You don't hurt anyone when you make fun of the retarded kid down the block
I disagree - you making fun of the retarded kid down the block has the potential to hurt the retarded kid down the block - even if he's not there when you did it. Why? You could be creating an environment where it's ok to make fun of the kid down the block - and he'll eventually get hurt by that. So, it's wrong, but it's wrong because the potential for hurt is there, not because some abstract innate wrongness is present. Don't assume a 'hurt' is necessarily physical.
I should probably mention that for the 'different box on the same network' bit I'm assuming a firewall-to-firewall or host-to-firewall vpn, as opposed to a host-to-host vpn.
Telnet isn't evil if it's tunneled through an encrypted VPN connection which is a breeze to setup in Windows.
Telnet is still evil even with a VPN tunnel.Suppose I break into your box, and wish to get more passwords. I install a sniffer on your box. I get more passwords, since the telnet connection is _not_ protected by the VPN when the packets hit the interface of the box you are connecting to, or leave the box you are connecting from.
This may also work if i break into a different box on the same network - note that a switch (as opposed to a hub) will not necessarily prevent me
from getting packets bound for other boxes - see SANS for more info
Telnet is bad - whether you're running a *nix or
a Windows*. You have to remember that a potential attacker may be local.
it means the passwords are encoded before being stored in the/etc/passwd file
No it doesn't. It means the/etc/passwd file has
a single 'x' in the password field, and the actual password hashes are contained in/etc/shadow, which is not world readable. Passwords are hashed even if they are not shadowed.
And we should beleive your advice on this, you're obviously an authority!;)
Honestly, presence of a firewall does not eliminate the chance of getting hacked, just reduces them, but having a windows 98 box which is... virus free and has the latest patches doesn't eliminate your chance of getting hacked either. IMHO, the need for a firewall is independent of whether or not your system software is current, your system software should be kept current anyway, but then again, I'm not a security expert, so what the hell do I know?:)
Responding to commands, it can pick out a specifically colored ball and kick it toward a goal net, Sony said.
Presumably it can do the same thing with the company's Aibo robot dog, a second-generation model of which Sony began selling last week for 150,000 yen ($1,366), down from 250,000 yen for the original version.
Now, I'd really like a robot that can kick an Aibo towards a goal net.:)
Checking the dates on the binary isn't going to help at all, on closed or open source platforms. What you need is a list of hashes generated by something like tripwire, and keep it on read only media somewhere. Note that this requires pro-active action.
Also, closed source does not protect you from trojaned binaries. If you know enough about the executable format, you can patch the binary. Alternatively, you can get a patched binary from someone who knows what they're doing, if you don't know what you're doing yourself. Or, re-code the binary you're trojaning from scratch, which will range in difficulty based on what the program you're trojaning does.
And how does your tape backup drive save you from the class action lawsuit from the customers of the site who had their credit card and personal information compromised?
Well, if the intruder destroyed the systems after stealing the info, the backup tape would let you know what info was stolen, so you could go and notify the CC companies and let them know what numbers were stolen, etc. This might save you from a lawsuit, because it shows that you took steps to mitigate the damage. (At least, I hope it would, but that murky world of lawyers scares the hell out of me;)
Re:Device drivers are the key.
on
Creating BSODs?
·
· Score: 1
Disclaimer: I know next to nothing about NT
If you wrote a device driver to do this, shouldn't you be able to jump straight to the BSOD code? If this is possible, it seems like it would be much more straightforward than passing the kernel bad data. If i wanted to do something like this on a linux box, i'd just write a dev driver that would call panic() on some condition (like, say, as a misc char device, and panic when some value is written to the dev node). Maybe something like this is possible within an NT driver.
I simply think that this is a good thing, because mainly I believe I'm the exception, not the rule.
Practically -everyone- believes that they're the exception, and not the rule. (or that 'their kids' are the exception, and not the rule). I remember being 15, and having elderly people tell me "you're such a nice boy, you never see nice kids anymore, they're always running around robbing places..". A big part of this is the media portrayal of things, only a small percentage of the population is actually doing the evil things you see on t.v., but people think it happens more than it does because that's all they see on the news. The other part of this is that people react with fear and hostility to whatever they don't understand, and the age/culture gap contributes to a lack of understanding. I see this general effect happening with issues regarding the net more often now, i.e. there will be a story somewhere about how fbi agents arrested the vice president of some large corporation in a sting where the fbi agent was pretending to be a 14 year old girl, and then I'll go get on a train and hear people talking (or read an editorial in a newspaper) about how the net is so dangerous. It's positively annoying.
anyway, anytime you think you're the exception, and not the rule, it's time for a good long review of the matter at hand, imho.
Now, I don't have one handy to check, but a c compiler should choke on this whether ansi strict is on or not. The second line will probably cause an 'invalid lval' error of some sort or another, and the first line doesn't -mean- anything, and probably would cause an error (although I can't be sure, since i don't have a way to check right now) Am I right or am I wrong?
