Thousands of SCADA Devices Discovered On the Open Internet

private network by Anonymous Coward · 2013-01-10 09:00 · Score: 1

sounds like some people need to get their own private networks setup with a touch of authentication...

Re:private network by bbelt16ag · 2013-01-10 09:43 · Score: 1

FIRE SALE!!!

--
NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER GIVE UP! "No limitations, no boundaries, there is no reason for them."
Re:private network by Anonymous Coward · 2013-01-11 05:25 · Score: 0

Perhaps the DHS could employ the Anonymous to make a contribution to the situation by pointing out all the unprotected crematoriums in the country, sending a message. When the energy executives have a couple of days delay in the funeral arrangements of their parents so ruining their Vegas trip, perhaps then they start to listen.

Security by stupidity? by gstoddart · 2013-01-10 09:00 · Score: 1

Wow, default passwords on things connected directly to the internet -- either the people installing these things are lazy, or the companies selling them are giving lousy security advise.

--
Lost at C:>. Found at C.

Re:Security by stupidity? by clm1970 · 2013-01-10 09:03 · Score: 5, Insightful

Part of the problem is the engineers designing them. They don't understand the sandbox they're playing in. It isn't in their culture and they don't know that they should secure them much less how to. I'm starting to see organizations hire product security engineers now to try and institute this stuff into the products but they seem way behind the curve IMHO.
Re:Security by stupidity? by Anonymous Coward · 2013-01-10 09:06 · Score: 2, Insightful

I was just talking to my boss about this subject today. The merging of mechanical and network engineering is still considered a "new" development, often times the engineers designing the system for a building doesn't fully understand the IT that it rides on. It's a problem, and it's being addressed, but as the submission states there's a huge lag time with huge companies, so it'll continue to be a problem for a while.
Re:Security by stupidity? by Synerg1y · 2013-01-10 09:08 · Score: 2

The thing with security is... outside of the curve, there's outside-the-box thinking, comprehension and competence that are involved. You're trying to outsmart potentional attackers, not follow a white paper that they have access to. "Behind the curve" is false because there is no curve, there's just secure and insecure practices. The exploit will either work, or it won't. This only applies at the application level btw.
Re:Security by stupidity? by khasim · 2013-01-10 09:12 · Score: 3, Interesting

There are a LOT of idiots out there who do installations.
At one place I worked, contractors went into a remote office to install a phone system and ended up wiring a Win2003 server directly to the Internet (and the internal network) so that they could log into it to make changes to the phone system.
Re:Security by stupidity? by webmistressrachel · 2013-01-10 09:13 · Score: 4, Interesting

Two factors have caused this - one, the assumption that those with the knowledge to cause havok have better things to do with their time, and two, the assumption by manufacturers that factory floor equipment will be physically seperated from the public (and by implication, the Internet).
All the changes that have resulted in this situation or probably very recent (10 years), and are in situations where legacy networks and equipment have been bolstered by or re-connected with new stuff by young IT-types, not engineers, who probably had no idea all the industrial stuff wasn't secured!

--
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
Re:Security by stupidity? by Anonymous Coward · 2013-01-10 09:17 · Score: 0

I've got a honeypot set up. It's been running for over a week now and only one user managed to "break" in and all he did was rm -rf /* and that was it.
Re:Security by stupidity? by cayenne8 · 2013-01-10 09:21 · Score: 3, Interesting

Regardless....
Can someone PLEASE post the links to all the red light cameras (down here they're also fucking speed cameras useful for nothing better than revenue generation which has essentially be admitted to by city)....
I'd love to be able to *ahem*....access those.
:)

--
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Re:Security by stupidity? by MarkGriz · 2013-01-10 09:35 · Score: 1

either the people installing these things are lazy, or the companies selling them are giving lousy security advise.
"It's not that I'm lazy.....It's that I just don't care"

--
Beauty is in the eye of the beerholder.
Re:Security by stupidity? by Anonymous Coward · 2013-01-10 09:40 · Score: 0

What, two factors? How many factors does it take to secure something then?!?
Re:Security by stupidity? by Billly+Gates · 2013-01-10 09:41 · Score: 2

One factor that caused it. Management!
They are now used to checking their nuclear powerplant controls from their iphones (ok maybe that example is exgerated to make a point ... I hope!) If you now make it secure they will throw a hissy fit if they can't get their reports.
They will call IT to put it back on the internet to fix it. Once the cat got out of the bag it is hopeless. ... 2 factors.
The sales team sold it and told their engineers to include it too so they can sell more units. This was the selling point to upgrade and the sales people at the various SCADA makers will THROW A RIOT if it is not included as MBAs will buy from someone else who will let them do this if they wont.

--
http://saveie6.com/
Re:Security by stupidity? by Technician · 2013-01-10 09:46 · Score: 1

Or are honey pots to look for threats.

--
The truth shall set you free!
Re:Security by stupidity? by icebike · 2013-01-10 09:48 · Score: 1

and two, the assumption by manufacturers that factory floor equipment will be physically seperated from the public (and by implication, the Internet).
You have to really wonder how it is that 1) we are running out of IPV4 addresses, and 2) all these factory floor and crematoriums manage to expose their SCADA devices to the internet with public IPs
How much penetration did these researchers have to engage in to get access to things behind routers? (I ask this because I refuse to believe there are that many companies wasting public IPs on process control computers who have not heard about firewalls and VPNs).
How clueless would the IT departments have to be to allow such to happen? In an age where every high school kid can set up a router with reasonable (out of the box) security it seems ridiculous to assume some one with credentials would over look this.)
Even if there is a windows machine sitting directly on the internet (horrors) you still have to get past that to the SCADA controller.
Do we really have enough IP addresses for every valve, motor, and crematorium to be directly connected to the net?

--
Sig Battery depleted. Reverting to safe mode.
Re:Security by stupidity? by NatasRevol · 2013-01-10 09:52 · Score: 1

7,200 of them?

--
There are two types of people in the world: Those who crave closure
Re:Security by stupidity? by postbigbang · 2013-01-10 09:55 · Score: 2

Consider the flipside, however. My servers get attacked all the time, with known default password attempts. Sometimes it comes thru ssh when they smell the honey.
Some of this is really suspect because they should have been cracked open like an egg by now. Yes, the number of IPv4 addresses are small, but SCADA sticks out like a sore finger (pun intended).
Clueless? I'm not so sure. Honeypots? Yeah, could be. By now, they should have 'outed' or shamed a handful of these guys so as to be examples for the rest, but no one's done that. Perhaps the Hickeyville Water Company would make a good posterboy for being stupid, and the others would fall in line. So something smells here.

--
---- Teach Peace. It's Cheaper Than War.
Re:Security by stupidity? by Anachragnome · 2013-01-10 09:59 · Score: 1

"I've got a honeypot set up"
So does Homeland Security...thousands of them.
Re:Security by stupidity? by war4peace · 2013-01-10 10:05 · Score: 4, Interesting

I saw a gas station and one of the pumps there was in "maintenance mode" or something. Anyway, it wasn't working and on a little LCD display on its body there was an IP address. It wasn't a private IP so I noted it down and when I got to work I tried accessing it through HTTP. Well, what do you think? A nice web-based username+password interface popped up.
Now I ain't a hacker and I really didn't try anything, but I'm sure a skilled security professional would have hacked right through that interface. It's really amazing how many poorly secured interesting devices are out there.

--
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
Re:Security by stupidity? by Flere+Imsaho · 2013-01-10 10:18 · Score: 2

It's also the idiots implementing these systems. One of our international offices moved sites over the Xmas break. The contractor installing the HVAC controller at the new site wants me to open up the firewall so any public IP can access the device on port 80. Apparently it's safe because "...it's running Linux".
*sigh*

--
It gripped her hand gently. 'Regret is for humans,' it said.
Re:Security by stupidity? by Anonymous Coward · 2013-01-10 11:00 · Score: 4, Interesting

Don't blame me, I'm just the guy that wrote the specification and the software.
- Management told me to remove security. Too much effort (what's a linter? Stop using it. Shorter passwords. Private network? Can't we just use a cable modem? "Fuzzing" ? Takes too long... turn it off)
- Management told me to remove encryption. Too hard to read and debug over-the-wire for the field tech, who might have to run a program and click a button to decode traffic. Or worse, move a jumper to "debug".
- Management had me source the cheapest possible components, and try to use software to recover from their faster and bizarre failures.
- Management had me install DHCP support into the SCADA devices, so it could be hooked onto the easiest possible network.
- Management had me unlock the cellular modem so it would connect to any tower.
- Management had me use public DNS in my SCADA system, because running our own would have cost an afternoon.
- Management had me write a 4 digit backdoor PIN into all hardware, that could not be turned off.
- Management had me specify, design, and write a remote firmware flash interface supporting and utilizing most of the above.
- Management had me write a remote reverse serial console proxy available by pointing your web browser at the right URL.
- Management had me use public rdate servers rather than pay for an accurate internal clock.
Look, I'm just a software engineer. I know a bit of hardware. I let people know when things are dangerous. I quote them times and estimates and costs.
I quote them expected failure rates.
They settle on the cheapest most disease-ridden stray cat they can find starving in a ditch and sell it as a liger. And your engineers somehow buy it.
Look, I may not know everything about securing them -- but most of these problems aren't caused by inept engineers, they're caused by management and sales cutting corners to buy their third porsche.
I'd *LOVE* to see a reverse bounty program. Sell the management induced bugs in your software to a company client for legal protection against lawsuit, and five years of contractual consulting rates to clean it up.
Re:Security by stupidity? by Anonymous Coward · 2013-01-10 11:58 · Score: 0

Here is a link of a Hak5 interview with viss. It starts at 8:40, using shodan searches, he finds quite a few vulnerable government owned systems such as red light cameras. It is worth a watch if you have time...the thing that raised my eyebrow is that the cameras he saw never stopped recording.
http://hak5.org/episodes/hak5-1211
Re:Security by stupidity? by blackest_k · 2013-01-10 12:01 · Score: 1

The Windows PC is the Scada controller I'm out of date so i could be wrong but most if not all Scada systems sit on top of windows and for a very very long time. Windows versions can be from 98 upwards.

