Just because your platform has not been subject to as many high profile attacks, does not mean that it is so obscure that you can feel safe. If you run a browser, and think that you are immune under the assumption that malicious code is platform dependent, then you are sadly mistaken.
In addition, the biggest concern here is for buisness users that want to keep servers safe. I am unaware of any OSX enterprise servers out there.
Finally, remember that OSX is UNIX and hence some exploits may still work.
I apologize for my spelling/typographical error. I do hope that my error does not cause you any grievous emotional, physical, or psychological harm.
As such let me commend you on your outstanding citizenship and willingness to contribute to the greater good by showing us on the public forum our wrongs. Such participation is essential for a better world.
Stenography is the ultimate answer. If they start calling people on information that they think could be there but cannot be proved: we might as well just all move to friendlier pastures and watch the collapse of that nation from a TV far far away.
Then again, if it goes so far as a steno witch hunt then some of us might very well become terrorists. The US and UK are good at producing their own enemies.
First, that goes over the 63 printable character limit. Second, losing that key means that you have to reset the device in order to put in a new key and redo all the settings.
For a large network in say a hospital*, this kind of downtime is unacceptable since many essential things, including security systems and mobile stations for taking vitals. I imagine that the fear of this kind of downtime would either be enough to convince people to swallow the cost of installing ethernet wiring or ensure that SOMEONE will be able to remember the password. I'm going to assume that the reason for going wireless is to avoid swallowing that cost, so that leaves them in hoping that the memorable pass can't be formed from a dictionary/combo attack and the ssid isn't on a rainbow table somewhere.
*I remember from my time in a mental institution: fucking everything was connected and dependent on their wifi. Security handsets, the mobile nursing units that were used every day to do our vitals AND commit them to our file [yes, my records were going through wifi... not cool], front desk information, the security cameras and the like. Note that if you were on suicide watch or had just got admitted, that means that when you took a piss, you could wave to the camera knowing that the image of you was being broadcast on WiFi. Great... I also, upon being transferred to partial, found that I could move fairly far away from the building, off the premises actually, and could launch an attack. It was WPA. An easy social engineering target (underpaid IT staff) confirmed my observations and reasoning as to the bottom line inspiring the WiFi. Every floor was even the same network, when really there was no reason for the same UNIT to share the same network. The nurses did not have logins, though each unit did. What's more, only the head nurse could "technically" log nurses and mental health staff into the network. The mobile testing stations (dell inspirons with their proprietary software installed and some USB connected medical devices) never left any single unit even!!! There was every good reason to separate the networks except that the entire system was inspired by laziness. I never bothered trying to crack the WPA encryption, because I saw little point in getting into the network. Except maybe getting my file, which cost me $50 to print out... bastards.
Why does M$ come up with this crap that no one needs on a desktop in an attempt to try to redefine the desktop experience? It has not worked. They should just stick to buying out and marketing good ideas made by other people. They need to learn that they've always been much more successful with the business aspect of IT.
The idea is that the recycling center shouldn't take 5 gallons of gas to get to, or the state should provide a reasonable way for you to recycle and encourage it. Like the bag tax system in Canada.
Mediocre anime that was themed on this AR being integrated into an urban/suburban infrastructure accessible by equipped glasses. This accompanied by a romanticized "hacking"
It made me think about AR and read up on the practicalities and limitations. Obviosly the reality and practicalities of AR, or at least the combination of real-world and computer-generated data in real time, fell short. The DSP that this requires is FAR out of the range of modern hand held-devices.
Also, I can't imagine that it would be feasible to use the same DSP chip that's used for a communication devices necessary functions, to also share the load of AR processing. However, I'm way out of my field here. Expert opinion please?
This trolling problem is getting out of hand. I really think that we should consider banning suspect IP ranges and proxies. Near half of this page is trolling. It's making reading real comments prohibitively difficult, especially with people responding to -1 posts.
Let's assume that they have actually discovered this industry sweeping exploit.
So they went and contacted the vendors like good white hats. Now, if their intent was in being contributers to the greater good of security they would stop at this level of correspondence and work with the companies until the problem is fixed.
However, they released this article to inform the public. Normally when someone does this it is with the intension of providing the public with the knowledge, tools, or rallying them activism towards the end of making the upstream change things. This article does not constructively inform in this way and does not give the end user something to throw upstream. Then what is this article accomplishing?
The fact that we are discussing this and that we have, theoretically, RTFA implies that we have exposed ourselves to their names, tools, and services. It also, loosely implies a need for their services and their "skill." Quotations are entered around "skill" as I the reader have no way of actually confirming their skill because of the lack of real material to observe. From this perspective, I am tempted to conclude that this article serves as little more then an advertisement for their services and a cry for attention.
