Jasper Maskelyne, a British stage magician, claimed to have invented something very similar during the Second World War. One of the ingredients, however, was asbestos.
About the same number of accounts, a couple of thousand against the millions that Vodafone and British Gas must have. BG say it wasn't their systems that were breached. Sounds as if there's another database that's leaked, and some people who have re-used passwords across multiple accounts are having their credentials tried out across multiple sites.
http://www.openwall.com/lists/... This paragraph suggests so many things which are simply wrong, confused, or irrelevant that i don't know what to make of the rest of the article.
* modern debian GNU/Linux systems do not have a wheel group at all. No particular versions or flavors of "Linux system"
* on systems where members of group wheel really do have unrestricted access to the su command, having wheel in the first place *is* the vulnerability -- it is a misconfiguration to expect an account to be non-privileged if it is a member of wheel.
* the last sentence appears to be about setuid/setgid binaries, but makes no mention that the overwhelming majority of binaries are not setuid/setgid.
Later on, the post suggests that wheel group membership is related to sudo privileges.
It also seems to assume that polkit always permits access for members of group wheel. I can find no such configuration on a modern debian system.
I don't think there's anything significant in this ambiguous, underspecified, and confused report.
1) the article states they contacted red hat, we were unable to find any inbound email or bugzilla entry pertaining to this issue, as always if you have an issue you wish to report please contact secalert@...hat.com
2) this is expected behaviour, admin users can install software (do I have to say this? really? yes. I was told I should say this).
3) don't run web apps as admin users (do I have to say this? really? yes. I was told I should say this).
4) if you feel the need to run a web app as an admin user restrict what they can do via SELinux, and don't let them install software (do I have to say this? really? yes. I was told I should say this).
So TL;DR: it's not a security vulnerability, and it will NOT be getting a CVE.
I can only assume this article/vuln is perhaps referring to something like Cpanel and other control panels that people sometimes install insecurely/improperly and then never update. Or something. Who knows.
The same clueless marketroid that thought that inserting adverts into http traffic was a good idea?
http://www.theregister.co.uk/2... > The marketing geniuses at Belkin, the consumer networking vendor, have dreamed up a new form of spam - ads served to your desktop, by way of its wireless router > The router would grab a random HTTP connection every eight hours and redirect it to Belkin’s (push) advertised web page.
School, circa 1974. Sending off your sheets and hoping that the keypunch operators didn't get 0's and O's confused. O's were slashed, or perhaps it was the other way round. Getting your job back on music ruled paper the next week
University. There were teletypes that you could use to get access to the ICL mainframe, but for exams you had to use punched cards, and only got 3 goes to compile and run your program. There were always queues for the big punch machines, so if you just needed one card doing, you could use a hand punch.
I once spent an interesting weekend in his company. He'd been born in Beijing, a walled city, and we took him via Chester on our way to North Wales. It was the first time he'd been in a walled city since his childhood. Walking near Llanberis, he found a Yew tree and enjoyed eating the berries. Still my photo of him on the Wikipedia page. Amazing guy, I hope his enthusiasm and inspiration lives on as his legacy.
I've been getting up to speed on IPv6 and have a tunnel from he.net (tunnelbroker.net). It seems to pop out somewhere on the other side of the Atlantic, judging from geographically targeted advertising. Several big sites are already IPv6 enabled (Firefox plugin SixOrNot), e.g. Facebook, Google, Youtube.
The OP mentions Sandvine: the EFF has a tool called Switzerland.
Is your ISP interfering with your BitTorrent connections? Cutting off your VOIP calls? Undermining the principles of network neutrality? In order to answer those questions, concerned Internet users need tools to test their Internet connections and gather evidence about ISP interference practices. After all, if it weren't for the testing efforts of Rob Topolski, the Associated Press, and EFF, Comcast would still be stone-walling about their now-infamous BitTorrent blocking efforts.
Developed by the Electronic Frontier Foundation, Switzerland is an open source software tool for testing the integrity of data communications over networks, ISPs and firewalls. It will spot IP packets which are forged or modified between clients, inform you, and give you copies of the modified packets.
