Windows user open an unknown file from an untrusted source, it turns out to be destructive, and it blows away his data. Conclusion - Microsoft is at fault.
More like Windows user goes to a web site which exploit one of many known exploits of IE, installs kiddy porn and e-mails pederass@fbi.gov with your IP address, name and whatever personal info it can find in your cache.
Why? Because that machine is behind a $50 firewall. You cannot reach it from the outside world.
Running an unpatched machine is not a problem if you take the right precautions. After all, if you've got a moat full of alligators, sometimes it'd be alright to leave the door onlocked.
Good for you.
Most people I know have a $50 firewall, yet still get viruses and worms when unpatched. Why, because they're idiiots yes. That and laptop's with wireless. They insist on connecting to any/every wireless access point available. When they take it home, boom viruses everywhere.
And the outside world can most definately reach you, you just have to initiate the connection.
Of course, "pirates" like my mom wouldn't switch to Linux anyway. Obviously, these pirates have the option to use Linux legally, or steal Windows, and they've chosen the latter. If you're willing to commit a crime rather than use Linux, you're not going to switch just because you can't install a service pack.
You forget all the vulnerabilities and issues with using unpatched Windows over the net. If your computer is unusable most of the time, it's likely that someone would switch to something else.
Are you suggesting the proper thing to do is to wait until something bad happens? Or to investigate completely in secret so as not to hurt the feelings of the principal person involved?
Agreed! The constitution does not guarantee you the right to not have your feelings hurt.
He agreed to meet with them, he has not been arrested or lost any of his rights.
If you want information that could be used in an extremely bad way, be prepared to be harrassed about getting that information. If he is in fact a terrorist and blew up a bunch of people, I am sure many of the same people who are all up in arms about the investigation would be pissed at the FBI . I mean shit, he made the request for the information IN THE OPEN!
With these asshat's, you're fucked if you do and fucked if you don't...
- Burn them at low speed (the lowest my current burner allows with my SW is 8x)
This is actually false, at least pertaining to newer faster drives. The new drives are less accurate when writing at low speeds, because they are built with the assumption that people will burn at the highest speed available to them. Thus burning at slower speeds actually degrades the accuracy of the burn, which may result in sooner than normal data loss.
LOok at the history of these exploits: blaster, sasser, more I can't even remember anymore. In each and every case the worms that attacked came out AFTER Microsoft released a patch.
So? The worm was released after the patch. Doesn't mean that he wasn't working on the worm before the patch was released, but was beaten to market by Microsoft.
It also doesn't mean that there isn't some guy with an exploit that isn't a worm selectively targetting machines to get into specific machines. Sure the worm was released after the patch, but the exploit code itself (in non-worm form) may not have been.
The reason the virii/worms did so much damage was that too many people did not patch their systems when the patches were released.
So? Are you suggesting that people blindly patch systems because the vendor said so? There have been bugs that have killed MS's TCP/IP stack, Wireless Access, Lotus Notes, and so on. Large Corp's are paranoid about Microsoft just as much as they are about the hackers, and that's a sad but true phenomenon. Home users however fall into 4 groups:
1) Don't care 2) On dialup, takes forever to download 3) Don't know how 4) Patches are installed
Whether it was the documentation or reverse engineering of the patch that gave the worm authors the information they needed to write their worms is up for speculation.
Any evidence? That's a pretty bold statement, with no backup evidence. Just because the patch came out before does not mean that the patch was used to make the exploit.
And FWIW, The Sasser worm seems to ONLY exist because MS fixed an exploit in lsass then immediately documented exactly why it happened, where it happened, and basically how to exploit it.
I call bullshit, prove me wrong! How do you know that the person who created the worm didn't have access to this exploit before? Microsoft didn't find that exploit, a third party did, and without the source. What makes you think that only the third party and Microsoft knew about this.
There have been a great many bugs that I have seen personally, being exploited on IRC months before Microsoft fixed it. Besides even if the worm writer did find out throught he description, it doesn't mean that the descriptions should be removed! The descriptions are there for a reason, if a patch changed a bunch of stuff without saying what it was going to change, I'd be worried as a sysadmin as to whether i'd be able to recover something if it broke. If something goes wacky on a wireless card wpa fix, and your wireless card no longer works you can probably deduce that the patch probably broke your hardware by looking up the last few things that touched anything having ot do with wireless.
