I tried the white hat dealie once when a sysadmin offered me $100 if I could break into his ISP. 30 seconds later when I/msg'd him the contents of a file which only root could read he backed down on his offer because "we never made it official." I should have rm -rf'd the system, but I was a good little boy and for some ungodly reason patched the whole myself.
He's also a moron. Cracking your school's website, or some little ISPs site is one thing. Cracking the army is plain stupid. The guy was told he was under investigation, so he did something to get bragging rights. He'll get what he deserves. Even if they execute him it will be fair, we don't need morons like this polluting the gene pool.
Mitnick screwed himself over. He waived his right to a speedy trial. I get so sick of seeing people talk about how Mitnick didn't get a speedy trial. He waived his right, it took a while, it's his problem.
They better come up with something better than those damned vests though. Maybe a black jacket like thing designed to be worn with a white shirt and yellow shoes. Then we can all look like Tux. I fear the day when GAP stands for Geek Apparel(sp?). "I'll wrap you up in my penguin..."
This article was no better than the FUD it aimed to dispell. BSD is fragmented in the same sense UNIX is fragmented. UNIX started as one OS, and people began writing their own versions. *BSD began as one OS, and people began writing their own versions. Linux is fragmented as well, but to a lesser extent. There is only one Linux kernel, but there are many distributions. There are problems with libraries, file locations, and rc scripts, but the LSB (or whatever it's called right now) aims to remove these incompatibilites. Do all of the BSDs have common rc scripts, common libraries, common file locations? I don't know, but I'm fairly certain the answer is no. Is there any work underway to resolve these problems if they exist? There are far more Linux distributions than BSD, however, so IMHO they come up about equal for fragmentedness.
Also, the bit about FreeBSD being a technically superior OS was pure FUD. Why is FreeBSD technically superior? I don't think being derived from the original UNIX source (which IIRC is no longer true because of a law suit that forced them to remove all AT&T source from *BSD) qualifies as making a "technically superior" OS. I also don't think the cathedral-ish developement model makes any difference either. The author fails to mention is that Linux kernel patches go through much of the same procedure that *BSD patches do. People submit the patch to Linus, who then reviews and decides if the patch should become part of the official kernel.
I'm not going to go into the license issues as I feel they are a matter of personal choice and have nothing to do with one OS being superior than the other. Some people like the GPL, others like the BSD license, others still might prefer the MPL, QPL, or any one of the growing list of free licenses.
Finally, Linux is not a clone of FreeBSD anymore than FreeBSD is a clone of Linux. They are entirely different OSes with different goals started by different people. They are both UNIX clones. FreeBSD may be more closely tied to UNIX, but that does not make Linux a FreeBSD clone.
Linux would have no way not to let you boot from a floppy. The BIOS handles booting, not the kernel. LILO does have some security options for not allowing paramaters to be passed to the kernel, but booting from the disk drive bypasses the hdd alltogether so it doesn't matter. Disabling it in the BIOS does nothing either; most mbs these days have a jumper that will clear the BIOS, and if that doesn't work you can just pull the battery. If someone has physical access to the box it is not secure.
This has nothing to do w/ shadow passwords. The method he described will work even if you have shadow passwords. Even if the passwords were stored on another system and all over the wire data was encrypted w/ 5billion bit encryption you could still boot from a floppy and modify whatever files you needed to in order to disable said protection. Or you could replace/bin/login with/bin/sh. If you have physical access to the machine it is NOT secure.
pkzip and gzip use LZ77, but compress uses LZW. LZW is a "performance enhancement" of LZ77, which esentially reduced the amount of compression done by the algorithm to make it faster. Somehow this qualified for a patent even though it seems like it's obviously a derived work. Maybe there are some facts of which I am not aware.
From the gzip man page:
Gzip uses the Lempel-Ziv algorithm used in zip and PKZIP. The amount of compression obtained depends on the size of the input and the distribution of common substrings. Typically, text such as source code or English is reduced by 60-70%. Compression is generally much better than that achieved by LZW (as used in compress), Huffman coding (as used in pack), or adaptive Huffman coding (compact).
