I'm not trying to understand it. I'm trying to find security flaws and that that's why it's called a "security audit
A code backdoor is NOT a "security flaw"! Any decent C programmer can spot a buffer overflow in 20 minutes, but very few programmers could spot an obsticated backdoor in a major application like a relational database system without a major investigation by a dedicated team of people!
Why is it you seem to think you know anything about security analysis? Do you do this for a living? Well I have
Well I'm a security consultant and could probably spot a hole in a set of firewall rules in 20 minutes, but it doesn't mean I could find a route through a unicode vulnerability in a www server, which accesses an open share on another server, which has trusted access through another firewall to a back-end Oracle system in 20 minutes... I'd be looking at at least a 5 day penetration test for that!
Please stop being defensive, and stand back and look at this particular situation!
In order to stop a compiler from adding any thing to your program is to compile the compiler from source code
Unless the compiler source has no obsticated backdoors of course.
The solution is to have a basic compiler written in Assembler. This way you do not need to start with a binary compiler that you can know with 100% is clean of any bad things
And now you assume that more than about 1% (if even that) of the programming community have the skill to analyze 20000 lines of assembler looking for backdoors! I'd much rather try and find a backdoor in 30000 lines of C than 20000 lines of assembler.
Well unless your average k1dd13 can now write decent SQL scripts and understand the relationships in your database, then I don't think they will get very far.
Backdoors are a far less frightening phenomenon for security professionals than trained crackers who don't rely on downloading their 'sploits from usenet.
Open source made imposible such things
All the pro-Open Source people having been going on for longer than I can remember about needing Open Source to prevent back-doors being inserted in software, so the original company (or insert-law-enforcement-office-here) can access your data after you buy the product.
What happens here? The software is Open Sourced and no-one actually looks to see if there are any backdoors hidden in it!
Another possibility is that the backdoor is coded in such an obscure fashion that it is extremely difficult to detect. If we ever do get the source to Exchange or SQL Server, I'm not sure we would be capable of detecting whatever backdoor code exists without a massive gdb workout, and even then we would be pushed to find it.
Remember: Security through obscurity sucks big time, but if we don't even bother to check when the item is not obscure then we look like the fools.
the more competition there is between chip makers, the sooner we will have faster more efficient machines, so I'm all for it
Unfortunately the history of computers has shown us that increased competition can also lead to overcrowding in a very saturated market, and the most interesting technology dissapears because the manufacturer can't market it properly (i.e. put the most spin on it).
Draw parallels with the home computer market of the late 80s for instance.
I think competition between AMD and Intel is great, but I'm not sure the market can handle any more big-scale players - hey... look at Citrix: they have all but disappeared to the average PC consumer.
You mean you missed the news that BMG just bought a share of Napster? Looks like they haven't lasted long enough for you.
I agree with your principles, I just think you are being horribly naive. The Internet is 0wn3d by the corporations: it's their bandwidth. Unfortunately this limits how much fun we can have on it!
It's not going to change anytime soon... maybe if you band together using wireless trancievers to create your own network, where you develop new protocols & interfaces. Maybe then you will get what you want.
Personally i don't sit in front of a unix box at work and get to write stuff out to raw sockets.
// joke: Then get yourself a job where they don't make you use Visual DevKit;-)
Seriously though, my main point is that work is what you can make it. It all sucks bigstyle, and the only reason we do it is for the money. If you don't get a chance to express your talents (i.e. hacking) doing your contracted work, then maybe you should think about selling yourself to some other companies where they will care for your attitude.
