Here is my tinfoil hat statement:
Al Jazeera has become quite different over the last 24 months. I believe this is an attempt to start a media campain by big brother media to negate the rise in people reporting remote neural monitoring and synthetic telepathy cases which are meant to mimic the symptoms of psychosis. They are using Al Jazeera as "people trust al jazeera" to not be a puppet of big media which I now suspect they are.
http://www.mindjustice.org/ http://geeldon.wordpress.com/ http://en.wikipedia.org/wiki/Jared_Lee_Loughner
Fear of our privacy? Privacy is gone already, for some unlucky few completely. Tried posting this up at http://www.infowars.com/beware-lone-wolves-in-aftermath-of-bin-laden-killing-advisory-says/ where a few others were mentioning they are aware of remote neural monitoring. Unfortunately it is real and affect more and more people.
The best description of what it is like I have found here: http://www.mindjustice.org/2003_survey.htm
Start from “Reported mind control symptoms and descriptions include”
I will paste snips below for your enjoyment (ones that I personal identify with strongly):
Victims are subjected to various kinds of harassment and torture, twenty-four hours a day, seven days a week, for years on end.
Sometimes victims describe seeing the images of projected holograms. Thoughts can be read. Most victims describe a phenomenon they call “street theater.”
Note: for me street theatre only happened at the start to make me convinced everyone knew I was this person like that dumb movie where everyone watches your life. Took me some time to figure out the truth.
Implanted thoughts and visions are common.
Note: this is only happening to me recently, but I find these easy to identify and they only happen when I am in bed at home (in a place easy for them to control my surroundings)
Microwave hearing, known to be an unclassified military capability of creating voices in the head, is regularly reported.
Wrenching of house/building structures cause loud snapping or crackling noises, often heard at precisely the point where a victim is starting to doze off to sleep.
Note: used to stop you getting sleep or wake you up to limit your sleep and the main mode of torment they use on you once you realise what is going on and can somewhat defend your self mentally from the other attacks
Victims regularly report many types of bizarre and harassive remote manipulation of electrical equipment, phone, car, TV, and computers.
Note: I’ve found it takes them around 2 weeks to make a new modified version of any electronics I buy that assist me in trying to prove they are doing this unless I carry them on me 24 hours a day (such as mp3 player to play soft music while i sleep and a second to record any strange noises)
Hard to believe I know. Consider that the technology you see mostly is what is cheap enough to be consumerable... and that the secret state is somewhere from 10 to 25 years ahead of "known" science in these fields...
I think it is possible that one of the first "brain hacking" technologies will actually be to do with the voicebox as this will likely be simpler than working out different peoples brain structures.
Everyones voicebox works essentially the same and when thinking words signals are sent to the voicebox that are the same as but not as strong as the sigtnals used to cause speech.
Nasa already have this working for astronauts for speechless communication in space. See here
I think technologies to be able to monitor human thought to be quite scarey and quite useful at the same time. A device that could be placed inside someones throat and self powered somehow may be a deffinate big brother style thing, but it would be great to see this used for good purposes such as monitoring what politicians think when creating laws in parliment.
It just depends on the application.
Considering they are coming from an uninformed "I will believe the big company when it speaks" paradigm, you could come back with "Well, you may want to consider that Cisco Intrusion Detection Systems have been based on Linux for years and they have even started using Linux for the OS for thier Firewalls and new switches, as well as the Opensource Antivirus ClamAV as part of the Desktop security solution 'Cisco Security Agent'"....
While the statements itself say nothing regarding the security of these products it certainly is attacking the mindset of the purchasing goons for your company with something they will relate to.
Disclaimer: Yes I do work for Cisco.
I believe this is based on the Blue Pill attack (from the same person) which essentially is a hypervisor that mimics the underlying system to gain access to the encryption keys. The flaws in the attack are that it is complicated to fully mimic the underlying hardware in software, the main drawback being that the timings by the hardware would be out due to the software hypervisor layer and this may be detected by the underlying OS or software running underneath the hypervisor. However it may be possible to write a hypervisor that takes all things into account but this would be quite an extensive task. ie. it is quite complicated to do properly but fesible (from what I have read). Mimicing the underlying system and the software interface to this via a hypervisor would allow access to the encryption keys. The article says basically "this is first stage attack, will produce stage 2 when intel responds to this" so they obviously have not completed the extensive programming task to take all things into account.
Intel have known about this issue for some time as I asked one of their lead engineers the question a few months back if Trusted Execution was known to be totally secure and he basically said that theoritically it could be broken and told me to google "blue pill".
