What additional security measures can be taken to thwart script kiddies like this guy? Is MAC address filtering + WEP/WPA encryption (or one of those) sufficient security. At this point I want to shut the fucking WiFi off, but there are others in the household who wouldn't go for that.
Well, if he was an uber skilled script kiddie, he could just spoof one of the allowed IP's which isn't hard to do at all considering 'script-kiddies' have been hacking into government affiliates as of late...:) got something to hide?
The other day, after reading yet another news story about the censorship moves in Australia and more PROTECT IP stuff, I decided that it was time to try out configuring Privoxy to forward everything via SOCKS5 to Tor. I was expecting a much bigger performance hit than I actual did, though, which was a pleasant surprise. Sure, its annoying having to enter CAPTCHA tags for Google all the time, but that's really not that big of a hassle. For the less technical people, Vidalia + the Tor Button for Firefox are pretty much fool proof. Between advertisers, stories about repression of online descent in the middle east and asia, Facebook and Google tracking people all the damned time, etc, I think (or, at least, I would like to think) that it might only be a matter of time before more and more 'normal' people, even those who really, truely, have nothing to hide, start doing something similar.
When Comcast starts filtering port 9050 like they do with 25, then we'll know we've pretty much lost the Internet once and for all. But hey, at least the Department of State supports Internet freedom in China, right? pffft.
Tor and Privoxy is not a guaranteed way to protect your anonymous behavior... just sayin':)
This is not a bill to be passed, but a Court ruling. It is much harder to circumvent Court rulings that somethign is unconstitutional than it is to circumvent a bill that outlaws some government action. The reason it is harder to circumvent Supreme Court rulings is that the Court gets very salty when you try to go around their clear meaning. If the Court rules that a certain action by the government is unconstitutional, the government has to show that the circumvention they came up with represents a different category of behavior. Further, lower courts often extend Supreme Court rulings in ways which limit such circumvention.
You'd like to hope so, but I doubt the CIA or NSA cares about due process. And if you do in-fact think the checks and balances system works like it should, you're severely mistaken.
The first example I could find...
"The federal Immigration Reform and Control Act (IRCA) makes it illegal to knowingly hire or recruit an alien who is unauthorized to work in the United States. While IRCA imposed civil and criminal penalties on employers who violate this provision (when it is actually enforced by the Justice Department), it restricts the ability of states to implement similar penalties with one conspicuous exception. The federal law (8 U.S.C. 1324a(h)(2)) specifically allows states to impose sanctions on such employers “through licensing and similar laws.” That is exactly what Arizona did in 2007 when it passed the Legal Arizona Workers Act (LAWA)."
Supreme Court rulings often come under question because similar cases keep coming back to them even though they supposedly made a decision 'x' years beforehand.
The most important thing to realize is that it's often too hard to even get the audience of the Supreme Court, so what if the government gets in trouble for wiretapping you, the judiciary system can't just tell the CIA to shove-off instantaneously. Let's see, this case is originally from 2008, that's actually pretty quick whereas some appeals can take ten years. By that time, they will have long forgotten what they actually did, and ohhh, maybe they'll do an investigation.. maybe
So, even then, if they can't wiretap you for prolonged periods of time, they'll just get a warrant after wiretapping you for a short amount of time.. (which is what I predict from this case, they will allow warrantless searches for an acceptable amount of time and then just go on with their daily lives. Big deal, the checks and balances system is way out of wack, they'll send a piece of paper to the CIA and they'll just add it to the pile that's already there. How many people have ever been indicted from the CIA.... I'll answer that for you, only the people who have released classified information.
GG
Let's see, if they pass the bill, theyll surely circumvent it somehow anyway. Or, they could try to pass yet another bill that enables them to monitor your web traffic. Html 5 integrated with gps is perfectly fine for the gov, or those pics on your phone you take not realizing the gps metadata is built into every one of them. (minus the people who care enough to cleanse it of course.)
