Slashdot Mirror
Slashback: Highness, Hominess, Hole-ines
Sometimes being British means self-flagellation. Ferox writes: "The November Web Site Survey from Netcraft reveals something interesting: 'Two years ago the Queen of England became an unlikely icon for the Linux revolution when her webmaster replaced Solaris as the platform for the Royal Family's site, citing the better price/performance of the Dell/Linux platform over the previous incumbent, Sun/Solaris. The open source community celebrated and speculated on when the Apache web server might receive the "By Royal Appointment" moniker. This week the site has changed platforms again, this time to Microsoft-IIS.'"
Keep your hands and passwords inside the car at all times. Niels Provos passed along word of his ongoing research into network security, with some slightly depressing news about the state of Internet security.
Even though the CRC32 bug has been found over a year ago, over 30% of all servers are still vulnerable today. Graph at http://www.citi.umich.edu/u/provos/ssh/crc32.png.
In February 2001, Razor Bindview released their "Remote vulnerability in SSH daemon crc32 compensation attack detector" advisory, which outlined a gaping hole in deployed SSH servers that can lead to a remote attacker gaining privileged access.
In November 2001, Dave Dittrich published a detailed analysis of the "CRC32 compensation attack detector exploit." This exploit is currently widely in use. CERT released Incident Note IN-2001-12.
At the Center for Information Technology Integration, Niels Provos and Peter Honeyman have been scanning the University of Michigan for vulnerable SSH server software to identify and update vulnerable SSH servers. However, scans of the Internet show that system and security administrators must react and update their SSH servers. At this writing, over 30% of all SSH servers appear to have the CRC32 bug.
A simple solution is to remove support for Version One of the SSH protocol. The majority of servers on the Internet support the SSH v2 protocol. To test whether your network has vulnerable SSH servers, you might use the ScanSSH tool.
References: "ScanSSH - Scanning the Internet for SSH Servers", Niels Provos and Peter Honeyman, 16th USENIX Systems Administration Conference (LISA). San Diego, CA, December 2001. This information is also available at http://www.citi.umich.edu/u/provos/ssh/
Don't play with your food, or your games. janolder writes "In the matter of the Civilization III translation project (articles on slashdot, apolyton and heise), the fans have gotten the short end of the stick. The project web site (translation.civ3.de) has been down for a while. Earlier this week, both the web site operator and Kai Fiebach, the project leader, signed Infogrames' cease and desists out of fear of further legal action. The legal position (not to mention the moral postion) of the fans did not appear to be too weak - EULA's are not binding in Germany and supplying patches to a program is certainly not the same as translating a book and distributing the translated manuscript.
Infogrames Germany has issued another press release (translation and my comments) justifying their legal action and position. It makes for an interesting peek into the mindset of a game publisher.
The good news is that Infogrames is considering a more timely release of Civilzation III in Germany.
The bad news is that the cease and desists apparently forbid any modification of Civ3 in any way, shape or form. So no more custom maps for your friends, custom rules or any such copyright infringing activity, please! Is it just me, or has the world suddenly become a less interesting place?"
Not as if Americans always know where we are, either. ByTor-2112 writes "Hate to be the bearer of bad news so soon after a story is posted, but as I commented on the previous story, it appears that galileo has some funding issues. Honestly, did anyone really expect the EU to go through with it? It took them long enough to agree on a common currency!"
- static u_int16_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
Seems a bit zealous.
"flamebait" Yup, I can say it. I even tried saying it out loud, and it still works. Whew!
501 Not Implemented
Honestly, did anyone
really expect the EU to go through with it? It took them long enough
to agree on a common currency!
and North America (Canada, Mexico & USA) has
how many currencies.....
M0571y H@rml355.
I hope your sshd is not configured to accept telenet connections too :)
Are you new to this site, or are you just. . .[never mind]
If you are an objective critic when it comes to web-server software, kudos to you. You are one of a very few in a forum crawling with OSS propagandists and knee-jerk M$ bashers.
Takahashi Rumiko made beats! DON, taku, DON, taku. . .
He called you a troll because your original post made the "Slashdot is one person" logical fallacy. If one slashdoter states an opinion and another slashdoter states a conflicting opinion, there is no double standard. Only if the same slashdoter expresses conflicting opinions is there a double standard.
Repeat after me: slashdot is not one person. Slashdot is not one person. They don't have to all agree and be logically consistant.
If you want to point out logical problems in posters' philosophies, you need to do so by linking to a post where they say one thing and linking to a post where they say the oposite. And this is best done in reply to one of their messages, not as a parent post to a story.
If you don't understand this, you are stupid, or you are a troll.
This sig is false.