This is exactly what I did: I didn't pretend I was some model professional, I just conviced them I think in a roundabout way that seems to inspire myself and others into straightforward solutions to complex problems. I'm an Internet security consultant for a 5000 employee firm of consultants, and I get away with murder mainly because I'm one of the few who hasn't had any sort of corporate brainwashing... I think this helps me be the person I am. I don't mean to belittle your job or position in any way, I just think you should do something about it:-)
Re:Why is it necessary to serve alcohol?
on
Hacking The City
·
· Score: 2
Your comment I'm sensitive to alcohol-fueled people and hope to never meet one or be near one again softens my attitude, as I do not know you or your experience, but surely then it's a matter of changing societies perception of alchohol, to stop the mindless acts which sometimes go along with it's consumption.
Christ, I live in Scotland, and all we have to put up with is drunken thugs wrecking your evening's entertainment. Contrast: I'm in Hong Kong working just now, and the people here take it much easier, and hence I've yet to come across any alchohol related incidents.
On a similar note however, I'm having much less of a good time than I would back home;-)
There are no clubs which are alchohol free because the majority of people your age would probably excercise their choice and not attend them.
I tell you what, make millions through an IPO and then you can open your own!
So you believe hackers who make money will change the world? If so, then where is the progress... it's certainly not because jwz is opening a k3wl club in SF.
No my friend, the people who will change the world are the same people who got us in the god-awfull mess we are all in at the moment:
The oil companies, the tobacco companies, the industrial conglomerates, and the corporate-pleasing weak governments that everyone in the West is inflicting upon its own citizens.
These are the organisations which have to be changed in order for us to progess. These are the companies driven by the profits.
I grew up as a kid reading sci-fi books and hoping we would all be wearing space-suits and being nice to each other, but now I'm a world-weary 29 year old who has seen the devestation for myself.
Maybe, just maybe we are starting to see a sea-change in attitudes amongst the huge industrials, but I really don't think we'll see the difference at a metropolitan level for another 20 years.
Re:Why is it necessary to serve alcohol?
on
Hacking The City
·
· Score: 3
Why would an innovative club be serving alcohol? I don't attend clubs that serve alcohol and would be happy to attend one like the new DNA if it didn't.
Sorry.... let me get this right... you're saying you will not go to a club because it serves alchohol?
Why the hell not?! I can only think of three reasons:
a) You are not yet old enough to drink
b) You are a recovering alchoholic and the mere site of vodka will send you crashing out on a huge drinking binge or
c) You take so much E the drink will dehydrate you.
What next? Are you gonna propose they take away all the alchohol licenses?
I thought life was about choices. If you don't drink, then fine, you don't have to! The last I checked they don't put a funnel down your throat and pour the stuff in while you lay pinned down by 5 big guys, although that would most certainly be a choice you could make also;-)
Hey man: glad to see you are keeping it real. I'm sure as hell glad I don't sit next to your sorry ass in an office all day, while you do your work for the "man" and your paycheck.
I hack at work. I hack to solve problems I am working on, and I hack around to pass the time when I'm bored. Just because you are in an office/salaried environment does not mean you can't hack to progress/have fun/slack.
I believe that the only way to create the next wave of Rock n' Roll bands is too rebirth the small to medium size venues that the Nirvana's, Pearl Jam's, and Tea Party's started
God save us from any more of this crap! If closing down the small clubs will stop us having to endure any more mince like this, then I'm gonna invest my money in bulldozers!
At least in the UK our bands have some character left;-) Anyway: I cannot believe somewhere the size of SF does not still have at least 10-20 small venues where bands go play for beer, and the doorman doubles as the DJ?
these individuals have suddenly become imbued with omniscience because they are not only hackers, but rich hackers?
Insightfull comment. Why?
If we take the media image of the geek (someone who forgets to wash and shuns society), and then try to figure out what happens when they make $$$$, why the hell would we conclude that they will try to save the world?
Much more likely they will: further shun society buy a small Polynesian Island build a huge laser gun get the obligitary white cat Install massive alarm/self-destruct system ...and start issuing ultimatums to world governments!!
MY GOD! Take their money away now!!
Fantastic editing of the article ....
on
Hacking The City
·
· Score: 4
The article says Jamie was 29 on April Fools Day 1999, but now he's 32?