Herpes can be passed to the child while it is still in the womb from the mother. This was reported on sciencedaily some time ago. I am too lazy to look for the link sorry.
I think it would be fun to use something like this on Polititians while they are in session writing laws. I wonder what they are really thinking about?
How many audio streams of Polititians thoughts can we fit down a single cable connection?
These guys port scanned 36 million hosts connected to the Internet and published some of their findings.
It makes for a very interesting read especially the bit about when their Japanese team gets hacked into during the scan after apparently annoying someone in China a little bit after scanning their subnet blocks.
http://reactor-core.org/internet-audit.html
Perhaps most humans like to believe that they will not die once they establish a concept of dying and therefore will themselves to believe that there is likely something beyond death to ease their fear of death?
I know this sounds pretty far fetched but it is a posibility...
Sorry but I beg to differ. Firstly NAC is a framework not just the CTA agent. It is now part of Vista. Do you think MS would add a competing companies product/framwork client into their own OS if it was not already leading the way in its field. It is implemented in numerous Cisco products and has been integrated in to nearly every Antivirus product on the market, Kav and Nod32 being the only noteable exceptions at the moment that I'm aware of (and funnily enough probably the two best antivirus products at least in some peoples opinions).
The CTA agent for pre-vista windows is fully functional, free and has no issues other than configuration issues that I am aware of.
The idea of open sourcing would most likely be to allow the client support of other operating systems that currently have no support. There is currently a supported client for linux which as far as I am aware will continue to be supported.
Perhaps someone wants to write a client for less popular operating systems?
Its true that it doesn't ensure that the machine is not compromised and therefore the NAC framework can not ensure a host is not spoofing its nac posture, although they would require to have a valid certificate on the machine for the NAC/802.1x authentication to occur in the first place. However what it does do is ensure that when a new machine does enter the network it is not allowed onto the network in a vulnerable state and ensures that hosts already using the network stay updated quite effectively or do not gain network access outside a secured vlan.
In general it raises the bar significantly but is not an intrusion detection system. If you need something like that you would be using Cisco Secure Agent or similar as a host IDS or some form of network IDS.
F-Secure is in there because it uses the Kaspersky engine and another one as well for twice the resources. F-Secure - highest detection rate, 4x the resources of nod32 Kaspersky - highest detection rate bar F-Secure, less chance of false positives but, 2x resources of nod32 nod32 - Pretty damn good and fast
Most vendors seem to sit somewhere between Kaspersky and F-Secure for resources from many reviews I spent time reading about 12 months ago, and below nod32 for scanning ability from what I have read. Haven't seen any Vista based reviews but I am sure it hasn't changed too much.
And of the three only F-Secure supports NAC. I have used the F-Secure demo and I wouldn't buy it myself. If I needed enterprise with NAC support I'd look at either Panda, Trend or Sophos (McAfee if the others weren't decent for enterprise solutions) (sorry shameless Cisco plug:)
For home I would use nod32 if I had a Windows box of my own
Mum uses AVG cause ITS FREE:) I did delete her windows once and put debian on but she reinstalled windows herself heh
AllOfMp3.com is now illegal under new laws brought into effect on the 1st September in Russia. This was done to help Russia get USA approval to become part of the WTO. However Russia are now asking for other things regarding food exports or something in relation to USA, supossedly before enforcing these new copyright laws. So essentially AllOfMP3 was legal in Russia until 1st September this year.
The question is, when you bought your music from AllOfMP3 before 1st September 2006 where you as a buyer actually covered by Russian laws as your transaction was made in Russia or were you covered by your Countries laws you are physically situated in for that transaction. Perhaps both
It means nobody will be able to place backdoored files onto the mirrors and edit the md5 sum list without someone quickly noticing! Pity they already hacked the Debian core dev server and backdoored Debian further up the tree
Heh WHO KNOWS but at least apt secure is finally making it into the stable version. I am wondering if its only checking the Release.gpg or if the.deb packages will actually be signed as well
At least they notice they get hacked and release the information that this has happened. Unlike what any company driven distro would be doing.
Actually... Rather than assume anyone^H^H^H^H^H^Heveryone on slashdot has any brains when it comes to Securing SSH let me give you some tips I/Other people have
Can add restrictions to authorized_keys file from="hostipaddress",command="/usr/local/sbin/ssh_ command_allow_rsync",no-port-forwarding,no-X11-for warding,no-agent-forwarding,no-pty ssh-rsa AA...= backup_key
Securing sshd in/etc/ssh/sshd_config
Protocol 2
PermitRootLogin without-password
PasswordAuthentication no
ChallengeResponseAuthentication no
ClientAliveInterval 60
ClientAliveCountMax 30
The first line says to stop using the old, lower security ssh protocol-1.
