I also managed to copy CD2 of MoHAA with no problems... Can't remember if I used my CD-ROM drive (some cheapy brand... maybe Delta) or my Plextor 8432T burner as the source, and obviously I used the Plextor to burn the image.
Forget which version of CloneCD I used, too... my system's been through a format & reinstall since then. Point is, I had no problems copying the CD either...
Actually, there was an interesting thread on one of the SecurityFocus mailing lists a few days ago (forget exactly which list). The thread was about 'spoofing' PGP/GPG signatures on messages.
Basically, the core of the argument was that most people don't bother to verify the signature, either because they don't have PGP/GPG, or because 'it looks authentic'. Essentially, it's quite easy to social engineer ANY message so that it looks 'authentic' (whether you're faking PGP signatures, or a virus-scan message, etc).
This is all just a (potential) advanced form of social engineering.
I know... I thought of this too when I saw the information content.
Firstly, the file was called "Document2.doc", with the same description. I wasn't going out of my way to download CC info.
Secondly, all e-commerce transactions record IP addresses. Obviously, I could (and probably WOULD) use a disposable dial-up account if I were going to do this, but they couldn't prove that it was me unless it came from my (more-or-less static) IP.
Thirdly, I contacted the owner of the card, informing them of the security breach. Enter "good samaritan" points.
Lastly, since the file is publically available on the FastTrack network, it could have been any one of a million or more people, anywhere in the world, who might have used the card.
Basically, in order to actually do anything, they would need to catch me, personally, in the act of using that information.
Agreed, the potential is still there, but I'm not too concerned at this point.
Actually, as a case-in-point: I just did a search in Kazaa Lite for ".doc", and came back with a whole pile of results. Downloaded a bunch just for kicks (I'm in the process of emailing the owners where possible... let's see how many get the hint.:), and believe it or not, one of the files was a copy-and-pasted e-commerce order confirmation. The real kicker? This document listed FULL credit card information (name on card, card type, card number, expiry date, billing address, everything).
Indeed... this past winter I rescued a machine that a friend had thrown out. He just chucked in onto the snow bank, awaiting garbage collection. I happened to go over about a day later, and saw this machine sitting there, full of snow. I asked him if I could take it, and he said "go ahead".
Took it home, took everything apart, cleared out the snow and wiped the worst of the moisture off... wait a few hours until it dried completely. Put it back together, boot up... everything worked great. Promptly got Linux installed on it, and it's currently one of my file servers.;)
"To allow remedies that would make Windows modular would simply force Microsoft to remove Windows off the market. It would require significant re-engineering of the entire product, a task that could take years."
"Does anyone really charge for CPU time anymore? It's gotten to be almost "too cheap to meter"."
On a small scale, that's more-or-less true. However, if I'm not mistaken, you can 'buy' processing time on superc{ompute,luste}rs for computationally expensive tasks. For example, a science lab that needed lots of processing power for a few weeks (and it wasn't feasible to buy/build their own system) could 'purchase' those few weeks worth of CPU time on a big iron.
Of course, I believe that you buy 100% CPU time for X amount of time, instead of being charged a 'total accumulated usage per month' kind of thing...
"A device has to be primarily designed for the purpose of circumvention, or marketed for circumvention."
So... if I happened to write, say, code to drive a coffee machine, but it also happened to have 'features' to crack e-book encryption and add the ability to embed fonts, it would be OK?:)
It's primary purpose would be, after all, to make me some java. =)
"Sorta like how you can put a screw in a wall with a hammer -- you get the job done, but it's not exactly the way you want to do it and it could be a messy process."
Uh, bad analogy. You are, after all, talking to a community of people who routinely carry LARTs in their back pocket...
Well, there's something like, what, 5,000,000,000 people in the world now?
OK, let's take a MAC address... 6 bytes. 256 possible values per byte. So we end up with 256^6 = 281,474,976,710,656 possible values for MAC addresses.
That's about 5.6x10^4 times more possible MAC addresses than fingerprints currently on the planet... hmmm.
Plus, as others in this thread have pointed out, the METHOD of matching fingerprints isn't 100% exact, as they only match defining features, so the odds of finding a duplicate 'match' are increased.
"Do employers mistake an MCSE for a credible credential?"
In a word, yup. Wallet Diplomas can mean quite a lot, depending on the company... If you don't have a certain certificate, it's quite possible to be "pre-screened" by human resources, thus never getting an interview where you can actually SHOW that you know your stuff... sad, but true.
"I personally favour the idiot tax. All politicians favouring new and innovative taxes will give 50% of their earnings to NASA. That oughta fix it."
