If you go to microsoft.com you will not see anything about CodeRed. however a quick search will find you this which is that patch.
One nice thing about the worm is that it is only active in memory, meaning that if you reboot your machine it will die.
The unfortunate part is that I don't see it helping much. I think the problem is that thousands of neglated NT/2K boxes with net connections, collecting dust, and getting eaten by worms. Soon this will be called the infected net, the part of the internet that has withered into sludge and pounds away at the rest of the net.
After a while the media will infect the people, soon follows the lawmakers. once that happens the goverment will madate that computers on the public net must be licenced, and maintained regularly. if you computer is infected by a worm, virus, trojan etc.. you will be issued a fine. the internet will be taxed to support the "federal internet saftey commision". a group of FCC regects that constantly moniter and scan you box to make sure you up to code.
thank you. like he said, people attack windows because windows is always the same, they all have the same setup (more or less), they all run the EXACT same programs, i.e. it's much easyer to get your buffer overflow to work with winnt/iis then it is with linux/apache because the binary or IIS and NT are going to be the same.
in linux and apache the kernal and apache executables are configured differently before they are compiled, so it's much more diffecult to have a overflow work against all instances.. of course for a standard distro like redhat and apache binary rpms this isn't true.
Windows is also more common, so your expliot will be more used.
Windows is also owned my Microsoft, a "evil" company, all the better to attack then.
So how is this different than any distributed processing network? The problem with disturbed processing is that it's only good for tasks that:
A. large/complicated enough to constitute such a network: nuclear simulation, weather prediction, chess, encryption. Most of which have no little to no interest to the common user.
B. Can be distributed, Seti and encryption work because a central server can farm out sections of work to different clients. For most tasks this is not practical, especially real time problems.
C. Doesn't need a big pipe. for example a rendering farm, or maybe mp3 compression would be nice, unfortunately the data is to large to make it worth while.
BearShare is also a add whore, it defaults to installing some addware apps, and when you deselect them is says "are you sure? this is how we make money you selfesh fuck!", i think the text might be a little different.
Create a internet worm that uses your idle clock cycles to find the number, and sends it back to me once it's found it. I would use anonymous Usenet for communication: requesting jobs, posting jobs and (hopefully) posting the current solution.
The reason for not making a large (voluntary) distributed project is because you'll probably have to split the money with the lucky dope that found the number, this way you get to keep the money.
The company I work for (a biotech) makes machines which are being used to research chemical warfare defense and detection.
The detection has to do with running assays on the air for certain properties, considering that our product uses micro-beads to analyze the results, I don't really understand out that would work; fill the air with micro-beads and reagents?
The defense is an idea where the army could deploy trucks with out device attached, the idea is that we can quickly test men for signs of some airborne decease's, anthrax for example.
Actaully as some people on this thread have posted, he was selling his eBook software at Defcon, so yes he was "trafficing" his "device" (damm, that almost sounds perverted).
No doubt, perhapes if you read the 2nd parahraph of the artical you would have read:
In a filing with the Federal Communications Commission, the company laid out the steps it has taken to reach this goal. The company has selected a standard, developed new customer software and created systems that enable different services to talk to one another.
If the DMCA had been in existence in the l970s, the reporters and their employees could have been arrested under the exact same charges as Sklyarov -- stealing copyrighted material.
no, he was arrested for trafficing a "copyright circumvention device" or as adobe puts it "digital lockpick".
I was actually injoying your artical until that comment.
complete DragonBall (emulation except for UART Serial), booting OS1 and OS2 ROMs, and using maximum amount of memory. In the future, people can expect serial port emulation, IR emulation, application loading, booting OS3 and OS4 ROMs, color support, EZ and VZ support
What does this mean for hooking up devices like a GPS or Omnisky modem? It seems to me that a big reason people choose palm is because of a outstanding third party support.
I know from personal experience that emulation's are not a replacement for the real thing. I've booted up windows in linux, linux in windows, Workbench (amiga) in windows, palm and CE under the PC, and I have never found a long time use for them. I say this because I'm sure someone will post that this is a sign of Microsoft taking over palms share of the market, maybe; but I think palm will lose it's market due to aging technology and bad business.
