You want to depend on somehow magically detecting admin operations?
Are you saying that my Fedora box doesn't prompt me for the root password when I try to start up the logical volume manager as a non-root user? Or the Mac doesn't prompt me for an admin username/password when I try to update the OS or write to a directory I don't have permissions for (even if I'm running as an admin user)?
(Well, I'd sure like the Fedora box to prompt me for an admin password instead of root. Maybe in FC 9.)
I assume you've read about the helper app at this point?
Walled gardens, indeed. Like I said yesterday, they are a "good" place for date rape, if you are into that kind of thing. And for being spied on by your date's little brother or the butler or random passersby.
(No, Linux is only a little more effective in the present iteration, not significantly.)
I have to say, though, I'm wondering if it was the helper app, because that ought to have been considered a known vulnerability.
Isn't imbedding the fuel in carbon one of the things already done?
What I'm wondering about is where the slowed-down alpha particles go. Do they re-capture the slowed-down beta particles (the ones that aren't anti-particles) and float up into the atmosphere?
But if the beta particles are being diverted into electrical circuits, are we going to have ESD problems?
Is having excess helium going to do funny things to the ozone layer?
Guess I should go off and look this up somewhere. Maybe the friendly article.
Thermo is not limited to thermal processes. (Yeah, that was something a high school teacher told me. Or maybe college freshman science, don't remember.)
No, I get what you mean. But, really, I'm not sure it isn't in our best interests that we have to deliberately break the iPhone's OS to install things that don't get a once-over from Apple.
The concern I would have is rather whether Apple is able to sufficiently review the 3rd party apps they put on ITunes, and whether they will resist the temptation to let adware be sold.
The bank's server has to have a certificate. So do the watchdog servers, which the browser knows how to contact.
And the dedicated browser comes with the bank's certificates pre-installed, and since it never sees any site but the bank's, it never has any phishing site's certs installed. (Unless the user allows his buddy to install that cool app, which we can build yet another roadbump against using the user separation idea, and so it goes. But I think it's a better set of methods than the walled garden approach.
Problems with distributing the dedicated browser -- you can't really do that over the web. Has to be on a CD you get at the bank, or something similar. And when you have to retire a certificate, things get a little tricky, but you can circumvent those problems, for instance, with redundancy in the watchdogs, one-time pads generated at the bank (which basically means that when you go get a CD, you have to wait while the account representative burns you a CD), that kind of thing.
Yeah, that part isn't solved by getting xauth to work.
But if I can get xauth and xdm to work with sudo, I may be able to figure out how to set up a restricted user for the banks and a separate one for surfing. That would be getting close.
Except the easy one works backwards. Nobody wants to ride a different car just to go the the bank.
Better analogy, but still not so great because of ATMs: Should your bank be housed in the same building as your hamburger joint?
A little more to the point: Do you want an ATM in the neighborhood pusher's hip pocket?
The car is the computer, not the browser. Just like you drive up to an ATM to do bank business, you should launch a restricted function browser to go to the bank. You don't give the gal at Wendy's or Walmart your paycheck and ask her to deposit it for you. Okay, Okay, some banks put branches in department stores. And you do give the clerk at the register your credit card, if you believe in plastic money. I even once cashed my paycheck from a part-time job at a discount shop. But you still don't give the clerk your paycheck and ask him or her to deposit it for you.
And the general purpose browser is more like the attendant at the information desk than like the clerk at the register, anyway.
and I think it's what Apple was suggesting -- Keeping your state in such a way that you can shut the app down completely and bring it back up without losing where you were when you shut it down.
(The XO basically does this in the standard Sugar UI.) I thought I wouldn't like it, but it seems to work okay, especially for children.)
Did they change the first page linked in tFriendlyA?
Miller, best known as one of the researchers who first hacked Apple's iPhone last year, didn't take much time. Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.
He was the first contestant to attempt an attack on any of the systems.
Yep. Still there. I suppose that could be interpreted in some other way, though.
Then why aren't you down there getting one for yourself?
SP1 hasn't been out for a year, by the way.
