It's not a problem if you cant get the telco to fess up with their records.
Every SMS has an originating point, usually a phone. Each of these originating points are mapped to an account. Said accounts are billed on a per SMS sent basis. If it was in any way possible for a person to send SMS's without having said SMS's mapped to any of their identifying information, you can bet your ass the Telcos would put a stop to it pretty damn quick. After all, to them its just money. If they cant track an SMS back to an account (and by extention, details on whom to send the bill to), they're screwed.
So, all you need to do is get yourself a court order and you can track it back to someone. Of course, you may find its a pre-paid account, with fake details. In this case, you'd have to actually track the phone location while it was in use. That kind of thing is possible, but not my area of expertise/knowledge so I couldnt really give details of how its done.
Well, considering no-one in Australia actually pays for *incoming* SMS (or incoming calls for that matter), i cant see what the problem is. Sure, if we were like some other countries where we payed for both outgoing and incoming sms/calls/data, it would need to be banned. But really, when the incoming SMS costs you nothing to receive, and the phone companies get their compensation for those millions of messages from the spam originator, whats the problem? Other than sheer annoyance that is.
Why slashdot doesn't, for subscribers only (key concept guys: revenue generation!):
1) Put karma back to a numeric rating
2) Place NO limit on karma
3) Generate a top 10/100/1000 list of subscriber karmic users (perhaps viewable to non-subs as well for promotion).
Frankly i dont care about seeing/notseeing ads. Im used to them. But I'd pay to be able to compete against others in karma.:)
Bridged firewalls support VPNs, in that they'll pass VPN traffic. however, as they have no IP addresses, you can make them endpoints for the VPN tunnel. What you'd have to do is setup a 2nd host inside the bridged firewall, and use that. Keep in mind however that anyone who can authenticate to your VPN is treated as an internal user. So, if you have business parter type companies connecting, its best to keep a close eye on VPN traffic coming OUT of your VPN endpoint and into your internal network.
Using restrictive ACL's on your outbound interfaces, you can kill connectivity for most types of malicious connections. For protocols you MUST run - say HTTP, outgoing SQL, outgoing SMTP and the like - you *proxy* every single connection, and ensure each connection is authenticated.
The beauty of this solution is two-fold. First, it blocks off almost every type of malware connection you're going to see from exiting your network to $SKIDDIOT on the outside. Secondly, those smart enough to use something that can a)use a port such as HTTP's TCP80, or b)encrypt while doing a, are not a problem if you're using decent proxy software. By definition, proxying requires that the proxy machine be intimately familiar with the protocol being proxied. As such, it can recognise the data within thing such as FTP and HTTP requests being proxied through it and (heres the interesting part...), BLOCK connections it does not recognise as being legitimate. BAM, no more netcat over port 80.
Of course, if your malware is controlled via web interface and thus uses legit HTTP protocol commands, you may have a harder time of it.
I suspect you haven't actually tried to implement a PIX yet. The Cisco PIX (at least, the low-end 506 we have) *does* support what you're talking about - although what you're talking about isn't really a transparent (also known as *bridged*) firewall.
Setup the PIX. Use static maps for the IP addresses, so your webservers etc are behind the pix but using the public IP's. When an internal machine tries to connect to the IP address of your website (say 210.20.38.129), the request is forwarded to your default router (border router usually, unless you're on a larger network). The router gets the request, goes "hey, im responsible for that IP. It should go *HERE*" and fowards it back to the webserver *through* the PIX. At no point does the PIX attempt to map the IP address of 210.20.38.129 to the MAC addy of your webserver for the internal connection. Only after the connection has bounced off the border router does the PIX go "hey, incoming *external* request for 210.20.28.129. I've got a static route for that. I'll send it to $webserver". And your connection works.
Now, if you use a domain name for the request (as most people do when using a web browser), your internal requests will first bounce off your internal DNS. And that's where the problem is. Your internal DNS is configured to point www.myinternalwebserver.com to 192.168.0.129 (or whatever the machine's internal interface is) instead of the public IP address. If it was pointed at the public address, your machine would get said address returned to it after doing the DNS lookup and follow the steps in the paragraph above. Namely, the req bounces off the border router.
