To: BugTraq
Subject: Infection Notification
Date: Sun Aug 05 2001 10:50:22
Author:
Message-ID:
If you'd like to help us notify users they are infected please send
offending IP data to aris-report@securityfocus.com. Please use the
following format:
IP ADDRESS DATE/TIME WITH TIMEZONE
Or something similar to this. Please ensure the information is
constrained to IP address and date per line as we do our notification
automatically and our systems need to be able to understand the
data you send us.
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
And this book about flying frogs describes the phenomena as well.
When i first read that book i was thoroughly Freaked Out. It's one thing for frogs to fly thanks to magnetic levitation, quite another when they start riding lilypads into your house. I've since trained my cat to attack flying frogs.
These would be very polymorphic, and there would probably not be as much of a distinct signature to identify them by, slipping right by virus scanners.
Good ol' evolution. Once such Virii become frequent, the anti-virii people will need to code intelligent agents that can recognize a virus based upon its components. Instead of exact signatures we need intelligent pattern matching. For these kinds of virii, a signature might be
if it has 6 or more of the following components, then it might be a virus.
Also, frequency counts (and the like) on structures in the code might come in handy. Has anyone ever done freq counts on code structures and come up with general templates for network apps vs word processors, spreadsheets vs video games, virii vs non-virii ? I think i know what i'm going to do for the rest of the day instead of working...
The infection attempts of the worm was much more random after July 18th. You're right that it was not supposed to spread any more after the 19th - but it was supposed to attack the whitehouse for a few days and then lay dormant.
The hit you saw on the 20th might also be from someone in a different time zone - you're in EDT? Was the hit before 6am on the 20th? I got one hit on the 20th but it was before 6am so i figured it was someone in different timezone.
As far as the amount of hits that you're getting now, it is most likely due to the time the worm has to be in infect mode coupled with any random deviation (since the spread is random you might see 10 hits one day, 50 the next - i don't know the statistical term for this).
My logs thus far show about an average of 21 hits per day this time around versus 24 hits on the 19th, so i don't see that much change.
oh yeah, here you go: grep default.ida?NNNNN access_log | cut -f2 -d[ | cut -f1 -d/ | sort | uniq -c
for default apache logs:-)
Code Red first started wreaking havoc a couple days after the bugtraq post about the telnetd vulnerability - about July 19th, after the mutation which allowed it to truly randomly spread.
There were no more posts about the telnetd vulnerability for a few days as the bugtraq list was saturated with Code Red information. I'm paranoid as fuck and assumed that Code Red was a cover up for the telnetd exploit which we'd later find out affected every single version of telnetd out there (including on routers and the like).
But it didn't happen that way.
It is a lesson in distraction, though: when a true hacker wants to really take over the net, a Sircam virus or Code Red worm will make a great cover for the true exploit. I'm sure Sun Tzu wrote something witty about this, as it is the same technique used by countless military tacticians (at least the ones who "won") - c.f. the amphibious build-up prior to the land invasion during the Gulf War, or Patton's fake army prior to Normandy Invasion during WWII.
It seems to me that this is a potentially larger problem with most distros of Linux.
Linux distros ship with a lot of other services active which are often vulnerable to remote root exploits - lpd, wuftp, samba - but the apache vulerabilities are few and far between, and generally only allow something silly like a directory listing. Products using Apache such as the notorious Matt's Scripts are more likely to be vulnerable and might be widely distributed enough to be a problem.
But if you're talking solely about linux boxen being problematic, they already are with those non-apache vulnerabilities, and every time someone at my work brings up a redhat box, within 24 hours it's been hacked and 24 hours later we're getting email from people complaining about port scans from that box.
The best solution is to disable servers and include firewalling by default. I was delightfully surprised that RedHat 7.1 asks to set up firewalling during the install. Finally!
