`Similar 8.3 file naming schemes have also existed on earlier CP/M, Atari, and some Data General and Digital Equipment Corporation minicomputer operating systems'
"Chairperson Robinson announced that DTIS internally hired the new Security Manager, Jeana Pieralde. He stated that a memo went out asking departments who their IT security contact person with the plan to implement a security IT work group within the City"
"The office from which Pieralde removed the hard drive belonged to DTIS Security Officer Nancy Hastings (who naturally was not present in the office because the "security audit" was being conducted after hours.)
Terry Childs had returned late to the offices (which do include his office and do not include Jeana Pieralde's office) at about 5:15 P.M. to find Jeana Pieralde (who does not work in those offices) taking a hard drive from one of Terry's co-workers offices. Terry photographed this act with the camera in his cellphone.
Jeana Pieralde then involved DTIS Deputy Director Rich Robinson. Rich called Terry and told him to stop taking pictures.
Three days later (Monday) both Rich Robinson and Jeana Pieralde filed complaints of threats with the San Francisco police department and Police Inspector James Ramsey was assigned to the case. No charges have ever been filed against Terry Childs for the alleged threats (which included the statement "I'm ready for you Rich. Or I can come up to your office.")"
"5. Mr. Childs clashed with the new Security Manager on the subject of authentication and control, which led to poor formal review"
In early June, Terry Childs sent repeated complaints of incompetency regarding a supervisor (Herb Tong) to that supervisor's superiors. When nothing was done about the informal complaints, Terry Childs filed a formal complaint regarding the supervisor (Herb Tong.) It was several weeks later, on the 20th of June that the reported clash with the new (position created and filled just this year) Security Manager (Jeana Pieralde) occurred.
The Security Manager position was new. Jeana Pieralde was promoted from a prior position within DTIS to the Security Manager position. Jeana Pieralde no longer worked in the same offices with Terry Childs. He returned to those offices on the evening of June 20th, 2008 after normal office hours (which end at 5 P.M.) to find Jeana Pieralde removing a hard drive from someone else's office. She claimed to be performing an unannounced audit.
Jeana Pieralde is the author of a proposed security policy for the city which is still waiting for committee review. That security policy, if accepted, may one day give Jeana Pieralde specific authority to perform audits and perhaps even to have administrative control over city communications networks.
The US got side tracked with the Apollo project and putting a man on the moon before the commies. If they continued developmental on the X-15, then we may have had a reliable space plane a lot sooner.
Among the several distinct ways to alter Knoppix, the one likely to be of broadest interest is remastering, during which you can substitute your own software for a portion of that on the standard Knoppix CD-ROM
"The emails and IMs also seem to show that Google knew about this plan when it bought YouTube for $1.65 billion in 2006"
Everyone and his dog 'knew' there was copyrighted material on Youtube. What Google 'knew' is moot. Googles actions and policies at the time are most relevent. According to the actual text of the emails, Google strongly opposed profiting from 'pirated material'. And elsewhere it shows that content owners were actively uploading content. "we've uploaded boatloads of clips onto YouTube for distribution", Viacom. If this is The Most Damning Information Viacom Dug Up On Google And YouTube, then not much is all I can say.
slide 23 162. In a June 28, 2006 email to numerous other Google executives, Google vice president of content partnerships David Eun stated: "as Sergey pointed out at our last GPS, is changing policy [t]o increase traffic knowing beforehand that we'll profit from illegal [d]ownloads how we want to conduct business? Is this Googley?
slide 24
Google executive Partic Walker and email listing the "Top 10 reasons why we shouldn't stop screening for copyright violations," including: "1. It crosses the threshold of Don't be Evil to facilitate distribution of other people's intellectual property, and possible even allowing monetization of it by somebody who doesn't own the copyright";
"2. Just growing any traffic is a bad idea. This policy will drive us to build a giant index of pseudo porn, lady punches, and copyrighted material..."'