The second line is a hedge that says never allow root logins using the unix password -- always use some other authentication.
The third line says don't allow skey authentication. It is a good idea to turn this off if you aren't using skey at this time. (Skey implements a series of non-reusable, one-time passwords. If you were using it you would know.)
The fourth and fifth lines simply make sure that any connection to a client that doesn't respond at least once each half hour gets closed. After editing the sshd file, restart sshd or reboot for the changes to take effect.
31-12-2004: new rate-limiting feature in -current. This would block hosts that exceed 10 connections per 60 seconds.
pass in on $ext_if proto tcp to $ext_if port ssh flags S/SA \
keep state (max-src-conn-rate 10/60, overload )
block in on $ext_if proto tcp from to $ext_if port ssh
Repeated here for your convenience: Ways around SSH Brute forcing (Score:1) by meridian (16189) on 11:06 AM July 17th, 2005 (#13084357) (http://www.thief.net/) There are esentially three ways to fix this problem. The first is to patch sshd which is probably the least preferable way as you would need to continually keep patching with each upgrade. But this seems effective allowing you to exec a system command such as iptables. http://ethernet.org/~brian/src/timelox/ [ethernet.org]
The second is to use iptables to limit connection attempts from an IP address. One problem with this is people who use scp alot may quickly rack up that connection limit. Here is a recent example from the iptables mailing list iptables -A INPUT -p tcp --dport 22 -s ! $My_Home_Firewall_IP -m state --state NEW -m recent --name SSH --set --rsource -j SSH_BF iptables -A SSH_BF -m recent ! --rcheck --seconds 60 --hitcount 3 --name SSH --rsource -j RETURN iptables -A SSH_BF -j LOG --log-prefix "SSH Brute Force Attempt: " iptables -A SSH_BF -p tcp -j DROP
The best in my opinion is a pam module found at http://www.kernel.org/pub/linux/libs/pam/modules.h tml [kernel.org] called pam_abl This does not have the problem of the IPTables method that may mistake multiple fast scps etc as an attack attempt, and will not require coninutal repatching of the kernel such as the timelox patches.
YES Thats correct you can use AgentForwarding.... If you are stupid enough to use agent forwarding to a host you don't trust or you would consider insecure ITS YOUR OWN STUPID FAULT IF YOU GET HACKED.
Now for the evil h4x0rz to use agent forwarding on the host you connect to to hack the machine you are coming in from requires quite a number of things to be done on your stupid behalf that sure wouldnt be enabled by default and you would almost need to set them up purposefully.
The only real danger with agent forwarding to an insucure host is that evil h4x0rz on that host can use your forwarded authentication agent to connect to boxes that are set up to both allow connections using that ssh-key AND allow tcp connections from any box that the evil h4x0rz have access to.
Aside from that it is only as insecure as establishing a telnet session to the box and having some buffer overflow occur back to the client due to poor code on the client side.
I am sure not about to stop using ssh for some "simpler" protocol like telnet but I will sure keep disabling AgentForwarding and any kind of portforwarding the hosts I dont trust and I ASSUME EVERYONE ELSE WILL CONTINUE TO DO THAT AS WELL.
Otherwise you might as well start posting your root passwords to slashdot which may or may not matter if you have locked your systems down correctly in the first place.
A seperate core would not be fighting for the cache as they both have their own seperate caches. Shared caches which should actually speed up eficiency will possible be added to the newer AMD chips due out Q2 next year but it has not been announced if they will or not.
It is possible on the intel chips that one process may chew up some of the available memory bandwidth from the CPU, but this is not an issue on AMDs as each core has their own 6.4G pipe to the memory controller while on intel each core shares the one single 6.4G pipe. The AMD memory controller is on the CPU while Intel have theres on a seperate chip.
Slashdot Mirror
Here is my tinfoil hat statement: Al Jazeera has become quite different over the last 24 months. I believe this is an attempt to start a media campain by big brother media to negate the rise in people reporting remote neural monitoring and synthetic telepathy cases which are meant to mimic the symptoms of psychosis. They are using Al Jazeera as "people trust al jazeera" to not be a puppet of big media which I now suspect they are.
http://www.mindjustice.org/
http://geeldon.wordpress.com/
http://en.wikipedia.org/wiki/Jared_Lee_Loughner
No shit.
