You can't show a list of zero day exploits, by definition.
Zero day exploits are exploits for vulnerabilities that have been public knowledge for, wait for it, zero days. In other words, a '0day' is a piece of exploit code or vulnerabilty information that has not been diclosed. So, it is impossible to list the number of Linux, or any other operating system, zero day exploits in the wild.
The important metrics for risk analysis of a particular system are:
1. The number of disclosed vulnerabilities $V_d$
2. The number of those that have mitigating patches available $V_p$
3. The number of said patches that are actually deployed on the system of interest $P$
4. The total number of vulnerabilities on that class of system $V_t$
These numbers are related as follows, with the actual values left as an exercise for the risk analyst: $V_t > V_d > V_p > P$
However, this relationship implies that every real system, consisting of some type of operating system with installed application software, has a non-zero attack surface.
Based on the number of publicly known exploits, both patched and unpatched, there must be a non-zero number number of '0day' vulnerabilities in existance, which will be in use by black-hat hackers, penetration testers and national security or intelligence agencies. This number $V_0$ is simply $V_t - V_d$ and attempts have been made to estimate this based on trends in public disclosures of vulnerabilities [1].
And what about conduct in good old nethack? I can't believe it hasn't been mentioned by anyone. They are described here http://nethack.wikia.com/wiki/Conduct and I defy anyone to finish with any of these: You have gone without food, You have never hit with a wielded weapon, You have been a pacifist, You have been illiterate.
you may want to check out john von neumann, of the eponymous computer architecture model, who invented cellular automata to try and solve the problem of self-replication, succeeding with a design for multi-state machine that could theoretically reproduce on a 2-d grid. conways game was a result of this, and was popularised in the sixties/seventies by martin gardner's column in scientific american.
Re:Why are we hiding from the police, daddy?
on
Vim 6.4 Released
·
· Score: 1
honestly, the best way to get used to the VI keys for moving around a file is to play *nethack* repeatedly! that's how i got myself to type HJKL instinctively for navigation, anyway...
well, i know that in the "Keybopard Shortcuts" pane of the dialog (see grandparent) you can add shortcuts for any application's menus - just give the application name and the text of the menu item you want a shortcut for, and it can be assigned to any key combination. forinstance, i assigned option-command-F to "Full Screen" and option-command-C to "Continuous Scrolling" menu items in Preview.app, which now show up on the menu items as accelerators/mnemonics.
un-assigning, though, is a different matter - have you tried assigning a different key-combination to the "Hide Terminal" menu item in Terminal.app? i've not tried it yet, but it might help?
OK - I hate how many times people have said this about OSX... to turn on full keyboard access (to the menu-bar, tab between buttons and UI widgets, everything) as follows:
open "System Preferences.app"
start the "Keyboard & Mouse" control panel
goto the "Keyboard Shortcuts" pane
click "Turn on full keyboard access" checkbox at the bottom
also scroll down to select the "Keyboard Navigation" checkbox in the main pane
now, ^F2 gives apple menu access, with cursor key access to all menu items, tabs between UI elements work etc etc.
it's all there (if u look for it...) -- hope that helped
> Orange Book C2
isn't it a B1 trusted system they've designed with kernel capabilities for segregation of privilege and mandatory access controls etc?
has anyone remembered the TPC.INT domain? i can write my phone number (fake, london, uk) as follows:
real no : +44 20 7555 1234
reversed : 4.3.2.1.5.5.5.7.0.2.4.4.tpc.int
direct fial : 442075551234.idd.tpc.int
mechanisms exist to allow the last format to be automatically translated by the dns server that is authoritative for idd.tpc.int to the second format, which has the property of containing routing information heirarchically in a way that the DNS already supports, allowing me to have a UK server (authoratative for 4.4.tpc.int) or a london server (0.2.4.4.tpc.int) handle them.
this could be resolved into web addresses by just having an A record that points from a www.companies reversed phone number.tpc.int to their web server's IP. you can already send email to remote-fax@phone number.idd.tpc.int so why not extend this to lookup web addresses? or even send emails to sms@mobile phone number.iddtpc.int?
all this needs is more people to look at existing RFCs (e.g. 1530 - operation, principles and practice - and have a look at the phone company's web site to find out more.
anyone got any good ideas how else to use this domain?
yes, just xfer software. the actual device
is custom hardware licensed from compaq. it
includes motorola dsp, fraunhofer mp3 decoder
and thompson mp3 hardware too. look at
the features page for more info...
no it isn't worthless, as long as you're behind a firewall.
the clever part is that usually only the dns server in the DMZ has external port 53 access, so you *must* use well-formed packets from the internal fake dns client, they will go to your local name server, it forwards them to the external 'name server' which will interpret them as ip packets, respond with fake dns-like replies, which are sent back to your 'client' which inteprets them as returned ip data.
some people have thought about this already -- a company called 'norsam' is producing 2" nickel coated silicon wafers which will last thousands of years and are viewable using simply a microscope. they can hold 10K pages of analog text, potentially including instructions on how to build e.g. an 8" floppy drive, or grammars/structures of languages that are dying out. anyway, read more at http://www.norsam.com/rosetta.html
see the quote below - seems simple enough to me. maybe even set up cypherpunk style remailer access and sell that too, payment via anonymous credit card only...
