Okay, new plot. A Borg'ified Romulan travels back through time to kill Kirk. Something about Spock's hot mother... Spock gives a message to baby Spock... baby Kirk has sex with Spock's hot mother producing some half-vulcan/half-human hybrid that may show up in later scripts... the Romulan/Borg hybrid is defeated... the Federation gets new Borg technology...
That should be good for a few movies and maybe another TV series.
Don't get me wrong, I'll still pay to go see it and drag my wife along kicking and screaming to see it with me.
SCORE!!!
No matter what crap they produce, just stamp "Star Trek" on it and they've sold tickets.
They won't stop producing crap until you stop paying them for the crap.
It's got time travel in it. It's 100% guaranteed to suck. That's why they had to include baby Spock..... better include Big Spock just to make sure. Yeah, that will sell tickets. No matter how bad.
They tend to test against a VERY limited set of threats.
And since their product is based upon defeating that very limited set of threats... it does amazingly well against that very limited set of threats. Mostly because the set of "good" is also very limited.
The concept of protocol validation is good. But not for an IDS. It is better as part of the firewall protecting that server running that service. BUT! That also means that it needs to be able to shut off access to that server when it sees ANYTHING it doesn't understand.
Can you say DoS?
Otherwise, it's nothing more than a warning AFTER you've been cracked. Because it is possible to crack with one machine and control with a different one.
Someone who isn't going to patch his mail server is going to install this new IDS? Correctly? And keep it patched?
Now, what if the mail server is responding with a "user not found" error in a multi-line format? Does that trigger your IDS?
If not, why? Or are you going to set patterns for EVERY possible, legitimate, response so you'll be able to find the ones that don't match it?
Yeah, good luck with that. You should start working on it now. Maybe in 10 years of so you'll have caught all the possible legit patterns for everything available today.
That is why current IDS's depend so much upon the ADMINS training the IDS's to what is LEGIT traffic for their particular network.
Which yields a LOT of "false positives" in the early stages (and immediately after upgrades). But if I'm running Exim4, why should my IDS be looking for patterns of Exchange responses? Or Sendmail responses? Or anything else?
Despite what that guy claims, there is no easy way to identify the bad without having a person identify what is good.
When the easiest way to DDoS someone's site is to have the zombie army keep hitting the pages... how will any tool identify or protect you from that threat?
The zombies can simply flood your pipeline. There are that many of them.
For example, if a person chooses a flower background and then draws a butterfly as their secret password image onto it, they have to remember where they began on the grid and the order of their pen strokes. It is recognised as identical if the encoding is the same, not the drawing itself, which allows for some margin of error as the drawing does not have to be re-created exactly.
So you don't even have to hit the same points. And this is supposedly "more secure"?
Imagine a password program that allowed for "close enough" typing. Would you consider it "more secure"?
If your password was "peach", would you want the system to accept "apple" as being "close enough"?
Trojans don't rely IE vulnerabilities to get email addresses after infection.
I did not say that they did. I said that the trojan scanned the hard drive of the infected computer to find anything that looked like an email address so it could send links to those addresses.
If someone clicked on one of those links AND had a version of IE that was exploitable, then they were infected.
That is how X increases in the Windows segment.
They can do the exact same thing they do on Windows on an OS X box once infected.
Yes they can. But they still depend upon a browser vulnerability in that scenario. Microsoft's decisions with IE (ActiveX, "integrating" it into the OS) means that the exploits are worse with IE than with, say, Firefox.
It was only a matter of time before someone would target it. Whether more and more people target it is a completely separate issue.
Targeting it does not matter. What matters is how to increase X%.
If the infection rate is below the disinfection rate, the trojan dies "in the wild".
As a cross-platform user of all sorts of systems I generally prefer that things aren't targeted at all.
Yeah. You go with that.
I do enjoy the people saying OS X was inherently secure based on absolutely no knowledge of OS X's foundation finally being hit with the clue-by-four. Now they can actually start learning what it is they are spouting about and present intelligent arguments which are always better than empty ones.
Actually, it appears that your argument is the one that is empty.
Getting ONE person to infect his Mac is not much of an achievement. With enough users, eventually you'll find one dumb enough for fall for any scam.
What matters is how fast it will spread.
So far, this trojan has demonstrated that Mac's are extremely secure. The trojan is not spreading.
Compare that with the Storm Worm.