Fear of our privacy? Privacy is gone already, for some unlucky few completely. Tried posting this up at http://www.infowars.com/beware-lone-wolves-in-aftermath-of-bin-laden-killing-advisory-says/ where a few others were mentioning they are aware of remote neural monitoring. Unfortunately it is real and affect more and more people.
The best description of what it is like I have found here: http://www.mindjustice.org/2003_survey.htm
Start from “Reported mind control symptoms and descriptions include”
I will paste snips below for your enjoyment (ones that I personal identify with strongly):
Victims are subjected to various kinds of harassment and torture, twenty-four hours a day, seven days a week, for years on end.
Sometimes victims describe seeing the images of projected holograms. Thoughts can be read. Most victims describe a phenomenon they call “street theater.”
Note: for me street theatre only happened at the start to make me convinced everyone knew I was this person like that dumb movie where everyone watches your life. Took me some time to figure out the truth.
Implanted thoughts and visions are common.
Note: this is only happening to me recently, but I find these easy to identify and they only happen when I am in bed at home (in a place easy for them to control my surroundings)
Microwave hearing, known to be an unclassified military capability of creating voices in the head, is regularly reported.
Wrenching of house/building structures cause loud snapping or crackling noises, often heard at precisely the point where a victim is starting to doze off to sleep.
Note: used to stop you getting sleep or wake you up to limit your sleep and the main mode of torment they use on you once you realise what is going on and can somewhat defend your self mentally from the other attacks
Victims regularly report many types of bizarre and harassive remote manipulation of electrical equipment, phone, car, TV, and computers.
Note: I’ve found it takes them around 2 weeks to make a new modified version of any electronics I buy that assist me in trying to prove they are doing this unless I carry them on me 24 hours a day (such as mp3 player to play soft music while i sleep and a second to record any strange noises)
Hard to believe I know. Consider that the technology you see mostly is what is cheap enough to be consumerable... and that the secret state is somewhere from 10 to 25 years ahead of "known" science in these fields...
I think it is possible that one of the first "brain hacking" technologies will actually be to do with the voicebox as this will likely be simpler than working out different peoples brain structures.
Everyones voicebox works essentially the same and when thinking words signals are sent to the voicebox that are the same as but not as strong as the sigtnals used to cause speech.
Nasa already have this working for astronauts for speechless communication in space. See here
I think technologies to be able to monitor human thought to be quite scarey and quite useful at the same time. A device that could be placed inside someones throat and self powered somehow may be a deffinate big brother style thing, but it would be great to see this used for good purposes such as monitoring what politicians think when creating laws in parliment.
It just depends on the application.
we would never expect the CIA to lie about leadership of countires that don't agree with USA Hegemony
Considering they are coming from an uninformed "I will believe the big company when it speaks" paradigm, you could come back with "Well, you may want to consider that Cisco Intrusion Detection Systems have been based on Linux for years and they have even started using Linux for the OS for thier Firewalls and new switches, as well as the Opensource Antivirus ClamAV as part of the Desktop security solution 'Cisco Security Agent'".... While the statements itself say nothing regarding the security of these products it certainly is attacking the mindset of the purchasing goons for your company with something they will relate to. Disclaimer: Yes I do work for Cisco.
I believe this is based on the Blue Pill attack (from the same person) which essentially is a hypervisor that mimics the underlying system to gain access to the encryption keys. The flaws in the attack are that it is complicated to fully mimic the underlying hardware in software, the main drawback being that the timings by the hardware would be out due to the software hypervisor layer and this may be detected by the underlying OS or software running underneath the hypervisor. However it may be possible to write a hypervisor that takes all things into account but this would be quite an extensive task. ie. it is quite complicated to do properly but fesible (from what I have read). Mimicing the underlying system and the software interface to this via a hypervisor would allow access to the encryption keys. The article says basically "this is first stage attack, will produce stage 2 when intel responds to this" so they obviously have not completed the extensive programming task to take all things into account. Intel have known about this issue for some time as I asked one of their lead engineers the question a few months back if Trusted Execution was known to be totally secure and he basically said that theoritically it could be broken and told me to google "blue pill".
Herpes can be passed to the child while it is still in the womb from the mother. This was reported on sciencedaily some time ago. I am too lazy to look for the link sorry.
My null hypothesis would be that the number of beers consumed does not inversely correlate to the lack of social life a scientist has
i knew i wasnt crazy the medication wasnt helping much!
