I have the iPhone Configuration Utility installed on a work machine as we support a few dozen iPhones at work. Just checked, and there's no Apache process (just an iPCU.exe) when running the app. One of the links in the summary also mentioned using a browser against localhost:3000 for configuration, netstat shows no process listening on that port.
If you're suspicious that that might not be Google's official blog: they own blogger.com and blogspot.com and can reasonably be expected to not let anyone get away with impersonating them on their own sites.
No, I do not. Salted passwords have nothing to do with what essentially is the same thing as obfuscating banners on web or mail servers. Salted passwords significantly improve security. Obfuscating banners only adds a trivial amount of work to determine the version a server is running. Mind you, obfuscating banners certainly doesn't make things worse, so I actually agree that it should be a configurable option. I just disagree that it's a particularly worthwhile option because I agree with TFA in that obfuscating banners at most entices an attacker that is looking for any target to go for someone else because he'd have to run additional steps on you. It does absolutely nothing to help an attacker targeting you specifically. It may not even help with drive-bys depending on how trivial it is to determine the version by probing and checking responses - I must admit I don't know how trivial this is with Wordpress.
>>In end, default behavior of NAT (outgoing traffic always allowed, incoming only in response to outgoing) gave us the auto-configuration ability that we needed, and the result was something much more secure than would have existed if the firewall was optional.
How is that better than shipping a stateful firewall with a default configuration that allows all outgoing traffic, allows all related inbound traffic (i.e. all traffic in connections initiated by an inside machine), and drops everything else?
NAT is not a bona fide security feature. NAT by itself can be traversed, NAT keeps no traffic information other than port numbers - NAT at best obfuscates network space, which is a welcome side effect but doesn't make things secure. A firewall is a security feature, and it's perfectly possible to firewall IPv6 traffic. Also, it's of course perfectly possible to subnet an IPv6 network and separate your Crays and your toasters, if you so desire.
I don't see where he's saying that the Police Department's version is accurate. He's simply providing the information that they are claiming to have a different account of how things played out, and he's relaying that their media department can be contacted for a statement.
Actually your changes would have taken effect immediately in new sessions. launchd runs a new sshd process for every login, so the configuration would be parsed from scratch. Think of it as running sshd through inetd. Since you cannot change parameters to your current session as it already exists, there's simply no need for a mechanism to re-read the configuration.
My contribution to the discussion is combining $(foo) with for...do loops. For example, if I wanted to find and delete old database connections I would:
for a in $(list_old_connections) ; do drop_conn $a ; done
for loops with backticks can very quickly hit resource limits on long lists, so often you're better off piping to a looped read instead:
list_old_connections | while read a; do drop_conn $a; done
I don't get it. Why did it take me less than 30 seconds to figure out how to make anything Idle related disappear from the index, even though I'd never tried before? Please, leave the pointless bitching out off the commends. You know it's lame, we know it's lame, since it is a complete waste of time. Why let it be a complete waste of disk space, cycles and bandwidth?
If I've got your iPhone, I can plug it into my Mac and sync all of your contacts/favourites/everything else off with iTunes. And if you've jailbroken it, I can probably get root access with ssh and the "alpine" password, since no-one ever changes that.
If I've got physical access to your device there's very little you can do to stop me getting your data unless you've encrypted it.
You can't sync an iPhone (or iPod) with an instance of iTunes that it hasn't synced with previously without formatting the device.
If you're running an SSH daemon on a device and keep well published default accounts and passwords around, well, you really don't deserve any better.
Spoofing a MAC address is trivial on Linux and Windows machines, a bit more involved to make your OS X Leaopard system able to spoof but not rocket science, and apparently trivial with "spoofmac" on Tiger.
bash-3.2$ uname -a Darwin Laptop.local 9.4.0 Darwin Kernel Version 9.4.0: Mon Jun 9 19:36:17 PDT 2008; root:xnu-1228.5.20~1/RELEASE_PPC Power Macintosh bash-3.2$ ifconfig en0|grep ether
ether 00:11:24:d5:57:9e bash-3.2$ sudo ifconfig en0 ether aa:bb:cc:dd:ee:ff Password: bash-3.2$ ifconfig en0|grep ether
ether aa:bb:cc:dd:ee:ff
"frei" means "free" in German, as in "freedom". Just by itself, it pretty much always refers to freedom, though it can - surprise! - be combined with other words to indicate what something is free of. Including "kostenfrei", describing something that is free of costs. Without any modifiers it would be taken to refer to something that is free of any restrictions, and "freie Software" would be understood to be in the spirit of the FSF.
With regard to Leopard's new firewall, the idea is layered security. If malware slips onto the machine, the Firewall may still be able to limit the damage it can do. If a worm can't connect to its control channel, it basically does nothing. I'd also note that the new firewall is application based, not port based. That means it can restrict some new game from accessing port 80, while allowing your Web browser to do so. Unless I am very mistaken even after quickly reviewing Apple's documentation, it is indeed an application based firewall (working off signed code, so an alert is triggered if an application's code base changes), but only for incoming connections. Thus, you cannot block any malware from contacting a control server - though you are probably blocking your machine from becoming a control server.
They are the guys that wrote and support nsd (http://www.nlnetlabs.nl/nsd/), the software used on at least 2 root servers (k.root-servers.org and l.root-servers.org).