Did we slip through some cosmic wormhole while I was on the sauce last night???
I agree entirely with your sentiments, but when you got a minimal percentage of the desktop market few companies will be willing to spend the cash developing drivers for you. They're far more concerned with getting the thing to market in a timely manner.
Besides, they probably have a busload of cheap PC developers to use, as opposed to trying to find decent UNIX people.
Surely it will be a few years before DVD writers become "affordable" i.e. cheap enough for your friendly neighbourhood pirate, and secondly it says the data rate is ~7Gb / hour which is far greater than DVD.
In this case you would need to re-master the saved video to DVD compression levels, and I cannot imagine the affordable/warez-versions-of-products are a patch on the quality the commercial mastering facilities use.
Half of the point of HDTV is the picture quality, which monitors do a much better job of showing than typical tvs do (as you already know if you have a tv card). I'd pay just to get rid of the ugly fuzziness.
I can't get used to watching movies on a DVD never mind a computer monitor because it's so sharp... I grew up getting used to the fuzziness, so anything else looks alien! I'm not sure if it's the colour separation, or just that it looks too "focused".
Slashdot Mirror
I'm not trying to understand it. I'm trying to find security flaws and that that's why it's called a "security audit
... I'd be looking at at least a 5 day penetration test for that!
A code backdoor is NOT a "security flaw"! Any decent C programmer can spot a buffer overflow in 20 minutes, but very few programmers could spot an obsticated backdoor in a major application like a relational database system without a major investigation by a dedicated team of people!
Why is it you seem to think you know anything about security analysis? Do you do this for a living? Well I have
Well I'm a security consultant and could probably spot a hole in a set of firewall rules in 20 minutes, but it doesn't mean I could find a route through a unicode vulnerability in a www server, which accesses an open share on another server, which has trusted access through another firewall to a back-end Oracle system in 20 minutes
Please stop being defensive, and stand back and look at this particular situation!
In order to stop a compiler from adding any thing to your program is to compile the compiler from source code
Unless the compiler source has no obsticated backdoors of course.
The solution is to have a basic compiler written in Assembler. This way you do not need to start with a binary compiler that you can know with 100% is clean of any bad things
And now you assume that more than about 1% (if even that) of the programming community have the skill to analyze 20000 lines of assembler looking for backdoors! I'd much rather try and find a backdoor in 30000 lines of C than 20000 lines of assembler.
Well unless your average k1dd13 can now write decent SQL scripts and understand the relationships in your database, then I don't think they will get very far.
Backdoors are a far less frightening phenomenon for security professionals than trained crackers who don't rely on downloading their 'sploits from usenet.
Off to modify some router ACLs to log and drop...
Ack! You're gonna choke your router if you keep adding ACLs
Open source made imposible such things
All the pro-Open Source people having been going on for longer than I can remember about needing Open Source to prevent back-doors being inserted in software, so the original company (or insert-law-enforcement-office-here) can access your data after you buy the product.
What happens here? The software is Open Sourced and no-one actually looks to see if there are any backdoors hidden in it!
Another possibility is that the backdoor is coded in such an obscure fashion that it is extremely difficult to detect. If we ever do get the source to Exchange or SQL Server, I'm not sure we would be capable of detecting whatever backdoor code exists without a massive gdb workout, and even then we would be pushed to find it.
Remember: Security through obscurity sucks big time, but if we don't even bother to check when the item is not obscure then we look like the fools.
It won't sound better because everything is Sony though ...
:-P
Buy a great quality low power Amp like a NAD rather than a high power low quality Amp like a Sony if you want a really good system.
The only decent quality things Sony makes are TVs and Minidisk players.
the more competition there is between chip makers, the sooner we will have faster more efficient machines, so I'm all for it
... look at Citrix: they have all but disappeared to the average PC consumer.