What's wrong with just saying, "We fixed an exploit discovered by someone at some company in this component of the operating system." ? Need bugfixes also give information on exactly how to reproduce the bug? Open the farthest right menu so it becomes sticky, move the mouse to the right of that menu in the menu bar (the menu will close), press the right arrow key on the keyboard.
Ah so you realize that most exploits or problems are actually discovered by a third party before Microsoft. Isn't that weird, considering that MS is the only one with the source?? That should be throwing up red flags to everyone, I mean most exploitable bugs are found by the maintainers of the packages in the open source world, the people who know the code most intimately. I wonder why the same doesn't hold true for Microsoft. Security through obscurity doesn't work, obviously. Why try to apply further obscurity by not providing relevant info to the sysadmins...
You are one stupid motherfucker. My point is that it is possible to transfer files via UDP (which has less overhead than tcp) and still get a file from point a to point b in tact. Read the fucking parent post bitch.
So, you put error checking into UDP. Hmmm what could we call that???
I would call that eDonkey, or tftp or a slew of other protocols that can transfer data via udp and still ensure that the data is in tact.
You are the biggest fuckhead ever to post on slashdot. This is a post I am going to print out on the printer at work and show people, so they can laugh at you as well. You are a super-duper fucking moron. I'm still laughing.
You have got to be one of the many MCSE's out there, probably just passed your Networking test a few days ago too huh....
Go read about TFTP. Its designed for small file transfers between hosts on a network (think same subnet). Cisco uses it primarily for you to flash the firmware of your Cisco product like a router or switch, if you cant hook up a serial cable that is. tftp is lightweight compared to regular ftp in that there is less functionality and what not. Its much smaller because it has to fit in a very small amount of memory. They transfer it udp because its simple and less overhead.
My point was that tftp can transfer files via udp and re-arrange them without scrambling the file which is what the parent poster had stated was not doable over udp.
If you changed UDP to have error correction, you basically reinvent TCP.
There are other things that TCP has that UDP doesn't such as actually establishing a connection.
TCP may have error correction and everything built in but it can also be done in UDP.
On top of UDP.
Correct, I thought that was implied.
Do you think Cisco (you know that small networking startup in San Jose) would use tftp instead of regular ftp if there wasn't a way to transfer using udp without the file being scrambled.
I don't follow you here.. TFTP is not UDP. The parent claimed (correctly) that UDP is only best-effort. He did not claim that it is impossible to design a protocol running on top of UDP that implements error correction et.al.
TFTP is a protocol that runs over UDP. Just pointing to the fact that it is possible to transfer files without scrambling a file via UDP.
In fact the transfer mode for a few p2p protocol's use udp to blast out data as fast as possible such as eDonkey.
Bullshit. TCP may have error correction and everything built in but it can also be done in UDP. Do you think Cisco (you know that small networking startup in San Jose) would use tftp instead of regular ftp if there wasn't a way to transfer using udp without the file being scrambled.
Yeah, I got that. But that has nothing to do with security and everything to do with control. That was my point in posting.
The last two attempts to secure cd's by the RIAA led everyone to start holding the shift key when inserting cd's and a spurt in the purchase of magic markers by pirates.
When will they get a clue from the MPAA and stop wasting tons of money on stupid shit? The MPAA is evil incarnate like the RIAA, but they have yet to sue a single downloader and have even dropped Macrovision on a few DVD's because it's too expensive and easily defeated (ALA Harry Potter DVD's).
I'm sure the MPAA is cookin up new ways, but they all rely on a new format to pick up where DVD as we know it ends. What they need to learn is that there are really two problems with the music industry as it stands:
1) Price! We know how much it costs to burn a cd, we all have CD burners. There is no reason why the soundtrack to a movie should cost more than the movie on DVD!! I can't stress this enough, the RIAA promised 5 dollar cd's when they first released cd's and never came close to delivering.
2) Stop releasing crap. No I will not buy Puff Daddy's remix of Kung Fu Fighting! No I will not buy Britney Spears.... Shit I'm tired of the same crap being released over and over and over again....
To quote a PHB, the RIAA needs to concentrate on it's core synergies inorder to survive piratepalooza. Otherwise they will be made irrelevant by the likes of iTunes and others like that. How long till a daring known artist releases on iTunes only and asks for the same cut Apple gives to the RIAA? Bet they'll make a hell of a lot more than they would from a record company, bet it catches on shortly after the success of the first.
