granted that I think sysinternals makes good stuff but the root kit revealer is not digitally signed and is not distributed even by SSL/TLS. Perhaps the machine I have contacted is sending me a root kit instead.
Both Kermit 95 and the Hamilton C Shell were sold for the NT4 on the PowerPC. If you want to re-install NT4 on the Power PC I would be willing to give you a power pc build of Kermit 95.
I doubt there are any Windows viruses which will run on the NT4 PowerPC edition.
I would be interested in finding out about hacks to the WRT55AG as well. In my building there are so many apartments with 802.11b networks and cordless phones in the same frequency range that at times it is hardly usable. No one has 802.11a yet so I am hoping to jump to a quieter frequency range.
How much different is the firmware between the two boxes?
Perhaps the hacks to the WRT55G can be applied to the WRT55AG without too much difficulty.
I remember when I was a kid. The NY Times sometime after the original release of Episode IV as "Star Wars" printed in the Sunday Arts and Leisure section a summary of all nine episodes. I have never been able to find it since. Does anyone else remember this or have a copy?
Sometimes there is no other choice. The issue in question was related to the use of Kerberos 4 in cross-realm situations. This was not a question of simply issuing a patch. The hole is in a protocol. The only way you can protect yourself is to turn the service off. The problem is that in order for the operating system vendors to be able to turn off Kerberos 4 they must also update all AFS distributions and every other service that relies on Kerberos 4 tickets. This is not a fix that can be applied in a day or even a week or a month. Since there was no obvious evidence that this problem which has been around for ten years had been known to anyone other than the MIT Kerberos team, there really did not appear to be any rush to get this fixed overnight and in turn cause more problems.
By releasing this disclosure prematurely, hack4life caused several severe problems. (1) the fixes are not ready yet for deployment; (2) the posting included not only the advisory but also a paper that described how to perform the attack in enough detail that it could easily be implemented by someone in a day; (3) it forced the shutdown of the cross-realm trust relationships between Universities sharing AFS and Zephyr; (4) now vendors must rush to issue patches and implement a transition strategy that will not be easy to swallow for many organizations.
The Telnet protocol provides options for strong authentication and encryption. Telnet authentication can be performed with Kerberos, Secure Remote Password, X.509 certificates,... Privacy and integrity protection is provided by TLS. The same is true for FTP. The problem is not the protocol but the lack of secure implementations in the distributions of most operating systems. In the same way that you must install SSH and other secure clients and daemons, you must install secure versions of Telnet and FTP.
Slashdot Mirror
granted that I think sysinternals makes good stuff but the root kit revealer is not digitally signed and is not distributed even by SSL/TLS. Perhaps the machine I have contacted is sending me a root kit instead.
Both Kermit 95 and the Hamilton C Shell were sold for the NT4 on the PowerPC. If you want to re-install NT4 on the Power PC I would be willing to give you a power pc build of Kermit 95.
I doubt there are any Windows viruses which will run on the NT4 PowerPC edition.
I would be interested in finding out about hacks to the WRT55AG as well. In my building there are so many apartments with 802.11b networks and cordless phones in the same frequency range that at times it is hardly usable. No one has 802.11a yet so I am hoping to jump to a quieter frequency range.
How much different is the firmware between the two boxes?
Perhaps the hacks to the WRT55G can be applied to the WRT55AG without too much difficulty.
I remember when I was a kid. The NY Times sometime after the original release of Episode IV as "Star Wars" printed in the Sunday Arts and Leisure section a summary of all nine episodes. I have never been able to find it since. Does anyone else remember this or have a copy?
Sometimes there is no other choice. The issue in question was related to the use of Kerberos 4 in cross-realm situations. This was not a question of simply issuing a patch. The hole is in a protocol. The only way you can protect yourself is to turn the service off. The problem is that in order for the operating system vendors to be able to turn off Kerberos 4 they must also update all AFS distributions and every other service that relies on Kerberos 4 tickets. This is not a fix that can be applied in a day or even a week or a month. Since there was no obvious evidence that this problem which has been around for ten years had been known to anyone other than the MIT Kerberos team, there really did not appear to be any rush to get this fixed overnight and in turn cause more problems.
By releasing this disclosure prematurely, hack4life caused several severe problems. (1) the fixes are not ready yet for deployment; (2) the posting included not only the advisory but also a paper that described how to perform the attack in enough detail that it could easily be implemented by someone in a day; (3) it forced the shutdown of the cross-realm trust relationships between Universities sharing AFS and Zephyr; (4) now vendors must rush to issue patches and implement a transition strategy that will not be easy to swallow for many organizations.
hack4life has not done anyone any favors
Kermit 95 from Columbia University is not vulnerable either.
The Telnet protocol provides options for strong authentication and encryption. Telnet authentication can be performed with Kerberos, Secure Remote Password, X.509 certificates, ... Privacy and integrity protection is provided by TLS. The same is true for FTP. The problem is not the protocol but the lack of secure implementations in the distributions of most operating systems. In the same way that you must install SSH and other secure clients and daemons, you must install secure versions of Telnet and FTP.