1. All compromises of a Linux shell servers ARE privilege elevation -- because every intruder starts from having a valid local an account on it.
Are you for real? A non-customer would not have a local account.
2. A privilege elevation on a Windows server would not even be an exploit because Windows server does not run untrusted content -- if you have an account on hosted Windows server that can install things, you are its administrator already, so there is nothing to exploit.
Why are you still arguing Linux vs. Windows? My post has never had anything specific to Windows vs. Linux and you'd know that if you bothered to read before responding.
3. Windows desktops suffer from privilege escalation exploits all the time. So would any system that would provide remotely accessible shell accounts on Windows server.
Sigh...
4. You are still pretending that anything you have observed has something to do with remote exploits, quality of maintenance, and other irrelevant and stupid statements that you made and I have ignored.
Again if you'd read my posts you'd know what my point is. I'll give you a hint, it has nothing to do with anything you wrote there.
I wonder why did you make such an omission. Perhaps to create an appearance of support for your completely invalid claims?
First I fail to see how my claim is invalid. It's popular belief that software X is more secure than software Y simply because it is less desirable for someone to attack.
So how do you compare exploits seen by a Linux shell provider with exploits you have seen being a Windows shell provider?
Ummm because my point was that machines with higher value (ie: ones customers use/have access to) are of more likely to be attacked...
And you conveniently did not mention that you counted exploits on a poorly run shell server vs. Windows "server" that never runs anything you didn't put on it (and they apparently still were copromised, just less often than your shell servers).
I mentioned my compromised MS-DOS machine more as a joke (I was probably 12, running a BBS gave the wrong person sysop...)
I think the Linux servers were maintained pretty well actually but what do I know? Oh and I clearly mentioned the difference between users having access to my Linux servers and not my Windows Servers.
If it's too hard for you guys to see my point because I mentioned Linux and Windows in the same post and got your panties in a bunch then think about this...
My console is connected to the internet. To an attacker it's a lower value target than say a PC on the same network that I do my online banking on. Just because my console is lower value to an attacker doesn't inherently doesn't make it any more or less secure than my PC.
Always Redhat... started with 6 (which was the 2.2 kernel...) and think we ended at 7.1.
In any case this small period of time was the only time I've had Linux servers publicly available on the internet and two of three machines were rooted due to a (2.4?) kernel flaw that made it trivial to escalate privileges if you had a shell (which being a shell provider...). Since then I've had several Windows servers publicly servicing the internet but the difference is that they are for my personal use and not high profile (in relation to my old Linux servers) targets.
My statement was not one about the inherent security of one OS over the other. There is more I could have done to prevent the root attacks on the Linux machines and I don't deny that. I'm repeating myself here but my point was:
In general it's not the OS keeping you secure it's how valuable of a target you are and how vigilant you are at security.
It's not a PDF flaw, it's a flaw in Linux kernel. The malicious PDF file was just an example for an attack vector. You know, the same way it works in Windows. No system is immune to these kind of attacks, the only reason Linux and Macs see them less is because most of the users are on Windows (especially the "stupid" or casual ones). Not even the walled gardens like iPhone, where PDF attack was used to root and jailbreak the system just recently.
You got it spot on. Although in my personal experience I've had more Linux servers compromised than Windows ones. Could be the fact that in general my Linux servers are exposing services to the internet where as my Windows servers are not. Or it could be the fact that at times questionable users (ie: customers) have had access to my Linux boxes. Oh and then there was one time my MS-DOS server was compromised (lol).
In general it's not the OS keeping you secure it's how valuable of a target you are and how vigilant you are at security.
I don't really understand this argument, I don't think I've ever had to say a personal password out loud to someone.
However, I can see you'd want to be careful at work having FUCK_OFF_YOU_CUNT as your password, just in case your boss ever rang up when you were sick or something needing access to a file.
