Actually, the link was to a story that discussed this ruling as it applies to media, which, I assume, is why it was posted. It gives a good, easy to see, reason why this is a bad thing. Even the regular Joe Public can understand that the media is supposed to be able to print anything.. this shows that they in fact (thanks to the DMCA) cannot.
Of course the error is with the admins, that is not what this story was about. As far as I'm concerned the onus is on the person that sets up a piece of software to change (or at least look at) the defaults.
This story was about (and I agree with the slant), that the general media hopped all over Pirahna for including a default password, and have not mentioned the fact that SQL server (which hosts a bunch more sites than Pirahna) has a very similar vulnerability.
Or did you just skip all the Pirahna stuff at the start?
I for one enjoyed reading it, if only to get his side of it. Yes, most of the comments he made were already brought up on \. in the multiple stories that have been posted, but in this case you're getting it from the source..
You'll probably notice a pattern: it's all targetted at high-tech groups.. groups, like us. Computers can be used to "terrorize" people? Take down wall street? Crash planes? We've heard it all. Yet, despite all the hype, none of these things have happened. Most errors out there are due to human stupidity - but rather than blame themselves, many organizations choose to use the hype to create their own escape goat. Enter, "The Hacker". A mystical entity nobody can see that seems to have no motivations for anything, yet goes out on wonton destruction. The image falls apart under any scrutiny, yet most people are willing to just accept it - who cares, just gimme my SUV and big screen TV.
This is media hype, it's not the government - it's not the FBI, yes most people believe it, but those are not people that matter. You are trying to use the fact that the media jumps all over some new buzzword of the day to convince me that some government branch is targetting high-tech users?
Of course, I don't like the email kiosks being sniffed, but don't try to convince me there is a big government push to persecute the high-tech crowd..
Get your hands on some Big Rock beer (from Alberta) - pretty much any flavor, now there is some good stuff.
Trad on tap.. mmmm.. ok, enough, must go find one.
Exactly, this is not a hack, nor a crack, nor anyting but a script for a script kiddie. It's the same deal with the STS (Slashdot trolling system) - that's nothing special, just a perl script that posts messages. Hell, I'm just a beginner in perl, but I could write these scripts pretty easily..
It's hard to explain what was happening at kuro5hin to someone that has never seen it. The stories that were submitted there were seen and voted on by all users. If the story was good and got lots of +1 votes, it was posted, otherwise it was not posted. Rusty (the maintainer) did not want to stop anonymous story posting because kuro5hin would lose a lot of good stories. They did ban IP's that these were coming from, but the attacker had many to come from. Blocking subnets was the same deal.
Ahh, ok, I had you confused with the AC that asked why we were crying about this site on slashdot.
Plain and simple fact is this story got posted because Hemos likes kuro5hin. Apparently there are a lot of/. readers that do as well. Hence an outcry goes up. This is in addition to the fact that kuro5hin is a similar community to/.
I assume you're talking about kuro5hin and saying they are lusers. It's probably all a troll, but I'm having a hard time keeping myself from replying.
No, it was not a T1, it was an SDSL connection. They worked VERY hard a security. Inoshiro has some EXCELLENT articles about how to secure a machine. This is NOT a DOS attack in the traditional sense - ie ping flood etc... This is a case of someone abusing the submit story button. The kuro5hin site was based on users voting on what stories they wanted to see make it to the front page. It was a good system, someone abused it, now it's gone.
The difference is.. I LIKED kuro5hin. A lot. The other sites I could care less about. When I heard that Yahoo had gone down I couldn't care less, just was curious about the media hype that would occur. When I visited Kuro5hin this morning (before seeing this) I felt like somehad had reached into my stomach, grabbed the vital parts and twisted them around a little bit. There is your difference.
The article states: I have not fully covered Slackware and Debian, with their ridiculously slow release schedules
Well OK fine, but if you're depending on a RELEASE to update packages that have security problems, you are already compromised. Give me a break. I use Slackware - I subscribe to their security mailing list, (mail majordomo@slackware.com with subscribe slackware-security in body) when something happens that requires a patch, they mail me. Sure, they don't put out major releases all that quickly, but they still keep on track of security.
I'm sure Debian has the same type of system. To exclude these 2 distros from this review seems kind of inane.
Slashdot Mirror
Here is a screenshot pre-change (assuming this isn't a hoax).
Actually, the link was to a story that discussed this ruling as it applies to media, which, I assume, is why it was posted. It gives a good, easy to see, reason why this is a bad thing. Even the regular Joe Public can understand that the media is supposed to be able to print anything.. this shows that they in fact (thanks to the DMCA) cannot.
I Am Candadian..
and nope.. I choose "Aerosmith is"
however in the context of "The band members of Aerosmith" - it would be "are"..
Of course the error is with the admins, that is not what this story was about. As far as I'm concerned the onus is on the person that sets up a piece of software to change (or at least look at) the defaults.
