Peer to Peer filesharing is new??? Lantastic, anyone? To most who've been in the industry a while, peer to peer is yet another move in the slow cycling of technology...
"Our servers are so fast, we'll have one big one and people will just need thin clients."
"Oh no! Our servers are too slow, lets get a lot of them and spread them around."
Rinse and repeat (every 5 years or so).
The real innnovation will occur if we can get the content pushed out to the Internet POPs from central locations. Put fiber in my house with a link to my favorite TV shows served off of my local ISPs content server and we're getting somewhere.
I'm with you on the MCSE thing. It's gotten so bad I never even use it as criteria when I'm interviewing someone.
Adaptive Security Algorithm is on the PIX Firewall
on
Cisco Patents NAT RFC?
·
· Score: 3
Adaptive Security Algorithm or (ASA) is the marketing name for the stateful packet filtering that the Cisco PIX Firewall does. Nothing more, nothing less. Info at Cisco on ASA can be found here.
I agree on the CSU stuff. Biggest target would probably be the 2 ethernet boxes like the 2514. Attacking from the inside is another option. I agree it will take a while to write the drivers but the Cisco source code has been floating in the cracker community for a while now. Can't be too hard to port the drivers. And heck, we just saw IP over DNS. There will always be people with too much free time. Oh, and I prefer Guiness...
Didn't see anything about this in the comments. Imagine a cracker takes over a Cisco router, downloads Linux onto it and starts running more advanced attack tools that Cisco can't natively do. Since the cracker is potentially operating from a position of trust (depending on where the router is). You could do some interesting things. Not the lest of which would be a custom sniffer to grab passwords.
Will I be able to add the following to the cube in the future: Larger hard drive (internal as a replacement), Better video card (as a replacement), or a Faster prcessor? The Cube sounds really neat. I'm getting to old to keep monkeying with my PC. I just want something that works....
The PIX, like any firewall, is only as good as it's configuration. Things you allow through, will go through. And the PIX, like any firewall on the premesis of a network, can do almost nothing to stop DDoS attacks. The problems is DDoS attacks are aimed at network bandwidth not a particular protected host. If you have a DS3 to the 'Net, and I fill that DS3 with spurious data, the legit stuff doesn't get through. It's as simple as that. To stop DDoS attacks, other technologies are needed (ISP filtering, RFC 2267 / 1918 filtering, IDS to detect the attacks, etc.) Network security is a system, not a firewall. If you deploy the right tools for the right jobs you'll have much better luck.
I have some third party knowledge from a DoD official regarding the new regs. The information was current as of Comdex last week. Take this with several grains of salt as it is most definitely hearsay. I'm only offering it up because the included article seemed to raise more questions than it posed answers to.
According to this individual, they are completely relaxing any bit-length restrictions on encryption technology. When sold through "retail", it is completely free of restriction. However, when sold to government at least, or perhaps major corporations, encryption vendors are required to track the end user. It wasn't specified whether or not this information needed to be expressly given to the government at point-of-purchase or only after a subpoena. If its the latter, I'll sleep better. If its the former, I think we just traded relaxation of one regulation for a tightening of another. Btw, countries like Iran, Iraq, Lybia, etc. are still on the black list. But we can't even sell them a stick of gum, let alone an encryption device.
I'm sure I'm painting a target on myself for saying this, but should free software really spawn billion dollar IPOs?
I just returned from Comdex, where I was suprised to agree with something Scott McNealy said. To paraphrase, he said Solaris is open source as long as you don't plan on making any money with it yourself, if you want to make money, then Sun wants a little piece. That seems reasonable, and I agree granting shares to open-source developers is better than giving the shares to the sharks on wall street, but I think we can do better.
Linus Torvalds was ecstatic at Comdex at how much money Red Hat is worth. I can't help but think this will only splinter the Linux distributions. Now the almighty buck will be in the back of many developers minds when they "contribute" to the Linux community.
I can see the Linux developer cliques starting now...
"Traditional PKI" is like saying Retro Quantum Computing. The problem (and I'm agreeing with you) is who do you trust? Since the Internet is global, you can't put things in the hands of any one government, nor is anyone likely to trust a private enterprise i.e. Verisign. I also doubt that any educational institute would be that trustworthy.
So what's the solution? I'm not sure, perhaps some kind of a G8 type group commissions a non-profit organization to sign and distribute keys. It could be audited quarterly by several other private (non-profit) companies and perhaps the member governments themselves. This could, in effect, create a de facto standard for key distribution and trust relationships. Then you open up the can of worms that is private key storage. That's beyond the scope of this thread!
The current PKI model is for each organization to have their own PKI and to establish trust relationships with other organizations. I doubt that has the staying power when you introduce the consumer into the mix. The problem is implicit trust doesn't work. i.e. If I trust Alice, and Alice trusts Bob, doesn't mean I should trust Bob.
Why can't we use implicit trust? The same reason we don't allow other countries to do our diplomacy for us. We may now be establishing good trade relationships with China, and Taiwan may trade with us, but China and Taiwan (if you acknowledge Taiwan's sovereignty) aren't likely to trust each other. If you require explicit trust relationships the required peering would be ridiculous. You'd wind up with the "n-squared" problem from hell. I agree though, there has to be something better than PGP but for now, baby steps may be the best approach.
This should be a wake up call to all the e-tailers out there that to protect your customers you should offer some kind of privacy enhanced e-mail / PKI solution. PGP seems the logical choice. Amazon could have a place to paste in your public key on your user profile so any correspondence could be encrypted if desired. Sure most people wouldn't use it, but at least it would be due diligence on the part of Amazon.