Hell, i wouldn't even call it a virus. more like a worm. I don't belive it uses VBA or VBScript, from what i can tell it's just an executable.
the interesting text from the ZDnet artical:
it will append the file name with either.exe,.bat,.tif.,.com, or.link. If it uses.link or.bat, the virus will essentially "neuter" itself, Trilling says, ceasing to operate.
.exe,.bat,.tif etc.. can all be executables, but in difference contexts. if you rename a.bat to.exe it won't run, so for this to work it would need to change the structure of the file each time; this would make it a polymorphic worm.
I would also like to note that the exact same type of worm could work on any operating system, the only reason it targets windows is because of the large user base of people who don't know better.
btw, i got this one in my yahoo account. it was marked at "bulk/junk" mail my yahoo's filters, and yahoo's virus scanner flagged it.
i read the fucking "manuals" what ever the fuck manuals are; search for google and you'll find lots of little write ups, some FAQ's some half baked guides, no "manual".
if redhat linux, or any linux for that matter is a product i would like them so state clealy on what the deal is with three competing firewalls shipping with their product.
personally i've been running 2.4 for a few months now without any crashs. however (coming from freebsd) i really dislike the ipfw/ipchains/iptables crap. i would just like to be presented with one that is the standard.
Good question. Number one reason is that he's well known. It sounds impressive to say that the renowned hacker Kevin Mitnick could not crack your box, and says it's safe. Another is that he is a smart creative guy, I believe that breaking into a box is more about creativity then technical knowledge.
I met kevin in LA about a year ago, at the time he was very bitter about the whole ordeal, it's true, he can't use a computer. however he has his hands in anything with a IC that isn't a "computer". his car (a toyota mr2) is filled with gizmos, id like to tell you what but i'm not a ham radio buff, all i can say is lots of stuff with knobes and flashy lights.
Once he found out i worked at microsoft he started asking me all kinds of questions: what kind of security do that have?, how often do they change passwords, whats NT like? (seriously)
he's never heard of slashdot, he's never used NT, so yes, he is WAY out of the loop. however he is making a decent penny whoring his celibraty, he does talk at conferences, he does consult on security, this is actually how he makes his money.
the browser gets it's first implementation developed on NeXT (of all things)
Mark Anderson helps make the first Mosaic at NCSA (I believe he was an intern)
NCSA Mosaic gets some attention, so Mark A. gets the bright idea to start a new company, mainly by grabbing all the good people from NCSA (much how Unisys did with MIT AI lab when RMS worked there, which also started GNU)
Around v2 of "Netscape" Microsoft realizes they are WAY BEHIND in the future of software. So they bought/licenced Spyglass mosaic browser, re-packaged it as IE 1, and 2.
MS around v3 of Netscape MS has ditched the old source and was working on a new code base for IE3, which is was pretty decent.
Netscape 4 and IE 4 came around the same time, but you know what? IE4 is a total re-write of IE3, and the beginning of what was also IE4. They got about half way done with IE4 then decided they really needed to change stuff around, so in the middle of development they re-started it and made the IE4 that shipped!
Netscape roles over and dies (for various reasons, mainly for never scraping there code, and having a crappy product I imagine).
So no, IE is not a hack off older stuff, the idea of a graphical www is ripped from NCSA Mosaic (which really was pretty obvious development from previous work).
I don't think machines will be making any moral or ethical decisions any time soon. I think you tryed to say that between the lines, but didn't out right say it.
Money managment, paperwork, etc.. there things are half done by machines, this will simply continue. However a real (and unpredictable) breakthrough would be a machine that makes any kind of moral decision.
A new ruggedised RISCOS computer, the Solo is intended for use within Third-world countries where its ultra-low-power design enables it to be used indefinitely away from sources of mains electricity.
We would need state of the art high tech computers so they can work in low tech third world countrys.
Slashdot Mirror
If you go to microsoft.com you will not see anything about CodeRed. however a quick search will find you this which is that patch.
One nice thing about the worm is that it is only active in memory, meaning that if you reboot your machine it will die.
The unfortunate part is that I don't see it helping much. I think the problem is that thousands of neglated NT/2K boxes with net connections, collecting dust, and getting eaten by worms. Soon this will be called the infected net, the part of the internet that has withered into sludge and pounds away at the rest of the net.