I think it would be fun to use something like this on Polititians while they are in session writing laws. I wonder what they are really thinking about? How many audio streams of Polititians thoughts can we fit down a single cable connection?
These guys port scanned 36 million hosts connected to the Internet and published some of their findings. It makes for a very interesting read especially the bit about when their Japanese team gets hacked into during the scan after apparently annoying someone in China a little bit after scanning their subnet blocks. http://reactor-core.org/internet-audit.html
Incorrect time is a security problem. And by default Debian logs are in localtime not UTC. Incorrect log timestamps are a security issue.
Perhaps most humans like to believe that they will not die once they establish a concept of dying and therefore will themselves to believe that there is likely something beyond death to ease their fear of death? I know this sounds pretty far fetched but it is a posibility...
Sorry but I beg to differ. Firstly NAC is a framework not just the CTA agent. It is now part of Vista. Do you think MS would add a competing companies product/framwork client into their own OS if it was not already leading the way in its field. It is implemented in numerous Cisco products and has been integrated in to nearly every Antivirus product on the market, Kav and Nod32 being the only noteable exceptions at the moment that I'm aware of (and funnily enough probably the two best antivirus products at least in some peoples opinions).
The CTA agent for pre-vista windows is fully functional, free and has no issues other than configuration issues that I am aware of.
The idea of open sourcing would most likely be to allow the client support of other operating systems that currently have no support. There is currently a supported client for linux which as far as I am aware will continue to be supported.
Perhaps someone wants to write a client for less popular operating systems?
Its true that it doesn't ensure that the machine is not compromised and therefore the NAC framework can not ensure a host is not spoofing its nac posture, although they would require to have a valid certificate on the machine for the NAC/802.1x authentication to occur in the first place. However what it does do is ensure that when a new machine does enter the network it is not allowed onto the network in a vulnerable state and ensures that hosts already using the network stay updated quite effectively or do not gain network access outside a secured vlan.
In general it raises the bar significantly but is not an intrusion detection system. If you need something like that you would be using Cisco Secure Agent or similar as a host IDS or some form of network IDS.
F-Secure is in there because it uses the Kaspersky engine and another one as well for twice the resources.
:)
:) I did delete her windows once and put debian on but she reinstalled windows herself heh
F-Secure - highest detection rate, 4x the resources of nod32
Kaspersky - highest detection rate bar F-Secure, less chance of false positives but, 2x resources of nod32
nod32 - Pretty damn good and fast
Most vendors seem to sit somewhere between Kaspersky and F-Secure for resources from many reviews I spent time reading about 12 months ago, and below nod32 for scanning ability from what I have read. Haven't seen any Vista based reviews but I am sure it hasn't changed too much.
And of the three only F-Secure supports NAC. I have used the F-Secure demo and I wouldn't buy it myself. If I needed enterprise with NAC support I'd look at either Panda, Trend or Sophos (McAfee if the others weren't decent for enterprise solutions) (sorry shameless Cisco plug
For home I would use nod32 if I had a Windows box of my own
Mum uses AVG cause ITS FREE
AllOfMp3.com is now illegal under new laws brought into effect on the 1st September in Russia. This was done to help Russia get USA approval to become part of the WTO. However Russia are now asking for other things regarding food exports or something in relation to USA, supossedly before enforcing these new copyright laws. So essentially AllOfMP3 was legal in Russia until 1st September this year. The question is, when you bought your music from AllOfMP3 before 1st September 2006 where you as a buyer actually covered by Russian laws as your transaction was made in Russia or were you covered by your Countries laws you are physically situated in for that transaction. Perhaps both
It means nobody will be able to place backdoored files onto the mirrors and edit the md5 sum list without someone quickly noticing! Pity they already hacked the Debian core dev server and backdoored Debian further up the tree .deb packages will actually be signed as well
Heh WHO KNOWS but at least apt secure is finally making it into the stable version. I am wondering if its only checking the Release.gpg or if the
At least they notice they get hacked and release the information that this has happened. Unlike what any company driven distro would be doing.
www.spycatcheronline.co.uk My favorite is the bullet proof denim jacket
Actually...
