Slashdot Mirror
Slashback: Blaster, Sabers, Canada
Art of the Saber Jagaast writes "As a counterpoint to all the hype about the Star Wars kid, here's a Star Wars fan film that's actually very well done. Art of the Saber is 'a light saber fight sequence with the flavor of a Hong Kong martial arts action movie.' Well worth watching." Update by J : I've made torrents available.
Vote early, often, and reversably. An anonymous reader writes "As a follow up to a previous story here on Slashdot on electronic voting, Excite has a story on the same subject with a bit more information including this amazing quote from Deborah Seiler, Diebold's West Coast sales representative: '"These activists don't understand what they're looking at," Seiler said.'"
GSM-crack paper online morcheeba writes "Copies of the GSM-crack paper described in last week's Slashdot article are now available online (PDF) thanks to John Young's Cryptome"
Mandrake ads...take 2 *no comment* writes "Apparently there has been some controversy over the ads in the upcoming Mandrake 9.2. I thought it was pretty cut & dried, but apparently Mandrake thought it was enough of a controversy to to release a written statement about it. I wonder how many flames were posted in the slashdot forum using the download version of Opera."
Blaster Worm still alive and well on MIT campus fwc writes "MIT still has 900 network drops disabled due to the Blaster worm infection. Of particular interest is that MIT network security requires users to reformat their hard drive and re-install their operating system before they get back on the network. Sounds like a good excuse to reinstall something other than a Microsoft operating system."
A big AWOOOGAH for Canadian file sharers.
Rumor writes in response to a recent story suggesting that Canadian users could swap files scot-free: "Listen, Canadians, don't go using your p2p apps and thinking you are immune from lawsuit, you are liable for copyright infringement if you share files on p2p apps.
To wit: a fellow law student and I have written an
analysis of s. 80 of the Copyright Act and we've
concluded that one can download music safely under the Private Copying provision, but no one can share or upload files without infringing on copyright.
In a nutshell, Private Copying allows anyone to make a
copy of a song purely for their own use. As you
probably know, when you share files and someone
downloads from you, what actually happens is that
their computer makes a request and your computer
actually sends the file to them. Thus, you're copying
for someone else's use and infringing. It doesn't
matter if you didn't realize that's what happens,
either... intent is not required for infringement.
The upside is that you can accept copies from other
people (ie. download) all you want. Although there
might be an issue of contributory infringement to
worry about... I won't go into analyzing that, since
so far the record companies are only suing uploaders.
The article can be found on greplaw.
I've recently confirmed this analysis with an IP law professor at my university, so I'm pretty damn sure of it. So, please, be aware of this danger. Downloading cool, uploading/sharing not. I
guess the situation still better than nothing."
Why not ask for your money back? zaaj writes "There are several articles out about a newly found/fixed(openssh.org) buffer management bug in OpenSSH and some derivatives. Cisco's Advisory only mentions DoS attacks against certain of their SSH-enabled devices, but ZDNet's article hints at rumors of long-existing root exploits. Regardless, RedHat's got their typical list of updated packages with the patch back-ported. A few other distro's have info in the vendor section of Cert's advisory CA-2003-24"
Any reason this is in the Apache section?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2003-0682
may I suggest a nice bottle of '01 -fstack-protector?
That's a draconian policy if I've ever heard of one!
To reformat you need to backup - and if you have more data to backup than some puny CDRs? and you can't get on the network to backup onto your friend's gigantic file server that he has kindly carved out a nice chunk for you for a week? and I have a laptop so it's not exactly a good idea to be pulling drives out?
all practical concerns I'd face if I was part of the MIT network - but glad that I am not on the MIT network, and that blaster didn't come my way. heh...
poor suckers who'd have similar problems with me, though - maybe that kind of explains why there are still so many people un-connected... they are all looking for used tape drives...
My life in the land of the rising sun.
Well you could ask for everything at once. All you'd have to do is generate a text file 9238472093847 lines long saying:
...
...
Is bit 0 a 1?
Is bit 1 a 1?
Is bit 2 a 1?
Is bit 3 a 1?
Then gzip it and send it via some standard TCPIP protocol.
The server would then just generate a similar file saying:
Yes, bit 0 is a 1
Yes, bit 1 is a 1
No, bit 2 is not a 1
Yes, bit 3 is a 1
The unofficial
How about protocols like BitTorrent?
Although I might "share" a file, I never give away the whole thing. I only offer very tiny bits of a file to anyone who asks.
AFAIK, copyright law permits giving away small"excerpts" of copyrighted materials.
So provided I never permit upload of the whole file to a single downloader, would I be in the clear?
my
... because it's a heap buffer. Furthermore, it's not a simple buffer overrun, but an error in reallocation. As far as I've seen, there are no known exploits of it either. If there are, please link.
I hereby place the above post in the public domain.
As someone who works for Network Security, I feel I have to chime in here.
:-p
Basically, what Chris said was right. A format and reinstall is the standard response to a root-level system compromise, which the RPC vulnerability leaves a system open to. It's also enough of a pain in the rear, that people don't want to have to do it again.
Furthermore, Network Security only has two full-time staff members, a handful of student employees (the category I fall under), and a handful of volunteers from here & there. Under normal loads, we don't have the resources to do forensics or any type of individually tailored recovery advice. With the thousands of computers being compromised on campus, it's the quickest (and easiest, believe it or not) solution for everyone.
Give us a break, this thing has generated way more overtime hours than any one (or two now) security hole(s) should be allowed to do.
-------------------------------------------
I like nonsense, it wakes up the brain cells.
-- Dr. Seuss
I realize that this thread is mostly in jest, but you're all missing the bigger point. The problem isn't the actual transfer of the file.. its indexing the files that are available. How can you legally say to the room-temp-IQ crowd that "I have a song here, but its not available.. sorta.." and still get away with it?
Remember those college students that just ran an indexing web page listing all of the songs on their fellow students' shared folders? They didn't share the files themselves, but they're now working their way out of debt thanks to the RIAA.
There are hundreds of ways of actually transfering the file without attracting undue attention (Waste would be my favorite at the moment). But how do I find the person who has that file that I want when he's not telling the world that he has it because the world includes that suit-happy association whose business model it obliterates?
How do I find that person?
Seriously, I want to know. I'd like to borrow some of his/her CDs for personal use. Of course, I have some to lend as well...