After a while the media will infect the people, soon follows the lawmakers. once that happens the goverment will madate that computers on the public net must be licenced, and maintained regularly. if you computer is infected by a worm, virus, trojan etc.. you will be issued a fine. the internet will be taxed to support the "federal internet saftey commision". a group of FCC regects that constantly moniter and scan you box to make sure you up to code.
-Jon
thank you. like he said, people attack windows because windows is always the same, they all have the same setup (more or less), they all run the EXACT same programs, i.e. it's much easyer to get your buffer overflow to work with winnt/iis then it is with linux/apache because the binary or IIS and NT are going to be the same.
in linux and apache the kernal and apache executables are configured differently before they are compiled, so it's much more diffecult to have a overflow work against all instances.. of course for a standard distro like redhat and apache binary rpms this isn't true.
Windows is also more common, so your expliot will be more used.
Windows is also owned my Microsoft, a "evil" company, all the better to attack then.
-Jon
So how is this different than any distributed processing network? The problem with disturbed processing is that it's only good for tasks that:
A. large/complicated enough to constitute such a network: nuclear simulation, weather prediction, chess, encryption. Most of which have no little to no interest to the common user.
B. Can be distributed, Seti and encryption work because a central server can farm out sections of work to different clients. For most tasks this is not practical, especially real time problems.
C. Doesn't need a big pipe. for example a rendering farm, or maybe mp3 compression would be nice, unfortunately the data is to large to make it worth while.
-Jon
BearShare is also a add whore, it defaults to installing some addware apps, and when you deselect them is says "are you sure? this is how we make money you selfesh fuck!", i think the text might be a little different.
Download Accelorator also does this (i think).
-Jon
that compares pretty well to viacom's list.
-Jon
saw this at NYT :
AOL Time Warner Set to Buy IPC
it's a 1.64 billion $$$ deal, IPC is a UK magazine publisher.
-Jon
Create a internet worm that uses your idle clock cycles to find the number, and sends it back to me once it's found it. I would use anonymous Usenet for communication: requesting jobs, posting jobs and (hopefully) posting the current solution.
The reason for not making a large (voluntary) distributed project is because you'll probably have to split the money with the lucky dope that found the number, this way you get to keep the money.
-Jon
i found this picture, is that it?
-Jon
The company I work for (a biotech) makes machines which are being used to research chemical warfare defense and detection.
The detection has to do with running assays on the air for certain properties, considering that our product uses micro-beads to analyze the results, I don't really understand out that would work; fill the air with micro-beads and reagents?
The defense is an idea where the army could deploy trucks with out device attached, the idea is that we can quickly test men for signs of some airborne decease's, anthrax for example.
-Jon
Actaully as some people on this thread have posted, he was selling his eBook software at Defcon, so yes he was "trafficing" his "device" (damm, that almost sounds perverted).
-Jon
No doubt, perhapes if you read the 2nd parahraph of the artical you would have read:
In a filing with the Federal Communications Commission, the company laid out the steps it has taken to reach this goal. The company has selected a standard, developed new customer software and created systems that enable different services to talk to one another.
anyway.
If the DMCA had been in existence in the l970s, the reporters and their employees could have been arrested under the exact same charges as Sklyarov -- stealing copyrighted material.
no, he was arrested for trafficing a "copyright circumvention device" or as adobe puts it "digital lockpick".
I was actually injoying your artical until that comment.
-Jon
Palm emulator running in a WinCE emulator running on Windows through VMWare on Linux!
-Bonk
In the article is states that:
complete DragonBall (emulation except for UART Serial), booting OS1 and OS2 ROMs, and using maximum amount of memory. In the future, people can expect serial port emulation, IR emulation, application loading, booting OS3 and OS4 ROMs, color support, EZ and VZ support
What does this mean for hooking up devices like a GPS or Omnisky modem? It seems to me that a big reason people choose palm is because of a outstanding third party support.
I know from personal experience that emulation's are not a replacement for the real thing. I've booted up windows in linux, linux in windows, Workbench (amiga) in windows, palm and CE under the PC, and I have never found a long time use for them. I say this because I'm sure someone will post that this is a sign of Microsoft taking over palms share of the market, maybe; but I think palm will lose it's market due to aging technology and bad business.
-Jon
first thoughtfull post i've seen, thank you.
-Jon
I don't think this worm uses any features of outlook, it's simply an executable attachment that does BadThings(tm).
you could probably use whatever email client you want, as long as it's under windows it'll probably work.