That is what I meant though I used a "different language".
Must have been the way I read it. No big deal. Just wanted to point out that you may have to live with the consequences no matter how hard you secure a system, because securing a system doesn't remove the potential for getting broken into or dos'd, it just lessens it, depending on how much you know and how much time you put into it. It was mostly the 'end of story' bit that bugged me.:)
When you put up a system you have two options: 1. Make it secure - end of story....
Well, you're missing the fact the option 1 is basically impossible. There's really no way to prove a system is completely secure, if it's up and connected, so hardening the machines and the network is hardly 'end of story'. The most you can do is harden the hell out of it, then keep your eye on the various lists and CERT, etc, to see if there's something new that affects you. (or actively attempt to find new holes in your own test systems). You can't 'make it secure', you can only 'make it more secure than it was'.
I don't know how many people are planning to use lisp for this, but if you are, I wrote an irc protocol parser lib in common lisp. It's at http://www.wmarvel.com/code.html. It works with allegro common lisp and cmucl (although a cmucl compile throws a bunch of warnings i haven't had a chance to fix yet). I put it up there LGPL, so have fun.
As a side note, I used this lib as a project to learn lisp. Friends who I've asked to take a look at it say the code's ok, but if you have any suggestions, send me an email.
Most news media I see tries to cover everything from both sides as if it were equal. This makes sense since we are supposed to try listening to both sides before making up our mind.
The thing is, you can appear to be presenting both sides of the story, and still have bias. The person writing or presenting the news item gets to pick which quotes/clips they use, as well as the order in which the sides are presented ( which i think might be significant in how a story is recieved, although it's just a hunch, i have no data to back that up. ) In certain stories on shows like 20/20 or Dateline, i've seen the emphasis placed on one side of the story ( IMHO )
Slashdot Mirror
You don't hurt anyone when you make fun of the retarded kid down the block
I disagree - you making fun of the retarded kid down
the block has the potential to hurt the retarded kid down the block - even if he's not there when you did it. Why? You could be creating an environment where it's ok to make fun of the kid down the block - and
he'll eventually get hurt by that. So, it's wrong,
but it's wrong because the potential for hurt is
there, not because some abstract innate wrongness is present. Don't assume a 'hurt' is necessarily physical.
I should probably mention that for the 'different box on the same network' bit I'm assuming a firewall-to-firewall or host-to-firewall vpn, as opposed to a host-to-host vpn.
Telnet isn't evil if it's tunneled through an encrypted VPN connection which is a breeze to setup in Windows.
Telnet is still evil even with a VPN tunnel.Suppose I break into your box, and wish to get more passwords. I install a sniffer on your box. I get more passwords, since the telnet connection is _not_ protected by the VPN when the packets hit the interface of the box you are connecting to, or leave the box you are connecting from. This may also work if i break into a different box on the same network - note that a switch (as opposed to a hub) will not necessarily prevent me from getting packets bound for other boxes - see SANS for more info Telnet is bad - whether you're running a *nix or a Windows*. You have to remember that a potential attacker may be local.
The Guild could invent paper that spontaneously combusted after you read the last page - try to read it again and you're toast!
;)
at least it'd break the habit for people who read the last page first
Still, it's not farfetched to think that maybe this guy was totally honest up until the point where his daughter needed cancer treatment or something
Unlikely, considering that he pulled all the money out of his accounts and left his wife hanging. Unless, of course, she's in on it somehow.
it means the passwords are encoded before being stored in the /etc/passwd file
/etc/passwd file has
a single 'x' in the password field, and the actual password hashes are contained in /etc/shadow, which is not world readable. Passwords are hashed even if they are not shadowed.
No it doesn't. It means the
I'd like to see corporate recognition of Mungday, Chaoflux, Mojoday, Discoflux, Syaday, Confuflux, Zaraday, Bureflux, Maladay, Afflux and St. Tibs day, myself.
Ahh well, at least I can still Go Off Alone & Partake Joyously of a Hot Dog on a Friday.
And we should beleive your advice on this, you're obviously an authority! ;)
... virus free and has the latest patches doesn't eliminate your chance of getting hacked either. IMHO, the need for a firewall is independent of whether or not your system software is current, your system software should be kept current anyway, but then again, I'm not a security expert, so what the hell do I know? :)
Honestly, presence of a firewall does not eliminate the chance of getting hacked, just reduces them, but having a windows 98 box which is
oops, i should have said 'any interactive bash' and not 'any interactive shell'
And why wouldn't it? .bashrc gets read by
any interactive shell, and if it's in .profile,
sudo bash --login ought to do it.
imho, you ought not be handing root shells out through sudo, but hey, it's your box.
From the article:
:)
Responding to commands, it can pick out a specifically colored ball and kick it toward a goal net, Sony said.
