The amount of worm traffic probing around the internet, and the continual new versions of botnets with worm capabilities seem to indicate that remote execution holes have not been abandoned as a propagation vector.
It's low cost and high payoff. A machine can scan 24/7/52. If your box is vulnerable, it WILL be found.
...botnet masters don't seem to much care about the nature of the systems they infect. They are clearly a mixture of home users, corporations, and government agencies.
That's because the attacks are automated. They aren't specifically including or excluding any addresses (email or IP).
Finally, it may be popular wisdom, but it really isn't clear at all that Windows market share causes botnet masters to ignore other platforms.
That's because the people spouting the "popular wisdom" do not understand security. Which is understandable because most people don't understand security.
Windows is exploited the most because Microsoft has, in the past, opted for a less secure security model so that Microsoft OS's and apps could be more "user friendly".
Everything was open, by default, on all systems.
Even today Microsoft is focusing on putting a firewall on the box instead of closing the ports.
Even if Ubuntu and Microsoft and Apple each had 1/3rd of the market, Microsoft would still be exploited more because of those decisions.
Just about everyone here knows how those pop-ups happen. You're either at the site or you've been infected by some crap (most likely from going to one of those sites).
And I started off MANY years ago with the Strategic Review.
Websites can vanish. But magazines give you the evolution of the concepts. There's also something about being able to hold the magazine that a monitor doesn't give you.
Online, criminal groups trade thousands of stolen credit card details (including number, expiry date, name, address, and even date of birth, email, password and mother's maiden name), priced by potential fraud value, ranging from $30 (£15) for an unexploited Visa Gold card to $2.50 each for a bumper file of 4,000 stolen American Express card and user details.
So the bad guys are swapping/selling LOTS of info.
Some British victims of card fraud who later suffered from police mistakes in Operation Ore believe their troubles began after they bought bicycle parts - or even a honeymoon hotel stay - over the internet or on the phone from the US.
So you never even had to use your card to buy porn.
Landslide's computers also contained 54,348 sets of stolen credit card information, including information on dozens of UK residents apparently stolen from a Florida-based luxury goods company; some were later used to pay for porn websites operated by Landslide.
That's the tie-in with all the other cracking cases reported here.
Now, all it would take is for the bad guys get a clue and start their own DATABASE of info from these various items.
They could quickly collect as much info about you as the credit companies have. And THAT means fraud / identity theft on a HUGE scale.
Stolen cards would be a minor problem at that point. They'd be applying for new cards, new loans, passports, drivers licenses, etc... as you. Your financial life would be ruined. With no way to recover. And this will happen to hundreds of thousands of people. Millions of people. And there won't be any way to stop it.
The reason that everyone jumps on this bandwagon is because it gets the votes.
Everyone hates it. Everyone wants the government to "do something about it". Everyone wants it done today.
So very little thought is put into these projects and the more people that can be swept up, the better. That way you're fairly sure, statistically, that you'll get one of the "bad guys".
But it seems more likely that you'll catch an innocent, high profile person who's appearance in your project will reveal how flawed that project is.
If the judge was doing the job s/he was being paid to do, then the judge would not have been "trapped".
What this minor experiment is showing is that we have judges who are abusing their position / authority and ruling from their own beliefs instead of from the Law.
And the mechanism for addressing that issue seems to be broken, also.
So the average person is just about meaningless is this matter.
Which is why I keep saying that every person should form a voting bloc with his/her friends. Your vote is worthless. Your bloc's vote is valuable. Very valuable.
The bigger the bloc, the more valuable the vote. Join a bloc today.
That's not the point, Kyte said. Deca is safe and shouldn't become the "poster child" for stricter regulations just because a chemical is detected in people or the environment.
Isn't that a HUGE issue? The chemical is CONCENTRATING itself in the food chain.
Either show that it decomposes into safe, naturally occurring chemicals or realize that it is time to look at banning it BEFORE it hits levels that are hazardous.
Programming is to computer science what engineering is to physics. Programming isn't science, it is an application of science. You wouldn't say that engineering is the most important aspect of physics, and you wouldn't say that de-emphasizing the engineering aspects of physics amounts to lowering the bar.
Actually, I would. There aren't that many theoretical physicist jobs (or theoretical physicists). Most people studying physics are studying it because it relates to their REAL interest (such as engineering).
Computer science is not about programming. It is about UNDERSTANDING programming. Programmers can take any number of 2 year degrees and be proficient enough in a language to get a job. They don't need to know how to write a compiler.
