That's about as specific as they got about "computer security". The article could have been written by a plumber for all we know. There's no indication from the article, these guys have any experience or knowledge about gaming security. It's as if I watched a tv show about being a doctor and then wrote a book on medical malpractice. Why is slashdot giving these poseurs any attention?
The OP's source article seems to be a prime example of astroturfing. The guy talks in generalities about computer security and gives absolutely no examples. He's just selling his book and the article really says nothing. He also used the phrase "paradigm shift" so you knew there wasn't any real content ahead. Plus, most security people will attest to the fact that any "computer security expert" who has a PhD is laughable. That guy probably couldn't get his parking validated at H.O.P.E.
You don't realize how these people make money.. it's not about a single domain - they do this stuff in tens and hundreds of thousands of domains.. they've got formulas to determine whether it's worth paying for a domain. You can't trick them by doing goofy WHOIS requests... but you can make money for them by increasing the value of otherwise useless domains... as individual domains they aren't worth anything to you with a slightly higher visibility, but as a domain in a portfolio of 100,000 others, they make money for NSI and other people. All thanks to you guys thinking you're being "cute" and costing them money, when you weren't costing them a penny, and you turned yourself into a little viral marketing bot for them. Congrats!
the site's pagerank goes up based on the number of other sites linking to it... a high-pagerank site like slashdot with embedded links to otherwise useless domains increases the value of those domains... eventually they will have ads parked on them and you fools have helped increase the value of the domains... you people are fucking idiots.
Are they purchasing domains or just "tasting" them? If you don't know what that means, get ready to be outraged. Companies can "taste" a domain (own it for five days without paying) and see if it generates any revenue before they actually pay for it. This is an unethical practice that ICANN should immediately abolish.
>So, am I correct in thinking a simple AddSlashes() addition to the server side script will prevent this? Other posts imply (heavily) that it's not as simple as that, but when I read "SQL injection attack" I think "AddSlashes()".
It depends upon the application. But yes, you're generally right.
This mess is the result of crappy programmers who don't sanitize their input. For example in PHP, a basic requirement would be to use stripslashes/addslashes and strip_tags.
There are a lot of bad programmers out there. That's what this means. I honestly don't really mind exploits like this because it exposes who needs to be fired or change careers.
You don't need to have people switch OSes. You just need to remove IE from their system and install Firefox+NoScript. I don't even run antivirus software any more since I dumped Outlook (and use text-only e-mail) and switched to Firefox.
FTA: It's possible that only Microsoft SQL Server databases were hacked with this particular version of the robot since the script relies on the sysobjects table that this database contains."
I think that's a relevant aspect to report. This is yet another MS-based vulnerability. It also makes sense since IIS servers are more likely to be serving the much less secure IE client.
My take on this issue is that I suspect whatever technology they use to scan for other stuff, like explosives, might create false positives with Lithium, and they don't want people to know this, so they just arbitrarily introduce this new rule.
Some have suggested that registering fake WHOIS requests might confuse these systems. I'd take it a step further and:
a) pick a random, obscure domain name (i.e. twistpark.com - available as of now)
b) issue multiple whois requests on various registrar sites
b) issue multiple whois requests from the command line of various servers and sit and see who snaps it up.. make up your own random domain name and see if multiple whois requests in a short period of time, originating from multiple hosts might ferret out who's doing this.
People complain that KISS is not exactly great music. Of course not. This is the band that had to dress up in ridiculous costumes, employ every gimmick imaginable from fire breathing to smoking guitars to get peoples' attention. I'm amused at this point, that people don't realize Simmon's chauvinistic and anti-P2P comments are merely part of the same gimmicks he's always employed to get attention: do/say something obnoxious.
Simmons falls into the same category as Ann Coulter and Bill O'Reilly. The worse thing that can ever happen to them is to be ignored. If you really want him to be as irrelevant as he ultimately is, you'll ignore his idiotic rambling. Even his reality show is staged. It's all a farce and he's laughing at all of us for even taking the time to call him a douchebag.
I'm not sure exactly what you're implying, that if we converted over to automated driving systems, driving deaths would disappear? That seems irrationally hopeful. Especially if some of our more popular software companies had anything to do with the systems controlling vehicles. It would bring all new meaning to the term, "blue screen of death" and "crash."
Seriously, the notion that this was accidental is amusing.
I remember years ago when I worked on the recall campaign for an infamous governor (who is currently in prison) - we tried to oust him from office and had to collect 10% of the voting public's signatures on petition in order to force a recall election. The governor laughed at the recall effort going on television saying, "I do not think these signatures are legitimate. I plan to look over each and every name of whoever signed these petitions just to check" *wink* *wink* This kind of subtle intimidation of activists and people who take a stand against wrongdoing is nothing new. I wouldn't be surprised if the exposure of the whistleblowers was intentional.
