Domain: phoneboy.com
Stories and comments across the archive that link to phoneboy.com.
Comments · 8
-
Re:A big strike against Net Neutrality
Whoops - the link to a QoS/capacity study that I included in my post didn't make it to the Slashdot page. Should have previewed.
There are more. -
Re:A big strike against Net Neutrality
Whoops - the link to a QoS/capacity study that I included in my post didn't make it to the Slashdot page. Should have previewed.
-
Re:Javascript means no dice
"Secondly, I can't take your rant seriously. At all. " That's because you don't understand cross-site scripting vulnerabilities. At all. Even if you made a perfect browser without vulnerabilities that implemented JavaScript to the exact EcmaScript specifications, you would still be vulnerable because the XSS vulnerabilities exist in the web applications, not the browser. The design of JavaScript enables this, because the separation between code and data is flimsy (you can insert JavaScript almost everywhere in HTML, with "on
..." events -- you don't even need a script tag); you couldn't do it unintentionally with a web browser that only understood Java, and a Java web application. JavaScript makes it very easy, just like C makes it easy to mishandle pointers and fixed length buffers. If C gets criticized for that, it's fair to criticize JavaScript for making XSS vulnerabilities easy. Microsoft's version of JavaScript is worse due to the insecure functionality (see http://www.quirksmode.org/js/intro.html) added *by design*. People keep getting surprised by the nasty stuff that standards-conforming, but malicious JavaScript can do, from simple stuff like undying windows (JavaScript spawns a new window every time it detects the closing event) from taking over your desktop, including exploiting intranet applications (recent example: http://www.phoneboy.com/node/6 ; original article at http://www.spidynamics.com/spilabs/education/artic les/JS-portscan.html). It's not surprising to me -- hostile code is much more powerful than hostile data (see below).
You also don't understand how much more difficult it is to process hostile code than hostile data. You point out vulnerabilities in handling data as proof that there are other dangers. Given these, and how much more difficult it is to safely handle code than data, you should agree that it is reasonable to highly distrust a browser's handling of JavaScript.
The more ignorant people are, the quicker they are to mock people pointing out security issues. -
Hi
I read this article a few days ago and bookmarked most of the links I thought valueable. If anyone else is interested add some more to this thread so I can grab them
:)
Exported bookmarks Fingerprint
blackhole(4) - a sysctl(8) MIB for manipulating TCP
Help Net Security OS-FngrPrint article in PDF
Honeyd - Network Rhapsody for You
http://ojnk.sourceforge.net/stuff/iplog.readme
http://www.insecure.org/nmap/nmap-fingerprinting-a rticle.txt
IP Personality - Home
Kernel Options
p0f file listing
PhoneBoys FireWall-1 FAQs: Blocking queSO packets
s0ftpr0ject 2000 Fingerprint Fucker
Security Technologies
SourceForge.net: Project Info - SING
Sys-Security.com - Because Security is not Trivial
USENIX Technical Program - Abstract - Security Symposium - 2000 -
Re:why not a software solution?> Why not a software solution, instead of dropping 400 bucks?
Because not everyone has the time/engery/experience/hardware necessary to set this up on a Linux box. I was running my home firewall on a Linux box until I got one of these things. It has issues, but it generally works and requires less fscking with.
I've had one of these since October, and they're not bad. I got one of these and one of Nexland's wireless access hubs as "review units." I wrote up a review on the product, which details the pros and cons of these devices.
-- PhoneBoy
"I say live it or live with it." -- Firesign Theatre -
Re:better solution: same hardwareUp until very recently, I was using 802.11 cards, not 802.11a or 802.11b. These max out at 2mbs. Unless I was spooling a large print job or attempting to do a large LAN-based file transfer, I hardly noticed I only had 2mb of bandwidth available to me.
The 802.11b cards appear to be a bit more reliable and have more range than the 802.11 cards, though, as they don't get disconnected as easily from the Access Point. (Using Nokia gear)
-- PhoneBoy
On the Internet, nobody care's if you're an author -
Re:Content - formatting fluff = faster loading pagI pretty much stay away from just about every advancement that has taken place in HTML and it's bretheren since the IMG tag and tables. The reason: I want the most number of people to be able to make use of my web pages.
I find it ironic to hear you say that, and then to follow your homepage link here on slashdot (in order to see an example of the lean html formatting of which you speak) only to find that you are using not only frames, but JavaScript on your home page... generated by Netscape under Windows 95!
(c:
-
Re:Excellent
See http://www.phoneboy.com/fw1/faq/0289.html for information on how to resolve this issue.