Slashdot Mirror

Here's a INFO Sec web site that has been around before all of them:

http://www.wbglinks.net/

It's not the best site in the world but they have never sold out, like HackerNews.

More history:

http://www.wbglinks.net/pages/history/

Our internet roots:

Internet History

If you want to know how to install OpenBSD, then you will *gasp HAVE TO READ!

http://www.wbglinks.net/pages/openbsd/installation .html

Hey, I sent SCO $200 bucks to use Linux. (I'm being facetious here)

I want my money BACK!!!!

WBG Links
www.wbglinks.net

That's all I'll say about Canada, our (US) Salvation Army could kick their ass in a war.

WBG Links
www.wbglinks.net

;-)

WBG Links

www.wbglinks.net

"Wikipedia, she explains, takes the idea of open source one step too far for most of us."

What the hell does that mean, "too far"?

WBG Links
www.wbglinks.net

'I'm not trying to spread fear, uncertainty and doubt' but I will in this case.


WBG Links
www.wbglinks.net

And just how long do you think that they would get away with that in an open-source project?

Indefinitely if they're clever about it...

I dont need to know what his sequence numbers are because he doesnt ever ask

You need his sequence numbers because you are never going to see them. The packets he is sending will be going to source IP that you are forging.

Search Google for something like "tcp blind connection spoofing". This paper explains it well.

That *some guy* is Ken Thompson. Here, here, and here is some more info about the infamous "compiler backdoor."

Ron Rosenbaum, in his article "The Subterranean World of the Bomb", tells of a method a single person can use to turn both keys using a spoon.

I've just googled it. Here's a review of his book, The Secret Parts of Fortune, which has the article. I'd originally read it in another collection, Travels With Dr. Death.

"I actually found myself reassured," Rosenbaum writes. "The kind of person who'd cheerfully volunteer the spoon-and-string story is not the kind of person who'd be likely to conspire to use it to try to provoke World War III."

/. readers might also be interested in another of his articles, Secrets of the Little Blue Box, about the original phone phreaks, published ~1970. update: i just checked and found it online. read and enjoy.

I highly reccommend his books. I don't know what's in Secret Parts, but Travels also had articles about:

• the true-life basis for the film Dead Ringers
• moles in the CIA
• the crazed psychiatrist Errol Morris was documenting before he changed tack and made the Thin Blue Line. Here's a review of that film if you're unfamiliar.
• is Burt Reynolds a murderer?
• Lee Harvey Oswald

I've gone way off-topic, but just had to plug that book. A fantastic read.

cc hack is why one needs DRM in order to make sure you're running a copy of the code signed by Linus Torvalds. There are a number of ways DRM could be useful to computer users. Especially inside companies, where it's important that each person have carefully limited capabilities so that they do not accidentally do harm to their own data. Look at Windows Rights Management Server. It's no where near perfect, but provides interesting features that are impossible without DRM.

But that's not what you misunderstood about my post. I'm not trying to convince you to support DRM. I'm not trying to convince you that it's OK to support Disney & MS's new file format, encrypted music downloads, or any other bullshit.

The dude said "there is no legitimate need for Digital Restrictions Management," and that is overstating the case. I felt that I did point out that he was, in current practice, totally correct about DRM.

If you have the actual shrink-wrapped product CD with appropriate holograms, this isn't an issue.

Who tells you that no one compromised the data before it was put on the CD?
How can you be sure that the software companies compilers aren't compromised? (see Reflections on trusting Trust)

Even if the software you bought isn't compromised by any third party - can you trust the software company ?

Linus naked and drinking beer.

Perhaps the Architect (played by Helmut Bakaitis) from the matrix 2 & 3 was inspired by Vinton Cerf
Or perhaps it is just a coincidence.

Test Page

This page is used to test the proper operation of the Apache Web server after it has been installed. If you can read this page, it means that the Apache Web server installed at this site is working properly.

Aren't they getting enough Sun ?

At least Rusty is trying to ... although I'm not sure the "open source is better code" idea works after a few beers.

Hmmmmmm, Coopers Beer. Thoroughly recommend the Pale (green label), Sparkling (red label) not too bad either. Fortunatley it's made where I come from (as does Rusty), so it is always fresh (can't speak for Rusty though, never met him - I did hear he got married a while back, so he may not be as fresh as he used to be.).

Aren't they getting enough Sun ?

At least Rusty is trying to ... although I'm not sure the "open source is better code" idea works after a few beers.

Hmmmmmm, Coopers Beer. Thoroughly recommend the Pale (green label), Sparkling (red label) not too bad either. Fortunatley it's made where I come from (as does Rusty), so it is always fresh (can't speak for Rusty though, never met him - I did hear he got married a while back, so he may not be as fresh as he used to be.).

And what's with the rainbow? hmmm...?

(posted from a powerbook, you zealots!)

According to the article its...
"Pictures of people who have made a mark in any of the following: programmable computer systems, computer networks, the Internet or the security involved with those systems."

I don't recall Charles Babbage contributing to the internet.

But does '\n' really exist?

The Ultimate Backdoor, if anyone hasn't read about it:

Reflections on Trusting Trust.

You might want to doublecheck that gcc code you're compiling the kernel with...

Sorry, binary packages DO NOT tell you what a software program is doing with your personal information or property.

This is all about Reflections on Trusting Trust.

Compiling the source into an identical binary is not even a perfect proof, as Ken Thompson's cc hack desctibed in Reflections on Trusting Trust shows.

While I can see how this will help China discover unintentional backdoors, this won't help them against intentional backdoors.

There was an old hack which Ken Thompson used to give himself access to all Unix systems, as a proof-of-concept of why you shouldn't trust source code. He didn't modify the Unix source code. Nor did he modify the C compiler used to generate the Unix binaries. He modified the C compiler used to compile the C compiler. Full source code access wouldn't help you see the exploit.

Details are at
http://www.wbglinks.net/pages/reads/hacksexplain ed /thompson.html.

China doesn't have the rights to compile the source code they get. Even if they do (and I'm sure they will, if it's of any use to them) they won't be able to verify that the code is free of intentional backdoors-- because presumably it requires M$'s compiler. Even if they get access to the compiler source code (and I don't think they do) they can't verify that it doesn't have a back door.

If I were China I'd be afraid that the US government has hidden an exploit in Windows. That may seem paranoid, but security folks are supposed to be a little paranoid. I wouldn't trust Windows, source code or not.

Come to think of it, I wouldn't trust the American-designed processor, BIOS, disk controllers, RAM, keyboard controller, chip design tools, etc.

If you're not convinced he's not a stereotypical l337ist, check out some pictures of him. He's cool.

If you're not convinced he's not a stereotypical l337ist, check out some pictures of him. He's cool.

If you're not convinced he's not a stereotypical l337ist, check out some pictures of him. He's cool.