As a side note, transparent firewalls are synonyms for bridged firewalls. I.e. it's impossible to actually gain network connectivity to the firewall because for all intents and purposes, it's setup to act as an intercept on a peice of cat5, not as two interfaces seperating two network segments. Think of it as tapping a Cat5 cable and trying to ping the tap itself. Not going to happen, as neither the bridged firewall system (or the tap, per example) have interfaces with an IP address.
There's a guide floating around the net on how to implement bridged/transparent firewalls using OpenBSD if you're interested. It can be found at http://ezine.daemonnews.org/200207/transpfobsd.htm l
1) Use both inbound and OUTBOUND ACL lists on routers, firewalls and other access control devices. Go with the highest level of restriction you can get away with, and log everyhing to a central point.
2) For services you must offer to internal users (www access etc), use good proxies and authenticate every connection.
3) Ensure all services/software products are up to date with security patches. This INCLUDES user workstations.
4) Keep track of security-related sites and lists, such as bugtraq, packetstorm etc.
5) IDS' inside your perimeter to detect anything you're missing. After all, no-one (and by extention, no-one's ACLs) is perfect.
6) Ensure you pay close attention to any remote-access you offer. Modem banks, VPN endpoints etc. Preferably these should also be access-controlled via ACL's of some sort.
7) Ensure you configure your software properly. Seems stupid, I know. But a perfectly secure (from a bugs point of view) mail server is suddenly a problem if you've forgotten to disable mail relay.
8) Ensure you have the right topology. There's no point in spending hundreds of man hours securing services, auditing router ACLs etc etc if theres fifteen different ingress/egress points to your network. The less, err, gresses you have, the more you can concentrate your efforts and thus use your time effectively.
Caveats: I may have missed one or two points in the above summary of practice, but hey - it's a friday arvo and I want to get my work finished so im not here late.
Also note that while the above list sounds relatively easy to implement, IT ISN'T. Be prepared for a lot of work if you want to do it right.
Push technology pushing multimedia content. Meh, it was a bad idea 4 years ago when they first tried it with normal Web content. Why would anyone thing that using bandwidth-hungry archives/multimedia/whatever is going to make Push suddenly a sucessful content. Speaking even in the simplest terms of ISP data charges, people go looking for what they want (music/movies/etc), then pay for it (fees to ISP for data Xfer). People wont pay for a lot of crap they dont want in any way on the off chance they may receive that which they do.
Australians can get it here
on
Absolute OpenBSD
·
· Score: 3, Informative
http://www.everythinglinux.com.au/item/1886411999
Note that the book is currently on back order. Originally they only ordered three... and I have two of them:)
"Advance Fee fraud popularly known as 419 has also been in the rise. Early in the year, a Nigerian diplomat, Michael Waydi, was reported killed inside a Prague embassy by a 72 year-old retired Czech who was allegedly duped by a Nigerian fraudster. Before the gunman was eventually apprehended, he had shot and wounded a 37 year-old embassy clerk."
The easiest way to acheive what you want is to change your network security policy, and enforcing it by way of ACL's on the INSIDE interface of your PIX. By this, I mean:
Go from your current "Internal users can access anything they want" (default allow), to "Internal users can ONLY access what we allow" (default deny). The beauty of this is that you *don't* waste time tracking down various ports for each and every application you want to block. Nor do you have to worry about keeping up with the latest spyware-ridden P2P client crap to be released. The only thing it *won't* cover is applications using protocols you allow (such as using port 80 for data xfers in $P2PappName). You can cover this with more specific ACL's on a per-shittyFsckingMakeMyNetworkAdminLifeMiserableP2 PApp basis. But i digress.
The PIX makes this very easy - matter of fact, we do this exact same thing at work.
