Text messages are one of the most awful forms of data on the cell network. On a 3G type network, they are just data, so hey, if you can do TXT on 3G, just do data. So what?
But on older networks, such as the proposed usage, they take up CONTROL channel space, and too much SMS is a DOS attack!
ABSTRACT: Cellular networks are a critical component of the economic and social infrastructures in which we live. In addition to voice services, these networks deliver alphanumeric text messages to the vast majority of wireless subscribers. To encourage the expansion of this new service, telecommunications companies offer connections between their networks and the Internet. The ramifications of such connections, however, have not been fully recognized. In this paper, we evaluate the security impact of the SMS interface on the availability of the cellular phone network. Specifically, we demonstrate the ability to deny voice service to cities the size of Washington D.C. and Manhattan with little more than a cable modem. Moreover, attacks targeting the entire United States are feasible with resources available to medium-sized zombie networks. This analysis begins with an exploration of the structure of cellular networks. We then characterize network behavior and explore a number of reconnaissance techniques aimed at effectively targeting attacks on these systems. We conclude by discussing countermeasures that mitigate or eliminate the threats introduced by these attacks.
All this HFT stuff is zero-sum, if someone makes $10 on HFT, someone else loses $10.
HFT is a market parasite at this point and, IMO, ALL quotes should have a randomly induced delay between 0 and 1 second (with the delay being DIFFERENT to different participants), to eliminate the advantage of high frequency trading.
"[It is] rather odd that a nation that prides itself on its virility should be compelled to strap on 40 pounds of protective gear in order to play a simple game of Rugby"
Some Cisco marketing person screwed up bigtime: he (presumably) saw a huge pile of money from Apple, but doesn't see all the hidden damage done to Cisco as now their flagship product, IOS, becomes unsearchable on the web at large and hugely confused in the future.
As such, that idiot should really be fired for incompetence.
Does it also include a fecal material sensor hooked up to the radio, so the underwear can automatically call for help in a "crap your pants" situation?
An iPad is really a "new class" of device: a "content access" tool rather than a "content creation" tool. A notebook is really good for creating stuff. But for viewing stuff, its actually decidedly second-class.
And netbooks are just small notebooks: with all the limitations that a notebook has.
An iPad is different: it actually sucks for creating content for the most part: the keyboard just is a steaming pile of "not good" compared with even the keyboard on the XO laptop. But for data access it is brilliant: Light weight, long lived, easy to use.
And with the app ecology, apps are just more "data to access", and its really good at that. I'd expect to see, eg, a lot of interesting industrial/business applications as well start to develop. Its not just a "for fun" device really, its just a reflection that there are different roles for devices, and apple built a specialist-in-a-different direction device.
I've heard advice from others that a file is actually better, as it works better for removing the controlled amount of material and things like rounding corners.
If you are making a smartphone, you need a powerful OS, with a lot of low level features, and as robust as possible an app market.
And if your name isn't Apple or RIM, you need an off-the-shelf OS from someone else. WinCE (or whatever Microsoft calls it this week) doesn't have the app ecology and costs money to put on a phone. So you go with Android.
So its not a checkbox, but rather a necessary shortcut, if you want to bring a smartphone to market, you run Android. But at the same time, of course you customize it: you don't want to be a commodity vendor.
After all, whats the difference between Dell and HP? Not much. HTC doesn't want to be the same as motorola, so in order to preserve a competitive advantage, you try to make your GUI better AND don't feedback your gui changes back to your competition.
Netalyzr also checks for this, both for the client and for the DNS resolver, and reports specifically the DNS resolver's status.
The resolver side tests include actual DNS MTU, advertised MTU, EDNS and DNSSEC requseting, whether the resolver can failover to using TCP, and other related issues.
Overall, the "512B" thing is largely a myth, a few resolvers have this problem but most don't. Rather, the big problem is lack of support for fragmented responses, which won't affect deployment from the root but will affect things when zones start getting signed.
For the end system connection, however, the "512B" or "No EDNS" is a bit more common, but still fragmentation is overall a larger issue.
A prediction: there will be some settlement, where the "victims" can claim $10 in coupons for discounted games, but the lawyers will make a few hundred thousand or a million.
Its because it first has to make sure the name isn't valid, at least within the local DNS context, so you will ALWAYS get fubar.{MY-DNS-SEARCH-PATH} before going to goole.
Q: Whats to stop your ISP from redirecting all outgoing packets to port 53 to their own DNS server?
A: If an ISP does this, we'd detect it: thats one of the tests we check for explicitly in Netalyzr: we send raw DNS requests directly to our server and ensure that they are not intercepted or proxied or modified on the way.
