According to Waugh, the GNOME Web servers that are hosted by Red Hat were compromised by "a dumb cracker who probably didn't realise what they got into".
Seems like he was smart enough to hack their system.
They just let their Linux newsletter writer go.
on
GnomeDex 3.0
·
· Score: 1
Read about it on his blog here:Frankly, I'd Rather Not.
I really enjoyed his newsletter, called Penguin Shell. He's a good writer and it was helpful for a newbie. Shame he's gone now, but I'll be interested to see what his new site will be.
As I replied to the otther person, I'm not whining (or didn't intend to). My choice whether to click or not, or to use my login that I have. Or search archives.whatever. Doesn't really bother me, but I do find it ironic that a major news site requires a password when they seemingly admitted themselves that they allowed it to be bypassed temporarily to get so many more visitors. To me, that seems to say that they might get even more if they didn't use it.
Yes, you are right, I could. To be up front, I've got a sign in that I use to read the links there or I check the archives.nytimes.whatever to see if it's there. I'm not complaining, just stating I find it ironic. I don't click it if I don't feel like signing in. Haven't searched their site to see why they ask for the registration, guess I ought to. Might be interesting to know - I don't know if they correlate (or try to)the signin with an IP address or referrer or user-agent or nothing at all. Thanks for the reply.
The NY Times, which requires the annoying free registration, has a piece about privacy laws. I also find it interesting that they have this quote on the reg page:
Immediately after the events of September 11, we temporarily removed our registration/sign-in requirement to permit as many readers as possible to access developing news stories quickly. We have now restored our registration process.
Guess they don't want all those readers anymore.
I don't run any servers but I run W2K at home and Win98 at work on my PCs. At work I don't have a choice and really at home I have to use windows to keep everything compatible. Anyway, my point is that I gave up trying to keep up with the patches for Windows, Office, and every other software package I am running. I'm trying to learn to use OpenBSD so that for ANYTHING where I need to get internet access, I can run it on the OpenBSD box. There are so many damn pathces and repatches for software that it can be impossible to keep up. I don't think you can point the blame at the manufacturer, because there will always be new hacks, nor can you blame the operator, because he/she MIGHT need to get some work done outside of patching the damn software. That's why as far as I can tell, the only safe route is to pick the most secure OS you can and go with that for anything where you will allow outside connectivity. At least this way you lessen the risk. You will never be truly safe, but you will spend a lot less time patching and be less likely to be the object of anger when something like Code Red hits.
PS - I'm not trying to say theat OpenBSD is the most secure. I have very little experience with any OS besides Windows and I'm picking that one to try based on observations and comments. I'm sure there are Linux distributions that are just as safe once they are locked down. But it sure seems like OpenBSD warnings come across Bugtraq a lot less than most.
According to the U.S. Centers for Disease Control and Prevention (CDC), more than 2,000 school-age children aged 19 or younger take their own lives each year. The rise in suicides by children ages 10 to 14 is especially alarming, say CDC officials.
If you are going to state something like this, back it up. What rise? What study? What method used to collect data, etc? Give us something to look at so we can draw our own conclusions.
...assuming it's going to run something like cellular or PCS...
No, sounds like the standard ISM band wireless ethernet. Available from from Aironet, Breezecom, us(C-SPEC), Proxim or one of the zillion other compnaies out there doing wireless. I do support and I would hate to see what is going to happen to all the people trying to connect their LAN's when these guys start spraying RF all over the city without a care for how they mangle all the usable spectrum.
Agreed. I spent the weekend there and couldn't belive how bad the traffic is there. People act as if they don't care if they hit you, but by God they are going to get wherever they have to even at the expense of your car.
I am 28 and look and dress like I am about 20, mostly becuase I can at my job. However, when I need to create a certain impression on someone, I dress to create the effect that I am older. Pretty easy to do. I have worked with some people who were as young as 17 but IN THEIR JOB carried themselves as if they were 30 or older. However, outside of that, they seemed to be 17 again. All depends on how you choose to act, dress, and behave. You can create the impression of age and maturity if you are willing to work at it.
the "yessir, squaared away dept"
on
E=MC
·
· Score: 1
If you don't get it, it's a reference to a GREAT Far Side cartoon. Anyone got a link? I've seen some notices from Larson asking that his work not be put on the Net so it may not be out there.
