> It's about keeping dangerous animals caged. Removing dangerous individuals from the general population.
In this case why does the US have the world's largest prison population (about 2 million) and relatively high crime rates still?
Cool, so I can refuse you a right of way or an easement on my property when you decide to do a build out? What's that? I can't refuse you a right of way or an easement? Oh ok, I'll just talk to your competitor then. Oh wait, you have a state granted monopoly and there is no competitor?
Ermm...
Seems rather one sided.
Does root have access to/proc/kcore? If yes then an attacker with root access can modify the kernel in memory as needed. Heck there's even projects to bring this into the mainstream for carrier grade Linux (no need for those pesky reboots after a kernel upgrade):
http://pannus.sourceforge.net/
Actually you're partially wrong. Most communications are carried by terrestrial or submarine fiber optic cables. They're cheaper, higher bandwidth, lower latency (geosynch orbit and back at light speed is a good fraction of a second). I'd be concerned about satellites (e.g. weather monitoring), but not the communications ones (most of those are military, and quite often they're placed in elevated orbits to avoid just this sort of problem).
A car without gas doesn't work, yet I am free to buy a car without gas in it and bring my own gas to use in it. As far as computers go I order barebone machines all the time (Sun X2100's being a great example, they offer Solaris, SuSE, Red Hat, Windows or no OS). I can do the same from many vendors for desktop systems. Apparently selling machines without an OS is acceptable to a large number of consumers.
One aspect of information security that is often under looked is physical security. While attention is often paid to secure areas containing servers, network equipment and telecommunication gear not as much attention has been paid to the fringes of the network. Although some security standards such as 802.1x and various network access control (NAC) products exist that can be used to address the network fringe they all contain one major weakness.
Assuming a network has implemented end to end security in the form of 802.1x or a network access control (NAC) solution they all make one major assumption: that a man in the middle attack can't be executed once the end point has authenticated. For example 802.1x addresses this directly, if the network port detects that the connection is dropped it requires the end point to re-authenticate before it's allowed to have network access again. If the network hasn't implemented such a scheme then it becomes trivial to execute a man in the middle attack by physically inserting another computer in between the network equipment and the end machine.
But that would be pretty obvious wouldn't it? I mean you think a user (even the dullest one) would notice a second machine plugged into their network drop, with their computer daisy chained off of it.
They have TV commercials, print ads, etc. Not completely unreasonable to except a tech related web site might assume people know who "IBM" or "MS" or "CA" is. Personally I would have spelled the entire name unless space was an issue (rarely on a website).
Re:It's the all encompassing .com that's the probl
on
Utube Sues YouTube
·
· Score: 1
Apple and Microsoft also do hardware, services, are you going to list EVERY business function in the form of microsoft.*.com? This is by FAR the worst DNS proposal I've ever heard.
I don't see how this is incongruent with the warrior ethos. I do most of the cooking in my primary relationship, one reason is scheduling, the other reason being that I love cooking and feeding people (especially my fiancée) healthy nourishing food. It gives me the same feeling that cavemen got when they brought dead things home on the end of a stick, or when my cat brings me a mouse (nothing like a surprise present at 5am).
I think the problem for most men is finding a mature, modern style of life that works in conjunction with the warrior ethos. For example I don't have children yet, so I take the time to work with male kids and role model (what I feel is anyways) appropriate male behavior to them. Again the same feeling cavemen got from teaching their kids how to knap flint and set deadfall traps.
> A beginner can put it all together in a couple days. Someone who has done it before can set it up in a couple hours.
Or I can just buy a DVD player, plug it in and.. well I guess be done in 2 minutes.
Based on results it is obvious that the Anti-Virus vendors are failing to give consumers a product that averts issues. At best you can hope that your AV vendor releases updates that get installed in time on your machine prior to an infection vector like email or web being triggered on your system. Should that fail you can hope that the virus is not malicious and that your AV software can clean your system up.
Obviously this isn't working. Viruses continue to run rampant. We've been using the same techniques largely for over a decade, perhaps if we try them for another decade they will suddenly start to work.
So why aren't we using different methods that might actually work, especially the proactive ones?
Doh, now I remember, it's because I can continue to sell you an AV subscription at 10-60$ a year forever.
This is much like the consultants dilemna, do you fix the problem and have to find a new job, or do you band-aid the problem and maximize your billable hours.
I don't think AV companies are going to provide any long lasting relief anytime soon.
Perhaps it is time to start asking your vendors why this problem has continued for over a decade, and will continue with no end in sight.