This story was about (and I agree with the slant), that the general media hopped all over Pirahna for including a default password, and have not mentioned the fact that SQL server (which hosts a bunch more sites than Pirahna) has a very similar vulnerability.
Or did you just skip all the Pirahna stuff at the start?
I for one enjoyed reading it, if only to get his side of it. Yes, most of the comments he made were already brought up on \. in the multiple stories that have been posted, but in this case you're getting it from the source..
Something like the little dogs from Snow Crash..
Actually, it probably stems from here, which of course was written in 97, the rise of the empire is mentioned in there.
Someone has already reserved the domain name
Do you like green eggs and ham?
Looks like Big Rock is distributed in some areas in the states:
Here is a map showing distributors in Canada and the states..
You'll probably notice a pattern: it's all targetted at high-tech groups.. groups, like us. Computers can be used to "terrorize" people? Take down wall street? Crash planes? We've heard it all. Yet, despite all the hype, none of these things have happened. Most errors out there are due to human stupidity - but rather than blame themselves, many organizations choose to use the hype to create their own escape goat. Enter, "The Hacker". A mystical entity nobody can see that seems to have no motivations for anything, yet goes out on wonton destruction. The image falls apart under any scrutiny, yet most people are willing to just accept it - who cares, just gimme my SUV and big screen TV.
This is media hype, it's not the government - it's not the FBI, yes most people believe it, but those are not people that matter. You are trying to use the fact that the media jumps all over some new buzzword of the day to convince me that some government branch is targetting high-tech users?
Of course, I don't like the email kiosks being sniffed, but don't try to convince me there is a big government push to persecute the high-tech crowd..
Get your hands on some Big Rock beer (from Alberta) - pretty much any flavor, now there is some good stuff. .. mmmm.. ok, enough, must go find one.
Trad on tap
VMS is a text based role-playing game.. if you win you can use *nix.
;-)
Actually, I have worked with and like both.
Exactly, this is not a hack, nor a crack, nor anyting but a script for a script kiddie. It's the same deal with the STS (Slashdot trolling system) - that's nothing special, just a perl script that posts messages. Hell, I'm just a beginner in perl, but I could write these scripts pretty easily..
But, it's not a bug that took kuro5hin down. Everything that was used in the spamming of kuro5hin was coded into kuro5hin intentionally.
ie: open story submission, anonymous posting...
Slashdot doesn't - try browsing at -1 sometime..
The code they use is scoop
It's hard to explain what was happening at kuro5hin to someone that has never seen it. The stories that were submitted there were seen and voted on by all users. If the story was good and got lots of +1 votes, it was posted, otherwise it was not posted. Rusty (the maintainer) did not want to stop anonymous story posting because kuro5hin would lose a lot of good stories. They did ban IP's that these were coming from, but the attacker had many to come from. Blocking subnets was the same deal.
Actually IIRC they were blocking just single IP's vs full subnets.
Actually, I think I corrected you on scoop as well. /. from last week.
That article is a week old. It was talking about the article on
So far not a peep on scoop regarding the takedown of kuro5hin. I can't irc out from here (work) or I'd check out their irc channel for some info.
This is exactly how kuro5hin.org
Ahh, ok,
/. readers that do as well. Hence an outcry goes up. This is in addition to the fact that kuro5hin is a similar community to /.
I had you confused with the AC that asked why we were crying about this site on slashdot.
Plain and simple fact is this story got posted because Hemos likes kuro5hin. Apparently there are a lot of
Actually scoop is still up, most of the discussions about moderation/site maintenance/code sits there.
I assume you're talking about kuro5hin and saying they are lusers. It's probably all a troll, but I'm having a hard time keeping myself from replying.
No, it was not a T1, it was an SDSL connection.
They worked VERY hard a security. Inoshiro has some EXCELLENT articles about how to secure a machine. This is NOT a DOS attack in the traditional sense - ie ping flood etc... This is a case of someone abusing the submit story button. The kuro5hin site was based on users voting on what stories they wanted to see make it to the front page. It was a good system, someone abused it, now it's gone.
The difference is..
I LIKED kuro5hin.
A lot.
The other sites I could care less about. When I heard that Yahoo had gone down I couldn't care less, just was curious about the media hype that would occur.
When I visited Kuro5hin this morning (before seeing this) I felt like somehad had reached into my stomach, grabbed the vital parts and twisted them around a little bit.
There is your difference.
The article states:
I have not fully covered Slackware and Debian, with their ridiculously slow release schedules
Well OK fine, but if you're depending on a RELEASE to update packages that have security problems, you are already compromised. Give me a break. I use Slackware - I subscribe to their security mailing list, (mail majordomo@slackware.com with subscribe slackware-security in body) when something happens that requires a patch, they mail me. Sure, they don't put out major releases all that quickly, but they still keep on track of security.
I'm sure Debian has the same type of system.
To exclude these 2 distros from this review seems kind of inane.
Bah.. done my rant.