Just a thought, but will the method of paying for content really even matter much until the bandwidth available to the average person gets to be such that they will WANT to try and download all their music, books, movies, etc. over the net? There's a reason people download at work and copy it to take it home.
The record companies and the movie industry obviously want to have a method in place before this happens, but which occurence will drive the other: content distribution or bandwidth availability?
Yeah, it will happen. The actual radio (in the case of a Lucent silver card, which is what Apple uses) is what tracks all the different connections. So it doesn't matter how fast a processor is being used with it, the radio itself is the limiting factor. The more clients you have, the slower the speeds. And as each packet has to be ACKed, functions that are highly interactive run slower.
- You can only know what you've experienced or learned from others, with the former definitely being of higher priority. Age is a limiting factor on how much you can have of either.
It is a factor but not neccesarily a limiting one. I work with high school kids part time and I have met some who are as mature and experienced as I am, and I have met adults who were as inexperienced as children becuase they had never learned on their own. What a person knows in terms of experiences depends the path their life has taken. I've seen kids 18 years old who have had more life-defining experiences, whether good or bad, than I have had at age 27. I believe that it's more what you have been through than how long you have been around.
Don't forget the cost of training personnel on new software, both the end user and the MIS staff. Also look at the projected cost figures associated with VB viruses like lovebug, etc., that went through the mail systems of entire companies who had done this. And then include costs to harden down the system so this doesn't happen to you. When they see it in $$ and cents, they might reconsider.
On the bright side, maybe this is how you can get your budget upped!!
Just curious. What are the legal precedents for having another vote in Pal Beach County with a new ballot for only the president? Could people who didn't vote before vote now? Or how about only everyone who didn't vote gets to vote now? And is there any consideration being given to recounting ALL VOTES in every state, given the number of problems that have cropped up here?
I am not saying that any of the above SHOULD happen, but I am curious as to the possibilities of any of these things happening? Who makes the decisions on issues like this? The AG for the state? Does the federal government have any say in the election issues of a single state?
Finally, what happens if this issue is not resolved by inauguration day? Who is in charge at that point?
There's a great mailing list for wireless on isp-planet.com. Someone posted this link a while back for Linux info:
http://www.hpl.hp.com/personal/Jean_Tourrilhes/Lin ux/
Enjoy!
Most of the ISP's are either begging for or are trying to develop a Linux box with wireless ability for distribution. Great for having cheap access points everywhere. Probably put me out of work though!
Thought they already released the names. As Mr. Graham says, he saw no one on the list that seemed to have the appropriate technical skills. So if you are correct, either they are bringing in other people and are not being up front about it or he does not wish to say who they are for other reasons. Just my humble thoughts. I had not considered the possibility of the names being classified for security reasons.
Interesting to me that the question by Mr. Graham, a well known and respected technical expert, was answered in a two sentence response as follows: "A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools."
This looks like a deliberate attempt to avoid answering the question in any way, shape, or form. Who has experience? What type? How much? I am FAMILIAR with Linux, and have installed it one time, but I am sure not an expert who is qualified to make any sort of judgement on any Linux device. Similarly, how do we know whether these people are truly qualified in the manner that Mr. Graham asks? And network management is a LOT different than performing a critical review of something like Carnivore.
I will be totally honest, I cannot even begin to understand the second paragraph of Mr. Graham's question. Why does Mr. Perritt neglect to even attempt to respond to any part of that, or if he is not qualified, even mention forwarding it to someone who is qualified to respond as to whether or not it is relevant?
Seems like this is a very deliberate avoidance of the truth. Let the whitewash begin!
Here is a link to a (gasp!!) Windows program (also available for Mac) that can help with Telemarketers. I am willing to bet someone can write the same thing for *nix pretty quick.
http://www.verinet.com/~geoff/Enigma/
Slashdot Mirror
According to Waugh, the GNOME Web servers that are hosted by Red Hat were compromised by "a dumb cracker who probably didn't realise what they got into".
