The firm I was workign for at the time noticed this 6 years ago on AIX.
We informed CERT/IBM - nothing happened.
NOW it it makes all the headlines.
what impact does it have - none, unless the stuff in the PADing area contains the unencrypted data that was originally send encryped. Or am I missing something like I normally do?
ie ya don't want the techies doing it, just admin staff doing the details from a change form.
Most sites I've seen roll their own database for this sort of thing. You get then change management form (signed by the appropriate person) and a non-techie puts in the changes to a little app. The app updates the database and the database updates the DNS/DHCP settings....
Complete and utter ability to impersonate your upper management, sent out emails supposedly from them and read all their files(assumming you're running AD for NT domains and the email uses the AD etc for authentication)....
What other risks to the business can you think of -
the cleaner can get as anyone... people can update documents they aren't supposed to..
Not really the issue - people use the internet in non-US locations:-)
Sure the places to host for high bandwidth are limited geographically (New and London being the top two). It's all about getting the content to the end user.
Now if I could get 100 OC-48 pipes into Afganistan then that would suddenly become a nice location to host from.
The problem here is RIAA (and the MPAA etc) are trying to place a royalties on content providors. Now this isn't necessarily a bad thing IF they get down to people who made songs (content) in the first place. BUT is doesn't (see earlier/. stories for this).
I can't how how they can police the royalty calculation - they expect people to own up to being US citizens and assume that the providers are passing on this info. I'm sure that there will be point where it will be cheaper for (say) live365 to move to Australia (or whereever) and rather than RIAA royalties. IE RIAA may effectively price themselves out of the market.
So how so I prove I'm not a US citizen (or even that I am). Goes back to the days of US crypto export when I had to prove I was a US citizen by supplying a valid name/address etc before I could download.
IMO it won't work from a practicality point - everyone will become Icelandic:-)
Still would like to see one of the big stations move out of the US due to this.
Now how do they expect to police this with providers based in non-USA territories????
I'd love for some of the larger internet sites (yahoo, google, live365, mp3.com) to up and move to (say) Russia, or some other country with a decent amount of connectivity and watch RIAA/MPAA etc try control to them. (I'm sure someone can suggest such a region).
yes there's be issues (cf deCCS and the Norwegian justice system), but it would be interesting non the less.
We seem to have a world of internet have and have nots.
The biggest set of have nots are still those who have not in respect of anything (the third world). We have the 'ring of fire' around Africa, but that's only really useful for the countries with a shoreline. Do you think your efforts for intra-planet internet-working would help to provide better satellite based access for making ISP's cheaper.
The Practice of System and Network Admin (well we all know this one, come one on , we ok ISBN 0201702711), has quite of the first two chapters on this. More of why you should have common automatic installs than the actual ROI costs for doing the automatic scripts etc.
BUT ya gotta remember that you'll need more and bigger M$ servers to accomplish the same things with Linux, *BSD or Unix. Hence the cost goes up.
"adding that the big issue was a reluctance to accept legal liability for open-source software. "
I'm sorry but whem has anyone tried legal action against M$ for selling you duff software. There's a big disclaimer in the license if I remember correctly. Something along the lines of...
"If you lose data and your business suffers financially as a result, Microsoft accept no liability for any errors in our sofware. Tough"
What they've prob got is a massive SAN (storage Area Network) running over 2 or more sites. If one site goes down you can run on the other and at 30 miles apart.
Also accessing this amount of data at reasonable high rates is expensive, think Storagetek silos, HDS SAN's etc etc. All this is highend very very fast stuff.
If you've got 50 TB of data running in an OLAP cube you've got to have massive IO capability to properly load and spin the cube around. Ie the cost ain't in the actual storage media, but the IO (esp if you've got a split system requiring multi-site system).
There should be plenty of examples of this sort of data storage now - telcos to web logs. Pricing, well depends on the deal you can get at the time...
"We've saved money on the front end but burned money on the conversion process, so we're still behind," the employee said. Fundamental differences in how Intel and HP processors treat binary numbers..."
I thought the only processor that had reverse endian design to Intel's was the Sparc, not the PA-RISC?
If I'm right the guys here is talking out of his hat. If I'm wrong someone correct me and I'll eat mine:-)
Slashdot Mirror
and one huge CC bill when it arrives.
yes yes I know you get alsorts of yummy things on it, but when trying to get this past the "government at home" they only see how much it costs.
When I can all need h/w wise from Dell/../.. for under £1000 why should should I fork out all this extra and STILL have to pay extra for the display.
All I do at home is a little word/email/surfing and my 1Ghz PIII runs all the games I have fine....
OK if I was into video editing etc it would be worth it...
ya pays ya money ya makes your choice...
don't neural nets for this - they do this already in F1...
The firm I was workign for at the time noticed this 6 years ago on AIX.
We informed CERT/IBM - nothing happened.
NOW it it makes all the headlines.
what impact does it have - none, unless the stuff in the PADing area contains the unencrypted data that was originally send encryped. Or am I missing something like I normally do?
have teamed up to do this kind of thing.
l
http://www.netmax.com/products/magnia_prods.htm
We use their software based distro in a couple of our remote office at work.
2 (and a bit) admins, 1 programmer
12 servers, 250 users spread across Europe, US and Japan
ie ya don't want the techies doing it, just admin staff doing the details from a change form.