There are a great many sites online dedicated to providing quality stuff for cheap. Among the top are felloffatruck.com and fivefingerdiscount.com. Those have everything for over half off.
I'd suggest visiting the underground areas of your city too! Just remember, always ask to look at anything before you buy and never buy a box without opening it. Through careful examination of the equipment, you can get really good deals for really good equipment, even equipment that isn't completely legal such as cable tv descramblers.
but that's not the point, the RIAA wants to distribute digital audio securely over the internet. The originals will be in this Super-MP3 format instead of on CDs.
If you want to transfer data securely over the internet, why not use SSL or a VPN of some sort. I don't see what security has to do with the transfer of a song over the internet though....
Of course, if you add enough third party software, DOS can do a fair amount. But then, you open yourself to attack, etc. Then it isn't all that secure.
To be honest, a default OpenBSD install doesn't even include a graphical text editor. DOS at least has EDIT.COM, functionality wise I would say OpenBSD edges DOS out just because of networking capabilities though....
I think Fedora is not an option for former RH users who do not want to go with RH "enterprise" products. Debian is.
Fedora-Legacy has a triple tap policy on Fedora Core releases. They are stating that updates will continue for FC1 until FC4 is released. That's not too bad, almost two and a half years of use.
Also there are always RHEL Rebuilds like Tao or WhiteBox. Those are free, and work just as well as RH Enterprise.
Slashdot Mirror
Or you can go to this link and it will explain the process of integrating sp2, hotfixes, drivers, and apps you may want all onto one cd or dvd.
I prefer this to using ghost which may or may not work on different machines and does clean installs of everything.
Windows user open an unknown file from an untrusted source, it turns out to be destructive, and it blows away his data.
Conclusion - Microsoft is at fault.
More like Windows user goes to a web site which exploit one of many known exploits of IE, installs kiddy porn and e-mails pederass@fbi.gov with your IP address, name and whatever personal info it can find in your cache.
To quote South Park:
Dey took are juubbs....
Why? Because that machine is behind a $50 firewall. You cannot reach it from the outside world.
Running an unpatched machine is not a problem if you take the right precautions. After all, if you've got a moat full of alligators, sometimes it'd be alright to leave the door onlocked.
Good for you.
Most people I know have a $50 firewall, yet still get viruses and worms when unpatched. Why, because they're idiiots yes. That and laptop's with wireless. They insist on connecting to any/every wireless access point available. When they take it home, boom viruses everywhere.
And the outside world can most definately reach you, you just have to initiate the connection.
Of course, "pirates" like my mom wouldn't switch to Linux anyway. Obviously, these pirates have the option to use Linux legally, or steal Windows, and they've chosen the latter. If you're willing to commit a crime rather than use Linux, you're not going to switch just because you can't install a service pack.
You forget all the vulnerabilities and issues with using unpatched Windows over the net. If your computer is unusable most of the time, it's likely that someone would switch to something else.
Are you suggesting the proper thing to do is to wait until something bad happens? Or to investigate completely in secret so as not to hurt the feelings of the principal person involved?
Agreed! The constitution does not guarantee you the right to not have your feelings hurt.
He agreed to meet with them, he has not been arrested or lost any of his rights.
If you want information that could be used in an extremely bad way, be prepared to be harrassed about getting that information. If he is in fact a terrorist and blew up a bunch of people, I am sure many of the same people who are all up in arms about the investigation would be pissed at the FBI . I mean shit, he made the request for the information IN THE OPEN!
With these asshat's, you're fucked if you do and fucked if you don't...
Yes, but the license has a cash value of 1/20th of one cent. A pristine copy will cost you $17.99 minus 1/20th of one cent.
If that were true, than the unlicensed KaZaa users that were sued shouldn't have to pay more than 1 penny for every twenty songs.
All those suggestions are good except this one:
- Burn them at low speed (the lowest my current burner allows with my SW is 8x)
This is actually false, at least pertaining to newer faster drives. The new drives are less accurate when writing at low speeds, because they are built with the assumption that people will burn at the highest speed available to them. Thus burning at slower speeds actually degrades the accuracy of the burn, which may result in sooner than normal data loss.
However all the rest are right on the money.
LOok at the history of these exploits: blaster, sasser, more I can't even remember anymore. In each and every case the worms that attacked came out AFTER Microsoft released a patch.