--
Blarney Quality Restaurant, Plants
Re:Security by stupidity? by Anonymous Coward · 2013-01-10 12:54 · Score: 2, Interesting

Railroads commonly control switch points with DTMF tones over open radio channels.
This is widely known and a dreadful safety issue but no one talks about it.
Re:Security by stupidity? by some+old+guy · 2013-01-10 13:09 · Score: 5, Interesting

As a SCADA/Integration guy, I can say that most controls engineers cringe at the thought of their networks being open to the internet. It's usually managers and bean counters who demand real-time global data reporting who drive this lunacy. It's not as simple as it appears.

--
Scruting the inscrutable for over 50 years.
Re:Security by stupidity? by Anonymous Coward · 2013-01-10 16:01 · Score: 4, Informative

I worked as a Controls Engineer for 6 years designing, installing, and commissioning PLC / SCADA systems. The clients were anything from large steel mills, manufacturing plants, government, and even propulsion systems for naval vessels. My company was contracted to install these systems and sometimes train the customer's personnel to then handle problems or make additions to the control system if necessary.
The personnel were more often than not your normal plant electricians and if we were lucky an actual engineer, but usually not one with much IT ability. Today's controls systems almost always have a normal Ethernet network sometimes utilizing commercial OTS network switches. This is a big change from 10-15 years ago when the communication media was mostly proprietary for control networks.
When a problem arose I've seen these guys just unplug and plug in CAT5E Cale's wildly in the hopes of rectifying a problem that brought a process line or machine to a hault without much thought as to where the issue lies. Other times the plant manager will want to view the SCADA data from his office so he will instruct an employee to just bridge the control network to the business / office network.
It's really not the fault of the people designing the systems. In the end the company that owns it takes the blame. The vast majority of customers will not pay extra to have their employees trained on these systems and I've never seen one concerned with security. My company sent me to Certified Ethical Hacking training in order to try and make our systems more secure, but in the end the systems integrator's hands are tied.
Re:Security by stupidity? by Anonymous Coward · 2013-01-10 17:34 · Score: 0

I thought you were joking. Ten seconds with Google: http://www.arema.org/files/library/2010_Conference_Proceedings/Radio_Activated_Dual_Control_Switch_Systems_Application_in_Dark_Territory.pdf
Wow.
Re:Security by stupidity? by Cito · 2013-01-10 17:36 · Score: 0

on ham radio, we control our repeaters with plain dtmf tones.
for example to make a free phone call on the repeater's autopatch system here locally just key up on 146.820 (-.600 repeater shift of course) and press *7 unkey the controller will say "Autopatch activated" you will then hear dialtone, the controller is programmed to not allow long distance calls at least but you can make any phone call you wish. It's a little wonky as it's not full duplex, but works, I use it when calling home that I will be running late, and it's normally used for short less than 5 min calls by local club members. When call is done key up the radio and press # the call will terminate and the controller will respond "Call completed at xxx time"
most repeaters use default autopatch codes, you can read the default codes here: http://www.catauto.com/cat1000.html
I've tried default codes all across the state and it's hilarious finding free autopatches
Re:Security by stupidity? by Anonymous Coward · 2013-01-11 00:13 · Score: 0

1 factor caused it. From what I read your pal tomhudson/Barbara, not Barbie worked at SIEMENS. That explains the buffer overflows since he/she claimed to be a coder. Some coder. One that got caught using multiple accounts shown above here on slashdot and he/she was run out of here, for stalking and harassing others along with you using TOR onion routers to do the same alongside her shown in the link below. Go away troll. We're not interested in your horseshit and erroneous ''computer knowledge" as was shown here http://slashdot.org/comments.pl?sid=3360735&cid=42498031
Re:Security by stupidity? by webmistressrachel · 2013-01-11 01:44 · Score: 0

Now you're proving what you're all about stupid apk.
First you tried to prove me wrong about AdBlock - and you're still wrong, you're so stupid and old that you haven't even read and understood that AdBlock prevents the browser from even using the OS to lookup anytning!
Also, your condescending assumption that I know nothing. I'm so sick of it. Take a look at yourself, scumbag, you're the one doing all the cyberstalking here!
Oh, and I've been trying to hold off on this one because of the potential backlash - but out of the HOSTS troll with the lies and the bold who's been getting modded down? Now I haven't even HAD mod points since we started arguing again, and yet I'm still posting at +2 and being modded up to 5. Do enough people like you that you can do that? No. They're modding you down, which is making you angry. Fuck off. You're making my posts look untidy.

--
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
Re:Security by stupidity? by tzanger · 2013-01-11 02:03 · Score: 1

I've lived in the industrial controls world for quite a while before striking it out on my own... "real-time global data reporting" doesn't require a world-accessible control interface, or even an open internet connection. It's much simpler than you're making it out to be. Hell a basic VPN connection back to HQ that puts the remote sites on the corp LAN (where all the data aggregation can take place and be accessed for "dashboards" and whatnot) would be a major step up.
Re:Security by stupidity? by Anonymous Coward · 2013-01-11 02:22 · Score: 0

Some SCADA systems sit on Windows boxes, some only use Windows boxes as UIs with *NIX in the back, a lot are straight up *NIX systems (Solaris, AIX, Linux are the ones I work with).
Re:Security by stupidity? by Anonymous Coward · 2013-01-11 02:41 · Score: 0

This is too true. I work in the area of SCADA security for a SCADA provider and thus why I am posting anon. There is also the users and what they want individual developers feel their programs should have access to. You would shudder at the conversations I have some days with people, although if you work in the security area you might actually not. At least I know I will have a job as long as I want one. Even within my building I have a hard time pushing for better security tools and configurations as our MBA types don't want to spend the money on it, and they really don't like hearing that it is a shitty idea to have devices that are connected to both the public internet and the local SCADA system.
Re:Security by stupidity? by LeadSongDog · 2013-01-11 04:22 · Score: 1

Look, I'm just a software engineer.
Don't call yourself an engineer if you wont do your duty to the public.

--
Oh, I'm sorry sir, I thought you were referring to me, Mr. Wensleydale.
Re:Security by stupidity? by Anonymous Coward · 2013-01-11 05:02 · Score: 0

A browser can't do a thing minust the ip stack (tcpip.sys). Browsers makes requests that they must resolve an ip address first to get to a site. That happens at OS startup with tcpip.sys loading, which also loads hosts files for blocking what they contain if told to do so first, long before adblock even ever operates. This makes adblock redundant and it doesn't block all ads anymore either. I read what was posted and you did indeed make threats to bomb him by using TOR too. It is obvious you use that to do multiple accounts for trolling as your friend tomhudson/Barbara, not Barbie was doing, and in those posts others said you are he-she as well. Nobody believes you, troll. Brush up on how the ip stack works also.
Re:Security by stupidity? by Rogue974 · 2013-01-11 05:33 · Score: 1

I am a Controls Engineer and have worked at several companies and you are right on part of the problem.
There is more to it though. At many places, there is fighting between IT and Controls because IT thinks they know everything about how every computer should work and every network. They come in and try and make changes to fit their standards without realizing they just shut down production.
I have had some IT people that I fought with all the time, some who have ignored me and let me do my thing and a few who have listened and helped me secure my network better. This is the exception to the rule though and way to many IT people won't listen to the requirements the Controls people have so we end up fighting and trying to stay away when we could work together and build a separate secure controls network.
Attitudes are starting to change though and DHS and vendors are starting to educate Controls and IT both whenever they will listen so they can secure their networks. Current place I work, the CEO and IT Steering committee both saw the light and while we have done a good job securing our networks, they have agreed to allow us to build the security standards and protocols set out by DHS and vendors.
Vendors also have never built their equipment with security in mind and are starting to make some changes there, but they are not there yet.
Re:Security by stupidity? by Anonymous Coward · 2013-01-11 06:59 · Score: 0

Today's controls systems almost always have a normal Ethernet network sometimes utilizing commercial OTS network switches. This is a big change from 10-15 years ago when the communication media was mostly proprietary for control networks. ... When a problem arose I've seen these guys just unplug and plug in CAT5E Cable's wildly in the hopes of rectifying a problem that brought a process line or machine to a halt without much thought as to where the issue lies.
Maybe it would be a good idea for SCADA to use a slightly different Ethernet and/or IP. Not as a means of security through obscurity, but just a silly little thing that would make it harder for people to interconnect non-SCADA and SCADA lines. Obviously anybody could hack it, but people follow the path of least resistance. The people who could hack it most easily are the same people who should realize what a bad idea it is to do it. Drivers/stacks could be designed such that either every port on a computer worked in SCADA mode, or they all worked in normal mode.