I think you should take that one step further with the 'Techlogist Pain and Suffering' tax, where those/certain/ politicians who favour technology bills about which they have NO clue have to give the entire funding for their next 5 political campaigs to the technology sector for all the headaches they cause us. We will also get the right to beat them senseless at every opportunity and at our leisure. And just to set an example, we'll make this bill retroactive until... the DMCA.:)
Re:Yeah, yeah I didn't read the story
on
Lunar Power
·
· Score: 2
One thing you're forgetting: At *most*, only half of the moon's surface would be struck by light from the sun. The surface area of the moon is ~ 37,800,000 km^2 (let's just use your figure of 38,000,000 km^2 for argument's sake), so chop that in half gives you 19,000,000 km^2. 1% of that is 190,000 km^2... still a hella large area to cover.
The other point is that they don't mention how they arrived at that 13,000 terawatt figure... is that the average instantaneous energy levels? Maybe it's the annual cumulative total? These, and a variety of other factors, influence how much of the actual surface area would need to be covered in solar panels to attain that "1% harnessed" figure.
This is still a massive undertaking, and has "vapourware" marked all over it. $150,000,000,000 (or more!) for the project to break even? Ouch. Give me the money instead!:)
IIRC, *.localdomain. is used for individual hosts only; localhost.localdomain is always bound to the loopback interface in my boxen. I don't know if it would work for whole networks... ???
Besides... it doensn't have the same ring to it. 'hermes.localdomain' or 'hermes.local.lan' (or as I had it before, 'hermes.local.net'). Might be just me, but I think the latter has a nicer sound to it.
Back In The Day(tm) when I was first setting up my home network, I didn't know jack shit about DNS. I knew it resolved names to IP addresses, but I didn't _really_ understand how it all worked. So I figured... I'm on a network, and it's local, so my domain is gonna be 'local.net'. Worked great. Then one day I got a flash of inspiration... 'whois local.net'. A *real* domain record came back with that domain name. Whoops. I very quickly changed everything over to 'local.lan' instead, before I caused any headaches.;)
Slashdot Mirror
I also managed to copy CD2 of MoHAA with no problems... Can't remember if I used my CD-ROM drive (some cheapy brand... maybe Delta) or my Plextor 8432T burner as the source, and obviously I used the Plextor to burn the image.
Forget which version of CloneCD I used, too... my system's been through a format & reinstall since then. Point is, I had no problems copying the CD either...
- Jester
"break some windows"
No need to strain yourself; the factory pre-breaks them for you now.
- Jester
Actually, there was an interesting thread on one of the SecurityFocus mailing lists a few days ago (forget exactly which list). The thread was about 'spoofing' PGP/GPG signatures on messages.
Basically, the core of the argument was that most people don't bother to verify the signature, either because they don't have PGP/GPG, or because 'it looks authentic'. Essentially, it's quite easy to social engineer ANY message so that it looks 'authentic' (whether you're faking PGP signatures, or a virus-scan message, etc).
This is all just a (potential) advanced form of social engineering.
- Jester
Just out of curiosity, what were the bank's and customer's reactions when you told them? Were they simply grateful, or did they threaten legal action?
- Jester
I know... I thought of this too when I saw the information content.
Firstly, the file was called "Document2.doc", with the same description. I wasn't going out of my way to download CC info.
Secondly, all e-commerce transactions record IP addresses. Obviously, I could (and probably WOULD) use a disposable dial-up account if I were going to do this, but they couldn't prove that it was me unless it came from my (more-or-less static) IP.
Thirdly, I contacted the owner of the card, informing them of the security breach. Enter "good samaritan" points.
Lastly, since the file is publically available on the FastTrack network, it could have been any one of a million or more people, anywhere in the world, who might have used the card.
Basically, in order to actually do anything, they would need to catch me, personally, in the act of using that information.
Agreed, the potential is still there, but I'm not too concerned at this point.
- Jester
Actually, as a case-in-point: :), and believe it or not, one of the files was a copy-and-pasted e-commerce order confirmation. The real kicker? This document listed FULL credit card information (name on card, card type, card number, expiry date, billing address, everything).
I just did a search in Kazaa Lite for ".doc", and came back with a whole pile of results. Downloaded a bunch just for kicks (I'm in the process of emailing the owners where possible... let's see how many get the hint.
Scary.
- Jester
Actually, I think that at least one of those lines will invoke the long processing cycle... I forget the exact number, but wasn't it 10^7 years?
Wait a sec... 'Britney Spears' and 'song' fit together in the same sentence? I'm not sure that that's what *I* would call it.....
Indeed... this past winter I rescued a machine that a friend had thrown out. He just chucked in onto the snow bank, awaiting garbage collection. I happened to go over about a day later, and saw this machine sitting there, full of snow. I asked him if I could take it, and he said "go ahead".
;)
Took it home, took everything apart, cleared out the snow and wiped the worst of the moisture off... wait a few hours until it dried completely. Put it back together, boot up... everything worked great. Promptly got Linux installed on it, and it's currently one of my file servers.
"To allow remedies that would make Windows modular would simply force Microsoft to remove Windows off the market. It would require significant re-engineering of the entire product, a task that could take years."
Uh, this is bad... how?
"I wouldn't want to play Return to Castle Wolfenstein in text mode."
