I can call these exploits - they exploit bugs in the software. I don't need to spawn a remote shell, and it doesn't matter whether or not software is in alpha, beta, or stable. If we applied your logic to gmail(the perpetual beta, which by the way, I love) and I could suddenly do a DB dump, "oh that's not an exploit it's a bug!" - That doesn't fly, dude.
The word "exploit" covers DoSes too, as the PoC exploits(hey there's that word!) a bug in the software. Exploit doesn't always equate to remote shell. I'm aware of what the issues are, and that's why I'm saying if this is what I can expect from google, I'm really not interest in their software.
Security improvements?
on
Chrome Vs. IE 8
·
· Score: 2, Interesting
I keep hearing about "security improvements"... There's two exploits in two days of life. It's an immature codebase, but if this's what we've got to look forward to, well, count me out.
2) Pornography is considered an artistic expression and the US constitution and Canadian charter among other bill of rights in other countries protect free speech. In the 70's there were supreme court cases in the US that helped set precedent protecting pornography under the federal-granted right to free speech.
Stop right there. The constitution does not grant any rights, it protects them. The difference is huge, especially when it comes to bill of rights issues.
You can do better: Uncap your cable modem, change your HFC MAC and SN, and the MAC on your router. You're now a different customer, and this can't be tracked to your house, only a few square blocks/miles(to the node).
Keep in mind that this 'exploit' is quite difficult to execute, requiring not just physical access to the machine - but to the RAM. While the machine is running (or was running within the last N seconds, at least). In the vast majority of environments, that's going to be extremely difficult.. unless you own (or operate) that machine and you have no particular way of being caught.
No you don't, play with the PoC. With McGrew Security's ramdumper you've been able to boot off USB on the machine the ram sat in initially, and reading through some of this stuff over three minutes, the princeton shit is even more badass and does PXE bootstrapping and stuff.
You can say that all you like, but being a hobbyist, try to get a cell for yourself. Go on, write up IBM! I'll sit here and wait while the same "sorry" letter gets mailed to you, informing you that it's not possible for you as an individual outside of sony to get the cell, and that they've got linux running now on the ps3.
I don't know if you're being sarcastic or not, but the lower impedance means that we'll get more efficient transfer out of the power we're already distributing, decreasing the current load on the grid.
You know I've posted this on/. like three or four times now and you'd think it'd be more common knowledge by now... but getting encryption keys from RAM is pretty trivial. It's called a cold boot attack.
This attack was sort of one that was under the hat of pentesters and hobbyists until a few months ago when it was rather a do-it-yourself thing, but then McGrew Security made a followup PoC - http://mcgrewsecurity.com/projects/msramdmp/ to the Princeton paper. I played with it right after it came out, and then awhile later threw up a tutorial on remote-exploit. Now, Mati Aharoni's a really smart guy and most assuredly knew about the PoC before I did, but shortly after the tutorial and some discussion on IRC, it's now in BackTrack 3 (http://www.remote-exploit.org/backtrack.html) as a syslinux boot option putting the attack within the reach of everyone.
Getting the encryption keys out of the ram dump isn't a point and click operation, but the code's out there and it compiles. People are walking around right now with this on their USB key, and it's the sort of attack that is a real problem that physical access and untrusted users present now. Even without the encryption keys, you've still got the contents of previous webpages, cookies, IM conversations, unencrypted files, and everything else in RAM. Disabling boot from USB doesn't matter much because you can just use a grub CD, and carry around a laptop drive and do dumps on multiple machines. Hell, if you felt like dealing with it you could make it a PXE image... even disabling both boot from USB and CD, most cases in public places(think Dell) can be quickly popped open with the power still on and the BIOS jumper tripped.
Even SSL isn't that much of a guarantee if you *are* connecting with it. You can't trust the end point, period. Self signed certs are easily swapped out on the fly, and anyone can get a signed cert from godaddy or where ever. The average user just clicks right through SSL warnings including mismatching domains, because they happen all the time. It's the overall "business" of CAs that make the whole thing pointless on a mass scale right now, when combined with training users to click through warnings. Combine this with FPGAs and community efforts towards fraud on a mass scale, and I wouldn't be suprised if certs for major sites that don't change them often haven't already been computed.
How many old debian certs do you think are still out there? Ouch.
You cannot trust the exit node in tor, it's still plain text most of the time and you're vulnerable to MITM attacks. If you look at your traffic on tor you'll find lots of sneaky shit going on like ad replacement, swapped out cookies, and there's certainly more curious people out their watching the node traffic out of curiosity with wireshark/driftnet/snort than just me. Mind you I behave and I'm simply curious, where as most of the nodes out there will attempt to profit in some way from your ignorance that gets perpetuated repeatedly throughout the internet.