What then, you may ask. Do I suggest that they leak "dangerous" information and risk their horror story becoming reality? No; rather I propose that if their intentions were really to protect the Internet, they should have stopped the discussion of their research from the immediate parties involved.
I do not necessarily advocate any of these stances as this analysis is meant to be normative.
I want to know how I can compile a CAS (maxima or maybe sage or euler) for it, program an equation typesetter, and get something like the gnu graphing library to work on it.
After reviewing the comments, I began to wonder: Is it possible that the article itself here is a troll with the purpose of generating a deluge of opinionated argument?
I would think that the process of doing stochastic modeling (and I figure it's safe to assume that we're talking about the discrete case) would be embarrassingly parallel by nature as were dealing with matrix multiplication by a state vector. That's about the most parallelizeable as it gets right?
On top of that there's tons of tricks to reduce your stochastic matrix into a form that allows for more parallelization, Like you can do with the Google marix and the Sheeron-Morrison rank one update formula. I've only got my B.S. in math right now so I can't say for sure what optimizations could be done on this process, but could maybe a grad student shed some light on what would keep a simulation of a discrete stochastic process (or a discrete simulation of a continuous one) not embarrassingly parallel?
I've been so engulfed by Jewish culture here in Pikesville MD, and have been part of it for so ling that I sometimes forget that this sort of bigotry is actually still out there.I'm equally astounded that someone even considers a persons religious background as more than a biographical note when forming an opinion of them.
I'm starting to remember why I don't bother with that outside world much.
Anyway, the article doesn't really explain the mechanics of how this analysis works. Do they just run a program to fetch the page every n seconds, use a reg exp to find the area where the number of edits are, get the counter and repeat for some number of hours?
I guess that this is possible but it seems a bit crude. Anyone know a more sophisticated method? err... does anyone know a more sophisticated legal method?
Slashdot Mirror
DAmn it, I meant to reply to the person below me. I fail it *shame*
Just because your platform has not been subject to as many high profile attacks, does not mean that it is so obscure that you can feel safe. If you run a browser, and think that you are immune under the assumption that malicious code is platform dependent, then you are sadly mistaken.
In addition, the biggest concern here is for buisness users that want to keep servers safe. I am unaware of any OSX enterprise servers out there.
Finally, remember that OSX is UNIX and hence some exploits may still work.
I apologize for my spelling/typographical error. I do hope that my error does not cause you any grievous emotional, physical, or psychological harm.
As such let me commend you on your outstanding citizenship and willingness to contribute to the greater good by showing us on the public forum our wrongs. Such participation is essential for a better world.
Stenography is the ultimate answer. If they start calling people on information that they think could be there but cannot be proved: we might as well just all move to friendlier pastures and watch the collapse of that nation from a TV far far away.
Then again, if it goes so far as a steno witch hunt then some of us might very well become terrorists. The US and UK are good at producing their own enemies.
I really hope that you know that that is a paraphrase of James Madison in the federalist papers.
Here's another relevant quote from him:
Perhaps it is a universal truth that the loss of liberty at home is to be charged against provisions against danger, real or pretended from abroad.
- Letter to Thomas Jefferson (1798-05-13); published in Letters and Other Writings of James Madison (1865), Vol. II, p. 141
First, that goes over the 63 printable character limit. Second, losing that key means that you have to reset the device in order to put in a new key and redo all the settings.
... not cool], front desk information, the security cameras and the like. Note that if you were on suicide watch or had just got admitted, that means that when you took a piss, you could wave to the camera knowing that the image of you was being broadcast on WiFi. Great ... I also, upon being transferred to partial, found that I could move fairly far away from the building, off the premises actually, and could launch an attack. It was WPA. An easy social engineering target (underpaid IT staff) confirmed my observations and reasoning as to the bottom line inspiring the WiFi. Every floor was even the same network, when really there was no reason for the same UNIT to share the same network. The nurses did not have logins, though each unit did. What's more, only the head nurse could "technically" log nurses and mental health staff into the network. The mobile testing stations (dell inspirons with their proprietary software installed and some USB connected medical devices) never left any single unit even!!! There was every good reason to separate the networks except that the entire system was inspired by laziness. I never bothered trying to crack the WPA encryption, because I saw little point in getting into the network. Except maybe getting my file, which cost me $50 to print out ... bastards.
For a large network in say a hospital*, this kind of downtime is unacceptable since many essential things, including security systems and mobile stations for taking vitals. I imagine that the fear of this kind of downtime would either be enough to convince people to swallow the cost of installing ethernet wiring or ensure that SOMEONE will be able to remember the password. I'm going to assume that the reason for going wireless is to avoid swallowing that cost, so that leaves them in hoping that the memorable pass can't be formed from a dictionary/combo attack and the ssid isn't on a rainbow table somewhere.
