Slashdot Mirror
Slashback: OSX Security, DoD Filtering, Anonymous Posting
University of Wisconsin's Mac OS X Challenge. HABITcky writes "The University of Wisconsin Security Challenge has ended after 38 hours, intermittent DoS attacks, 4000 ssh login attempts, a bandwidth spike of 30 Mbps, and 6 million logged ipfw events. During this time there were 'no successful access attempts, nor any claims of a successful attempt.' You may remember this challenge was proposed in response to the 'woefully misleading' ZDnet article, Mac OS X hacked under 30 minutes, which was previously discussed here on Slashdot."
Skeptics investigate cold fusion.smooth wombat writes "As a follow-up to a previous Slashdot posting, Purdue University is investigating the claims of Rusi Taleyarkhan who claimed in 2004 to have created nuclear fusion at room temperature. The investigation came about from complaints from colleagues who suspect something is amiss. Taleyarkhan, who used to work at Oak Ridge National Laboratory, has, since working at Perdue, removed the equipment the co-workers were using to try and replicate the results, claimed results for experimental runs were positive for fusion despite the co-workers never seeing the raw data and opposed the publication of results which contradicted his findings."
More on DoD web filtering. timetrap writes "I work in a mobile combat communications unit, while I'm not in the sandbox right now, I can attest to the DoD policy on blocking web access. First of all when you are down range don't expect to even get DSL speeds from a satellite, we usually roll with about 256kbs for the data side of our trunk. So blocking sites is very important, otherwise 4 or 5 people could start streaming audio and pretty much knock down any legitimate use of the network. We filter websites with smartfilter and yes the military system admins in the IPO office will unblock any web site that isn't blocked by local policy (no pr0n, no streaming audio, no civilian web mail: both the hot and the g varieties, and no chat programs; although irc is used by the DoD) This is no Orwellian conspiracy, but quick and easy system administration; apply smartfilter: check! If you want to check the current smartfilter blocked sites goto: securecomputing and submit some sites to check." Slashdot's own Jamie took a look at Smartfilter back in '99 as a part of the Censorware project and it still remains a mysterious black box to this day. While some would advocate full disclosure using censorware still appears to be merely passing the buck.
AT&T cuts 10,000 jobs after BellSouth merger. mytrip writes to tell us that immediately following their $67 billion acquisition of BellSouth, AT&T plans on cutting about 10,000 jobs.
More child-proofing efforts for MySpace. conq writes "BusinessWeek has an interview with Connecticut Attorney General Richard Blumenthalin in which he describes measures MySpace and other similar sites should take to protect children. From the article: 'We're going to be suggesting some very specific measures that MySpace can take based on our conversations with MySpace as well as with other law enforcement authorities at the state and local levels. We've received hundreds of complaints from parents who are concerned about these issues, and we want to be sure that the measures we propose are technologically feasible and financially viable.'"
Why Windows Vista will Suck: a rebuttal. shrapnull writes "Hot on the heels of Extreme Tech's 'Why Windows Vista Won't Suck', Steven J. Vaughan-Nichols has an alternate position posted on DesktopLinux, and sent to subscribers of Novell's 'Suse Linux Cool Solutions' newsletter."
Harvard researcher punished for reporting bugs. Guillermito writes "A story previously discussed came to a sad conclusion two weeks ago. The bottom line is this means that it is forbidden to use reverse engineering tools to find bugs in a software. You also have to prove that you own a valid license for each version of the tested software. To publish a proof of concept that contains a few dozens of copyrighted bytes is also forbidden. It's a nice precedent for any company selling a defective product."
Assemblyman Biondi backpedals on NJ anonymous posting bill. Quadraginta writes "Earlier, denizens of Slashdot reacted to a story about a bill to be introduced to the New Jersey legislature that would require hosts of forums, bulletin boards and the like to keep track of the real identity of anonymous posters. Seems like there was a strong reaction all over. Assemblyman Biondi now appears to be backpedalling furiously. From a letter quoted after the link: 'I am getting inundated with responses which I will review and use to better educate myself on the implications of this bill. If, after reviewing all of the correspondence and the opinion of OLS, it turns out that the bill is, in fact, unworkable, I will certainly reconsider and withdraw it.'"
A followup on Chinese TLDs. nqz writes "In this story on ComputerWorld, ICANN and the China Internet Network Information Center (CNNIC) both dispute a previous story discussing China's new top-level domains containing Chinese characters."
I dunno. I would think a massive, pipe-clogging bandwidth spike, which resulted in the removal of said site, would qualify as a successful attack.
I guess it all just depends on exactly what you want to do.
Chas - The one, the only.
THANK GOD!!!
