209.198.142.146
blns8.spamcop.net. 172800 IN A 66.6.205.130
blns5.spamcop.net. 172800 IN A 198.145.240.35
blns4.spamcop.net. 172800 IN A 194.109.6.147
;; Query time: 3617 msec -
Funny...Its funny how this comes on the heels of what is now the THIRD version of the MS03-026 vulnerability. As you know, MS03-026 is the RPC/DCOM vulnerability that brought us MSBlaster.
Just after Blaster started clearing up, Microsoft released MS03-039 which is essentially the SAME vulnerability as was -026. They blew it. They didn't fix the problem with the -026 patch, so admin's now had to re-patch all their machines.
Well, here we go again - only this time the exploit code precedes the MS anouncement and corresponding patch. Yes kids, the hacking underworld has perfected the exploit code for MS03-039 and in doing so uncovered yet another hole in the RPC/DCOM service for which there is NO PATCH AVAILABLE!!! (As of 11 Oct, 2003 0100)
And for those of you who think that this is just FUD... here's the exploit soucre code. Simply compile under Linux, then change your shorts.
Network admins: May I suggest you take your sleeping bag and pillow and put it in your car - theres going to be a lot of late nights at the office coming up.
-
Re:Our system
-
/me is feeling naughty.
I feel kind of irresponsible today. There's a great security related site at http://www.security.nnov.ru/.
-
Win32 shatter exploits
In a proper simulation, there is no way out.
But if the simulation runs on Microsoft Windows, we have the way out in more ways than one. In addition to the Unisys/Microsoft ad I just linked to, it's possible to escape Windows protection through shatter exploits.
-
Re:Hacked Comp?
I found a program that claims to be the gobble exploit for mpg123 at http://www.security.nnov.ru/files/jinglebellz.c
-
TACO: YOU'RE A CODE BUNNY
Rob Malda ASCDC Buffer Overflow Vulnerability
----------------
RELEASED: March 14, 2001
AFFECTS: ascdc 0.3
- A vulnerability in the program could allow elevated privileges on a system with the package installed setuid. Due to insufficient bounds checking, it is possible to execute arbitrary code with the ascdc program. Overflows in the -c, -d, and -m arguments make it possible for a user to overwrite variables on the stack, including the return address, and execute shell code.
- The program is not installed setuid. However, in a setuid installation, this problem makes it possible for a user to execute arbitrary code, and potentially gain elevated privileges.
SAFER
- We are not aware of any solutions for this issue.
Want more info on Taco's Security Fuck-Up?Here.
Here.
Here.
-
SECURITY : THE BUFFER OVERFLOW
Rob Malda ASCDC Buffer Overflow Vulnerability
----------------
RELEASED: March 14, 2001
AFFECTS: ascdc 0.3
- A vulnerability in the program could allow elevated privileges on a system with the package installed setuid. Due to insufficient bounds checking, it is possible to execute arbitrary code with the ascdc program. Overflows in the -c, -d, and -m arguments make it possible for a user to overwrite variables on the stack, including the return address, and execute shell code.
- The program is not installed setuid. However, in a setuid installation, this problem makes it possible for a user to execute arbitrary code, and potentially gain elevated privileges.
SAFER
- We are not aware of any solutions for this issue.
Want more info on Taco's Security Fuck-Up?Here.
Here.
Here.
-
IBM/Lotus has known about this for a while?The thread in which Ian reported this at Bugtraq has a comment to it saying that the bug had been reported to Lotus in 2000.
"It was reported in vuln-dev list on May, 20 2000 by SMILER in same time with SMTP buffer overflow in Lotus. I wonder why it's not patched yet."
There is a note to that effect on www.security.nnov.ru.
It's two years since the report, so one might expect a fix in Lotus any time now.