If you are a windstream customer, could you please run netalyzr (http://netalyzr.icsi.berkeley.edu) and send teh results URL to netalyzr-help@icsi.berkeley.edu?
A: If the ISP is good, they have an opt-out to a non-wildcarding DNS server.
B: If the ISP is not, I hate to say it but use Google Public DNS (8.8.8.8 and 8.8.4.4), as they don't wildcard or do anything beyond use the DNS information for data-mining purposes.
I'd personally STRONGLY AVOID OpenDNS, which does lots of bad things to DNS: NXDOMAIN wildcarding ANY address (not just www. addresses), SERVFAIL wildcarding, wildcarding addresses which HAVE valid records but just no A record, and even man-in-the-middling Google!
What firefox does is first try to do DNS lookups for: foo foo.com www.foo.com
before launching the google search.
Thus NXDOMAIN wildcarding (which is unfortunately growing very common, distressingly so in our data) will mess up the firefox behavior by causing one of the three names to resolve to the "helpful" search page belonging to the ISP.
No, but "Reasonable and just effort" does, and the reasonable and just effort to return a piece of lost property lost at the bar is talk to the bartender.
Slashdot Mirror
Gen2 with the apple microphone headphones works just fine, its just that the headphones it SHIPS with don't include the microphone.
(Owner of a Gen2 iPod touch)
Text messages are one of the most awful forms of data on the cell network. On a 3G type network, they are just data, so hey, if you can do TXT on 3G, just do data. So what?
But on older networks, such as the proposed usage, they take up CONTROL channel space, and too much SMS is a DOS attack!
See Exploiting Open Functionality in SMS-Capable Cellular Networks:
All this HFT stuff is zero-sum, if someone makes $10 on HFT, someone else loses $10.
HFT is a market parasite at this point and, IMO, ALL quotes should have a randomly induced delay between 0 and 1 second (with the delay being DIFFERENT to different participants), to eliminate the advantage of high frequency trading.
"[It is] rather odd that a nation that prides itself on its virility should be compelled to strap on 40 pounds of protective gear in order to play a simple game of Rugby"
Some Cisco marketing person screwed up bigtime: he (presumably) saw a huge pile of money from Apple, but doesn't see all the hidden damage done to Cisco as now their flagship product, IOS, becomes unsearchable on the web at large and hugely confused in the future.
As such, that idiot should really be fired for incompetence.
Actually, it does work. There IS no 3rd generation touch at 8G, thats a 2nd gen Touch, the same relationship as the 8GB Iphone 3G vs the 16/32GB 3GS
You just don't get multitasking (lack of RAM), but otherwise its a full iOS 4 device.
Although disk is compellingly cheap, if you want reliable, multiple, and offside-stored backups, tape really is the answer.
Does it also include a fecal material sensor hooked up to the radio, so the underwear can automatically call for help in a "crap your pants" situation?
Search for "Oil Spill" and then click on the ad, then close the browser...
An iPad is really a "new class" of device: a "content access" tool rather than a "content creation" tool. A notebook is really good for creating stuff. But for viewing stuff, its actually decidedly second-class.
And netbooks are just small notebooks: with all the limitations that a notebook has.
An iPad is different: it actually sucks for creating content for the most part: the keyboard just is a steaming pile of "not good" compared with even the keyboard on the XO laptop. But for data access it is brilliant: Light weight, long lived, easy to use.
And with the app ecology, apps are just more "data to access", and its really good at that. I'd expect to see, eg, a lot of interesting industrial/business applications as well start to develop. Its not just a "for fun" device really, its just a reflection that there are different roles for devices, and apple built a specialist-in-a-different direction device.
I've heard advice from others that a file is actually better, as it works better for removing the controlled amount of material and things like rounding corners.
Its not a checkbox, but rather a shortcut.
If you are making a smartphone, you need a powerful OS, with a lot of low level features, and as robust as possible an app market.
And if your name isn't Apple or RIM, you need an off-the-shelf OS from someone else. WinCE (or whatever Microsoft calls it this week) doesn't have the app ecology and costs money to put on a phone. So you go with Android.
So its not a checkbox, but rather a necessary shortcut, if you want to bring a smartphone to market, you run Android. But at the same time, of course you customize it: you don't want to be a commodity vendor.
After all, whats the difference between Dell and HP? Not much. HTC doesn't want to be the same as motorola, so in order to preserve a competitive advantage, you try to make your GUI better AND don't feedback your gui changes back to your competition.
DJBDNS doesn't request DNSSEC data, so it will see the same thing it always has.