However, a number the represented how closely related an incoming email and a known spam message would be a useful metric.Then you could have fuzzy filters
i tried that, had very good success. read more about it at:
i collected a sample of 30-plus spam messages as well as 30-plus not spam messages and ran some word and phrase frequency counts on each group, then threw that data into a couple mysql tables. Next i match the phrase and word frequency counts to new mail that arrives, and depending on how closely the new mail matches the known groups, i can tell whether or not the mail is spam.
by tweaking the exact amount needed to be determined as spam or not-spam, i had very, very good success rate - out of 32 messages checked using this method, all were appropriately identified as either spam or not-spam.
I've been meaning to continue with this line of spam detection, increasing the size of the db and testing it on a larger sample of mail (read: all my mail) and then seeing if the results were still as good, but...
there was a lot of discussion about how the Code Red worm should be a wake up call. A couple excerpts from the CAIDA analysis:
The Code-Red worm is a wake-up call. This exploit demonstrates clearly the need to keep machines up-to-date with security developments
We should assess our response to the attack -- How quickly and reliably can we disseminate
news about the threat? How quickly can infected hosts be located, isolated, and repaired? In the case of the Code-Red worm, even
windowsupdate.microsoft.com was infected, and many hosts were re-infected during attempts to patch them.
(the last line included in regards to a separate post in this thread).
and now back to mp3s -
talking about Code Red in the file sharing column made me think that it would be interesting to distribute files via http requests in a fashion similar to Code Red's exploit attempts via GET requests.
This hides sharing a file in some other protocol, steganographically transferring a file.
I couldn't find anything out there like that, so i did some quick coding and came up with: stegweb, a method to use HTTP GET requests and your web logs to distribute files.
the code is sloppy, the idea is impractical, but oh well it was fun to code.
how did the Code-Red worm end up on a few hundred thousand machines, if
the ISPs are monitoring traffic?
There is a difference between monitoring traffic and doing something about what you monitor: i see drug dealers on the streets every day on my bike ride to work, but i don't do a damn thing about it. I saw some Code Red attempts on my boxes at work, and i called the WinNT guys to make sure they were doing something.
What would you have had the ISP's do to stop code red? prevent specific types of data from passing over a known port to the end user's machine? Isn't that what we want them NOT to do?
but with DHCP those are pretty useless.
It also raises the familiar point
of placing IP addresses to real names (1 is easy, but imagine 100,000).
Useless? If you have the Service Providers on your side...
Those of us using phone modems: the ISP knows what number you're dialing in at, what username you're logining in with (for the initial modem connection). This info is kept in a db of some sort (flat file or actual db) or at least should be if the ISP wants to be able to troubleshoot any problems.
Those of us using cable modems(at least Comcast, my provider): the ISP knows what MAC address you're using and has a db with that MAC address and your name in it.
Those of us using the school's connection: Is it in your dorm? They know what port jack you're plugged in to so that DHCP IP can line up nicely to 1-4 people, depeding on how many share the room.
Are you using the computers in a computer lab? chances are you had to log in to the computer at some point. that will be kept somewhere: Fri Jul 27 08:59:39 EDT 2001 frisco logged in from 192.168.0.1 or so.
Are you using computers in an open lab? Where i work, we can match up a couple db's to tell you what DHCP address lines up with what Mac address, then what computer that NIC card is in, then what room that computer is in. but the best: some of those labs have cameras in them, Security keeps tapes of what goes on. give us a time and a DHCP IP address, we can get you a print out what the person using the comptuer looks like. Not that that's ever happened, and every time something close to that happens (police wanting email, etc) i raise a big stink about it and always always make sure the college lawyer has gone over the paperwork for it a few times, and i'd do the same if it was just to stop someone trading mp3's - i didnt get that 160gig raid for nothing!
Sure, you need to select data from a variety of different db's in order to track down the exact user, but that's really just a matter of a few case's, select's, and join's. It may take 1 second to track down 1 user, so 100,000 will be 100,000 seconds, or almost 28 hours. I don't think the big players will mind waiting a day and a half.