Of course that may just be a tad bit optimistic on my part. No system connected to the outside world is 100% secure, does this in any way change my thoughts on OS X security? Nope, not at all because I always understood this problem as it exists on any platform which lets the user download and run software.
And who is saying that 100% security is needed?
Security is a PROCESS. Not an end-item.
All that is needed is for Mac's to have an infection rate that is BELOW the disinfection rate. The the viruses and trojans and worms will all die "in the wild".
No need to make any claims about "100% secure" or not. It's the infection rate that matters. Does it spread faster than it is removed? If it does not, then it is not a threat. If it is not a threat, then the Mac is still considered "secure" by its user.
Right now you have to convince people to install the trojan.
Okay, that will give you X% of all the Mac users out there.
Then what? How do you increase X?
With Windows, the trojans scan the hard drive for email addresses and send out links to every address it can find. That depends upon unpatched exploits in IE or you having friends who are as dumb as you.
If the same happens here... I don't see the growth rate being above the disinfection rate.
Iraq's infrastructure was completely in the dumps long before 2003.
So? It still worked better than what they have now.
The UN... and plumbing.
So? It still worked better than what they have now.
You really think that the previous military and law enforcement regimes were bastions of just, and even-handed peacekeeping?
Who said that? Post a link.
If you cannot, then you're beating a strawman. Which means you've already lost the discussion.
You mean, like, in between burying non-Sunnis in mass graves, shooting at NATO aircraft ever week for years after signing a cease-fire that said they wouldn't, after invading a neighboring country?
So? Saddam couldn't even travel his own country without a body-double. He was constantly in danger of assassination.
So why are you defending the plight of the average Iraqi now... because of something that Saddam did... years ago... that they probably did not support?
Saddam was executed. He's dead. Isn't it time you moved on instead of trying to blame him for the anarchy and warlordism that is Iraq today?
It wasn't Iran that did that, it was Saddam.
He's dead. He was executed. Yet the situation did not improve. Are you going to keep blaming Saddam for the current situation?
And now it's Iran's mullahs that don't want anything healthy, peaceful, and democratic thriving next door, since they know that that's exactly what most of their younger populat desparately want right there in their own country.
Then we should just wait until the "their younger populat" becomes the government in 20 or so years.
And so we have Iran shipping troops, explosives, cash, and more aross the border in an attempt, via badly painted proxies, to prevent things from productively moving ahead.
They can ship all they want. Without Iraqi support, it would go no where.
The problem you don't want to face is that the Iraqi people do not seem to want our troops there. They're happy to attack them.
Are you actually under the impression that Iran is just a warm and fuzzy neighbor that only wants to help out, now that their poor Sunni tyrant next door is out of power, and, alas, as dead as the millions of people that died when he started a war with Iran, too? Yeesh.
Again with the strawman. Is that all you have?
No matter how bad Iraq was, our invasion fucked it up even worse.
No matter how much the Iraqis hated Saddam and/or Iran, they prefer them to us.
No matter how much we spend (lives and money) in Iraq, when we leave it will be a civil war.
No matter how we re-define "victory", Iraq will end up with a Sharia-based legal system and strong ties to Iran.
You can blame anyone you want to. But all you're doing is trying to hide from the fact that you supported a fucked up invasion and the result is a lot more death and misery than Saddam inflicted. Yes, it is possible to say Saddam was a vicious 3rd world tin-pot dictator... and that our invasion was WORSE for the average Iraqi than that.
I mean, how often does a publicly traded company sue someone 100x their size based on nothing but hot air? Lying is one thing. Lying when, sooner or later, you will be required to show evidence in a court of law, is something else again. Let's face it, SCO was breathtakingly brazen. I can certainly understand how someone might conclude what he did... there's got to be SOMETHING there.
No. That's bullshit. Anyone looking at SCO's financials would see that they were losing business back before they filed the suit.
Only an idiot would believe that story without checking ANY of the facts.
And that's exactly what Forbes and Lyons did. In fact, they did worse. They refused to check any of the facts and instead they parroted, as if they were fact, the unsubstantiated lies that SCO kept spewing.
Fill in enough of that information and you can use it to get info on the numbers you don't have filled in.
Now, they are you, as far as any financial institution is concerned. They can take out a second mortgage on your house. They can buy a car in your name. They can steal more from you than you have in any of your accounts.
They can even try to cash out your 401k. They are you.
