What ever happened to using already existing laws? If it's already illegal to sell stolen phones (which I assume, perhaps incorrectly that it is), why do you need an additional law covering this? This reminds me of the added penelty of using a computer to commit a crime. If the hardware is mine, it should be mine to do with as I please. Arrest me for selling a stolen phone, not changing a few bits on equipmetn I already own.
Heh, i think i remember once seeing an episode when Superman looks at batman with his x-ray vision, and sees he's Bruce Wayne, and tells him something like "go home bruce" (trying to impress bruce by letting him know that he knew who he was, etc), and later, when superman gets to his appartment and 'changes' into Clark kent, he looks out the window and sees batman on the roof across the street, looking with a pair of binoculars and a smile that said "yeah, i bet now you feel *really* dumb".
Totally, I remember that episode. That was good. There was a colloration in the comic series. I believe it was "Death in The Family", where the second Robin got beaten to death with a crowbar, (the possible start of the animosity smoldering between Batman and Superman) when Superman was ordered by the state dept to stop Batman from going apeshit. Superman was being apologetic and said "Bruce" to Batman, trying to make a connection and all that. Batman turns around and says "Never call me that name again....Kent." Tit for tat.
So we can see after years of evidence that he's this world-class intellect, yet Batman is going to defeat Superman's nearly invincible physical attributes.
Batman is a dirty fighter. Superman isn't. The instant Batman heard of Superman, he probably started thinking of ways to beat him, just in case. That's the whole point of Batman and why he is so liked, he stacks the deck in his favor every way he can think of.
Sorry and thanks for the correction. It's been a while since I looked at the newest version. Heh, time for me to get some sleep before posting to/. 8*)
SealBeater
If you think Blender's interface is sub-par, compare it to Lightwave's interface (a $5,000 app). If you're serious about it, you'll learn the interface. I personally find it a ray of hope that the interfaces are simular. In addition, I wonder if the interfaces are simular on purpose, to draw in more experienced users.
SealBeater
When I saw this story, I immediately ran loki_update, an app (for those who don't know) that interactively downloads patches for any installed loki games, plus Unreal Tournament for linux and applies them. I couldn't find this. I had to go directly to the ftp site and grab the patch. Does anyone know if this will be placed for the loki_update app to work, or is it discontinued? It's a very useful app, seeing as how you can just run it, select what games you want to check for update and leave. I hope that they don't discontinue its use.
I agree absolutely. That's exactly what I am saying, if you want to learn go for slack. If you just want a pretty *nix workstation (tho not as pretty as someone who really knows what they are doing :), go for something else. Not that using slack precludes you from having a pretty *nix workstation. It's all in what your goals are. Tho, I do have to wonder why anyone would use any *nix if they don't want to learn about it.
This is actually the *problem* with Slackware/Debian. I want to learn, so I don't mind reading documentation, but most of the people I know don't care at all, they just want "click-n-run"
This is going to be a long thread, I can tell. You shouldn't confuse "click-n-run" with "wanting to learn". I always recommend slackware if anyone asks me what is a good first distro, partially because it is less hand holding. I had a friend who went to a tech school and had a class on linux, they gave him mandrake. Do you know what the problem with that is? You don't learn "linux" per say, you learn a distribution. You don't learn fdisk, you learn disk-druid and drakeconf. You don't learn tar zxvf, you learn rpm -ui. You never learn how to do things without a gui, because as long as you are using these things, you are never faced with the need to. Slackware and LFS (as was mentioned earlier) will teach you "linux". If you want to learn to build a house, you don't go out and buy a house and walk around the inside examining it, you read a book and build a house. Granted, not everyone wants to learn the internals of an OS to a high degree, that's fine. But don't say a person wants to learn, when all they really want to do is get up and running. FYI, slackware is very easy to get up and running.
Ah yes. The typical geek lost in his computer world. I hate to tell you but the rest of the world isn't like you.
Yes, I am aware. Don't complain then when a) I get paid more than you because I possess greater knowledge b) you have to come to me all the time to fix your problems c) you get rooted/owned and I don't. I have the belief that if you wish to learn a thing, learn it properly. If you don't, that's fine, but don't be angry at others for doing what you choose not to do.
