Slashdot Mirror
Ask Fyodor Your Network Security Questions
Fyodor is the driving force behind Insecure.org and the top-rated Nmap network exploration and security auditing tool. He's also involved in The Honeynet Project (and is a coauthor of the project's book, Honeynet: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community). One question per post, please. We'll run Fyodor's answers to 10 of the highest-moderated questions as soon as he gets them back to us.
As networks become more complex, and hackers become more sophisticated, how do you see the use of honeypots evolving? Do you think they will have to become mini-networks that can actually be used in-order to prevent them from being detected as honeypots? Or do you think the use of honeypots will just be phased out like many other security tools in the past?
Now, if that makes sense to anyone, could you please explain it to me? I think I've confused myself.
How do you find what you do surviving the likes of DCMA/Patriot Act II/etc???
"If you are on fire you can just stop, drop, and roll. If you fall into Lava you are just dead." - my 5yr old daughter
If you could get the computer world to agree to change one fundamental thing in computer security on all OSs across the board what would it be?
Neck_of_the_Woods
#/usr/local/surf/glassy/overhead
I have just read your top 75 security tools list. Thank you for posting all this information, which I am going to study very carefully.
One question though: in all these tools, which one is your personal favourite? (This excludes Nmap, of course).
Thanks in advance!
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Has the DMCA hindered your company in any way, do you see it as working against security professionals around the US or helping those of us who are interested in security as a career path?
It would be nice to have the functionality to simply say "yes" to a question like "unknown OS - would you like to submit it to submit.insecure.org" and have it automatically send the information. A compile-time option to enable or disable this would be idea.
Why doesnt nmap use libnet?
were you expecting to see a sig here? perhaps you'd rather see the inside of an ambulance!
On any project like this where there's potentially evil uses mixed in amongst the various good ones, you're bound to get a few angry people who don't understand how helpful your work is to the community at large.
How much criticism do you have to deal with? And how does it compare to the kudos you receive, quantity-wise? Has it ever made you doubt what you're doing?
PS- Thanks. nmap proves its usefulness to me every day.
Game... blouses.
What's your account name and password? I'll trade you a two color, ballpoint pen with a logo on it for it.
I keep getting connections to my box from this bastard, at all sorts of ports. What can I do to find out where he is?
His IP address is 127.0.0.1
Any advice from Fyodor or the Slashdot community?
It seems that the numbre of security exploits and updates seems to be growing as more people start experimenting with trying the break systems. Now I'm subscribe to BugTraq et all but find it hard to keep on top of what is going on and what I need to update. What would you say are good tools for keeping up to date across multiple systems and platforms?
Rus
Cheap UK and US VPS
There's been a marked increase in system administrators thinking that anything even remotely resembling a network scan is eeeeevil (case in point, last year I almost got kick out of college for scanning port 80 on my dorm subnet looking for interesting websites to read)...
What do you think can be done to make scanning IP addresses/ports have less of a negative stigma? This is in the same sort of category as legit vs. illegit uses of anything else (P2P, whatever)--what's the rationale for punishing something that could maybe lead to criminal activity, and how can we make network scanning tools have practical uses again?
"America has done some terrible things. But I know that Americans don't cheer when innocents die." -Dave Barry
What are 'good' dead-tree references for the following categories:
FNG--Fscking New Guy
-Terminology, broad-brush concepts, checklists, good reference list
Suit
-Management concerns, planning
Expert
-Detail, performance considerations
Categories are arbitrary; others will segment the market differently. Mainly seeking recommended authors/titles. Full-on reviews too space consumptive.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
The Honeynet project seems to focus a significant amount of attention to the culture of the attackers (extensive logs of IRC chats, for instance.) Do you think the research the honeynet project is doing might make some headway in preventing social engineering attacks (The only hole nmap can't tell you about)?
I saw the Top 75 Security Tools survey you did. Lots of great tools there. But I can't help but think that the security community still has plenty of tools that need to be written. So I'm curious what kind of new tools would you like to see written , re-written from scratch, or merged together to create a better tool? Basically, where do you see the missing pieces in the security community toolkit? What kinds or pieces of software would you encourage people in the slashdot community to write?
What is your opinion on the proposed "Super-DMCA" acts being proposed in several states, which would make honeypots illegal?
Here's the article on it that ran in Slashdot awhile ago.
