Slashdot Mirror
Slashback: OSX Security, DoD Filtering, Anonymous Posting
University of Wisconsin's Mac OS X Challenge. HABITcky writes "The University of Wisconsin Security Challenge has ended after 38 hours, intermittent DoS attacks, 4000 ssh login attempts, a bandwidth spike of 30 Mbps, and 6 million logged ipfw events. During this time there were 'no successful access attempts, nor any claims of a successful attempt.' You may remember this challenge was proposed in response to the 'woefully misleading' ZDnet article, Mac OS X hacked under 30 minutes, which was previously discussed here on Slashdot."
Skeptics investigate cold fusion.smooth wombat writes "As a follow-up to a previous Slashdot posting, Purdue University is investigating the claims of Rusi Taleyarkhan who claimed in 2004 to have created nuclear fusion at room temperature. The investigation came about from complaints from colleagues who suspect something is amiss. Taleyarkhan, who used to work at Oak Ridge National Laboratory, has, since working at Perdue, removed the equipment the co-workers were using to try and replicate the results, claimed results for experimental runs were positive for fusion despite the co-workers never seeing the raw data and opposed the publication of results which contradicted his findings."
More on DoD web filtering. timetrap writes "I work in a mobile combat communications unit, while I'm not in the sandbox right now, I can attest to the DoD policy on blocking web access. First of all when you are down range don't expect to even get DSL speeds from a satellite, we usually roll with about 256kbs for the data side of our trunk. So blocking sites is very important, otherwise 4 or 5 people could start streaming audio and pretty much knock down any legitimate use of the network. We filter websites with smartfilter and yes the military system admins in the IPO office will unblock any web site that isn't blocked by local policy (no pr0n, no streaming audio, no civilian web mail: both the hot and the g varieties, and no chat programs; although irc is used by the DoD) This is no Orwellian conspiracy, but quick and easy system administration; apply smartfilter: check! If you want to check the current smartfilter blocked sites goto: securecomputing and submit some sites to check." Slashdot's own Jamie took a look at Smartfilter back in '99 as a part of the Censorware project and it still remains a mysterious black box to this day. While some would advocate full disclosure using censorware still appears to be merely passing the buck.
AT&T cuts 10,000 jobs after BellSouth merger. mytrip writes to tell us that immediately following their $67 billion acquisition of BellSouth, AT&T plans on cutting about 10,000 jobs.
More child-proofing efforts for MySpace. conq writes "BusinessWeek has an interview with Connecticut Attorney General Richard Blumenthalin in which he describes measures MySpace and other similar sites should take to protect children. From the article: 'We're going to be suggesting some very specific measures that MySpace can take based on our conversations with MySpace as well as with other law enforcement authorities at the state and local levels. We've received hundreds of complaints from parents who are concerned about these issues, and we want to be sure that the measures we propose are technologically feasible and financially viable.'"
Why Windows Vista will Suck: a rebuttal. shrapnull writes "Hot on the heels of Extreme Tech's 'Why Windows Vista Won't Suck', Steven J. Vaughan-Nichols has an alternate position posted on DesktopLinux, and sent to subscribers of Novell's 'Suse Linux Cool Solutions' newsletter."
Harvard researcher punished for reporting bugs. Guillermito writes "A story previously discussed came to a sad conclusion two weeks ago. The bottom line is this means that it is forbidden to use reverse engineering tools to find bugs in a software. You also have to prove that you own a valid license for each version of the tested software. To publish a proof of concept that contains a few dozens of copyrighted bytes is also forbidden. It's a nice precedent for any company selling a defective product."
Assemblyman Biondi backpedals on NJ anonymous posting bill. Quadraginta writes "Earlier, denizens of Slashdot reacted to a story about a bill to be introduced to the New Jersey legislature that would require hosts of forums, bulletin boards and the like to keep track of the real identity of anonymous posters. Seems like there was a strong reaction all over. Assemblyman Biondi now appears to be backpedalling furiously. From a letter quoted after the link: 'I am getting inundated with responses which I will review and use to better educate myself on the implications of this bill. If, after reviewing all of the correspondence and the opinion of OLS, it turns out that the bill is, in fact, unworkable, I will certainly reconsider and withdraw it.'"
