Who cares if it's a traditional cookie or a TCP command sent through some high port? The effect is what matters.
The owners of those behind firewalls for one. They have a completely broken router that randomly drops HTTP connections every 8 hours. Wonderful effect, isn't it?
Are you sure that any given router doesn't have overflow vulnerabilities?
The main point of the router is to route. I hope that functionality is seriously tested for vulnerabilities. Now, are they bothering to test something like this? After all, it's not important, it only turns off ads. Can't do anything with that, can you? Heck, you can't do something with something innocuous like playing media files, so why should you worry about disabling ad functionality?
The more crap you add, the higher the surface area for attack. Not something desirable in a router.
Like I asked before, do you get pissed off that Microsoft has set up IE to take you to the MSN homepage every time you start it?
Let's see, I don't use IE, so what do you think? These browsers are not redirecting other traffic, nor are they network hardware that has one set purpose.
No, it doesn't. It's a clearly defined interface that can do the equivalent of accept a cookie. Why would I get upset about that? Should I be afraid that some other website might also try to turn off the every-8-hour routing behavior?
Are you sure that's the interface? You have the full documentation? I've seen mentioned that the resetting isn't effective if you are behind a firewall. Does that sound like a cookie to you?
Are you sure the mechanism, whatever it is, doesn't have buffer overflow vulnerabilities?
Ever heard of "innocent until proven guilty"?
They had their innocence until they pulled this stunt. I have no reason to believe they aren't repeat offenders, and the way they are trying to squirm out of it doesn't sound like they have the ethics to *NOT* put something in.
When I first saw this story sensationalized on Slashdot, I was pretty damned pissed off. Then I read the real story. All that it took to stop the undesired behavior was clicking the button labelled "No thanks" and it would never happen again. Alternatively, should you be averse to pushing a "No thanks" button, a single checkbox in the web-based configuration would disable it.
So let me get this straight - a website on the WAN side of your router can change router configurations. And this doesn't bother you?
I'm not saying that I like what they did, but it's hardly like they installed sypware in the router
There's a userContent.css for Moz that does something very similar. Loads the images, but shows them at 90% transparency. If you mouseover, they become opaque so you can see it.
Assuming of course, you couldn't hijack a bluetooth device with some security hole and turn it into a broadcaster. Then you have wandering transmitters.
Require a security deposit for opening egress port 25. If spam is being sent, the deposit is forfeit (and port 25 is closed again). This could help fighting hit-and-run spammers creating accounts with stolen CC numbers or some other fraudulent way.
How does this help with accounts opened with stolen CC numbers? They already used it once to open the account, why do they care if they lose a security deposit from it?
By this argument, none of these vulnerabilities should be held against Microsoft since none of them affect the Windows kernel (kernel32.dll).
But those haven't been claimed IN A COURT OF LAW to be part of the OS. If there's a flaw in something MS claims is part of the OS, then, they take the bad with the good and get it docked against the OS.
Not to mention, I haven't seen Microsoft include a WEBSERVER in the kernel space yet.
OK, but what does this have to do with whether or not you have source code?
Nothing. It has to do with this statement: It is not mathematically possible to secure the client-server model of multiplayer gaming against cheating. You do not have control over the client, no matter what you do, so some form of cheating will always be possible.
No, it's not. Poker is transactional. If there is a second or two delay from bid or revealing of the cards as the server does validation, people won't notice. A second or two delay as to whether or not the server validates you actually have and can fire that weapon you're carrying and doing the same as you empty the clip of 200 is rather detrimental.
Lexmark is the plaintiff in a case where they are using the DMCA.
They were a defendent in this one, and patents were succesfully used as a defense. The defendent in the DMCA case was one of the plaintiffs in this one.
If you have permissions sufficient to effectively fake a logon prompt, you have the permissions to subvert the existing one provided by GINA. Smaller code and you automatically gain any changes to the dialog made locally or by OS changes.
Slashdot Mirror
And Me. XP is the first "consumer" OS that MS has produced without DOS underpinnings
Who cares if it's a traditional cookie or a TCP command sent through some high port? The effect is what matters.
The owners of those behind firewalls for one. They have a completely broken router that randomly drops HTTP connections every 8 hours. Wonderful effect, isn't it?
Are you sure that any given router doesn't have overflow vulnerabilities?
The main point of the router is to route. I hope that functionality is seriously tested for vulnerabilities. Now, are they bothering to test something like this? After all, it's not important, it only turns off ads. Can't do anything with that, can you? Heck, you can't do something with something innocuous like playing media files, so why should you worry about disabling ad functionality?