Basically, the law says you can't "assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise" any device or software that conceals "the existence or place of origin or destination of any telecommunications service." - thus making honeypots, even when used to thwart illegal computer activity, are illegal.
I belong to the ______ generation.
What OS am I running?
Do you think that Brandon Wiley's thought-design of "Curious Yellow" (paper at: http://blanu.net/curious_yellow.html or http://www.securiteam.com/securityreviews/6U00L1P5 PY.html) will come about as he's laid out? It seems like not an unlikely scenario once someone puts some effort into actually designing it. What are your thoughts about the evolution of 'smart' worm attacks balanced agains thre need of good network security scanners?
Returned Peace Corps IT Volunteer
to haxor underaged slashdot trolls just because they pulled off a silly thing and called you a wanker ?
Has the FBI already visited you because of this issue ?
Does nmap have any backdoor for haxoring ?
Are you sure that you are a white hat ?
You didn't read the license, did you?
It's 11pm, do you know what your deamons are up to?
Since ipv6 is supposed to address many of the security issues inherent in ipv4, should there be more of an industry push to adopt it quicker? OR having many years now since ipv6 was drafted, have we learned more about the types of attacks/tactics, and therefore should ipv6 be updated. Seems like now would be the time to do it since ipv6 still has not been adopted and changes could be made without too much disruption or cost (time or money).
I've heard that using "exotic" OSs for network security like OpenBSD on SPARC, NetBSD on SuperH, and Windows NT on Alpha will help increasing my security. Could you verify this?
Thanks?
If I am just an academic user running my computer on a fixed IP? should I get rid of my Linux/windows/OSX boxen and run BE?
what is the everyday user's best defense?
During your time running Honeypots, you'll have seen a lot of compromised systems. Is there any incident that's really stuck in your mind because of the audacity of the attempt, or the stupidity of the person attempting the breakin.
-- Hulver's site
When you are hacking into a juvinille troll's computers and savagely rooting their boxes because they called you a wanker, are you thinking you would prefer to be put in federal or state prison?
Also, do you trust yourself after you have shown a willingness to take personal disagreements and break federal laws to persue vengance? Thanks.
examples:
* "SSH shows a warning that the host key has changed. The user ignores it and continues on."
* "The browser warns the a SSL certificate doesn't match the host IP. The user ignores it and continues on."
* "The browser asks if you trust the signer before running some piece of ActiveX. The user ignores it and continues on."
* "The sysadmin warns not to share passwords. The users ignore that too."
Now the question. It seems to me that despite all the work being done in the security field, back in reality things have gone from bad to worse. People constantly sidestep the very systems that are put in place to protect them. Is anything being done in the computer security field to address this important "Human Factors" aspect?
--
Simon
Here is the list.
I'll be graduating this month with a shiny new BS in Computer Science. I've done plenty of Unix sysadmin work througout college and even deployed some high-interaction honeynets. I'm very interested in network security and systems programming. Do you have any advice for people in my situation who want to head into a career in network security?
it's a reference to the story of people doing a survey going around saying "tell me you password for a free pen", and 75% did. I can't be bothered to find it, but it was front page /. a few weeks back
As more and more applications are written from a standard base (servlets on a J2EE server, PHP under Apache interfaced via HTTP instead of a proprietary protocol, etc.), how relevant are low-level tools? The proliferation of high-level applications means that that OS becomes almost irrelevant--the firewall only allows HTTP through, and a load balancer tosses requests to different servers that might very well be hetrogenous insofar as operating systems and other low-level implementation details are concerned.
Given all of this, what motivation is there for a modern CS student to learn things like the 3-way TCP handshake, or the differences in implementations in various TCP/IP stacks, when the base level of the equation is irrelevant from a security standpoint? How can I convince our network administrators that it's worthwhile to learn something other than JNDI when it comes to network protocols; that for security and network troubleshooting, nothing will ever top a simple Ethereal packet trace?
Jouster
What would you say is the line where someone's activity could be considered "unauthorized access"?
Wearing pants should always be optional.
Given that effectively ANY tool can be used for good or evil, and also given that we can't completely eliminate risk...
How can we develop and promote the state-of-the-art in security (tools, understanding, knowledge) while giving as few gems as possible to the criminal wannabes of the world? In other words, how can we bias the work and research towards the defensive, rather than progress that's either neutral or preferentially offensive?