A followup on Chinese TLDs. nqz writes "In this story on ComputerWorld, ICANN and the China Internet Network Information Center (CNNIC) both dispute a previous story discussing China's new top-level domains containing Chinese characters."
CIO = Chief Information Officer
[Fuck Beta]
o0t!
It did, in the old days. They rewrote it a long time ago, I think in the jump to Nt 4.0. The userspace command line tools are still BSD based in XP though.
AFAIK, there are no voices giving out any other viewpoint(s).
You can read an in-depth review of the matter here:
http://www.petitiononline.com/mmfa2/petition.html
The petition was created by the people at Media Matters
[Fuck Beta]
o0t!
"I work in a mobile combat communications unit, while I'm not in the sandbox right now, I can attest to the DoD policy on blocking web access.
There are several levels of DoD blocking. First, the DoD policy on web access, policy, and security in general, very broad, next is the Departments level, i.e. Army, Navy, etc, then there is the base policy and then the command policy and unit policy all the way down to the company. The "general rule" is that no one can have policy rules lower then that of above. This means a platoons policy can not be more lax then the base policy. This sort of transitive policy based appliance leaves much room for interpretation at all levels of policy implementation. Every service is different, every level is different and every network right down to the hardware is different. So, when you talk about blocking you have to be very specific as it is nearly impossible to just nail down an exact, cut and dry policy. Web content filtering, ACL's and the likes are different from service to service and mission to mission.
First of all when you are down range don't expect to even get DSL speeds from a satellite, we usually roll with about 256kbs for the data side of our trunk.
This is too far from the truth depending on the environment. The Ku band in Iraq is quite substantial in fact the smallest direct BGP Sat link might be a T-1 up to 8 and 32Meg or so via a Sat package called the DKET. This is speaking for the Marine side by the way. Also lateral links are about 3Meg at the smallest level via another Ku Sat package. This of course has its caveats. At this level we are talking about a non-mobile infrastructure were as a mobile infrastructure would be a Microware shot thru a TSR or MUX link at anywhere from 96k to 512k or more depending on voice needs and breakdown of classified to unclassified network needs. (Data bandwidth is shared between the two types of DoD networks when multiplexed, voice generally rides its own trunk card thru the multiplexer, typically a Promina node does this multiplexing or at lower levels in the unit they have what is called an FCC multiplexer)
So blocking sites is very important, otherwise 4 or 5 people could start streaming audio and pretty much knock down any legitimate use of the network. We filter websites with smartfilter and yes the military system admins in the IPO office will unblock any web site that isn't blocked by local policy (no pr0n, no streaming audio, no civilian web mail: both the hot and the g varieties, and no chat programs; although irc is used by the DoD)
This is somewhat accurate. From the Corps standpoint, when I first went to Iraq this was not the case. We could chat all day long until it was "locked down". This is done at the BGP point via the highest headquarters out there, CentCom etc. Even then it isn't full proof, I found ways around it, i.e. bypass or just good ole bribing the E-3 at the terminal.
This is no Orwellian conspiracy, but quick and easy system administration; apply smartfilter: check! If you want to check the current smartfilter blocked sites goto: securecomputing and submit some sites to check."
Once again, take this with a grain of salt. Though this seems like it applies to all agencies and to all services at all times it really doesn't. The mobile and deployed units are in constant flex so nothing is really ever solidified when it comes to policy. The ONLY real way to know for sure is to go out there and site down behind their network and try it yourself, or ask someone you know out there to do it. I have a couple dozen friends out there right now on the Net Admin side so if you have a specific inquiry post it and I will see what I can come up with.
Would be nice to see something like this for all platforms.
Well it's not exactly identical, but one of the people who works on SELinux has been running a test machine on and off since Fedora Core 2. Details are here. Similar to the OS X box that was hacked in 30 minutes he does have SSH open and provides you with local account access, the local account being root. I wouls suggest that that shows a certain amount of confidence in its security. Also note that SELinux is coming to Ubuntu soon.
Jedidiah.
Craft Beer Programming T-shirts