Given that the article says it crashed onto the highway, and helicopters aren't known for gliding, I'd say they were on top of the highway.
Their video shows the drone flying away from the highway, then returning towards the highway presumably after it was shot at; around 2:15 in the video, it looks like it took some damage to one of the rotors, so it was perhaps damaged enough to no longer maintain altitude, but not enough to prevent them bringing it back under some control.
He never said a QR code would be the *only* way to RSVP; as an option, it's fine, as long as it's not the only option.
Re:Git could use revision numbers
on
The Rise of Git
·
· Score: 1
To those who are unfamiliar, each commit in Git has a SHA1 hash which is used as an identifier instead of a revision numbers. Unfortunately, they are very unwieldy to communicate to others. At work we always use the name and date-time instead, but that has problems as it doesn't convey the branch for instances when it matters.
You don't have to use the entire SHA - e.g. for a long unwieldy SHA like a809deeb979c33a7cc9ac48da72a2a22eaa7dc62, you can simply refer to it as, say, commit a809deeb, or even a809 - as short as you like, as long as it's still unique. In most repositories, the first 8 characters should be a pretty safe bet.
Re:because the others still suck
on
The Rise of Git
·
· Score: 2
I checked out the full repository of an open source project I have been tinkering with in both SVN and Git (libgdx). The SVN was MUCH larger than the Git repository on my hard drive (i think 33% more, but I can't remember).
I think the point being made was that, in Subversion, you can check out just a small part of the repository if you want to do so, rather than the whole thing. I'm not aware of that possibility in Git.
If they use ProFTPD for hosting the code too, why wouldn't the Hackers just use that same exploit on that? Why do they need to insert another way in?
I suspect whatever vulnerability was used allowed the attackers to upload files, but didn't give them actual control over the machine; their backdoored version, as stated in the article, allowed attackers to gain root on the box.
[What if, for a start...] the OpenOffice "effort" split into the (clumsy) user interface and (not that good) underlying render library? And make the whole thing available in a more free license?
No, the OOMouse is produced by a private company called WarMouse. OpenOffice.org is a open source software community. The OOMouse comes with profiles designed specifically for use with the five primary OpenOffice.org applications utilizing information gathered by OpenOffice.org's Usage Tracking group.
It was produced by a private company, it seems the most OO had to do with it was providing stats on which features were most commonly used, and agreeing for their "brand" to appear on it.
IRC in itself is pretty good, but it misses a couple of features, like offline backlogging and some kind of more direct integration with pastebins, source code repository and such.
If you want offline backlogging, an IRC bouncer like ZNC can take care of that for you. As for pastebins, pasting the URL to a post is dead easy; there's plenty of IRC bots out there which can automatically post a "$user has made a new pastebin post at $url" message to a channel as soon as someone posts.
At work, we use IRC to communicate, we have a copy of the codebase from pastebin.com with a small modification to report pastebin posts to our development channel, and a script run from a Subversion post-commit hook which reports commts to the channel with a link to view the diff.
A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software vendor, or for which no security fix is available.
(Of course, one security fix is available: disable Flash, or use Flashblock:) )
How would the botnet know they are attacking an OpenBSD box (vs Linux or something else)?
The remote side identifies the version of OpenSSH, which will also often include the platform it's on:
[dave@supernova ~]$ ssh -v hostname 2>&1 | grep version debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-2 debug1: Local version string SSH-2.0-OpenSSH_5.1
No i mean... whenever the bots "establish" a server nullroute it. Then do the same with every other botnet that has centralized control.
As someone else already said, you'd be playing the biggest game of Whack-a-Mole ever.
Getting all ISPs and transit providers to co-operate would be damn near impossible, and the botnet masters would just keep appearing on different IPs until you'd nullrouted half the Internet (or, rather, any ISPs or transit providers who had been playing along decided it was getting silly and gave up).
If someone were to capture the new master though... Then the whole thing could be shut down. Again, examining one of the bots would tell you how it is going to determine the next master.
That's assuming that the bots are willing to trust any commands they receive. For the botnet to be this successful, I suspect that the masters will use a key pair to authenticate instructions supplied to the bots.
I don't know much about Srizbi, but I would assume that the bots have a copy of the public key which corresponds to the private key used to sign instructions. If they connect to a machine which should be a master, they will likely verify that any instructions they receive from it are correctly signed with that private key. If the instruction is not signed, they will simply ignore it, and continue their quest for a new master.