-Jon
Hell, i wouldn't even call it a virus. more like a worm. I don't belive it uses VBA or VBScript, from what i can tell it's just an executable.
.exe, .bat, .tif., .com, or .link. If it uses .link or .bat, the virus will essentially "neuter" itself, Trilling says, ceasing to operate.
.bat, .tif etc.. can all be executables, but in difference contexts. if you rename a .bat to .exe it won't run, so for this to work it would need to change the structure of the file each time; this would make it a polymorphic worm.
the interesting text from the ZDnet artical:
it will append the file name with either
.exe,
I would also like to note that the exact same type of worm could work on any operating system, the only reason it targets windows is because of the large user base of people who don't know better.
btw, i got this one in my yahoo account. it was marked at "bulk/junk" mail my yahoo's filters, and yahoo's virus scanner flagged it.
-Jon
I was all over that page like flys on shit. I'm not a network guy, and i don't want to be so it wasn't very helpfull.
so why is it called netfilter || iptables?
-Jon
(why the fuck did this get modded up?)
i read the fucking "manuals" what ever the fuck manuals are; search for google and you'll find lots of little write ups, some FAQ's some half baked guides, no "manual".
if redhat linux, or any linux for that matter is a product i would like them so state clealy on what the deal is with three competing firewalls shipping with their product.
-Jon
i'm talking about this one
personally i've been running 2.4 for a few months now without any crashs. however (coming from freebsd) i really dislike the ipfw/ipchains/iptables crap. i would just like to be presented with one that is the standard.
-Jon
Good question. Number one reason is that he's well known. It sounds impressive to say that the renowned hacker Kevin Mitnick could not crack your box, and says it's safe. Another is that he is a smart creative guy, I believe that breaking into a box is more about creativity then technical knowledge.
-Jon
I met kevin in LA about a year ago, at the time he was very bitter about the whole ordeal, it's true, he can't use a computer. however he has his hands in anything with a IC that isn't a "computer". his car (a toyota mr2) is filled with gizmos, id like to tell you what but i'm not a ham radio buff, all i can say is lots of stuff with knobes and flashy lights.
Once he found out i worked at microsoft he started asking me all kinds of questions: what kind of security do that have?, how often do they change passwords, whats NT like? (seriously)
he's never heard of slashdot, he's never used NT, so yes, he is WAY out of the loop. however he is making a decent penny whoring his celibraty, he does talk at conferences, he does consult on security, this is actually how he makes his money.
-Jon
what side of your ass your talking out of?
here's a little history for ya.
the browser is an idea.
the browser gets it's first implementation developed on NeXT (of all things)
Mark Anderson helps make the first Mosaic at NCSA (I believe he was an intern)
NCSA Mosaic gets some attention, so Mark A. gets the bright idea to start a new company, mainly by grabbing all the good people from NCSA (much how Unisys did with MIT AI lab when RMS worked there, which also started GNU)
Around v2 of "Netscape" Microsoft realizes they are WAY BEHIND in the future of software. So they bought/licenced Spyglass mosaic browser, re-packaged it as IE 1, and 2.
MS around v3 of Netscape MS has ditched the old source and was working on a new code base for IE3, which is was pretty decent.
Netscape 4 and IE 4 came around the same time, but you know what? IE4 is a total re-write of IE3, and the beginning of what was also IE4. They got about half way done with IE4 then decided they really needed to change stuff around, so in the middle of development they re-started it and made the IE4 that shipped!
Netscape roles over and dies (for various reasons, mainly for never scraping there code, and having a crappy product I imagine).
So no, IE is not a hack off older stuff, the idea of a graphical www is ripped from NCSA Mosaic (which really was pretty obvious development from previous work).
-Jon
I don't think machines will be making any moral or ethical decisions any time soon. I think you tryed to say that between the lines, but didn't out right say it.
Money managment, paperwork, etc.. there things are half done by machines, this will simply continue. However a real (and unpredictable) breakthrough would be a machine that makes any kind of moral decision.
-Jon
A new ruggedised RISCOS computer, the Solo is intended for use within Third-world countries where its ultra-low-power design enables it to be used indefinitely away from sources of mains electricity.
We would need state of the art high tech computers so they can work in low tech third world countrys.
-Jon