They are asking prices from other providers and comparing with their actual Cogent bill. Cogent is perfect when used in a multihomed setup, you get the cheap without the risks.
(I attended the Black Hat presentation but did not read the full paper.)
Their conclusion (debunking the whole FA): In this paper we demonstrated that the memory protection mechanisms available in the latest versions of Windows are not always effective when it comes to preventing the exploitation of memory corruption vulnerabilities in browsers. They raise the bar, but the attacker still has a good chance of being able to bypass them. Two factors contribute to this problem: the degree to which the browser state is controlled by the attacker; and the extensible plugin architecture of modern browsers. The internal state of the browser is determined to a large extent by the untrusted and potentially malicious data it processes. The complexity of HTML combined with the power of JavaScript and VBscript, DOM scripting,.NET, Java and Flash give the attacker an unprecedented degree of control over the browser process and its memory layout. The second factor is the open architecture of the browser, which allows third-party extensions and plugins to execute in the same process and with the same level of privilege. This not only means that any vulnerability in Flash affects the security of the entire browser, but also that a missing protection mechanism in a third-party DLL can enable the exploitation of vulnerabilities in all other browser components. The authors expect these problems to be addressed in future releases of Windows and browser plugins shipped by third parties.
opendns.com does the very mangling I want to avoid and calls it a feature. At least they tell you they are doing it, and use it for stuff that could benefit end users (filtering allowed site names) as well as their own advertising. But it doesn't solve the problem. It is just a more "open" and up front version of the problem.
Just turn it off (feature called 'typo correction') and you have a rock solid/bug fixed open dns:)
just nuke the right to execute on avnotify.exe:-) and you can set the update job to invisible. AFAIK Avast is the best AV with Kaspersky on live scanning sites such as virustotal.
It already exists and is bigger than any other, it is called windowsupdate and it is included with your XP license (or keygen..). Why would one try to do better than Microsoft at fixing their own OS is beyond me.
If it costs Americans $1 to make a plastic spoon and if the Chinese can sell it for $0.98, then that will be outsourced.
The Chinese know you can pay for it (since you were spending $1 for it until now) and the Americans are better off by $0.02. Logical fallacy: if you outsource, the $1 income permitting Americans to spend $1 is gone.
You can't send packets out on or receive them in on a variety of ports, notably 21, 25, and 80. I figured that there must be filters up on my connection because most consumers don't require service on them, and on Joe Sixpack's connection, it's more secure that way. May I suggest you go visit an abuse's desk of an ISP not filtering port 25 outbound before stating that it's blocked for the unique reason that they don't require it? Viruses on customers' computers don't need port 25, period. It's allowed for businesses because they usually have some kind of IT dealing with viruses, but at the ISP I worked for we could block these as well if abuse was reported, no matter the price of the connection.
This is not a "Windows vs Linux" thing. These are highly specialized data networks designed specifically for aircraft. The typical running life of a big jet is some 40 years or more - the idea of a consumer O/S such as Windows (or even Linux) being suitable for such a situation is simply stupid. Everything is coded in firmware, micro-processor based, with a likelyhood of actually crashing accidentally being somewhat less likely than getting struck by lightning on a sunny day while sitting in the cellar of your 4-story house. This is assuming coders do their job properly.. some pilots of Airbus did unusual manovers, sensors returned unexpected negative values, and boom, both FMS computers went dark. Hopefully pilots knew how to fly a plane in addition to managing computers so everybody got safely on the ground, but it just goes to show that the likelyhood of a crash is always much higher than "it can't possibly happen".
It's unfortunately so bad that I've had to throw away weeks of work and switch to Altiris on a major project, which is fairly painful to switch to but at *LEAST* has a usable interface. altiris, just bought by Symantec.. expect the best, prepare for the worse.
After buying a Linksys 54Gv6 and realizing its shortcomings (small flash/memory), I found the Buffalo WHR-G54S. Same memory as the 54GL, but with the 125mbps chipset. All this for a good price (38USD!).
Dick Cheney (R-Oil): Suck it, Ted. Your union buddies in 19.0.0.0/8, Ford Motor Company, ain't long for this world anyways. They use a few other/16 instead, interesting. Are they planning to free the/8? It's not being advertised at all.
Senator BOFH (I-Maginary): Umm, dudes? I didn't know DEC was still around, let alone still owned (16.0.0.0/8), and do enough people still go to Interop (45.0.0.0/8) that it deserves a whole frickin'/8 to itself? DEC is owned by HP and they certainly could have some decent use for it. About Interop, since their website isn't even on their/8..
