It would seem that the originally mentioned framechannel URL is not the only privacy issue. That particular RSS feed (with the MAC address in the URL) only pulls public information. "Wait" you say, "I put my naked butt in my private flickr collection, not the public one". The next privacy breach is the picture store of framechannel. Try
http://fs.framechannel.com
Then chose a random.jpg from the XML and add to the end of that URL. Like this:
Well, it DID happen... but it looks like the above method no longer works, so at least until someone takes the time to sniff the "new" rss url for the framechannel feed we're safe;).
It also states the vulnerability is not tied to IE, but IE provides a easy avenue of attack. Could firefox be tricked to exploiting the same OS vulnerability? yeah, with a little more work. Your argument is weak, even though I understand your frustration with the article.
Actually... no, the Java client has vulnerabilities that allow a server-side program (infected server) do more than they're supposed to with a client (such as infecting). The way to protect against malicious sites is not to fix the program (because the server is doing exactly what it's programmed to do), but to update the Java client. And yes C++ IS the most vulnerable language - thank goodness no browser I know of allows C++ code to run from the server.
I like that. Tackle the problem. Frankly... all the whiners who just went to college for the parties and barely passed can rot in their dept-hole as far as I care. If you're worth what your mouth claims it is, then you'll pay off any college debt in a few years and in 4-5 have made enough $$$ to come out ahead compared to working minimum wage.
So finding ways to make this PRIVILEGE affordable is really a better approach than whining. For those who like the government paying for everything remember that in 10-15 years you come out behind again because of higher tax rates... the more work the government does FOR its citizens the more is wasted on bureaucracy.
Other possibilities to reduce costs include treating all students equally - granting scholarships based on performance, not ethnicity, gender, income. For example, my wife got a sweet scholarship for being a woman in engineering. Good for the both of us, but sucks for everyone else who has to pay her bill. How about a friend of mine who got grants for low income - because he didn't WANT to work. Those who spend 20-40 hours a week at a job making money to pay the tuition themselves get docked for trying - that's backwards.
And just to let people know, there is a MUCH cheaper alternative out there now. Granted, it's not a well-known university and I personally feel it's too easy on it's students, but it IS fully accredited and VERY affordable:
Reply if you want to hear more about this university.
Star Wars and Star Trek warp drive does NOT pass through matter in my understanding. In Star Trek, space is streched and "actual" movement is minimal, so "ramming" an object with a warp drive would effectively be a "slow" ram. In SG, the ships actually do exit "normal" space-time and travel through objects (shields, planets, whatever). At least... this is MY understanding.
Hey, let's recycle you... seems you're running a little ineffecient right now anyway. I feel there's an ethical problem with "recycling" human bodies. If stranded in the arctic, I'm not sure I could eat the first person to croak even if it were the only way to stay alive myself.
How on earth is this funny? First off, AIDS is a serious disease. It is not my desire for anyone to have AIDS, but I do believe you've gotta be pretty dumb (see Western countries) or pretty desperate (see African countries) to contract this disease.
But to the point, schmiddy's comment is right on track. If you can't trust your spouse, then AIDS is not the biggest concern in your life. Try a marriage counselor. And not a freakin' shrink. I assume you got married in a church, see how they can help. For those who didn't, trusting your spouse is not actually recommended.
Interresting. I had never heard that. But after reading the wikipedia entry I think things are a bit more clear now. Using "Open" authentication, you are correct... the AP should acknowledge success or failure. However, in shared mode (more secure, obviously), an AP will never actually authenticate. It simply establishes a connection and assumes that the Wi-Fi device will encrypt it's packets using the same key. If the key is incorrect, then Windows/Mac/Linux cannot tell the difference between an incorrect WEP key or a missing DHCP server. In a sense, we're both right;).. depending on whether you use shared or open keys.
Oh, and not responding to authentication is one of the oldest tricks in the book to mitigate brute force attacks, although this method is not always employable. I totally agree that WEP keys are insecure however.
Whatever "difference" you see between mac and windows is because of a timeout... this means that macs give up sooner during the DHCP phase than windows. Again, I'd probably prefer the mac method here, but nevertheless, windows DOES have a valid reason for the way it functions. And if there is a disturbance in the connection, the windows method should theoretically fare better, but I don't know about that.
Anyway, the AP (if it's not crappy) will NEVER admit that your WEP key is wrong as that would increase the speed at which brute force attacks could happen, so there is really no way your OS can know if the WEP key is wrong. Now, it would definitely be nice if Windows' error message was more like "Couldn't get DHCP address, check WEP key or DHCP server" instead of the outdated "limited connectivity" message, but whatever.