In fact, it doesn't do EDNS at all, so it can't accept any DNS response (regardless of the reason) over 512B in size.
Netalyzr also checks for this, both for the client and for the DNS resolver, and reports specifically the DNS resolver's status.
The resolver side tests include actual DNS MTU, advertised MTU, EDNS and DNSSEC requseting, whether the resolver can failover to using TCP, and other related issues.
Overall, the "512B" thing is largely a myth, a few resolvers have this problem but most don't. Rather, the big problem is lack of support for fragmented responses, which won't affect deployment from the root but will affect things when zones start getting signed.
For the end system connection, however, the "512B" or "No EDNS" is a bit more common, but still fragmentation is overall a larger issue.
A prediction: there will be some settlement, where the "victims" can claim $10 in coupons for discounted games, but the lawyers will make a few hundred thousand or a million.
TCPdump and trimmed the output.
Its because it first has to make sure the name isn't valid, at least within the local DNS context, so you will ALWAYS get fubar.{MY-DNS-SEARCH-PATH} before going to goole.
Q: Whats to stop your ISP from redirecting all outgoing packets to port 53 to their own DNS server?
A: If an ISP does this, we'd detect it: thats one of the tests we check for explicitly in Netalyzr: we send raw DNS requests directly to our server and ensure that they are not intercepted or proxied or modified on the way.
If you are a windstream customer, could you please run netalyzr (http://netalyzr.icsi.berkeley.edu) and send teh results URL to netalyzr-help@icsi.berkeley.edu?
I'd like to investigate this in further detail.
Actually, it is: Firefox on the mac, typing in "fubar" into the browser
7336+ A? fubar.ICSI.Berkeley.EDU. (41)
7336 NXDomain* 0/1/0 (91)
33396+ AAAA? fubar.ICSI.Berkeley.EDU. (41)
33396 NXDomain* 0/1/0 (91)
53828+ A? fubar.Berkeley.EDU. (36)
53828 NXDomain 0/1/0 (94)
31608+ AAAA? fubar.Berkeley.EDU. (36)
31608 NXDomain 0/1/0 (94)
16219+ A? fubar.com. (27)
58529+ AAAA? fubar.com. (27)
16219 1/2/0 A 66.238.90.231 (83)
58529 0/1/0 (82)
So type in fubar, its first looking up fubar through the local DNS search path, and then fubar.com
So any wildcarding in the early part will nail it.
Likewise, for slashdot, its first doing local lookups before the google search:
61012+ A? slashdot.ICSI.Berkeley.EDU. (44)
61012 NXDomain* 0/1/0 (94)
52372+ AAAA? slashdot.ICSI.Berkeley.EDU. (44)
52372 NXDomain* 0/1/0 (94)
01773+ A? slashdot.Berkeley.EDU. (39)
1773 NXDomain 0/1/0 (97)
28834+ AAAA? slashdot.Berkeley.EDU. (39)
28834 NXDomain 0/1/0 (97)
60412+ A? www.l.google.com. (34)
60412 4/4/4 A 74.125.19.147, A 74.125.19.104, A 74.125.19.103, A 74.125.19.99 (234)
A nxdomain wildcard will EASILY mess up this process.
A: If the ISP is good, they have an opt-out to a non-wildcarding DNS server.
B: If the ISP is not, I hate to say it but use Google Public DNS (8.8.8.8 and 8.8.4.4), as they don't wildcard or do anything beyond use the DNS information for data-mining purposes.
I'd personally STRONGLY AVOID OpenDNS, which does lots of bad things to DNS: NXDOMAIN wildcarding ANY address (not just www. addresses), SERVFAIL wildcarding, wildcarding addresses which HAVE valid records but just no A record, and even man-in-the-middling Google!
What firefox does is first try to do DNS lookups for:
foo
foo.com
www.foo.com
before launching the google search.
Thus NXDOMAIN wildcarding (which is unfortunately growing very common, distressingly so in our data) will mess up the firefox behavior by causing one of the three names to resolve to the "helpful" search page belonging to the ISP.
The EICAR test "virus" is used to see if you have working AV which is blocking threats that are downloaded from the network.
Please see the FAQ.
We've seen a few ISPs that MitM www.google.com in DNS (you can check for yourself in Netalyzr.
Does anyone know (save me looking at a TCPdump) what domain name firefox uses, is it www.google.com or something else, for the google searches?
No, but "Reasonable and just effort" does, and the reasonable and just effort to return a piece of lost property lost at the bar is talk to the bartender.
Easy felony: Receiving stolen property worth $5000.
A slam dunk case except the DA will probably plead it down to a misdemenor with probation-only, because a felony trial is expensive.