You can take CompSci out of programming and still have a decent BEGINNER programmer.
If you take the programming out of CompSci you have someone who knows the theories, but cannot do anything with that knowledge.
And there is widespread misunderstanding about jobs moving abroad, said Ed Lazowska, a computer scientist at the University of Washington. Companies may establish installations overseas to meet local licensing requirements or in hopes of influencing regulations, he said, "but the truth is when companies offshore they are more or less doing it for access to talent."
"Cheap labor is not high on the list," Dr. Lazowska said. "It is access to talent."
Bullshit.
If there was that big of a demand over here then more people would be getting into it to take advantage of the high salaries.
There's demand, but there's also a limit to how much will be paid. So it is all about the "cheap labor".
If you want to test the domain, then LEASE the domain name. None of this automated click-count crap for free while other people who would USE the domain name wait to see if it will ever be available.
First off, I'm posting this from Ubuntu (Feisty Fawn).
But it's not ready for primetime just because of the average user.
Okay, what is it about the "average user" that makes Linux not ready for prime time?
Windows has a tough enough time with security because of the user (let's face it, 90% of problems are the user's fault).
Okay, now you're talking about Windows. And I'll disagree about 90% of Microsoft's security problems being the fault of the users. The default install of a system should be secure enough WITHOUT requiring the users to know how to secure it.
Sure, exploits exist, but you have to DO something.
And by "something" you mean "plug it into the Internet as it was advertised".
Meanwhile, Ubuntu ships with NO open ports by DEFAULT. So I can plug it straight into the Internet in it's default configuration.
Users don't download patches. Users click on anything with an OK box. Same applies here.
And with Ubuntu's default installation, that is not a problem.
But it is a problem with Windows.
But you say that that means that Linux is not ready for prime time.
Users will always install vulnerable apps. You cannot compare two systems based upon what the admins of those systems can or cannot do with them. Instead, compare the default installations and how their security models are implemented.
To mean it means that the manager is RESPONSIBLE for getting the time, materials, funding, resources, etc to his/her people so that they can finish the job/project/etc in the time required.
If you (the worker) are dealing with political bullshit, your manager is not doing a good enough job. The same with putting in overtime or having to scrounge for resources or doing a half-assed job just so you can meet the deadline.
Heros I can take working for me. They tend to work very hard, are people pleasers and can often be trusted (they make good classified materials risks).
Those aren't the heros I was referring to. I'm talking about the ones who skip steps that they know aren't needed... and then show everyone how great they are when they fix the problems. Even though those problems would have been caught earlier or prevented if all the steps had been followed. On the other hand, heros make good firefighters (real ones, who put out real fires).
These people I *don't* want to work with. They are always sabotaging productivity in the name of something happening where they are at the center of attention.
Drama r0xx0r in advertising and entertainment and fashion and so forth. If you're doing tech, drama SUCKS!
Fine, but allow them the opportunity to see failure as a learning experience.
:D Not when you're managing a nuclear plant. (Which is also a bad match for the heros and drama queens.)
What personality types you want on your team (if you even want a team) depends more on what the job is. If you get the right mix at the right job, you won't even need a boss. But that's extremely rare.
But I think the biggest problem with that article is that it mentions some of the different types... but then doesn't try to look at the "jerk's" relationship with those other types. What happens when you have two narcissistics on a team? They can't BOTH be the boss. What if you have two assholes? Two jerks? THREE?
And they only really covered one type: the narcissistic who won't even stick around but hops to a new job as soon as one is available.
Now imagine working for a perfectionist jerk (do it over and get it right this time). Or a drama queen jerk (watch "The Devil Wears Prada"). Or a hero jerk (nothing leaves his desk until it's a crisis).
It's not just your workers, it's what the workers want out of the job. Do they want to be seen as the heros? Do they want the drama? Do they want to it to be done exactly right? Do they want to tell other people to do the work?
There are a number of books focused on that. The Enneagram covers 9 different styles.
Take that and apply the Peter Principle and you have a good understanding of why bosses are such jerks. 8 out of 9 times, they won't have the same goals that you have (and the other time they'll be in active competition with you) and they're not skilled enough to handle the situation.
I grab an mp3 from person A. I then clean up the tag and rename it to suit me.
You want to download that same song with a different name and different tag.
You connect to person B sharing it. If you're using BitTorrent, you can also connect to any of 99 other people trying to download it from person B.