_ command_allow_rsync",no-port-forwarding,no-X11-for warding,no-agent-forwarding,no-pty ssh-rsa AA...= backup_key
/etc/ssh/sshd_config
= 13084357
h tml [kernel.org] called pam_abl
Rather than assume anyone^H^H^H^H^H^Heveryone on slashdot has any brains when it comes to Securing SSH let me give you some tips I/Other people have
Restricted ssh shell for scp/sftp http://sublimation.org/scponly/
Patch to lock out IPs brute forcing passwords http://ethernet.org/~brian/src/timelox/
Can add restrictions to authorized_keys file
from="hostipaddress",command="/usr/local/sbin/ssh
Securing sshd in
Protocol 2
PermitRootLogin without-password
PasswordAuthentication no
ChallengeResponseAuthentication no
ClientAliveInterval 60
ClientAliveCountMax 30
The first line says to stop using the old, lower security ssh protocol-1.
The second line is a hedge that says never allow root logins using the unix password -- always use some other authentication.
The third line says don't allow skey authentication. It is a good idea to turn this off if you aren't using skey at this time. (Skey implements a series of non-reusable, one-time passwords. If you were using it you would know.)
The fourth and fifth lines simply make sure that any connection to a client that doesn't respond at least once each half hour gets closed. After editing the sshd file, restart sshd or reboot for the changes to take effect.
31-12-2004: new rate-limiting feature in -current. This would block hosts that exceed 10 connections per 60 seconds.
pass in on $ext_if proto tcp to $ext_if port ssh flags S/SA \
keep state (max-src-conn-rate 10/60, overload )
block in on $ext_if proto tcp from to $ext_if port ssh
Also my previous post to do with limiting user connections to SSH during the scarey SSH port scanning days of not so long ago...
http://it.slashdot.org/comments.pl?sid=156058&cid
Repeated here for your convenience:
Ways around SSH Brute forcing (Score:1)
by meridian (16189) on 11:06 AM July 17th, 2005 (#13084357)
(http://www.thief.net/)
There are esentially three ways to fix this problem.
The first is to patch sshd which is probably the least preferable way as you would need to continually keep patching with each upgrade. But this seems effective allowing you to exec a system command such as iptables.
http://ethernet.org/~brian/src/timelox/ [ethernet.org]
The second is to use iptables to limit connection attempts from an IP address. One problem with this is people who use scp alot may quickly rack up that connection limit.
Here is a recent example from the iptables mailing list
iptables -A INPUT -p tcp --dport 22 -s ! $My_Home_Firewall_IP -m state --state NEW -m recent --name SSH --set --rsource -j SSH_BF
iptables -A SSH_BF -m recent ! --rcheck --seconds 60 --hitcount 3 --name SSH --rsource -j RETURN
iptables -A SSH_BF -j LOG --log-prefix "SSH Brute Force Attempt: "
iptables -A SSH_BF -p tcp -j DROP
The best in my opinion is a pam module found at http://www.kernel.org/pub/linux/libs/pam/modules.
This does not have the problem of the IPTables method that may mistake multiple fast scps etc as an attack attempt, and will not require coninutal repatching of the kernel such as the timelox patches.
YES Thats correct you can use AgentForwarding.... If you are stupid enough to use agent forwarding to a host you don't trust or you would consider insecure ITS YOUR OWN STUPID FAULT IF YOU GET HACKED. Now for the evil h4x0rz to use agent forwarding on the host you connect to to hack the machine you are coming in from requires quite a number of things to be done on your stupid behalf that sure wouldnt be enabled by default and you would almost need to set them up purposefully. The only real danger with agent forwarding to an insucure host is that evil h4x0rz on that host can use your forwarded authentication agent to connect to boxes that are set up to both allow connections using that ssh-key AND allow tcp connections from any box that the evil h4x0rz have access to. Aside from that it is only as insecure as establishing a telnet session to the box and having some buffer overflow occur back to the client due to poor code on the client side. I am sure not about to stop using ssh for some "simpler" protocol like telnet but I will sure keep disabling AgentForwarding and any kind of portforwarding the hosts I dont trust and I ASSUME EVERYONE ELSE WILL CONTINUE TO DO THAT AS WELL. Otherwise you might as well start posting your root passwords to slashdot which may or may not matter if you have locked your systems down correctly in the first place.
Submitted this story 48 hours before this one was submitted but mine didnt make it up. I guess they just dont like me.
"Sorry I don't support that".
A seperate core would not be fighting for the cache as they both have their own seperate caches. Shared caches which should actually speed up eficiency will possible be added to the newer AMD chips due out Q2 next year but it has not been announced if they will or not. It is possible on the intel chips that one process may chew up some of the available memory bandwidth from the CPU, but this is not an issue on AMDs as each core has their own 6.4G pipe to the memory controller while on intel each core shares the one single 6.4G pipe. The AMD memory controller is on the CPU while Intel have theres on a seperate chip.