Slashdot Mirror
Slashback: Efficiency,Observation,WEP
Sargon Deep Fritz playing a person may be more cutting edge (and take a lot more processor power), but it seems like an awful lot of resources to spend on playing chess. Alex Bischoff writes: "From the February 1983 issue of "Your Computer", it's chess in 1 KB (for your brand-new ZX-81)."
But sir, even the judges are objecting! saulgood writes "the NY Times is carrying a further article here, about the revolt amongst some judges over their ability to look at Britney Spears and download Metalica mp3's at work... that's right - Power to the People Baby!!! No justice, No peace..."
Take that -- no, please, take that. Bob Lee writes:
"I authored the open source program Code Red Vigilante. This is an open effort to inform the public about the dangers of the Code Red worms and to specifically notify the owners of infected machines ... Vigilante is featured on Incidents.org, OnJava.com, TheServerSide.com, and it will be on the ScreenSavers on TechTV on next Monday.
Not to put too fine a point on it ... Jeffrey Fanelli of Sniffer Technologies writes: "Just to clarify on your story, that intern didn't crack 802.11x, but WEP in a 802.11b environment. 802.11x is a recently developed standard extension to Radius and 802.11 to allow for dynamic keys to be generated per user session. 802.11x uses the same WEP RC4 encryption, but makes it far more difficult to crack given the fact that all nodes associated with a particular Access Point will have a unique session based KEY (a key which, I might add, the user of the Mobile Unit in question cannot themselves identify).
Viruses are proliferating, and many of them are not as flagrantly destructive as Code Red or SirCam. For instance, there was a report on Jerry Pournelle's site (I can't find it now, sorry, and I also apologize for the inaccuracies of memory) about a virus that infected PCs and switched their Wordpad file that transmitted the IP address of the infected computer to hackers in Russia. I could easily have three or four viruses on my PC of this insidious type and never realize that they were there unless the Russian hackers made a move against my PC. Inside me now are a few types of virus that never gave me a fever or other symptom and probably never will unless AIDS or something else compromises my immune system. I think taht computer viruses of this type are far more interesting and potentially dangerous. While I Love You, Code Red, and SirCam may be the Ebolas and Smallpoxes of the computer virus world, the more insidious types have the potential to be the Epstein-Barr or the HIV of computer viruses. Just as much of HIV's lethality and danger come from it's insidiousness and lack of early symptoms, I think a virus that could truly damage the internet would be insidious and slow. Viruses that are destructive in crude and quick fashion like I Love You are quickly eradicated. To do real harm, a computer virus, like a real one, must have time to spread.
In response to the computer virus threat, we've created an immune system for computers, in the form of anti-virus software and now maybe in the form of anti-virus worms. Speaking as someone who's had anti-virus software make their computer unbootable, a cancer of the virtual world is possible too. Let's say there's a new virus, the "I sorta like you" virus. So, some enterprising individual sets up a program to respond to an "I sorta like you" email with anotehr worm that fixes the vulnerabiltity. Now let's say this program gets widely distributed, so when poor User X's computer becomes infected everyone in his address book has the program. So, poor User X gets this worm from everyone in his address book. For many people, this may constitute an effective DOS attack, as it will overwhelm their mailboxes. It may very well also increase the strain on internet capacity by doubling the volume of bad email flowing. (Assuming it isn't widely distributed enough to stop the initial outbreak) There is also the potential for all kinds of mischief in "helpful" worms.
In DDOS attacks, (such as the ones reported on GRC) we see another similiarity to the natural world. We see one type of OS acting as a reservoir to attack computers running another OS. Masses of Windows machines are used to attack machines that I suspect probably run Linux or a UNIX variant. Almost like the mice that act as a reservoir of the Hanta virus that attacks humans. (The mass sending of packets also seems to resemble in many ways the mass multiplication used by "hot" viruses)
So how do we prevent the kind of suffering that characterized the human expierience with disease from being visited on the modern world virtually? We need vaccines in the virtual world, in the form of the companies that make OSes and email programs taking responsibility for making them more resistant to viruses. We also need health education of the virtual world, in the form of ways to inform newbies about the myriad security holes that exist in their Windows boxes. Finally, we need an antibiotics of the virtual world, in the form of better anti-virus programs and more rapid and efficient distribution of anti-virus patches. One day, we may make our PCs healthier than we are.
I posted and all I got was this stupid sig
...and all for naught if "standard procedures" become so ingrained (perhaps even burned into the ROMs) that exceptions can't be made. Which happens a lot in government agencies - like, say, the judiciary.
Correct me if I'm wrong, but downloading pornography, streaming video (mostly pornography again) and music are NEVER job-related activities, unless you're (a) a professional musician or (b) a hooker. Since few judges fall into these categories, I think we can safely say that filtering porn and music downloads will not affect the judges' ability to use the web for research and make informed decisions.