You mean you don't play TTYquake???
"Does anyone really charge for CPU time anymore? It's gotten to be almost "too cheap to meter"."
On a small scale, that's more-or-less true. However, if I'm not mistaken, you can 'buy' processing time on superc{ompute,luste}rs for computationally expensive tasks. For example, a science lab that needed lots of processing power for a few weeks (and it wasn't feasible to buy/build their own system) could 'purchase' those few weeks worth of CPU time on a big iron.
Of course, I believe that you buy 100% CPU time for X amount of time, instead of being charged a 'total accumulated usage per month' kind of thing...
Going to that link,
"Our apologies...
The document you requested does not exist on this server or cannot be served.
It is possible you typed the address incorrectly, or that the page no longer exists.
"
- Jester
"Writing new programs that do the same thing would also make it quite annoying for them..."
:)
Hmm.... first person to write an implementation in Brainfuck gets a cookie.
"A device has to be primarily designed for the purpose of circumvention, or marketed for circumvention."
:)
So... if I happened to write, say, code to drive a coffee machine, but it also happened to have 'features' to crack e-book encryption and add the ability to embed fonts, it would be OK?
It's primary purpose would be, after all, to make me some java. =)
- Jester
"Sorta like how you can put a screw in a wall with a hammer -- you get the job done, but it's not exactly the way you want to do it and it could be a messy process."
Uh, bad analogy. You are, after all, talking to a community of people who routinely carry LARTs in their back pocket...
- Jester
Well, there's something like, what, 5,000,000,000 people in the world now?
OK, let's take a MAC address... 6 bytes. 256 possible values per byte. So we end up with 256^6 = 281,474,976,710,656 possible values for MAC addresses.
That's about 5.6x10^4 times more possible MAC addresses than fingerprints currently on the planet... hmmm.
Plus, as others in this thread have pointed out, the METHOD of matching fingerprints isn't 100% exact, as they only match defining features, so the odds of finding a duplicate 'match' are increased.
- Jester
"Do employers mistake an MCSE for a credible credential?"
In a word, yup. Wallet Diplomas can mean quite a lot, depending on the company... If you don't have a certain certificate, it's quite possible to be "pre-screened" by human resources, thus never getting an interview where you can actually SHOW that you know your stuff... sad, but true.
"and not what has been posted into their closed minds for years."
The word you're looking for is 'purchased'.
- Jester
"elementary school playground"
Two words: 'Political Arena'
- Jester
"200x181x280mm" ... "the latest aluminum cube from Shuttle"
As the object is a cube,
200 = 181 = 280
Therefore,
200 = 181
19 = 0
and
280 = 181
99 = 0
Therefore,
99 = 19
80 = 0
Cool... I like these new cubes. Next lesson: Using the circumference of a Pepsi can to disprove the theory of relativity.
- Jester
"I personally favour the idiot tax. All politicians favouring new and innovative taxes will give 50% of their earnings to NASA. That oughta fix it."
/certain/ politicians who favour technology bills about which they have NO clue have to give the entire funding for their next 5 political campaigs to the technology sector for all the headaches they cause us. We will also get the right to beat them senseless at every opportunity and at our leisure. And just to set an example, we'll make this bill retroactive until... the DMCA. :)
I think you should take that one step further with the 'Techlogist Pain and Suffering' tax, where those
One thing you're forgetting: At *most*, only half of the moon's surface would be struck by light from the sun. The surface area of the moon is ~ 37,800,000 km^2 (let's just use your figure of 38,000,000 km^2 for argument's sake), so chop that in half gives you 19,000,000 km^2. 1% of that is 190,000 km^2... still a hella large area to cover.
:)
The other point is that they don't mention how they arrived at that 13,000 terawatt figure... is that the average instantaneous energy levels? Maybe it's the annual cumulative total? These, and a variety of other factors, influence how much of the actual surface area would need to be covered in solar panels to attain that "1% harnessed" figure.
This is still a massive undertaking, and has "vapourware" marked all over it. $150,000,000,000 (or more!) for the project to break even? Ouch. Give me the money instead!
IIRC, *.localdomain. is used for individual hosts only; localhost.localdomain is always bound to the loopback interface in my boxen. I don't know if it would work for whole networks... ???
Besides... it doensn't have the same ring to it. 'hermes.localdomain' or 'hermes.local.lan' (or as I had it before, 'hermes.local.net'). Might be just me, but I think the latter has a nicer sound to it.
- Jester
They don't even have to be popular domains.
;)
Back In The Day(tm) when I was first setting up my home network, I didn't know jack shit about DNS. I knew it resolved names to IP addresses, but I didn't _really_ understand how it all worked. So I figured... I'm on a network, and it's local, so my domain is gonna be 'local.net'. Worked great. Then one day I got a flash of inspiration... 'whois local.net'. A *real* domain record came back with that domain name. Whoops. I very quickly changed everything over to 'local.lan' instead, before I caused any headaches.
- Jester