DenyHosts includes a PURGE_DENY option which allows you to specify how long blocks are kept for.
Spoofing shouldn't be an issue here. We're not talking about logging SYN packets but failed login attempts. An attacker can't perform those without being able to get packets back from the server and they can't do that if they are spoofing their address. Unless perhaps they are plugged into the same hub as the server but if that's the case you've likely got bigger problems to worry about.
There is another post with the result: http://iphonedslr.com/blog/archives/62fb It is somewhat disappointing, to say the least. I do give some credit for posting it though. Even though things didn't work out as planned it is nice to see what happened.
The University of Colorado has something called Physics 2000 that has a bunch of applets. Click on "Applet Thumbnails" in the top-left frame. One of my favorites is "Satellite orbits" (click on "Upcoming Applets"). You can try to find stable orbits around the Earth. You can try to find stable orbits around the Moon (although I don't think there are any). You can try launching some objects clockwise and some counter-clockwise and see if it is easier to get things in a stable orbit one way or the other. You can launch a bunch of objects in random directions with random velocities and watch most of them die an early death and a few stick around much longer. Sometimes you can see Orbital resonance. The simulation extends beyond the visible portion of the screen so you can even get objects in orbits with very long periods that are only visible for a very short portion of their orbit as they dip close to the Earth and then sail away again.
CARPENTER: A fifth and sixth DNA nucleotide. A new base pair. Agent Scully, what are you looking at... it exists nowhere in nature. IT would have to be, by definition... extraterrestrial.
I guess this means that Romesberg (the researcher) is an alien.
For me, that length==1 trigger is the most convincing evidence.
It might have been convincing if it were true. The vulnerability checker from Ilfak Guilfanov's site uses length==17 to trigger the exploit (Look in the wmfhdr.wmf file in the source zip. The length is a little-endian DWORD at offset 0x12.)
The Metasploit module uses a length of 4. Check out the following snippet:
#
# StandardMetaRecord - Escape()
#
pack('Vvv',
# DWORD Size;/* Total size of the record in WORDs */
4,
# WORD Function;/* Function number (defined in WINDOWS.H) */
int(rand(256) << 8) + 0x26,
# WORD Parameters[];/* Parameter values passed to function */
9,
). $shellcode .
The article says they resemble La-Mian noodles. And according to Wikipedia, the name Ramen was probably derived from "la mian". So maybe not exactly ramen, but it could be the ancestor of the modern noodle.
This site is using Flash to do its popups in FireFox. So you shouldn't see them if you don't have the Flash plugin installed.
It executes this javascript. That does a document.write() to create an EMBED with the source pointing to this flash applet. And that flash applet is the thing that opens the popup.
It also sets a cookie so that it only gives you a popup once per day. This is why changing your JavaScript settings may seem to block it. But messing with those settings has no real effect.
I have FlashBlock installed, but that's not enough. The Flash applet still gets a chance to run for a fraction of a second before FlashBlock hides it, and that's all it needs.
D. J. Bernstein (djbdns, qmail,...) saw this problem coming back in 2002. He proposed an alternative to IDNA called IDNC3 which he claimed wouldn't cause this kind of mess. Looks like nobody listened to him though.
The WRT54G isn't the only thing from Linksys that runs Linux. The NSLU2 is a designed to be a NAS solution. But you can hack the firmware to run practically whatever you want. Supports up to two hard drives (connected via USB) and has an Intel XScale (ARM) processor. It has no fans, so the only noise comes from the drive(s) you attach to it. You can pick one up for about $80.
what stops someone from writing a "fake" audio card driver that does nothing but dump audio into a wav file?
Microsoft's solution to this is called Secure Audio Path. It requires that the sound card drivers be signed by Microsoft if you want to play protected content. And they would presumably refuse to sign any driver which did as you suggested.
The C rand() function has very few requirements imposed on it. Implementations that alternate odd, even, odd, even,... used to be very common, and there are still some around. This behavior is allowed by the standard. So, for truly random numbers, one should never use (rand() % n). There are warnings to this effect in the Linux man page for rand(3). At least in Debian.
Use random() and srandom() (instead of rand() and srand()) if you have them available. If not, you have to do a little bit of work. The basic idea is to use the result of rand() to produce a floating point value in the range [0.0, 1.0). Then you can multiply that by the width of the desired range, 6 in this case, to produce a value in the range [0.0, 6.0). Truncate that to an integer, producing one of {0, 1, 2, 3, 4, 5}. Then add the lowest value in the range, 1 in this case, to produce a one of {1, 2, 3, 4, 5, 6}. I don't think this is quite perfect; it seems that the highest value would be slightly less probable due to the limited resolution of floating the point. But I think it works in practice. Some code like this (warning, not thoroughly tested):
You cheated! This code was produced by gcc with slight modifications to remove the obvious compiler generated names and directives. No beautiful hand-coded asm program can have those two lines next to each other in the source.
Slashdot Mirror
DenyHosts includes a PURGE_DENY option which allows you to specify how long blocks are kept for.
Spoofing shouldn't be an issue here. We're not talking about logging SYN packets but failed login attempts. An attacker can't perform those without being able to get packets back from the server and they can't do that if they are spoofing their address. Unless perhaps they are plugged into the same hub as the server but if that's the case you've likely got bigger problems to worry about.
One down, about 1620 more to go.
There is another post with the result: http://iphonedslr.com/blog/archives/62fb
It is somewhat disappointing, to say the least. I do give some credit for posting it though. Even though things didn't work out as planned it is nice to see what happened.
What?
WELL, THAT AND PROGRESSIVE HEARING LOSS.
"Filter error: Don't use so many caps. It's like YELLING." - Yeah, that's what I was trying to do
The page you linked to claims that CHDK is not available for the S90. How about the PowerShot SD880?