"3. We should be able to win on features, a better [user interface] technology, advertising relationships - not just policy, It's a cop out to resort to dis-rob-ution";
"7. it makes it more difficult to do content deals with you have an index of pirated material.
"This book is an exciting history of the personal computer revolution. Early personal computing, the "first" personal computer, invention of the microprocessor at Intel and the first microcomputer are detailed.
It also traces the evolution of the personal computer from the hardware and software hacker, to its use as a consumer appliance on the Internet. This is the only book that provides such comprehensive coverage. It not only describes the hardware and software, but also the companies and people who made it happened"
> Wikipedia. With all the inherent problems of self-proclaimed authorities who don't know what they're talking about..
Wikipedia isn't an open source project, it's an online collaborative encyclopedia. Mediawiki on the other hand is the software project that powers Wikipedia.
"To strengthen the future cybersecurity environment by.. working to define and develop strategies to deter hostile or malicious activity in cyberspace"
How about designing an Operating System that strictly differenciates between code and data - and don't download code from the Internet, except from a well defined whitelist of known secure and verified sources. And don't allow the excecution of code by clicking on a URL or opening an email attachment.
"The EINSTEIN 2 capability enables analysis of network flow information to identify potential malicious activity while conducting automatic full packet inspection of traffic entering or exiting U.S. Government networks for malicious activity using signature-based intrusion detection technology"
Except enumerating badness is a bad idea, and if the computers didn't arbiterarly execute code coming in off the Internet then you wouldn't need to analysis of network flow of information. Such a monitoring system itself being open to abuse. Your one stop shop to hacking the entire grid.
"I hope you guys realize that this is Amazon's and MS way to battle iTunes? I think the iPad was the final push that Amazon needed to fall for going to Microsoft"
Please describe the correlation between Amazons core business and the iPad and iTunes and why Microsoft's Tablet computer and Microsoft's own online music service, the Zune Marketplace music service
'It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."'
Does this botnet attack also work on non Linux based routers and if so the what is the logic behind the subject line ?
"It's not as dumb as you may think. Security is based on a layered approach. If your firewall was down for some reason then the next layer of "security" would be your web app security.."
Let me introduce you to the six dumbest ideas in computer security. What are they? They're the anti-good ideas. They're the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers. Where do anti-good ideas come from? They come from misguided attempts to do the impossible - which is another way of saying "trying to ignore reality." Frequently those misguided attempts are sincere efforts by well-meaning people or companies who just don't fully understand the situation..
> one of these PCI scanning companies asked us to take down our iptables rules for a set time period while they scanned us
Can you gave examples of companies that scan companies in the manner you describe. My understanding is that to achieve PCI compliance, you fill in a bunch of forms. I mean Heartland Payment Systems were PCI compliance, and look what happened to them.
> being PCI compliant is meaningless from a security point of view? You can perform a Web app scan, check the box on your PCI audit, and still have the security posture of Swiss cheese on your Web app!"
Print this out and stick it on the wall, for the next time your PHB starts waffling on about compliance..:)
What desktop Operating System does this Pushdo botnet require to operate ?
"Once executed the malware first tests to see if it's currently running as the hardcoded value "rs32net.exe" in the system folder (C:\Windows\System32 by default)"
> There's some kvetching in the NPR story's comments that it's not the first use of cave radios, but that seems to miss the point..
It is a valid point - not the first ues. It does demonstrate skill for a sixteen-year-old to be ables to design and construpt the device. An amalgam of VLF radio and a digital device. Communication underground has always been a problem. Leaky lines are one such solution, either active or passive.
"We urge our government and our courts to allow no corporation to circumvent copyright law or dictate the terms of that control"
Except the book deal has no effect what so ever on the authors copyright. They have the same control as before. The copyright holder can opt-out at any time. The campaign against the Google Books, is being orchestrated by you.know.who.