But they'd need a reason to want your information... Unless they had it already, waiting on it, knowing what they could do with their power if they so cared to detain you... But that would imply you didn't take the precautions to protect your data..
So how hard is it to get a warrant, not too hard.. They dont even need one anymore.
Let the internet be open-source indeed.
Giganews has servers hosted in ashburn which isn't too far from where they mentioned in the article. More specifically, they host the VyperVPN service they have in ashburn....
wouldn't be surpised if they confiscated their hardware because behind all those proxies they saw a Giganews IP address.
I have no idea if vypervpn is down though...
so I'm just speculating X_x
2 important key factors:
"It is being widely speculated that the arrest is in connection with the high-profile attacks by the LulzSec hacking group"
"It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities. But many observers are speculating that that could be the case."
Ladies and gentleman, it's speculative journalism at its best....
I wonder what they will look like... If someone hasn't thought of it before, someone should start drawing up plans for futuristic libraries where instead of checking out paper books you can check out books for your kindle or some other device... on top of that, I think it would be cool for it to look like a traditional library, but server racks instead of bookshelves.. (this probably just seems cool to me because I'm a nerd, I have a lot of friends who are 'conservative' when it comes to paper books.. A lot of the English majors I know treat technology like the anti-christ.
I thought this would be a good idea at first, until I realized that most of the companies still on the whitelist would just become targets....and just because they haven't gotten hacked yet, doesn't mean they have good security measures....
Frankly, I think companies who have gotten hacked would be better alternatives considering the CEOs probably dont ever want to mess around with budget cuts when it comes to infrastructure security.... ""Looking at you, Sony"
Now, I do not condone Lulz Security or Anonymous, but the fact of the matter is they're not just 'script-kiddies'. Every tech-savvy webpage I've gone the ones that are user-submitted have belittled the efforts of both hacking groups as if they could do the same things so easily.
I'm not sure why there is such a pretentious atmosphere of 'pro' coders here... but to be real honest with everyone, they have spent a lot of time researching web security vulnerabilities, and the biggest joke of all is that a good portion of readers on slashdot are probably sysadmins who think their system is protected by a golden firewall, which they probably bought from some other software vendor..
Blah, blah, it's just sql injections... lol, yeah... that's the greatest joke of all, they guessed your table names and you allowed escape characters...
And these people certainly realize they don't even have to lie or fabricate their stories considering they get in with the simplest, MOST known vulnerabilities..
I think some of lulz's actions deserve merit, the fact that they haven't been caught yet is a sure sign that they're somewhat competent at what they do.... much better in-fact than the security companies that supposedly get paid top-dollar to ensure data protection..
In essence, the biggest joke is not the simple attacks of the hacking groups, it's honestly the over-abundance of hypocrisy and finger pointing that essentially does nothing next to actually coming up with valid security solutions..
The best example of all this is simply Mitnick, he didn't even have to hack.. he just called someone up for a password.. you know why, because the smartest hacker doesn't waste 9 years trying to guess/crack a hash, especially when people are so much easier to manipulate than software.
To elaborate, did you actually think someone was going to replace and upgrade this stuff for free? No, they just 'diverted' resources... Just because it's unfunded doesn't mean the people who are in the head aren't going to make it out with fat pockets. IE. Leaders of Non-Profit Organizations:)
---"It is pretty costly. A lot of other capital programs and initiatives are being deferred so these hospitals can work on the ICD-10 switchover," he said. "It crosses over so many different information systems. It's very broad in its scope."
---
Oh yeah, you mean like the consulting pm's who are gonna bend over backwards for this headache aren't gonna get paid the usual sum of over 500$ per hour?
**Christine Armstrong, a principal at Deloitte Consulting, said in a report that ICD-10's complex code and its impact on EHRs, various billing systems, reporting packages and other decision-making and analytical systems will prompt major upgrades or the replacement of current systems.
The changeover will probably cost larger hospitals between $2 million and $5 million, and large care groups as much as $20 million, said James Swanson, director of client services at Virtusa, an IT services and consulting company.
