...and the reason Linux users do not sweat them much is not because linux viruses do not exist; it is because system design makes their impact minimal.
Pretty much.
Remember, it isn't about whether a virus exists for a specific platform or not.
It's whether you'll be infected or not.
And that is based upon the infection rate vs the removal rate. A virus that cannot spread faster than it is being removed will die.
Microsoft made a number of bad decisions (security-wise) in pursuit of "user friendly" systems.
Essentially what I'm asking you is, "Would a Democratic president be doing anything differently?" That's hard to decide--both sides are all talk and no action on this subject.
Al Gore ran against Bush.
Would Gore take a different approach to the environment and scientific research than Bush does?
Yes. He would.
Don't compare the generic "a Democratic president" to the specific "President Bush".
Stars fuse H into He and so forth all the way up to lead (Pb). Lead is a problem because it inhibits further reactions. Any elements past lead come from when the star explodes.
Reference Solutions and Certified Solution Stacks: The program will give customers access to information about previously tested or deployed solutions based on Red Hat and Intel technology.
I absolutely HATE having a vendor say "sure it will work" or "sure it does that". And when you buy it, you get to pay for a support call so tech support can tell you "no way, it's never been able to do that". Which is why I now demand that I speak to their other clients who have actually implemented whatever I'm looking for.
I know that the company I work for is not unique.
I know that someone else had probably already done what I want to do in the way I want to do it.
So let me find out how they did it and I'll buy your product.
So you think being able to hold 20 meetings a day is an advantage? When do you actually work in your company?:-)
Hell NO!
The problem is that it has become too easy to track people and schedule them into meetings.
If the meeting isn't pretty important, it probably shouldn't be held.
Yep. And before email + calendaring/scheduling software, the difficulty in getting the people to the meeting meant that only very important people could call a meeting or the meeting was very important to everyone in attendance.
Now, all it takes is someone with a desire for a meeting who has an extra minute to automatically search everyone's calendar and, with no social interaction what-so-ever, lock them into a meeting.
And they also got up out of their cubicles and talked with other people.
Yes they did. If they wanted to keep it informal.
Email can be a waste of time too, spending lots of time crafting a perfect message when a quick phone call can accomplish the same thing.
But email builds its own paper trail.
Before email, if you wanted a paper trail you had to send out memos. And typing a decent memo took a lot more time/effort than hammering out another email.
Don't forget meetings. With calendaring/scheduling software, I can call 20 different meetings a day and automatically check to see that you aren't already scheduled for a meeting. Before, I'd have to send out at least one memo for a meeting and possibly several unless I went to each person and checked his/her availability. And if I'm going to that much effort, the meeting was usually pretty important.
global platform democratized decentralized commoditizing control structures power socialize engage interchange
The first thing you should learn is that when someone is using buzzwords, they're attempting to sell you on something, not inform you. Selling appeals to emotions.
Rule Zero: There is no security without physical security. The other team learned that.
The first rule of security is to restrict the avenues of attack. You weren't allowed to do that.
The second rule is to run only what you absolutely need. But without the install media, that's not very easy to do.
The third rule is... patching. Not easy with only one machine connected to the Internet. And not much use if your app had the same sql-injection vulnerability that the other team's did. Patching only works if there is a patch available.
If they had allowed you to follow basic security practices, you'd have had the time to dig into the systems and correctly configure them, change the default passwords, disable junk accounts, etc.
Also, it doesn't appear that they let you go outside your firewall/router to scan your network the way the Red Team did. Did they? If not, that's another stupid rule they had which is 100% the opposite of the Real World.
Congrats on the work, though. Even with the stupid rules and such, it looks like you gave an impressive showing.
We are all computer science majors. So, basically we learn to code.
I'm impressed that you lasted that long.
Seriously, aside from the physical entry (extremely uncommon in the Real World), a quick class on firewall/router configuration would have stopped the attackers.