After all the crash of one of the first fly by wire A320 aircraft at a French air show in 1998 there were numerous questions raised about the suitability of its control software. Except that the pilot disabled the flight envelope protection mode allowing him to do something stupid. Not to say that he was lacking training (mind boggling since he was chief pilot) too.
Unless they've changed their minds, all products features HDCP-ready on their site (search that term from the frontpage and see for yourself). Anyone got a cached copy that they actually removed it? <grin> If not, maybe people should start proofreading before talking about class action..
This makes Slashdot exactly on the day Firefox v1.5 is supposed to be released. Apparently, Mozilla want to create a huge marketing campaign, better and larger than the one for v1.0. This is a perfect time to capitalize on this horrible security hole to promote Firefox.
Hrm, did you notice that Firefox 1.5 is crashing as well on this exploit? It's not a security risk but a big annoyance nonetheless.
No, its working fine - (you may be on a line leased by Telus to a 3rd party) Even then, it's wiped out from their network globally: route-views.on.bb.telus.com>ping 204.14.106.29
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 204.14.106.29, timeout is 2 seconds:..... Success rate is 0 percent (0/5) route-views.on>ping 204.14.106.28
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 204.14.106.28, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms route-views.on>ping 204.14.106.30
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 204.14.106.30, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms
I didn't know they were filtering spamvertized sites but I know they block some mails based on content, specifically URLs they may contain; some emails to AOL got rejected because of this, and their smtp returns reason: 554-: (HVU:B1) The URL contained in your email to AOL members has generated a high volume of complaints.
The URL in question was http://someplace.(can't remember).solmedia.com which doesn't sound like a spamgang operation to me..
Slashdot Mirror
Where are the angered masses?
They are asking prices from other providers and comparing with their actual Cogent bill. Cogent is perfect when used in a multihomed setup, you get the cheap without the risks.
(I attended the Black Hat presentation but did not read the full paper.)
Their conclusion (debunking the whole FA): .NET, Java and Flash give the attacker an unprecedented degree of
In this paper we demonstrated that the memory protection mechanisms available in the latest
versions of Windows are not always effective when it comes to preventing the exploitation of
memory corruption vulnerabilities in browsers. They raise the bar, but the attacker still has a
good chance of being able to bypass them. Two factors contribute to this problem: the degree to
which the browser state is controlled by the attacker; and the extensible plugin architecture of
modern browsers.
The internal state of the browser is determined to a large extent by the untrusted and potentially
malicious data it processes. The complexity of HTML combined with the power of JavaScript and
VBscript, DOM scripting,
control over the browser process and its memory layout.
The second factor is the open architecture of the browser, which allows third-party extensions
and plugins to execute in the same process and with the same level of privilege. This not only
means that any vulnerability in Flash affects the security of the entire browser, but also that a
missing protection mechanism in a third-party DLL can enable the exploitation of vulnerabilities
in all other browser components.
The authors expect these problems to be addressed in future releases of Windows and browser
plugins shipped by third parties.
Burt Rutan had a pretty spectacular explosion in their engine development process last year that resulted in a few fatalities
Too bad about the lost satellites.
Cheers,
I see you are more concerned by the lost satellites than the fatalities.. probably because the former is more expensive?
you can recover your RAM minutes after loosing power.. no kidding! http://citp.princeton.edu/memory/
opendns.com does the very mangling I want to avoid and calls it a feature. At least they tell you they are doing it, and use it for stuff that could benefit end users (filtering allowed site names) as well as their own advertising. But it doesn't solve the problem. It is just a more "open" and up front version of the problem.
Just turn it off (feature called 'typo correction') and you have a rock solid/bug fixed open dns :)
Meh, s/Avast/Antivir/
just nuke the right to execute on avnotify.exe :-) and you can set the update job to invisible.
AFAIK Avast is the best AV with Kaspersky on live scanning sites such as virustotal.
They just have to follow the sames rules used by http://www.pagesjaunes.fr/villeendirect/photo/AfficherPageAccueilPhotosVilles.do which are showing most of big cities streets with a better resolution than Streetview.
It already exists and is bigger than any other, it is called windowsupdate and it is included with your XP license (or keygen..). Why would one try to do better than Microsoft at fixing their own OS is beyond me.
The Chinese know you can pay for it (since you were spending $1 for it until now) and the Americans are better off by $0.02. Logical fallacy: if you outsource, the $1 income permitting Americans to spend $1 is gone.
You can't send packets out on or receive them in on a variety of ports, notably 21, 25, and 80. I figured that there must be filters up on my connection because most consumers don't require service on them, and on Joe Sixpack's connection, it's more secure that way.