Seems like he was smart enough to hack their system.
Read about it on his blog here:Frankly, I'd Rather Not.
I really enjoyed his newsletter, called Penguin Shell. He's a good writer and it was helpful for a newbie. Shame he's gone now, but I'll be interested to see what his new site will be.
As I replied to the otther person, I'm not whining (or didn't intend to). My choice whether to click or not, or to use my login that I have. Or search archives.whatever. Doesn't really bother me, but I do find it ironic that a major news site requires a password when they seemingly admitted themselves that they allowed it to be bypassed temporarily to get so many more visitors. To me, that seems to say that they might get even more if they didn't use it.
Either way, thanks for the reply.
Yes, you are right, I could. To be up front, I've got a sign in that I use to read the links there or I check the archives.nytimes.whatever to see if it's there. I'm not complaining, just stating I find it ironic. I don't click it if I don't feel like signing in. Haven't searched their site to see why they ask for the registration, guess I ought to. Might be interesting to know - I don't know if they correlate (or try to)the signin with an IP address or referrer or user-agent or nothing at all. Thanks for the reply.
The NY Times, which requires the annoying free registration, has a piece about privacy laws. I also find it interesting that they have this quote on the reg page: Immediately after the events of September 11, we temporarily removed our registration/sign-in requirement to permit as many readers as possible to access developing news stories quickly. We have now restored our registration process. Guess they don't want all those readers anymore.
I don't run any servers but I run W2K at home and Win98 at work on my PCs. At work I don't have a choice and really at home I have to use windows to keep everything compatible. Anyway, my point is that I gave up trying to keep up with the patches for Windows, Office, and every other software package I am running. I'm trying to learn to use OpenBSD so that for ANYTHING where I need to get internet access, I can run it on the OpenBSD box. There are so many damn pathces and repatches for software that it can be impossible to keep up. I don't think you can point the blame at the manufacturer, because there will always be new hacks, nor can you blame the operator, because he/she MIGHT need to get some work done outside of patching the damn software. That's why as far as I can tell, the only safe route is to pick the most secure OS you can and go with that for anything where you will allow outside connectivity. At least this way you lessen the risk. You will never be truly safe, but you will spend a lot less time patching and be less likely to be the object of anger when something like Code Red hits.
PS - I'm not trying to say theat OpenBSD is the most secure. I have very little experience with any OS besides Windows and I'm picking that one to try based on observations and comments. I'm sure there are Linux distributions that are just as safe once they are locked down. But it sure seems like OpenBSD warnings come across Bugtraq a lot less than most.
terraserver.microsoft.com
Cool site for looking over an area. Not always up to date, but interesting.
I can't get to the information becuase of &**%^%&^% filtering software (Bess, that b---!)
According to the U.S. Centers for Disease Control and Prevention (CDC), more than 2,000 school-age children aged 19 or younger take their own lives each year. The rise in suicides by children ages 10 to 14 is especially alarming, say CDC officials.
If you are going to state something like this, back it up. What rise? What study? What method used to collect data, etc? Give us something to look at so we can draw our own conclusions.
...assuming it's going to run something like cellular or PCS...
No, sounds like the standard ISM band wireless ethernet. Available from from Aironet, Breezecom, us(C-SPEC), Proxim or one of the zillion other compnaies out there doing wireless. I do support and I would hate to see what is going to happen to all the people trying to connect their LAN's when these guys start spraying RF all over the city without a care for how they mangle all the usable spectrum.
Agreed. I spent the weekend there and couldn't belive how bad the traffic is there. People act as if they don't care if they hit you, but by God they are going to get wherever they have to even at the expense of your car.
That would be OpenP2P I assume, not OpenPGP. (Use the Preview Button! Check those URLs! Don't forget the http://!)
I am 28 and look and dress like I am about 20, mostly becuase I can at my job. However, when I need to create a certain impression on someone, I dress to create the effect that I am older. Pretty easy to do. I have worked with some people who were as young as 17 but IN THEIR JOB carried themselves as if they were 30 or older. However, outside of that, they seemed to be 17 again. All depends on how you choose to act, dress, and behave. You can create the impression of age and maturity if you are willing to work at it.