Other times the plant manager will want to view the SCADA data from his office so he will instruct an employee to just bridge the control network to the business / office network.
Have a non-SCADA Ethernet port on your controller that literally doesn't have the receive lines connected. Blast out all the data you want via UDP, which is plenty reliable over a point-to-point connection.
Re:Security by stupidity? by Anonymous Coward · 2013-01-11 07:11 · Score: 1

How on earth can you be fighting with the IT people and the 'requirements' the control people have?
What 'requirement' for the network or security 'would not work' on the Control side?
Can you give me a specific?
Background
I work for a company with large, dangerous machines that are controlled by SCADA\PCL's. The process controls Windows PC's and various PLC's, sensors etc. and network (normal TCP/IP network and equipment) are under the full control of the Maintenance Supervisor (former electrician) and his electricians with the help of a support contract from the vendor. I don't touch this stuff and have no passwords, diagrams, etc. They keep it to themselves like it is the god damn ring of mordor.
None of these people are IT literate at all. Our guys can't figure out the caps lock key is the password problem let alone network security and the old crusty former sales person who is our main 'Vendor Support Contact' has ME fix his com port connection issues and tell him, after playing 'what is another word I can use for subnet' since he does not even know what that is, that his other issue is that he does not have his network connection setup for the process control network he is using. He is the supposed 'Expert' on this stuff. Even says so right on his business card: 'Automation, Controls, and Network Expert' Right there under his name.
Everything is on default passwords because it would be 'hard' for another person to fix things if we changed it.
The computers that control all of this are Windows XP, and we CAN"T upgrade to windows 7 because they have not yet written the software for windows 7. (Did I mention that the Vendor is the largest in the world in this market?)
We actually had a terminal that started doing E-stops (emergency shutdowns) of large moving equipment that easily could have harmed or even killed someone. It doing this was causing an actual loss of product hence money.
Did anyone in the department, or the Vendor know what was going on? Of course not.
When they still could not figure it out it upper management got impatient and said, 'lets ask IT to look at it'. The head guy on the process control side was actually pissed that I was helping, and begrudgingly rifled through a rats nest of papers to get me the password for the windows box that ran the PLC (how could they look into the problem without that anyway?).
Guess what? VIRUS.... Seriously, a virus, from a thumb drive they use to pull data from the machine. That the VENDOR uses to pull data. The Vendor had an old virus on his company issued shitty laptop. The vendor we spend hundreds of thousands a year for support.
The windows machine had auto-run turned on, no anti-virus, and the PLC was shit programmed to E-stop if it lost communications to the windows XP control computer. The Virus caused random blue screens and reboots, hence the stops.
They also wanted me to put the process control network ON THE INTERNET. Because the plant manager wanted to 'fix things from home'. The VENDOR wanted this and could not understand why it was a problem. Guess what blew up a couple of weeks later? STUXNET.
So they left me alone, only I find out later that the reason they left me alone was not because after forwarding STUXNET links and explaining it to them in a big meeting that they listened to me...
No, the vendors guy took a PC setup for the contractor use only with internet access and added another network card, plugged it into process control, and then routed through that to the internet.. Idiots. No anti virus, no updates past SP1, windows firewall turned off.. Ahhhhhh...
After all this I asked to have anti-virus installed on all the windows boxes on the process control side. The Vendor assured me that their HQ had approved a specific version of antivirus to work with our system and they would be happy to install it for us. It would only cost $10,000 to do it. I'd have to buy licenses myself of course.. So, after jumping through many hoops to get the right (2 versions old) version o

Red light cameras? by mspohr · 2013-01-10 09:03 · Score: 3, Funny

So... how do I find the red light cameras?
Sounds like this could be fun!

--
I don't read your sig. Why are you reading mine?

Re:Red light cameras? by Forty+Two+Tenfold · 2013-01-10 13:44 · Score: 1

Cam4? BTW Dude, what's with your sig!?

--
Upward mobility is a slippery slope - the higher you climb the more you show your ass.
Re:Red light cameras? by mspohr · 2013-01-11 05:53 · Score: 1

I found I was wasting a lot to time reading irrelevant sigs so I turned off sigs in my settings.
My sig attempts to encourage others to realize the waste of time in reading sigs.
However, if you like to read sigs, please continue to do so (and I hope you will enjoy mine).

--
I don't read your sig. Why are you reading mine?

Surprised at the number in use by Black+Jack+Hyde · 2013-01-10 09:08 · Score: 1

I thought Recount was a lot more popular than Scada.

Re:Surprised at the number in use by Anonymous Coward · 2013-01-11 04:06 · Score: 0

Coffee... Meet screen. Well played sir, well played indeed.

now i can mine my own diamonds and platinum by alen · 2013-01-10 09:09 · Score: 1

just in time for my 10th anniversary

So I can log into the live crematorium feed... by BMOC · 2013-01-10 09:14 · Score: 1

...and modify the setpoint temperature on Grandma's final journey?

--
I swear they give me mod points to shut me up.

Re:So I can log into the live crematorium feed... by Anonymous Coward · 2013-01-10 09:22 · Score: 0

...and modify the setpoint temperature on Grandma's final journey?
its probably running linux too

Not a surprise. by Anonymous Coward · 2013-01-10 09:23 · Score: 5, Informative

I have worked for a large world wide organisation where SCADA and similar on-line systems are very prominent. After raising concerns and asking ports to be locked down or default passords to be changed, there was a lot of departmental fighting over who's responsibility and usually after the battle royal of e-mails everyone would forget until the issue was brought up again.

Too much of a not broke don't fix attitude in smaller companies and bureaucracy in larger companies over responsibility.

Re:Not a surprise. by bbelt16ag · 2013-01-10 09:54 · Score: 1

well, they are just going to get their asses handed to them when their customers are with out services or/and are in danger because of it. We'll see who is to blame once the smoke clears..

--
NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER GIVE UP! "No limitations, no boundaries, there is no reason for them."
Re:Not a surprise. by Anonymous Coward · 2013-01-10 10:49 · Score: 1

Bah Humbug. I also worked at a place like that; on the engineering side though, not the IT side: It's often the case (in my experience) that the SCADA systems are coded in such-and-such a manner as to expect so-and-so ports to be open.
IT comes down and tells people 'oh no you have to lock all these systems down; kill all ports except HTTP and SSH' or some such.
But, you know.. We're actually using these ports. We can't just 'turn them off' as if this was some kind of Ruby-On-Rails website that for some reason was also running as an open relay MTA..
So the conflict ends up being about time constraints and billable hours; who is going to pay for the hundreds of engineering man-hours to rewrite software to make it work via web-services over SSH instead of port 12345 running Bubba's binary bit-bashing protocol? IT? And what about the opportunity cost of not being able to use those engineering budget dollars on developing new products?
Re:Not a surprise. by Anonymous Coward · 2013-01-10 21:44 · Score: 1

You mention SSH. SSH does have this thing called port forwarding, you can tunnel traffic through an SSH connection. More flexible are Virtual Private Networks. You can also limit access to known IP addreesses. There is no reason AT ALL why these ports should be accessible over the internet for everyone. If the SCADA system itself doesn't provide adequate security put it behind a device that does. You can still use these ports, but not everyone can. It doesn't have to be on or off, it can be on for who's authorized and off for others.
Re:Not a surprise. by Jean+Taureau · 2013-01-11 08:20 · Score: 1

well, they are just going to get their asses handed to them when their customers are with out services or/and are in danger because of it. We'll see who is to blame once the smoke clears..
Probably not. Obviously it's the (cr/h)acker that's to blame. Never mind that _they_ left the front door open.

Give them a kick up the ass by viperidaenz · 2013-01-10 09:27 · Score: 5, Interesting

Pay a couple more people to go through the list regularly and poke around, turn things on and off. Make it hotter on cold days and colder on hot days. Take pictures of cars running green lights, shut down all but one elevator, etc...

Just being mindful not to hurt anyone.

It'll soon be cheaper to fix the problem than to waste resources cleaning up the mess.

Re:Give them a kick up the ass by tool462 · 2013-01-10 09:37 · Score: 2, Funny

I'd just set the furnace at the crematorium from "Original Recipe" to "Extra Crispy".
Re:Give them a kick up the ass by Billly+Gates · 2013-01-10 09:42 · Score: 1

Nope they will just fire the IT guy for not securing. No change there as management feels other cost center IT guys can do it just fine and their reports are more important.

--
http://saveie6.com/
Re:Give them a kick up the ass by Anonymous Coward · 2013-01-10 10:22 · Score: 0

The next thing you know, corporate culture!
"In this facility, on the 3rd of March every year, when the sun crosses that pole over there, you dial this knob down by 3.5 clicks. You got that rookie?"
"but, er, why?"
"Just do it! stop talking and keep listening, we have a huge list to go through."

No worries guys. by Beardo+the+Bearded · 2013-01-10 09:51 · Score: 4, Funny

Hey guys, no worries, I went in and changed the passwords.

USA USA USA

--

---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.

Re:No worries guys. by Anonymous Coward · 2013-01-11 07:01 · Score: 0

USA USA USA
I've got that exact same password on my luggage!

It's been this way a LOOONNNGG time... by Anonymous Coward · 2013-01-10 09:56 · Score: 0

I remember reading that this was the real cause of the northeast blackout of 2003. Well this combined with MS Blaster. Apparently MS Blaster was causing the SCADA systems controlling power distribution between plants to frequently reboot, until enough of them were simultaneously down for the whole system to fail.

How about eavesdropping by Anonymous Coward · 2013-01-10 10:10 · Score: 0

by telephone companies? They don't even need a warrant....

Was I the only one? by Vitriol+Angst · 2013-01-10 10:42 · Score: 3, Funny

When I read; large mining trucks I immediately thought how awesome it would be for geeks to take them over via SCADA devices.

Wow, the large dirt hill fights you could have. The swimming pools of snobby rich people, mysteriously filled in. Monster truck rallies interrupted by attacks of 7 story Mega Monster Trucks. The sheer coolness of surrounding WalMarts with huge walls of landfill waste.

"I'm down here at city hall, and it's absolute mayhem. A large truck, bigger than the building in front of me, is now rolling over all the toll booths, after dumping a huge pile of what must be a mouton of coal on the doorstep of Matty Moroun's estate."

--
>>"ad space available -- low rates!!!"

Re:Was I the only one? by aphelion_rock · 2013-01-10 17:03 · Score: 1

GTA only live!
Re:Was I the only one? by Bob+the+Super+Hamste · 2013-01-11 03:09 · Score: 1

Those giant mining trucks aren't 7 stories tall only 3 to 4 story range, the shovels they use are probably in the 7 story range. Personally I would love to see a rampaging bucket wheel excavator but those things are really damn slow. The 400 ton (363 metric tons) trucks can really get up and haul ass as they can top out at about 45 mph and have a G.V.W. of 1,375,000 lbs (623,700 kg). As my oldest son (4 years old) put it the first time he was up at Mine View in the Sky "They have a big dump truck and a little dump truck." With big and little being relative terms and meaning the big one was a 240 ton truck and the little one only being a 100 ton truck

--
Time to offend someone

Post The List by Anonymous Coward · 2013-01-10 10:46 · Score: 0

Post the list.
Hilarity ensues.
Stuff gets fixed.
Profit.

Life as usual.