There are some sources for internet access that will be more difficult to track, like that access in the library, or at a webcafe. but even a lot of those places have cameras set up. The best is taking your computer somewhere with a large network, like a university or a corporation, and either finding a live drop or a live wireless network - then it will be more difficult to track you. Don't forget to change your MAC address while you're doing it and have some TIGHT firewall rules to make it harder fro Them. But how many people are willing to go through the effort just to trade mp3's and avi's?
But that only goes for tracking someone you know is trading stuff. first you have to find out they are trading, and that's where some good steganographic and cryptographic techniques will come in handy for the actual transmission of files. Distributing lists of who has what is another matter - how to separate who we want to be able to see that we are trading illegal stuff from the feds?
the partnership of they
and Amazon is going to be a pivotal one, complimenting each other very well.
Bezos: Why, thank you, AOL. Case: Oh, thank you, Amazon. Bezos: No, no, thank you, AOL. Case: Oh I insist, thank you, Amazon. Bezos: Please please, thank you AOL. Case: Look, we gave you the money, so we get to give the thanks. thank you, Amazon.
Background:
Jeff Bezos, Amazon CEO.
Steve Case, AOL CEO.
Compliment: An expression of praise, admiration, or congratulation.
Complement: Something that completes, makes up a whole, or brings to perfection.
it attacks 198.137.240.92 not www.whitehouse.gov
that is, it doesn't need to reference the dns server (i was hoping to just add an entry for whitehouse.gov to our dns server since i dont have access to the router side of things)
The story was so-so. Mad general with loyal following who wants nothing more than to blow stuff up out of revenge, scientests who just know
that blowing stuff up will destroy the world.
While the plot is quite generic, the way it successfully references so many other movies amazed me. Hints of BladeRunner, a dash of Dune, and a helping of Aliens and Akira.
If you're going just for the CG then enjoy the artistry (not reality, artistry - when you go to see an anime flick, are you expecting reality? no - you're wanting artistry. expect the same here). But go for the homage to the Past a well. This screenwriter and Director spent his time noting scenes/character types that worked in other movies and blended them quite well into FF.
and keep in mind the genre of the movie you're watching. It's like with Crouching Tiger - the plot is predictable, the lines are melodramatic, but for the genre, CTHD works perfectly. FF is a Sci-Fi/Anime and it fits that genre perfectly - from the fasst paced, at times confusing action, to the pointless and countless little noises whats-her-name makes, down to the cheesy song at the end.
-f
Re:Lets ask Google what it thinks.
on
USENIX Reports
·
· Score: 2
From their page: This operating system quality and approval metric is based on a periodic AltaVista search for each of several operating systems, directly followed by "sucks", "rules", or "rocks".
there's also one for programming languages and some other things - check out the bottom of the first page.
when the obscure server in the 3rd computer room (the one 2 buildings away) needs to be rebooted after a good year of uptime, all those messages are real nice like.
i deal with a slew of different machines for my job and even my home network is composed of a wide variety of hardware on various machines. all those ugly messages really help remind me of what i'm dealing with whenever i reboot a machine.
Having no boot messages should be an option in lilo. Plenty of messages should be the default.
let's implement md5sum's of webpages that appear at the bottom of the page, have some jscript that checks that md5sum against the actual md5sum of the page and prints out "this page has been modified" if that's the case.
i'm guessing the md5sum would have to be public-key signed so MS couldn't just change that sum at the bottom of the page.
and if they set the browser to run jscript before they insert their links then it'd be futile.
unless you implemented it with frames, and a second, hidden frame held the md5sum for the first page and waited until a few seconds after the first page's onload() so that MS postprocessing would be finished, and then md5sum'd the resulting frame and compare ti to the good md5sum.
that shirt rocks! i wear mine all the time (bought a second b/c i fear the first getting lost/torn/stained) and get plenty of "oh how cute" comments, but every now and then someone looks at it with a little quizzical smile and then i get to explain...
i wonder what the openipf shirts will look like... "so long, and thanks for all the restrictive licenses"?