I'm nowhere near close enough to drop by, but if SP1 really is solid enough to stop me in one day, especially with the 3rd party apps alowed tomorrow, I'd be glad for the hope that my inbox would be seeing less spam next year.
Jobs and company needed a wake-up call. Have for about three years, so this is good. But the reason I have so much spam in my mailbox is the social engineering.
That, and the banks using the same browsers as the "hobby" sites, which is really just another piece of social engineering, which Gates applied to the suits.
No, I think it's more like saying walled gardens don't prevent date-rape.
You do understand that the butler, or your date's little brother, or some random passerby is going to be peeping through the hole in the wall?
Yeah, yeah, allegories. Here's another:
Saying purpose specific browsers would have prevented the web from taking off is kind of like saying that nobody used the web until Microsoft put MSW95 and IE 3 out. MSW95, complete with its default world read/write permissions.
We don't all have to have our hands in each others' pants to dance.
You take your machine off the internet. One less trojaned box isn't much, but every little bit helps.
Still prefer special purpose browsers, though. If we could get them, and some way to at least parameterize an instance so that it would skip the domain name servers and go direct to the bank and to the bank's watchdogs, and shut down if the bank or the watchdogs failed to provide the correct tokens.
On the other hand, if the banks get to the point where the insurance companies can't keep up with the phishing, maybe we can all agree that money shouldn't be that valuable anyway. (Yeah, I know that's a huge social re-engineering project I'm suggesting. Just daydreaming.)
Slashdot Mirror
What are you saying?
You want to depend on somehow magically detecting admin operations?
Are you saying that my Fedora box doesn't prompt me for the root password when I try to start up the logical volume manager as a non-root user? Or the Mac doesn't prompt me for an admin username/password when I try to update the OS or write to a directory I don't have permissions for (even if I'm running as an admin user)?
(Well, I'd sure like the Fedora box to prompt me for an admin password instead of root. Maybe in FC 9.)
Am I misunderstanding you?
har.
And you get mod points for this.
I assume you've read about the helper app at this point?
Walled gardens, indeed. Like I said yesterday, they are a "good" place for date rape, if you are into that kind of thing. And for being spied on by your date's little brother or the butler or random passersby.
(No, Linux is only a little more effective in the present iteration, not significantly.)
I have to say, though, I'm wondering if it was the helper app, because that ought to have been considered a known vulnerability.
heh.
:-/
--
they want me to say something
I think there was something in the rules about not using known exploits.
Which sort of bugs me, because it means they basically found the exploit some time ago and sat on it.
Also, I'd like to see the first day repeated with known exploits allowed.
Ouch. My head hurts.
But, possibly so, depending on what else runs as nobody on your system.
Vista and Windows (NT) <Vista have the same security model.
So that's why?
which runs at elevated levels or something.
...
macromedia (now adobe) not willing to play by the rules.
Whether the rules are appropriate or not is another discussion
Oh, wait, ...
Isn't imbedding the fuel in carbon one of the things already done?
What I'm wondering about is where the slowed-down alpha particles go. Do they re-capture the slowed-down beta particles (the ones that aren't anti-particles) and float up into the atmosphere?
But if the beta particles are being diverted into electrical circuits, are we going to have ESD problems?
Is having excess helium going to do funny things to the ozone layer?
Guess I should go off and look this up somewhere. Maybe the friendly article.
Thermo is not limited to thermal processes. (Yeah, that was something a high school teacher told me. Or maybe college freshman science, don't remember.)
Yeah, I know you meant traditional plants, I just couldn't resist.
You're going to sell ssh on iTunes? ;-/
No, I get what you mean. But, really, I'm not sure it isn't in our best interests that we have to deliberately break the iPhone's OS to install things that don't get a once-over from Apple.
The concern I would have is rather whether Apple is able to sufficiently review the 3rd party apps they put on ITunes, and whether they will resist the temptation to let adware be sold.
The bank's server has to have a certificate. So do the watchdog servers, which the browser knows how to contact.