Still shocked although should be expected. by dogsbreath · 2013-01-10 10:59 · Score: 3, Insightful

I was just talking to my boss about this subject today. The merging of mechanical and network engineering is still considered a "new" development, often times the engineers designing the system for a building doesn't fully understand the IT that it rides on. It's a problem, and it's being addressed, but as the submission states there's a huge lag time with huge companies, so it'll continue to be a problem for a while.

Very insightful but the problem is worse than just the merging of mech/network engineering within a single company. There is a sea of dysfunction washing over the different companies, systems, processes, players and roles. There is a big mess to clean up and although it galls me to say so, I think some sort of legislation may be required both in terms of setting standards and of assigning accountability for poor systems. I won't hold my breath waiting for help on this side.

Some stuff I know to be true:

- CEOs & CFOs are motivated by share price and stock performance issues; they consider IT infrastructure to be an expense item to be minimized. Security devices are cheap but no in house expertise is fostered, and external advice may be poor or ignored if it leads to inconvenient costs. Truck drivers and drag-line operators are valued positions at a mining company because what they do generates income and income to cost is readily calculated; network designers and IT security admins are just an expense item to be minimized. They generate no obvious positive monetary benefit. More trucks/draglines/drivers/operaters = more income and more profit. More IT people = less profit.

- Equipment vendors may be experts at their specific technology but the control programs are not part of their core knowledge. An example I have seen: although the vendor uses some robust logic controllers in the system, they all tie back to a custom control layer built originally by a summer co-op student for a lab demo. The control program does have login security but has never been through any sort of security audit. All system functionality funnels through this layer. It does have a beautiful presentation layer built by a contract software house. BTW, although the login has some protection, by default there is a network API that is always wide open and can not be shut off or everything crashes. No one knows why. If Production Company A buys production equipment from Vendor Company B, the security vulnerabilities are provided at no extra charge. None of the security issues are documented by B (they largely don't know they exist) and B has no good advice to offer on security issues in any case. The sales droids typically say security is not an issue and their track record speaks for itself. No serious events must mean the product is great.

- Even if production security is seen to be an area of need, corp culture and politics keep anything meaningful from happening. The IT expertise that a company does have is usually focused on internal desktop and financial/HR security issues. They know nothing of the SCADA world which marries physical devices to the abstract world of networks and computing. Worse, the IT division (complete with VP or EVP) views any use of computers and networks outside of the corporate LAN to be a threat to the corporate well being. The IT division sees the production network as a threat to the corporate LAN (usually the threat is worse in the other direction!) so production must run outside the corporate firewalls. This is ok, but IT management actively undermines development of a production side IT division as that is a threat to the corp. power structure. Production networks are built and run by engineers who are smart and have a side interest in computing but whose areas of expertise are power control or chemical production or mechanical systems.

- There is no widely accepted set of standards for production network design and deployment. Production network implementers invent the wheel again and a

My God by countach · 2013-01-10 11:12 · Score: 0

Imagine the body count when Al-Qaeda hack into these crematoriums. It will make 9/11 look like a small incident.

So where was NERC? by kilodelta · 2013-01-10 12:12 · Score: 1

I mean - NERC is supposed to cover most all of that. It proves utilities all over the U.S. ignored NERC standards.

I found an L55 on the internet once by karlandtanya · 2013-01-10 12:13 · Score: 4, Interesting

From the program in it, I guess it was a demo, not running anything.

I found it completely by accident by searching for the part number of one of the modules that happened to be in the chassis with the controller and the ethernet bridge. The ethernet bridge has its own web page which automatically displays the contents of the chassis, with links to the modules.

I added a controller-scoped tag to it called "ICanSeeYouFromTheInternet", and a tag description of "Please put your ENBT on a private network"
A couple days later it was gone.

--
"Reality is that which, when you stop believing in it, doesn't go away." - Philip K. Dick

SCADA DooDah by rueger · 2013-01-10 12:30 · Score: 4, Informative

For those not overly up to date on their acronyms: "SCADA (supervisory control and data acquisition) is a type of industrial control system (ICS). Industrial control systems are computer controlled systems that monitor and control industrial processes that exist in the physical world. SCADA systems historically distinguish themselves from other ICS systems by being large scale processes that can include multiple sites, and large distances." http://en.wikipedia.org/wiki/SCADA

--
Three Squirrels

Blame me by AB3A · 2013-01-10 15:35 · Score: 4, Informative

My name is Jake Brodsky. I worked with Bob Radvanovsky and others to create this experiment.

The formal announcement of this project is here.

--
Nearly fifty percent of all graduates come from the bottom half of the class!

Re:Blame me by Anonymous Coward · 2013-01-13 19:48 · Score: 0

You're sooo slashdotted...

It's the manufacturers, engineers, and installers by Anonymous Coward · 2013-01-10 16:06 · Score: 2, Insightful

There are controls systems and controls software with passwords hard coded and some that are even burned into ROM - not EEPROM. The problem is that manufacturers have to be able to provide tech support and sometimes that tech support is to non-tech people. The prevailing attitude when I worked in the field was " who would be interested in the system anyway?" Security based on apathy I guess...
IT people used to avoid the SCADA equipment because they needed to understand how their security settings might affect interaction between SCADA's and controllers and they were intimidated - a mistake could cause a product spill or worse.
So, IT was tentative about maintaining SCADA's, engineers were apathetic and couldn't accept that a hacker might be interested in a computer system, and manufacturers wanted to be sure that service could be provided over the phone or net to any idiot no matter their training level.

Is it any wonder that we have numerous SCADA systems running with minimal if any security?

Who in their right mind? by dgharmon · 2013-01-10 18:16 · Score: 1

"an initial list of 500,000 devices to 7,200, many of which contain online login interfaces with little more than a default password standing between an attacker and potential havoc"

Just who in their right mind, in this day-and-age connects SCADA devices directly to the Internet using the default password.

--
AccountKiller

Outside of the curve .. by dgharmon · 2013-01-10 18:27 · Score: 1

"The thing with security is... outside of the curve, there's outside-the-box thinking"

In the interests of economy, instead of leased lines, they decided to use Microsoft Windows over the Internet, taking no steps to protect the system from hacking ...

--
AccountKiller

Re:Outside of the curve .. by davester666 · 2013-01-10 19:38 · Score: 1

Ah, you're familiar with our line of deluxe ATM's.

--
Sleep your way to a whiter smile...date a dentist!

it's safe because it's running Linux? by dgharmon · 2013-01-10 18:43 · Score: 1

"Apparently it's safe because "...it's running Linux"

As compared to Microsoft Windows ...

--
AccountKiller

Re: it's safe because it's running Linux? by wibblewibble · 2013-01-11 21:17 · Score: 1

As compared to using HTTPS, not HTTP on port 80

just shut it all down by Anonymous Coward · 2013-01-11 00:24 · Score: 0

DHS could just go in there and shut the place down. That might get the message across. And for the record, what I meant was physically go to the site's management with a court order and shut them down, not hack in and turn off equipment without knowing the consequences. It could all be reversed in a couple of hours, once the managers and admins get on the same page and lock it all down.

Following orders by ThatsNotPudding · 2013-01-11 00:39 · Score: 2

I would blame the engineers less than the vapid, bonus-seeking salesmen telling them to make access as stupid and easy as possible to allow mid-level managers to check in on things without having to get off their asses or sometimes even off the golf course. As usual, most of the blame can be laid at the foot of that three letter monument to sloth and incompetence: MBA.

Re:Following orders by Anonymous Coward · 2013-01-11 02:55 · Score: 0

Heh... It's not so much the MBAs that's the problem- it's that you've got people that can't handle finding their *ss with both hands, a road map, and a locator beacon, being taught that they can manage anything with nothing more than the MBA education they got. Worse, you've got people where their problem is obvious (and still can't find their *ss) and they're teaching the other fools that they can manage things without honestly knowing a damned thing about what they're managing.
With the grounding in the space you're managing, and with the understanding that not all MBA taught subjects are worth bothering with (For example, while Six Sigma's a good methodology for improving quality in some cases, it's not a magic bullet and it can, even if it's used right, blind you to other problems within your company. Six Sigma's about trying to produce repeatable results- but if you're producing failures or the market took a turn and what was a success is now a failure, you're not going to see the problem if you're relying on Six Sigma, Kaizen, etc. Just look at the company that brought Six Sigma to the limelight- Motorola's now fragmented into a bunch of itty-bitty pieces of it's former self and is viewed as the joke of the entire mobile industry... Six Sigma blinded them to the reality that they had problems, amongst other things.) then it's actually a bit of a useful thing.
It's that it's easy to "educate" vapid middle-level managers and above into thinking they're accomplishing something that you should talk to there- it's the symptom, not the monument you're honestly talking to there. And they're easily swayed by a slick talking NPD/BPD salesman that's just shy of a con-artist if not one.

Ah so the DHS is passing out... by 3seas · 2013-01-11 01:45 · Score: 1

... internet condoms?

Re:Ah so the DHS is passing out... by Bob+the+Super+Hamste · 2013-01-11 03:11 · Score: 1

Sounds like an action they would take.

--
Time to offend someone

Re:Time to show you're a liar webmistressrachel by webmistressrachel · 2013-01-11 05:07 · Score: 0

Where's the developers of Firefox to correct you when you need them? I don't care about tcpip.sys and all that, and neither does AdBlock - which uses it's own list during page parsing, yes, just after the 1st DNS for the page and then before parts (ie ads and plugins) are loaded (and do their own DNS). Before!!!

Also, other people have told you before that your silly methods poll local webservers. i.e. 10-30 seconds for each element in your HOSTs file rubbish.

Give it up, apk, you're old hat. And black hat at that, with all your screaming abuse.

--
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen

Re:webmistressrachel = technically stupid by webmistressrachel · 2013-01-11 05:36 · Score: 1

I never bombed anyone like this, stalking them across slashdot and claiming crazy things about their gender.

Also, you're still talking bullshit because this isn't about whether HOSTS or tcpip loads on boot, it's about whether AdBlock uses it at all (which it doesn't) and the requests to local webservers caused by HOSTS! Shut up and go away you smelly trollbag! lol I love seeing you angry.

--
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen

Re:Answer a question then... apk by webmistressrachel · 2013-01-11 05:40 · Score: 0

Number one, never actually trolled you via TOR, just threatened to, because you were being an abusive scumbag.