You made a choice to live in a known (or unknown) earthquake zone, to live in a building that cannot withstand a Richter [whatever number] earthquake, etc. Ditto for Volcanos, they don't exactly sneak up on you. You can either choose to take accountability for your actions and life, or you can avoid accountability and live life as a victim.
In theory they'd be smart enough to feed the golden goose once in a while rather than just taking the eggs and running. I use OpenBSD for a number of firewalls at my sites and client sites, I've got every CD going back to 2.1, and given cash to the project in past, next week at CSW06 I'll be handing Theo a cheque. Why? Because I'd be really up the creek without OpenBSD for my firewalls (active failover on commodity hardware is a lot cheaper than the commercial alternatives).
"There is zero tracability and zero accountability."
Funny because there is exactly that on the side of the people/organizations using OpenBSD/OpenSSH, you can get it for free, use it, sell it, etc and not even have to distribute source code or anything. The funny thing is business not trusting Theo with their money, but trusting his project with their critical infrastructure.
No it doesn't. You have 10 times as many people voting. You also have 10 times as many people working the polls and counting ballots and whatnot. End result: the same amoutn of time. Getting 10 times more people to work elections in a country with 10 times more people... geee. that'd be the same percentages as here.
You people suck at math.
Red Hat Enterprise - chkconfig --level 35 rhnsd on
on
Linux Patch Management
·
· Score: 1
This only leaves running the updater manually to install updated kernels (by default it doesn't upgrade the kernel automatically, you can of course change this) and the occasional reboot once you update a kernel (network services are restarted as needed). You just set it and forget it like the Ronco showtime rottisiere (sp?) BBQ.
I just did a rebate from Staples for $30, online via http://staples.onlinerebates.ca/ (Canada). The person at the store claims it takes about half the time and you get a confirmation right away so you can be somewhat sure it actually went through. Still a great scam though, getting people to pony up money you sit on and earn money with until you give it away to someone else.
John Cleese did a short documentary called "Wine for the confused." Towards the end of it he buys 5 bottles of wine ranging in price from $5 US to several hundred. He puts them in brown paper bags with laters ([A-E])and has 20 odd people try them all (some movie star friends/etc, generally people who supposedly drink a lot of expensive wine). He then asks "which wine did you think was the most expensive one" to which the various people say A, B, D, E, John Cleese then says "I'm not hearing a lot of "C." Turns out that no-one thought the most expensive wine was the best one, in fact several thought the $5 bottle was the best. The moral of the story: wine, like food and coloirs is a matter of individual taste and price often has little bearing on what we truly enjoy. Personally I can't stand Beaujolais, I've tried a few and found every single one utterly repulsive.
Click on the quick link menu to choose other manufacturers. ATI, Nvidia, XGI, S3, SiS, Matrox, PowerVR, 3dfx, Trident and Intel. I would have to say overall it's pretty useless (raw numbers... ok they seem to go up, just like the graphics card's model #... ).
They're using it to test electronics. The room/building it was in contained the radiation just fine. The problem was they couldn't send a person in to fix it (because said person would die due to radiation exposure).
Re:Yeah, but there's also...
on
Nessus 3.0 Released
·
· Score: 5, Informative
"Do you mean to tell me that the Nessus team found every vuln themselves and then coded an exploit to check for such vuln?"
In a nutshell yes. They don't actually find all the vulnerabilities themselves, for that you can simply check the CVE database/etc. However as far as writing the plugins to check for the actual flaw/etc most of those were written by the core team, very few have been contributed by outsiders. Basically Nessus loses almost no outside development in moving to a closed source model, one of the biggest reasons to open source something (gain outside developers).
Sun x2100 - $675 for a barebones system, just use whichever SATA drive you prefer, and brand name PC3200 DDR400 RAM (I use kingston mostly), voila an Opteron based box with 2 hard drives (there's an onboard RAID card as well), dual gigabit ethernet (broadcom, very nice), up to 4 gigs of ram (4 slots), lights out management, service light, great airflow, serial port that allows BIOS access as well as OS access (most whiteboxes won't do that). PCI-E slot for a raid card/fiberchannel/ethernet/etc. Oh and that $675 includes shipping and handling (which makes a big difference, shipping on a 1U is typically 100$ US with insurance/etc). These machines run Windows, Solaris, Linux (certified for Red Hat and SuSE) and OpenBSD (undeadly.org is running on a Sun x2100 as we speak).
Slashdot Mirror
> It's about keeping dangerous animals caged. Removing dangerous individuals from the general population. In this case why does the US have the world's largest prison population (about 2 million) and relatively high crime rates still?