If you've got a 30gb volume with a "hidden" volume inside of it, but 10mb of files in it, can't you tell it's got something there by just dumping 30710mb in it(and it'll fail if it does?)? http://www.truecrypt.org/docs/hidden-volume.php makes that seem unlikely, it looks like you'd just totally fuck up your hidden partition if you wrote to the volume... which makes you wonder how long it'll be until a tool is developed for law enforcement specifically designed to fuck up these volumes.
They do that all the time, and it's still cracked and released. Publishers are starting to realize that they're spending too much money/time/effort on copy protection, and are moving to a non-DRM mindset, see stardock for an example. I didn't even bother downloading Sins of a Solar Empire for a test run(as I usually do) - I bought it outright because of their stance on copy protection. I also know several others that did the same exact thing I did.
I feel for the publishers as much as I do for the consumers. Without copy-protection its just too easy for people to rip-off the publishers.
And it's not easy to goto a torrent site and grab the content which doesn't have this protection, generally before the legit content is even out on shelves?
Evolution is not teleological (which means "purposive" or "goal-oriented").
While evolution isn't, life is. It seems there are two purposes in every form of life:
1) Spread your genetic material
2) Don't die.
It also seems that so long as goal #1 is being fufilled, #2 doesn't matter so much and can be considered a secondary objective. I predict/.ers will have long lives.
No, you don't get it. The c610 will keep it's fan off until like 160f, and then turn 1 and 2 on high until like 130f, then they go off. Using i8kfangui I keep the big fan (2) on at all times, so I idle at 140 instead of reaching that 160f idle. If the temperature increases, the fan speed increases(as I8K allows you to set thresholds) and I kick on the second fan.
Slashdot Mirror
Why is WebKit worth switching to when Chrome had five vulnerabilities in two days?
2008-09-05: http://milw0rm.com/exploits/6367
2008-09-05: http://milw0rm.com/exploits/6386
2008-09-05: http://milw0rm.com/exploits/6372
2008-09-04: http://milw0rm.com/exploits/6365
2008-09-03: http://milw0rm.com/exploits/6355
2008-09-03: http://milw0rm.com/exploits/6353
WebKit isn't touching my machine, thank you very much. Might throw Bunny(the fuzzer) at the codebase, though.
I can call these exploits - they exploit bugs in the software. I don't need to spawn a remote shell, and it doesn't matter whether or not software is in alpha, beta, or stable. If we applied your logic to gmail(the perpetual beta, which by the way, I love) and I could suddenly do a DB dump, "oh that's not an exploit it's a bug!" - That doesn't fly, dude.
The word "exploit" covers DoSes too, as the PoC exploits(hey there's that word!) a bug in the software. Exploit doesn't always equate to remote shell. I'm aware of what the issues are, and that's why I'm saying if this is what I can expect from google, I'm really not interest in their software.
I keep hearing about "security improvements"... There's two exploits in two days of life. It's an immature codebase, but if this's what we've got to look forward to, well, count me out.
http://milw0rm.com/exploits/6353
http://milw0rm.com/exploits/6355
Stop right there. The constitution does not grant any rights, it protects them. The difference is huge, especially when it comes to bill of rights issues.
You can do better: Uncap your cable modem, change your HFC MAC and SN, and the MAC on your router. You're now a different customer, and this can't be tracked to your house, only a few square blocks/miles(to the node).
A DOCSIS network runs over coax.
No you don't, play with the PoC. With McGrew Security's ramdumper you've been able to boot off USB on the machine the ram sat in initially, and reading through some of this stuff over three minutes, the princeton shit is even more badass and does PXE bootstrapping and stuff.
I've been feeling downsized too ever since the booth babes went away.
You can say that all you like, but being a hobbyist, try to get a cell for yourself. Go on, write up IBM! I'll sit here and wait while the same "sorry" letter gets mailed to you, informing you that it's not possible for you as an individual outside of sony to get the cell, and that they've got linux running now on the ps3.
I should have scanned mine
I don't know if you're being sarcastic or not, but the lower impedance means that we'll get more efficient transfer out of the power we're already distributing, decreasing the current load on the grid.