Thus, in order to assume control, you'd first need to gain the private key the botnet masters use to sign commands.
Another thing I was wondering... The machines in the botnet must have an open socket or something, would it be possible for a spam filtering system to check the machine sending mail to see if it's in this botnet?
I don't think so. The exploited machines connect back to a control server; the algorithm to determine what domain names to try is so that all the bots can find out where their "masters" will be waiting to talk to them.
Since the bots are making the outbound connection, rather than sitting waiting for inbound connections, you can't just look for an open port (which would be blocked for anyone behind a router/firewall anyway).
Sounds like you're looking for Stealther, an addon which can temporarily disable saving history, form entries, caching etc, and is easily enabled/disabled.
Let's see, just exactly WHO should be responsible for the banks' security? Some random customer who is using them, or a staff of professionals whose entire industry is founded on the protection of money belonging to random customers? The bank are responsible for the bank's security; the customer is responsible for the customer's security.
If you take no precautions to ensure your machine stays safe, and log in to your internet banking with some keylogger running which steals your account details, you could be considered negligent, in the same way as if you'd revealed your PIN to someone else.
The songs are "watermarked" with your info. Make sure your copies do not end up in the wrong hands, for example, if you computer is stolen or whatever.
If that's the case, it won't be hard to remove those watermarks, I'm sure there will be some tool available quickly to strip them out.
Hell, just decoding and re-encoding would probably work, if you're willing to take the hit of a further loss of sound quality.
eBay it as a "gift" then :)
on
Donating Software?
·
· Score: 4, Insightful
because it's a Not For Resale copy, I can't list it on eBay.
So, list a CD case for sale on eBay, which comes with a *free gift* of a copy of Windows Server 2003 R2 Enterprise x64 Edition then:)
It's not a blog service/package per se (although there are some blogging-type plugins for it) but I find DokuWiki to be excellent at handling code snippets with decent syntax highlighting, and easy to use.
Slashdot Mirror
But we already have that! :)
Given that the article says it crashed onto the highway, and helicopters aren't known for gliding, I'd say they were on top of the highway.
Their video shows the drone flying away from the highway, then returning towards the highway presumably after it was shot at; around 2:15 in the video, it looks like it took some damage to one of the rotors, so it was perhaps damaged enough to no longer maintain altitude, but not enough to prevent them bringing it back under some control.
the hunters knew they were doing something that would be considered fucked up, otherwise they could have just gone on with the shoot.
Something tells me a large artifical thing floating around and making noise scares off the birds somewhat.
He never said a QR code would be the *only* way to RSVP; as an option, it's fine, as long as it's not the only option.
To those who are unfamiliar, each commit in Git has a SHA1 hash which is used as an identifier instead of a revision numbers. Unfortunately, they are very unwieldy to communicate to others. At work we always use the name and date-time instead, but that has problems as it doesn't convey the branch for instances when it matters.
You don't have to use the entire SHA - e.g. for a long unwieldy SHA like a809deeb979c33a7cc9ac48da72a2a22eaa7dc62, you can simply refer to it as, say, commit a809deeb, or even a809 - as short as you like, as long as it's still unique. In most repositories, the first 8 characters should be a pretty safe bet.
I checked out the full repository of an open source project I have been tinkering with in both SVN and Git (libgdx). The SVN was MUCH larger than the Git repository on my hard drive (i think 33% more, but I can't remember).
I think the point being made was that, in Subversion, you can check out just a small part of the repository if you want to do so, rather than the whole thing. I'm not aware of that possibility in Git.
I suspect whatever vulnerability was used allowed the attackers to upload files, but didn't give them actual control over the machine; their backdoored version, as stated in the article, allowed attackers to gain root on the box.
[What if, for a start...] the OpenOffice "effort" split into the (clumsy) user interface and (not that good) underlying render library? And make the whole thing available in a more free license?
Instead of coming up with such an ergonomical disaster?
[...] Such a pointless effort from the OO staff just makes me wonder whether Sun (or is that Oracle?) just want to ditch OpenOffice altogether.
Their FAQ says:
Is the OOMouse part of OpenOffice.org?
No, the OOMouse is produced by a private company called WarMouse. OpenOffice.org is a open source software community. The OOMouse comes with profiles designed specifically for use with the five primary OpenOffice.org applications utilizing information gathered by OpenOffice.org's Usage Tracking group.