I hope they keep it as simple as the blowfish shirt; i don't like my shirts to be too loud/obnoxious.
That's the beauty of make -n install which will just print the commands that make install will be running.
Of course that won't work for install scripts that don't do make install's
and for the original post...
If you're *really* unsure about what the install scripts that the closed source programs you're installing will fuck up, then why are you trusting their actual app to run correctly?
2 things-
1- make sure you have good tech support from the company.
2- install on a test server first, then on your production machine.
man chroot
try chrooting to a safe location first and see what it does. That will help verify that the script won't modify/have access to any files you don't want it to have access to.
of course there's a good chance the script won't work either.
A good firewall can monitor what network connections it starts up.
if you have to ask why, or you have to point out the cost/efficiency for such a project, you're missing the point.
your first statement is dead-on:
Overclocking is an end in itself.
it's climbing Mount Everest, it's reaching the South Pole, it's stepping on the moon.
All MAC adresses were originally designed to be unique.
Originally, perhaps. But it doesn't work that way in practice, and it is possible to change your MAC address. A search for "change MAC address" reveals, among other things, source code for changing MAC addresses and instructions for some cards under windows.
People are just going to cheat online:
drivers don't have all that much to do with it. And if they can't cheat, they'll
DoS attack. Maybe I'm just disillusioned, but I have more fun playing with
people I know and trust then strangers. Strangers cheat.
so what you need is: [ a method ] to sort the gems and the crap from the steady stream of [ gamers ] that flows through the pipe. And wherever possible, [ try ] to make the [ gamers ] of the site take on the responsibility.
- paraphrasing of/. Moderation FAQ
Moderation, meta-moderation, and karma for gaming communities?
I don't game too much online; what methods similar to/.'s moderation have been tested?
-f
War in the Third Wave.
on
The DNA Bomb
·
· Score: 3
Check out War and Anti-War, written by the Tofflers in 1993. It's all about war in the Information Age and how much of a difference targetted, smart weapons make from industrial-era mass destruction weapons.
A little premature reading about this today
That is ridiculous. It is essential to think of tomorrow's problems today.
"The release of atom power has changed everything except our way of thinking... The solution to this problem lies in the heart of mankind. If only I had known, I should have become a watchmaker."
- Albert Einstein.
stenography is writing in shorthand. steganography is hiding information in such a way that people cannot tell you are hiding a message.
outguess hides data in image (pnm and jpg) files in such a way that you cannot tell the image is also storing data. There is also StegFS, the steganographic file system, in which other people cannot discern information about the file system, like how much space is being used, how many files there are, filenames, etc.
The whole point is that if no one even knows you are hiding something, then they won't know to look. With information which is just encrypted, then people can see that there is something for them to attempt to decipher. But this means that steganography is security through obscurity, so you'd want to couple it with some strong encryption too.
Slashdot Mirror
from the bugtraq post:
To: BugTraq
Subject: Infection Notification
Date: Sun Aug 05 2001 10:50:22
Author:
Message-ID:
If you'd like to help us notify users they are infected please send offending IP data to aris-report@securityfocus.com. Please use the following format:
IP ADDRESS DATE/TIME WITH TIMEZONE
Or something similar to this. Please ensure the information is constrained to IP address and date per line as we do our notification automatically and our systems need to be able to understand the data you send us.
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
---end bugtraq post---
And this book about flying frogs describes the phenomena as well.
When i first read that book i was thoroughly Freaked Out. It's one thing for frogs to fly thanks to magnetic levitation, quite another when they start riding lilypads into your house. I've since trained my cat to attack flying frogs.
Good ol' evolution. Once such Virii become frequent, the anti-virii people will need to code intelligent agents that can recognize a virus based upon its components. Instead of exact signatures we need intelligent pattern matching. For these kinds of virii, a signature might be
if it has 6 or more of the following components, then it might be a virus.