Using the new model, you could also connect to person A and myself and download the blocks that are the same.
So instead of only... 99 people in the swarm and 1 seeder you'd have 99 people in the swarm, 1 seeder, person A and myself.
But in order to FIND person A and myself, you'd have to go through A MILLION OTHER PEOPLE to find if they have any blocks that you are looking for.
The CRITICAL PART THAT THEY LEFT OUT is the amount of bandwidth you'd be using to search A MILLION unrelated systems with unrelated files looking for those blocks.
This works in their lab because they have very few machines with very few files and they've already pre-loaded those machines with the files they want to be found.
It's low cost and high payoff. A machine can scan 24/7/52. If your box is vulnerable, it WILL be found.
That's because the attacks are automated. They aren't specifically including or excluding any addresses (email or IP).
That's because the people spouting the "popular wisdom" do not understand security. Which is understandable because most people don't understand security.
Windows is exploited the most because Microsoft has, in the past, opted for a less secure security model so that Microsoft OS's and apps could be more "user friendly".
Everything was open, by default, on all systems.
Even today Microsoft is focusing on putting a firewall on the box instead of closing the ports.
Even if Ubuntu and Microsoft and Apple each had 1/3rd of the market, Microsoft would still be exploited more because of those decisions.
I don't think so.
Just about everyone here knows how those pop-ups happen. You're either at the site or you've been infected by some crap (most likely from going to one of those sites).
The issue is that the machine doing the billing must NOT be connected to the Internet.
Yes, I know. Some of the notifications go out over email. So? Dump the necessary email info to a USB stick and WALK that over to a different computer.
And I started off MANY years ago with the Strategic Review.
Websites can vanish. But magazines give you the evolution of the concepts. There's also something about being able to hold the magazine that a monitor doesn't give you.
and you'll see the witch trials.
There's always SOME hysteria around that can be used to drive a personal agenda.
So the bad guys are swapping/selling LOTS of info.
So you never even had to use your card to buy porn.
That's the tie-in with all the other cracking cases reported here.
Now, all it would take is for the bad guys get a clue and start their own DATABASE of info from these various items.
They could quickly collect as much info about you as the credit companies have. And THAT means fraud / identity theft on a HUGE scale.
Stolen cards would be a minor problem at that point. They'd be applying for new cards, new loans, passports, drivers licenses, etc
The reason that everyone jumps on this bandwagon is because it gets the votes.
Everyone hates it. Everyone wants the government to "do something about it". Everyone wants it done today.
So very little thought is put into these projects and the more people that can be swept up, the better. That way you're fairly sure, statistically, that you'll get one of the "bad guys".
But it seems more likely that you'll catch an innocent, high profile person who's appearance in your project will reveal how flawed that project is.
If the judge was doing the job s/he was being paid to do, then the judge would not have been "trapped".
What this minor experiment is showing is that we have judges who are abusing their position / authority and ruling from their own beliefs instead of from the Law.
And the mechanism for addressing that issue seems to be broken, also.
State-level "medical marijuana" laws have been invalidated because the Supreme Court said the Feds have the right to regulate inter-state commerce.
m arijuana/
Yeah, it makes no sense. But they ruled on it.
http://www.cnn.com/2005/LAW/06/06/scotus.medical.
Whether it occurs naturally or not is not the issue.
The issue is whether it is concentrating itself in the food chain (and humans).
Since it seems that it is, it should be limited until it can be determined whether there is any damage associated with it or not.
So the average person is just about meaningless is this matter.
Which is why I keep saying that every person should form a voting bloc with his/her friends. Your vote is worthless. Your bloc's vote is valuable. Very valuable.
The bigger the bloc, the more valuable the vote. Join a bloc today.
Isn't that a HUGE issue? The chemical is CONCENTRATING itself in the food chain.
Either show that it decomposes into safe, naturally occurring chemicals or realize that it is time to look at banning it BEFORE it hits levels that are hazardous.
The organizations with the money want the political influence.
The people with the political influence want the money.
Neither of those groups include the average person.
Actually, I would. There aren't that many theoretical physicist jobs (or theoretical physicists). Most people studying physics are studying it because it relates to their REAL interest (such as engineering).
Computer science is not about programming. It is about UNDERSTANDING programming. Programmers can take any number of 2 year degrees and be proficient enough in a language to get a job. They don't need to know how to write a compiler.
You can take CompSci out of programming and still have a decent BEGINNER programmer.