It's not a good argument. You should never give your password out. There should be other ways to give your boss access to the file (ie: have IT modify permissions, VPN in and change permissions/password yourself, etc.).
Of course we could be talking about a non-ACL security solution but in general don't give people access to more than they need and never access to your account. As the theme of the comments have gone limiting exposure is always the best option. The password to a single excel spreadsheet is a lot less damaging than your domain password.
However we don't need to know any of that because it's clear that the application asks for permission to send SMS, the user accepts and then the app does exactly what it said it was going to do. This is no trojan this is a case of user's not wanting to be responsible for the security of their devices.
Also, it's dependant on whether one's host computer's USB ports can pump out sufficient juice. On every such computer I've tried, the charging cycle is incredibly slow when compared to using the phone's supplied AC-USB adapter.
If people were more willing to repair their devices, especially complex electronic devices (most of which fail because of simple and repairable problems, like a broken lead), we would be better off.
If lack of motivation were the only problem then that would be awesome. I have a 42" Polaroid TV spread out across my garage because the power supply died. The PCB is relatively simple (ie: large parts/traces so even a noob solderer like me wouldn't have much trouble replacing a part) and the failed part is obvious (an exploded STR-A6252W IC manufactured by Sankren (Allegro Microsystems)).
I can buy a, used, replacement power supply for ~1/5 the cost of a new TV but this isn't the first time I've seen this IC pop (from other forum posts) so who is to say a used one isn't also days away from failing (the TV was less than two years old when it failed)?
I can only find a single source for the IC itself and even then it's ~$30 with shipping and it's not even clear it's the correct IC.
Bottom line is that it doesn't seem cost effective for me to repair this TV given the options.
Not sure why my comment was modded as troll or flamebait.
Long story short parents tree fell on a friends car; homeowners insurance wouldn't cover an "act of God" and a judge didn't find my parents liable. They ended up settling partial out of good faith.
Yeah the restore option under the backup menu is the one I'm using. It formats the drive, reboots and begins to restore from my external hard drive which fails at ~20%. I just checked the target drive and the PS3 did remove all partitions when it formatted it so my only thought is that my larger drive probably has an issue (there is a reason it's no longer in the laptop it came from heh). I'm sure if I wasn't cheap and used a new drive it would work fine.
Err, the PS3 ships with one built into its system. You can, at any point, have it do a backup to a memory card (assuming you have a large enough one) or a USB-connected external hard drive.
Would mod you up if I could. It's true the PS3 has a backup/restore function build right into it. I've used this function to backup while trying to upgrade my hard drive. However I've never gotten the restore to work even though I've backed up to several external hard drives.
Thinking about it now the hard drive I'm upgrading to came from a laptop and has a 4GB "recovery" partition that I wasn't able to remove in Windows. I assumed the PS3 would remove this partition and create one for the entire drive when I formatted it but honestly never checked. I'll have to plug it in when I get home and see how many/what size partitions it has on it.
While the 'reply all' strategy is solid I don't agree with the suggested wording of the email. You start off chastising George for spamming when that is exactly what you are doing. If I received your email I'd believe you're a dishonest business person actively engaged in a lie. Which is made obvious by the fact that you received his email and were able to determine it was spammed to many people but somehow you're not bright enough to realize that the email you are sending is also going to the same list of people. To be dishonest and lie in a more convincing manner I think you need to avoid the mention of spam at all;-)
I'm sure it doesn't say anything about the capability/compatibility of your PPC chip. In reality it's a trivial task to modify code written for one architecture to another. The reason they don't do it is because they hate you and your PPC.
Even with voice chat you aren't going to produce a very social game (which is what MMOGs really are about) without a keyboard. A joystick and four buttons won't cut it...which is why I still consider a standard PC of any flavor to be far superior to any console they can come up with. I never understand this argument. I can plug a standard USB keyboard into my PS3 just fine. Heck there are even mini-bluetooth keyboards available.