"I have worked with hundreds of NZ schools IT in my career"
In what capacity, what are the names of these schools.
The schools with Linux networks BURN CASH on consultants.."
Absolute rubbish, once a Linux server is installed and configured, (and baring hardware failure)it just runs. Perhaps you should have consulted the people at Albany Senior High School.
The tight time frame -- two weeks for evaluation, one week for design and two weeks for implementation -- didn't create too much disruption, Brennan said. "Although everything wasn't as polished as it could have been, when the school opened all of the core functionality was there. And it's been running for a year with no significant intervention. It hasn't really been touched in any fundamental way since then"
Where do you get your 'BURN CASH on consultants' from. Come again.. perhaps you aren't very good at your job.
"This school is new as such has lots of startup funding.."
Where does it say they had lots of startup funding and running for a year is hardly new.
"The secrecy surrounding the expected Apple tablet computer is only the latest example of the company's famously closed and controlling culture.. How can a company whose philosophy of information sharing is so at odds with that of most of its customers be so successful?"
The only people bitching about Apple are a certain company in Redmond who Apple won't let 'innovate on the iPod. That is Apple uses its own FairPlay instead of the 'industry standard' Windows Media DRM (ha haa haaa). Apples main crime being making money out of online music without paying the Microsoft tax.
"Company gets built around an innovative idea by a bunch of enthusiastic experts, grows big because it actually sells useful products that make peoples lives easier" ,
Yea, 'the innovative idea' was buying DOS from Seattle Computers and licensing it to IBM and their idea of selling useful products was to make sure running third party software on WinDOS was a jolting experience.
Slashdot Mirror
Sounds like you've went routing through the Bugzilla archive :)
Can we see a picture of your
`Similar 8.3 file naming schemes have also existed on earlier CP/M, Atari, and some Data General and Digital Equipment Corporation minicomputer operating systems'
"Chairperson Robinson announced that DTIS internally hired the new Security Manager, Jeana Pieralde. He stated that a memo went out asking departments who their IT security contact person with the plan to implement a security IT work group within the City"
Why are there no reports about others involved in this case?
"The office from which Pieralde removed the hard drive belonged to DTIS Security Officer Nancy Hastings (who naturally was not present in the office because the "security audit" was being conducted after hours.)
Terry Childs had returned late to the offices (which do include his office and do not include Jeana Pieralde's office) at about 5:15 P.M. to find Jeana Pieralde (who does not work in those offices) taking a hard drive from one of Terry's co-workers offices. Terry photographed this act with the camera in his cellphone.
Jeana Pieralde then involved DTIS Deputy Director Rich Robinson. Rich called Terry and told him to stop taking pictures.
Three days later (Monday) both Rich Robinson and Jeana Pieralde filed complaints of threats with the San Francisco police department and Police Inspector James Ramsey was assigned to the case. No charges have ever been filed against Terry Childs for the alleged threats (which included the statement "I'm ready for you Rich. Or I can come up to your office.")"
"5. Mr. Childs clashed with the new Security Manager on the subject of authentication and control, which led to poor formal review"
In early June, Terry Childs sent repeated complaints of incompetency regarding a supervisor (Herb Tong) to that supervisor's superiors. When nothing was done about the informal complaints, Terry Childs filed a formal complaint regarding the supervisor (Herb Tong.) It was several weeks later, on the 20th of June that the reported clash with the new (position created and filled just this year) Security Manager (Jeana Pieralde) occurred.
The Security Manager position was new. Jeana Pieralde was promoted from a prior position within DTIS to the Security Manager position. Jeana Pieralde no longer worked in the same offices with Terry Childs. He returned to those offices on the evening of June 20th, 2008 after normal office hours (which end at 5 P.M.) to find Jeana Pieralde removing a hard drive from someone else's office. She claimed to be performing an unannounced audit.