I'm guessing you were somewhat computer literate when you downloaded those 50 floppies too, eh?
Actually no, I had been using windows (read: computers) for about a year. I was super in love with windows 95, thought it was so cool. I saw an enlightenment screenshot and that was that. Started the download of slackware a week later. Even though I knew nothing about *nix at the time, I figured that "bare to the metal" approach was best to learn properly. Kept my windows machine around long enough to print out every piece of documentation I could find, cause I figured it might be a while before I got on the net and read, read, read. It's too bad more people aren't inclined to do the same.
There is no "proper" way to learn Linux
Yes, there is actually. I know plenty of people who are as self-taught as I was (oh did I mention that no one taught me linux?) who have used the "softer" distros who still are lost when faced with the console. Anybody who needs a gui to change an ip address learned linux the "wrong" way, IMO
Yep a lot more windows user and linux haters - slackware is not a product to learn linux on for beginners - it is however the best damn Linux out there and once you know a bit about linux you will love it - but please dont install it as your first attempt at linux
Sorry, no offense, but that is bullshit. I started off on slackware, downloaded 50 floppies worth over 3 days on a 14.4 and never looked back. It's the only way to properly learn. I've been using slackware ever since and have had no reason to use anything else. If the only way a person is willing to use and learn linux is to have a gui-fied windows clone in front of them, quite frankly I would rather they never make the attempt.
Slackware and Debian are oses that dont suffer fools lightly..
It's pretty funny that you say that. From the email
X-Force has verified that this issue is exploitable on Apache for Windows (Win32) version 1.3.24. Apache 1.x for Unix contains the same source code, but X-Force believes that successful exploitation on most Unix platforms is unlikely.
and From Apache.org: In Apache 1.3 the issue causes a stack overflow. Due to the nature of the overflow on 32-bit Unix platforms this will cause a segmentation violation and the child will terminate. However on 64-bit platforms the overflow can be controlled and so for platforms that store return addresses on the stack it is likely that it is further exploitable. This could allow arbitrary code to be run on the server as the user the Apache children are set to run as.
We have been made aware that Apache 1.3 on Windows is exploitable in this way.
it's much easier to find a RedHat admin to replace or support you, because of the RHCE courses.
Have you ever seen or taken the RHCE tests? Granted I haven't either, but I took the BOSON practice test. Now I am not saying that there is any relation between the two, but the practice test was full of questions such as "What is listed in the submenu when you right click the GNOME foot?" and "What's the best way to laugch NAUTILUS?" If that's the kind of test you have to take to pass, forget about it.
In general it's easier to find admins for RedHat, particularly less-experienced ones.
You are the same type who, two years ago would have said "throw a firewall at it"! Knee-jerk application of the security technology du jour is *not* the way to do security.
Actually, I have never been the type to say "Throw a firewall at it" as I am far more an advocate of host hardening. Setting up IPSec is a trivial task as others have provided instructions in addition to my own.
Using WEP costs nearly nothing, and will stop casual attackers dead in their tracks You obviously haven't been keeping up with wireless security. MAC address filtering, DHCP logs and WEP will stop a casual attacker for about 10 minutes. Why is this the approach you advocate? Parsing the DHCP logs will do nothing to a) provide the identity of the attacker b) do absolutely nothing for forensics. You state "Using a secure AP is a good idea". Name one secure AP. Every one has had security problems, as was stated before. Another statement of yours "(a) make it difficult enough that attackers will go elsewhere" is exactly my point. The solutions you advocate do absolutely nothing to make things difficult. Have you not heard, or more importantly, tested the ease in which WEP can be broken? Break WEP, grab ips, arping said ips (hence, grabing MAC addresses), change mac address to match (or ideally, grab a bunch) come back later or wait a while, you're in. Attack or scan *.gov|*.mil to your hearts content, secure in the knowledge that you are not gonna get caught. Admin parses dhcp logs, sees MAC address foo had that ip (if he's not doing nat) and grandma gets busted. IPSEC tunnel on host machines where ALL ip traffic gets routed though to the OBSD box, please tell me how attacker is going to comprimize box, minus trojans which aren't exactly precise tools. Keep in mind also, that we aren't just trying to protect against outside forces, we are trying to keep people who live in the apartment complex from getting free access (if it's charged per apt.). Name one AP which has a decent IDS system and is anywhere close to reasonably priced. Ciscos suck, airports are too weak, and linksys has has several SNMP related vulnerablities. Its really sad that for someone who implies security knowledge in a public forum, that I have to lay out a example of methodolgy in order to bypass your "secure" implementation. Do some reading and come back with something better.