Also, frequency counts (and the like) on structures in the code might come in handy. Has anyone ever done freq counts on code structures and come up with general templates for network apps vs word processors, spreadsheets vs video games, virii vs non-virii ? I think i know what i'm going to do for the rest of the day instead of working...
The hit you saw on the 20th might also be from someone in a different time zone - you're in EDT? Was the hit before 6am on the 20th? I got one hit on the 20th but it was before 6am so i figured it was someone in different timezone.
As far as the amount of hits that you're getting now, it is most likely due to the time the worm has to be in infect mode coupled with any random deviation (since the spread is random you might see 10 hits one day, 50 the next - i don't know the statistical term for this).
My logs thus far show about an average of 21 hits per day this time around versus 24 hits on the 19th, so i don't see that much change.
oh yeah, here you go: :-)
grep default.ida?NNNNN access_log | cut -f2 -d[ | cut -f1 -d/ | sort | uniq -c
for default apache logs
There were no more posts about the telnetd vulnerability for a few days as the bugtraq list was saturated with Code Red information. I'm paranoid as fuck and assumed that Code Red was a cover up for the telnetd exploit which we'd later find out affected every single version of telnetd out there (including on routers and the like).
But it didn't happen that way.
It is a lesson in distraction, though: when a true hacker wants to really take over the net, a Sircam virus or Code Red worm will make a great cover for the true exploit. I'm sure Sun Tzu wrote something witty about this, as it is the same technique used by countless military tacticians (at least the ones who "won") - c.f. the amphibious build-up prior to the land invasion during the Gulf War, or Patton's fake army prior to Normandy Invasion during WWII.
Linux distros ship with a lot of other services active which are often vulnerable to remote root exploits - lpd, wuftp, samba - but the apache vulerabilities are few and far between, and generally only allow something silly like a directory listing. Products using Apache such as the notorious Matt's Scripts are more likely to be vulnerable and might be widely distributed enough to be a problem.
But if you're talking solely about linux boxen being problematic, they already are with those non-apache vulnerabilities, and every time someone at my work brings up a redhat box, within 24 hours it's been hacked and 24 hours later we're getting email from people complaining about port scans from that box.
The best solution is to disable servers and include firewalling by default. I was delightfully surprised that RedHat 7.1 asks to set up firewalling during the install. Finally!
-f
c.f. Simpson's episode 4F12
-f
i tried that, had very good success. read more about it at:
http://www.blackant.net/code/oth/random/nlp-spamfi lter.php
i collected a sample of 30-plus spam messages as well as 30-plus not spam messages and ran some word and phrase frequency counts on each group, then threw that data into a couple mysql tables. Next i match the phrase and word frequency counts to new mail that arrives, and depending on how closely the new mail matches the known groups, i can tell whether or not the mail is spam.
by tweaking the exact amount needed to be determined as spam or not-spam, i had very, very good success rate - out of 32 messages checked using this method, all were appropriately identified as either spam or not-spam.
I've been meaning to continue with this line of spam detection, increasing the size of the db and testing it on a larger sample of mail (read: all my mail) and then seeing if the results were still as good, but...
-f
The Code-Red worm is a wake-up call. This exploit demonstrates clearly the need to keep machines up-to-date with security developments
We should assess our response to the attack -- How quickly and reliably can we disseminate news about the threat? How quickly can infected hosts be located, isolated, and repaired? In the case of the Code-Red worm, even windowsupdate.microsoft.com was infected, and many hosts were re-infected during attempts to patch them.
(the last line included in regards to a separate post in this thread).
and now back to mp3s -
talking about Code Red in the file sharing column made me think that it would be interesting to distribute files via http requests in a fashion similar to Code Red's exploit attempts via GET requests.
This hides sharing a file in some other protocol, steganographically transferring a file.