First thing you need to do is take a list of all network applications (or protocols) that your users require to do their jobs. Things like FTP, WWW, SSH and the like. Next, you formulate your ACL list to be applied to the inside interface (or whatever name you gave to the interface your users sit on. It defaults to INSIDE with a security level of 100). Do this in a text file, and check it for sanity BEFORE you apply it to your PIX (otherwise you have irate users calling you 100 at a time, screaming that you broke $nameOfAppINeedToDoMyJob).
Once you have this list and you think it's complete, add a default deny rule to the bottom. Now before you go pointing out that PIX already has default-deny, you should STILL add this because the PIX won't log packets that hit its default deny - only packets that match an explicitly defined Default Deny ACL.
Very basic example ACL list:
access-list PERMIT_OUT permit tcp any any eq 80
access-list PERMIT_OUT permit tcp any any eq 21
access-list PERMIT_OUT deny any any (denys all other traffic from any source to any destiation on any port, and logs it)
The above will allow FTP and HTTP outbound for your users (you need to use protocol fixup on the FTP), and deny ALL other traffic! Problem solved, and it only takes about 10 minutes to do.
Funnily enough, there *was* an Apple-related company at one point in the past called Snapple. They were a group of independant Australian Apple resellers who joined together for the "synergies".
Unfortuantely for them, they hadnt really thought it through and they went broke. On the plus side, there's a really interesting documentary running around on the short life of Snapple. You might be able to source it from ABC or sbs
Reason doesn't matter if the connection isnt legit
on
WLANs As Spam Conduit
·
· Score: 1
If a connection to your AP is not a legitimate, authorised connection (i.e. one made by the people the AP/wireless connectivitiy was put in place for), it doesn't matter what the reason for the connection.
Saying that 71% of all unauthorised Wireless access attempts are attempts at spamming is nothing more than a useless statistic. If you have Wireless in place and have not properly secured it (Mac lists/VPN/VPN endpoint in DMZ), then you've got bigger problems than your local Wiget reseller using bandwidth you paid for, to annoy a few million people.
Counting NAT'ed hosts. It's possible (due to the non-random way most OS's handle the IPid field (NOT sequence numbers) in TCP headers.
AFAIK OpenBSD has a side-project going to negate this technique. However, i seriously doubt your ISP is actually putting this method into practice - its just too much work.
Microsoft Baseline Security Analyzer has the capability to check for MS-SQL and subsequently check the program's patch level against a current XML definition stored at microsoft.com. Which is nice.
I will however agree with you that hotfix installation orders are a shit. The last server I setup at work, I was left with inconclusive results for the patching of six vulnerabilities (one critical). I wasted a *lot* of time manually tracking down and fixing the cause of that.
Disabling TCP/IP for SQL only works, as in your situation, where the server and its application reside on the same box. If you face heavy load and must therefore have a dedicated DB box, disabling TCP/IP SQL comms is not an option.
Does anyone know where we can purchase Revolution OS in Australia? I dont want to purchase from an overseas retailer, and both ChaosDVD.com.au and Ezydvd.com.au dont want anything to do with it.
We have one of these babies in the labs right now for review. According to LaCiE they'll be released in Australia (and I would assume, althought I may be wrong) and Asia/Pacific soon - probably for Xmas.
If this cloud seeding really does work, and it's possible to generate up to 250 times the average rainfall for an area (as was the case according to the BBC report), then why the hell don't they test it in a place that wont kill anyone. You know, like, say the Australian outback, where 250 times the average rainfall won't pose a risk to population centres, and the scientists can test away to their hearts content 'till they figure out how to control the process.
I see a lot of mis-guided and mis-informed posts on this subject. Not surprising really, since the waste 'recyclers' don't exactly advertise their business practices.
1) In most cases, the countries involved in importing PC waste *do not* ask for it. Recent case-in-point being China, which after banning the import of US PC waste *still* cops both US and non-US PC waste. The people don't want it*, the government doesn't want it. But the businesses can make a f*#ckload of money doing it, so it continues.