Source of Data The data for this study was collected from United States Secret Service closed cases with an identity theft component which were opened and closed between 2000 and 2006. The staff at Secret Service headquarters selected the cases for the research team, based on the primary and secondary case codes that Secret Service uses to classify its cases.
That seems to indicate that only cases that had been SOLVED were used in this "study".
Of course, which case would be easier to solve?
#1. Someone in Russia stealing your ID via a keylogger installed on your workstation.
#2. Someone in your apartment building breaking into your mailbox.
If you're in a corporate office with a correctly configured caching DNS box, the spelling errors should outnumber the correctly entered queries. As seen from the root servers.
That is because every spelling error must be sent upstream while just about every correctly entered query should be cached locally.
But I'm not speaking about humans, I'm speaking about algorithmic trading in a competitive environment.
So get liquid nitrogen and overclock your processor.
Speeding up the computer running the algorithm is more productive than trying to get your packet through 1 millisecond faster.
Think about clustered pricing engines and similar, all trying to price as fast as possible to both a) capture business and b) avoid arbitrage.
I understand that.
I also understand that if you're LOSING because you're one millisecond slower than the competition (or the shift) then you're focusing on the wrong issue.
#1. Re-write your code to be more efficient
#2. Get a faster computer
There definitely is a market for this level of network analysis.
There is also a market for pet psychics. I'm fully supportive of people selling whatever they can get someone else to buy.
I'm on the code-side myself, so I agree that getting your code right is the most important. Throwing faster hardware at it helps however, depending on design, and in some circumstances you take all the speed you can get no matter which source it comes from.
My point is that if you're looking at spending money for a 1 millisecond gain, you've already lost sight of the goal.
There are too many points where delays can happen and almost every one of them is out of your control.
The only time they would not be a factor greater than 1 millisecond is when the process is running on the trading server itself and then the network would be completely removed anyway. And even that is a problem if the trading server has to communicate with any other server.
What is the buffer capacity of the server's NIC? How long does it take to empty it? What was the guy just before you doing? Did he fill it?
The same with the network switch.
And that's not even counting a router or everything that can slow down your Internet connection.
Some applications are natively sensitive to latency and jitter. Consider VOIP or teleconferencing, or algorithmic stock trading.
I guess that would depend upon where both points are. One has to be on your network. The other... ?
Now, with Ethernet, one machine can hog the switch (I'll guess that they aren't using hubs). What use is shaving a millisecond off the app if you're still vulnerable to someone else hogging the network at the moment that you're trying to complete your transaction?
Slashdot Mirror
Name her Sarra Konnar ...
...
... Spock gives a message to baby Spock ... baby Kirk has sex with Spock's hot mother producing some half-vulcan/half-human hybrid that may show up in later scripts ... the Romulan/Borg hybrid is defeated ... the Federation gets new Borg technology ...
Combine the Romulans with the Borg
Okay, new plot. A Borg'ified Romulan travels back through time to kill Kirk. Something about Spock's hot mother
That should be good for a few movies and maybe another TV series.
Fuck time travel movies.
The PROBLEM is that time travel does NOT change the present. They heroes fix the problem in the past and the present is the present again.
There's nothing moving FORWARD. There is no development or change. The entire movie could just as well never have happened.
SCORE!!!
No matter what crap they produce, just stamp "Star Trek" on it and they've sold tickets.
They won't stop producing crap until you stop paying them for the crap.
It's got time travel in it. It's 100% guaranteed to suck. That's why they had to include baby Spock
They tend to test against a VERY limited set of threats.
... it does amazingly well against that very limited set of threats. Mostly because the set of "good" is also very limited.
And since their product is based upon defeating that very limited set of threats
The concept of protocol validation is good. But not for an IDS. It is better as part of the firewall protecting that server running that service. BUT! That also means that it needs to be able to shut off access to that server when it sees ANYTHING it doesn't understand.
Can you say DoS?
Otherwise, it's nothing more than a warning AFTER you've been cracked. Because it is possible to crack with one machine and control with a different one.
http://seclists.org/focus-ids/2003/Feb/0031.html
And that is with 30 seconds of Google searching. I thought I had heard of that concept before.
Search Google with "worm 'protocol validation'".
Someone who isn't going to patch his mail server is going to install this new IDS? Correctly? And keep it patched?
Now, what if the mail server is responding with a "user not found" error in a multi-line format? Does that trigger your IDS?