IIRC LZW was neither novel or unintuitive. Wasn't it just a modification of LZ77 with "performance enhancements" that made it compress faster by reducing the ammount of compression done? I think gzip uses LZ77 and compress and pkzip use LZW. That's why gzip does a better job compressing.
What bothers me most about this entire mess was the comment made by the microsoft spokesperson yesterday. Something to the effect of "exploiting this whole requires a detailed knowledge of web programming languages." It required knowledge of a URL.
Simply replace ENTERLOGINHERE with the name of the account and it worked. This isn't even cracking imho. It's like when someone forgets to set a root password on a box that accepts root telnet logins. Typing "root" and hiting enter isn't cracking the box, it's stupidity on the admin's part. It's the same thing as leaving your car doors unlocked then complaining when your discman that you left on the front seat gets stolen. Microsoft left the proverbial door to hotmail unlocked.
The whole spin on this makes it appear to be "those bad hackers" attacking poor innocent microsoft. I'm sorry but accepting a URL as a form of authentication with no password checking is plain stupid. This reminds me of the at&t vs. mci story from a little while ago discussing how the two companies handled outages. at&t admitted to the problem and kept customer's informed about what was going on. mci blamed someone else and lost a lot of respect and possibly bussiness.
Microsoft needs to grow up and except responsibility for their mistakes.
The heart can keep going for a short period of time w/o intervention from the brain, but I don't think you would be able to live out the rest of your life w/o your brain talking to your heart, not to mention other organs like, lungs, liver, kidneys. You probally could get a pacemaker to keep the heart going, a respirator for your lungs, dialasis for your kidneys, and an i.v. drip of all the nutrients your body needs. I think I'd personally rather be dead than live life like that, but then again, if i'm ever in that situation i might change my mind...
I think the stuff is called telemorose or something along those lines. I saw a report on it that predicted that within 10 years we might be able to take a pill that would restore the telemorose on our DNA and essentially let us live forever. Apparently this would also prevent alztimers(i know that's spelled way wrong). Your brain does start to deteriorate after about age 20 and I doubt this process would stop it. Someone else mentioned that the human brain is thought to be good for atleast 300 years, so who knows. Maybe I'll get to be 30 for the next 250+ years. I just hope it prevents male pattern baldness too:)
I think this is nothing more than a publicity stunt on antionline's part. After the PacketStorm fiasco I'm sure that antionline took a lot of heat from the security community. The descission to host the box is probally a way of saying "Look we're on your side, really we are!" in an attempt to look good in the public's eye.
From what I've seen basically Hotmail trusts a certain URL to be accurate w/o doing any verification of the password. This isn't an NT issue or a Solaris issue or any other OS related security hole. It's just bad programming on the part of whoever wrote the offending code. Whether it was MS who messed up or the people who originally wrote hotmail I wish I knew.
Actually I think the lynx way would work a lot better w/ text to speech. Let's say you have a side bar on the left and then content on the right. What would probally happen w/ a synth is that it would read a line from the sidebar, then from the content, then from the sidebar, then from the content, and so on. I know lynx works fine for text to speech because I used to have a friend who was completely blind (well he could make out shadows and bright lights at a distance of about 1 foot but that was it) and he used lynx all the time for web stuff.
Actually mozilla has very little code from netscape left at this point. They've totally rewritten the rendering code, the network code, and a whole bunch of other stuff. Mozilla is essentially a completely new browser. I still like netscape x.x over ie 4. Maybe it's because I've been using netscape since the time when you could fit it on a single floppy, or maybe it's just cuz i hate microsoft, but netscape just feels better. That and it works in Linux.
Actually it's already been done. Linus owns the trademark on linux. Originally he didn't register it because he didn't like the idea of anyone owning it. The some shmuck registered it and sent letters to a bunch of american book publishing companies and redhat and the likes saying he wanted their money. After a brief legal fight the trademark was transfered to Linus and everyone lived happily ever after. The end.