You know I've posted this on /. like three or four times now and you'd think it'd be more common knowledge by now... but getting encryption keys from RAM is pretty trivial. It's called a cold boot attack.
http://citp.princeton.edu/memory/
http://en.wikipedia.org/wiki/Cold_boot_attack
This attack was sort of one that was under the hat of pentesters and hobbyists until a few months ago when it was rather a do-it-yourself thing, but then McGrew Security made a followup PoC - http://mcgrewsecurity.com/projects/msramdmp/ to the Princeton paper. I played with it right after it came out, and then awhile later threw up a tutorial on remote-exploit. Now, Mati Aharoni's a really smart guy and most assuredly knew about the PoC before I did, but shortly after the tutorial and some discussion on IRC, it's now in BackTrack 3 (http://www.remote-exploit.org/backtrack.html) as a syslinux boot option putting the attack within the reach of everyone.
http://tourian.jchost.net/shadow/liveusb/boot.png
Getting the encryption keys out of the ram dump isn't a point and click operation, but the code's out there and it compiles. People are walking around right now with this on their USB key, and it's the sort of attack that is a real problem that physical access and untrusted users present now. Even without the encryption keys, you've still got the contents of previous webpages, cookies, IM conversations, unencrypted files, and everything else in RAM. Disabling boot from USB doesn't matter much because you can just use a grub CD, and carry around a laptop drive and do dumps on multiple machines. Hell, if you felt like dealing with it you could make it a PXE image... even disabling both boot from USB and CD, most cases in public places(think Dell) can be quickly popped open with the power still on and the BIOS jumper tripped.
Things like this should make you really nervous if you were freaking out about Microsoft's little COFEE ( http://tech.slashdot.org/article.pl?sid=08/04/29/1441215&from=rss ) toy, since it's no more impressive than a customized "Gonzor's Payload" U3 USB Drive ( http://wiki.gonzor228.com/index.php/SBConfig ) with a Microsoft Sticker and this is quite a bit more, well, dirty.
Even SSL isn't that much of a guarantee if you *are* connecting with it. You can't trust the end point, period. Self signed certs are easily swapped out on the fly, and anyone can get a signed cert from godaddy or where ever. The average user just clicks right through SSL warnings including mismatching domains, because they happen all the time.
It's the overall "business" of CAs that make the whole thing pointless on a mass scale right now, when combined with training users to click through warnings. Combine this with FPGAs and community efforts towards fraud on a mass scale, and I wouldn't be suprised if certs for major sites that don't change them often haven't already been computed.
How many old debian certs do you think are still out there? Ouch.
You cannot trust the exit node in tor, it's still plain text most of the time and you're vulnerable to MITM attacks. If you look at your traffic on tor you'll find lots of sneaky shit going on like ad replacement, swapped out cookies, and there's certainly more curious people out their watching the node traffic out of curiosity with wireshark/driftnet/snort than just me. Mind you I behave and I'm simply curious, where as most of the nodes out there will attempt to profit in some way from your ignorance that gets perpetuated repeatedly throughout the internet.
Not to be a dick, just sayin'.
Because they'd make a bit for bit copy before doing any work.
If you've got a 30gb volume with a "hidden" volume inside of it, but 10mb of files in it, can't you tell it's got something there by just dumping 30710mb in it(and it'll fail if it does?)? http://www.truecrypt.org/docs/hidden-volume.php makes that seem unlikely, it looks like you'd just totally fuck up your hidden partition if you wrote to the volume... which makes you wonder how long it'll be until a tool is developed for law enforcement specifically designed to fuck up these volumes.
A bank account is not proof of age and a creditcard is not proof of age(you can get prepaids from any gas station).
I have a rather security focused google homepage(I love it):
Securityfocus
National Vulnerability Database
milw0rm
sebug
and last but not least, idefense.
But the fucked up thing is that it is American soil, because it's a fucking military base. The government's trying to have it both ways here.
They do that all the time, and it's still cracked and released. Publishers are starting to realize that they're spending too much money/time/effort on copy protection, and are moving to a non-DRM mindset, see stardock for an example. I didn't even bother downloading Sins of a Solar Empire for a test run(as I usually do) - I bought it outright because of their stance on copy protection. I also know several others that did the same exact thing I did.
1) Spread your genetic material
2) Don't die.
It also seems that so long as goal #1 is being fufilled, #2 doesn't matter so much and can be considered a secondary objective. I predict
Yes! I predict in 40 years we'll predict in 40 years that we'll reach a prediction....
No, you don't get it. The c610 will keep it's fan off until like 160f, and then turn 1 and 2 on high until like 130f, then they go off. Using i8kfangui I keep the big fan (2) on at all times, so I idle at 140 instead of reaching that 160f idle. If the temperature increases, the fan speed increases(as I8K allows you to set thresholds) and I kick on the second fan.
Oh, and, i8kfangui to keep the big fan on low at all times.