Not sure what you mean by "attacks of opportunity". An access point (AP) should NOT give the attacker a negative response until the DHCP sequence failed and therefore it would take a tremendous amount of time (minutes) to test each password.
The double WEP Key entry field does not make the process any more or less secure, it simply saves time in case of a typo so you do not have to wait for the DCHP sequence to fail before trying again.
If you mis-type the password to a wireless network, the AP won't even tell you it's wrong. That is because the AP will hopefully act as if it was correct in order to significantly slow down brute force password attempts. Windows will try to get a DHCP address and eventually come up with "limited or no connectivity". Therefore, using a double-check might save a few minutes if you can correct your typo immediately. I'm not saying that I prefer this. I'd personally rather have just one box and type it carefully, but that is a valid and good reason for this behavior.
I prefer to think of law enforcement as a good thing. If we can cut the costs of law enforcement personell (which, by the way, can be more easiliy corruptable) and use more effecient methods to enforce the laws we have, then I think we should. If you believe you should not get a ticket for speeding, then you need to petition a law change... not expect law enforcement to turn a blind eye.
But more to the point, I don't think it's fair that Americans expect their government to do everything for them and blame the leadership when a terrorist attack is successful and then complain when the DOD actually tries to improve their surveillance, with VERY LITTLE infringement on your privacy at that.
One more comment: I am actually scared the way our country is going that it is starting to make personal convictions a criminal offense (go religious freedom), so perhaps what the DHS has done here is actually a good thing despite my general opinion of government surveillance.
Oh no, they redirected web users. My goodness, does this mean we'll see missles flying overhead soon? Seriously, every department in the world has trojans in some form "inside the network". But retrieving the secretaries mail and retrieving classified information are different things. Albeit, redirecting users IS a mediocre risk, but since when does/. care about mediocre over-hyped news?
I think you are right. Perhaps this is partly why I got bored half way through. But I will say this: 2k made the game PERFECT for sales:). People don't get into the game as much, but more people will play it/buy it, so that pretty much meets their goals.
You're a private site, welcoming users to view your ads so you can make a little money with the intellectual property of your work. Well of course you're not going to like the pirate party. Although they may actually draw in more visitors/hits/money if you did allow them to establish themselves, it's still your right to dislike a group of people whose goal is to destroy the system you rely on.
MS allowed you to "cheaply buy" a patch for a product that was legally out of support, which I don't see a problem with.
Or you could just download a script they provided free of charge as a good will measure and fix it yourself. The catch is that you need to know how to execute a VB script instead of just running an executable to implement it;-).
So yeah... points for the successful software giant who happens to provide a lot a jobs and one of the largest "exports" for the USA, which is why we love to hate them.
As of Windows2k the default authentication protocol is Kerberos, not NTLM and definitely not LM. Source: http://technet.microsoft.com/en-us/library/bb457114.aspx
I'll admit I did not peruse this article, just a quick skim, and therefore am not certain it applies to how the password is being stored.
Also, along with the private key (belonging to the UID/password), EFS also provides a "master" key (for the recovery agent) that NTbackup can utilize to recover EFS encrypted files should your password get reset by an admin. For home use, just be sure to backup your certificate in a secure.pfx file.
I would strongly suggest installing UltraVNC (http://www.uvnc.com/). My wife and I just recently built a computer for her grandfather (81 and just got his first PC), WITH WindowsXP, because others in his assisted living complex can help, as well as my wife's parents. I've got his router configured to let me connect via https. Naturally, I've created a very secure password. But now, if he has a problem or doesn't know where to click he can call anyone and we can easily connect to help him... and not only to "fix" the problem, but also to SHOW him what he needs to do, or show him HOW to do something. It's a BIG HELP. But be prepared to receive calls... they WILL come:-).
btw: Is it neccesary to drop in an ubuntu plug in EVERY windows topic? Perhaps it would simply be nice to use Windows because everyone else he/she knows would be able to help?
Immediately comes to mind the old western shooter OUTLAWS (even featured on/. once as one of the best, but least appreciated games of all time). LucasArts no doubt has some of the BEST soundtracks out there. Enjoy the Outlaws soundtrack at
http://gamemusichall.net/music/Outlaws/outlaws.php
Slashdot Mirror
It would seem that the originally mentioned framechannel URL is not the only privacy issue. That particular RSS feed (with the MAC address in the URL) only pulls public information. "Wait" you say, "I put my naked butt in my private flickr collection, not the public one". The next privacy breach is the picture store of framechannel. Try
.jpg from the XML and add to the end of that URL. Like this:
http://fs.framechannel.com
Then chose a random
http://fs.framechannel.com/47df05c1e351a795fe95a66feb09ad64.jpg
Well, it DID happen... but it looks like the above method no longer works, so at least until someone takes the time to sniff the "new" rss url for the framechannel feed we're safe ;).