That's the problem, attitudes like yours. I could care less about sniffing traffic, that's not the point, the point is to replace WEP with something better, and the goal isn't to stop people from grabbing credit card details, it's to prevent Joe Hacker from having an easy leap off point to lauch attacks against others. In addition, you don't need firewalls on the machines to prevent traffic sniffing, ipsec tunnels set up on the boxes that pass IP traffic though the wireless link work just as well. here and here.
It sounds like if you had your way, he should just put up a couple of apple airports and forget about it. What myself and others are doing is trying to implement a reasonable amount of security when it should be implemented, at the beginning, and not as a duct tape fix after there is an incident and this guy has to explain why attacks were launched from his network. At any rate, the openbsd boxes with wireless cards is still the ideal solution, both from a cost perspective and a security perspective. There have been attacks against all the commercial wireless access points, ranging from expensive Ciscos to Breezecom to Linksys. The point isn't to have a totally locked down B1 and above security implementation, it's to make it the kid with the laptop decide to move on to Joe User's unsecured Linksys and not this guys network. I also assume that this guy is looking for a way to keep costs low, and this is the best way to do it. Somebody earlier mentioned Cisco Catalysts, yea right
802.11a also uses WEP, I think what you are talking about is the draft for 802.11i, which will use TKIP, Temporal Key Integrity Protocol which is also based on RC4, but implemented in a different way. AES as an encryption algorithm, has yet to be finalized and since it involves hardware optimization, is not backwards compatible. Basing a solution which relies on an unfinished draft may not be the wisest course in a production enviroment. You can use AES with older hardware but it will use weaker security. In addition, devices which will utilize AES are not expected to ship until early 2003.
I don't know if it's been mentioned, but I would use IPSEC if I were you, simply because 802.11a/b sniffing is trivial now and mac address spoofing is even easier. Also, I would probably recommend against going with an established commercial wap product, as they all almost definately aren't going to have the flexibility you need in the future and are probably way too expensive. I would roll a couple of OpenBSD boxes with wireless cards, that way you have an all in one solution with lots of nifty stuff like traffic shaping per mac, monthly bandwidth accounting capablities via pf, syslog, and tons of other stuff that commercial vendors just don't offer. And I do mean, don't offer, regardless of price. This page offers a good howto regarding ipsec on openbsd and this page give a pretty good read on replacing wep with ipsec on openbsd as well. Good luck.
I see people saying stuff like "Mozilla is bloated". That cracks me up. How big is a Mozilla install? About 18mb. Please compare that to Internet Explorer and yes Opera too, and I think you'll find it's favourable.
Slackware package created by checkinstall: du -sh opera-6.0-20020510.1-static-qt.i386-pak.tgz 4.6M opera-6.0-20020510.1-static-qt.i386-pak.tgz
Slashdot Mirror
Maybe someone who knows more about it than you thought this new law was needed to help?
If that's the best you can do, obviously that particular "someone" isn't you.
SealBeater
What ever happened to using already existing laws? If it's already illegal to sell stolen phones (which I assume, perhaps incorrectly that it is), why do you need an additional law covering this? This reminds me of the added penelty of using a computer to commit a crime. If the hardware is mine, it should be mine to do with as I please. Arrest me for selling a stolen phone, not changing a few bits on equipmetn I already own.
SealBeater
to subscribe to Bugtraq
It's funny cause I actually saw this appear on NANOG first.