And the dedicated browser comes with the bank's certificates pre-installed, and since it never sees any site but the bank's, it never has any phishing site's certs installed. (Unless the user allows his buddy to install that cool app, which we can build yet another roadbump against using the user separation idea, and so it goes. But I think it's a better set of methods than the walled garden approach.
Problems with distributing the dedicated browser -- you can't really do that over the web. Has to be on a CD you get at the bank, or something similar. And when you have to retire a certificate, things get a little tricky, but you can circumvent those problems, for instance, with redundancy in the watchdogs, one-time pads generated at the bank (which basically means that when you go get a CD, you have to wait while the account representative burns you a CD), that kind of thing.
I think someone elsewhere in this discussion has been saying that it isn't actually prevented, just discouraged.
I haven't forked out the JPY 80,000, not to mention the USD 99.00, so I couldn't say.
Yeah, that part isn't solved by getting xauth to work.
But if I can get xauth and xdm to work with sudo, I may be able to figure out how to set up a restricted user for the banks and a separate one for surfing. That would be getting close.
My sister can't.
And I couldn't get it to run very well the last time I tried it.
But since you suggest it, I'll try it again. Sometimes things work better when I've had a little time to digest the manpages.
Could be really cool.
Except the easy one works backwards. Nobody wants to ride a different car just to go the the bank.
Better analogy, but still not so great because of ATMs: Should your bank be housed in the same building as your hamburger joint?
A little more to the point: Do you want an ATM in the neighborhood pusher's hip pocket?
The car is the computer, not the browser. Just like you drive up to an ATM to do bank business, you should launch a restricted function browser to go to the bank. You don't give the gal at Wendy's or Walmart your paycheck and ask her to deposit it for you. Okay, Okay, some banks put branches in department stores. And you do give the clerk at the register your credit card, if you believe in plastic money. I even once cashed my paycheck from a part-time job at a discount shop. But you still don't give the clerk your paycheck and ask him or her to deposit it for you.
And the general purpose browser is more like the attendant at the information desk than like the clerk at the register, anyway.
and I think it's what Apple was suggesting -- Keeping your state in such a way that you can shut the app down completely and bring it back up without losing where you were when you shut it down.
(The XO basically does this in the standard Sugar UI.) I thought I wouldn't like it, but it seems to work okay, especially for children.)
See lowendmac and (for instance) wikipedia
Did they change the first page linked in tFriendlyA?
Yep. Still there. I suppose that could be interpreted in some other way, though.
Can tell I'm not that smart?
Then why aren't you down there getting one for yourself?
SP1 hasn't been out for a year, by the way.
I'm nowhere near close enough to drop by, but if SP1 really is solid enough to stop me in one day, especially with the 3rd party apps alowed tomorrow, I'd be glad for the hope that my inbox would be seeing less spam next year.
Jobs and company needed a wake-up call. Have for about three years, so this is good. But the reason I have so much spam in my mailbox is the social engineering.
That, and the banks using the same browsers as the "hobby" sites, which is really just another piece of social engineering, which Gates applied to the suits.
No, I think it's more like saying walled gardens don't prevent date-rape.
You do understand that the butler, or your date's little brother, or some random passerby is going to be peeping through the hole in the wall?
Yeah, yeah, allegories. Here's another:
Saying purpose specific browsers would have prevented the web from taking off is kind of like saying that nobody used the web until Microsoft put MSW95 and IE 3 out. MSW95, complete with its default world read/write permissions.
We don't all have to have our hands in each others' pants to dance.
You take your machine off the internet. One less trojaned box isn't much, but every little bit helps.
Nice.
That's going to be hard to manage, though.
Still prefer special purpose browsers, though. If we could get them, and some way to at least parameterize an instance so that it would skip the domain name servers and go direct to the bank and to the bank's watchdogs, and shut down if the bank or the watchdogs failed to provide the correct tokens.
On the other hand, if the banks get to the point where the insurance companies can't keep up with the phishing, maybe we can all agree that money shouldn't be that valuable anyway. (Yeah, I know that's a huge social re-engineering project I'm suggesting. Just daydreaming.)