Jeana Pieralde is the author of a proposed security policy for the city which is still waiting for committee review. That security policy, if accepted, may one day give Jeana Pieralde specific authority to perform audits and perhaps even to have administrative control over city communications networks.
Please dig deeper into this story"
The US got side tracked with the Apollo project and putting a man on the moon before the commies. If they continued developmental on the X-15, then we may have had a reliable space plane a lot sooner.
Except the vast majority of phishing attacks are throug malware being downloaded in email attachments and clicking on URLs in Internet Explorer.
Among the several distinct ways to alter Knoppix, the one likely to be of broadest interest is remastering, during which you can substitute your own software for a portion of that on the standard Knoppix CD-ROM
Is there a link to a working exploit ?
"The emails and IMs also seem to show that Google knew about this plan when it bought YouTube for $1.65 billion in 2006"
..."'
Everyone and his dog 'knew' there was copyrighted material on Youtube. What Google 'knew' is moot. Googles actions and policies at the time are most relevent. According to the actual text of the emails, Google strongly opposed profiting from 'pirated material'. And elsewhere it shows that content owners were actively uploading content. "we've uploaded boatloads of clips onto YouTube for distribution", Viacom. If this is The Most Damning Information Viacom Dug Up On Google And YouTube, then not much is all I can say.
slide 23
162. In a June 28, 2006 email to numerous other Google executives, Google vice president of content partnerships David Eun stated: "as Sergey pointed out at our last GPS, is changing policy [t]o increase traffic knowing beforehand that we'll profit from illegal [d]ownloads how we want to conduct business? Is this Googley?
slide 24
Google executive Partic Walker and email listing the "Top 10 reasons why we shouldn't stop screening for copyright violations," including: "1. It crosses the threshold of Don't be Evil to facilitate distribution of other people's intellectual property, and possible even allowing monetization of it by somebody who doesn't own the copyright";
"2. Just growing any traffic is a bad idea. This policy will drive us to build a giant index of pseudo porn, lady punches, and copyrighted material
"3. We should be able to win on features, a better [user interface] technology, advertising relationships - not just policy, It's a cop out to resort to dis-rob-ution";
"7. it makes it more difficult to do content deals with you have an index of pirated material.
"This book is an exciting history of the personal computer revolution. Early personal computing, the "first" personal computer, invention of the microprocessor at Intel and the first microcomputer are detailed.
It also traces the evolution of the personal computer from the hardware and software hacker, to its use as a consumer appliance on the Internet. This is the only book that provides such comprehensive coverage. It not only describes the hardware and software, but also the companies and people who made it happened"
> Wikipedia. With all the inherent problems of self-proclaimed authorities who don't know what they're talking about ..
Wikipedia isn't an open source project, it's an online collaborative encyclopedia. Mediawiki on the other hand is the software project that powers Wikipedia.
"To strengthen the future cybersecurity environment by .. working to define and develop strategies to deter hostile or malicious activity in cyberspace"
How about designing an Operating System that strictly differenciates between code and data - and don't download code from the Internet, except from a well defined whitelist of known secure and verified sources. And don't allow the excecution of code by clicking on a URL or opening an email attachment.
"The EINSTEIN 2 capability enables analysis of network flow information to identify potential malicious activity while conducting automatic full packet inspection of traffic entering or exiting U.S. Government networks for malicious activity using signature-based intrusion detection technology"
Except enumerating badness is a bad idea, and if the computers didn't arbiterarly execute code coming in off the Internet then you wouldn't need to analysis of network flow of information. Such a monitoring system itself being open to abuse. Your one stop shop to hacking the entire grid.
"I hope you guys realize that this is Amazon's and MS way to battle iTunes? I think the iPad was the final push that Amazon needed to fall for going to Microsoft"
.. :)
Please describe the correlation between Amazons core business and the iPad and iTunes and why Microsoft's Tablet computer and Microsoft's own online music service, the Zune Marketplace music service
-- spinn it all you can
'It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."'