I think you guys were setup to fail on this. You gave an impressive performance, but the skills needed weren't what you were going to school for and, in the Real World, you wouldn't be limited to those "rules".
Since you were in the contest, what was your background? Did you have any experience with that router and firewall? Any professional/vendor certifications or training?
Lotus Notes is an incredible platform. It does just about everything.
Unfortunately, most companies just want something that will handle the email and calendaring with Outlook.
Instead of putting $300 million into this stupid ad campaign, spend $250 million on a basic corporate email server that handles email and calendaring that works with Outlook (or clone the Outlook... look). Then spend $50 million on getting the word out.
Start small and build up. Lotus Notes is anything but small.
Unless those students were specifically chosen because they have CCNA's or better and MCSE's or better, etc. Why pick "students" for this "challenge"?
The student teams were a bit restricted, with regard to changing IP addresses and messing with the infrastructure.
The easiest way to defeat the attackers would be to lock them out at the firewall or router. Then all the sql-injection vulnerabilities wouldn't matter.
And when your database app has those vulnerabilities, there isn't much the average network admin can do.
So, 50% of the 9-19 year olds have seen online porn.
How many of those have also seen porn magazines?
How does that compare to previous years?
I had definately seen porn mags by the time I was 19. If the same percentage of the population have seen porn, does it matter if it's online or printed?
I don't know about you, but here's what I want: #1. No one sending me ads if I haven't, personally, given you my email address.
#2. When I opt out, you drop me from all further ads and "informational" mailings. You only send me my invoice and my shipping notification.
#3. You send me, once a month/quarter/year, a notification that I am on your list so that I may change my address or opt out at that point. This is very helpful if I am an email admin and I'm trying to be nice and opt-out people who are no longer at the company.
Now, what the advertisers want is: A. A list of people that they can send ads to, cheaper than snail mail.
B. See A.
So, looking at it in that fashion, you can see why there is a problem.
If the legitimate retailers would just start behaving like legitimate retailers, a big chunk of the spam problem would vanish. But they won't.
Now, 1,000 messages a day should far exceed the needs of 99% of the legitimate home users out there.
The problem with rate limits is that there are a few people who will have a legitimate need to send more than 1,000 messages a day, every day.
And the ISP costs go up once any of their tech support people have to answer a phone because your joke of the day list is being blocked after 1,000 sendings.
There's no easy way around this. Somewhere, someone is going to have to pay money to start solving this problem.
We have an old GroupWise 5.5ep system. But I have it sending through an app called Guinevere that runs SpamAssassin and the anti-virus apps. Guinevere hands off to Exim4 running on Debian.
Exim4 runs greylisting, checks open relay lists, etc. If everything passes there, it hands off to Guinevere which runs anti-virus then SpamAssassin (with Bayes) to flag anything suspicious.
Prior to that, 8 out of 10 messages would be spam. Now, less than 1 out of 10 messages is spam.
I prefer Exim4 because I can put my phone number right in the error message that our server kicks back. I only block during SMTP receipt. Everything that I accept, I deliver. I might deliver it with a SPAM tag, but it gets delivered.
I get about 1 call a week from someone who's blocked or has problems. Usually it's because their server is incorrectly configured or they're using their ISP's email server and their ISP is on multiple blacklists for spamming (BellSouth is a prime offender there).
In the past month, we've received 2,005 messages that were flagged as "spam". I'm sure that many of those were legit ads from reputable companies.
We've also sent out 14,960 messages. So our incoming spam is even a fraction of our outgoing email.
We've received 29,594 messages that same month.
I cannot recommend Exim4, greylisting and SpamAssassin highly enough.
Dealing with lusers who have been quarantined costs much more than the actual cost of the uplink bandwidth of a DSL line.
Yep. It all comes down to money.
Personally I am all for the immediately quarantining utility customers on the first SPAM sent out and forcing the mandatory usage of relays.
I agree on the relays.