It also states the vulnerability is not tied to IE, but IE provides a easy avenue of attack. Could firefox be tricked to exploiting the same OS vulnerability? yeah, with a little more work. Your argument is weak, even though I understand your frustration with the article.
Actually... no, the Java client has vulnerabilities that allow a server-side program (infected server) do more than they're supposed to with a client (such as infecting). The way to protect against malicious sites is not to fix the program (because the server is doing exactly what it's programmed to do), but to update the Java client. And yes C++ IS the most vulnerable language - thank goodness no browser I know of allows C++ code to run from the server.
I like that. Tackle the problem. Frankly... all the whiners who just went to college for the parties and barely passed can rot in their dept-hole as far as I care. If you're worth what your mouth claims it is, then you'll pay off any college debt in a few years and in 4-5 have made enough $$$ to come out ahead compared to working minimum wage.
So finding ways to make this PRIVILEGE affordable is really a better approach than whining. For those who like the government paying for everything remember that in 10-15 years you come out behind again because of higher tax rates... the more work the government does FOR its citizens the more is wasted on bureaucracy.
Other possibilities to reduce costs include treating all students equally - granting scholarships based on performance, not ethnicity, gender, income. For example, my wife got a sweet scholarship for being a woman in engineering. Good for the both of us, but sucks for everyone else who has to pay her bill. How about a friend of mine who got grants for low income - because he didn't WANT to work. Those who spend 20-40 hours a week at a job making money to pay the tuition themselves get docked for trying - that's backwards.
And just to let people know, there is a MUCH cheaper alternative out there now. Granted, it's not a well-known university and I personally feel it's too easy on it's students, but it IS fully accredited and VERY affordable:
Reply if you want to hear more about this university.
Star Wars and Star Trek warp drive does NOT pass through matter in my understanding. In Star Trek, space is streched and "actual" movement is minimal, so "ramming" an object with a warp drive would effectively be a "slow" ram. In SG, the ships actually do exit "normal" space-time and travel through objects (shields, planets, whatever). At least... this is MY understanding.
There is mention that Ancient shielding technology wraps around the hull, acting like armor skin, rather than a bubble around the vessel.
Dag nabbit, stop feeding the patent trolls! they'll just breed...
Hey, let's recycle you... seems you're running a little ineffecient right now anyway. I feel there's an ethical problem with "recycling" human bodies. If stranded in the arctic, I'm not sure I could eat the first person to croak even if it were the only way to stay alive myself.
How on earth is this funny? First off, AIDS is a serious disease. It is not my desire for anyone to have AIDS, but I do believe you've gotta be pretty dumb (see Western countries) or pretty desperate (see African countries) to contract this disease.
But to the point, schmiddy's comment is right on track. If you can't trust your spouse, then AIDS is not the biggest concern in your life. Try a marriage counselor. And not a freakin' shrink. I assume you got married in a church, see how they can help. For those who didn't, trusting your spouse is not actually recommended.
Interresting. I had never heard that. But after reading the wikipedia entry I think things are a bit more clear now. Using "Open" authentication, you are correct... the AP should acknowledge success or failure. However, in shared mode (more secure, obviously), an AP will never actually authenticate. It simply establishes a connection and assumes that the Wi-Fi device will encrypt it's packets using the same key. If the key is incorrect, then Windows/Mac/Linux cannot tell the difference between an incorrect WEP key or a missing DHCP server. In a sense, we're both right ;).. depending on whether you use shared or open keys.
Oh, and not responding to authentication is one of the oldest tricks in the book to mitigate brute force attacks, although this method is not always employable. I totally agree that WEP keys are insecure however.
Windows is NOT broken, in THIS case :).
Whatever "difference" you see between mac and windows is because of a timeout... this means that macs give up sooner during the DHCP phase than windows. Again, I'd probably prefer the mac method here, but nevertheless, windows DOES have a valid reason for the way it functions. And if there is a disturbance in the connection, the windows method should theoretically fare better, but I don't know about that.
Anyway, the AP (if it's not crappy) will NEVER admit that your WEP key is wrong as that would increase the speed at which brute force attacks could happen, so there is really no way your OS can know if the WEP key is wrong. Now, it would definitely be nice if Windows' error message was more like "Couldn't get DHCP address, check WEP key or DHCP server" instead of the outdated "limited connectivity" message, but whatever.