Switzerland is designed to detect the modification or injection of packets of data traveling over IP networks, including those introduced by anti-P2P tools from Sandvine (widely believed to be used by Comcast to interfere with BitTorrent uploads) and AudibleMagic, advertising injection systems like FairEagle, censorship systems like the Great Firewall of China, and other systems that we don't know about yet.
another link: http://www.aps.org/publications/apsnews/200301/history.cfm Instead of starting the whole run over, he started midway through, typing the numbers straight from the earlier printout to give the machine its initial conditions. Then he walked down the hall for a cup of coffee, and when he returned an hour later, he found an unexpected result. Instead of exactly duplicating the earlier run, the new printout showed the virtual weather diverging so rapidly from the previous pattern that, within just a few virtual "months", all resemblance between the two had disappeared.
Edward Lorenz discovered that floating point truncation causes weather simulations to diverge massively back in 1961. This was the foundation of Chaos Theory and it was Lorenz who created the term "Butterfly Effect"
where a large financial institution insisted its systems were bug free and secure, eventually to be proved wrong: http://www.theregister.co.uk/2005/10/21/phantoms_and_rogues/print.html ... at that time the computing department of one of the banks issuing ATM cards had "gone rogue", cracking PINs and taking money from customers' accounts with abandon... more than 2,000 people who had suffered "phantom withdrawals" from their bank accounts
Slashdot Mirror
Jasper Maskelyne, a British stage magician, claimed to have invented something very similar during the Second World War. One of the ingredients, however, was asbestos.
https://books.google.co.uk/boo...
https://lkml.org/lkml/2017/1/1...
When I was a lad: http://www.hpmuseum.org/hp9830...
But I must have been one of the first posters!
https://a9t9.com/blog/chrome-e...
http://www.bbc.co.uk/news/tech...
About the same number of accounts, a couple of thousand against the millions that Vodafone and British Gas must have. BG say it wasn't their systems that were breached. Sounds as if there's another database that's leaked, and some people who have re-used passwords across multiple accounts are having their credentials tried out across multiple sites.
Earlier today
http://www.theregister.co.uk/2...
From the oss-sec mailing list:
http://www.openwall.com/lists/...
This is not a vulnerability, this is expected behaviour.
http://www.openwall.com/lists/...
This paragraph suggests so many things which are simply wrong, confused,
or irrelevant that i don't know what to make of the rest of the article.
* modern debian GNU/Linux systems do not have a wheel group at all. No
particular versions or flavors of "Linux system"
* on systems where members of group wheel really do have unrestricted
access to the su command, having wheel in the first place *is* the
vulnerability -- it is a misconfiguration to expect an account to be
non-privileged if it is a member of wheel.
* the last sentence appears to be about setuid/setgid binaries, but
makes no mention that the overwhelming majority of binaries are not
setuid/setgid.
Later on, the post suggests that wheel group membership is related to
sudo privileges.
It also seems to assume that polkit always permits access for members of
group wheel. I can find no such configuration on a modern debian system.
I don't think there's anything significant in this ambiguous,
underspecified, and confused report.
http://www.openwall.com/lists/...
Yeah I looked into this (the article/etc was completely confusing and
took some time to parse):
1) the article states they contacted red hat, we were unable to find
any inbound email or bugzilla entry pertaining to this issue, as always
if you have an issue you wish to report please contact secalert@...hat.com
2) this is expected behaviour, admin users can install software (do I
have to say this? really? yes. I was told I should say this).
3) don't run web apps as admin users (do I have to say this? really?
yes. I was told I should say this).
4) if you feel the need to run a web app as an admin user restrict what
they can do via SELinux, and don't let them install software (do I have
to say this? really? yes. I was told I should say this).
So TL;DR: it's not a security vulnerability, and it will NOT be getting
a CVE.
I can only assume this article/vuln is perhaps referring to something
like Cpanel and other control panels that people sometimes install
insecurely/improperly and then never update. Or something. Who knows.
Will it have lasers? And will they call it Skyholm?
Yeah! Who the fuck thought that was a good idea?
The same clueless marketroid that thought that inserting adverts into http traffic was a good idea?
http://www.theregister.co.uk/2...
> The marketing geniuses at Belkin, the consumer networking vendor, have dreamed up a new form of spam - ads served to your desktop, by way of its wireless router
> The router would grab a random HTTP connection every eight hours and redirect it to Belkin’s (push) advertised web page.
http://oldrunningfox.blogspot....
enough said.
