The combination of your statement and your sig makes it clear that you are one of those people who has to be dragged kicking and screaming into the future. You weren't like that when you were young, were you?
I think it's pretty clear when he means: the OS is becoming little more than the driver for the dumb-terminal you use to access your web-based applications. Stuff like file system management is pointless if all your data lives server-side in web apps.
You can go after his terminology in a display of petty pedantry, but it doesn't change the fact that what he is saying is becoming increasingly the way things are. We may not be there yet. We may not ever get there. But that is certainly where the momentum is.
There is a difference between writing "a few" botnets, and writing one that actually works. Yours didn't work. You didn't have a control channel sophisticated enough to scale and avoid standard security controls.
Have you actually studied botnets? Especially modern ones like conficker? To build one, you need to get an exploit working, you need to write the virus component so that it spreads, and you need to write the server (bot) component. You must also include some tricks to disable security software, and perhaps implement a code obfuscation process which can't be easily reverse-engineered. On top of all that, you MUST have a sophisticated method for controlling the botnet that is highly scalable, extremely difficult to track, and extremely difficult to disable by ISPs.
This isn't something that requires a super genius, but it's not something most college-educated entry-level programmers would be able to even do. Senior-level programmers would have trouble with it, as well. It's not kid's stuff.
Point 1: Building and managing a botnet is not just "exploit[ing] a known security hole."
Point 2: Your statement that computer programming is not "skilled work" is just bizarre.
Point 3: Your statement that a "significant proportion" of "millions of coders" are unemployed isn't backed up by any evidence I've seen. Unemployment is high right now, but not among programmers.
There is probably no "they" about this. It's one unqualified middle manager who realized how badly he screwed up and is now having some sort of panic attack.
Botnets can be profitable, however, someone skilled enough to write the malware necessary for botnet creation could likely be making better money in the private sector with a real job and no jail risk (in the US, at least). Most of the stuff I see comes from Eastern Europe or Asia, where law enforcement is unlikely to prosecute and there aren't decent Software industries hiring people with programming talent.
So they make money by
sending spam
click-fraud (scamming web advertisers)
stealing CC numbers
DDoS extortion (yes, european banks have paid botnet owners' extortion demands to avoid getting DoSd.)
Grow up? Ha! A talentless admin from a small IT department who doesn't even understand how to operate a unix system properly is telling me to grow up? Truly funny.
If you use unix a bit longer, you may learn that running Ubuntu or Gentoo or whatever is not a requirement for hardening a unix system. You can harden anything, whether it ships that way by default or not.
You're one of those noob admins who just runs everything at its default, I see. Is Internet Explorer working out well for ya?
Surely there is nothing wrong with opening attachments from untrusted sources.
The real danger is in opening attachments from trusted sources. If this is used with an email worm, it will look like it is coming from your friends, coworkers, or any of your eight bosses. As a high priority, due yesterday, mission-critical action-item.
You must not work in a company with multiple unix admins. You sudo bash where I work and we'll fire your ass. When something breaks and nobody takes credit for it, everybody using sudo bash at that moment will be assumed equally liable.
Re:looks like it still loses history
on
BASH 4.0 Released
·
· Score: 1
Forensics. Real life digital forensics is not the ideal scenario you invent in your head. In real life, attackers break in, take what they want, and leave/spread. I've never seen one that spent any time bothering with rootkits or covering his tracks.
Never log in as root! Sudo exists for a reason, kids.
Re:looks like it still loses history
on
BASH 4.0 Released
·
· Score: 1
As an IT security analyst, I must say I agree with you 1000%. ".bash_history" is a feature with so much potential, but remains a smelly, misleading turd.
Absolutely not! Overload a user with information and you get a trained clicker. Only unencrypted authentication information should trigger warning/are-you-sure UI.
We don't need an alternative to SSL. We need browsers to implement proper UI. The user MUST be made aware if clicking a button would transmit a password in cleartext. The user MUST be made aware exactly which domain they are connected to during an SSL session. On a large busy screen, a tiny bit of text in a corner is the wrong way to do this.
Even US trademark law does not scale well to the Internet. I can't imagine the disaster GTLDs would be for international trademark disputes. The IP lawyers must be licking their lips at the thought of GTLDs.
Slashdot Mirror
The combination of your statement and your sig makes it clear that you are one of those people who has to be dragged kicking and screaming into the future. You weren't like that when you were young, were you?