If not, why? Or are you going to set patterns for EVERY possible, legitimate, response so you'll be able to find the ones that don't match it?
Yeah, good luck with that. You should start working on it now. Maybe in 10 years of so you'll have caught all the possible legit patterns for everything available today.
That is why current IDS's depend so much upon the ADMINS training the IDS's to what is LEGIT traffic for their particular network.
Which yields a LOT of "false positives" in the early stages (and immediately after upgrades). But if I'm running Exim4, why should my IDS be looking for patterns of Exchange responses? Or Sendmail responses? Or anything else?
Despite what that guy claims, there is no easy way to identify the bad without having a person identify what is good.
I use Snort on our company network and I have absolutely no problems with it. I don't see how anything else could be better.
... I also do things like block out-bound SMTP from anything other than my mail server and check the logs to see if anything is happening.
But then
There's not enough info in that "article" ("ad") to say whether his work is even as good as Snort. Let alone better.
I can accept an ad that describes the advances. This article says NOTHING.
... but there are an almost infinite number of patterns for exploits.
And the claims he is making do NOT fit with how machines are infected or how the zombies are used.
Intrusion Detection Systems are based around knowing YOUR traffic. And finding patterns that do NOT match what is normal for your network.
They include patterns for known exploits
But there SHOULD be a finite number of LEGITIMATE patterns on your corporate network.
Instead of claiming "new" ways of "faster" identification of "bad" stuff, a real improvement would be faster identification of LEGIT patterns.
I'm thinking "snake oil" here.
That would mean that the ISP's would be BLOCKING traffic based upon his system.
Yeah, like that will go over well.
Not to mention that, AGAIN, the most commonly used protocol in infecting those machines is HTTP (with SMTP being a close second).
When the easiest way to DDoS someone's site is to have the zombie army keep hitting the pages ... how will any tool identify or protect you from that threat?
The zombies can simply flood your pipeline. There are that many of them.
Why not simplify the search?
RETURN PERSON ID where has expired visa AND received large cash transfers from an Islamic country.
Isn't that what they're really looking for?
And that information is NOT going to be found from a grocery store.
Your method would be defeated simply by purchasing round trip tickets.
With hookers! And blackjack!
In fact, forget the uprising!
Not to mention that if you're sending a threat it would be best to do it in a way that cannot be so easily traced back to you.
Dropping off a letter in a different city is an easier method than anon proxies for most people.
So you don't even have to hit the same points. And this is supposedly "more secure"?
Imagine a password program that allowed for "close enough" typing. Would you consider it "more secure"?
If your password was "peach", would you want the system to accept "apple" as being "close enough"?
If you have to draw a picture to login, it's going to be very easy for people to see what you're drawing just by being near you.
With typed passwords that is a lot more difficult.
I did not say that they did. I said that the trojan scanned the hard drive of the infected computer to find anything that looked like an email address so it could send links to those addresses.
If someone clicked on one of those links AND had a version of IE that was exploitable, then they were infected.
That is how X increases in the Windows segment.
Yes they can. But they still depend upon a browser vulnerability in that scenario. Microsoft's decisions with IE (ActiveX, "integrating" it into the OS) means that the exploits are worse with IE than with, say, Firefox.
Targeting it does not matter. What matters is how to increase X%.
If the infection rate is below the disinfection rate, the trojan dies "in the wild".
Yeah. You go with that.
Actually, it appears that your argument is the one that is empty.
Getting ONE person to infect his Mac is not much of an achievement. With enough users, eventually you'll find one dumb enough for fall for any scam.
What matters is how fast it will spread.
So far, this trojan has demonstrated that Mac's are extremely secure. The trojan is not spreading.
Compare that with the Storm Worm.
And who is saying that 100% security is needed?
Security is a PROCESS. Not an end-item.
All that is needed is for Mac's to have an infection rate that is BELOW the disinfection rate. The the viruses and trojans and worms will all die "in the wild".
No need to make any claims about "100% secure" or not. It's the infection rate that matters. Does it spread faster than it is removed? If it does not, then it is not a threat. If it is not a threat, then the Mac is still considered "secure" by its user.
Right now you have to convince people to install the trojan.
... I don't see the growth rate being above the disinfection rate.
Okay, that will give you X% of all the Mac users out there.
Then what? How do you increase X?
With Windows, the trojans scan the hard drive for email addresses and send out links to every address it can find. That depends upon unpatched exploits in IE or you having friends who are as dumb as you.
