Handspring's communicators page now lists the Treo 300 as "right around the corner". Rumours abound about what exactly it'll be, but it looks like it will be identical to the 270 and (sigh) no Graffiti-only version. My local Best Buy was out of Treos this morning, and said that they were waiting for the Sprint PCS Version, due "next week".
A tree planted upside down (like at MassMOCA) will slowly spread its branches upwards. Does _it_ have an internal gravitation model? Methinks not.
Rather, let us say that human reasoning (both conscious and, in the context of anticipating thrown balls, unconscious) is adapted to gravitation. And, as this learning experiment shows, it is neither hard-wired nor high-level if it only takes 15 days to adjust to.
Hey kids, who wants to play a few rounds of "Prisoner's Dilemna"? Just remember, don't give away your strategy in advance! C'mon, you can beat tit-for-tat, can't you?
(but the loser script kiddies didn't know what they had done!)
I have to admit that I find the military's concern that their machines will be hacked legitimate but suggest that they shouldn't be as worried as they are. Why? I offer this true parable of a hack that happened to me.
My Robotics lab happened to have just bought a couple of very nice Linux-Based mobile robot platforms (Nomadic Technologies Super Scout II) and, without much mind to security, my advisor hooked them up to the net for development and testing.
It's worth noting that these little guys had actuated wheels as well as top-of-the-line CTD cameras and video cards, wireless ethernet, the whole kit 'n' kaboodle. One even had a robotic arm.
Lo and behold, 3 months later, during a security sweep caused by a root comprimise on the department's server, I discovered that the two little robots had been hacked into by script kiddies. Of course, all they were doing was running BitchX and eggdrop, without a mind towards where the hacked computers were, or what the were inside of.
If only! If they had just done a bit o' exploring they would have realized the potential of the system they had hacked! The could've rolled the things around the deparment at night, snapped pictures, opened elevator doors, caused all kinds of mischief. My guess is that there are scores of hacked robots sitting in labs all around the world, each one of them running BitchX and eggdrop, but few (if any) in danger of being commandeered by the clueless script kidz that hacked them.
At the risk of being entirely too lucid and coherent for this discussion, I'd like to add my own two cents:
Is M$ trying to turn this event into a big media coup? Of course it is! What right-minded PR office wouldn't leap at the opportunity? Are they justified in doing so? Probably not, but PR rarely walks hand-in-hand with reason.
Did M$ orchestrate it? Very doubtful, of course, for several reasons:
- they may be dumb, but they didn't get that rich by being stupid - why attack e-commerce? why bite the hand that feeds you? - a look at M$ business practices (certain lawsuit comes to mind) would indicate that M$ prefers the underhanded and subversive, not the blunt.
Is linux to blame? Yes and no.
As anyone on the CERT mailing list can testify, out-dated and base installations of most *nix systems (linux and solaris no exception) in general are vulnerable to all sorts of hacking/cracking. It takes a security conscious admin and a few hours to apply the appropriate patches and plug the largest of the holes, and a downright (justifiably) paraniod admin to make things bulletproof. From my experience it's safe to assume that the majority of *nix machines out there are poorly adminned and consequently wide-open (how many home linux boxes have un-modified inetd.confs and hosts.allow's, for instance?).
All this not to impugn the security of *nix, to the contrary, *nix is capable of being _much more_ secure than NT (thank you open-source & paranoid developers). A perfectly tuned *nix box can be bullet-proof, unlike (dare I presume) NT. But a secure system requires diligence and vigilance, and it is the absence of admins with these traits that allowed these packet monkeys (I love that term!) to do this DoS damage and grab front-page headlines.
And so enough FUD. This is certainly not the last we'll see of large-scale DoS attacks from hacked machines. Batten down the hatches and be more vigilant -- else the FBI may be knocking on your door to let you know the packet monkeys are resident on your very own 127.0.0.1.