If you want to know more about this anarcho-capitalist libertarian agenda Ron Paul is pushing, listen to this this podcast. It's an interview with one of Paul's supporters with tough questions about how much of government and society would function in a scenario where there was a minimalist government centered around the U.S. Constitution.
True story... I purchased some property in the national forest. One factor that was contingent upon me buying this house was that I have access to broadband and not suck-ass satellite. I checked with the local phone company and they told me I was eligible for DSL service. Then later they told me I was too remote and they couldn't provide it.
At that point I could have accepted their judgment, but instead I decided to identify everyone on the board of directors for the phone company/ISP and contact them letting them know how upset I was over this situation. Two days later the vice president contacted me and said he was "fast tracking" setting up the equipment to provide DSL. A month later I had my broadband. If you bother the executives in these companies they're apt to tell their underlings to "do whatever the guy wants so I don't have to hear from him again." It works.
Exactly, that is why all religions need to be banned immediately! They are all nothing more than scams!
No, religion shouldn't be banned. That's not freedom. But there should be a more open dialogue on the legitimacy and value of religion in modern society. You may wonder why someone who isn't a theist cares much about religion, but take a look at the link and you'll see that religion does quite a bit to infringe on the rights and freedom of everyone. The last thing atheists want to do is stop that infringement by employing more restrictions. We just want to be able to have our say and let people judge for themselves whether these things are delusions and whether there's really any great evidence that suggests they're of that much benefit to society.
I'm just a sinner saved by grace. I'm no different from you.
No. You are a person who was indoctrinated into an illogical, irrational belief system. A belief system that is in constant contradiction with the laws of nature and the reality in which you live, which is why you aren't merely content with the "truth" you claim to know. You have to have your ever-fragile beliefs routinely recharged by attending church, imposing your morality and beliefs upon society at large, preaching to others and preferably surrounding yourself with like-minded people, and as evidenced herein, convincing yourself that anyone who disagrees with with you, while being someone "like you" is also missing something special, and therefore "unsaved" and inferior.
Guess what? Some of us aren't deluded. The irony of course is, as soon as you get really sick, you give up your faith in the supernatural and you head over to a hospital to provide some of that good 'ol secular science to heal you.
Just once I'd like to see a bunch of Christians wander into a hospital and see someone giving them a wafer, telling them to do a few hail mary's and pouring water on their heads and telling them they're healed...
Am I the only person that finds this rationality amusing the point of absurdity?
We can't even agree on what exactly happened last week and that's with videotape footage! And theists are adamant that the bible, a collection of disparate scrolls assembled by a church committee 800 years ago, written hundreds of years after the events they document, is a reliable source of information?
It's always amusing to see how people spin the Bible. The bible is loaded with inconsistencies and contradictions. And whenever these are pointed out, there is the standard set of excuses: Hey, that's out of context! or That's a metaphor/parable or only applies to Jews/before Jesus showed up.
The funny thing is, the same theists take other passages and suggest they are meant to be interpreted literally and do apply. Every sect of Christianity, and there are over 30,000 different groups, each have their own distinct array of scripture they "pick and choose" as some passages to interpret literally, and others to interpret more creatively.
You guys can't have it both ways. If the old testament doesn't matter, then neither does original sin! And therefore Jesus' sacrifice means nothing. None of it makes any sense unless you begin to recognize the obvious fact that this is a collection of disparate stories, mixed in with some history, that has been an ongoing evolution of very early pagan beliefs and mythology.
Like I said before.. your response to the civil rights movement might have been something like, "It's that black bitch, Rosa Parks own fault for not moving the back of the bus. Those are the rules! She got what she deserved."
I bet had you been in Germany during WWII you also would have suggested the Jews deserved to get shot for not getting on the train like they were told.
History is littered with people who defied what they considered to be inappropriate authoritarian rule, and you can bet your ignorant ass, it starts with a lot of trivial, seemingly insignificant conflicts like the one this story is about, and grows larger from there. It's a shame people like you aren't smart enough to see that.
Your claim will no doubt be a great comfort to someone incarcerated indefinitely without any access to the army of lawyers necessary to defend their right of Habeas Corpus using your argument.
Slashdot Mirror
That's about as specific as they got about "computer security". The article could have been written by a plumber for all we know. There's no indication from the article, these guys have any experience or knowledge about gaming security. It's as if I watched a tv show about being a doctor and then wrote a book on medical malpractice. Why is slashdot giving these poseurs any attention?