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Naturally, fighting in the dirt with the black hats is a lot "sexier" and more entertaining than building highly robust and reliable systems which will guarantee future security. The popularity of honeypots with security hobbyists (as opposed to researchers) seems to be a result of this: people enjoy seeing the attacker flummoxed, feeling superior to him, defeating him. Yet this doesn't really result in the improvement of security against new attacks, and it arguably distracts from that purpose.
I'm interested to know where you see progress in security assurance, as opposed to scanning or blocking of old, known attacks. Who else, besides OpenBSD, is in the camp of improving the guarantees that systems provide their users: guarantees such as W^X, packet normalization, and so forth?
A recent SecurityFocus article talks about possible legal implications for people who administer honeypots (here). Do you feel that this is a legitimate concern, and have you or your colleagues run into any legal issues with honeypots or the use of Nmap and similar tools? Thank you.
nmap has obviously become a huge success in the *nix world. I would wager that practically all sysadmins and security folk use nmap. With this sort of use by such creative and lazy people, there must have been some interesting stories involving nmap, perhaps unusual uses of it, or funny anecdotes. Are there any you would like to share?
"I hate quotations. Tell me what you know." -Ralph Waldo Emerson
Currently attempts to secure networks depend on "band-aids" over inherent problems in the design of protocols and protocol implementations (software.) Relatively little effort has gone into solving security problems before they are created. I know IPv6 has taken some steps in the right direction - where would you start?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
We already have that in the states. It's called Mountain Dew Code Red.
I don't need no instructions to know how to rock!!!!
Why do you think system administrators (more so NT) do not have the ability to figure out what program/daemon is keeping the port open on their systems?
After a user uses nmap to enumerate open ports on their systems, what tools should they use to determine what prgram is keeping that port open?
in a negative manner?
Have you ever hacked into someone else's computer? Have you ever considered it? What would cause you to think of doing this? Would your tools (nmap, etc.) be enough to allow you to do this?
And if you haven't, why is that the case?
A modern firewall administrator has a very easy job, it seems--all her users care about is their DNS service and their Web access (and, with a good Web proxy, you don't even really need to have an inward-facing Internet-recursive DNS). Indeed, most users blithely assume that "The Internet" and "The Web" are the same entity.
A modern protocol designer has to choose between efficient data representation and firewall penetration. She will almost always choose the latter. Thus we have a thousand X-over-HTTP protocols, most of which are replicating services (like RPC) that are exactly what the firewall administrator was trying to block.
As everything becomes X-over-HTTP, how long will it be before we see stateful HTTP firewalls to block malicious kinds of data flowing over HTTP? And when firewall administrators again take the easy way out, blocking everything but "plain" HTTP, how do vendors send their data? Are we, in fact, turning the Internet into the Web? Eventually, it seems that application communication will just be a special case of a Web browser fetching a URL. By tunneling everything over HTTP, and eventually dropping even the tunneling, is the Internet in danger of becoming nothing but the Web--sure, there are other services running, but nobody but the occasional network admin on an un-firewalled network can reach them?
Jouster
My sister (a mac user) wants to set up a wireless node in her apartment. This worried me bwecause the building is fairly large and she lives right next to a fairgrounds which, as a singnificant collection point for both those-without-links and those-with-nothing-better-to-do, may significantly increase the incidenence of war driving. I told her that if she really wanted to keep people from messing with her link and computer she would need to set up a wireless *nix server with a firewall. This has proved somewhat problematic because of the limited help i am able to give her and I am wondering if there is something simpler we might be able to get away with. The kind of intrusion she is likely to deal with is probably going to be infrequent and casual.
I've been using nmap for quite some time now, and it's an excellent tool by all accounts.
My question is, do you plan to implement firewall discovery? Instead of just reporting what ports are open, you could report:
- closed
- opened
- filtered (no reply)
- firewalled (firewall reply)
Like suggested in the latest phrack.
How small a thought it takes to fill a whole life
I've been doing network security for a while now, but I still have yet to find a nice single sentence summary for why security is necessary, that is easily understood by everyone who hears it from the techie to the manager.
Do you have any suggestions?