May I suggest you go visit an abuse's desk of an ISP not filtering port 25 outbound before stating that it's blocked for the unique reason that they don't require it? Viruses on customers' computers don't need port 25, period. It's allowed for businesses because they usually have some kind of IT dealing with viruses, but at the ISP I worked for we could block these as well if abuse was reported, no matter the price of the connection.
This is not a "Windows vs Linux" thing. These are highly specialized data networks designed specifically for aircraft. The typical running life of a big jet is some 40 years or more - the idea of a consumer O/S such as Windows (or even Linux) being suitable for such a situation is simply stupid. Everything is coded in firmware, micro-processor based, with a likelyhood of actually crashing accidentally being somewhat less likely than getting struck by lightning on a sunny day while sitting in the cellar of your 4-story house.
This is assuming coders do their job properly.. some pilots of Airbus did unusual manovers, sensors returned unexpected negative values, and boom, both FMS computers went dark. Hopefully pilots knew how to fly a plane in addition to managing computers so everybody got safely on the ground, but it just goes to show that the likelyhood of a crash is always much higher than "it can't possibly happen".
It's unfortunately so bad that I've had to throw away weeks of work and switch to Altiris on a major project, which is fairly painful to switch to but at *LEAST* has a usable interface.
altiris, just bought by Symantec.. expect the best, prepare for the worse.
After buying a Linksys 54Gv6 and realizing its shortcomings (small flash/memory), I found the Buffalo WHR-G54S. Same memory as the 54GL, but with the 125mbps chipset. All this for a good price (38USD!).
Ted Kennedy (D-Ham): Sure, how about 34.0.0.0/8, Halliburton? /8!N =22717
/16 instead, interesting. Are they planning to free the /8? It's not being advertised at all.
/8 to itself? /8..
Good choice, they are advertising 0.4% of their allocated
See http://www.fixedorbit.com/cgi-bin/cgirange.exe?AS
Dick Cheney (R-Oil): Suck it, Ted. Your union buddies in 19.0.0.0/8, Ford Motor Company, ain't long for this world anyways.
They use a few other
Senator BOFH (I-Maginary): Umm, dudes? I didn't know DEC was still around, let alone still owned (16.0.0.0/8), and do enough people still go to Interop (45.0.0.0/8) that it deserves a whole frickin'
DEC is owned by HP and they certainly could have some decent use for it. About Interop, since their website isn't even on their
Commtouch does this already:l ogy.asp
http://www.commtouch.com/Site/Enterprise/e_techno
few false positives, >97% catch rate, 0.3s per message scan (on my system from live data, not marketing specs).
After all the crash of one of the first fly by wire A320 aircraft at a French air show in 1998 there were numerous questions raised about the suitability of its control software.
Except that the pilot disabled the flight envelope protection mode allowing him to do something stupid. Not to say that he was lacking training (mind boggling since he was chief pilot) too.
Or better yet, a non karma-whorring link to the original story: http://wwwf.centos.org.nyud.net:8090/127_story.htm l?storyid=127
Unless they've changed their minds, all products features HDCP-ready on their site (search that term from the frontpage and see for yourself).
Anyone got a cached copy that they actually removed it? <grin> If not, maybe people should start proofreading before talking about class action..
Let's squeeze more Mhz out of these CPU and GPU cores, and even the stock fan should suffice :-)
This makes Slashdot exactly on the day Firefox v1.5 is supposed to be released. Apparently, Mozilla want to create a huge marketing campaign, better and larger than the one for v1.0. This is a perfect time to capitalize on this horrible security hole to promote Firefox.
Hrm, did you notice that Firefox 1.5 is crashing as well on this exploit? It's not a security risk but a big annoyance nonetheless.
No, its working fine - (you may be on a line leased by Telus to a 3rd party)
.....
Even then, it's wiped out from their network globally:
route-views.on.bb.telus.com>ping 204.14.106.29
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.14.106.29, timeout is 2 seconds:
Success rate is 0 percent (0/5)
route-views.on>ping 204.14.106.28
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.14.106.28, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms
route-views.on>ping 204.14.106.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.14.106.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms
As seen on http://alpha.cesmail.net/graphics/spamstats.gif
I didn't know they were filtering spamvertized sites but I know they block some mails based on content, specifically URLs they may contain; some emails to AOL got rejected because of this, and their smtp returns
reason: 554-: (HVU:B1) The URL contained in your email to AOL members has generated a high volume of complaints.
The URL in question was http://someplace.(can't remember).solmedia.com which doesn't sound like a spamgang operation to me..