*I remember from my time in a mental institution: fucking everything was connected and dependent on their wifi. Security handsets, the mobile nursing units that were used every day to do our vitals AND commit them to our file [yes, my records were going through wifi
Why does M$ come up with this crap that no one needs on a desktop in an attempt to try to redefine the desktop experience? It has not worked. They should just stick to buying out and marketing good ideas made by other people. They need to learn that they've always been much more successful with the business aspect of IT.
I know, which is what the bag tax is for. Those who produce more waste actually pay more for that disposal.
The idea is that the recycling center shouldn't take 5 gallons of gas to get to, or the state should provide a reasonable way for you to recycle and encourage it. Like the bag tax system in Canada.
http://encyclopediadramatica.com/Image:Ackbar_trapped_diary.jpg
Mediocre anime that was themed on this AR being integrated into an urban/suburban infrastructure accessible by equipped glasses. This accompanied by a romanticized "hacking"
It made me think about AR and read up on the practicalities and limitations. Obviosly the reality and practicalities of AR, or at least the combination of real-world and computer-generated data in real time, fell short. The DSP that this requires is FAR out of the range of modern hand held-devices.
Also, I can't imagine that it would be feasible to use the same DSP chip that's used for a communication devices necessary functions, to also share the load of AR processing. However, I'm way out of my field here. Expert opinion please?
I'll use plain text where accepted and latex+acrobatpdf when I need formatting.
Let's see microsoft try fighting Knuth's tex and see how they fair. A glance by his most high will make their bits WITHER to 0's and Z's!!!
This trolling problem is getting out of hand. I really think that we should consider banning suspect IP ranges and proxies. Near half of this page is trolling. It's making reading real comments prohibitively difficult, especially with people responding to -1 posts.
Let's assume that they have actually discovered this industry sweeping exploit.
So they went and contacted the vendors like good white hats. Now, if their intent was in being contributers to the greater good of security they would stop at this level of correspondence and work with the companies until the problem is fixed.
However, they released this article to inform the public. Normally when someone does this it is with the intension of providing the public with the knowledge, tools, or rallying them activism towards the end of making the upstream change things. This article does not constructively inform in this way and does not give the end user something to throw upstream. Then what is this article accomplishing?
The fact that we are discussing this and that we have, theoretically, RTFA implies that we have exposed ourselves to their names, tools, and services. It also, loosely implies a need for their services and their "skill." Quotations are entered around "skill" as I the reader have no way of actually confirming their skill because of the lack of real material to observe. From this perspective, I am tempted to conclude that this article serves as little more then an advertisement for their services and a cry for attention.
What then, you may ask. Do I suggest that they leak "dangerous" information and risk their horror story becoming reality? No; rather I propose that if their intentions were really to protect the Internet, they should have stopped the discussion of their research from the immediate parties involved.
I do not necessarily advocate any of these stances as this analysis is meant to be normative.
I want to know how I can compile a CAS (maxima or maybe sage or euler) for it, program an equation typesetter, and get something like the gnu graphing library to work on it.
After reviewing the comments, I began to wonder: Is it possible that the article itself here is a troll with the purpose of generating a deluge of opinionated argument?
Then I went back to trying to level on http://www.overthewire.org/wargames/vortex/
I would think that the process of doing stochastic modeling (and I figure it's safe to assume that we're talking about the discrete case) would be embarrassingly parallel by nature as were dealing with matrix multiplication by a state vector. That's about the most parallelizeable as it gets right?
On top of that there's tons of tricks to reduce your stochastic matrix into a form that allows for more parallelization, Like you can do with the Google marix and the Sheeron-Morrison rank one update formula. I've only got my B.S. in math right now so I can't say for sure what optimizations could be done on this process, but could maybe a grad student shed some light on what would keep a simulation of a discrete stochastic process (or a discrete simulation of a continuous one) not embarrassingly parallel?
Wow, this is astounding.
I've been so engulfed by Jewish culture here in Pikesville MD, and have been part of it for so ling that I sometimes forget that this sort of bigotry is actually still out there.I'm equally astounded that someone even considers a persons religious background as more than a biographical note when forming an opinion of them.
I'm starting to remember why I don't bother with that outside world much.
Anyway, the article doesn't really explain the mechanics of how this analysis works. Do they just run a program to fetch the page every n seconds, use a reg exp to find the area where the number of edits are, get the counter and repeat for some number of hours?
I guess that this is possible but it seems a bit crude. Anyone know a more sophisticated method? err ... does anyone know a more sophisticated legal method?