The more crap you add, the higher the surface area for attack. Not something desirable in a router.
Like I asked before, do you get pissed off that Microsoft has set up IE to take you to the MSN homepage every time you start it?
Let's see, I don't use IE, so what do you think? These browsers are not redirecting other traffic, nor are they network hardware that has one set purpose.
No, it doesn't. It's a clearly defined interface that can do the equivalent of accept a cookie. Why would I get upset about that? Should I be afraid that some other website might also try to turn off the every-8-hour routing behavior?
Are you sure that's the interface? You have the full documentation? I've seen mentioned that the resetting isn't effective if you are behind a firewall. Does that sound like a cookie to you?
Are you sure the mechanism, whatever it is, doesn't have buffer overflow vulnerabilities?
Ever heard of "innocent until proven guilty"?
They had their innocence until they pulled this stunt. I have no reason to believe they aren't repeat offenders, and the way they are trying to squirm out of it doesn't sound like they have the ethics to *NOT* put something in.
When I first saw this story sensationalized on Slashdot, I was pretty damned pissed off. Then I read the real story. All that it took to stop the undesired behavior was clicking the button labelled "No thanks" and it would never happen again. Alternatively, should you be averse to pushing a "No thanks" button, a single checkbox in the web-based configuration would disable it.
So let me get this straight - a website on the WAN side of your router can change router configurations. And this doesn't bother you?
I'm not saying that I like what they did, but it's hardly like they installed sypware in the router
Prove it. You have the source code?
Worse is when you run info and get the exact same text as on the man page, up to and including "use info"
There's a userContent.css for Moz that does something very similar. Loads the images, but shows them at 90% transparency. If you mouseover, they become opaque so you can see it.
Assuming of course, you couldn't hijack a bluetooth device with some security hole and turn it into a broadcaster. Then you have wandering transmitters.
Require a security deposit for opening egress port 25. If spam is being sent, the deposit is forfeit (and port 25 is closed again). This could help fighting hit-and-run spammers creating accounts with stolen CC numbers or some other fraudulent way.
How does this help with accounts opened with stolen CC numbers? They already used it once to open the account, why do they care if they lose a security deposit from it?
I heard 31% the other day
And that DB is filled how? DNS doesn't have the records for outgoing.
If you already have the addresses, you don't need to do any of the automatic stuff, IT'S ALREADY DONE!
And exactly how do you propose connecting the inbound and outbound mail servers? They don't have to be the same box and are frequently *NOT*
By this argument, none of these vulnerabilities should be held against Microsoft since none of them affect the Windows kernel (kernel32.dll).
But those haven't been claimed IN A COURT OF LAW to be part of the OS. If there's a flaw in something MS claims is part of the OS, then, they take the bad with the good and get it docked against the OS.
Not to mention, I haven't seen Microsoft include a WEBSERVER in the kernel space yet.
And, yes, IIS runs partly in kernel with IIS 6.0 on Win 2003
But, it's illegal for telemarketers to call my cell!
Read closely. No, it's not. If they decide to actually dial the phone, they can call.
Becuase /. ain't the government.
OK, but what does this have to do with whether or not you have source code?
Nothing. It has to do with this statement:
It is not mathematically possible to secure the client-server model of multiplayer gaming against cheating. You do not have control over the client, no matter what you do, so some form of cheating will always be possible.
No, it's not. Poker is transactional. If there is a second or two delay from bid or revealing of the cards as the server does validation, people won't notice. A second or two delay as to whether or not the server validates you actually have and can fire that weapon you're carrying and doing the same as you empty the clip of 200 is rather detrimental.
Assuming of course, that the cvs (or SourceSafe) server itself wasn't compromised as well.
How do you know there weren't any modifications?
Now add the requirements of real time, scalable to many players, and playable on existing hardware.
Not so simple a problem as poker now, is it?
And VMWare doesn't emulate 3D hardware worth crap. How is a cutting edge 3D game supposed to be developed with that?
Very correct. AND THAT'S NOT THIS CASE.
Lexmark is the plaintiff in a case where they are using the DMCA.
They were a defendent in this one, and patents were succesfully used as a defense. The defendent in the DMCA case was one of the plaintiffs in this one.
Kindly point me to the portion of the DMCA that mentions patents. Thanks.
Wrong case. This isn't the DMCA one. RTFA
You lack any sense of style.
If you have permissions sufficient to effectively fake a logon prompt, you have the permissions to subvert the existing one provided by GINA. Smaller code and you automatically gain any changes to the dialog made locally or by OS changes.
Switch? I always used a paper clip.