Of course, if the filtering is broken then it will. But some reasonably smart filtering (better than the crap the libraries decided to use) would solve that. Alternatively, just set the software to forward a list of "suspicious" pages to the admin. A few hits on "sex" will be ignored; a few dozen hits will be checked. The basic knowledge that you can be found out will be enough to stop ppl using it for that. This is the way most companies work, and it works just fine.
You want to do it on your home machine, go ahead. It's your machine, your network connection, and your money paying for the dialup. You want to use someone else's network, you have to play by the rules for that network.
Grab.
What the non-tech-savvy judges are finally grasping (and you have yet to understand), is that the entire range of surveillance activities that employers perpetrate may, in fact, be illegal. The reasoning is simple and obvious; it's illegal to fuck with the mail or tap people's phones, outside of narrow exceptions, so there is an obvious conflict between the law and the frighteningly common view that mere ownership of equipment by an employer abrogates all rights of citizens of this once free country.
So there.
Expanding a vast wasteland since 1996.
Administer your box -- it's the right thing to do.
This next song is very sad. Please clap along. -- Robin Zander
Basically, I have no problem with staff of any organisation at any level being disciplined for inapproriate use of computers, whether that be porn, MP3 or whatever. The firm puts the computers there so the employee can do their job, not so they can see tits and ass (and whatever else!).
If an individual wants to look at porn or listen to MP3, do it at home on your own PC using your own network/modem.
Sometimes yes, but that's an incredible minority. Sometimes an investigative reporter will have to as well, but does that mean that every employee of every radio station, TV station and newspaper in the country should be allowed access? If one person needs access a year, out of an organisation of several hundred thousand, it's easier to make a special case for them than to let everyone go hog-wild. Don't forget that all these porn and music downloads will be slowing the network down, so a judge doing REAL work will be impeded!
Common sense, man. If you need access to it, you ring IT, tell them "I'm doing some investigation of XYZ, so don't be surprised if some dodgy pages show up". Job done. Takes 30 seconds at most, and the cost of a phone call. As against months of investigations, hundreds of thousands of dollars wasted...
Grab.
There are a lot of people out there (/. is where I've been following this) that are reluctant to initiate remote access to a machine. I have done a little digging around at work, where we have most different versions of Windows, and figured this much out:
You can use the 'net send ip.ip.ip.ip message' to initiate a popup window on an NT or 2K box, but you can only specify an ip address from 2K. NT will only work with locally networked machine names, not ip addresses, and 98 doesn't have net send.
I have a few ideas on this, to protect those of us who are squeamish about using an 0wned box. I do a little embedded stuff, but am not a programmer per se, especially not Java or Windows, but:
Can we (as a community) reverse engineer the 2K 'net send' protocol and create a (probably java-based) popup generator for 95/98/NT/Linux? This will send a message from your computer to theirs, without using their cracked box to do it. This would be a more favorable solution, as it would keep the workload distributed rather than client-server.
Or, can we create a java-based tattle tale app that reports offending IPs to someone outside the US or who just doesn't give a crap? ;) They could then
send the LOCALHOST message. I suppose this could be done very easily with some 2K servers which provide some (limited!) access to the 'net send' command, and each java client could access that command (with the admin's permission of course, that's my whole point).
+5:offtopic,but anti-American
Ok, so somebody go make a servlet out of this. I am already running a web server with a servlet engine (tomcat), so I can't just set up a standalone program listening on port 80.
It's 10 PM. Do you know if you're un-American?
did you read the article?
The 9th circuit is all but in revolt over the very kind of constraints of fredeom that /. gets worked up about
They are certainly gong to all be far more aware of the issues once this is all over.
'There is a Light that never goes out.'
Yup, and to further convolute things, the wireless specific implementation of this is 802.11e
Think outside the... Hey, where'd the friggin' box go?
If you think about it, the vigilante code is really just sending a message to the owner of the system. Passing messages would not normally be considered breaking in.
As an analogy, consider it the equivalent of laying a message inside of an open door.
Software sucks. Open Source sucks less.
See the Kuro5hin.org story on this issue..here
Basically you are penetrating an already 0wned computer, but this still exposes you to liabilities. It's a precipitation of the libertarian or wild wild west version of the Internet. The thing to do is to get a respected authority, such as the FBI or the police, to notify the 0wned, hence saving yourself from accusations of propagating Code Red or being a cracker yourself.
Goat sex free since 2001
...revolt amongst some judges over their ability to look at Britney Spears and download Metalica mp3's at work.
I think we have a new champion for the dictionary definition of irony!