Slashdot Mirror
Peer to Peer filesharing is new??? Lantastic, anyone? To most who've been in the industry a while, peer to peer is yet another move in the slow cycling of technology... "Our servers are so fast, we'll have one big one and people will just need thin clients." "Oh no! Our servers are too slow, lets get a lot of them and spread them around." Rinse and repeat (every 5 years or so). The real innnovation will occur if we can get the content pushed out to the Internet POPs from central locations. Put fiber in my house with a link to my favorite TV shows served off of my local ISPs content server and we're getting somewhere. I'm with you on the MCSE thing. It's gotten so bad I never even use it as criteria when I'm interviewing someone.
Adaptive Security Algorithm or (ASA) is the marketing name for the stateful packet filtering that the Cisco PIX Firewall does. Nothing more, nothing less. Info at Cisco on ASA can be found here.
I agree on the CSU stuff. Biggest target would probably be the 2 ethernet boxes like the 2514. Attacking from the inside is another option. I agree it will take a while to write the drivers but the Cisco source code has been floating in the cracker community for a while now. Can't be too hard to port the drivers. And heck, we just saw IP over DNS. There will always be people with too much free time. Oh, and I prefer Guiness...
Didn't see anything about this in the comments. Imagine a cracker takes over a Cisco router, downloads Linux onto it and starts running more advanced attack tools that Cisco can't natively do. Since the cracker is potentially operating from a position of trust (depending on where the router is). You could do some interesting things. Not the lest of which would be a custom sniffer to grab passwords.
Will I be able to add the following to the cube in the future: Larger hard drive (internal as a replacement), Better video card (as a replacement), or a Faster prcessor? The Cube sounds really neat. I'm getting to old to keep monkeying with my PC. I just want something that works....
The PIX, like any firewall, is only as good as it's configuration. Things you allow through, will go through. And the PIX, like any firewall on the premesis of a network, can do almost nothing to stop DDoS attacks. The problems is DDoS attacks are aimed at network bandwidth not a particular protected host. If you have a DS3 to the 'Net, and I fill that DS3 with spurious data, the legit stuff doesn't get through. It's as simple as that. To stop DDoS attacks, other technologies are needed (ISP filtering, RFC 2267 / 1918 filtering, IDS to detect the attacks, etc.) Network security is a system, not a firewall. If you deploy the right tools for the right jobs you'll have much better luck.
I have some third party knowledge from a DoD official regarding the new regs. The information was current as of Comdex last week. Take this with several grains of salt as it is most definitely hearsay. I'm only offering it up because the included article seemed to raise more questions than it posed answers to.
According to this individual, they are completely relaxing any bit-length restrictions on encryption technology. When sold through "retail", it is completely free of restriction. However, when sold to government at least, or perhaps major corporations, encryption vendors are required to track the end user. It wasn't specified whether or not this information needed to be expressly given to the government at point-of-purchase or only after a subpoena. If its the latter, I'll sleep better. If its the former, I think we just traded relaxation of one regulation for a tightening of another. Btw, countries like Iran, Iraq, Lybia, etc. are still on the black list. But we can't even sell them a stick of gum, let alone an encryption device.
-DS
I'm sure I'm painting a target on myself for saying this, but should free software really spawn billion dollar IPOs?
I just returned from Comdex, where I was suprised to agree with something Scott McNealy said. To paraphrase, he said Solaris is open source as long as you don't plan on making any money with it yourself, if you want to make money, then Sun wants a little piece. That seems reasonable, and I agree granting shares to open-source developers is better than giving the shares to the sharks on wall street, but I think we can do better.
Linus Torvalds was ecstatic at Comdex at how much money Red Hat is worth. I can't help but think this will only splinter the Linux distributions. Now the almighty buck will be in the back of many developers minds when they "contribute" to the Linux community.
I can see the Linux developer cliques starting now...
-DS
"Traditional PKI" is like saying Retro Quantum Computing. The problem (and I'm agreeing with you) is who do you trust? Since the Internet is global, you can't put things in the hands of any one government, nor is anyone likely to trust a private enterprise i.e. Verisign. I also doubt that any educational institute would be that trustworthy.
So what's the solution? I'm not sure, perhaps some kind of a G8 type group commissions a non-profit organization to sign and distribute keys. It could be audited quarterly by several other private (non-profit) companies and perhaps the member governments themselves. This could, in effect, create a de facto standard for key distribution and trust relationships. Then you open up the can of worms that is private key storage. That's beyond the scope of this thread!
The current PKI model is for each organization to have their own PKI and to establish trust relationships with other organizations. I doubt that has the staying power when you introduce the consumer into the mix. The problem is implicit trust doesn't work. i.e. If I trust Alice, and Alice trusts Bob, doesn't mean I should trust Bob.
Why can't we use implicit trust? The same reason we don't allow other countries to do our diplomacy for us. We may now be establishing good trade relationships with China, and Taiwan may trade with us, but China and Taiwan (if you acknowledge Taiwan's sovereignty) aren't likely to trust each other. If you require explicit trust relationships the required peering would be ridiculous. You'd wind up with the "n-squared" problem from hell. I agree though, there has to be something better than PGP but for now, baby steps may be the best approach.
-DS
This should be a wake up call to all the e-tailers out there that to protect your customers you should offer some kind of privacy enhanced e-mail / PKI solution. PGP seems the logical choice. Amazon could have a place to paste in your public key on your user profile so any correspondence could be encrypted if desired. Sure most people wouldn't use it, but at least it would be due diligence on the part of Amazon.
-DS