Oh, this can 't be happening! You're operating without a T-437, Vermont!
Sweet mother of mercy!
Disco Stu: Did you know that disco record sales were up 400% for the year ending 1976? If these trends continue... A-y-y-y!
The University of Colorado has something called Physics 2000 that has a bunch of applets. Click on "Applet Thumbnails" in the top-left frame. One of my favorites is "Satellite orbits" (click on "Upcoming Applets"). You can try to find stable orbits around the Earth. You can try to find stable orbits around the Moon (although I don't think there are any). You can try launching some objects clockwise and some counter-clockwise and see if it is easier to get things in a stable orbit one way or the other. You can launch a bunch of objects in random directions with random velocities and watch most of them die an early death and a few stick around much longer. Sometimes you can see Orbital resonance. The simulation extends beyond the visible portion of the screen so you can even get objects in orbits with very long periods that are only visible for a very short portion of their orbit as they dip close to the Earth and then sail away again.
SCULLY: What exactly did you find?
CARPENTER: A fifth and sixth DNA nucleotide. A new base pair. Agent Scully, what are you looking at... it exists nowhere in nature. IT would have to be, by definition... extraterrestrial.
I guess this means that Romesberg (the researcher) is an alien.
In Connecticut, time and temperature is available at the number SPRINGS (203-777-4647). You have to listen to a short ad from AT&T first.
Actually just after 13 comes 23. Channels 14-22 (along with 95-99) are in a gap between 6 and 7.
http://www.jneuhaus.com/fccindex/cablech.html
http://www.chem.hawaii.edu/uham/catvfreq.html
http://en.wikipedia.org/wiki/North_American_cable
(Yes, it is confusing)
It might have been convincing if it were true. The vulnerability checker from Ilfak Guilfanov's site uses length==17 to trigger the exploit (Look in the wmfhdr.wmf file in the source zip. The length is a little-endian DWORD at offset 0x12.)
The Metasploit module uses a length of 4. Check out the following snippet:
#
# StandardMetaRecord - Escape()
#
pack('Vvv',
# DWORD Size;
4,
# WORD Function;
int(rand(256) << 8) + 0x26,
# WORD Parameters[];
9,
). $shellcode .
I think Steve Gibson is confused.
The article says they resemble La-Mian noodles. And according to Wikipedia, the name Ramen was probably derived from "la mian". So maybe not exactly ramen, but it could be the ancestor of the modern noodle.
Not exactly remote administration, but does this AIM buffer overflow count?
But since this summer, developer.mozilla.org has gone live. They've got instructions for Building an extension. And a Javascript reference. There's also the Embedding API Reference with documentation on all the nsI* interfaces. And while not from mozilla.org, there's XULPlanet, which documents XUL.
The documentation has been lacking historically, but things are quite a bit better now.
Its called the Leidenfrost effect
Doesn't RTT mean Round-Trip Time?
http://en.wikipedia.org/wiki/RTT
This site is using Flash to do its popups in FireFox. So you shouldn't see them if you don't have the Flash plugin installed.
It executes this javascript. That does a document.write() to create an EMBED with the source pointing to this flash applet. And that flash applet is the thing that opens the popup.
It also sets a cookie so that it only gives you a popup once per day. This is why changing your JavaScript settings may seem to block it. But messing with those settings has no real effect.
I have FlashBlock installed, but that's not enough. The Flash applet still gets a chance to run for a fraction of a second before FlashBlock hides it, and that's all it needs.
See this post on Asa Dotzler's blog for a workaround for this problem.
D. J. Bernstein (djbdns, qmail, ...) saw this problem coming back in 2002. He proposed an alternative to IDNA called IDNC3 which he claimed wouldn't cause this kind of mess. Looks like nobody listened to him though.
The WRT54G isn't the only thing from Linksys that runs Linux. The NSLU2 is a designed to be a NAS solution. But you can hack the firmware to run practically whatever you want. Supports up to two hard drives (connected via USB) and has an Intel XScale (ARM) processor. It has no fans, so the only noise comes from the drive(s) you attach to it. You can pick one up for about $80.
Microsoft's solution to this is called Secure Audio Path. It requires that the sound card drivers be signed by Microsoft if you want to play protected content. And they would presumably refuse to sign any driver which did as you suggested.
The C rand() function has very few requirements imposed on it. Implementations that alternate odd, even, odd, even, ... used to be very common, and there are still some around. This behavior is allowed by the standard. So, for truly random numbers, one should never use (rand() % n). There are warnings to this effect in the Linux man page for rand(3). At least in Debian.
Use random() and srandom() (instead of rand() and srand()) if you have them available. If not, you have to do a little bit of work. The basic idea is to use the result of rand() to produce a floating point value in the range [0.0, 1.0). Then you can multiply that by the width of the desired range, 6 in this case, to produce a value in the range [0.0, 6.0). Truncate that to an integer, producing one of {0, 1, 2, 3, 4, 5}. Then add the lowest value in the range, 1 in this case, to produce a one of {1, 2, 3, 4, 5, 6}. I don't think this is quite perfect; it seems that the highest value would be slightly less probable due to the limited resolution of floating the point. But I think it works in practice. Some code like this (warning, not thoroughly tested):
int rand_range(int low, int high)
{
return low + (int)((rand() / (RAND_MAX + 1.0)) * (high - low + 1));
}
And then, to roll a die, call it like this:
rand_range(1, 6);
HTH
I knew that this seemed awfully familiar.
http://www.bluesnews.com/abrash/
You cheated! This code was produced by gcc with slight modifications to remove the obvious compiler generated names and directives. No beautiful hand-coded asm program can have those two lines next to each other in the source.