What I don't understand is why the ISP's don't do SOME degree of spam checking and dump the offending customers onto their own email server?
Okay, I know why BellSouth doesn't do that. They send out a lot of spam.
But other ISP's. If you're just going to buy more bandwidth, at least be sensible and put the problem children on their own server with their own, tiny, pipe and keep the big, fast pipes for your good customers.
Your customers will usually send out the same amount of email every day. If it's within their regular levels, don't worry about it.
But when they suddenly start sending 100 emails a second, to 100 different address, it's time to shut them down and email/call them to see if they meant to do that.
Scanning outbound email can be a problem. I send virus tests to servers and I would not like an ISP stopping that.
The same with scanning for "spam" because I also send spam examples to lists and other people.
For me, the best approach would be for all companies (ISP's or otherwise) hosting email services to limit outgoing email to 100/minute or something and automatically blocking accounts that have a huge change in the amount of their outgoing email.
It's never going to happen, but that's the approach I'd take.
I could say "Heres Spam Assasin" deal with it, but, it doesnt work in the real world.
Well, since it APPEARS that you are running email servers, you would not be doing that. You would be installing SpamAssassin and you would be offering your services to your customers to configure it, or you would provide a mechanism so they could configure it.
We have to deal with the spam.
Sending it or receiving it? There is a HUGE difference.
Why would anyaone give out their primary email address on a form anyways?
What use is your "primary email address" otherwise?
Let the Yahoos,gmails,and hotmails deal with it. (no?)
What the fuck? How does gmail filtering their incoming email do ANYTHING for you unless you are sending the spam?
You seem to be a business. As a business, it is up to you to decide what services to offer your customers and what to charge for those services.
It is cheaper to not do anything about the situation and just buy more bandwidth as you need it. That's a business decision you have to make.
If your customers are swamped in spam, that is also a business consideration for you. There is a chance that they'll leave and go to a service that offers everything you offer and offers some degree of spam protection.
If you're offering email services, you should at least be monitoring the outgoing levels and taking automatic precautions when there is a huge jump in outgoing volumn. Do NOT become part of the spam sending problem.
I remember quite a few dial-up schemes that were supposed to be "free" and "ad supported".
They seem to have all failed.
Why was this patented?
Visualisation is the only thing he's good at now.
on
The New Force at Lucasfilm
·
· Score: 5, Insightful
I hated Episodes I & II and still haven't seen Episode III.
But, look at each still shot. They look good. The characterization sucks. The plot sucks. The dialog sucks. The timing sucks. The motivation sucks. None of it has any logical flow behind it.
#1. If it is real life with real actors, you already have years and years of experience looking at it in 3D. It's called "life".
#2. If it's computer animation, it's fake so it doesn't matter. They create what you want them to.
This is where "art" comes in. It's not just directing, it's lighting and cinematography. Playing with a toy isn't going to make your movies any better.
Remember, it isn't about whether a virus exists for a specific platform or not.
It's whether you'll be infected or not.
And that is based upon the infection rate vs the removal rate. A virus that cannot spread faster than it is being removed will die.
Microsoft made a number of bad decisions (security-wise) in pursuit of "user friendly" systems.
Would Gore take a different approach to the environment and scientific research than Bush does?
Yes. He would.
Don't compare the generic "a Democratic president" to the specific "President Bush".
SCO isn't in this to win a judgement against IBM.
SCO is in this because:
#1. Pump-n-dump SCO stock. Almost every SCO executive has dumped all of their SCO stock.
#2. Make money from
#3. McBride gets more media attention.
When you look at that way, every one of their steps makes sense.
Looks like you're right. Thanks!
Stars fuse H into He and so forth all the way up to lead (Pb). Lead is a problem because it inhibits further reactions. Any elements past lead come from when the star explodes.
I know that the company I work for is not unique.
I know that someone else had probably already done what I want to do in the way I want to do it.
So let me find out how they did it and I'll buy your product.