If you don't get it, it's a reference to a GREAT Far Side cartoon. Anyone got a link? I've seen some notices from Larson asking that his work not be put on the Net so it may not be out there.
Just a thought, but will the method of paying for content really even matter much until the bandwidth available to the average person gets to be such that they will WANT to try and download all their music, books, movies, etc. over the net? There's a reason people download at work and copy it to take it home. The record companies and the movie industry obviously want to have a method in place before this happens, but which occurence will drive the other: content distribution or bandwidth availability?
Yeah, it will happen. The actual radio (in the case of a Lucent silver card, which is what Apple uses) is what tracks all the different connections. So it doesn't matter how fast a processor is being used with it, the radio itself is the limiting factor. The more clients you have, the slower the speeds. And as each packet has to be ACKed, functions that are highly interactive run slower.
......that the original site talking about this "bad press for Linux" trojan is MSnbc.com? Nah, no competitive motivation here at all.
- You can only know what you've experienced or learned from others, with the former definitely being of higher priority. Age is a limiting factor on how much you can have of either. It is a factor but not neccesarily a limiting one. I work with high school kids part time and I have met some who are as mature and experienced as I am, and I have met adults who were as inexperienced as children becuase they had never learned on their own. What a person knows in terms of experiences depends the path their life has taken. I've seen kids 18 years old who have had more life-defining experiences, whether good or bad, than I have had at age 27. I believe that it's more what you have been through than how long you have been around.
Seems like NASA has relaxed its software standards.
Don't forget the cost of training personnel on new software, both the end user and the MIS staff. Also look at the projected cost figures associated with VB viruses like lovebug, etc., that went through the mail systems of entire companies who had done this. And then include costs to harden down the system so this doesn't happen to you. When they see it in $$ and cents, they might reconsider. On the bright side, maybe this is how you can get your budget upped!!
Just curious. What are the legal precedents for having another vote in Pal Beach County with a new ballot for only the president? Could people who didn't vote before vote now? Or how about only everyone who didn't vote gets to vote now? And is there any consideration being given to recounting ALL VOTES in every state, given the number of problems that have cropped up here? I am not saying that any of the above SHOULD happen, but I am curious as to the possibilities of any of these things happening? Who makes the decisions on issues like this? The AG for the state? Does the federal government have any say in the election issues of a single state? Finally, what happens if this issue is not resolved by inauguration day? Who is in charge at that point?
There's a great mailing list for wireless on isp-planet.com. Someone posted this link a while back for Linux info: http://www.hpl.hp.com/personal/Jean_Tourrilhes/Lin ux/
Enjoy!
Most of the ISP's are either begging for or are trying to develop a Linux box with wireless ability for distribution. Great for having cheap access points everywhere. Probably put me out of work though!
Thought they already released the names. As Mr. Graham says, he saw no one on the list that seemed to have the appropriate technical skills. So if you are correct, either they are bringing in other people and are not being up front about it or he does not wish to say who they are for other reasons. Just my humble thoughts. I had not considered the possibility of the names being classified for security reasons.
Interesting to me that the question by Mr. Graham, a well known and respected technical expert, was answered in a two sentence response as follows: "A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools." This looks like a deliberate attempt to avoid answering the question in any way, shape, or form. Who has experience? What type? How much? I am FAMILIAR with Linux, and have installed it one time, but I am sure not an expert who is qualified to make any sort of judgement on any Linux device. Similarly, how do we know whether these people are truly qualified in the manner that Mr. Graham asks? And network management is a LOT different than performing a critical review of something like Carnivore. I will be totally honest, I cannot even begin to understand the second paragraph of Mr. Graham's question. Why does Mr. Perritt neglect to even attempt to respond to any part of that, or if he is not qualified, even mention forwarding it to someone who is qualified to respond as to whether or not it is relevant? Seems like this is a very deliberate avoidance of the truth. Let the whitewash begin!
Here is a link to a (gasp!!) Windows program (also available for Mac) that can help with Telemarketers. I am willing to bet someone can write the same thing for *nix pretty quick. http://www.verinet.com/~geoff/Enigma/