SealBeater
Heh, i think i remember once seeing an episode when Superman
looks at batman with his x-ray vision, and sees he's Bruce Wayne, and
tells him something like "go home bruce" (trying to impress bruce
by letting him know that he knew who he was, etc), and later, when
superman gets to his appartment and 'changes' into Clark kent, he
looks out the window and sees batman on the roof across the street,
looking with a pair of binoculars and a smile that said "yeah, i
bet now you feel *really* dumb".
Totally, I remember that episode. That was good. There was a colloration in
the comic series. I believe it was "Death in The Family", where the second
Robin got beaten to death with a crowbar, (the possible start of the animosity
smoldering between Batman and Superman) when Superman was ordered by the state
dept to stop Batman from going apeshit. Superman was being apologetic and said
"Bruce" to Batman, trying to make a connection and all that. Batman turns
around and says "Never call me that name again....Kent." Tit for tat.
SealBeater
So we can see after years of evidence that he's this
world-class intellect, yet Batman is going to defeat Superman's nearly
invincible physical attributes.
Batman is a dirty fighter. Superman isn't. The instant Batman heard of
Superman, he probably started thinking of ways to beat him, just in case.
That's the whole point of Batman and why he is so liked, he stacks the deck in
his favor every way he can think of.
SealBeater
Sorry and thanks for the correction. It's been a while since I looked at the /. 8*)
newest version. Heh, time for me to get some sleep before posting to
SealBeater
If you think Blender's interface is sub-par, compare it to Lightwave's
interface (a $5,000 app). If you're serious about it, you'll learn the
interface. I personally find it a ray of hope that the interfaces are simular.
In addition, I wonder if the interfaces are simular on purpose, to draw in more
experienced users.
SealBeater
When I saw this story, I immediately ran loki_update, an app (for those who
don't know) that interactively downloads patches for any installed loki games,
plus Unreal Tournament for linux and applies them. I couldn't find this. I
had to go directly to the ftp site and grab the patch. Does anyone know if
this will be placed for the loki_update app to work, or is it discontinued?
It's a very useful app, seeing as how you can just run it, select what games
you want to check for update and leave. I hope that they don't discontinue its
use.
SealBeater
FYI, you can upgrade to ext3 without reformatting.
SealBeater
I agree absolutely. That's exactly what I am saying, if you want to
learn go for slack. If you just want a pretty *nix
workstation (tho not as pretty as someone who really knows what they are doing
:), go for something else. Not that using slack precludes you from having a
pretty *nix workstation. It's all in what your goals are. Tho, I do have to
wonder why anyone would use any *nix if they don't want to learn about it.
SealBeater
This is actually the *problem* with Slackware/Debian. I want to learn, so I
don't mind reading documentation, but most of the people I know don't care at
all, they just want "click-n-run"
This is going to be a long thread, I can tell. You shouldn't confuse
"click-n-run" with "wanting to learn". I always recommend slackware if anyone
asks me what is a good first distro, partially because it is less hand holding.
I had a friend who went to a tech school and had a class on linux, they gave
him mandrake. Do you know what the problem with that is? You don't learn
"linux" per say, you learn a distribution. You don't learn fdisk, you learn
disk-druid and drakeconf. You don't learn tar zxvf, you learn rpm -ui. You
never learn how to do things without a gui, because as long as you are using
these things, you are never faced with the need to. Slackware and LFS (as was
mentioned earlier) will teach you "linux". If you want to learn to build a
house, you don't go out and buy a house and walk around the inside examining
it, you read a book and build a house. Granted, not everyone wants to learn
the internals of an OS to a high degree, that's fine. But don't say a person
wants to learn, when all they really want to do is get up and running. FYI,
slackware is very easy to get up and running.
SealBeater
Ah yes. The typical geek lost in his computer world. I hate to tell you but the
rest of the world isn't like you.
Yes, I am aware. Don't complain then when a) I get paid more than you because
I possess greater knowledge b) you have to come to me all the time to fix your
problems c) you get rooted/owned and I don't. I have the belief that if you
wish to learn a thing, learn it properly. If you don't, that's fine, but don't
be angry at others for doing what you choose not to do.