Number two, it matters not one iota that tcpip and HOSTS load before Firefox, and AdBlock - it matters that AdBlock does not use HOSTS to process it's blocking and is therefore before it in the execution cycle that matters here! In fact, it makes HOSTS completely redundant, as many others have tried to tell you. In the meantime, I earn Karma because I am calm, correct, and not an abusive old scumbag bitter that SCADA and Win 3.1 are going the way of the dinosaur!!!

--
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen

Answer the simple question put to you here by Anonymous Coward · 2013-01-11 05:44 · Score: 0

http://slashdot.org/comments.pl?sid=3373637&cid=42559267 local webservers aren't what I query going to slashdot stupid. My browser needs to resolve slashdot.org to get here in the first place. What blocks ads before that happens? Hosts do at OS loadup. They are at the finish line already before adblock or the browser begins to work for blocking. Adblock doesn't even block all ads anymore either.

Re:Answer the simple question put to you here by webmistressrachel · 2013-01-11 05:48 · Score: 1

I just told you how it works, I have explained in more detail elsewhere. Since you are such a sleuth and so clever, I'm surprised you still don't get this.
Go "sleuth" and find out why. Slashdot will do just fine without you while you figure it out. And stop being so damn abusive.

--
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen

Re:Answer a question then... apk by webmistressrachel · 2013-01-11 05:54 · Score: 0

Yawn, he can't even pretend to be a third party properly ;-)

--
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen

Re:Answer the question troll by webmistressrachel · 2013-01-11 05:59 · Score: 1

Who's posting anonymously? Who's stalking me? Replying to every post? Via AC?

Who's posting facts with her username, answered the question loads of times

Page Parser ---> AdBlock --> | Block

Page Parser ---> TCP / IP --> HOSTS --> Local Webserver Timeout.

So AdBlock first, in terms of EXECUTION, in the USER SPACE, of the BROWSER ITSELF. Shut up, you look so stupid!!!

--
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen

Re:Answer a question then... apk by webmistressrachel · 2013-01-11 06:07 · Score: 0

I have done. Quit stressing, it makes you look old and bitter. I'm sorry that you can't face how wrong you are, both about HOSTS and the way you're treating people, but it's not really my problem. All you're doing at the moment is adding to my Karma...

--
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen

Re:Answer the question troll by webmistressrachel · 2013-01-11 06:09 · Score: 1

You're logic is completely flawed.

Yes, HOSTS et al. loads on startup, but isn't used by AdBlock which appears before the TCPIP stack (so is never used unless we already know a URL is ok anyway)..

If we use your method we get timeout, tcpip overhead, etc., so actually takes longer!

And stop being abusive. I am convinced that you've fixated on me in some way, it's not good for you at all.

--
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen

Re:Answer a question then... apk by webmistressrachel · 2013-01-11 06:16 · Score: 0

Lalalalaaa... +1 Karma, gosh this articles' a mess; I really shouldn't bite the troll so much!

--
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen

Re:Who's the troll? by webmistressrachel · 2013-01-11 06:42 · Score: 1

Yum, another tasty load of delicious copy-pasta!

Carry on...

--
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen

Re:Who's the troll? by Anonymous Coward · 2013-01-12 00:24 · Score: 0

Another load of his you had to swallow's more like it http://slashdot.org/comments.pl?sid=3373637&cid=42559977 since you run away from the questions there like a scared rabbitt. At least you like the taste, lol!

Who's the troll here scumbag? by Anonymous Coward · 2013-01-12 15:19 · Score: 0

You ADMIT to trolling (stalking & harassing), ME, for years now:

"I'm known for teasing apk" - by webmistressrachel (903577) on Tuesday January 01, @12:00AM (#42438977) Journal

FROM -> http://slashdot.org/comments.pl?sid=3350243&cid=42438977

---

BUT, also via ac trolling/stalking/harassing posts, via nefarious means (proxying onion routers):

"Screw you, apk, and the horse you rode in on. If I ever see you post here again, I'll bomb you as AC from Tor, meaning I'll NEVER run out of posts because I can change endpoint..." - by webmistressrachel (903577) on Sunday July 03 2011, @02:03PM (#36647614)

FROM -> http://slashdot.org/comments.pl?sid=2292298&cid=36647614

---

You did this, to yourself... shitbag!

---

"Lalalalaaa... +1 Karma, gosh this articles' a mess; I really shouldn't bite the troll so much!" - by webmistressrachel (903577) on Friday January 11, @01:16PM (#42559911)

What's that about being a TROLL, shitbag? LOL... unbelievable!

See my subject-line above, & "Eat Your Words", shitbag... lol!

QUESTION: How do your words taste, now that you MUST 'eat them' flavored with "the bitter taste of SELF-DEFEAT" & spiced with your FOOT IN YOUR TROLLING MOUTH?

APK

P.S.=> Answer my questions here too, quit AVOIDING THEM, troll -> http://slashdot.org/comments.pl?sid=3373637&cid=42559977 I love it, since PAYBACK IS A BITCH for years of you stalking/harassing/trolling me, & all the downmods in the world can't hide it now (I won't ALLOW that shitbag)... lol, especially since you screwed THAT up "royally" too, Queen Victoria!

... apk

"Run, Forrest - RUN!" Disprove these points... apk by Anonymous Coward · 2013-01-12 15:30 · Score: 0

A.) Adblock doesn't block all ads by default -> http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option

B.) Browsers are a client program. According to Microsoft's documentation the 1st thing client programs, like webbrowsers, query is the hosts file -> http://support.microsoft.com/kb/172218

(You know this because you royally messed up on that saying DNS servers are queried before hosts files dolt -> http://slashdot.org/comments.pl?sid=3351357&cid=42472651 which IS WRONG on your end, bigtime... )

C.) This ALL makes adblock redundant, as well as useless per the 1st thing I said above since it doesn't block all ads, perhaps above ALL else!

D.) Hosts do a LOT MORE for users than adblock can as well. To wit:

---

1.) Blocking rogue DNS servers malware makers use

2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

8.) AdBlock can't protect you vs. TRACKERS (hosts can)

9.) AdBlock can't protect you vs. DOWNED or "DNS-poisoned" redirected DNS servers (hosts can by hardcodes)

10.) Hosts are EASIER to manage, they're just a text file (adblock means you had BEST know your javascript, perl, & python (iirc as to what languages are used to make it from source)).

& more...

---

* Plus, by default, as I said to you before?

ADBLOCK DOESN'T BLOCK ALL ADS ANYMORE, & addons SLOW DOWN WEBBROWSERS - stack up a few in FireFox, see what happens... it slows down!

---

E.) Hosts are at the "finish line" 1st (for blocking) before the browser even starts since they're loaded at OS startup by tcpip.sys in kernelmode (which is a hell of a lot faster than usermode programs like webbrowsers, which SLOWDOWN even MORE, when you put addons into them, ala Firefox having that known issue)

AND?

Hosts files can speedup browser via hardcoded favorites (faster than calling out to a remote DNS server by far) - adblock can't do that...

F.) Hosts are multiplatform and universal on any browser (or any client) - adblock, isn't.

---

* Care to debate ANY of that moron?

ANSWER EACH POINT 1 by 1 - go for it!

YES... I am going to watch you SQUIRM for trolling me for YEARS here -> http://slashdot.org/comments.pl?sid=3373637&cid=42570685

---

ANSWER THESE QUESTIONS ALSO:

QUESTION #1: Can your browser get to slashdot without the IP stack, i.e. -> Can it or adblock resolve the address without the IP stack? Answer that.

QUESTION #2: What is queried 1st for both blocking AND hostname resolution to IP address?? Answer that

QUESTION #3: Are hosts in KERNEL MODE (ring 0/rpl 0), fastest mode of operation there is, since they are an integrated part of the IP stack??? Answer that too.

QUESTION #4: What ring of privelege do browsers and adblock, layered in over them slowing them down even more, a KNOWN fact, operate in???? Answer that also!

APK

P.S.=> You already screwed up royally, as shown above, on DNS' order in the resolution of ip address from host-domain cycle - might as well make it a bit more, right?

... apk

"Run, Forrest - RUN!" Disprove these points by Anonymous Coward · 2013-01-12 15:35 · Score: 0

A.) Adblock doesn't block all ads by default -> http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option

B.) Browsers are a client program. According to Microsoft's documentation the 1st thing client programs, like webbrowsers, query is the hosts file -> http://support.microsoft.com/kb/172218

(You know this because you royally messed up on that saying DNS servers are queried before hosts files dolt -> http://slashdot.org/comments.pl?sid=3351357&cid=42472651 which IS WRONG on your end, bigtime... )

C.) This ALL makes adblock redundant, as well as useless per the 1st thing I said above since it doesn't block all ads, perhaps above ALL else!

D.) Hosts do a LOT MORE for users than adblock can as well. To wit:

---

1.) Blocking rogue DNS servers malware makers use

2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

8.) AdBlock can't protect you vs. TRACKERS (hosts can)

9.) AdBlock can't protect you vs. DOWNED or "DNS-poisoned" redirected DNS servers (hosts can by hardcodes)

10.) Hosts are EASIER to manage, they're just a text file (adblock means you had BEST know your javascript, perl, & python (iirc as to what languages are used to make it from source)).

& more...

---

* Plus, by default, as I said to you before?

ADBLOCK DOESN'T BLOCK ALL ADS ANYMORE, & addons SLOW DOWN WEBBROWSERS - stack up a few in FireFox, see what happens... it slows down!

---

E.) Hosts are at the "finish line" 1st (for blocking) before the browser even starts since they're loaded at OS startup by tcpip.sys in kernelmode (which is a hell of a lot faster than usermode programs like webbrowsers, which SLOWDOWN even MORE, when you put addons into them, ala Firefox having that known issue)

AND?

Hosts files can speedup browser via hardcoded favorites (faster than calling out to a remote DNS server by far) - adblock can't do that...

F.) Hosts are multiplatform and universal on any browser (or any client) - adblock, isn't.

---

* Care to debate ANY of that moron?