Slashdot Mirror
I have the iPhone Configuration Utility installed on a work machine as we support a few dozen iPhones at work. Just checked, and there's no Apache process (just an iPCU.exe) when running the app. One of the links in the summary also mentioned using a browser against localhost:3000 for configuration, netstat shows no process listening on that port.
It's Google's site.
See the announcement here: http://googleblog.blogspot.com/2009/09/announcing-project-10100-idea-themes.html/
If you're suspicious that that might not be Google's official blog: they own blogger.com and blogspot.com and can reasonably be expected to not let anyone get away with impersonating them on their own sites.
From that link: "It does not work with Skype."
Though it may be possible to use ZRTP with Skype somehow, zfone as an app seems to be out.
No, I do not. Salted passwords have nothing to do with what essentially is the same thing as obfuscating banners on web or mail servers. Salted passwords significantly improve security. Obfuscating banners only adds a trivial amount of work to determine the version a server is running. Mind you, obfuscating banners certainly doesn't make things worse, so I actually agree that it should be a configurable option. I just disagree that it's a particularly worthwhile option because I agree with TFA in that obfuscating banners at most entices an attacker that is looking for any target to go for someone else because he'd have to run additional steps on you. It does absolutely nothing to help an attacker targeting you specifically. It may not even help with drive-bys depending on how trivial it is to determine the version by probing and checking responses - I must admit I don't know how trivial this is with Wordpress.
As outlined in TFA (yes, I know, I know) that's snake oil. You can run response tests to determine a version.
>>In end, default behavior of NAT (outgoing traffic always allowed, incoming only in response to outgoing) gave us the auto-configuration ability that we needed, and the result was something much more secure than would have existed if the firewall was optional.
How is that better than shipping a stateful firewall with a default configuration that allows all outgoing traffic, allows all related inbound traffic (i.e. all traffic in connections initiated by an inside machine), and drops everything else?
NAT is not a bona fide security feature. NAT by itself can be traversed, NAT keeps no traffic information other than port numbers - NAT at best obfuscates network space, which is a welcome side effect but doesn't make things secure. A firewall is a security feature, and it's perfectly possible to firewall IPv6 traffic. Also, it's of course perfectly possible to subnet an IPv6 network and separate your Crays and your toasters, if you so desire.
I don't see where he's saying that the Police Department's version is accurate. He's simply providing the information that they are claiming to have a different account of how things played out, and he's relaying that their media department can be contacted for a statement.
Actually your changes would have taken effect immediately in new sessions. launchd runs a new sshd process for every login, so the configuration would be parsed from scratch. Think of it as running sshd through inetd. Since you cannot change parameters to your current session as it already exists, there's simply no need for a mechanism to re-read the configuration.
My contribution to the discussion is combining $(foo) with for...do loops. For example, if I wanted to find and delete old database connections I would:
for a in $(list_old_connections) ; do drop_conn $a ; done
for loops with backticks can very quickly hit resource limits on long lists, so often you're better off piping to a looped read instead:
list_old_connections | while read a; do drop_conn $a; done
I don't get it. Why did it take me less than 30 seconds to figure out how to make anything Idle related disappear from the index, even though I'd never tried before? Please, leave the pointless bitching out off the commends. You know it's lame, we know it's lame, since it is a complete waste of time. Why let it be a complete waste of disk space, cycles and bandwidth?
If I've got your iPhone, I can plug it into my Mac and sync all of your contacts/favourites/everything else off with iTunes. And if you've jailbroken it, I can probably get root access with ssh and the "alpine" password, since no-one ever changes that.
If I've got physical access to your device there's very little you can do to stop me getting your data unless you've encrypted it.
You can't sync an iPhone (or iPod) with an instance of iTunes that it hasn't synced with previously without formatting the device.
If you're running an SSH daemon on a device and keep well published default accounts and passwords around, well, you really don't deserve any better.
Spoofing a MAC address is trivial on Linux and Windows machines, a bit more involved to make your OS X Leaopard system able to spoof but not rocket science, and apparently trivial with "spoofmac" on Tiger.
bash-3.2$ uname -a
Darwin Laptop.local 9.4.0 Darwin Kernel Version 9.4.0: Mon Jun 9 19:36:17 PDT 2008; root:xnu-1228.5.20~1/RELEASE_PPC Power Macintosh
bash-3.2$ ifconfig en0|grep ether
ether 00:11:24:d5:57:9e
bash-3.2$ sudo ifconfig en0 ether aa:bb:cc:dd:ee:ff
Password:
bash-3.2$ ifconfig en0|grep ether
ether aa:bb:cc:dd:ee:ff
It's trivial on OS X (Leopard and Tiger), too.
"frei" means "free" in German, as in "freedom". Just by itself, it pretty much always refers to freedom, though it can - surprise! - be combined with other words to indicate what something is free of. Including "kostenfrei", describing something that is free of costs. Without any modifiers it would be taken to refer to something that is free of any restrictions, and "freie Software" would be understood to be in the spirit of the FSF.
That might be due to the website of the distributor calling the product a DNS server.
Taken from http://www.nlnetlabs.nl/:
Recent Software Updates
Unbound 1.0.0
Tue May 20 2008
The public release of Unbound, a fast recursive validating caching DNS server.
They are the guys that wrote and support nsd (http://www.nlnetlabs.nl/nsd/), the software used on at least 2 root servers (k.root-servers.org and l.root-servers.org).
Those are some mighty fine credentials.
or have had to provide out-of-band management.
Package: spore
Versions:
1.0
Description Language:
File:
Dependencies:
1.0 - dukenukem3d