Cool, so I can refuse you a right of way or an easement on my property when you decide to do a build out? What's that? I can't refuse you a right of way or an easement? Oh ok, I'll just talk to your competitor then. Oh wait, you have a state granted monopoly and there is no competitor? Ermm... Seems rather one sided.
Does root have access to /proc/kcore? If yes then an attacker with root access can modify the kernel in memory as needed. Heck there's even projects to bring this into the mainstream for carrier grade Linux (no need for those pesky reboots after a kernel upgrade):
http://pannus.sourceforge.net/
Actually you're partially wrong. Most communications are carried by terrestrial or submarine fiber optic cables. They're cheaper, higher bandwidth, lower latency (geosynch orbit and back at light speed is a good fraction of a second). I'd be concerned about satellites (e.g. weather monitoring), but not the communications ones (most of those are military, and quite often they're placed in elevated orbits to avoid just this sort of problem).
A car without gas doesn't work, yet I am free to buy a car without gas in it and bring my own gas to use in it. As far as computers go I order barebone machines all the time (Sun X2100's being a great example, they offer Solaris, SuSE, Red Hat, Windows or no OS). I can do the same from many vendors for desktop systems. Apparently selling machines without an OS is acceptable to a large number of consumers.
From RiskBloggers.com:
Miniature Computers That Can Break Your Network Wide Open
One aspect of information security that is often under looked is physical security. While attention is often paid to secure areas containing servers, network equipment and telecommunication gear not as much attention has been paid to the fringes of the network. Although some security standards such as 802.1x and various network access control (NAC) products exist that can be used to address the network fringe they all contain one major weakness.
Assuming a network has implemented end to end security in the form of 802.1x or a network access control (NAC) solution they all make one major assumption: that a man in the middle attack can't be executed once the end point has authenticated. For example 802.1x addresses this directly, if the network port detects that the connection is dropped it requires the end point to re-authenticate before it's allowed to have network access again. If the network hasn't implemented such a scheme then it becomes trivial to execute a man in the middle attack by physically inserting another computer in between the network equipment and the end machine.
But that would be pretty obvious wouldn't it? I mean you think a user (even the dullest one) would notice a second machine plugged into their network drop, with their computer daisy chained off of it.
Maybe. Maybe not.
Read More
They have TV commercials, print ads, etc. Not completely unreasonable to except a tech related web site might assume people know who "IBM" or "MS" or "CA" is. Personally I would have spelled the entire name unless space was an issue (rarely on a website).
Apple and Microsoft also do hardware, services, are you going to list EVERY business function in the form of microsoft.*.com? This is by FAR the worst DNS proposal I've ever heard.
I don't see how this is incongruent with the warrior ethos. I do most of the cooking in my primary relationship, one reason is scheduling, the other reason being that I love cooking and feeding people (especially my fiancée) healthy nourishing food. It gives me the same feeling that cavemen got when they brought dead things home on the end of a stick, or when my cat brings me a mouse (nothing like a surprise present at 5am). I think the problem for most men is finding a mature, modern style of life that works in conjunction with the warrior ethos. For example I don't have children yet, so I take the time to work with male kids and role model (what I feel is anyways) appropriate male behavior to them. Again the same feeling cavemen got from teaching their kids how to knap flint and set deadfall traps.
> A beginner can put it all together in a couple days. Someone who has done it before can set it up in a couple hours. Or I can just buy a DVD player, plug it in and.. well I guess be done in 2 minutes.
Based on results it is obvious that the Anti-Virus vendors are failing to give consumers a product that averts issues. At best you can hope that your AV vendor releases updates that get installed in time on your machine prior to an infection vector like email or web being triggered on your system. Should that fail you can hope that the virus is not malicious and that your AV software can clean your system up.
Obviously this isn't working. Viruses continue to run rampant. We've been using the same techniques largely for over a decade, perhaps if we try them for another decade they will suddenly start to work.
So why aren't we using different methods that might actually work, especially the proactive ones?
Doh, now I remember, it's because I can continue to sell you an AV subscription at 10-60$ a year forever.
This is much like the consultants dilemna, do you fix the problem and have to find a new job, or do you band-aid the problem and maximize your billable hours.
I don't think AV companies are going to provide any long lasting relief anytime soon.
Perhaps it is time to start asking your vendors why this problem has continued for over a decade, and will continue with no end in sight.
You made a choice to live in a known (or unknown) earthquake zone, to live in a building that cannot withstand a Richter [whatever number] earthquake, etc. Ditto for Volcanos, they don't exactly sneak up on you. You can either choose to take accountability for your actions and life, or you can avoid accountability and live life as a victim.