**
Did you even get what I was saying? Anybody affiliated with leading ANY of those IT projects is bound to make over 300,000$ a year.
Maybe you've become what you most hated, noob.
They might drop.net like VB but that doesn't stop them from creating a newly-improved programming language exactly like javascript and html that is bound to blow the competition out of the water... and let's not forget, no backwards compatibility!!!
To this day, (I'm 20 now) one of the clearest things I remember is 'IDDQD' and 'IDKFA'. This was some 10 years ago, but it has still managed to embed itself in my brain.
Speaking of declassified documents, I'm so surprised that the movie 'The Men who Stare at Goats' was actually based off something real. I'm curious as to what else the DoD does with its time.
For all you Wendell Berry fans,
"One possibility is just to tag along with the fantasists in government and industry who would have us believe that we can pursue our ideals of affluence, comfort, mobility, and leisure indefinitely. This curious faith is predicated on the notion that we will soon develop unlimited new sources of energy: domestic oil fields, shale oil, gasified coal, NUCLEAR POWER, solar energy, and so on. This is fantastical because the basic cause of the energy crisis is not scarcity; it is moral ignorance and weakness of character. We don't know how to use energy, or what to use it for. And we cannot restrain ourselves. Our time is characterized as much by the abuse and waste of human power as it is by the abuse and waste of fossil fuel energy. Nuclear power, if we are to believe its advocates, is presumably going to be well used in the same mentality that has egregiously devalued and misapplied man- and womanpower. If we had an unlimited supply of solar or wind power, we would use that destructively, too, for the same reasons.
Just a little philosophy to go along with this lovely news
Slashdot Mirror
1. spoofing an IP will not get you past MAC address filtering
You don't have to spoof your IP address at all. Just spoof the MAC address and let DHCP take care of the IP address.
This, sorry, that is what I originally meant.. thanks for correcting me
What additional security measures can be taken to thwart script kiddies like this guy? Is MAC address filtering + WEP/WPA encryption (or one of those) sufficient security. At this point I want to shut the fucking WiFi off, but there are others in the household who wouldn't go for that.
Well, if he was an uber skilled script kiddie, he could just spoof one of the allowed IP's which isn't hard to do at all considering 'script-kiddies' have been hacking into government affiliates as of late... :) got something to hide?
The other day, after reading yet another news story about the censorship moves in Australia and more PROTECT IP stuff, I decided that it was time to try out configuring Privoxy to forward everything via SOCKS5 to Tor. I was expecting a much bigger performance hit than I actual did, though, which was a pleasant surprise. Sure, its annoying having to enter CAPTCHA tags for Google all the time, but that's really not that big of a hassle. For the less technical people, Vidalia + the Tor Button for Firefox are pretty much fool proof. Between advertisers, stories about repression of online descent in the middle east and asia, Facebook and Google tracking people all the damned time, etc, I think (or, at least, I would like to think) that it might only be a matter of time before more and more 'normal' people, even those who really, truely, have nothing to hide, start doing something similar.
When Comcast starts filtering port 9050 like they do with 25, then we'll know we've pretty much lost the Internet once and for all. But hey, at least the Department of State supports Internet freedom in China, right? pffft.
Tor and Privoxy is not a guaranteed way to protect your anonymous behavior... just sayin' :)
This is not a bill to be passed, but a Court ruling. It is much harder to circumvent Court rulings that somethign is unconstitutional than it is to circumvent a bill that outlaws some government action. The reason it is harder to circumvent Supreme Court rulings is that the Court gets very salty when you try to go around their clear meaning. If the Court rules that a certain action by the government is unconstitutional, the government has to show that the circumvention they came up with represents a different category of behavior. Further, lower courts often extend Supreme Court rulings in ways which limit such circumvention.