So? The worm was released after the patch. Doesn't mean that he wasn't working on the worm before the patch was released, but was beaten to market by Microsoft.
It also doesn't mean that there isn't some guy with an exploit that isn't a worm selectively targetting machines to get into specific machines. Sure the worm was released after the patch, but the exploit code itself (in non-worm form) may not have been.
The reason the virii/worms did so much damage was that too many people did not patch their systems when the patches were released.
So? Are you suggesting that people blindly patch systems because the vendor said so? There have been bugs that have killed MS's TCP/IP stack, Wireless Access, Lotus Notes, and so on. Large Corp's are paranoid about Microsoft just as much as they are about the hackers, and that's a sad but true phenomenon. Home users however fall into 4 groups:
1) Don't care
2) On dialup, takes forever to download
3) Don't know how
4) Patches are installed
Whether it was the documentation or reverse engineering of the patch that gave the worm authors the information they needed to write their worms is up for speculation.
Any evidence? That's a pretty bold statement, with no backup evidence. Just because the patch came out before does not mean that the patch was used to make the exploit.
And FWIW, The Sasser worm seems to ONLY exist because MS fixed an exploit in lsass then immediately documented exactly why it happened, where it happened, and basically how to exploit it.
I call bullshit, prove me wrong! How do you know that the person who created the worm didn't have access to this exploit before? Microsoft didn't find that exploit, a third party did, and without the source. What makes you think that only the third party and Microsoft knew about this.
There have been a great many bugs that I have seen personally, being exploited on IRC months before Microsoft fixed it. Besides even if the worm writer did find out throught he description, it doesn't mean that the descriptions should be removed! The descriptions are there for a reason, if a patch changed a bunch of stuff without saying what it was going to change, I'd be worried as a sysadmin as to whether i'd be able to recover something if it broke. If something goes wacky on a wireless card wpa fix, and your wireless card no longer works you can probably deduce that the patch probably broke your hardware by looking up the last few things that touched anything having ot do with wireless.
What's wrong with just saying, "We fixed an exploit discovered by someone at some company in this component of the operating system." ? Need bugfixes also give information on exactly how to reproduce the bug? Open the farthest right menu so it becomes sticky, move the mouse to the right of that menu in the menu bar (the menu will close), press the right arrow key on the keyboard.
Ah so you realize that most exploits or problems are actually discovered by a third party before Microsoft. Isn't that weird, considering that MS is the only one with the source?? That should be throwing up red flags to everyone, I mean most exploitable bugs are found by the maintainers of the packages in the open source world, the people who know the code most intimately. I wonder why the same doesn't hold true for Microsoft. Security through obscurity doesn't work, obviously. Why try to apply further obscurity by not providing relevant info to the sysadmins...
I'm not trolling. I stated that this was the recommended server requirements. Hell that's what the Subject says.
I was pointing to the fact that there is no such thing as a 10/200 BaseT nic.
Recommended (Minimum) Configuration
* 2 Ghz Intel Compatible processor or better
* 1GB of RAM
* 160 GB hard drive
* 10/200 Base-T Ethernet network interface
Wonder what a 200BaseT nic is... Can't say I've ever seen this before.
You are one stupid motherfucker. My point is that it is possible to transfer files via UDP (which has less overhead than tcp) and still get a file from point a to point b in tact. Read the fucking parent post bitch.
So, you put error checking into UDP.
Hmmm what could we call that???
I would call that eDonkey, or tftp or a slew of other protocols that can transfer data via udp and still ensure that the data is in tact.
You are the biggest fuckhead ever to post on slashdot. This is a post I am going to print out on the printer at work and show people, so they can laugh at you as well. You are a super-duper fucking moron. I'm still laughing.
You have got to be one of the many MCSE's out there, probably just passed your Networking test a few days ago too huh....
Go read about TFTP. Its designed for small file transfers between hosts on a network (think same subnet). Cisco uses it primarily for you to flash the firmware of your Cisco product like a router or switch, if you cant hook up a serial cable that is. tftp is lightweight compared to regular ftp in that there is less functionality and what not. Its much smaller because it has to fit in a very small amount of memory. They transfer it udp because its simple and less overhead.
My point was that tftp can transfer files via udp and re-arrange them without scrambling the file which is what the parent poster had stated was not doable over udp.
If you changed UDP to have error correction, you basically reinvent TCP.