The problem is that it has become too easy to track people and schedule them into meetings.Yep. And before email + calendaring/scheduling software, the difficulty in getting the people to the meeting meant that only very important people could call a meeting or the meeting was very important to everyone in attendance.
Now, all it takes is someone with a desire for a meeting who has an extra minute to automatically search everyone's calendar and, with no social interaction what-so-ever, lock them into a meeting.
Before email, if you wanted a paper trail you had to send out memos. And typing a decent memo took a lot more time/effort than hammering out another email.
Don't forget meetings. With calendaring/scheduling software, I can call 20 different meetings a day and automatically check to see that you aren't already scheduled for a meeting. Before, I'd have to send out at least one memo for a meeting and possibly several unless I went to each person and checked his/her availability. And if I'm going to that much effort, the meeting was usually pretty important.
Accept no substitutes!
global platform
democratized
decentralized
commoditizing
control structures
power
socialize
engage
interchange
The first thing you should learn is that when someone is using buzzwords, they're attempting to sell you on something, not inform you. Selling appeals to emotions.
Rule Zero: There is no security without physical security. The other team learned that.
... patching. Not easy with only one machine connected to the Internet. And not much use if your app had the same sql-injection vulnerability that the other team's did. Patching only works if there is a patch available.
The first rule of security is to restrict the avenues of attack. You weren't allowed to do that.
The second rule is to run only what you absolutely need. But without the install media, that's not very easy to do.
The third rule is
If they had allowed you to follow basic security practices, you'd have had the time to dig into the systems and correctly configure them, change the default passwords, disable junk accounts, etc.
Also, it doesn't appear that they let you go outside your firewall/router to scan your network the way the Red Team did. Did they? If not, that's another stupid rule they had which is 100% the opposite of the Real World.
Congrats on the work, though. Even with the stupid rules and such, it looks like you gave an impressive showing.
Seriously, aside from the physical entry (extremely uncommon in the Real World), a quick class on firewall/router configuration would have stopped the attackers.
I think you guys were setup to fail on this. You gave an impressive performance, but the skills needed weren't what you were going to school for and, in the Real World, you wouldn't be limited to those "rules".
Congrats!
Since you were in the contest, what was your background? Did you have any experience with that router and firewall? Any professional/vendor certifications or training?
Lotus Notes is an incredible platform. It does just about everything.
... look). Then spend $50 million on getting the word out.
Unfortunately, most companies just want something that will handle the email and calendaring with Outlook.
Instead of putting $300 million into this stupid ad campaign, spend $250 million on a basic corporate email server that handles email and calendaring that works with Outlook (or clone the Outlook
Start small and build up. Lotus Notes is anything but small.
The easiest way to defeat the attackers would be to lock them out at the firewall or router. Then all the sql-injection vulnerabilities wouldn't matter.
And when your database app has those vulnerabilities, there isn't much the average network admin can do.
So, 50% of the 9-19 year olds have seen online porn.
How many of those have also seen porn magazines?
How does that compare to previous years?
I had definately seen porn mags by the time I was 19. If the same percentage of the population have seen porn, does it matter if it's online or printed?
I don't know about you, but here's what I want:
#1. No one sending me ads if I haven't, personally, given you my email address.
#2. When I opt out, you drop me from all further ads and "informational" mailings. You only send me my invoice and my shipping notification.
#3. You send me, once a month/quarter/year, a notification that I am on your list so that I may change my address or opt out at that point. This is very helpful if I am an email admin and I'm trying to be nice and opt-out people who are no longer at the company.
Now, what the advertisers want is:
A. A list of people that they can send ads to, cheaper than snail mail.
B. See A.
So, looking at it in that fashion, you can see why there is a problem.
If the legitimate retailers would just start behaving like legitimate retailers, a big chunk of the spam problem would vanish. But they won't.
Now, 1,000 messages a day should far exceed the needs of 99% of the legitimate home users out there.