From hell's heart I fstab at /dev/hdc
"We are going to have to rule on the legality of this," he said, "because employers all over the country are doing this."
Are, were, have been for the last ??? years... This reminds me of Sandra Day O'Connor's contempt that people in Florida couldn't follow allegedly simple voting procedures (the folks at the country club where she votes just mark "Republican" all down the ballot for you and hand you a martini), or George Bush the First's amazement a infrared scanner at the grocery store late in his term (he hadn't been to a grocery store in years). Welcome to Everybody Else's America, judge!
At issue is whether it is legal and ethical for officials in Washington to check to see if any of the judiciary's 30,000 employees, among them nearly 900 active judges and hundreds of semiretired ones, use their computers for pornography, streaming video or music.
While this is certainly what the esteemed newspaper reporter has printed, we must ask ourselves: is it true? That is, is the monitoring program they have installed so brilliant, so incredibly artificially intelligent, that it can distinguish these three things: "pornography, video, and music" from everything else the judges might be looking at? Or is it (as I might believe to be the case) that the program is far less intelligent than the reporter claims, that the program simply monitors what web pages are viewed, and reports & tracks this at a central authority. Perhaps the judges don't wish any central authority to know that they are reading www.2600.com? Or perhaps that they are posting to weblogs as "Anonymous Coward", writing tracts such as "IANAL", which we all know means "I am not a lawyer (i'm a judge)" but which might be construed as pornography (I ANAL).
I think we must petition the reporter to check his facts at once.
"A coward is incapable of causing destruction; it is the prerogative of the brave" - Mahatma Ghandi
The vote stems from a conflict that has been simmering since this spring. At issue is whether it is legal and ethical for officials in Washington to check to see if any of the judiciary's 30,000 employees, among them nearly 900 active judges and hundreds of semiretired ones, use their computers for pornography, streaming video or music.
So I guess the judges are forbidden to actually see the capabilities of the internet, but merely listen to half baked descriptions and accusations from the various special interest groups?
My Grandmother had a saying "Believe none of what you hear, half of what you read, and all of what you see". This filtering bullshit will SERIOUSLY impede the judges ability to make an INFORMED decision.
Feed the need: Digitaladdiction.net
"My biggest concern is that signing off on these proposals opens the field to allow monitoring of every keystroke and basically makes an individual's computer an open book," And all along I had assumed that when at work, the computer I was working on was my employer's property, and they could monitor it. Maybe all laws should be tested on the legislators (and judicial branch that upholds such laws) so they can feel the effects. Heh, maybe it would even lead to police and the US President following some of the laws that the rest of us have to live under.
http://www.codewolf.com - Just good stuff to waste time
I've figured out how to save WEP. All we have to do is stop those damned scientists from posting their findings. So all we have to do compose a little tune, encrypt it with WEP, and then sue them to prevent them from presenting their findings under the premise that it is an illegal code-breaking program designed to deprive us of our rights under the DCMA.
beyond the fact that I don't what to get in legal trouble.
Is it possible to bounce the "Code Red Vigilante" http requests via a web anonymizer service over SSL?
Any moral problems here a minor, ultimately if a machine you own is sending a potentially harmful http request to my machine, I don't see any problem sending a less harmful one back.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
The security standard in question is 802.1x, not 802.11x, because it is theoretically not specific to wireless, although the distribution of per-session WEP keys is. You could, for example, use 802.1x to authenticate conference attendees to use ethernet ports in conference rooms.
I'd protest for my right to view pr0n, too, if the only way to forcibly remove me from my job is through impeachment. These judges literally have nothing to lose, the best the people in DC can do is bitch and moan.
Some times Judges have to use the internet for reasons that are proper, but copuld be construed as "bad"
The judge in the napster case would have to use napster and download music to make a informed descision.
The judge in Flint Vs US had to look at pornos
and the judge in State Vs Micro$oft had to use IE.
Judges should be trusted to make thier own descisions about what they look up. If they are afraid of accessing material to make an informed choice, because of possible bad publicity, that is BAD
...then why don't they just buy their own box to use in the office?
"Leave the strategizing to those of us with planet-sized brains." -Tycho
What an idiot! I have zero sympathy for this clown who found exactly the trouble he was looking for.
I'd grab FP on Jon Katz's follow-up about geek oppression and the tyranny of global corporations but I got bored after trying to imagine the eleventh paragraph.
So, if the judiciary were to file a lawsuit against workplace monitoring, would any judge in the USA be able to oversee the case as, well, an impartial judge? What if it got appealed to the Supreme Court, yet all nine sitting judges there were part of the plaintiffs?
;)
Actually, thinking about it for a bit, I'm pretty sure what the practical result would be, regardless of what the law (currently) says: Court of Public Opinion.