Most sites I've seen roll their own database for this sort of thing. You get then change management form (signed by the appropriate person) and a non-techie puts in the changes to a little app. The app updates the database and the database updates the DNS/DHCP settings....
Not very helpful, but there you go..
OK so point what no passwd will give you.
Complete and utter ability to impersonate your upper management, sent out emails supposedly from them and read all their files(assumming you're running AD for NT domains and the email uses the AD etc for authentication)....
What other risks to the business can you think of -
the cleaner can get as anyone...
people can update documents they aren't supposed to..
the list goes on.
more like 6 months
:-)
I see a Moore's Law for spam - spam power will double every 9 months
So if you want to get into a growing industry work for/found an anti-spam company.
as ever with a
who make SANs / hard disks etc..... :-)
OK then MDDOS
Multiple Distributed Denial of Service
ie attacking more than one site with the same 'attack'
Seems this was as distrubuted DDoS (DDDOS - sounds like a stemmer:-), many people got this..
http://www.merit.edu/mail.archives/nanog/msg053
In a former life (about 4 years ago) we tried this sort of thing and ended up with the same problem.
The reason. Our address - Beaver House.
Seems some mistakes get made over and over again with 'censorware'.
Sigh.
via their 'wearable' PC.
F 07 LZ5ZY.HTM
Nice and semi-rugged too, so it'll cope with a small drop from desk etc...
http://www.panasonic.co.uk/product/wearablepc/C
Perhaps is the server AND the client were available for GNU/linux you'd have a better chance.
Also providing a cut down 'free for ever' version would help get it through the front door.
???
I bet Reliant are dead jealous, imagine doing that in a Robin - or plastic pig as they are known.
:-)
I bet Delboy would by one ("Only Fools and Horses" UK TV show)
Not really the issue - people use the internet in non-US locations :-)
/. stories for this).
Sure the places to host for high bandwidth are limited geographically (New and London being the top two). It's all about getting the content to the end user.
Now if I could get 100 OC-48 pipes into Afganistan then that would suddenly become a nice location to host from.
The problem here is RIAA (and the MPAA etc) are trying to place a royalties on content providors. Now this isn't necessarily a bad thing IF they get down to people who made songs (content) in the first place. BUT is doesn't (see earlier
I can't how how they can police the royalty calculation - they expect people to own up to being US citizens and assume that the providers are passing on this info. I'm sure that there will be point where it will be cheaper for (say) live365 to move to Australia (or whereever) and rather than RIAA royalties. IE RIAA may effectively price themselves out of the market.
So how so I prove I'm not a US citizen (or even that I am). Goes back to the days of US crypto export when I had to prove I was a US citizen by supplying a valid name/address etc before I could download.
:-)
IMO it won't work from a practicality point - everyone will become Icelandic
Still would like to see one of the big stations move out of the US due to this.
Again , still...
Now how do they expect to police this with providers based in non-USA territories????
I'd love for some of the larger internet sites (yahoo, google, live365, mp3.com) to up and move to (say) Russia, or some other country with a decent amount of connectivity and watch RIAA/MPAA etc try control to them. (I'm sure someone can suggest such a region).
yes there's be issues (cf deCCS and the Norwegian justice system), but it would be interesting non the less.
Anyway back now to normal broadcasting.......
http://www.merit.edu/mail.archives/nanog/msg040
nothing concrete and MIDS doesn't show anything on the weather reports (not that it means anything).
We seem to have a world of internet have and have nots.
The biggest set of have nots are still those who have not in respect of anything (the third world). We have the 'ring of fire' around Africa, but that's only really useful for the countries with a shoreline. Do you think your efforts for intra-planet internet-working would help to provide better satellite based access for making ISP's cheaper.
The Practice of System and Network Admin (well we all know this one, come one on , we ok ISBN 0201702711), has quite of the first two chapters on this. More of why you should have common automatic installs than the actual ROI costs for doing the automatic scripts etc.
BUT ya gotta remember that you'll need more and bigger M$ servers to accomplish the same things with Linux, *BSD or Unix. Hence the cost goes up.
"adding that the big issue was a reluctance to accept legal liability for open-source software. "
...
I'm sorry but whem has anyone tried legal action against M$ for selling you duff software. There's a big disclaimer in the license if I remember correctly. Something along the lines of
"If you lose data and your business suffers financially as a result, Microsoft accept no liability for any errors in our sofware. Tough"
Or am I wrong...???
For me the guys are www.vogon-data-recovery.com
There are others, but I always seem to see these guys at the forefront...
just my 2 pence..
What they've prob got is a massive SAN (storage Area Network) running over 2 or more sites. If one site goes down you can run on the other and at 30 miles apart.
Also accessing this amount of data at reasonable high rates is expensive, think Storagetek silos, HDS SAN's etc etc. All this is highend very very fast stuff.
If you've got 50 TB of data running in an OLAP cube you've got to have massive IO capability to properly load and spin the cube around. Ie the cost ain't in the actual storage media, but the IO (esp if you've got a split system requiring multi-site system).
There should be plenty of examples of this sort of data storage now - telcos to web logs. Pricing, well depends on the deal you can get at the time...
I thought the only processor that had reverse endian design to Intel's was the Sparc, not the PA-RISC?
If I'm right the guys here is talking out of his hat. If I'm wrong someone correct me and I'll eat mine:-)