Unfortunately the history of computers has shown us that increased competition can also lead to overcrowding in a very saturated market, and the most interesting technology dissapears because the manufacturer can't market it properly (i.e. put the most spin on it).
Draw parallels with the home computer market of the late 80s for instance.
I think competition between AMD and Intel is great, but I'm not sure the market can handle any more big-scale players - hey
You mean you missed the news that BMG just bought a share of Napster? Looks like they haven't lasted long enough for you.
... maybe if you band together using wireless trancievers to create your own network, where you develop new protocols & interfaces. Maybe then you will get what you want.
I agree with your principles, I just think you are being horribly naive. The Internet is 0wn3d by the corporations: it's their bandwidth. Unfortunately this limits how much fun we can have on it!
It's not going to change anytime soon
Personally i don't sit in front of a unix box at work and get to write stuff out to raw sockets.
// joke: Then get yourself a job where they don't make you use Visual DevKit ;-)
:-)
Seriously though, my main point is that work is what you can make it. It all sucks bigstyle, and the only reason we do it is for the money. If you don't get a chance to express your talents (i.e. hacking) doing your contracted work, then maybe you should think about selling yourself to some other companies where they will care for your attitude.
This is exactly what I did: I didn't pretend I was some model professional, I just conviced them I think in a roundabout way that seems to inspire myself and others into straightforward solutions to complex problems. I'm an Internet security consultant for a 5000 employee firm of consultants, and I get away with murder mainly because I'm one of the few who hasn't had any sort of corporate brainwashing... I think this helps me be the person I am. I don't mean to belittle your job or position in any way, I just think you should do something about it
Your comment I'm sensitive to alcohol-fueled people and hope to never meet one or be near one again
;-)
softens my attitude, as I do not know you or your experience, but surely then it's a matter of changing societies perception of alchohol, to stop the mindless acts which sometimes go along with it's consumption.
Christ, I live in Scotland, and all we have to put up with is drunken thugs wrecking your evening's entertainment.
Contrast: I'm in Hong Kong working just now, and the people here take it much easier, and hence I've yet to come across any alchohol related incidents.
On a similar note however, I'm having much less of a good time than I would back home
There are no clubs which are alchohol free because the majority of people your age would probably excercise their choice and not attend them.
I tell you what, make millions through an IPO and then you can open your own!
So you believe hackers who make money will change the world? If so, then where is the progress ... it's certainly not because jwz is opening a k3wl club in SF.
No my friend, the people who will change the world are the same people who got us in the god-awfull mess we are all in at the moment:
The oil companies, the tobacco companies, the industrial conglomerates, and the corporate-pleasing weak governments that everyone in the West is inflicting upon its own citizens.
These are the organisations which have to be changed in order for us to progess. These are the companies driven by the profits.
I grew up as a kid reading sci-fi books and hoping we would all be wearing space-suits and being nice to each other, but now I'm a world-weary 29 year old who has seen the devestation for myself. Maybe, just maybe we are starting to see a sea-change in attitudes amongst the huge industrials, but I really don't think we'll see the difference at a metropolitan level for another 20 years.
Why would an innovative club be serving alcohol? I don't attend clubs that serve alcohol and would be happy to attend one like the new DNA if it didn't.
.... let me get this right ... you're saying you will not go to a club because it serves alchohol?
;-)
Sorry
Why the hell not?! I can only think of three reasons:
a) You are not yet old enough to drink
b) You are a recovering alchoholic and the mere site of vodka will send you crashing out on a huge drinking binge or
c) You take so much E the drink will dehydrate you.
What next? Are you gonna propose they take away all the alchohol licenses?
I thought life was about choices. If you don't drink, then fine, you don't have to! The last I checked they don't put a funnel down your throat and pour the stuff in while you lay pinned down by 5 big guys, although that would most certainly be a choice you could make also
coding for someone else is not hacking
Hey man: glad to see you are keeping it real.