I couldn't find anything out there like that, so i did some quick coding and came up with:
stegweb, a method to use HTTP GET requests and your web logs to distribute files.
the code is sloppy, the idea is impractical, but oh well it was fun to code.
-f
There is a difference between monitoring traffic and doing something about what you monitor: i see drug dealers on the streets every day on my bike ride to work, but i don't do a damn thing about it. I saw some Code Red attempts on my boxes at work, and i called the WinNT guys to make sure they were doing something.
What would you have had the ISP's do to stop code red? prevent specific types of data from passing over a known port to the end user's machine? Isn't that what we want them NOT to do?
-f
Useless? If you have the Service Providers on your side...
Those of us using phone modems: the ISP knows what number you're dialing in at, what username you're logining in with (for the initial modem connection). This info is kept in a db of some sort (flat file or actual db) or at least should be if the ISP wants to be able to troubleshoot any problems.
Those of us using cable modems(at least Comcast, my provider): the ISP knows what MAC address you're using and has a db with that MAC address and your name in it.
Those of us using the school's connection:
Is it in your dorm? They know what port jack you're plugged in to so that DHCP IP can line up nicely to 1-4 people, depeding on how many share the room.
Are you using the computers in a computer lab? chances are you had to log in to the computer at some point. that will be kept somewhere: Fri Jul 27 08:59:39 EDT 2001 frisco logged in from 192.168.0.1 or so.
Are you using computers in an open lab? Where i work, we can match up a couple db's to tell you what DHCP address lines up with what Mac address, then what computer that NIC card is in, then what room that computer is in. but the best: some of those labs have cameras in them, Security keeps tapes of what goes on. give us a time and a DHCP IP address, we can get you a print out what the person using the comptuer looks like. Not that that's ever happened, and every time something close to that happens (police wanting email, etc) i raise a big stink about it and always always make sure the college lawyer has gone over the paperwork for it a few times, and i'd do the same if it was just to stop someone trading mp3's - i didnt get that 160gig raid for nothing!
Sure, you need to select data from a variety of different db's in order to track down the exact user, but that's really just a matter of a few case's, select's, and join's. It may take 1 second to track down 1 user, so 100,000 will be 100,000 seconds, or almost 28 hours. I don't think the big players will mind waiting a day and a half.
There are some sources for internet access that will be more difficult to track, like that access in the library, or at a webcafe. but even a lot of those places have cameras set up. The best is taking your computer somewhere with a large network, like a university or a corporation, and either finding a live drop or a live wireless network - then it will be more difficult to track you. Don't forget to change your MAC address while you're doing it and have some TIGHT firewall rules to make it harder fro Them. But how many people are willing to go through the effort just to trade mp3's and avi's?
But that only goes for tracking someone you know is trading stuff. first you have to find out they are trading, and that's where some good steganographic and cryptographic techniques will come in handy for the actual transmission of files. Distributing lists of who has what is another matter - how to separate who we want to be able to see that we are trading illegal stuff from the feds?
-f
Bezos: Why, thank you, AOL.
Case: Oh, thank you, Amazon.
Bezos: No, no, thank you, AOL.
Case: Oh I insist, thank you, Amazon.
Bezos: Please please, thank you AOL.
Case: Look, we gave you the money, so we get to give the thanks. thank you, Amazon.
Background:
Jeff Bezos, Amazon CEO.
Steve Case, AOL CEO.
Compliment: An expression of praise, admiration, or congratulation.
Complement: Something that completes, makes up a whole, or brings to perfection.
-f
it attacks 198.137.240.92 not www.whitehouse.gov
that is, it doesn't need to reference the dns server (i was hoping to just add an entry for whitehouse.gov to our dns server since i dont have access to the router side of things)
-f
While the plot is quite generic, the way it successfully references so many other movies amazed me. Hints of BladeRunner, a dash of Dune, and a helping of Aliens and Akira.