If it's got Linux installed on it, you know that the hardware it's got is supported by Linux. Nothing worse than buying a new computer and finding out it's got some chipset or other that Linux doesn't work with yet. This is a good reason to purchase a computer that has the option of having Linux pre-installed but not a good reason to choose that option which was the original question: "Why Buy a PC Preloaded With Linux?".
Wouldn't it be better if they documented those hidden APIs instead so you'd have access to those nifty features too?
So XP SP3 and Vista SP1 are confirmed to cause a problem with 1 Microsoft product out of a total of ___ (- insert number much larger than 1 here) products and that speaks volumes to you?
But if you RTFA you'll see that they did not patch the installer. They "patched" Windows Update to not provide you with the installer for XP SP3 if it detects MS DRMS. There have been no changes that prevent a MS DRMS user from downloading the SP3 installer exe and running it.
"To help protect our customers, we plan to put filtering in place shortly to prevent Windows Update from offering both service packs to systems running Microsoft Dynamics RMS. Once filtering is in place, we expect to release Windows XP SP3 to Windows Update and Download Center"
That's what I gathered from the article. The only thing being changed is whether or not XP SP3 or Vista SP1 automatically installs or downloads via automatic updates on machines running Microsoft Dynamics Retail Management System. My assumption is that you'd be fine installing this now as long as you are not running Microsoft Dynamics Retail Management System but then again it is a new service pack for a Microsoft product so assuming this will be the only problem is silly:-)
They didn't really patch anything. As anyone running Microsoft Dynamics Retail Management System can still break things by installing XP SP3. As far as I can tell they are not changing the actual SP3 installer so that it will not install on a machine running Microsoft Dynamics Retail Management System. Doesn't even sound like it will warn.
Slashdot Mirror
1. All compromises of a Linux shell servers ARE privilege elevation -- because every intruder starts from having a valid local an account on it.
Are you for real? A non-customer would not have a local account.
2. A privilege elevation on a Windows server would not even be an exploit because Windows server does not run untrusted content -- if you have an account on hosted Windows server that can install things, you are its administrator already, so there is nothing to exploit.
Why are you still arguing Linux vs. Windows? My post has never had anything specific to Windows vs. Linux and you'd know that if you bothered to read before responding.
3. Windows desktops suffer from privilege escalation exploits all the time. So would any system that would provide remotely accessible shell accounts on Windows server.
Sigh...
4. You are still pretending that anything you have observed has something to do with remote exploits, quality of maintenance, and other irrelevant and stupid statements that you made and I have ignored.
Again if you'd read my posts you'd know what my point is. I'll give you a hint, it has nothing to do with anything you wrote there.
I wonder why did you make such an omission. Perhaps to create an appearance of support for your completely invalid claims?
First I fail to see how my claim is invalid. It's popular belief that software X is more secure than software Y simply because it is less desirable for someone to attack.
So how do you compare exploits seen by a Linux shell provider with exploits you have seen being a Windows shell provider?
Ummm because my point was that machines with higher value (ie: ones customers use/have access to) are of more likely to be attacked...
And you conveniently did not mention that you counted exploits on a poorly run shell server vs. Windows "server" that never runs anything you didn't put on it (and they apparently still were copromised, just less often than your shell servers).
I mentioned my compromised MS-DOS machine more as a joke (I was probably 12, running a BBS gave the wrong person sysop...)
I think the Linux servers were maintained pretty well actually but what do I know? Oh and I clearly mentioned the difference between users having access to my Linux servers and not my Windows Servers.
If it's too hard for you guys to see my point because I mentioned Linux and Windows in the same post and got your panties in a bunch then think about this...
My console is connected to the internet. To an attacker it's a lower value target than say a PC on the same network that I do my online banking on. Just because my console is lower value to an attacker doesn't inherently doesn't make it any more or less secure than my PC.
Reference please? Which Linux servers? Red-hat? Debian? SELinux enabled?
Sounds like you know a lot about the subject..