I think it's pretty clear when he means: the OS is becoming little more than the driver for the dumb-terminal you use to access your web-based applications. Stuff like file system management is pointless if all your data lives server-side in web apps.
You can go after his terminology in a display of petty pedantry, but it doesn't change the fact that what he is saying is becoming increasingly the way things are. We may not be there yet. We may not ever get there. But that is certainly where the momentum is.
There is a difference between writing "a few" botnets, and writing one that actually works. Yours didn't work. You didn't have a control channel sophisticated enough to scale and avoid standard security controls.
Just what I never wanted.
Have you actually studied botnets? Especially modern ones like conficker? To build one, you need to get an exploit working, you need to write the virus component so that it spreads, and you need to write the server (bot) component. You must also include some tricks to disable security software, and perhaps implement a code obfuscation process which can't be easily reverse-engineered. On top of all that, you MUST have a sophisticated method for controlling the botnet that is highly scalable, extremely difficult to track, and extremely difficult to disable by ISPs.
This isn't something that requires a super genius, but it's not something most college-educated entry-level programmers would be able to even do. Senior-level programmers would have trouble with it, as well. It's not kid's stuff.
I disagree with you.
Point 1: Building and managing a botnet is not just "exploit[ing] a known security hole."
Point 2: Your statement that computer programming is not "skilled work" is just bizarre.
Point 3: Your statement that a "significant proportion" of "millions of coders" are unemployed isn't backed up by any evidence I've seen. Unemployment is high right now, but not among programmers.
There is probably no "they" about this. It's one unqualified middle manager who realized how badly he screwed up and is now having some sort of panic attack.
Botnets can be profitable, however, someone skilled enough to write the malware necessary for botnet creation could likely be making better money in the private sector with a real job and no jail risk (in the US, at least). Most of the stuff I see comes from Eastern Europe or Asia, where law enforcement is unlikely to prosecute and there aren't decent Software industries hiring people with programming talent.
So they make money by
Every software sales goon is busy fabricating reports which show significant cost difference between using their products and using Free products.
Grow up? Ha! A talentless admin from a small IT department who doesn't even understand how to operate a unix system properly is telling me to grow up? Truly funny.
If you use unix a bit longer, you may learn that running Ubuntu or Gentoo or whatever is not a requirement for hardening a unix system. You can harden anything, whether it ships that way by default or not.
You're one of those noob admins who just runs everything at its default, I see. Is Internet Explorer working out well for ya?
Welcome to slashdot!
The real danger is in opening attachments from trusted sources. If this is used with an email worm, it will look like it is coming from your friends, coworkers, or any of your eight bosses. As a high priority, due yesterday, mission-critical action-item.
In the era of 802.11N, that is a retarded idea.
If you were running things properly, there would not BE a root password.
No, but you would see it in off-system logs and network logs. Boy that anonymous coward is a clever guy, though! Hur hur!
You must not work in a company with multiple unix admins. You sudo bash where I work and we'll fire your ass. When something breaks and nobody takes credit for it, everybody using sudo bash at that moment will be assumed equally liable.
Forensics. Real life digital forensics is not the ideal scenario you invent in your head. In real life, attackers break in, take what they want, and leave/spread. I've never seen one that spent any time bothering with rootkits or covering his tracks.
Never log in as root! Sudo exists for a reason, kids.
As an IT security analyst, I must say I agree with you 1000%. ".bash_history" is a feature with so much potential, but remains a smelly, misleading turd.
Out of principle, I refuse to use any product with an exclamation point its name. Join me, and let's fight this marketing evil together.
Absolutely not! Overload a user with information and you get a trained clicker. Only unencrypted authentication information should trigger warning/are-you-sure UI.
It is not a tacit admission. It is an implied admission.
Don't use words unless you know what they mean. It won't make you look smarter; you will screw it up and look even dumber.
You are wrong. It is impossible to MITM properly-implemented SSL without having access to a trusted CA.
We don't need an alternative to SSL. We need browsers to implement proper UI. The user MUST be made aware if clicking a button would transmit a password in cleartext. The user MUST be made aware exactly which domain they are connected to during an SSL session. On a large busy screen, a tiny bit of text in a corner is the wrong way to do this.
Even US trademark law does not scale well to the Internet. I can't imagine the disaster GTLDs would be for international trademark disputes. The IP lawyers must be licking their lips at the thought of GTLDs.
A game in 1980 and a game in 2009 are not comparable goods. That's like comparing a horse-drawn buggy to a space shuttle.