School, circa 1974. Sending off your sheets and hoping that the keypunch operators didn't get 0's and O's confused. O's were slashed, or perhaps it was the other way round. Getting your job back on music ruled paper the next week
University. There were teletypes that you could use to get access to the ICL mainframe, but for exams you had to use punched cards, and only got 3 goes to compile and run your program. There were always queues for the big punch machines, so if you just needed one card doing, you could use a hand punch.
There's a good page with a photo of one here: http://www.staff.ncl.ac.uk/rog...
By my first job in 1979, we had VT52's and then VT100's, as well as a LA120 for the console.
I once spent an interesting weekend in his company. He'd been born in Beijing, a walled city, and we took him via Chester on our way to North Wales. It was the first time he'd been in a walled city since his childhood. Walking near Llanberis, he found a Yew tree and enjoyed eating the berries. Still my photo of him on the Wikipedia page. Amazing guy, I hope his enthusiasm and inspiration lives on as his legacy.
Congratulations
To watch the live feed I'm being asked to install CNTVLive2 plugi
http:/// player . cntv . cn /flashplayer/config/plugins/npCNTVLive2_Linux_64.xpi
I think not.
There seems to be a custom compression algorithm used for
http://player.cntv.cn/flashplayer/logo/Loading.swf?v=2012.11.28.1&v=0.3890230686354875la
mplayer/xine/vlc don't like it.
In Firefox and Chromium it shows a loading page but stops at 80-something percent.
An insightful comic: http://www.phdcomics.com/comics.php
I've been getting up to speed on IPv6 and have a tunnel from he.net (tunnelbroker.net). It seems to pop out somewhere on the other side of the Atlantic, judging from geographically targeted advertising. Several big sites are already IPv6 enabled (Firefox plugin SixOrNot), e.g. Facebook, Google, Youtube.
Five dollar wrench neuters the "protection" of #1 and #4.
http://xkcd.com/538/
The OP mentions Sandvine: the EFF has a tool called Switzerland.
Is your ISP interfering with your BitTorrent connections? Cutting off your VOIP calls? Undermining the principles of network neutrality? In order to answer those questions, concerned Internet users need tools to test their Internet connections and gather evidence about ISP interference practices. After all, if it weren't for the testing efforts of Rob Topolski, the Associated Press, and EFF, Comcast would still be stone-walling about their now-infamous BitTorrent blocking efforts.
Developed by the Electronic Frontier Foundation, Switzerland is an open source software tool for testing the integrity of data communications over networks, ISPs and firewalls. It will spot IP packets which are forged or modified between clients, inform you, and give you copies of the modified packets.
Switzerland is designed to detect the modification or injection of packets of data traveling over IP networks, including those introduced by anti-P2P tools from Sandvine (widely believed to be used by Comcast to interfere with BitTorrent uploads) and AudibleMagic, advertising injection systems like FairEagle, censorship systems like the Great Firewall of China, and other systems that we don't know about yet.
sorry - slip of the cheap crappy touchpad - tried to mod informative, modded down instead. posting here will undo
another link: http://www.aps.org/publications/apsnews/200301/history.cfm
Instead of starting the whole run over, he started midway through, typing the numbers straight from the earlier printout to give the machine its initial conditions. Then he walked down the hall for a cup of coffee, and when he returned an hour later, he found an unexpected result. Instead of exactly duplicating the earlier run, the new printout showed the virtual weather diverging so rapidly from the previous pattern that, within just a few virtual "months", all resemblance between the two had disappeared.
Edward Lorenz discovered that floating point truncation causes weather simulations to diverge massively back in 1961.
This was the foundation of Chaos Theory and it was Lorenz who created the term "Butterfly Effect"
http://www.ganssle.com/articles/achaos.htm
where a large financial institution insisted its systems were bug free and secure,
... at that time the computing department of one of the banks issuing ATM cards had "gone rogue", cracking PINs and taking money from customers' accounts with abandon ... more than 2,000 people who had suffered "phantom withdrawals" from their bank accounts
eventually to be proved wrong:
http://www.theregister.co.uk/2005/10/21/phantoms_and_rogues/print.html
Private Eye, a fortnightly UK satirical and news magazine first raised this issue
almost two years ago. Here's a link to the journalist's blog article.
Here are a couple of posts I've made in the past about OpenSTA, an open source "Web load and stress testing tool", which
was released under the GPL
http://tech.slashdot.org/comments.pl?sid=116421&cid=9853594
http://news.slashdot.org/comments.pl?sid=155207&cid=13011524
The web site is still there, but nothing seems to have happened since 2007.