This was between 1999 and 2003 when a partner and myself were running a small web hosting/shell company Mach Nine Internet Services, http://www.mach-nine.com/ (under construction now?), http://www.lomag.net/information/news.php
Always Redhat... started with 6 (which was the 2.2 kernel...) and think we ended at 7.1.
In any case this small period of time was the only time I've had Linux servers publicly available on the internet and two of three machines were rooted due to a (2.4?) kernel flaw that made it trivial to escalate privileges if you had a shell (which being a shell provider...). Since then I've had several Windows servers publicly servicing the internet but the difference is that they are for my personal use and not high profile (in relation to my old Linux servers) targets.
My statement was not one about the inherent security of one OS over the other. There is more I could have done to prevent the root attacks on the Linux machines and I don't deny that. I'm repeating myself here but my point was:
In general it's not the OS keeping you secure it's how valuable of a target you are and how vigilant you are at security.
It's not a PDF flaw, it's a flaw in Linux kernel. The malicious PDF file was just an example for an attack vector. You know, the same way it works in Windows. No system is immune to these kind of attacks, the only reason Linux and Macs see them less is because most of the users are on Windows (especially the "stupid" or casual ones). Not even the walled gardens like iPhone, where PDF attack was used to root and jailbreak the system just recently.
You got it spot on. Although in my personal experience I've had more Linux servers compromised than Windows ones. Could be the fact that in general my Linux servers are exposing services to the internet where as my Windows servers are not. Or it could be the fact that at times questionable users (ie: customers) have had access to my Linux boxes. Oh and then there was one time my MS-DOS server was compromised (lol).
In general it's not the OS keeping you secure it's how valuable of a target you are and how vigilant you are at security.
I don't really understand this argument, I don't think I've ever had to say a personal password out loud to someone. However, I can see you'd want to be careful at work having FUCK_OFF_YOU_CUNT as your password, just in case your boss ever rang up when you were sick or something needing access to a file.
It's not a good argument. You should never give your password out. There should be other ways to give your boss access to the file (ie: have IT modify permissions, VPN in and change permissions/password yourself, etc.).
Of course we could be talking about a non-ACL security solution but in general don't give people access to more than they need and never access to your account. As the theme of the comments have gone limiting exposure is always the best option. The password to a single excel spreadsheet is a lot less damaging than your domain password.
However we don't need to know any of that because it's clear that the application asks for permission to send SMS, the user accepts and then the app does exactly what it said it was going to do. This is no trojan this is a case of user's not wanting to be responsible for the security of their devices.
You should also look at the VW Golf TDI. Similar (diesel) MPG, more power, more cargo space and seating for five (ok, four "real" people but still).
Look at you, pouring your rage at strangers, just like Jesus does in the stories.
Not sure what book you are reading but it certainly isn't the same one as me.
And you don't understand sarcasm... Or maybe I fail at it... Either way, cheers :-)
Why not. You run Firefox right? If yes then you have no worries because it's not full of hole like IE is...
It's fairly trivial to use AutoIt to position the mouse and is scriptable.
Also, it's dependant on whether one's host computer's USB ports can pump out sufficient juice. On every such computer I've tried, the charging cycle is incredibly slow when compared to using the phone's supplied AC-USB adapter.
Actually the spec is very clear on how much power the USB port should pump out: http://en.wikipedia.org/wiki/USB#Power
With that said chances are that your AC-USB adapter is putting out about 1.5A or so which is more than using a Y-USB cable could provide.
If people were more willing to repair their devices, especially complex electronic devices (most of which fail because of simple and repairable problems, like a broken lead), we would be better off.