SealBeater
I'm guessing you were somewhat computer literate when you downloaded those 50
floppies too, eh?
Actually no, I had been using windows (read: computers) for about a year. I was super in love
with windows 95, thought it was so cool. I saw an enlightenment screenshot and
that was that. Started the download of slackware a week later. Even though I
knew nothing about *nix at the time, I figured that "bare to the metal"
approach was best to learn properly. Kept my windows machine around long
enough to print out every piece of documentation I could find, cause I figured
it might be a while before I got on the net and read, read, read. It's too bad
more people aren't inclined to do the same.
There is no "proper" way to learn Linux
Yes, there is actually. I know plenty of people who are as self-taught as I
was (oh did I mention that no one taught me linux?) who have
used the "softer" distros who still are lost when faced with the console.
Anybody who needs a gui to change an ip address learned linux the "wrong" way,
IMO
SealBeater
Yep a lot more windows user and linux haters - slackware is not a product to learn linux on for beginners - it is however the best damn Linux out there and once you know a bit about linux you will love it - but please dont install it as your first attempt at linux
Sorry, no offense, but that is bullshit. I started off on slackware, downloaded 50 floppies worth over 3 days on a 14.4 and never looked back. It's the only way to properly learn. I've been using slackware ever since and have had no reason to use anything else. If the only way a person is willing to use and learn linux is to have a gui-fied windows clone in front of them, quite frankly I would rather they never make the attempt.
Slackware and Debian are oses that dont suffer fools lightly..
Thank god.
SealBeater
It's pretty funny that you say that. From the email
X-Force has verified that this issue is exploitable on Apache for
Windows (Win32) version 1.3.24. Apache 1.x for Unix contains the same
source code, but X-Force believes that successful exploitation on most
Unix platforms is unlikely.
and
From Apache.org:
In Apache 1.3 the issue causes a stack overflow. Due to the nature of the
overflow on 32-bit Unix platforms this will cause a segmentation violation
and the child will terminate. However on 64-bit platforms the overflow
can be controlled and so for platforms that store return addresses on the
stack it is likely that it is further exploitable. This could allow
arbitrary code to be run on the server as the user the Apache children are
set to run as.
We have been made aware that Apache 1.3 on Windows is exploitable in this
way.
Now, what were you saying about Windows vs. *nix?
SealBeater
it's much easier to find a RedHat admin to replace or support you, because of the RHCE courses.
Have you ever seen or taken the RHCE tests? Granted I haven't either, but I took the BOSON practice test. Now I am not saying that there is any relation between the two, but the practice test was full of questions such as "What is listed in the submenu when you right click the GNOME foot?" and "What's the best way to laugch NAUTILUS?" If that's the kind of test you have to take to pass, forget about it.
In general it's easier to find admins for RedHat, particularly less-experienced ones.
You get what you pay for.
SealBeater
It takes me 5 seconds exactly to open a maildir folder with 1315 emails in it.
SealBeater
You are the same type who, two years ago would have said "throw a firewall at it"! Knee-jerk application of the security technology du jour is *not* the way to do security.
Actually, I have never been the type to say "Throw a firewall at it" as I am far more an advocate of host hardening. Setting up IPSec is a trivial task as others have provided instructions in addition to my own.