The OP's source article seems to be a prime example of astroturfing. The guy talks in generalities about computer security and gives absolutely no examples. He's just selling his book and the article really says nothing. He also used the phrase "paradigm shift" so you knew there wasn't any real content ahead. Plus, most security people will attest to the fact that any "computer security expert" who has a PhD is laughable. That guy probably couldn't get his parking validated at H.O.P.E.
You don't realize how these people make money.. it's not about a single domain - they do this stuff in tens and hundreds of thousands of domains.. they've got formulas to determine whether it's worth paying for a domain. You can't trick them by doing goofy WHOIS requests... but you can make money for them by increasing the value of otherwise useless domains... as individual domains they aren't worth anything to you with a slightly higher visibility, but as a domain in a portfolio of 100,000 others, they make money for NSI and other people. All thanks to you guys thinking you're being "cute" and costing them money, when you weren't costing them a penny, and you turned yourself into a little viral marketing bot for them. Congrats!
the site's pagerank goes up based on the number of other sites linking to it... a high-pagerank site like slashdot with embedded links to otherwise useless domains increases the value of those domains... eventually they will have ads parked on them and you fools have helped increase the value of the domains... you people are fucking idiots.
you idiots are making them money by linking to the domains.
you're playing right into their hands while you think you're being smartass.
man, some people today are clueless...
Are they purchasing domains or just "tasting" them? If you don't know what that means, get ready to be outraged. Companies can "taste" a domain (own it for five days without paying) and see if it generates any revenue before they actually pay for it. This is an unethical practice that ICANN should immediately abolish.
Google search to show compromised servers:
.ASP applications written by boneheaded programmers who didn't sanitize their input.
http://www.google.com/search?q=src%3Dhttp%3A%2F%2Fc.uc8010
There may be more - I used a specific reference to c.uc8010. Right now, Google shows 24,000 infected pages.
It looks like all the servers are IIS. Running
This is the problem with programming. You can't "idiot proof" a web site if the biggest idiot is the guy you've hired to write the application.
>So, am I correct in thinking a simple AddSlashes() addition to the server side script will prevent this? Other posts imply (heavily) that it's not as simple as that, but when I read "SQL injection attack" I think "AddSlashes()".
It depends upon the application. But yes, you're generally right.
This mess is the result of crappy programmers who don't sanitize their input. For example in PHP, a basic requirement would be to use stripslashes/addslashes and strip_tags.
There are a lot of bad programmers out there. That's what this means. I honestly don't really mind exploits like this because it exposes who needs to be fired or change careers.
You don't need to have people switch OSes. You just need to remove IE from their system and install Firefox+NoScript. I don't even run antivirus software any more since I dumped Outlook (and use text-only e-mail) and switched to Firefox.
This is yet another worm targeting Microsoft and IE. Nothing to see here.. Move along...
FTA: It's possible that only Microsoft SQL Server databases were hacked with this particular version of the robot since the script relies on the sysobjects table that this database contains."
I think that's a relevant aspect to report. This is yet another MS-based vulnerability. It also makes sense since IIS servers are more likely to be serving the much less secure IE client.
What's wrong with TV news in two words: FAIRNESS DOCTRINE.
It really is as simple as that. In 1987 news media was crippled. And that was the beginning of the end.
My take on this issue is that I suspect whatever technology they use to scan for other stuff, like explosives, might create false positives with Lithium, and they don't want people to know this, so they just arbitrarily introduce this new rule.
Some have suggested that registering fake WHOIS requests might confuse these systems. I'd take it a step further and:
a) pick a random, obscure domain name (i.e. twistpark.com - available as of now)
b) issue multiple whois requests on various registrar sites
b) issue multiple whois requests from the command line of various servers
and sit and see who snaps it up.. make up your own random domain name and see if multiple whois requests in a short period of time, originating from multiple hosts might ferret out who's doing this.
People complain that KISS is not exactly great music. Of course not. This is the band that had to dress up in ridiculous costumes, employ every gimmick imaginable from fire breathing to smoking guitars to get peoples' attention. I'm amused at this point, that people don't realize Simmon's chauvinistic and anti-P2P comments are merely part of the same gimmicks he's always employed to get attention: do/say something obnoxious.
Simmons falls into the same category as Ann Coulter and Bill O'Reilly. The worse thing that can ever happen to them is to be ignored. If you really want him to be as irrelevant as he ultimately is, you'll ignore his idiotic rambling. Even his reality show is staged. It's all a farce and he's laughing at all of us for even taking the time to call him a douchebag.
I'm not sure exactly what you're implying, that if we converted over to automated driving systems, driving deaths would disappear? That seems irrationally hopeful. Especially if some of our more popular software companies had anything to do with the systems controlling vehicles. It would bring all new meaning to the term, "blue screen of death" and "crash."