There are other things that TCP has that UDP doesn't such as actually establishing a connection.
TCP may have error correction and everything built in but it can also be done in UDP.
On top of UDP.
Correct, I thought that was implied.
Do you think Cisco (you know that small networking startup in San Jose) would use tftp instead of regular ftp if there wasn't a way to transfer using udp without the file being scrambled.
I don't follow you here.. TFTP is not UDP. The parent claimed (correctly) that UDP is only best-effort. He did not claim that it is impossible to design a protocol running on top of UDP that implements error correction et.al.
TFTP is a protocol that runs over UDP. Just pointing to the fact that it is possible to transfer files without scrambling a file via UDP.
In fact the transfer mode for a few p2p protocol's use udp to blast out data as fast as possible such as eDonkey.
Of course you can build error correction and recovery into UDP. At which point you have reinvented TCP. Congratulations.
Not quite, TCP still has other properties that UDP does not. Such as actually establishing a connection.
Bullshit. TCP may have error correction and everything built in but it can also be done in UDP. Do you think Cisco (you know that small networking startup in San Jose) would use tftp instead of regular ftp if there wasn't a way to transfer using udp without the file being scrambled.
Theres no way you're gonna get 840gigs of Necrophilia porn on the internet. Must have been home made....
Yeah, I got that. But that has nothing to do with security and everything to do with control. That was my point in posting.
The last two attempts to secure cd's by the RIAA led everyone to start holding the shift key when inserting cd's and a spurt in the purchase of magic markers by pirates.
When will they get a clue from the MPAA and stop wasting tons of money on stupid shit? The MPAA is evil incarnate like the RIAA, but they have yet to sue a single downloader and have even dropped Macrovision on a few DVD's because it's too expensive and easily defeated (ALA Harry Potter DVD's).
I'm sure the MPAA is cookin up new ways, but they all rely on a new format to pick up where DVD as we know it ends. What they need to learn is that there are really two problems with the music industry as it stands:
1) Price! We know how much it costs to burn a cd, we all have CD burners. There is no reason why the soundtrack to a movie should cost more than the movie on DVD!! I can't stress this enough, the RIAA promised 5 dollar cd's when they first released cd's and never came close to delivering.
2) Stop releasing crap. No I will not buy Puff Daddy's remix of Kung Fu Fighting! No I will not buy Britney Spears.... Shit I'm tired of the same crap being released over and over and over again....
To quote a PHB, the RIAA needs to concentrate on it's core synergies inorder to survive piratepalooza. Otherwise they will be made irrelevant by the likes of iTunes and others like that. How long till a daring known artist releases on iTunes only and asks for the same cut Apple gives to the RIAA? Bet they'll make a hell of a lot more than they would from a record company, bet it catches on shortly after the success of the first.
There are a great many sites online dedicated to providing quality stuff for cheap. Among the top are felloffatruck.com and fivefingerdiscount.com. Those have everything for over half off.
I'd suggest visiting the underground areas of your city too! Just remember, always ask to look at anything before you buy and never buy a box without opening it. Through careful examination of the equipment, you can get really good deals for really good equipment, even equipment that isn't completely legal such as cable tv descramblers.
but that's not the point, the RIAA wants to distribute digital audio securely over the internet. The originals will be in this Super-MP3 format instead of on CDs.
If you want to transfer data securely over the internet, why not use SSL or a VPN of some sort. I don't see what security has to do with the transfer of a song over the internet though....
We already know they have enough servers to saturate a T1000 line so might as well stop here and talk about something more constructive.
How in the hell does a present day search engine saturate a fictional liquid metal robot from the future???
MS-DOS: 0 Remote anything in over 20 years
Of course, if you add enough third party software, DOS can do a fair amount. But then, you open yourself to attack, etc. Then it isn't all that secure.
To be honest, a default OpenBSD install doesn't even include a graphical text editor. DOS at least has EDIT.COM, functionality wise I would say OpenBSD edges DOS out just because of networking capabilities though....
I think Fedora is not an option for former RH users who do not want to go with RH "enterprise" products. Debian is.
Fedora-Legacy has a triple tap policy on Fedora Core releases. They are stating that updates will continue for FC1 until FC4 is released. That's not too bad, almost two and a half years of use.
Also there are always RHEL Rebuilds like Tao or WhiteBox. Those are free, and work just as well as RH Enterprise.