You'd like to hope so, but I doubt the CIA or NSA cares about due process. And if you do in-fact think the checks and balances system works like it should, you're severely mistaken. The first example I could find... "The federal Immigration Reform and Control Act (IRCA) makes it illegal to knowingly hire or recruit an alien who is unauthorized to work in the United States. While IRCA imposed civil and criminal penalties on employers who violate this provision (when it is actually enforced by the Justice Department), it restricts the ability of states to implement similar penalties with one conspicuous exception. The federal law (8 U.S.C. 1324a(h)(2)) specifically allows states to impose sanctions on such employers “through licensing and similar laws.” That is exactly what Arizona did in 2007 when it passed the Legal Arizona Workers Act (LAWA)." Supreme Court rulings often come under question because similar cases keep coming back to them even though they supposedly made a decision 'x' years beforehand. The most important thing to realize is that it's often too hard to even get the audience of the Supreme Court, so what if the government gets in trouble for wiretapping you, the judiciary system can't just tell the CIA to shove-off instantaneously. Let's see, this case is originally from 2008, that's actually pretty quick whereas some appeals can take ten years. By that time, they will have long forgotten what they actually did, and ohhh, maybe they'll do an investigation.. maybe So, even then, if they can't wiretap you for prolonged periods of time, they'll just get a warrant after wiretapping you for a short amount of time.. (which is what I predict from this case, they will allow warrantless searches for an acceptable amount of time and then just go on with their daily lives. Big deal, the checks and balances system is way out of wack, they'll send a piece of paper to the CIA and they'll just add it to the pile that's already there. How many people have ever been indicted from the CIA.... I'll answer that for you, only the people who have released classified information. GG
Let's see, if they pass the bill, theyll surely circumvent it somehow anyway. Or, they could try to pass yet another bill that enables them to monitor your web traffic. Html 5 integrated with gps is perfectly fine for the gov, or those pics on your phone you take not realizing the gps metadata is built into every one of them. (minus the people who care enough to cleanse it of course.) But they'd need a reason to want your information... Unless they had it already, waiting on it, knowing what they could do with their power if they so cared to detain you... But that would imply you didn't take the precautions to protect your data.. So how hard is it to get a warrant, not too hard.. They dont even need one anymore. Let the internet be open-source indeed.
Didn't MS just file for a patent that would allow them to eavesdrop on Skype? Hmmm, this is not a good combo!!!
My thoughts exactly... this reminds me of people putting wifi connections in cars that have access to the firmware that deals with the engine!!
Giganews has servers hosted in ashburn which isn't too far from where they mentioned in the article. More specifically, they host the VyperVPN service they have in ashburn.... wouldn't be surpised if they confiscated their hardware because behind all those proxies they saw a Giganews IP address. I have no idea if vypervpn is down though... so I'm just speculating X_x
2 important key factors: "It is being widely speculated that the arrest is in connection with the high-profile attacks by the LulzSec hacking group" "It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities. But many observers are speculating that that could be the case." Ladies and gentleman, it's speculative journalism at its best....
I wonder what they will look like... If someone hasn't thought of it before, someone should start drawing up plans for futuristic libraries where instead of checking out paper books you can check out books for your kindle or some other device... on top of that, I think it would be cool for it to look like a traditional library, but server racks instead of bookshelves.. (this probably just seems cool to me because I'm a nerd, I have a lot of friends who are 'conservative' when it comes to paper books.. A lot of the English majors I know treat technology like the anti-christ.
