That, and the bigger reason that manufacturers have started recycling MAC addresses, so there is a possibility of conflict. I think that was the reason the first changable MAC cards came out.
It's funny that the hacked box was originally running Red Hat Linux, then switched to FreeBSD according to netcraft. Guess they should have stuck with the more secure system.
Re:How many people do check the MD5 checksum?
on
OpenSSH Package Trojaned
·
· Score: 2, Informative
except where on most OS (unlike most BSD) there is no port system where it checks the MD5 unless you do it by hand by then they could have changed the one on the ftp server also.
I don't know what OS you are talking about. Debian apt automatically checks MD5sums, Red Hat network uses cryptographic certificates to verify package integrity, even Windows has a package verification system.
Re:How many people do check the MD5 checksum?
on
OpenSSH Package Trojaned
·
· Score: 5, Informative
The guy caught it because of the installer automatically checking the MD5 checksum. Someone would have to explicitely ignore the MD5 error to be hit by this.
The same is true of other systems like the Red Hat Network.
The C code is not that smart. It tries once per hour to connect to port 6667 on the machine 203.62.158.32 which is web.snsonline.net and waits for commands from the person or persons who 0wn3d the machine. Does it get an M, it sleeps for another hour. Does it get an A, it will abort. Does it get an M, it will spawn a shell. Some people will build it "normal" privileges and install it as root: they will get a shell with "normal" privileges. Other people will build it with "root" privileges and the shell will have "root" privileges.
Tell me how this isn't a trojan again? A remotely controllable program that could possibly give the attacker root access?
I guess you are totally vegan too. Animals have no rights, at least until the point where we STOP FUCKING EATING THEM FOR LUNCH. Then maybe we might give them the right to vote, or something. Maybe dolphins could vote, like Flipper, he was smart. And maybe Lassie, but then if Lassie could vote, she/he would ban abandoned wells. What was I talking about again?
Well, at least the rational ones are complaining for valid reasons.
A lot of people are mad when these limits aren't disclosed, or the company lied. For example, when I got a cable modem a couple years ago, they said "15 times faster than a modem!", then later capped us at 384/126.
Yeah, it makes sense. I mean if you ran an extension cord out your door and put a sign out "free electricity", I doubt the power company would have a problem with it at all. They would even happily install a new transformer on the pole for you if you wanted a bigger one so you could use more power.
These ISPs that are tryign to be assholes obviously are operating on broken business plans. Overselling bandiwdth and then harassing your users into not using what you sold them isn't a valid business model.
Rights are rights, they are inherent, not something you can sign away. By allowing you to waive your rights, they have effectively condoned the removal of that right.
This has happened to many of the amendments, we can't let it happen to the 1st.
The third rail is already highly charged. Trying to push power from a battery would be like trying to save on power bills by hooking a 9V battery w/ an AC Adaptor to the wall outlet - there's too much power there to push more back in.
Yeah, it's almost as ludricrous as putting solar panels on your roof and then trying to sell power back to the grid. Oh wait.
leaving a disc-shaped cartoon hole in whatever it encounters, or shattering upon impact and spraying shards of material at hundreds of meters per second in sundry directions.
It does the latter. In an article I read years ago about the first magnetically suspended flywheels, they discussed the explosions in detail. It just sort of vaporizes and all the energy dissapates, spectacularly. It would make for quite an explosion.
They will probably store these things underground with much concrete around them. I'd say there isn't as much risk as you would think, with a well designed containment chamber.
Nit pick but,
RG-58 is 50 ohms, used for things like ethernet networks, and radio applications.
Cable networks are based on 75 ohm cables, which are RG-59, or RG-6. RG-59 is not recommeneded for new installations, as the loss is higher.
What? Read the OS history, it was hosted on Red Hat, then switched to BSD.
FreeBSD
Apache/1.3.26 (Unix) mod_jk/1.1.0 mod_perl/1.27 mod_ssl/2.8.10 OpenSSL/0.9.6a PHP/4.2.2 mod_fastcgi/2.2.12 mod_python/2.7.8 Python/ 2.2.1
1-Aug- 2002
203.62.158.32
Australian TeleServices Pty Ltd
FreeBSD
Apache/1.3.24 (Unix) mod_jk mod_ssl/2.8.8 OpenSSL/0.9.6a PHP/4.1.2 PHP/3.0.17 mod_fastcgi/2.2.12 mod_python/2.7.6 Python/2.2 mod_perl/1.26
11-Apr- 2002
203.62.158.32
Australian TeleServices Pty Ltd
Linux
Apache/1.3.12 (Unix) (Red Hat/Linux) PHP/3.0.15 mod_perl/1.21
1-Jan- 2001
210.9.53.32
connect.com.au Pty Ltd
It was just a joke anyway. I guess any joke about BSD is automatically a troll now?