I'm sure as hell glad I don't sit next to your sorry ass in an office all day, while you do your work for the "man" and your paycheck.
I hack at work. I hack to solve problems I am working on, and I hack around to pass the time when I'm bored. Just because you are in an office/salaried environment does not mean you can't hack to progress/have fun/slack.
Maybe he only wants to own his own club because he was stuck "working 16 hour days" at Netscape while the rest of us were out at clubs, on the sauce.
:-)
I predict the sad, forlorn site of a 32 year old trying to wow 20-something pop-kids with his tales of the old "battles" with RMS over EMACS
The kids, however, will be far too busy sending text messages to their fridges over their WAP phones to care.
I believe that the only way to create the next wave of Rock n' Roll bands is too rebirth the small to medium size venues that the Nirvana's, Pearl Jam's, and Tea Party's started
;-)
God save us from any more of this crap! If closing down the small clubs will stop us having to endure any more mince like this, then I'm gonna invest my money in bulldozers!
At least in the UK our bands have some character left
Anyway: I cannot believe somewhere the size of SF does not still have at least 10-20 small venues where bands go play for beer, and the doorman doubles as the DJ?
these individuals have suddenly become imbued with omniscience because they are not only hackers, but rich hackers?
...and start issuing ultimatums to world governments!!
Insightfull comment. Why?
If we take the media image of the geek (someone who forgets to wash and shuns society), and then try to figure out what happens when they make $$$$, why the hell would we conclude that they will try to save the world?
Much more likely they will:
further shun society
buy a small Polynesian Island
build a huge laser gun
get the obligitary white cat
Install massive alarm/self-destruct system
MY GOD! Take their money away now!!
The article says Jamie was 29 on April Fools Day 1999, but now he's 32?
Did we slip through some cosmic wormhole while I was on the sauce last night???
I'm currently sitting in an office in Hong Kong gazing over the rain-soaked harbour, and nursing a huge hangover from a night of over-excess.
;-)
I just read this article and have realised the insignificance of my being... it's too much!!
Please can you warn other readers like myself before trying to blow our minds early on Sunday Mornings. Otherwise many of us will lose our minds
Getting on topic: I wish I had listened much more in those physics classes I failed!
Um. How did you get in? I checked the logs but didn't find anything!
Hah! I deleted your logs right after I installed my ph34rsome r00tK1t. Your IP address is being broadcast on irc channel:5uX0r right now!
i watch a circa 1979 12 inch black and white tv.
Now that is retro!
Yes, but the rest of us who don't live at home, and actually have their own places tend to have a lounge with a TV in it.
... the last thing I need is more whirring fans.
My lounge is my chill-out area where I can get away from computers
I agree entirely with your sentiments, but when you got a minimal percentage of the desktop market few companies will be willing to spend the cash developing drivers for you. They're far more concerned with getting the thing to market in a timely manner.
Besides, they probably have a busload of cheap PC developers to use, as opposed to trying to find decent UNIX people.
note: following comments from Scotland
What's this "TV" thing??? Will it replace my wire-less which myself and the family sit round, playing cards and 'knitting' ??!
Surely it will be a few years before DVD writers become "affordable" i.e. cheap enough for your friendly neighbourhood pirate, and secondly it says the data rate is ~7Gb / hour which is far greater than DVD.
In this case you would need to re-master the saved video to DVD compression levels, and I cannot imagine the affordable/warez-versions-of-products are a patch on the quality the commercial mastering facilities use.
Half of the point of HDTV is the picture quality, which monitors do a much better job of showing than typical tvs do (as you already know if you have a tv card). I'd pay just to get rid of the ugly fuzziness.
... I grew up getting used to the fuzziness, so anything else looks alien! I'm not sure if it's the colour separation, or just that it looks too "focused".
I can't get used to watching movies on a DVD never mind a computer monitor because it's so sharp
Hell maybe I'm just weird!