University of Wisconsin's Mac OS X Challenge. HABITcky writes "The University of Wisconsin Security Challenge has ended after 38 hours, intermittent DoS attacks, 4000 ssh login attempts, a bandwidth spike of 30 Mbps, and 6 million logged ipfw events. During this time there were 'no successful access attempts, nor any claims of a successful attempt.
I think it is woefully misleading to not mention that the challenge was ended early!
Pretty sure it was because the university did not like the increased server load it was getting, and it wasn't something that the university approved to begin with.
Would be nice to see something like this for all platforms. The only question is how valid is the test, since the security of computer depends as much on the network security around it, as the machine itself.
Well, if it's ever done by Apple, it would best be done as a tool to actually help find security vulnerabilities, rather than as a marketing effort. To that end, I'd suggest whatever configuration would best expose those vulnerabilities.
A similar test for local vulnerabilites would also, obviously, be quite valuable (as the ZDNet test showed).
I'm not a marine, but I do work for the DOD, and I can tell you that most political websites, right or left, are blocked. Again, not a conspiracy, just simple work place web surfing management. When you're on a network that doesn't belong to you, or that you don't pay to have access to, you shouldn't complain about the policies in place. I don't bitch at my friends for not letting me fuck their wives when I come to visit their houses.
Note to self: No more arguing with the faithful.
I read that pile of crap that somone claims to be an article about Why Vista Will Suck and all I got out of it is this guy is a $%@^$@# idiot. Great, he's got a copy of Vista and a fast machine. Most of his complaints can either be dismissed because Vusta is still a BETA or not attributed to Microsoft at all. Is it really Microsoft's fault if you're not careful around your USB drive? And who cares if Linux and Mac OS X have had feature X for years? Isn't Vista going to benefit from using feature X if everyone else has? How can this be a reason why Vista will suck? Isn't this more of a reason why Microsoft's marketing managers suck? What about his anecdotal argument concering security? There was a patch for the WMF swcurity hole. Let's analyze the argument. First of all, the patch was released in January. The CTP was released in February. You do the math. Not to mention that perhaps there was an old portion of XP in the January release of Vista that's since been removed from the February CTP. Did Stephen check? Probably not. If security patches being released for an OS are all the proof he needs that it's insecure than he'd better add OS X and Linux to the list. All in all, this was a poorly written and researched article with little evidence to back up his claims.
Speaking of "superfetch", arn't most USB storage devices running on flash memory? Flashable memory does tend to stop working after a certain number of flashes. Moving in and out huge ammount of data will seriously shorten the life of these devices.
Seriously though, I would like Microsoft to improve their caching abbilities using the system's RAM. For now, Windows only has two setting. To cache minimally, or maximally. So what do I do when I got 2GB of RAM, want a run a 300mb application and cache the rest? According to Microsoft, they recommend not to cache because Windows will store that application in the paging file. Talk about stupidity.
Seriously, if mainstream applications would be ported to Linux, more people would switch.
The hip way to get your IP. No ads, ever.
More like the campus IT head went ape shit regarding the amount of bandwidth eaten up by this contest.
I'm not a Troll, it's reverse psychology.
"Digg.com is eating slashdot alive right now. Better stories, better tech, better forum. It's only a matter of time slashdot becomes irrelevant unless they can turn it around."
I really hope a lot of people leave Slashdot for Digg because the only people that read Digg are complete and utter morons. The intelligent people have already realized that Digg is complete garbage and the idiots that are to stupid to understand that can flock to the idiocy that is Digg. It only makes the community here better by filtering out some of the morons. Digg reminds me of an AOL chat room that is filled with nothing but below average script kiddies...
Digg is the perfect example of what's wrong with all this "Web 2.0" garbage. Flashy website that's incredibly bloated with no real content and a horribly dumb community.
And a new computer to support it, at least according to him.
We're going to be suggesting some very specific measures that MySpace can take based on our conversations with MySpace as well as with other law enforcement authorities at the state and local levels.
Not sure what the point of this article is, he doesn't even say what his "specific measures" are. Probably just some political move.
I don't know what the big deal is about myspace, just politician noise, I guess. What kind of 14 year old girl is going to go out with a 30 year old man? If they do, there is probably some other problem (like they are starved for affection). I remember here on slashdot a few years ago there was a story about a girl who got seduced by a predator, but her mother was encouraging it!
So yeah, there is a problem here, but making laws about myspace isn't going to help anything.
Qxe4
The original article does not mention anything about a USB drive for Superfetch that I remember.
Everyone sure that guy didnt just make that up.
I mean if the system lets you point Superfetch to any drive on the system and you happen to point it to a USB drive then fine, but does it have to be on the USB drive?
using a USB drive for that seems like a bad really bad idea agreed. But i havent read anything saying that but this guys article, and maybe he set his system up for that or something? but no body told him to or made him do this?
Curious.