If you take the programming out of CompSci you have someone who knows the theories, but cannot do anything with that knowledge.
They claim that it is NOT dumbing it down.
But I cannot find a comparison between their graduates and the graduates of any other school.
Who really cares how many X you graduate if they're the lowest scoring graduates in the industry?
Now, if they can increase enrollment (and graduation) while maintaining scores that are at least average for all the other schools, that's good.
I don't see how focusing on getting more X into the field would result in that, though.
Bullshit.
If there was that big of a demand over here then more people would be getting into it to take advantage of the high salaries.
There's demand, but there's also a limit to how much will be paid. So it is all about the "cheap labor".
And I completely disagree with it.
If you want to test the domain, then LEASE the domain name. None of this automated click-count crap for free while other people who would USE the domain name wait to see if it will ever be available.
Okay, what is it about the "average user" that makes Linux not ready for prime time?
Okay, now you're talking about Windows. And I'll disagree about 90% of Microsoft's security problems being the fault of the users. The default install of a system should be secure enough WITHOUT requiring the users to know how to secure it.
And by "something" you mean "plug it into the Internet as it was advertised".
Meanwhile, Ubuntu ships with NO open ports by DEFAULT. So I can plug it straight into the Internet in it's default configuration.
And with Ubuntu's default installation, that is not a problem.
But it is a problem with Windows.
But you say that that means that Linux is not ready for prime time.
Users will always install vulnerable apps. You cannot compare two systems based upon what the admins of those systems can or cannot do with them. Instead, compare the default installations and how their security models are implemented.
Yep, blocking it is stupid. But you should be reminding the kids that anyone can post anything on the Internet.
So just wrap a frame around the Wikipedia pages with the words "Any doofus can put anything up on the Internet. Don't be dumber than the doofus."
is to make them applicable to EVERYONE. The politicians who voted for them. The cops who run them. EVERYONE.
To mean it means that the manager is RESPONSIBLE for getting the time, materials, funding, resources, etc to his/her people so that they can finish the job/project/etc in the time required.
If you (the worker) are dealing with political bullshit, your manager is not doing a good enough job. The same with putting in overtime or having to scrounge for resources or doing a half-assed job just so you can meet the deadline.
Those aren't the heros I was referring to. I'm talking about the ones who skip steps that they know aren't needed
Drama r0xx0r in advertising and entertainment and fashion and so forth. If you're doing tech, drama SUCKS!
Not when you're managing a nuclear plant. (Which is also a bad match for the heros and drama queens.)
What personality types you want on your team (if you even want a team) depends more on what the job is. If you get the right mix at the right job, you won't even need a boss. But that's extremely rare.
But I think the biggest problem with that article is that it mentions some of the different types
And they only really covered one type: the narcissistic who won't even stick around but hops to a new job as soon as one is available.
Now imagine working for a perfectionist jerk (do it over and get it right this time).
Or a drama queen jerk (watch "The Devil Wears Prada").
Or a hero jerk (nothing leaves his desk until it's a crisis).
It's not just your workers, it's what the workers want out of the job. Do they want to be seen as the heros? Do they want the drama? Do they want to it to be done exactly right? Do they want to tell other people to do the work?
There are a number of books focused on that. The Enneagram covers 9 different styles.
Take that and apply the Peter Principle and you have a good understanding of why bosses are such jerks. 8 out of 9 times, they won't have the same goals that you have (and the other time they'll be in active competition with you) and they're not skilled enough to handle the situation.
...I must download more lesbian pr0n.
Get real. This is worthy of a patent? Just by the fact that you're reading this post you're most likely male, some college, etc.
Let's go with a fairly vanilla scenario:
I grab an mp3 from person A. I then clean up the tag and rename it to suit me.
You want to download that same song with a different name and different tag.
You connect to person B sharing it. If you're using BitTorrent, you can also connect to any of 99 other people trying to download it from person B.
Using the new model, you could also connect to person A and myself and download the blocks that are the same.
So instead of only...
99 people in the swarm and 1 seeder
you'd have 99 people in the swarm, 1 seeder, person A and myself.
But in order to FIND person A and myself, you'd have to go through A MILLION OTHER PEOPLE to find if they have any blocks that you are looking for.
The CRITICAL PART THAT THEY LEFT OUT is the amount of bandwidth you'd be using to search A MILLION unrelated systems with unrelated files looking for those blocks.
This works in their lab because they have very few machines with very few files and they've already pre-loaded those machines with the files they want to be found.