Not sure what you mean by "attacks of opportunity". An access point (AP) should NOT give the attacker a negative response until the DHCP sequence failed and therefore it would take a tremendous amount of time (minutes) to test each password.
The double WEP Key entry field does not make the process any more or less secure, it simply saves time in case of a typo so you do not have to wait for the DCHP sequence to fail before trying again.
If you mis-type the password to a wireless network, the AP won't even tell you it's wrong. That is because the AP will hopefully act as if it was correct in order to significantly slow down brute force password attempts. Windows will try to get a DHCP address and eventually come up with "limited or no connectivity". Therefore, using a double-check might save a few minutes if you can correct your typo immediately. I'm not saying that I prefer this. I'd personally rather have just one box and type it carefully, but that is a valid and good reason for this behavior.
I prefer to think of law enforcement as a good thing. If we can cut the costs of law enforcement personell (which, by the way, can be more easiliy corruptable) and use more effecient methods to enforce the laws we have, then I think we should. If you believe you should not get a ticket for speeding, then you need to petition a law change... not expect law enforcement to turn a blind eye.
But more to the point, I don't think it's fair that Americans expect their government to do everything for them and blame the leadership when a terrorist attack is successful and then complain when the DOD actually tries to improve their surveillance, with VERY LITTLE infringement on your privacy at that.
One more comment: I am actually scared the way our country is going that it is starting to make personal convictions a criminal offense (go religious freedom), so perhaps what the DHS has done here is actually a good thing despite my general opinion of government surveillance.
Insightful? I thought he was making fun of the article's seriousless when all SAP really supports is making money... like EVERY OTHER PUBLIC COMPANY.
Oh no, they redirected web users. My goodness, does this mean we'll see missles flying overhead soon? /. care about mediocre over-hyped news?
Seriously, every department in the world has trojans in some form "inside the network". But retrieving the secretaries mail and retrieving classified information are different things. Albeit, redirecting users IS a mediocre risk, but since when does
I think you are right. Perhaps this is partly why I got bored half way through. But I will say this: 2k made the game PERFECT for sales :). People don't get into the game as much, but more people will play it/buy it, so that pretty much meets their goals.
You're a private site, welcoming users to view your ads so you can make a little money with the intellectual property of your work.
Well of course you're not going to like the pirate party. Although they may actually draw in more visitors/hits/money if you did allow them to establish themselves, it's still your right to dislike a group of people whose goal is to destroy the system you rely on.
For all the OOTS fans, here's a strip in his honor: http://www.giantitp.com/comics/oots0644.html
Not quite.
;-).
MS allowed you to "cheaply buy" a patch for a product that was legally out of support, which I don't see a problem with.
Or you could just download a script they provided free of charge as a good will measure and fix it yourself. The catch is that you need to know how to execute a VB script instead of just running an executable to implement it
So yeah... points for the successful software giant who happens to provide a lot a jobs and one of the largest "exports" for the USA, which is why we love to hate them.
As of Windows2k the default authentication protocol is Kerberos, not NTLM and definitely not LM. Source: http://technet.microsoft.com/en-us/library/bb457114.aspx
.pfx file.
I'll admit I did not peruse this article, just a quick skim, and therefore am not certain it applies to how the password is being stored.
Also, along with the private key (belonging to the UID/password), EFS also provides a "master" key (for the recovery agent) that NTbackup can utilize to recover EFS encrypted files should your password get reset by an admin. For home use, just be sure to backup your certificate in a secure
I would strongly suggest installing UltraVNC (http://www.uvnc.com/). My wife and I just recently built a computer for her grandfather (81 and just got his first PC), WITH WindowsXP, because others in his assisted living complex can help, as well as my wife's parents. I've got his router configured to let me connect via https. Naturally, I've created a very secure password. But now, if he has a problem or doesn't know where to click he can call anyone and we can easily connect to help him... and not only to "fix" the problem, but also to SHOW him what he needs to do, or show him HOW to do something. It's a BIG HELP. But be prepared to receive calls... they WILL come :-).
btw: Is it neccesary to drop in an ubuntu plug in EVERY windows topic? Perhaps it would simply be nice to use Windows because everyone else he/she knows would be able to help?
Immediately comes to mind the old western shooter OUTLAWS (even featured on /. once as one of the best, but least appreciated games of all time). LucasArts no doubt has some of the BEST soundtracks out there. Enjoy the Outlaws soundtrack at
http://gamemusichall.net/music/Outlaws/outlaws.php
Seriously! /. needs to get back to it's Tech-roots and stop being so flippin liberal