Not entirely. In civil cases (anything brought on by someone who isn't the government), the accusing party only has to prove that it's more likely that you did than it is that you didn't. Basically they have to convince you 51% that they are right. So if you are brought to court in a civil matter you pretty much have to prove that you are inocent. Hence why OJ got off in the criminal charges but not on the civil charges.
No, he means that when you follow a link that leads to an image zgv is executed to show you the image. Images embeded in html will still show up as [IMAGE] for all those sites that think netscape/msie are the only browsers on the planet.
I think it's 49.7 days.
on
Kernel 2.2.12
·
· Score: 2
you are allowed to use parts of copyrighted material in review, critique, or parody. I'd say this prolly falls under review. Besides, zdnet i'm sure is happy everytime one of their articles gets posted to slashdot, more hits, more banners loaded, more ad money.
I agree that creating laws to give special rights to any minority is wrong, but in many states homosexuals have less rights. Most noteably the fact that most states will not recognize a homosexual marriage. Or that some states have outlawed the sale/use/possetion of dildos and other devices of the sort. I believe programs like affirmative-action are nothing more than reverse-prejudice. But I think making it illegal to deny someone a job based on race, gender, or sexual orientation is right. Everyone deserves the same rights.
But how many of us would want to be the one to pull the switch? I think "own kind" generally means someone in your social community. Ie, with in the same tribe or clan. But yah, the term is flexible, and I think it does change from culture to culture.
Re:Whoop dee do. Life or no life, doesn't matter.
on
Extraterrestrial Water
·
· Score: 2
We wouldn't necisarally(sp) need a worm hole. "Warp" drive already exists in theory. While matter cannot travel faster than the speed of light, there is nothing preventing space itself from travelling faster than the speed of light, so if you could cause the space behind you to expand at a rate higher than light speed, and the space infront of you to contract at the same speed, you could travel faster than light speed. It's like the whole "if you're on a train going just under the speed of light, and you run to the front of the train, you traveled faster than the speed of light, but didn't violate reletivity because relative to the train you were going pretty slow.
Slashdot Mirror
I tried the white hat dealie once when a sysadmin offered me $100 if I could break into his ISP. 30 seconds later when I /msg'd him the contents of a file which only root could read he backed down on his offer because "we never made it official." I should have rm -rf'd the system, but I was a good little boy and for some ungodly reason patched the whole myself.
He's also a moron. Cracking your school's website, or some little ISPs site is one thing. Cracking the army is plain stupid. The guy was told he was under investigation, so he did something to get bragging rights. He'll get what he deserves. Even if they execute him it will be fair, we don't need morons like this polluting the gene pool.
Mitnick screwed himself over. He waived his right to a speedy trial. I get so sick of seeing people talk about how Mitnick didn't get a speedy trial. He waived his right, it took a while, it's his problem.
They better come up with something better than those damned vests though. Maybe a black jacket like thing designed to be worn with a white shirt and yellow shoes. Then we can all look like Tux. I fear the day when GAP stands for Geek Apparel(sp?). "I'll wrap you up in my penguin..."
This article was no better than the FUD it aimed to dispell. BSD is fragmented in the same sense UNIX is fragmented. UNIX started as one OS, and people began writing their own versions. *BSD began as one OS, and people began writing their own versions. Linux is fragmented as well, but to a lesser extent. There is only one Linux kernel, but there are many distributions. There are problems with libraries, file locations, and rc scripts, but the LSB (or whatever it's called right now) aims to remove these incompatibilites. Do all of the BSDs have common rc scripts, common libraries, common file locations? I don't know, but I'm fairly certain the answer is no. Is there any work underway to resolve these problems if they exist? There are far more Linux distributions than BSD, however, so IMHO they come up about equal for fragmentedness.
Also, the bit about FreeBSD being a technically superior OS was pure FUD. Why is FreeBSD technically superior? I don't think being derived from the original UNIX source (which IIRC is no longer true because of a law suit that forced them to remove all AT&T source from *BSD) qualifies as making a "technically superior" OS. I also don't think the cathedral-ish developement model makes any difference either. The author fails to mention is that Linux kernel patches go through much of the same procedure that *BSD patches do. People submit the patch to Linus, who then reviews and decides if the patch should become part of the official kernel.