If lack of motivation were the only problem then that would be awesome. I have a 42" Polaroid TV spread out across my garage because the power supply died. The PCB is relatively simple (ie: large parts/traces so even a noob solderer like me wouldn't have much trouble replacing a part) and the failed part is obvious (an exploded STR-A6252W IC manufactured by Sankren (Allegro Microsystems)). I can buy a, used, replacement power supply for ~1/5 the cost of a new TV but this isn't the first time I've seen this IC pop (from other forum posts) so who is to say a used one isn't also days away from failing (the TV was less than two years old when it failed)? I can only find a single source for the IC itself and even then it's ~$30 with shipping and it's not even clear it's the correct IC. Bottom line is that it doesn't seem cost effective for me to repair this TV given the options.
Not sure why my comment was modded as troll or flamebait. Long story short parents tree fell on a friends car; homeowners insurance wouldn't cover an "act of God" and a judge didn't find my parents liable. They ended up settling partial out of good faith.
If one of the trees in my yard falls over in a storm and crushes my neighbors car, I am liable for paying for it.
Speaking from experience, chances are very high that you would not be liable for an act of God.
Yeah the restore option under the backup menu is the one I'm using. It formats the drive, reboots and begins to restore from my external hard drive which fails at ~20%. I just checked the target drive and the PS3 did remove all partitions when it formatted it so my only thought is that my larger drive probably has an issue (there is a reason it's no longer in the laptop it came from heh). I'm sure if I wasn't cheap and used a new drive it would work fine.
Err, the PS3 ships with one built into its system. You can, at any point, have it do a backup to a memory card (assuming you have a large enough one) or a USB-connected external hard drive.
Would mod you up if I could. It's true the PS3 has a backup/restore function build right into it. I've used this function to backup while trying to upgrade my hard drive. However I've never gotten the restore to work even though I've backed up to several external hard drives. Thinking about it now the hard drive I'm upgrading to came from a laptop and has a 4GB "recovery" partition that I wasn't able to remove in Windows. I assumed the PS3 would remove this partition and create one for the entire drive when I formatted it but honestly never checked. I'll have to plug it in when I get home and see how many/what size partitions it has on it.
While the 'reply all' strategy is solid I don't agree with the suggested wording of the email. You start off chastising George for spamming when that is exactly what you are doing. If I received your email I'd believe you're a dishonest business person actively engaged in a lie. Which is made obvious by the fact that you received his email and were able to determine it was spammed to many people but somehow you're not bright enough to realize that the email you are sending is also going to the same list of people. To be dishonest and lie in a more convincing manner I think you need to avoid the mention of spam at all ;-)
I'm sure it doesn't say anything about the capability/compatibility of your PPC chip. In reality it's a trivial task to modify code written for one architecture to another. The reason they don't do it is because they hate you and your PPC.
Wouldn't it be better if they documented those hidden APIs instead so you'd have access to those nifty features too? So XP SP3 and Vista SP1 are confirmed to cause a problem with 1 Microsoft product out of a total of ___ (- insert number much larger than 1 here) products and that speaks volumes to you?
But if you RTFA you'll see that they did not patch the installer. They "patched" Windows Update to not provide you with the installer for XP SP3 if it detects MS DRMS. There have been no changes that prevent a MS DRMS user from downloading the SP3 installer exe and running it. "To help protect our customers, we plan to put filtering in place shortly to prevent Windows Update from offering both service packs to systems running Microsoft Dynamics RMS. Once filtering is in place, we expect to release Windows XP SP3 to Windows Update and Download Center"
That's what I gathered from the article. The only thing being changed is whether or not XP SP3 or Vista SP1 automatically installs or downloads via automatic updates on machines running Microsoft Dynamics Retail Management System. My assumption is that you'd be fine installing this now as long as you are not running Microsoft Dynamics Retail Management System but then again it is a new service pack for a Microsoft product so assuming this will be the only problem is silly :-)
They didn't really patch anything. As anyone running Microsoft Dynamics Retail Management System can still break things by installing XP SP3. As far as I can tell they are not changing the actual SP3 installer so that it will not install on a machine running Microsoft Dynamics Retail Management System. Doesn't even sound like it will warn.