ANSWER EACH POINT 1 by 1 - go for it!

YES... I am going to watch you SQUIRM for trolling me for YEARS here -> http://slashdot.org/comments.pl?sid=3373637&cid=42570685

---

ANSWER THESE QUESTIONS ALSO:

QUESTION #1: Can your browser get to slashdot without the IP stack, i.e. -> Can it or adblock resolve the address without the IP stack? Answer that.

QUESTION #2: What is queried 1st for both blocking AND hostname resolution to IP address?? Answer that

QUESTION #3: Are hosts in KERNEL MODE (ring 0/rpl 0), fastest mode of operation there is, since they are an integrated part of the IP stack??? Answer that too.

QUESTION #4: What ring of privelege do browsers and adblock, layered in over them slowing them down even more, a KNOWN fact, operate in???? Answer that also!

APK

P.S.=> You already screwed up royally, as shown above, on DNS' order in the resolution of ip address from host-domain cycle - might as well make it a bit more, right?

... apk

"Run, Forrest - RUN!" Disprove these points by Anonymous Coward · 2013-01-12 15:36 · Score: 0

A.) Adblock doesn't block all ads by default -> http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option

B.) Browsers are a client program. According to Microsoft's documentation the 1st thing client programs, like webbrowsers, query is the hosts file -> http://support.microsoft.com/kb/172218

(You know this because you royally messed up on that saying DNS servers are queried before hosts files dolt -> http://slashdot.org/comments.pl?sid=3351357&cid=42472651 which IS WRONG on your end, bigtime... )

C.) This ALL makes adblock redundant, as well as useless per the 1st thing I said above since it doesn't block all ads, perhaps above ALL else!

D.) Hosts do a LOT MORE for users than adblock can as well. To wit:

---

1.) Blocking rogue DNS servers malware makers use

2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

8.) AdBlock can't protect you vs. TRACKERS (hosts can)

9.) AdBlock can't protect you vs. DOWNED or "DNS-poisoned" redirected DNS servers (hosts can by hardcodes)

10.) Hosts are EASIER to manage, they're just a text file (adblock means you had BEST know your javascript, perl, & python (iirc as to what languages are used to make it from source)).

& more...

---

* Plus, by default, as I said to you before?

ADBLOCK DOESN'T BLOCK ALL ADS ANYMORE, & addons SLOW DOWN WEBBROWSERS - stack up a few in FireFox, see what happens... it slows down!

---

E.) Hosts are at the "finish line" 1st (for blocking) before the browser even starts since they're loaded at OS startup by tcpip.sys in kernelmode (which is a hell of a lot faster than usermode programs like webbrowsers, which SLOWDOWN even MORE, when you put addons into them, ala Firefox having that known issue)

AND?

Hosts files can speedup browser via hardcoded favorites (faster than calling out to a remote DNS server by far) - adblock can't do that...

F.) Hosts are multiplatform and universal on any browser (or any client) - adblock, isn't.

---

* Care to debate ANY of that moron?

ANSWER EACH POINT 1 by 1 - go for it!

YES... I am going to watch you SQUIRM for trolling me for YEARS here -> http://slashdot.org/comments.pl?sid=3373637&cid=42570685

---

ANSWER THESE QUESTIONS ALSO:

QUESTION #1: Can your browser get to slashdot without the IP stack, i.e. -> Can it or adblock resolve the address without the IP stack? Answer that.

QUESTION #2: What is queried 1st for both blocking AND hostname resolution to IP address?? Answer that

QUESTION #3: Are hosts in KERNEL MODE (ring 0/rpl 0), fastest mode of operation there is, since they are an integrated part of the IP stack??? Answer that too.

QUESTION #4: What ring of privelege do browsers and adblock, layered in over them slowing them down even more, a KNOWN fact, operate in???? Answer that also!

APK

P.S.=> You already screwed up royally, as shown above, on DNS' order in the resolution of ip address from host-domain cycle - might as well make it a bit more, right?

... apk

"Run, Forrest - RUN!" Disprove these points by Anonymous Coward · 2013-01-12 15:38 · Score: 0

A.) Adblock doesn't block all ads by default -> http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option

B.) Browsers are a client program. According to Microsoft's documentation the 1st thing client programs, like webbrowsers, query is the hosts file -> http://support.microsoft.com/kb/172218

(You know this because you royally messed up on that saying DNS servers are queried before hosts files dolt -> http://slashdot.org/comments.pl?sid=3351357&cid=42472651 which IS WRONG on your end, bigtime... )

C.) This ALL makes adblock redundant, as well as useless per the 1st thing I said above since it doesn't block all ads, perhaps above ALL else!

D.) Hosts do a LOT MORE for users than adblock can as well. To wit:

---

1.) Blocking rogue DNS servers malware makers use

2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

8.) AdBlock can't protect you vs. TRACKERS (hosts can)

9.) AdBlock can't protect you vs. DOWNED or "DNS-poisoned" redirected DNS servers (hosts can by hardcodes)

10.) Hosts are EASIER to manage, they're just a text file (adblock means you had BEST know your javascript, perl, & python (iirc as to what languages are used to make it from source)).

& more...

---

* Plus, by default, as I said to you before?

ADBLOCK DOESN'T BLOCK ALL ADS ANYMORE, & addons SLOW DOWN WEBBROWSERS - stack up a few in FireFox, see what happens... it slows down!

---

E.) Hosts are at the "finish line" 1st (for blocking) before the browser even starts since they're loaded at OS startup by tcpip.sys in kernelmode (which is a hell of a lot faster than usermode programs like webbrowsers, which SLOWDOWN even MORE, when you put addons into them, ala Firefox having that known issue)

AND?

Hosts files can speedup browser via hardcoded favorites (faster than calling out to a remote DNS server by far) - adblock can't do that...

F.) Hosts are multiplatform and universal on any browser (or any client) - adblock, isn't.

---

* Care to debate ANY of that moron?

ANSWER EACH POINT 1 by 1 - go for it!

YES... I am going to watch you SQUIRM for trolling me for YEARS here -> http://slashdot.org/comments.pl?sid=3373637&cid=42570685

---

ANSWER THESE QUESTIONS ALSO:

QUESTION #1: Can your browser get to slashdot without the IP stack, i.e. -> Can it or adblock resolve the address without the IP stack? Answer that.

QUESTION #2: What is queried 1st for both blocking AND hostname resolution to IP address?? Answer that

QUESTION #3: Are hosts in KERNEL MODE (ring 0/rpl 0), fastest mode of operation there is, since they are an integrated part of the IP stack??? Answer that too.

QUESTION #4: What ring of privelege do browsers and adblock, layered in over them slowing them down even more, a KNOWN fact, operate in???? Answer that also!

APK

P.S.=> You already screwed up royally, as shown above, on DNS' order in the resolution of ip address from host-domain cycle - might as well make it a bit more, right?

... apk

"Run, Forrest - RUN!" Disprove these points by Anonymous Coward · 2013-01-12 15:40 · Score: 0

A.) Adblock doesn't block all ads by default -> http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option

B.) Browsers are a client program. According to Microsoft's documentation the 1st thing client programs, like webbrowsers, query is the hosts file -> http://support.microsoft.com/kb/172218

(You know this because you royally messed up on that saying DNS servers are queried before hosts files dolt -> http://slashdot.org/comments.pl?sid=3351357&cid=42472651 which IS WRONG on your end, bigtime... )

C.) This ALL makes adblock redundant, as well as useless per the 1st thing I said above since it doesn't block all ads, perhaps above ALL else!

D.) Hosts do a LOT MORE for users than adblock can as well. To wit:

---

1.) Blocking rogue DNS servers malware makers use

2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

8.) AdBlock can't protect you vs. TRACKERS (hosts can)

9.) AdBlock can't protect you vs. DOWNED or "DNS-poisoned" redirected DNS servers (hosts can by hardcodes)

10.) Hosts are EASIER to manage, they're just a text file (adblock means you had BEST know your javascript, perl, & python (iirc as to what languages are used to make it from source)).

& more...

---

* Plus, by default, as I said to you before?

ADBLOCK DOESN'T BLOCK ALL ADS ANYMORE, & addons SLOW DOWN WEBBROWSERS - stack up a few in FireFox, see what happens... it slows down!

---

E.) Hosts are at the "finish line" 1st (for blocking) before the browser even starts since they're loaded at OS startup by tcpip.sys in kernelmode (which is a hell of a lot faster than usermode programs like webbrowsers, which SLOWDOWN even MORE, when you put addons into them, ala Firefox having that known issue)

AND?

Hosts files can speedup browser via hardcoded favorites (faster than calling out to a remote DNS server by far) - adblock can't do that...

F.) Hosts are multiplatform and universal on any browser (or any client) - adblock, isn't.

---

* Care to debate ANY of that moron?

ANSWER EACH POINT 1 by 1 - go for it!

YES... I am going to watch you SQUIRM for trolling me for YEARS here -> http://slashdot.org/comments.pl?sid=3373637&cid=42570685

---

ANSWER THESE QUESTIONS ALSO:

QUESTION #1: Can your browser get to slashdot without the IP stack, i.e. -> Can it or adblock resolve the address without the IP stack? Answer that.

QUESTION #2: What is queried 1st for both blocking AND hostname resolution to IP address?? Answer that

QUESTION #3: Are hosts in KERNEL MODE (ring 0/rpl 0), fastest mode of operation there is, since they are an integrated part of the IP stack??? Answer that too.

QUESTION #4: What ring of privelege do browsers and adblock, layered in over them slowing them down even more, a KNOWN fact, operate in???? Answer that also!

APK

P.S.=> You already screwed up royally, as shown above, on DNS' order in the resolution of ip address from host-domain cycle - might as well make it a bit more, right?

... apk

"Run, Forrest - RUN!" Disprove these points by Anonymous Coward · 2013-01-12 15:42 · Score: 0

A.) Adblock doesn't block all ads by default -> http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option

B.) Browsers are a client program. According to Microsoft's documentation the 1st thing client programs, like webbrowsers, query is the hosts file -> http://support.microsoft.com/kb/172218

(You know this because you royally messed up on that saying DNS servers are queried before hosts files dolt -> http://slashdot.org/comments.pl?sid=3351357&cid=42472651 which IS WRONG on your end, bigtime... )

C.) This ALL makes adblock redundant, as well as useless per the 1st thing I said above since it doesn't block all ads, perhaps above ALL else!