I thought this would be a good idea at first, until I realized that most of the companies still on the whitelist would just become targets....and just because they haven't gotten hacked yet, doesn't mean they have good security measures.... Frankly, I think companies who have gotten hacked would be better alternatives considering the CEOs probably dont ever want to mess around with budget cuts when it comes to infrastructure security.... ""Looking at you, Sony"
Now, I do not condone Lulz Security or Anonymous, but the fact of the matter is they're not just 'script-kiddies'. Every tech-savvy webpage I've gone the ones that are user-submitted have belittled the efforts of both hacking groups as if they could do the same things so easily. I'm not sure why there is such a pretentious atmosphere of 'pro' coders here... but to be real honest with everyone, they have spent a lot of time researching web security vulnerabilities, and the biggest joke of all is that a good portion of readers on slashdot are probably sysadmins who think their system is protected by a golden firewall, which they probably bought from some other software vendor.. Blah, blah, it's just sql injections... lol, yeah... that's the greatest joke of all, they guessed your table names and you allowed escape characters... And these people certainly realize they don't even have to lie or fabricate their stories considering they get in with the simplest, MOST known vulnerabilities.. I think some of lulz's actions deserve merit, the fact that they haven't been caught yet is a sure sign that they're somewhat competent at what they do.... much better in-fact than the security companies that supposedly get paid top-dollar to ensure data protection.. In essence, the biggest joke is not the simple attacks of the hacking groups, it's honestly the over-abundance of hypocrisy and finger pointing that essentially does nothing next to actually coming up with valid security solutions.. The best example of all this is simply Mitnick, he didn't even have to hack.. he just called someone up for a password.. you know why, because the smartest hacker doesn't waste 9 years trying to guess/crack a hash, especially when people are so much easier to manipulate than software.
To elaborate, did you actually think someone was going to replace and upgrade this stuff for free? No, they just 'diverted' resources... Just because it's unfunded doesn't mean the people who are in the head aren't going to make it out with fat pockets. IE. Leaders of Non-Profit Organizations :)
---"It is pretty costly. A lot of other capital programs and initiatives are being deferred so these hospitals can work on the ICD-10 switchover," he said. "It crosses over so many different information systems. It's very broad in its scope."
---
Oh yeah, you mean like the consulting pm's who are gonna bend over backwards for this headache aren't gonna get paid the usual sum of over 500$ per hour?
**Christine Armstrong, a principal at Deloitte Consulting, said in a report that ICD-10's complex code and its impact on EHRs, various billing systems, reporting packages and other decision-making and analytical systems will prompt major upgrades or the replacement of current systems. The changeover will probably cost larger hospitals between $2 million and $5 million, and large care groups as much as $20 million, said James Swanson, director of client services at Virtusa, an IT services and consulting company. ** Did you even get what I was saying? Anybody affiliated with leading ANY of those IT projects is bound to make over 300,000$ a year. Maybe you've become what you most hated, noob.
I'd love to be apart of that product manager's commission :( so what if it's going to take 5-10 years...
They might drop .net like VB but that doesn't stop them from creating a newly-improved programming language exactly like javascript and html that is bound to blow the competition out of the water... and let's not forget, no backwards compatibility!!!
Somehow, the majority has forgotten for just a second, the woes that inspired warfare
yeah, it was the shareware version. I never got around to actually buying it since I was only like 10 :\
bu
To this day, (I'm 20 now) one of the clearest things I remember is 'IDDQD' and 'IDKFA'. This was some 10 years ago, but it has still managed to embed itself in my brain.
Speaking of declassified documents, I'm so surprised that the movie 'The Men who Stare at Goats' was actually based off something real. I'm curious as to what else the DoD does with its time.
For all you Wendell Berry fans, "One possibility is just to tag along with the fantasists in government and industry who would have us believe that we can pursue our ideals of affluence, comfort, mobility, and leisure indefinitely. This curious faith is predicated on the notion that we will soon develop unlimited new sources of energy: domestic oil fields, shale oil, gasified coal, NUCLEAR POWER, solar energy, and so on. This is fantastical because the basic cause of the energy crisis is not scarcity; it is moral ignorance and weakness of character. We don't know how to use energy, or what to use it for. And we cannot restrain ourselves. Our time is characterized as much by the abuse and waste of human power as it is by the abuse and waste of fossil fuel energy. Nuclear power, if we are to believe its advocates, is presumably going to be well used in the same mentality that has egregiously devalued and misapplied man- and womanpower. If we had an unlimited supply of solar or wind power, we would use that destructively, too, for the same reasons. Just a little philosophy to go along with this lovely news