Heh, what are you going to do with a full auto .22 caliber rifle, shoot a rioting mob of squirrels? :)
That, and the bigger reason that manufacturers have started recycling MAC addresses, so there is a possibility of conflict. I think that was the reason the first changable MAC cards came out.
There is a movie named Go, it is about Amway and selling fake rave drugs, basically.
Another reader writes, "Not really a trojan because all it does is make a connection to 203.62.158.32:6667."
This part of the story was what I was my comment was aimed at.
It's funny that the hacked box was originally running Red Hat Linux, then switched to FreeBSD according to netcraft. Guess they should have stuck with the more secure system.
except where on most OS (unlike most BSD) there is no port system where it checks the MD5 unless you do it by hand by then they could have changed the one on the ftp server also.
I don't know what OS you are talking about. Debian apt automatically checks MD5sums, Red Hat network uses cryptographic certificates to verify package integrity, even Windows has a package verification system.
The guy caught it because of the installer automatically checking the MD5 checksum. Someone would have to explicitely ignore the MD5 error to be hit by this.
The same is true of other systems like the Red Hat Network.
The C code is not that smart. It tries once per hour to connect to port 6667 on the machine 203.62.158.32 which is web.snsonline.net and waits for commands from the person or persons who 0wn3d the machine. Does it get an M, it sleeps for another hour. Does it get an A, it will abort. Does it get an M, it will spawn a shell. Some people will build it "normal" privileges and install it as root: they will get a shell with "normal" privileges. Other people will build it with "root" privileges and the shell will have "root" privileges.
Tell me how this isn't a trojan again? A remotely controllable program that could possibly give the attacker root access?
Cruelty to animals is a fucking hoot.
I guess you are totally vegan too. Animals have no rights, at least until the point where we STOP FUCKING EATING THEM FOR LUNCH. Then maybe we might give them the right to vote, or something. Maybe dolphins could vote, like Flipper, he was smart. And maybe Lassie, but then if Lassie could vote, she/he would ban abandoned wells. What was I talking about again?
Hopefully I've better clarified my position.
Yes, thanks.
Well, at least the rational ones are complaining for valid reasons.
A lot of people are mad when these limits aren't disclosed, or the company lied. For example, when I got a cable modem a couple years ago, they said "15 times faster than a modem!", then later capped us at 384/126.
You are staring at a monitor without any tuner right now.
http://www.avtoolbox.com/video-to-vga.htm
Check out that stuff, I have one of their boxes that uses a SVGA monitor to display console gaming systems, computer, satellite, etc. It's very neat.
People will just get downconverters to let them watch digital TV on their old analog sets. :)
Uh, what? I know what QAM and NTSC is, but your post makes no sense.
If you're displaying that on an analog NTSC TV set, then you are missing the whole point. :)
Yes, but do you have over 2000 comments? :) Why not?
Yeah, it makes sense. I mean if you ran an extension cord out your door and put a sign out "free electricity", I doubt the power company would have a problem with it at all. They would even happily install a new transformer on the pole for you if you wanted a bigger one so you could use more power.
These ISPs that are tryign to be assholes obviously are operating on broken business plans. Overselling bandiwdth and then harassing your users into not using what you sold them isn't a valid business model.
I think it is possible to detect NAT by looking at sequence numbers on the packets going out.
That is probably more advanced than most ISPs can handle (or want to handle) though.
Linux will never make proper toast
without Pantone for calibration.
Bah, A toaster with PMS would only make good toast 25 days each month!
Rights are rights, they are inherent, not something you can sign away. By allowing you to waive your rights, they have effectively condoned the removal of that right.
This has happened to many of the amendments, we can't let it happen to the 1st.
The third rail is already highly charged. Trying to push power from a battery would be like trying to save on power bills by hooking a 9V battery w/ an AC Adaptor to the wall outlet - there's too much power there to push more back in.
Yeah, it's almost as ludricrous as putting solar panels on your roof and then trying to sell power back to the grid. Oh wait.
leaving a disc-shaped cartoon hole in whatever it encounters, or shattering upon impact and spraying shards of material at hundreds of meters per second in sundry directions.
It does the latter. In an article I read years ago about the first magnetically suspended flywheels, they discussed the explosions in detail. It just sort of vaporizes and all the energy dissapates, spectacularly. It would make for quite an explosion.
They will probably store these things underground with much concrete around them. I'd say there isn't as much risk as you would think, with a well designed containment chamber.
He's saying that a 600 Hz sound at the same "sound force" level as other frequencies will sound louder.
The peak of human sensitivity.