It seems that many of the honey nets that the average hobbyist would run are built to attract a lesser cracker. What I mean is that ports are left open that normally would not be left open. Services are running that normally should not, etc. I that that a really smart fish would see this as nothing but a cheap lure and refuse the bait. Do you think it's possible to fool the really smart fish? Is is possible to bait with something enticing enough without tipping off the big fish? Does publication of your work make this task more difficult?
Wouldn't it suck if he'd just responded: ettercap.
Use blank instead. Nobody ever thinks of that one. And I mean literally "blank" not an empty one.
At present, nmap has limited ipv6 capabilities, are you going to add more ipv6 functionality in the near future?
All security experts have opinions on Trusted Computing, which goes under various names such as TCPA, Palladium, NGSCB, TCG, DRM,... The Slashdot community tends to say that this is security at the cost of freedom, and disapproves it. But not all rolemodels in the world of computers seem to agree with this. Linus Torvalds, who gave Linux its name, for example, openly blesses DRM. What do you think about Trusted Computing? Do you see it as an additional value to computers, or more as an erosion of our freedom? And even more important, why do you think so?
Background info: Linus Torvalds blesses DRM
Bravo!
I spend a lot of time reading and training myself on how to prepare myself and the systems I manage against attacks and other hostile acts. I find much of this to be a fairly linear technical task.
I often find myself at a loss as to how to help train the end users at my company on how they can help insure the security of their systems and help prevent things like social engineering attacks and what good password practices are.
I usually run into problems of user apathy, training materials or discussions being too technical, or trying to apply to technical training techniques to sometimes non techncial problems such as the aforementioned social engineering attack.
Have you found a good way to educate largely non technical end users on ways that they can help contribute to the overall security of the systems of the company they work for. What should be included in the training? What should be left out?
Thanks
What are the latest advances in fingerprinting networked devices that seem most promising to you?
I have started reading papers on HTTP fingerprinting and such and wonder how these will figure into the NMAP architecture.
What are the most elusive OS's that aren't on the NMAP OS fingerprint database?
What was it like to prove that sdem was a manporn loving closet faggot? Wasn't the fallout from that little incident hilarious? He was "on vacation" or "moving" or something like that for 6 months after you exposed him for the pillow-biter he is. Anyway, good job.
A Troller
How do I secure my NT network?
How do I secure our network from black hats, white hats, fake hats, and ass hats?
Wanna do some recon?, Maaann!
Given the many ways in which I can make a machine
a passive listening device on the LAN to gather information (even in a switched environment), do you
see future security focusing on authentication mechanisims on the LAN, even for the simplest of things (e.g. to get connected to a switch, to allow a MAC address, etc)? Going to a larger scale, do you see something like this taking place on the WAN? Lets say (putting on my lets get nasty hat) Microsoft Palladium (.net, NM$FPSG, whatever they call it now) authentication + your MAC addres s just to get connected to the net?
Obviously, as time goes on we'll be getting new technologies such as self-configuring networks and networks with some level of conscienceness capable of detecting and stopping break-ins as well as doing a number of mundain things such as patching automatically and updating software. The current nearly 20 year old approach to compromising these networks through software exploit or social engineering will be nearly impossible to do from right off of the bat as we've all seen them before; what kinds of attacks do you anticipate happening on these kinds of networks and what do you think the technician will be doing to stop them?
Candy-Coated Knowledge
As network and firewall systems become more and more sophisticated, do you think that the influx of hackers will fall or rise in repsonse to this new challenge?
What about scanners such as NMAP, do you feel that tools such as this will be used increasingly more, as scanning for vunerabilities becomes more and more part of the hackers routine and sometimes the only way to tunnel an attack?
Murphy's Law of Research: Enough research will tend to support your theory.
--it seems like most of the emphasis is on enterprise networks, but that still leaves millions and millions of home machines and small home networks just stuck. What do you see as some of the trends and solutions for those people? Their data and system integrity is just as important to them as any corporations is, and usually not having the appropriate skill set, is even harder to implement.
Did you really, as alleged, breach your way into a juvenile's network and alter the contents of his PC? And if so, was it really over his posing as a female wanting to meet you at a Linux convention? If these things are true, why did you not exercise restraint and turn the other cheek?
We've made a lot of progress with open source intrusion detection devices (IDS) in the last few years, with SNORT many times beating out similar offerings from commercial companies.
But so far, we have only been attempting to detect and report possible intrusions into private networks or studying attack vectors using Honeypots.