If anyone with a server at HavenCo/Sealand sets up a mail server on Sealand, you are welcome to contract with that person to buy an account. I imagine Web-based and non-Web based outsourced e-mail provided from Sealand will be a major market, for the reasons you mention.
You could set this up yourself, too. $1500/month for the box, you should be able to get a few thousand accounts, and if people paid $10/month each for non-subpoenable e-mail, you'd be profitable quickly. Dedicated machines per major user would also work; if a company wanted to oursource their Intranet/Extranet and e-mail servers, you probably would want to just resell one or more machines per customer.
Slashdot Mirror
You can't show a list of zero day exploits, by definition.
Zero day exploits are exploits for vulnerabilities that have been public knowledge for, wait for it, zero days. In other words, a '0day' is a piece of exploit code or vulnerabilty information that has not been diclosed. So, it is impossible to list the number of Linux, or any other operating system, zero day exploits in the wild.
The important metrics for risk analysis of a particular system are:
1. The number of disclosed vulnerabilities $V_d$
2. The number of those that have mitigating patches available $V_p$
3. The number of said patches that are actually deployed on the system of interest $P$
4. The total number of vulnerabilities on that class of system $V_t$
These numbers are related as follows, with the actual values left as an exercise for the risk analyst:
$V_t > V_d > V_p > P$
However, this relationship implies that every real system, consisting of some type of operating system with installed application software, has a non-zero attack surface.
Based on the number of publicly known exploits, both patched and unpatched, there must be a non-zero number number of '0day' vulnerabilities in existance, which will be in use by black-hat hackers, penetration testers and national security or intelligence agencies. This number $V_0$ is simply $V_t - V_d$ and attempts have been made to estimate this based on trends in public disclosures of vulnerabilities [1].
[1] Exposing Vendors (In)security Performance
grkvlt.
And what about conduct in good old nethack? I can't believe it hasn't been mentioned by anyone. They are described here http://nethack.wikia.com/wiki/Conduct and I defy anyone to finish with any of these: You have gone without food, You have never hit with a wielded weapon, You have been a pacifist, You have been illiterate.
you may want to check out john von neumann, of the eponymous computer architecture model, who invented cellular automata to try and solve the problem of self-replication, succeeding with a design for multi-state machine that could theoretically reproduce on a 2-d grid. conways game was a result of this, and was popularised in the sixties/seventies by martin gardner's column in scientific american.
honestly, the best way to get used to the VI keys for moving around a file is to play *nethack* repeatedly! that's how i got myself to type HJKL instinctively for navigation, anyway...
you are a moron.
and who hasn't? although i'm sure they were sorry in the morning...
(As an aside, what about Eclipse and swt, open source from *IBM*...)
un-assigning, though, is a different matter - have you tried assigning a different key-combination to the "Hide Terminal" menu item in Terminal.app? i've not tried it yet, but it might help?
cheerz...
- open "System Preferences.app"
- start the "Keyboard & Mouse" control panel
- goto the "Keyboard Shortcuts" pane
- click "Turn on full keyboard access" checkbox at the bottom
- also scroll down to select the "Keyboard Navigation" checkbox in the main pane
now, ^F2 gives apple menu access, with cursor key access to all menu items, tabs between UI elements work etc etc.it's all there (if u look for it...) -- hope that helped
> Orange Book C2 isn't it a B1 trusted system they've designed with kernel capabilities for segregation of privilege and mandatory access controls etc?
- real no : +44 20 7555 1234
- reversed : 4.3.2.1.5.5.5.7.0.2.4.4.tpc.int
- direct fial : 442075551234.idd.tpc.int
mechanisms exist to allow the last format to be automatically translated by the dns server that is authoritative for idd.tpc.int to the second format, which has the property of containing routing information heirarchically in a way that the DNS already supports, allowing me to have a UK server (authoratative for 4.4.tpc.int) or a london server (0.2.4.4.tpc.int) handle them.this could be resolved into web addresses by just having an A record that points from a www. companies reversed phone number
all this needs is more people to look at existing RFCs (e.g. 1530 - operation, principles and practice - and have a look at the phone company's web site to find out more.
anyone got any good ideas how else to use this domain?
yes, just xfer software. the actual device is custom hardware licensed from compaq. it includes motorola dsp, fraunhofer mp3 decoder and thompson mp3 hardware too. look at the features page for more info...
no it isn't worthless, as long as you're behind a firewall.
the clever part is that usually only the dns server in the DMZ has external port 53 access, so you *must* use well-formed packets from the internal fake dns client, they will go to your local name server, it forwards them to the external 'name server' which will interpret them as ip packets, respond with fake dns-like replies, which are sent back to your 'client' which inteprets them as returned ip data.
some people have thought about this already -- a company called 'norsam' is producing 2" nickel coated silicon wafers which will last thousands of years and are viewable using simply a microscope. they can hold 10K pages of analog text, potentially including instructions on how to build e.g. an 8" floppy drive, or grammars/structures of languages that are dying out. anyway, read more at http://www.norsam.com/rosetta.html
why is this post marked 'troll' - seems to make an interesting point...