One way to get around a measure like this is to obtain a surface which can reflect EM radiation at 2.4ghz, such as AMQ coated polycarbonates or crystalline-structured metallics. By using a small set of these "mirrors" at strategic locations, you could fool the software into thinking you're actually receiving from inside the CEO's office.
Since most modern triangulation techniques, including Ekahau's, depend on standard mathematical models of radius delta-reduction, it's trivial to set up your reflectors in such a way that the tracking mechanism can't deduce a logical place for your signal to originate from. Hopefully as location-spoofing becomes more commonplace, the government won't enact any laws restricting the use or registration of EM reflective surfaces.
This isn't very well known, but since 1987 a federal law passed by the US Congress has made loans backed by stock options restricted in a new format, usually referred to by accountant types as SBLT (Stock-based loan t-something, I forget).
SBLT loans are required to be approve by a small regulatory body. Once they've been approved, the entity receiving the loan can be held accountable for up to 50% of the capital put forth. This, of course, is all a subset of existing loan laws that the article talks about.
Companies like Enron have been abusing CEO power by using corruption in the SBLT authoritative body to pass loans that usually wouldn't have gone through, creating some loans with sketchy backgrounds. Unfortunately, the Bush administration's recent laws to enforce "corporate trust" have failed to address this situation, leaving many stock holders in the cold. Buyer beware!
Second, learn how to use the right form of quotation marks
Back to the point - what is so difficult about bolting down your wireless access point? MAC address filtering is available on pretty much every AP/router, and unless you're having LAN parties every weekend and can't be bothered to add each person's card, you have no reason not to have a secured point of access.
Warchalking gave me a great idea - on Halloween, kids should bring chalk and mark the paths to houses - different symbols for "gives money", "gives soy milk", or "gives good candy"!
It's clear at this point that the standard "SI" or metric system is no longer sufficient to describe the events in today's world. As such, the "PS", or "Pop Science" unit system is defined below for those interested by this handy guide
Information Old Unit: bit New Unit: Library of Congress
Time Interval Old Unit: second New Unit: eye-blink
Number of Particles Old Unit: mole New Unit: handful
Width (small distances) Old Unit: millimeter New Unit: human hair
Length (large distances) Old Unit: meter, kilometer New Unit: football field
Volume Old Unit: cubic centimeter, liter New Unit: football stadium
Energy Old Unit: joule New Unit: 100-watt-lightbulb-second
Mass Old Unit: gram, kilogram New Unit: CowboyNeal
And the other ~fifty-thousand people that died today? Maybe you should give a good word for all of them (since you knew all of them personally, right?)
Boy, it sure would be a shame of thousands of/.'ers happened to come across the cell phone numbers of the people involved in this, and they were flooded with calls that were billed at their expense...yep, sure would be a shame...
Can we stop with the "Foo blah blah DMCA foo!" jokes already? The first 600 or so were funny (ok maybe not), but it's getting old. Especially when the subject matter has nothing to do with copy control circumvention or the ??AA businesses
If I put a cool fountain up in my front yard, it's all well and good for people seeing it who happen to go down my street. It's in public view, and I like it that way. The analogous/. effect is that thousands of people flock to my house overnight and trample my grass and block the driveway so I can't get out of my house. It's a major inconvenience and not appropriate
Check again, WH_GETMESSAGE filters are explicitly allowed to modify messages
Quoth MSDN: The GetMsgProc hook procedure can examine or modify the message. After the hook procedure returns control to the system, the GetMessage or PeekMessage function returns the message, along with any modifications, to the application that originally called it.
This includes modifying the message parameter itself (set to WM_NULL, WM_GETCHICKEN, etc.)
Correct me if I'm wrong but I'm pretty sure that PostMessage puts a message on the queue whereas SendMessage skips the queue and gets handled straight by the application without examination No. Both place messages in the queue, the difference is that PostMessage does not give you the return value of the message (and hence does not block).
I think you misunderstand that. WPARAM is a fixed size double word (4 bytes) Exactly, but for the message EN_SETLIMIT, this is not a pointer.