It sure would be great if every time a company did something that most people, upon a little thought, would find really objectionable, it could be directly correlated with a huge decrease in sales (your basic old fashioned boycott). It would be great if people knew when they were clutching sand and understood that the harder you try to squeeze, the more you are going to lose.
But as much as I love your idea, it will not happen due to the Sheeple, who are either too clueless, too apathetic, or both, to make this workable. The backbone is becoming extinct and is being replaced by implicit trust, deference to authority, and pressure to conform.
Since we as a species fail to discourage these elements (and instead work very hard to prop them up, since they would not survive on their own) because the powerful find them desirable to inculcate in a population*, I do not see any easy way to reverse this either.
* If you're in charge, wouldn't you rather be in charge of a docile apathetic population as opposed to a more difficult to subjugate sort? If you quickly disagree and say you'd never want that, imagine for a moment that you love power (and are therefore not qualified to wield it, but then power and who has it was never a meritocracy). Does it make sense now? We keep focusing on this bad law and this rogue company and that legislator who doesn't get it, but all of these are merely opportunists and with such a narrow focus we are merely playing a whack-a-mole game. None of these would ever be possible without the masses being so willing to bend over and take it, and the blame lies with them and not with the inevitability that someone WILL take advantage of this.
It is a miracle that curiosity survives formal education. - Einstein
Not just bandwidth, but if you were the head admin of their network, how thrilled would you be that somebody hung a big sign on your campus saying "please attack us"?
Currently hooked on AMP
They probably won't. They'll just call you terrorists and prosecute you for what you've said. Even though you haven't done anything.
:-)
No - the best thing to do IMHO is to just say that you have found a problem with their product but that due to the litigious nature of the company(ies) you can not explain how the problem comes about nor will you provide any details because you have destroyed all evidence in accordance with the company's wishes that all problems remain just that - unresolved problems. Further, since you have found these problems and could verify that they existed if the company would allow you to do so; you must - in the future - deny any request from the company for information (since you had to destroy it and it is illegal to have such information in your possession) and - you must also, from that day forwards, recommend that this company's products be barred from consideration in future purchases for the university and/or any companies with which you are going to be working with until the problem has been fixed.
Remember - hit them in their pocketbook. If everyone gangs up against the company and refuses to buy their products and boycotts them, they will go out of business and you won't have to deal with them anymore - or - they will stop trying to enforce rules and regulations which are detrimental to the overall health of the (and their) economy.
The alternative is for the person to send the information out to every other university in the United States and all of them declare the same findings at the same time so there isn't just one person the company can sue. They would have to sue everyone which makes them a persona non grata in the academic world. The great thing about this idea is that it would definitely draw the attention of the press if such a thing occurred. Which, I believe, is not something any company wants to do. (Be on TV across the nation in a bad light.)
Just my $0.02 worth.
PS: Remember - they can't make you perjure yourself in court. So when they ask what you did you just say "I can not answer that under the rules and regulations of the 5th admendment." And if asked to explain you just look at the judge and say it is a catch-22 situation. You are damned if you answer and damned if you do not. Sort of like the Spanish Inquisition where they'd ask questions like "Did you enjoy consorting with the devil the last time you did it?" and then only allow you to answer yes or no. Either answer makes it look as if you enjoyed consorting with the devil at some point.
Someone put a black hole in my pocket and now I'm broke.
But even earlier in the article he blasts windows for supporting peripherals that do not yet exist. DirectX10 graphic cards and CableCard support both get dismissed because you can't buy them yet (just as you can't buy Vista). Once again, how can Microsoft possibly fix this; by not providing support for this hardware?
Finally, now that Microsoft can't win by adding software or hardware support, Microsoft can't win by adding features. The guy has dug deep to find a little-advertised networking feature that lets you use ipsec for internal communications. He declares this to be bad. He fails to tell you that you are neither required, nor coerced to use this feature. He fails to mention that you will probably not even know it exists unless A) you run a corporate network and B) you dig deep into the OS to find it. My mind is completely numb trying to comprehend how MS is screwing the customer here. Once again, should they have just left the option out?
This guy hasn't merely set the bar too high for Vista, he's replaced the bar with a sign that says, "still too low." This is only worth reading as a reminder that people who support the right thing are more than capable of doing it in the wrong way.
TW
And those are a few of the reasons Vista will suck.
Yes, but what happens when someone cracks the Windows box sitting next to IT. If you want to say your box is secure, you better not be adding the caveat "behind a firewall with the network cable unplugged".
You are in a maze of twisted little posts, all alike.
We have to keep in mind that internet access at at work is still a privilage and not a right. These folks may be at war, but they are still "at work", so the admin (DOD) can give and take away any kind of access they want. It has nothing to do with censorship of any kind. They are lucky to have internet access at all.