Seriously, the notion that this was accidental is amusing.
I remember years ago when I worked on the recall campaign for an infamous governor (who is currently in prison) - we tried to oust him from office and had to collect 10% of the voting public's signatures on petition in order to force a recall election. The governor laughed at the recall effort going on television saying, "I do not think these signatures are legitimate. I plan to look over each and every name of whoever signed these petitions just to check" *wink* *wink* This kind of subtle intimidation of activists and people who take a stand against wrongdoing is nothing new. I wouldn't be surprised if the exposure of the whistleblowers was intentional.
If you want to know more about this anarcho-capitalist libertarian agenda Ron Paul is pushing, listen to this this podcast. It's an interview with one of Paul's supporters with tough questions about how much of government and society would function in a scenario where there was a minimalist government centered around the U.S. Constitution.
True story... I purchased some property in the national forest. One factor that was contingent upon me buying this house was that I have access to broadband and not suck-ass satellite. I checked with the local phone company and they told me I was eligible for DSL service. Then later they told me I was too remote and they couldn't provide it.
At that point I could have accepted their judgment, but instead I decided to identify everyone on the board of directors for the phone company/ISP and contact them letting them know how upset I was over this situation. Two days later the vice president contacted me and said he was "fast tracking" setting up the equipment to provide DSL. A month later I had my broadband. If you bother the executives in these companies they're apt to tell their underlings to "do whatever the guy wants so I don't have to hear from him again." It works.
Exactly, that is why all religions need to be banned immediately! They are all nothing more than scams!
No, religion shouldn't be banned. That's not freedom. But there should be a more open dialogue on the legitimacy and value of religion in modern society. You may wonder why someone who isn't a theist cares much about religion, but take a look at the link and you'll see that religion does quite a bit to infringe on the rights and freedom of everyone. The last thing atheists want to do is stop that infringement by employing more restrictions. We just want to be able to have our say and let people judge for themselves whether these things are delusions and whether there's really any great evidence that suggests they're of that much benefit to society.
I'm just a sinner saved by grace. I'm no different from you.
No. You are a person who was indoctrinated into an illogical, irrational belief system. A belief system that is in constant contradiction with the laws of nature and the reality in which you live, which is why you aren't merely content with the "truth" you claim to know. You have to have your ever-fragile beliefs routinely recharged by attending church, imposing your morality and beliefs upon society at large, preaching to others and preferably surrounding yourself with like-minded people, and as evidenced herein, convincing yourself that anyone who disagrees with with you, while being someone "like you" is also missing something special, and therefore "unsaved" and inferior.
Guess what? Some of us aren't deluded. The irony of course is, as soon as you get really sick, you give up your faith in the supernatural and you head over to a hospital to provide some of that good 'ol secular science to heal you.
Just once I'd like to see a bunch of Christians wander into a hospital and see someone giving them a wafer, telling them to do a few hail mary's and pouring water on their heads and telling them they're healed...
Am I the only person that finds this rationality amusing the point of absurdity?
We can't even agree on what exactly happened last week and that's with videotape footage! And theists are adamant that the bible, a collection of disparate scrolls assembled by a church committee 800 years ago, written hundreds of years after the events they document, is a reliable source of information?
It's always amusing to see how people spin the Bible. The bible is loaded with inconsistencies and contradictions. And whenever these are pointed out, there is the standard set of excuses: Hey, that's out of context! or That's a metaphor/parable or only applies to Jews/before Jesus showed up.
The funny thing is, the same theists take other passages and suggest they are meant to be interpreted literally and do apply. Every sect of Christianity, and there are over 30,000 different groups, each have their own distinct array of scripture they "pick and choose" as some passages to interpret literally, and others to interpret more creatively.
You guys can't have it both ways. If the old testament doesn't matter, then neither does original sin! And therefore Jesus' sacrifice means nothing. None of it makes any sense unless you begin to recognize the obvious fact that this is a collection of disparate stories, mixed in with some history, that has been an ongoing evolution of very early pagan beliefs and mythology.
Like I said before.. your response to the civil rights movement might have been something like, "It's that black bitch, Rosa Parks own fault for not moving the back of the bus. Those are the rules! She got what she deserved."
I bet had you been in Germany during WWII you also would have suggested the Jews deserved to get shot for not getting on the train like they were told.
History is littered with people who defied what they considered to be inappropriate authoritarian rule, and you can bet your ignorant ass, it starts with a lot of trivial, seemingly insignificant conflicts like the one this story is about, and grows larger from there. It's a shame people like you aren't smart enough to see that.
Your claim will no doubt be a great comfort to someone incarcerated indefinitely without any access to the army of lawyers necessary to defend their right of Habeas Corpus using your argument.