I'm not going to go into the license issues as I feel they are a matter of personal choice and have nothing to do with one OS being superior than the other. Some people like the GPL, others like the BSD license, others still might prefer the MPL, QPL, or any one of the growing list of free licenses.
Finally, Linux is not a clone of FreeBSD anymore than FreeBSD is a clone of Linux. They are entirely different OSes with different goals started by different people. They are both UNIX clones. FreeBSD may be more closely tied to UNIX, but that does not make Linux a FreeBSD clone.
Linux would have no way not to let you boot from a floppy. The BIOS handles booting, not the kernel. LILO does have some security options for not allowing paramaters to be passed to the kernel, but booting from the disk drive bypasses the hdd alltogether so it doesn't matter. Disabling it in the BIOS does nothing either; most mbs these days have a jumper that will clear the BIOS, and if that doesn't work you can just pull the battery. If someone has physical access to the box it is not secure.
This has nothing to do w/ shadow passwords. The method he described will work even if you have shadow passwords. Even if the passwords were stored on another system and all over the wire data was encrypted w/ 5billion bit encryption you could still boot from a floppy and modify whatever files you needed to in order to disable said protection. Or you could replace /bin/login with /bin/sh. If you have physical access to the machine it is NOT secure.
pkzip and gzip use LZ77, but compress uses LZW. LZW is a "performance enhancement" of LZ77, which esentially reduced the amount of compression done by the algorithm to make it faster. Somehow this qualified for a patent even though it seems like it's obviously a derived work. Maybe there are some facts of which I am not aware.
From the gzip man page:
Gzip uses the Lempel-Ziv algorithm used in zip and PKZIP. The amount of compression obtained depends on the size of the input and the distribution of common substrings. Typically, text such as source code or English is reduced by 60-70%. Compression is generally much better than that achieved by LZW (as used in compress), Huffman coding (as used in pack), or adaptive Huffman coding (compact).
IIRC LZW was neither novel or unintuitive. Wasn't it just a modification of LZ77 with "performance enhancements" that made it compress faster by reducing the ammount of compression done? I think gzip uses LZ77 and compress and pkzip use LZW. That's why gzip does a better job compressing.
What bothers me most about this entire mess was the comment made by the microsoft spokesperson yesterday. Something to the effect of "exploiting this whole requires a detailed knowledge of web programming languages." It required knowledge of a URL.
I VE&js=no&login=ENTERLOGINHERE&passwd=eh
http://207.82.250.251/cgi-bin/start?curmbox=ACT
Simply replace ENTERLOGINHERE with the name of the account and it worked. This isn't even cracking imho. It's like when someone forgets to set a root password on a box that accepts root telnet logins. Typing "root" and hiting enter isn't cracking the box, it's stupidity on the admin's part. It's the same thing as leaving your car doors unlocked then complaining when your discman that you left on the front seat gets stolen. Microsoft left the proverbial door to hotmail unlocked.
The whole spin on this makes it appear to be "those bad hackers" attacking poor innocent microsoft. I'm sorry but accepting a URL as a form of authentication with no password checking is plain stupid. This reminds me of the at&t vs. mci story from a little while ago discussing how the two companies handled outages. at&t admitted to the problem and kept customer's informed about what was going on. mci blamed someone else and lost a lot of respect and possibly bussiness.
Microsoft needs to grow up and except responsibility for their mistakes.
The heart can keep going for a short period of time w/o intervention from the brain, but I don't think you would be able to live out the rest of your life w/o your brain talking to your heart, not to mention other organs like, lungs, liver, kidneys. You probally could get a pacemaker to keep the heart going, a respirator for your lungs, dialasis for your kidneys, and an i.v. drip of all the nutrients your body needs. I think I'd personally rather be dead than live life like that, but then again, if i'm ever in that situation i might change my mind...