AFAIK, if you don't handle the callback feature (99% of apps), you get the default handling which is to execute the code as the article describes Which is why we would block timer messages with a callback parameter
You shouldn't be running terminal servers on your DB machine or webserver anyway, or be allowing random strangers with floppy disks to approach the machines. The total overhead would be probably about as much as your average virus scanner, and worse for UI intensive apps.
I think the real point is that virus scanners worth their salt will detect this anyway -- how often does a user need to paste hex data into a textbox? Blocking any paste operation with characters resembling machine code would be yet another reasonable work-around. "Not fixable" is FUD, this time directed at MS
The basic idea would be to install a WM_GETMESSAGE hook. Contrary to what the writer believes, all messages must go through the queue. No two ways about it. At the hook level, we just examine the message and look for suspicious activity. Simplistically, all that really needs to happen is to look for EM_SETLIMIT and cap the WPARAM at some small value. It might also be good to remove callback addresses from WM_TIMER, or add verification (is the destination address part of the loaded executable space?). Most applications won't use the callback feature of WM_TIMER anyway.
What's to prevent an administrator from installing a Message Hook that eats all EN_* or WM_TIMER messages sent between processes? Since your DLL would be living in each process space, you could detect inter-process message sending and block the attack from ever leaving the Shatter process. I don't see any reason why this shouldn't work
Slashdot Mirror
One way to get around a measure like this is to obtain a surface which can reflect EM radiation at 2.4ghz, such as AMQ coated polycarbonates or crystalline-structured metallics. By using a small set of these "mirrors" at strategic locations, you could fool the software into thinking you're actually receiving from inside the CEO's office.
Since most modern triangulation techniques, including Ekahau's, depend on standard mathematical models of radius delta-reduction, it's trivial to set up your reflectors in such a way that the tracking mechanism can't deduce a logical place for your signal to originate from. Hopefully as location-spoofing becomes more commonplace, the government won't enact any laws restricting the use or registration of EM reflective surfaces.
This isn't very well known, but since 1987 a federal law passed by the US Congress has made loans backed by stock options restricted in a new format, usually referred to by accountant types as SBLT (Stock-based loan t-something, I forget).
SBLT loans are required to be approve by a small regulatory body. Once they've been approved, the entity receiving the loan can be held accountable for up to 50% of the capital put forth. This, of course, is all a subset of existing loan laws that the article talks about.
Companies like Enron have been abusing CEO power by using corruption in the SBLT authoritative body to pass loans that usually wouldn't have gone through, creating some loans with sketchy backgrounds. Unfortunately, the Bush administration's recent laws to enforce "corporate trust" have failed to address this situation, leaving many stock holders in the cold. Buyer beware!
Not to offend our one-eyed readers, but some of us have this thing called depth perception that does, in fact, make driving a 3d experience.
Hey moderators -- don't bogart that fine product you're smoking. Share!
The correct spelling of the country's name only has one 'e'. Mod me down as redudant when everyone else posts this, please!
YHBT
YHL
HAND
A Method For Reforming A Patent Office
doh!
Microsoft OLE DB Provider for ODBC Drivers error '80040e4d'
/articles.asp, line 107
[Microsoft][ODBC Microsoft Access Driver] Too many client tasks.
Slashdotted with 3 comments posted. Apparently the webserver is wireless and runs on batteries, too
First off, it's "Nokia" not "Nokie"
Second, learn how to use the right form of quotation marks
Back to the point - what is so difficult about bolting down your wireless access point? MAC address filtering is available on pretty much every AP/router, and unless you're having LAN parties every weekend and can't be bothered to add each person's card, you have no reason not to have a secured point of access.
Warchalking gave me a great idea - on Halloween, kids should bring chalk and mark the paths to houses - different symbols for "gives money", "gives soy milk", or "gives good candy"!
It's clear at this point that the standard "SI" or metric system is no longer sufficient to describe the events in today's world. As such, the "PS", or "Pop Science" unit system is defined below for those interested by this handy guide
Information
Old Unit: bit
New Unit: Library of Congress
Time Interval
Old Unit: second
New Unit: eye-blink
Number of Particles
Old Unit: mole
New Unit: handful
Width (small distances)
Old Unit: millimeter
New Unit: human hair
Length (large distances)
Old Unit: meter, kilometer
New Unit: football field
Volume
Old Unit: cubic centimeter, liter
New Unit: football stadium
Energy
Old Unit: joule
New Unit: 100-watt-lightbulb-second
Mass
Old Unit: gram, kilogram
New Unit: CowboyNeal
More units will be assigned as they are needed
Is this some prank to /. this guy's page?