There has been a lot of talk lately about the possibility of using independent worms that fix vulnerabilities in network hosts so that those hosts aren't used as an attack vectors to compromise/disable other hosts.
Instead of just detecting and reporting intrusions or active worms fixing vulnerabilites, how do you feel about having IDS systems reporting to a host/daemon that would then launch protective countermeasures against the possible detected intrusion?
Thanks. BTW, Nmap ROCKS!
Your mom always said, a PB&J is better than nothing, and God is nothing, is a PB&J better than God?
Informed design decisions in classical engineering use estimates of cost, correctness and performance to pick the best solution. In security, much of the selection seems to be "a matter of taste", but perhaps it shouldn't be. Given two competing solutions to security problems, how do you propose that the user measure the solutions fitness to make an informed design decision?
> The password to the root account on my server is "password"
Not anymore!
How did you manage to make nmap so goddamn slow?
Kinda new to this, so please bare with me if this has been done/dismissed/outlawed:
I'm the admin of a small (50+) network in a graphic design house. We've got our firewall, we use snort for NIDS, but I want to take things to the next step...a proactive defense, if you will.
I'm interested in writing, or aquiring, a nasty little virus to live contently in all of our workstations and servers. All of our hardware would be "innoculated" to prevent the little beastie from bothering us, but once an "outsider" has compromised our attempts to keep our LAN secure, that little bugger will go to work.
I'm not proposing anything malicious here, just a buggy (but polite) message that says "If you want this message to go away, please contact xxxxxx at yyy-yyy-yyyy. Your computer will now shut down."
I'm already advertising that this system is in place...our clients, and vendors are aware that if they were to come across such a message, they should pop in the provided "Innoculation CD" (filled with pure gibberish). I suppose that if this were ever put in place, I would have to distribute "updates". I figured this would also buy me some time if the (insert your favorite acronym here) came knocking at our door with a search warrant.
Been-there-done-that, or am I on to something?
Thank you for taking the time to answer questions from the Slashdot community. A while back a Slashbot named Sub Duex Ex Machina (aka Sdem) created an account in the persona of a very attractive Linux booth babe. Apparently at some point there was some serious flirtation between you and this booth babe.
Once the truth was revealed, you were understandably angry at Sdem, and you proceeded to hack into his poorly secured W2K box. Although you did nothing malicious to it, you did post screenshots of his various goings-on to your website.
My question for you is this: Although Sdem's actions were rather sleazy, I'm wondering how far you can go to retaliate. Do you have a moral and ethical priviledge to access another persons computer? If so, how far can you go in your actions once you've accessed it? While meer screenshots are fairly harmless, would you have been justified in deleting his hard drive?
Thanks!
C - A language that combines the speed of assembly with the ease of use of assembly.
Oh wait, what was your last name again?
Sorry Fyodor, but I have to say that netcat beats nmap as a port scanner. :)
nc -vv 10.0.0.17 21
nc -vv 10.0.0.17 22
nc -vv 10.0.0.17 23
nc -vv 10.0.0.17 25
nc -vv 10.0.0.17 79
nc -vv 10.0.0.17 80
nc -vv 10.0.0.17 110
What would be good reference material to use as a guide to develop secure applications?
How did you choose computer security as your main field? Many people have interesting stories or anecdotes. All for that matter, how did you happen to devle into the computer world? I find history for amusing and entertaining!
Do you think that with the very large address space of IPv6 that random scanning for a certain port will die off? (I notice nmap doesn't support random IPv6 address scanning - maybe you've already come to the same conclusion?) Simply put, the chances of finding a machine if it's not advertised anywhere will be very much reduced. Will this make people lazy and complacent, trusting on the large numbers involved to protect them?
Get your own free personal location tracker
P.S. For everyone else, I've had the privilege to work in a small way on an information sharing project to build on Fyodor's mailing list archives & I'm here to testify that he lives up to the standards he sets.
"Obviously, I'm not an IBM computer any more than I'm an ashtray" (Bob Dylan)
After the whole sdem incident, I have a question.
After someone has proven that they are willing to abuse their 'skills' to settle a personal vendetta, why should anyone in their right mind trust them? To put it more generically, after some one in the 'security community' crosses over the line, how do they come back from that. Or do they?
I lurked in trolltalk at the time, and I remember the whole thing clearly. Speaking just for myself, if I were to make the decisions about which tools were to be used in my company, nmap would be on my blacklist.