It was produced by a private company, it seems the most OO had to do with it was providing stats on which features were most commonly used, and agreeing for their "brand" to appear on it.
IRC in itself is pretty good, but it misses a couple of features, like offline backlogging and some kind of more direct integration with pastebins, source code repository and such.
If you want offline backlogging, an IRC bouncer like ZNC can take care of that for you. As for pastebins, pasting the URL to a post is dead easy; there's plenty of IRC bots out there which can automatically post a "$user has made a new pastebin post at $url" message to a channel as soon as someone posts.
At work, we use IRC to communicate, we have a copy of the codebase from pastebin.com with a small modification to report pastebin posts to our development channel, and a script run from a Subversion post-commit hook which reports commts to the channel with a link to view the diff.
Works pretty well for us!
[How can it still be a zero day exploit]...if everyone knows about it?
Being an attack against a vulnerability for which a patch has not yet been released qualifies it as a 0-day attack.
From Wikipedia's Zero day attack article:
(Of course, one security fix is available: disable Flash, or use Flashblock :) )
So, you can't stab someone with it, you have to slash them instead?
A well-placed slash to the throat is still likely to cause death through blood loss.
The knife isn't the problem, it's the nutter holding it that you need to deal with!
You spend less time with a broken browser, and more time enjoying a cold one.
Dude, necrophilia is wrong.
How would the botnet know they are attacking an OpenBSD box (vs Linux or something else)?
The remote side identifies the version of OpenSSH, which will also often include the platform it's on:
[dave@supernova ~]$ ssh -v hostname 2>&1 | grep version
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-2
debug1: Local version string SSH-2.0-OpenSSH_5.1
No i mean... whenever the bots "establish" a server nullroute it. Then do the same with every other botnet that has centralized control.
As someone else already said, you'd be playing the biggest game of Whack-a-Mole ever.
Getting all ISPs and transit providers to co-operate would be damn near impossible, and the botnet masters would just keep appearing on different IPs until you'd nullrouted half the Internet (or, rather, any ISPs or transit providers who had been playing along decided it was getting silly and gave up).
Um, you mean, nullroute the entire Internet?
That's assuming that the bots are willing to trust any commands they receive. For the botnet to be this successful, I suspect that the masters will use a key pair to authenticate instructions supplied to the bots.
I don't know much about Srizbi, but I would assume that the bots have a copy of the public key which corresponds to the private key used to sign instructions. If they connect to a machine which should be a master, they will likely verify that any instructions they receive from it are correctly signed with that private key. If the instruction is not signed, they will simply ignore it, and continue their quest for a new master.
Thus, in order to assume control, you'd first need to gain the private key the botnet masters use to sign commands.
I don't think so. The exploited machines connect back to a control server; the algorithm to determine what domain names to try is so that all the bots can find out where their "masters" will be waiting to talk to them.
Since the bots are making the outbound connection, rather than sitting waiting for inbound connections, you can't just look for an open port (which would be blocked for anyone behind a router/firewall anyway).
According with most of the comments, it doesn't seem to work very well.
It works well enough for me, seems to behave well, doesn't nuke my history but stops new entries being recorded when it's enabled etc.
Strange that it still has a 4 star rating despite the people complaining about it.
You want to see Slashdot rewritten in *PHP*?!
Sounds like you're looking for Stealther, an addon which can temporarily disable saving history, form entries, caching etc, and is easily enabled/disabled.
If you take no precautions to ensure your machine stays safe, and log in to your internet banking with some keylogger running which steals your account details, you could be considered negligent, in the same way as if you'd revealed your PIN to someone else.
If you're going to ask a question, you end it with a question mark.
If that's the case, it won't be hard to remove those watermarks, I'm sure there will be some tool available quickly to strip them out.
Hell, just decoding and re-encoding would probably work, if you're willing to take the hit of a further loss of sound quality.
So, list a CD case for sale on eBay, which comes with a *free gift* of a copy of Windows Server 2003 R2 Enterprise x64 Edition then
It's not a blog service/package per se (although there are some blogging-type plugins for it) but I find DokuWiki to be excellent at handling code snippets with decent syntax highlighting, and easy to use.
An example bit of code can be done as easily as:
<code perl>
# some code here
</code>