If you're going just for the CG then enjoy the artistry (not reality, artistry - when you go to see an anime flick, are you expecting reality? no - you're wanting artistry. expect the same here). But go for the homage to the Past a well. This screenwriter and Director spent his time noting scenes/character types that worked in other movies and blended them quite well into FF.
and keep in mind the genre of the movie you're watching. It's like with Crouching Tiger - the plot is predictable, the lines are melodramatic, but for the genre, CTHD works perfectly. FF is a Sci-Fi/Anime and it fits that genre perfectly - from the fasst paced, at times confusing action, to the pointless and countless little noises whats-her-name makes, down to the cheesy song at the end.
-f
Operating System Sucks-Rules-O-Meter
From their page:
This operating system quality and approval metric is based on a periodic AltaVista search for each of several operating systems, directly followed by "sucks", "rules", or "rocks".
there's also one for programming languages and some other things - check out the bottom of the first page.
-f
i deal with a slew of different machines for my job and even my home network is composed of a wide variety of hardware on various machines. all those ugly messages really help remind me of what i'm dealing with whenever i reboot a machine.
Having no boot messages should be an option in lilo. Plenty of messages should be the default.
-f
i'm guessing the md5sum would have to be public-key signed so MS couldn't just change that sum at the bottom of the page.
and if they set the browser to run jscript before they insert their links then it'd be futile.
unless you implemented it with frames, and a second, hidden frame held the md5sum for the first page and waited until a few seconds after the first page's onload() so that MS postprocessing would be finished, and then md5sum'd the resulting frame and compare ti to the good md5sum.
feels like another evolutionary game.
-f
i wonder what the openipf shirts will look like... "so long, and thanks for all the restrictive licenses"?
I hope they keep it as simple as the blowfish shirt; i don't like my shirts to be too loud/obnoxious.
-f
Of course that won't work for install scripts that don't do make install's
and for the original post...
If you're *really* unsure about what the install scripts that the closed source programs you're installing will fuck up, then why are you trusting their actual app to run correctly?
2 things-
1- make sure you have good tech support from the company.
2- install on a test server first, then on your production machine.
-f
try chrooting to a safe location first and see what it does. That will help verify that the script won't modify/have access to any files you don't want it to have access to.
of course there's a good chance the script won't work either.
A good firewall can monitor what network connections it starts up.
-f
your first statement is dead-on: Overclocking is an end in itself.
it's climbing Mount Everest, it's reaching the South Pole, it's stepping on the moon.
It is Hacking at its finest.
-f
Originally, perhaps. But it doesn't work that way in practice, and it is possible to change your MAC address. A search for "change MAC address" reveals, among other things, source code for changing MAC addresses and instructions for some cards under windows.
-f
so what you need is: /. Moderation FAQ
[ a method ] to sort the gems and the crap from the steady stream of [ gamers ] that flows through the pipe. And wherever possible, [ try ] to make the [ gamers ] of the site take on the responsibility.
- paraphrasing of
Moderation, meta-moderation, and karma for gaming communities?
I don't game too much online; what methods similar to /.'s moderation have been tested?
-f
A little premature reading about this today
That is ridiculous. It is essential to think of tomorrow's problems today.
"The release of atom power has changed everything except our way of thinking... The solution to this problem lies in the heart of mankind. If only I had known, I should have become a watchmaker."
- Albert Einstein.
-f
no. i mean steganographic.
stenography is writing in shorthand.
steganography is hiding information in such a way that people cannot tell you are hiding a message.
outguess hides data in image (pnm and jpg) files in such a way that you cannot tell the image is also storing data. There is also StegFS, the steganographic file system, in which other people cannot discern information about the file system, like how much space is being used, how many files there are, filenames, etc.
The whole point is that if no one even knows you are hiding something, then they won't know to look. With information which is just encrypted, then people can see that there is something for them to attempt to decipher. But this means that steganography is security through obscurity, so you'd want to couple it with some strong encryption too.
-f