The problem with rate limits is that there are a few people who will have a legitimate need to send more than 1,000 messages a day, every day.
And the ISP costs go up once any of their tech support people have to answer a phone because your joke of the day list is being blocked after 1,000 sendings.
There's no easy way around this. Somewhere, someone is going to have to pay money to start solving this problem.
How, exactly, is any of that supposed to help against crime / terrorism / illegal immigration / whatever?
This is going to cost the government some money. That money comes from taxes and fees. What is the British citizen getting for that expense?
We have an old GroupWise 5.5ep system. But I have it sending through an app called Guinevere that runs SpamAssassin and the anti-virus apps. Guinevere hands off to Exim4 running on Debian.
Exim4 runs greylisting, checks open relay lists, etc. If everything passes there, it hands off to Guinevere which runs anti-virus then SpamAssassin (with Bayes) to flag anything suspicious.
Prior to that, 8 out of 10 messages would be spam.
Now, less than 1 out of 10 messages is spam.
I prefer Exim4 because I can put my phone number right in the error message that our server kicks back. I only block during SMTP receipt. Everything that I accept, I deliver. I might deliver it with a SPAM tag, but it gets delivered.
I get about 1 call a week from someone who's blocked or has problems. Usually it's because their server is incorrectly configured or they're using their ISP's email server and their ISP is on multiple blacklists for spamming (BellSouth is a prime offender there).
In the past month, we've received 2,005 messages that were flagged as "spam". I'm sure that many of those were legit ads from reputable companies.
We've also sent out 14,960 messages. So our incoming spam is even a fraction of our outgoing email.
We've received 29,594 messages that same month.
I cannot recommend Exim4, greylisting and SpamAssassin highly enough.
What I don't understand is why the ISP's don't do SOME degree of spam checking and dump the offending customers onto their own email server?
Okay, I know why BellSouth doesn't do that. They send out a lot of spam.
But other ISP's. If you're just going to buy more bandwidth, at least be sensible and put the problem children on their own server with their own, tiny, pipe and keep the big, fast pipes for your good customers.
Your customers will usually send out the same amount of email every day. If it's within their regular levels, don't worry about it.
But when they suddenly start sending 100 emails a second, to 100 different address, it's time to shut them down and email/call them to see if they meant to do that.
Scanning outbound email can be a problem. I send virus tests to servers and I would not like an ISP stopping that.
The same with scanning for "spam" because I also send spam examples to lists and other people.
For me, the best approach would be for all companies (ISP's or otherwise) hosting email services to limit outgoing email to 100/minute or something and automatically blocking accounts that have a huge change in the amount of their outgoing email.
It's never going to happen, but that's the approach I'd take.
You seem to be a business. As a business, it is up to you to decide what services to offer your customers and what to charge for those services.
It is cheaper to not do anything about the situation and just buy more bandwidth as you need it. That's a business decision you have to make.
If your customers are swamped in spam, that is also a business consideration for you. There is a chance that they'll leave and go to a service that offers everything you offer and offers some degree of spam protection.
If you're offering email services, you should at least be monitoring the outgoing levels and taking automatic precautions when there is a huge jump in outgoing volumn. Do NOT become part of the spam sending problem.
I remember quite a few dial-up schemes that were supposed to be "free" and "ad supported".
They seem to have all failed.
Why was this patented?
I hated Episodes I & II and still haven't seen Episode III.
But, look at each still shot. They look good. The characterization sucks. The plot sucks. The dialog sucks. The timing sucks. The motivation sucks. None of it has any logical flow behind it.
But the still pictures are very nice.
How hard is it to visualize a shot?
#1. If it is real life with real actors, you already have years and years of experience looking at it in 3D. It's called "life".
#2. If it's computer animation, it's fake so it doesn't matter. They create what you want them to.
This is where "art" comes in. It's not just directing, it's lighting and cinematography. Playing with a toy isn't going to make your movies any better.