Slashdot Mirror
Handspring's communicators page now lists the Treo 300 as "right around the corner". Rumours abound about what exactly it'll be, but it looks like it will be identical to the 270 and (sigh) no Graffiti-only version. My local Best Buy was out of Treos this morning, and said that they were waiting for the Sprint PCS Version, due "next week".
A tree planted upside down (like at MassMOCA) will slowly spread its branches upwards. Does _it_ have an internal gravitation model? Methinks not.
Rather, let us say that human reasoning (both conscious and, in the context of anticipating thrown balls, unconscious) is adapted to gravitation. And, as this learning experiment shows, it is neither hard-wired nor high-level if it only takes 15 days to adjust to.
Evidently Wired News got duped as well:
check out the "elsewhere today" section:
http://www.wired.com/news/nc_index.html/
Hey kids, who wants to play a few rounds of "Prisoner's Dilemna"? Just remember, don't give away your strategy in advance! C'mon, you can beat tit-for-tat, can't you?
(but the loser script kiddies didn't know what they had done!)
I have to admit that I find the military's concern that their machines will be hacked legitimate but suggest that they shouldn't be as worried as they are. Why? I offer this true parable of a hack that happened to me.
My Robotics lab happened to have just bought a couple of very nice Linux-Based mobile robot platforms (Nomadic Technologies Super Scout II) and, without much mind to security, my advisor hooked them up to the net for development and testing.
It's worth noting that these little guys had actuated wheels as well as top-of-the-line CTD cameras and video cards, wireless ethernet, the whole kit 'n' kaboodle. One even had a robotic arm.
Lo and behold, 3 months later, during a security sweep caused by a root comprimise on the department's server, I discovered that the two little robots had been hacked into by script kiddies. Of course, all they were doing was running BitchX and eggdrop, without a mind towards where the hacked computers were, or what the were inside of.
If only! If they had just done a bit o' exploring they would have realized the potential of the system they had hacked! The could've rolled the things around the deparment at night, snapped pictures, opened elevator doors, caused all kinds of mischief.
My guess is that there are scores of hacked robots sitting in labs all around the world, each one of them running BitchX and eggdrop, but few (if any) in danger of being commandeered by the clueless script kidz that hacked them.
Spyce Boyee fer life,
Father Harry
At the risk of being entirely too lucid and coherent for this discussion, I'd like to add my own two cents:
Is M$ trying to turn this event into a big media coup? Of course it is! What right-minded PR office wouldn't leap at the opportunity? Are they justified in doing so? Probably not, but PR rarely walks hand-in-hand with reason.
Did M$ orchestrate it? Very doubtful, of course, for several reasons:
- they may be dumb, but they didn't get that rich by being stupid
- why attack e-commerce? why bite the hand that feeds you?
- a look at M$ business practices (certain lawsuit comes to mind) would indicate that M$ prefers the underhanded and subversive, not the blunt.
Is linux to blame? Yes and no.
As anyone on the CERT mailing list can testify, out-dated and base installations of most *nix systems (linux and solaris no exception) in general are vulnerable to all sorts of hacking/cracking. It takes a security conscious admin and a few hours to apply the appropriate patches and plug the largest of the holes, and a downright (justifiably) paraniod admin to make things bulletproof. From my experience it's safe to assume that the majority of *nix machines out there are poorly adminned and consequently wide-open (how many home linux boxes have un-modified inetd.confs and hosts.allow's, for instance?).
All this not to impugn the security of *nix, to the contrary, *nix is capable of being _much more_ secure than NT (thank you open-source & paranoid developers). A perfectly tuned *nix box can be bullet-proof, unlike (dare I presume) NT. But a secure system requires diligence and vigilance, and it is the absence of admins with these traits that allowed these packet monkeys (I love that term!) to do this DoS damage and grab front-page headlines.
And so enough FUD. This is certainly not the last we'll see of large-scale DoS attacks from hacked machines. Batten down the hatches and be more vigilant -- else the FBI may be knocking on your door to let you know the packet monkeys are resident on your very own 127.0.0.1.
I'm Father Harry...