Presumably it can do the same thing with the company's Aibo robot dog, a second-generation model of which Sony began selling last week for 150,000 yen ($1,366), down from 250,000 yen for the original version.
Now, I'd really like a robot that can kick an Aibo towards a goal net.
Checking the dates on the binary isn't going to help at all, on closed or open source platforms. What you need is a list of hashes generated by something like tripwire, and keep it on read only media somewhere. Note that this requires pro-active action.
Also, closed source does not protect you from trojaned binaries. If you know enough about the executable format, you can patch the binary. Alternatively, you can get a patched binary from someone who knows what they're doing, if you don't know what you're doing yourself. Or, re-code the binary you're trojaning from scratch, which will range in difficulty based on what the program you're trojaning does.
Check out http://www.urbanlegends .com/products/chevy_nova_mexico.html
And how does your tape backup drive save you from the class action lawsuit from the customers of the site who had their credit card and personal information compromised?
;)
Well, if the intruder destroyed the systems after stealing the info, the backup tape would let you know what info was stolen, so you could go and notify the CC companies and let them know what numbers were stolen, etc. This might save you from a lawsuit, because it shows that you took steps to mitigate the damage. (At least, I hope it would, but that murky world of lawyers scares the hell out of me
Disclaimer: I know next to nothing about NT
If you wrote a device driver to do this, shouldn't you be able to jump straight to the BSOD code? If this is possible, it seems like it would be much more straightforward than passing the kernel bad data. If i wanted to do something like this on a linux box, i'd just write a dev driver that would call panic() on some condition (like, say, as a misc char device, and panic when some value is written to the dev node). Maybe something like this is possible within an NT driver.
I simply think that this is a good thing, because mainly I believe I'm the exception, not the rule.
..". A big part of this is the media portrayal of things, only a small percentage of the population is actually doing the evil things you see on t.v., but people think it happens more than it does because that's all they see on the news. The other part of this is that people react with fear and hostility to whatever they don't understand, and the age/culture gap contributes to a lack of understanding. I see this general effect happening with issues regarding the net more often now, i.e. there will be a story somewhere about how fbi agents arrested the vice president of some large corporation in a sting where the fbi agent was pretending to be a 14 year old girl, and then I'll go get on a train and hear people talking (or read an editorial in a newspaper) about how the net is so dangerous. It's positively annoying.
Practically -everyone- believes that they're the exception, and not the rule. (or that 'their kids' are the exception, and not the rule). I remember being 15, and having elderly people tell me "you're such a nice boy, you never see nice kids anymore, they're always running around robbing places
anyway, anytime you think you're the exception, and not the rule, it's time for a good long review of the matter at hand, imho.
Hold up.
void *NULL;
NULL=(void *)0;
Will get expanded by the preprocessor to
void *((void *) 0);
((void *)0)=(void *)0;
Now, I don't have one handy to check, but a c compiler should choke on this whether ansi strict is on or not. The second line will probably cause an 'invalid lval' error of some sort or another, and the first line doesn't -mean- anything, and probably would cause an error (although I can't be sure, since i don't have a way to check right now)
Am I right or am I wrong?
That is what I meant though I used a "different language".
:)
Must have been the way I read it. No big deal. Just wanted to point out that you may have to live with the consequences no matter how hard you secure a system, because securing a system doesn't remove the potential for getting broken into or dos'd, it just lessens it, depending on how much you know and how much time you put into it. It was mostly the 'end of story' bit that bugged me.
When you put up a system you have two options: 1. Make it secure - end of story. ...
Well, you're missing the fact the option 1 is basically impossible. There's really no way to prove a system is completely secure, if it's up and connected, so hardening the machines and the network is hardly 'end of story'. The most you can do is harden the hell out of it, then keep your eye on the various lists and CERT, etc, to see if there's something new that affects you. (or actively attempt to find new holes in your own test systems). You can't 'make it secure', you can only 'make it more secure than it was'.
I don't know how many people are planning to use lisp for this, but if you are, I wrote an irc protocol parser lib in common lisp. It's at http://www.wmarvel.com/code.html. It works with allegro common lisp and cmucl (although a cmucl compile throws a bunch of warnings i haven't had a chance to fix yet). I put it up there LGPL, so have fun.
As a side note, I used this lib as a project to learn lisp. Friends who I've asked to take a look at it say the code's ok, but if you have any suggestions, send me an email.
Most news media I see tries to cover everything from both sides as if it were equal. This makes sense since we are supposed to try listening to both sides before making up our mind.
The thing is, you can appear to be presenting both sides of the story, and still have bias. The person writing or presenting the news item gets to pick which quotes/clips they use, as well as the order in which the sides are presented ( which i think might be significant in how a story is recieved, although it's just a hunch, i have no data to back that up. ) In certain stories on shows like 20/20 or Dateline, i've seen the emphasis placed on one side of the story ( IMHO )