IpChains? Netfilter/IpTables ? Pair of wirecutters? Pair of dykes with shotguns and bad attitudes?
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
do I become a Karma whore?
Are there any efforts afoot to combine the ip stack fingerprinting techniques of nmap -O and xprobe2? The combination would about have to be better than the sum of the parts.
If this is true, and there's some strong evidence that it is, Fyodor needs to address it. If Slashdot is really doing interviews with criminals and blackhats-disguised-as-whitehats, that also needs to be addressed. I'd rather see this go into the interview than all the warm-fuzzy "what's your favorite color" questions that are currently sitting at +5.
Fyodor, how long did it take you to enhance nmap to support the new IPv4 security bit (RFC) introduced just over a month ago? Or will security tools such as nmap become unnecessary once this new bit has been universally adopted?
I think I speak for many people here: why is Nmap 3.0 so much slower than 2.53 ? /24 network. 2.53 would take about 1.5 seconds, but 3.0 takes up to 3 minutes to complete. Even using the -T switch it's still much slower.
For example, I use it to ping-sweep my local
The IRC server in question was none other than Slash.net!!
As an author of a security book and of a well known security application, how much do you feel code cleanliness/quality affects security of products? ... Or do you feel that only a very few products should worry about security?
For instance from looking at nmap-3 it's, ignoring the style, littered with magic numbers _esp_ for things like size of an array of char (which is the only concept like a "string" that nmap has) and also more than a few obvious misuses of strncpy() etc. to go along with it.
Contrast this with other security concious programs, like vsftpd and postfix, and it's like the difference between night and day.
Obviously anyone putting nmap at the end of a CGI is just asking for pain, but one traditional view is that this isn't wouldn't be the problem of nmap ... but of whoever decided that it was security concious, not just a "security" application.
ustr: Managed string API with ave. 44% overhead over strdup(), for 0-20B
irc.trollaxor.com
Overall, how do you feel about Microsoft's Palladium, and efforts in general to only allow signed code to execute on processors in order to prevent buffer overflow and other attacks? Do you think it is necessary to keep security one step above the black hat community, or does it carry to many risks as far as open source is concerned?
I mod down pyramid schemes in sigs.
I've been a big fan of Fyodor's nmap from the moment I discovered it in Phrack -- thought the OS fingerprinting scheme was pretty damned novel for one thing -- and it's made it into my standard security kit. But this event, if true, is pretty disturbing (from both sides!) and deserves elaboration. No other field in the computer industry requires the level of trust placed in our security professionals, the best of which ironically honing their skills on blackhat activities, and this makes me reconsider the trust I've had in nmap.
Did this really happen?
Who would be such a doofus to mod this down as "Overrated"?
northvietnamesearmy.ftso.org
#trolls
I thought he asked "what is your favorite food".
Well then, I began to wonder, hey what is Fyodor's favorite food?
Is he a classic Coke and Pizza, or is he one of these new-age Red Bull and tofu eaters?
What fuels your brain Mr Fyodor? I ask, cause I want to be as good when I grow up!
Please get your facts straight before posting to Slashdot. We'd hate to have the quality of journalism lowered.
Evidence?
Here's all the evidence you'll ever need.
Or "World's biggest biter bites back."
Some people would leave it at "YHBT" and walk away. This is S.O.P. on Slashdot. So when I posed as a hot LinuxWorld booth babe in a Slashdot poll [slashdot.org] (if you'll read that comment, you'll see that it wasn't even remotely credible-sounding) and left an email address, I got quite a few messages from lonely Lunix geeks hoping to hook up. Wanting pictures, naked pictures, etc., the kind of tactless crap you'd expect from someone who's still alone in their mid-30s.
And so I recieve the email from Fyodor, out looking for love. I emailed him back, letting him know he'd been trolled. "Don't feel bad, it happens to the best of us." So he emails me back telling me, among other things, that he regularly trolls mailing lists for women and that chances are, sooner or later, he'll find a willing warm body. So, like, the odds are in his favor. So he tells me. Anyway, he sounded none too happy.