Does this botnet attack also work on non Linux based routers and if so the what is the logic behind the subject line ?
"From the comments I've read, it seems that it's only the Windows XP boxes that were infected with virus and other nasties that are BSODing"
Where does it say that only infected Windows X/P boxes are BSODing ?
"It's not as dumb as you may think. Security is based on a layered approach. If your firewall was down for some reason then the next layer of "security" would be your web app security .."
..
The Six Dumbest Ideas in Computer Security
Let me introduce you to the six dumbest ideas in computer security. What are they? They're the anti-good ideas. They're the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers. Where do anti-good ideas come from? They come from misguided attempts to do the impossible - which is another way of saying "trying to ignore reality." Frequently those misguided attempts are sincere efforts by well-meaning people or companies who just don't fully understand the situation
> one of these PCI scanning companies asked us to take down our iptables rules for a set time period while they scanned us
Can you gave examples of companies that scan companies in the manner you describe. My understanding is that to achieve PCI compliance, you fill in a bunch of forms. I mean Heartland Payment Systems were PCI compliance, and look what happened to them.
> being PCI compliant is meaningless from a security point of view? You can perform a Web app scan, check the box on your PCI audit, and still have the security posture of Swiss cheese on your Web app!"
Print this out and stick it on the wall, for the next time your PHB starts waffling on about compliance .. :)
Who pioneered the WEB
What desktop Operating System does this Pushdo botnet require to operate ?
"Once executed the malware first tests to see if it's currently running as the hardcoded value "rs32net.exe" in the system folder (C:\Windows\System32 by default)"
> There's some kvetching in the NPR story's comments that it's not the first use of cave radios, but that seems to miss the point ..
It is a valid point - not the first ues. It does demonstrate skill for a sixteen-year-old to be ables to design and construpt the device. An amalgam of VLF radio and a digital device. Communication underground has always been a problem. Leaky lines are one such solution, either active or passive.
Put the project up on sourceforge and post a link to it. What's the name again ?
"We urge our government and our courts to allow no corporation to circumvent copyright law or dictate the terms of that control"
Except the book deal has no effect what so ever on the authors copyright. They have the same control as before. The copyright holder can opt-out at any time. The campaign against the Google Books, is being orchestrated by you.know.who.
"I have worked with hundreds of NZ schools IT in my career"
.."
.. perhaps you aren't very good at your job.
.."
..
In what capacity, what are the names of these schools.
The schools with Linux networks BURN CASH on consultants
Absolute rubbish, once a Linux server is installed and configured, (and baring hardware failure)it just runs. Perhaps you should have consulted the people at Albany Senior High School.
The tight time frame -- two weeks for evaluation, one week for design and two weeks for implementation -- didn't create too much disruption, Brennan said. "Although everything wasn't as polished as it could have been, when the school opened all of the core functionality was there. And it's been running for a year with no significant intervention. It hasn't really been touched in any fundamental way since then "
Where do you get your 'BURN CASH on consultants' from. Come again
"This school is new as such has lots of startup funding
Where does it say they had lots of startup funding and running for a year is hardly new.
"Posting AC for obvious reasons"
Because you're talking total bullshit
"The secrecy surrounding the expected Apple tablet computer is only the latest example of the company's famously closed and controlling culture .. How can a company whose philosophy of information sharing is so at odds with that of most of its customers be so successful?"
The only people bitching about Apple are a certain company in Redmond who Apple won't let 'innovate on the iPod. That is Apple uses its own FairPlay instead of the 'industry standard' Windows Media DRM (ha haa haaa). Apples main crime being making money out of online music without paying the Microsoft tax.
"Company gets built around an innovative idea by a bunch of enthusiastic experts, grows big because it actually sells useful products that make peoples lives easier"
,
Yea, 'the innovative idea' was buying DOS from Seattle Computers and licensing it to IBM and their idea of selling useful products was to make sure running third party software on WinDOS was a jolting experience.