D.) Hosts do a LOT MORE for users than adblock can as well. To wit:

---

1.) Blocking rogue DNS servers malware makers use

2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

8.) AdBlock can't protect you vs. TRACKERS (hosts can)

9.) AdBlock can't protect you vs. DOWNED or "DNS-poisoned" redirected DNS servers (hosts can by hardcodes)

10.) Hosts are EASIER to manage, they're just a text file (adblock means you had BEST know your javascript, perl, & python (iirc as to what languages are used to make it from source)).

& more...

---

* Plus, by default, as I said to you before?

ADBLOCK DOESN'T BLOCK ALL ADS ANYMORE, & addons SLOW DOWN WEBBROWSERS - stack up a few in FireFox, see what happens... it slows down!

---

E.) Hosts are at the "finish line" 1st (for blocking) before the browser even starts since they're loaded at OS startup by tcpip.sys in kernelmode (which is a hell of a lot faster than usermode programs like webbrowsers, which SLOWDOWN even MORE, when you put addons into them, ala Firefox having that known issue)

AND?

Hosts files can speedup browser via hardcoded favorites (faster than calling out to a remote DNS server by far) - adblock can't do that...

F.) Hosts are multiplatform and universal on any browser (or any client) - adblock, isn't.

---

* Care to debate ANY of that moron?

ANSWER EACH POINT 1 by 1 - go for it!

YES... I am going to watch you SQUIRM for trolling me for YEARS here -> http://slashdot.org/comments.pl?sid=3373637&cid=42570685

---

ANSWER THESE QUESTIONS ALSO:

QUESTION #1: Can your browser get to slashdot without the IP stack, i.e. -> Can it or adblock resolve the address without the IP stack? Answer that.

QUESTION #2: What is queried 1st for both blocking AND hostname resolution to IP address?? Answer that

QUESTION #3: Are hosts in KERNEL MODE (ring 0/rpl 0), fastest mode of operation there is, since they are an integrated part of the IP stack??? Answer that too.

QUESTION #4: What ring of privelege do browsers and adblock, layered in over them slowing them down even more, a KNOWN fact, operate in???? Answer that also!

APK

P.S.=> You already screwed up royally, as shown above, on DNS' order in the resolution of ip address from host-domain cycle - might as well make it a bit more, right?

... apk

"Run, Forrest - RUN!" Disprove these points by Anonymous Coward · 2013-01-12 15:43 · Score: 0

A.) Adblock doesn't block all ads by default -> http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option

B.) Browsers are a client program. According to Microsoft's documentation the 1st thing client programs, like webbrowsers, query is the hosts file -> http://support.microsoft.com/kb/172218

(You know this because you royally messed up on that saying DNS servers are queried before hosts files dolt -> http://slashdot.org/comments.pl?sid=3351357&cid=42472651 which IS WRONG on your end, bigtime... )

C.) This ALL makes adblock redundant, as well as useless per the 1st thing I said above since it doesn't block all ads, perhaps above ALL else!

D.) Hosts do a LOT MORE for users than adblock can as well. To wit:

---

1.) Blocking rogue DNS servers malware makers use

2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

8.) AdBlock can't protect you vs. TRACKERS (hosts can)

9.) AdBlock can't protect you vs. DOWNED or "DNS-poisoned" redirected DNS servers (hosts can by hardcodes)

10.) Hosts are EASIER to manage, they're just a text file (adblock means you had BEST know your javascript, perl, & python (iirc as to what languages are used to make it from source)).

& more...

---

* Plus, by default, as I said to you before?

ADBLOCK DOESN'T BLOCK ALL ADS ANYMORE, & addons SLOW DOWN WEBBROWSERS - stack up a few in FireFox, see what happens... it slows down!

---

E.) Hosts are at the "finish line" 1st (for blocking) before the browser even starts since they're loaded at OS startup by tcpip.sys in kernelmode (which is a hell of a lot faster than usermode programs like webbrowsers, which SLOWDOWN even MORE, when you put addons into them, ala Firefox having that known issue)

AND?

Hosts files can speedup browser via hardcoded favorites (faster than calling out to a remote DNS server by far) - adblock can't do that...

F.) Hosts are multiplatform and universal on any browser (or any client) - adblock, isn't.

---

* Care to debate ANY of that moron?

ANSWER EACH POINT 1 by 1 - go for it!

YES... I am going to watch you SQUIRM for trolling me for YEARS here -> http://slashdot.org/comments.pl?sid=3373637&cid=42570685

---

ANSWER THESE QUESTIONS ALSO:

QUESTION #1: Can your browser get to slashdot without the IP stack, i.e. -> Can it or adblock resolve the address without the IP stack? Answer that.

QUESTION #2: What is queried 1st for both blocking AND hostname resolution to IP address?? Answer that

QUESTION #3: Are hosts in KERNEL MODE (ring 0/rpl 0), fastest mode of operation there is, since they are an integrated part of the IP stack??? Answer that too.

QUESTION #4: What ring of privelege do browsers and adblock, layered in over them slowing them down even more, a KNOWN fact, operate in???? Answer that also!

APK

P.S.=> You already screwed up royally, as shown above, on DNS' order in the resolution of ip address from host-domain cycle - might as well make it a bit more, right?

... apk

"Run, Forrest - RUN!" Disprove these points by Anonymous Coward · 2013-01-12 15:45 · Score: 0

A.) Adblock doesn't block all ads by default -> http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option

B.) Browsers are a client program. According to Microsoft's documentation the 1st thing client programs, like webbrowsers, query is the hosts file -> http://support.microsoft.com/kb/172218

(You know this because you royally messed up on that saying DNS servers are queried before hosts files dolt -> http://slashdot.org/comments.pl?sid=3351357&cid=42472651 which IS WRONG on your end, bigtime... )

C.) This ALL makes adblock redundant, as well as useless per the 1st thing I said above since it doesn't block all ads, perhaps above ALL else!

D.) Hosts do a LOT MORE for users than adblock can as well. To wit:

---

1.) Blocking rogue DNS servers malware makers use

2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

8.) AdBlock can't protect you vs. TRACKERS (hosts can)

9.) AdBlock can't protect you vs. DOWNED or "DNS-poisoned" redirected DNS servers (hosts can by hardcodes)

10.) Hosts are EASIER to manage, they're just a text file (adblock means you had BEST know your javascript, perl, & python (iirc as to what languages are used to make it from source)).

& more...

---

* Plus, by default, as I said to you before?

ADBLOCK DOESN'T BLOCK ALL ADS ANYMORE, & addons SLOW DOWN WEBBROWSERS - stack up a few in FireFox, see what happens... it slows down!

---

E.) Hosts are at the "finish line" 1st (for blocking) before the browser even starts since they're loaded at OS startup by tcpip.sys in kernelmode (which is a hell of a lot faster than usermode programs like webbrowsers, which SLOWDOWN even MORE, when you put addons into them, ala Firefox having that known issue)

AND?

Hosts files can speedup browser via hardcoded favorites (faster than calling out to a remote DNS server by far) - adblock can't do that...

F.) Hosts are multiplatform and universal on any browser (or any client) - adblock, isn't.

---

* Care to debate ANY of that moron?

ANSWER EACH POINT 1 by 1 - go for it!

YES... I am going to watch you SQUIRM for trolling me for YEARS here -> http://slashdot.org/comments.pl?sid=3373637&cid=42570685

---

ANSWER THESE QUESTIONS ALSO:

QUESTION #1: Can your browser get to slashdot without the IP stack, i.e. -> Can it or adblock resolve the address without the IP stack? Answer that.

QUESTION #2: What is queried 1st for both blocking AND hostname resolution to IP address?? Answer that

QUESTION #3: Are hosts in KERNEL MODE (ring 0/rpl 0), fastest mode of operation there is, since they are an integrated part of the IP stack??? Answer that too.

QUESTION #4: What ring of privelege do browsers and adblock, layered in over them slowing them down even more, a KNOWN fact, operate in???? Answer that also!

APK

P.S.=> You already screwed up royally, as shown above, on DNS' order in the resolution of ip address from host-domain cycle - might as well make it a bit more, right?

... apk

"Run, Forrest - RUN!" Disprove these points by Anonymous Coward · 2013-01-12 15:48 · Score: 0

A.) Adblock doesn't block all ads by default -> http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option

B.) Browsers are a client program. According to Microsoft's documentation the 1st thing client programs, like webbrowsers, query is the hosts file -> http://support.microsoft.com/kb/172218

(You know this because you royally messed up on that saying DNS servers are queried before hosts files dolt -> http://slashdot.org/comments.pl?sid=3351357&cid=42472651 which IS WRONG on your end, bigtime... )

C.) This ALL makes adblock redundant, as well as useless per the 1st thing I said above since it doesn't block all ads, perhaps above ALL else!

D.) Hosts do a LOT MORE for users than adblock can as well. To wit:

---

1.) Blocking rogue DNS servers malware makers use

2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

8.) AdBlock can't protect you vs. TRACKERS (hosts can)

9.) AdBlock can't protect you vs. DOWNED or "DNS-poisoned" redirected DNS servers (hosts can by hardcodes)

10.) Hosts are EASIER to manage, they're just a text file (adblock means you had BEST know your javascript, perl, & python (iirc as to what languages are used to make it from source)).

& more...

---

* Plus, by default, as I said to you before?

ADBLOCK DOESN'T BLOCK ALL ADS ANYMORE, & addons SLOW DOWN WEBBROWSERS - stack up a few in FireFox, see what happens... it slows down!

---

E.) Hosts are at the "finish line" 1st (for blocking) before the browser even starts since they're loaded at OS startup by tcpip.sys in kernelmode (which is a hell of a lot faster than usermode programs like webbrowsers, which SLOWDOWN even MORE, when you put addons into them, ala Firefox having that known issue)

AND?