I think the stuff is called telemorose or something along those lines. I saw a report on it that predicted that within 10 years we might be able to take a pill that would restore the telemorose on our DNA and essentially let us live forever. Apparently this would also prevent alztimers(i know that's spelled way wrong). Your brain does start to deteriorate after about age 20 and I doubt this process would stop it. Someone else mentioned that the human brain is thought to be good for atleast 300 years, so who knows. Maybe I'll get to be 30 for the next 250+ years. I just hope it prevents male pattern baldness too :)
I think this is nothing more than a publicity stunt on antionline's part. After the PacketStorm fiasco I'm sure that antionline took a lot of heat from the security community. The descission to host the box is probally a way of saying "Look we're on your side, really we are!" in an attempt to look good in the public's eye.
First off it's solaris/bsd not NT. Second, it's not an OS related security issue at all. It's just sloppy programming in the hotmail setup itself.
From what I've seen basically Hotmail trusts a certain URL to be accurate w/o doing any verification of the password. This isn't an NT issue or a Solaris issue or any other OS related security hole. It's just bad programming on the part of whoever wrote the offending code. Whether it was MS who messed up or the people who originally wrote hotmail I wish I knew.
Actually I think the lynx way would work a lot better w/ text to speech. Let's say you have a side bar on the left and then content on the right. What would probally happen w/ a synth is that it would read a line from the sidebar, then from the content, then from the sidebar, then from the content, and so on. I know lynx works fine for text to speech because I used to have a friend who was completely blind (well he could make out shadows and bright lights at a distance of about 1 foot but that was it) and he used lynx all the time for web stuff.
Actually mozilla has very little code from netscape left at this point. They've totally rewritten the rendering code, the network code, and a whole bunch of other stuff. Mozilla is essentially a completely new browser. I still like netscape x.x over ie 4. Maybe it's because I've been using netscape since the time when you could fit it on a single floppy, or maybe it's just cuz i hate microsoft, but netscape just feels better. That and it works in Linux.
Actually it's already been done. Linus owns the trademark on linux. Originally he didn't register it because he didn't like the idea of anyone owning it. The some shmuck registered it and sent letters to a bunch of american book publishing companies and redhat and the likes saying he wanted their money. After a brief legal fight the trademark was transfered to Linus and everyone lived happily ever after. The end.
Not entirely. In civil cases (anything brought on by someone who isn't the government), the accusing party only has to prove that it's more likely that you did than it is that you didn't. Basically they have to convince you 51% that they are right. So if you are brought to court in a civil matter you pretty much have to prove that you are inocent. Hence why OJ got off in the criminal charges but not on the civil charges.
No, he means that when you follow a link that leads to an image zgv is executed to show you the image. Images embeded in html will still show up as [IMAGE] for all those sites that think netscape/msie are the only browsers on the planet.
I think it's 49.7 days.
you are allowed to use parts of copyrighted material in review, critique, or parody. I'd say this prolly falls under review. Besides, zdnet i'm sure is happy everytime one of their articles gets posted to slashdot, more hits, more banners loaded, more ad money.
I agree that creating laws to give special rights to any minority is wrong, but in many states homosexuals have less rights. Most noteably the fact that most states will not recognize a homosexual marriage. Or that some states have outlawed the sale/use/possetion of dildos and other devices of the sort. I believe programs like affirmative-action are nothing more than reverse-prejudice. But I think making it illegal to deny someone a job based on race, gender, or sexual orientation is right. Everyone deserves the same rights.
But how many of us would want to be the one to pull the switch? I think "own kind" generally means someone in your social community. Ie, with in the same tribe or clan. But yah, the term is flexible, and I think it does change from culture to culture.
We wouldn't necisarally(sp) need a worm hole. "Warp" drive already exists in theory. While matter cannot travel faster than the speed of light, there is nothing preventing space itself from travelling faster than the speed of light, so if you could cause the space behind you to expand at a rate higher than light speed, and the space infront of you to contract at the same speed, you could travel faster than light speed. It's like the whole "if you're on a train going just under the speed of light, and you run to the front of the train, you traveled faster than the speed of light, but didn't violate reletivity because relative to the train you were going pretty slow.