So I mentioned him as one of the respondents on Trolltalk, with something like "look at the bunch of wankers I got who actually believed me enough to email me!". Apparently, this is enough to justify hacking my computer and invading my privacy for 9 hours, according to him. This happens a week or two down the road from the original posting in Trolltalk. So I load Trolltalk one day to find out he's made an entire webpage filled with screenshots from my computer and lots of personally identifying information (my full name, home address, everything) while telling me that I'd better change all my passwords quick, because he stole those too.
All this for getting suckered in by an obvious troll and getting called a wanker as a result. Earth to Fyodor: grow the fuck up. Sheesh, what a sociopathic crybaby.
For reference, you can see an archive of Trolltalk from the period here [trollaxor.com]. Scroll down a little to find Fyodor's posts and the subsequent responses.
Sure the users of a system can't have everything, but what the designers can do is provide an analysis of what the trade-offs are. A good designer reduces uncertainty and guides the user to alternatives that best meet (or come close to meeting) a user's needs prior to deploying the solution. Knowing is much better than guessing.
Reading much about all the exploits and patches an administrator has to apply and being aware that management knows less about security than productivity. What would you suggest them how to rate the quality of their security administration ?
That is would you, say, be hapier if nobody breaks in, even into the honeypots, as this yields secure setups. Or is someone able to deal with incidents the better administrator ? Or the guy writing his own defence mechanism ?
Where's my Rate all button gone?
-- Hulver's site
In the early days of Firewalls and other forms of Internet Security devices, the Proxy was the security mechanism of choice. Then along came "Stateful Inspection" which has won out because of performance. However, it has always been known that a proxy approach was, inherently, more secure (or at least could be made so). As hardware makes the performance advantage of Packet Filtering negligible, and more and more attacks become application-based, do you see the trend returning to proxies, or something else?
Apart from the obvious, such as ISPs filtering UDP packets that don't match their network ranges, and broadcast mechanisms having problems scaling, do you have any other insights to offer us?
Get your own free personal location tracker
(Note: For those of you that haven't seen the movie, do NOT mod this down. For those of you that have and were paying attention, you'll know what I'm talking about.)
:)
Did you at least get some free movie tickets?
THE MATRIX RELOADED SPOILER ALERT
.
.
.
.
I saw The Matrix Reloaded yesterday and, at that pivitol moment, yelled "Holy SHIT! Trinity's using nmap!".
Other's in the theater were less than pleased.
In this message, you say you did the "r00t dance". Can you please demonstrate the r00t dance for the Slashdot audience?
There is no spoonist.
While *nix-based OSes are forging their way towards the desktop, Windows is the most popular desktop OS. How secure do you think users make their Windows boxes? How secure are the firewalls that people put up (ZoneAlarm, BlackICE, etc.)? How many Windows users do you think get their machines broken into?
I'm curious: with advances all the time in Ergonomic Theory, and with the quantum computing on the horizon, it seems that trapdoor (one-way) functions as well as large-prime encryption (RSA) are on their way out.
Do you have any idea what the next wave of crypto will look like? Also, what are your views on the advantages (if any) of analog computing for crypto, due to the continuous rather than discrete nature of the signaling (and, hence, introduced noise becomes MUCH more problematic to an attack)? I'm curious to see what you think, because in 2 years I may well be an architect in some of these things.
Your real name is not Fyodor.
Why did you choose this particular pseudonym?
I'd like to hear the answer to this, as well. Was Fyodor engaged in some vigilantism, or legitimate self-defense?
Have you been slashdotted? And if so, how does it feel?
--
cHris
On certain days of the month my wife doesn't let me near her honeypot
Taco only wants to submit boring idol-worship to Fyodor. Anything that might put him in a somewhat negative light or actually bring up an interesting discussion, well, that can't be allowed to happen!
(Score:4, Troll):
Moderation +3
30% Troll
40% Interesting
20% Underrated
Wow, Slashdot Math really rocks.
Attention moderators: parent post is not a troll. Fyodor hacked Sdem in August of 2002.
All these claims are uncorroberated, and conflict with other accounts of the incident in subtle ways.
For example: the method AC claims was used to get the "victim's" IP address is different from that claimed in a different post.
I smell trolls.
Life is too short to proofread.
they should whip up a iptables rule-set...everybody knows that!!
This question is part of a troll slander campaign. They worked together to mod it up to 5, and then when users slapped it down, they launched a coordinated campaign to bring it back up. Trolls certainly are persistent.
-ph0t0n
Wow! You made an account *just* to post that! Well done, dipshit, well done!