Using WEP costs nearly nothing, and will stop casual attackers dead in their tracks
You obviously haven't been keeping up with wireless security. MAC address filtering, DHCP logs and WEP will stop a casual attacker for about 10 minutes. Why is this the approach you advocate? Parsing the DHCP logs will do nothing to a) provide the identity of the attacker b) do absolutely nothing for forensics. You state "Using a secure AP is a good idea". Name one secure AP. Every one has had security problems, as was stated before. Another statement of yours "(a) make it difficult enough that attackers will go elsewhere" is exactly my point. The solutions you advocate do absolutely nothing to make things difficult. Have you not heard, or more importantly, tested the ease in which WEP can be broken? Break WEP, grab ips, arping said ips (hence, grabing MAC addresses), change mac address to match (or ideally, grab a bunch) come back later or wait a while, you're in. Attack or scan *.gov|*.mil to your hearts content, secure in the knowledge that you are not gonna get caught. Admin parses dhcp logs, sees MAC address foo had that ip (if he's not doing nat) and grandma gets busted. IPSEC tunnel on host machines where ALL ip traffic gets routed though to the OBSD box, please tell me how attacker is going to comprimize box, minus trojans which aren't exactly precise tools. Keep in mind also, that we aren't just trying to protect against outside forces, we are trying to keep people who live in the apartment complex from getting free access (if it's charged per apt.). Name one AP which has a decent IDS system and is anywhere close to reasonably priced. Ciscos suck, airports are too weak, and linksys has has several SNMP related vulnerablities. Its really sad that for someone who implies security knowledge in a public forum, that I have to lay out a example of methodolgy in order to bypass your "secure" implementation. Do some reading and come back with something better.
SealBeater
This guy doesn't need real security
That's the problem, attitudes like yours. I could care less about sniffing
traffic, that's not the point, the point is to replace WEP with something
better, and the goal isn't to stop people from grabbing credit card details,
it's to prevent Joe Hacker from having an easy leap off point to lauch attacks
against others. In addition, you don't need firewalls on the machines to
prevent traffic sniffing, ipsec tunnels set up on the boxes that pass IP traffic though
the wireless link work just as well. here
and here.
It sounds like if you had your way, he should just put up a couple of apple
airports and forget about it. What myself and others are doing is trying to
implement a reasonable amount of security when it should be implemented, at the
beginning, and not as a duct tape fix after there is an incident and this guy
has to explain why attacks were launched from his network. At any rate, the
openbsd boxes with wireless cards is still the ideal solution, both from a cost
perspective and a security perspective. There have been attacks against all
the commercial wireless access points, ranging from expensive Ciscos to
Breezecom to Linksys. The point isn't to have a totally locked down B1 and
above security implementation, it's to make it the kid with the laptop decide
to move on to Joe User's unsecured Linksys and not this guys network. I also
assume that this guy is looking for a way to keep costs low, and this is the
best way to do it. Somebody earlier mentioned Cisco Catalysts, yea
right
SealBeater
Added point, anyone interested in wireless security should read this page.
SealBeater
802.11a also uses WEP, I think what you are talking about is the draft for
802.11i, which will use TKIP, Temporal Key Integrity Protocol which is also
based on RC4, but implemented in a different way. AES as an encryption
algorithm, has yet to be finalized and since it involves hardware optimization,
is not backwards compatible. Basing a solution which relies on an unfinished
draft may not be the wisest course in a production enviroment. You can use AES
with older hardware but it will use weaker security. In addition, devices
which will utilize AES are not expected to ship until early 2003.
SealBeater
More direct link to the project?
SealBeater
I don't know if it's been mentioned, but I would use IPSEC if I were you,
simply because 802.11a/b sniffing is trivial now and mac address spoofing is
even easier. Also, I would probably recommend against going with an
established commercial wap product, as they all almost definately aren't going
to have the flexibility you need in the future and are probably way too
expensive. I would roll a couple of OpenBSD boxes with wireless cards, that
way you have an all in one solution with lots of nifty stuff like traffic
shaping per mac, monthly bandwidth accounting capablities via pf, syslog, and
tons of other stuff that commercial vendors just don't offer. And I do mean,
don't offer, regardless of price. This page
offers a good howto regarding ipsec on openbsd and this page
give a pretty good read on replacing wep with ipsec on openbsd as well. Good
luck.
SealBeater
I see people saying stuff like "Mozilla is bloated".
That cracks me up. How big is a Mozilla install? About 18mb. Please compare
that to Internet Explorer and yes Opera too, and I think you'll find it's favourable.
Slackware package created by checkinstall:
du -sh opera-6.0-20020510.1-static-qt.i386-pak.tgz
4.6M opera-6.0-20020510.1-static-qt.i386-pak.tgz
And that's the static, not the shared.
SealBeater
Doesn't matter, it's already been ripped and posted on
alt.binaries.mp3.soundtracks. 8*)
SealBeater