If the same happens here
So? It still worked better than what they have now.
So? It still worked better than what they have now.
Who said that? Post a link.
If you cannot, then you're beating a strawman. Which means you've already lost the discussion.
So? Saddam couldn't even travel his own country without a body-double. He was constantly in danger of assassination.
So why are you defending the plight of the average Iraqi now
Saddam was executed. He's dead. Isn't it time you moved on instead of trying to blame him for the anarchy and warlordism that is Iraq today?
He's dead. He was executed. Yet the situation did not improve. Are you going to keep blaming Saddam for the current situation?
Then we should just wait until the "their younger populat" becomes the government in 20 or so years.
They can ship all they want. Without Iraqi support, it would go no where.
The problem you don't want to face is that the Iraqi people do not seem to want our troops there. They're happy to attack them.
Again with the strawman. Is that all you have?
No matter how bad Iraq was, our invasion fucked it up even worse.
No matter how much the Iraqis hated Saddam and/or Iran, they prefer them to us.
No matter how much we spend (lives and money) in Iraq, when we leave it will be a civil war.
No matter how we re-define "victory", Iraq will end up with a Sharia-based legal system and strong ties to Iran.
You can blame anyone you want to. But all you're doing is trying to hide from the fact that you supported a fucked up invasion and the result is a lot more death and misery than Saddam inflicted. Yes, it is possible to say Saddam was a vicious 3rd world tin-pot dictator
No. That's bullshit. Anyone looking at SCO's financials would see that they were losing business back before they filed the suit.
Only an idiot would believe that story without checking ANY of the facts.
And that's exactly what Forbes and Lyons did. In fact, they did worse. They refused to check any of the facts and instead they parroted, as if they were fact, the unsubstantiated lies that SCO kept spewing.
The big money is not in taking cash out of someone's account and hoping that they don't notice.
..... BankAccnt1 - BankAccnt2 etc
Here, you know what databases are, right? Think of a database of every possible Social Security Number.
Then, think about a criminal organization filling in the information they can find from various sources.
SSN - FName - LName - DoB - MomMaiden - Address - SpouseLink - Child1 - Child2
Fill in enough of that information and you can use it to get info on the numbers you don't have filled in.
Now, they are you, as far as any financial institution is concerned. They can take out a second mortgage on your house. They can buy a car in your name. They can steal more from you than you have in any of your accounts.
They can even try to cash out your 401k. They are you.
That seems to indicate that only cases that had been SOLVED were used in this "study".
Of course, which case would be easier to solve?
#1. Someone in Russia stealing your ID via a keylogger installed on your workstation.
#2. Someone in your apartment building breaking into your mailbox.
I don't see anything in the article about Microsoft paying to "share" their "technology".
But I'm sure that is what happened.
Anyone have any other references? It appears that Microsoft is buying up the lesser Linux distributions.
If you're in a corporate office with a correctly configured caching DNS box, the spelling errors should outnumber the correctly entered queries. As seen from the root servers.
That is because every spelling error must be sent upstream while just about every correctly entered query should be cached locally.
So get liquid nitrogen and overclock your processor.
Speeding up the computer running the algorithm is more productive than trying to get your packet through 1 millisecond faster.
I understand that.
I also understand that if you're LOSING because you're one millisecond slower than the competition (or the shift) then you're focusing on the wrong issue.
#1. Re-write your code to be more efficient
#2. Get a faster computer
There is also a market for pet psychics. I'm fully supportive of people selling whatever they can get someone else to buy.
My point is that if you're looking at spending money for a 1 millisecond gain, you've already lost sight of the goal.
There are too many points where delays can happen and almost every one of them is out of your control.
The only time they would not be a factor greater than 1 millisecond is when the process is running on the trading server itself and then the network would be completely removed anyway. And even that is a problem if the trading server has to communicate with any other server.
What is the buffer capacity of the server's NIC?
How long does it take to empty it?
What was the guy just before you doing? Did he fill it?
The same with the network switch.
And that's not even counting a router or everything that can slow down your Internet connection.
I guess that would depend upon where both points are. One has to be on your network. The other
Now, with Ethernet, one machine can hog the switch (I'll guess that they aren't using hubs). What use is shaving a millisecond off the app if you're still vulnerable to someone else hogging the network at the moment that you're trying to complete your transaction?