10:45 am. Greater Things News coverage has logged 1000 visits
*insert sound of maniacal laughter here*
And the other ~fifty-thousand people that died today? Maybe you should give a good word for all of them (since you knew all of them personally, right?)
I think this is proof that the function representing the quality of "Ask Slashdot" questions over time is a strictly decreasing function
Boy, it sure would be a shame of thousands of /.'ers happened to come across the cell phone numbers of the people involved in this, and they were flooded with calls that were billed at their expense...yep, sure would be a shame...
Can we stop with the "Foo blah blah DMCA foo!" jokes already? The first 600 or so were funny (ok maybe not), but it's getting old. Especially when the subject matter has nothing to do with copy control circumvention or the ??AA businesses
http://angryflower.com/bobsqu.gif
/.
The possesive form of "it" does not have an apostrophe ("The cat licked its paws" not "it's paws")
Not a grammar nazi, I just play one on
If I put a cool fountain up in my front yard, it's all well and good for people seeing it who happen to go down my street. It's in public view, and I like it that way. The analogous /. effect is that thousands of people flock to my house overnight and trample my grass and block the driveway so I can't get out of my house. It's a major inconvenience and not appropriate
Where can I get a night vision enhancement module for this with HUD and distance finder?
How about you just be thankful for having working eyes at all? It's something too many of us take for granted
If the urban legend of Walt Disney being cryogenically-preserved under Disneyland's Pirates of Penzance amusement ride were true [it isn't],
Well, of course that's not true. He's frozen under the Teacups ride!
Can it really be true that the best tool we have for heavy duty computing is a 25 year old language
Can it really be true that the best tool we have for driving nails is a 3000 year old piece of wood with metal on the end?
Check again, WH_GETMESSAGE filters are explicitly allowed to modify messages
Quoth MSDN:
The GetMsgProc hook procedure can examine or modify the message. After the hook procedure returns control to the system, the GetMessage or PeekMessage function returns the message, along with any modifications, to the application that originally called it.
This includes modifying the message parameter itself (set to WM_NULL, WM_GETCHICKEN, etc.)
Correct me if I'm wrong but I'm pretty sure that PostMessage puts a message on the queue whereas SendMessage skips the queue and gets handled straight by the application without examination
No. Both place messages in the queue, the difference is that PostMessage does not give you the return value of the message (and hence does not block).
I think you misunderstand that. WPARAM is a fixed size double word (4 bytes)
Exactly, but for the message EN_SETLIMIT, this is not a pointer.
AFAIK, if you don't handle the callback feature (99% of apps), you get the default handling which is to execute the code as the article describes
Which is why we would block timer messages with a callback parameter
You shouldn't be running terminal servers on your DB machine or webserver anyway, or be allowing random strangers with floppy disks to approach the machines. The total overhead would be probably about as much as your average virus scanner, and worse for UI intensive apps.
I think the real point is that virus scanners worth their salt will detect this anyway -- how often does a user need to paste hex data into a textbox? Blocking any paste operation with characters resembling machine code would be yet another reasonable work-around. "Not fixable" is FUD, this time directed at MS
The basic idea would be to install a WM_GETMESSAGE hook. Contrary to what the writer believes, all messages must go through the queue. No two ways about it. At the hook level, we just examine the message and look for suspicious activity. Simplistically, all that really needs to happen is to look for EM_SETLIMIT and cap the WPARAM at some small value. It might also be good to remove callback addresses from WM_TIMER, or add verification (is the destination address part of the loaded executable space?). Most applications won't use the callback feature of WM_TIMER anyway.
What's to prevent an administrator from installing a Message Hook that eats all EN_* or WM_TIMER messages sent between processes? Since your DLL would be living in each process space, you could detect inter-process message sending and block the attack from ever leaving the Shatter process. I don't see any reason why this shouldn't work