In theory they'd be smart enough to feed the golden goose once in a while rather than just taking the eggs and running. I use OpenBSD for a number of firewalls at my sites and client sites, I've got every CD going back to 2.1, and given cash to the project in past, next week at CSW06 I'll be handing Theo a cheque. Why? Because I'd be really up the creek without OpenBSD for my firewalls (active failover on commodity hardware is a lot cheaper than the commercial alternatives).
"There is zero tracability and zero accountability."
Funny because there is exactly that on the side of the people/organizations using OpenBSD/OpenSSH, you can get it for free, use it, sell it, etc and not even have to distribute source code or anything. The funny thing is business not trusting Theo with their money, but trusting his project with their critical infrastructure.
No it doesn't. You have 10 times as many people voting. You also have 10 times as many people working the polls and counting ballots and whatnot. End result: the same amoutn of time. Getting 10 times more people to work elections in a country with 10 times more people... geee. that'd be the same percentages as here. You people suck at math.
This only leaves running the updater manually to install updated kernels (by default it doesn't upgrade the kernel automatically, you can of course change this) and the occasional reboot once you update a kernel (network services are restarted as needed). You just set it and forget it like the Ronco showtime rottisiere (sp?) BBQ.
I just did a rebate from Staples for $30, online via http://staples.onlinerebates.ca/ (Canada). The person at the store claims it takes about half the time and you get a confirmation right away so you can be somewhat sure it actually went through. Still a great scam though, getting people to pony up money you sit on and earn money with until you give it away to someone else.
Hah. Nice. For anyone wondering what is being discussed go read "Moral Relativism A Short Introduction" by Neil Levy (ISBN 1-85186-305-4). -Kurt
John Cleese did a short documentary called "Wine for the confused." Towards the end of it he buys 5 bottles of wine ranging in price from $5 US to several hundred. He puts them in brown paper bags with laters ([A-E])and has 20 odd people try them all (some movie star friends/etc, generally people who supposedly drink a lot of expensive wine). He then asks "which wine did you think was the most expensive one" to which the various people say A, B, D, E, John Cleese then says "I'm not hearing a lot of "C." Turns out that no-one thought the most expensive wine was the best one, in fact several thought the $5 bottle was the best. The moral of the story: wine, like food and coloirs is a matter of individual taste and price often has little bearing on what we truly enjoy. Personally I can't stand Beaujolais, I've tried a few and found every single one utterly repulsive.
Wine for the Confused (2004) (TV)
With the exception of gold. Julia Childs used a gold frying pan briefly on her TV show. Of course this is a little bit pricey for most people.
No, Bruce has nothing to do with designing AES (aka Rijndael), that was Joan Daemen and Vincent Rijmen.
Click on the quick link menu to choose other manufacturers. ATI, Nvidia, XGI, S3, SiS, Matrox, PowerVR, 3dfx, Trident and Intel. I would have to say overall it's pretty useless (raw numbers... ok they seem to go up, just like the graphics card's model #... ).
They're using it to test electronics. The room/building it was in contained the radiation just fine. The problem was they couldn't send a person in to fix it (because said person would die due to radiation exposure).
"Do you mean to tell me that the Nessus team found every vuln themselves and then coded an exploit to check for such vuln?"
In a nutshell yes. They don't actually find all the vulnerabilities themselves, for that you can simply check the CVE database/etc. However as far as writing the plugins to check for the actual flaw/etc most of those were written by the core team, very few have been contributed by outsiders. Basically Nessus loses almost no outside development in moving to a closed source model, one of the biggest reasons to open source something (gain outside developers).
Sun x2100 - $675 for a barebones system, just use whichever SATA drive you prefer, and brand name PC3200 DDR400 RAM (I use kingston mostly), voila an Opteron based box with 2 hard drives (there's an onboard RAID card as well), dual gigabit ethernet (broadcom, very nice), up to 4 gigs of ram (4 slots), lights out management, service light, great airflow, serial port that allows BIOS access as well as OS access (most whiteboxes won't do that). PCI-E slot for a raid card/fiberchannel/ethernet/etc. Oh and that $675 includes shipping and handling (which makes a big difference, shipping on a 1U is typically 100$ US with insurance/etc). These machines run Windows, Solaris, Linux (certified for Red Hat and SuSE) and OpenBSD (undeadly.org is running on a Sun x2100 as we speak).
http://undeadly.org/cgi?action=article&sid=2005111 2002121&pid=2