Hosts files can speedup browser via hardcoded favorites (faster than calling out to a remote DNS server by far) - adblock can't do that...

F.) Hosts are multiplatform and universal on any browser (or any client) - adblock, isn't.

---

* Care to debate ANY of that moron?

ANSWER EACH POINT 1 by 1 - go for it!

YES... I am going to watch you SQUIRM for trolling me for YEARS here -> http://slashdot.org/comments.pl?sid=3373637&cid=42570685

---

ANSWER THESE QUESTIONS ALSO:

QUESTION #1: Can your browser get to slashdot without the IP stack, i.e. -> Can it or adblock resolve the address without the IP stack? Answer that.

QUESTION #2: What is queried 1st for both blocking AND hostname resolution to IP address?? Answer that

QUESTION #3: Are hosts in KERNEL MODE (ring 0/rpl 0), fastest mode of operation there is, since they are an integrated part of the IP stack??? Answer that too.

QUESTION #4: What ring of privelege do browsers and adblock, layered in over them slowing them down even more, a KNOWN fact, operate in???? Answer that also!

APK

P.S.=> You already screwed up royally, as shown above, on DNS' order in the resolution of ip address from host-domain cycle - might as well make it a bit more, right?

... apk

"Run, Forrest - RUN!" Disprove these points by Anonymous Coward · 2013-01-12 15:49 · Score: 0

A.) Adblock doesn't block all ads by default -> http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option

B.) Browsers are a client program. According to Microsoft's documentation the 1st thing client programs, like webbrowsers, query is the hosts file -> http://support.microsoft.com/kb/172218

(You know this because you royally messed up on that saying DNS servers are queried before hosts files dolt -> http://slashdot.org/comments.pl?sid=3351357&cid=42472651 which IS WRONG on your end, bigtime... )

C.) This ALL makes adblock redundant, as well as useless per the 1st thing I said above since it doesn't block all ads, perhaps above ALL else!

D.) Hosts do a LOT MORE for users than adblock can as well. To wit:

---

1.) Blocking rogue DNS servers malware makers use

2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

8.) AdBlock can't protect you vs. TRACKERS (hosts can)

9.) AdBlock can't protect you vs. DOWNED or "DNS-poisoned" redirected DNS servers (hosts can by hardcodes)

10.) Hosts are EASIER to manage, they're just a text file (adblock means you had BEST know your javascript, perl, & python (iirc as to what languages are used to make it from source)).

& more...

---

* Plus, by default, as I said to you before?

ADBLOCK DOESN'T BLOCK ALL ADS ANYMORE, & addons SLOW DOWN WEBBROWSERS - stack up a few in FireFox, see what happens... it slows down!

---

E.) Hosts are at the "finish line" 1st (for blocking) before the browser even starts since they're loaded at OS startup by tcpip.sys in kernelmode (which is a hell of a lot faster than usermode programs like webbrowsers, which SLOWDOWN even MORE, when you put addons into them, ala Firefox having that known issue)

AND?

Hosts files can speedup browser via hardcoded favorites (faster than calling out to a remote DNS server by far) - adblock can't do that...

F.) Hosts are multiplatform and universal on any browser (or any client) - adblock, isn't.

---

* Care to debate ANY of that moron?

ANSWER EACH POINT 1 by 1 - go for it!

YES... I am going to watch you SQUIRM for trolling me for YEARS here -> http://slashdot.org/comments.pl?sid=3373637&cid=42570685

---

ANSWER THESE QUESTIONS ALSO:

QUESTION #1: Can your browser get to slashdot without the IP stack, i.e. -> Can it or adblock resolve the address without the IP stack? Answer that.

QUESTION #2: What is queried 1st for both blocking AND hostname resolution to IP address?? Answer that

QUESTION #3: Are hosts in KERNEL MODE (ring 0/rpl 0), fastest mode of operation there is, since they are an integrated part of the IP stack??? Answer that too.

QUESTION #4: What ring of privelege do browsers and adblock, layered in over them slowing them down even more, a KNOWN fact, operate in???? Answer that also!

APK

P.S.=> You already screwed up royally, as shown above, on DNS' order in the resolution of ip address from host-domain cycle - might as well make it a bit more, right?

... apk

"Run, Forrest - RUN!" Disprove these points by Anonymous Coward · 2013-01-12 15:52 · Score: 0

A.) Adblock doesn't block all ads by default -> http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option

B.) Browsers are a client program. According to Microsoft's documentation the 1st thing client programs, like webbrowsers, query is the hosts file -> http://support.microsoft.com/kb/172218

(You know this because you royally messed up on that saying DNS servers are queried before hosts files dolt -> http://slashdot.org/comments.pl?sid=3351357&cid=42472651 which IS WRONG on your end, bigtime... )

C.) This ALL makes adblock redundant, as well as useless per the 1st thing I said above since it doesn't block all ads, perhaps above ALL else!

D.) Hosts do a LOT MORE for users than adblock can as well. To wit:

---

1.) Blocking rogue DNS servers malware makers use

2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

8.) AdBlock can't protect you vs. TRACKERS (hosts can)

9.) AdBlock can't protect you vs. DOWNED or "DNS-poisoned" redirected DNS servers (hosts can by hardcodes)

10.) Hosts are EASIER to manage, they're just a text file (adblock means you had BEST know your javascript, perl, & python (iirc as to what languages are used to make it from source)).

& more...

---

* Plus, by default, as I said to you before?

ADBLOCK DOESN'T BLOCK ALL ADS ANYMORE, & addons SLOW DOWN WEBBROWSERS - stack up a few in FireFox, see what happens... it slows down!

---

E.) Hosts are at the "finish line" 1st (for blocking) before the browser even starts since they're loaded at OS startup by tcpip.sys in kernelmode (which is a hell of a lot faster than usermode programs like webbrowsers, which SLOWDOWN even MORE, when you put addons into them, ala Firefox having that known issue)

AND?

Hosts files can speedup browser via hardcoded favorites (faster than calling out to a remote DNS server by far) - adblock can't do that...

F.) Hosts are multiplatform and universal on any browser (or any client) - adblock, isn't.

---

* Care to debate ANY of that moron?

ANSWER EACH POINT 1 by 1 - go for it!

YES... I am going to watch you SQUIRM for trolling me for YEARS here -> http://slashdot.org/comments.pl?sid=3373637&cid=42570685

---

ANSWER THESE QUESTIONS ALSO:

QUESTION #1: Can your browser get to slashdot without the IP stack, i.e. -> Can it or adblock resolve the address without the IP stack? Answer that.

QUESTION #2: What is queried 1st for both blocking AND hostname resolution to IP address?? Answer that

QUESTION #3: Are hosts in KERNEL MODE (ring 0/rpl 0), fastest mode of operation there is, since they are an integrated part of the IP stack??? Answer that too.

QUESTION #4: What ring of privelege do browsers and adblock, layered in over them slowing them down even more, a KNOWN fact, operate in???? Answer that also!

APK

P.S.=> You already screwed up royally, as shown above, on DNS' order in the resolution of ip address from host-domain cycle - might as well make it a bit more, right?

... apkb

"Run, Forrest - RUN!" Disprove these points by Anonymous Coward · 2013-01-12 15:53 · Score: 0

A.) Adblock doesn't block all ads by default -> http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option

B.) Browsers are a client program. According to Microsoft's documentation the 1st thing client programs, like webbrowsers, query is the hosts file -> http://support.microsoft.com/kb/172218

(You know this because you royally messed up on that saying DNS servers are queried before hosts files dolt -> http://slashdot.org/comments.pl?sid=3351357&cid=42472651 which IS WRONG on your end, bigtime... )

C.) This ALL makes adblock redundant, as well as useless per the 1st thing I said above since it doesn't block all ads, perhaps above ALL else!

D.) Hosts do a LOT MORE for users than adblock can as well. To wit:

---

1.) Blocking rogue DNS servers malware makers use

2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

8.) AdBlock can't protect you vs. TRACKERS (hosts can)

9.) AdBlock can't protect you vs. DOWNED or "DNS-poisoned" redirected DNS servers (hosts can by hardcodes)

10.) Hosts are EASIER to manage, they're just a text file (adblock means you had BEST know your javascript, perl, & python (iirc as to what languages are used to make it from source)).

& more...

---

* Plus, by default, as I said to you before?

ADBLOCK DOESN'T BLOCK ALL ADS ANYMORE, & addons SLOW DOWN WEBBROWSERS - stack up a few in FireFox, see what happens... it slows down!

---

E.) Hosts are at the "finish line" 1st (for blocking) before the browser even starts since they're loaded at OS startup by tcpip.sys in kernelmode (which is a hell of a lot faster than usermode programs like webbrowsers, which SLOWDOWN even MORE, when you put addons into them, ala Firefox having that known issue)

AND?

Hosts files can speedup browser via hardcoded favorites (faster than calling out to a remote DNS server by far) - adblock can't do that...

F.) Hosts are multiplatform and universal on any browser (or any client) - adblock, isn't.

---

* Care to debate ANY of that moron?

ANSWER EACH POINT 1 by 1 - go for it!

YES... I am going to watch you SQUIRM for trolling me for YEARS here -> http://slashdot.org/comments.pl?sid=3373637&cid=42570685

---

ANSWER THESE QUESTIONS ALSO:

QUESTION #1: Can your browser get to slashdot without the IP stack, i.e. -> Can it or adblock resolve the address without the IP stack? Answer that.

QUESTION #2: What is queried 1st for both blocking AND hostname resolution to IP address?? Answer that

QUESTION #3: Are hosts in KERNEL MODE (ring 0/rpl 0), fastest mode of operation there is, since they are an integrated part of the IP stack??? Answer that too.

QUESTION #4: What ring of privelege do browsers and adblock, layered in over them slowing them down even more, a KNOWN fact, operate in???? Answer that also!

APK

P.S.=> You already screwed up royally, as shown above, on DNS' order in the resolution of ip address from host-domain cycle - might as well make it a bit more, right?

... apk

Slashdot Mirror

Thousands of SCADA Devices Discovered On the Open Internet

141 comments