2) One previous poster has pointed out that the Chinese people *want* the waste dumps to continue, so that they may work. To which I say, "utter bullshit". If you're a techie and, because of the economic climate are forced to work as a dish pig in the local diner, does that mean that you *want* to work there? No. You work there because *that's all there is!* It's the same with the people in China and other 3rd/2nd-world countries who panhandle our old 286 motherboards in corrosive acid for the tiny amounts of gold on the traces.
3) For anyone who thinks putting this crap in landfil is a *good* solution (like one previous poster) - lead, arsenic and other chemicals that remain on PCBs and other PC parts can *kill* you. If you don't believe me, try regularly eating old-paint flakes that contain lead.
4) To all the people who cite refurbishment of old PC parts, networked clusters and the like: You must look at the entire energy chain before you can assert that refurbishment of old equipment is better than replacing with new. Five networked 486's are all going to need power. They're all going to give off at least some amount of ozone. Basically, they're all going to pollute when running. Compare this to the pollution and energy usage of the single Athlon 1GHz you would have replaced it with, combined with the energy cost and pollution generated by recycling the old machines properly. Once you have your result (and you better use a proper equation, not just some approximations), THEN you can talk about refurbishment being more environmentally friendly than proper recycling.
her pc crashed, she made the switch, and now she's famous. meet the internet's latest it girl.
By Zachary Frechette
Ellen Feiss is a lot like most 15-year-olds, with one notable exception: Some guy in Holland is wearing a T-shirt with her face on it right now. Actually, a lot of people are wearing that shirt with her picture or drinking coffee from a similarly themed mug purchased on one of Ellen's numerous fan sites. After appearing in a "Switch" ad for Apple computer (www.apple.com/switch/ads), Feiss quickly became an Internet celebrity, spawning stories in newspapers from coast to coast and sparking discussion in chat rooms across the world. There was even a look-alike contest held outside Amsterdam, although most of the entrants were men. Some have argued she seems a bit too, um, light-headed in her commercial, but that hasn't stopped Leno and Letterman from trying to book her (actually, it probably helped). As a sophomore in high school, Ellen still isn't quite sure what to make of her 15 minutes, but between meetings with her agent and MTV executives, she took some time to answer questions for Post-.
How did you get involved with the Apple switch campaign in the first place?
It's kind of a funny story. I'm friends with the son of the director, Errol Morris. I'm friends with his son Hamilton. I went with him after school, him and two of my friends. We didn't think we were going to make ads; we were just going to get the free set food. So we go there, and they're like, "We need a couple more people, so I guess the three of you can make ads." So we all made ads, and me and Hamilton's got picked. I had no idea I was going to do it until I got there.
Is the story you told true?
Oh yeah, it's definitely true.
What was the paper about?
It was about Chinatown, and the formation of Chinatowns in America. I lost like three pages of it; it was terrible. It was a really, really good paper.
Did Apple compensate you for the commercial at all?
I'm not actually sure how much I got paid because it was in installments, and the whole contract was dealt with by my parents, so I'm not actually sure. Oh, and I got an iPod. It's like the coolest thing ever.
What was the initial response of your friends and family to the commercial?
They all freaked out. I called my dad while I was at the set because I had to get him to say that he was my guardian and it was OK for me to do it, and he didn't believe me that I was going to do it. So they all freaked out when they found out I got the ad.
Did you get a lot of phone calls after it aired?
Yeah, a lot of old camp friends, actually.
When did you start getting the sense you were becoming a celebrity beyond the commercial itself?
I was on vacation in Arizona this summer, and when I left everything was fine. It was kind of like, "Oh this is cool, I'm in a commercial," but that's it. And so we left. When we get back two weeks later, it's like a bombard, it was so big. I have like 20 messages on the answering machine from different people telling me about this, random people like people who work with my parents and all these other people. I get back and I'm in The New York Times, and I'm in the L.A. Times, and Letterman wants me on his show, Leno wants me on his show. I'm like, "I just got back from vacation!" It's funny because I get back, and the New York Times is like, "Ellen is unreachable for comment because she's supposedly on vacation," and I was like, "How do they even know this?" It was really kind of scary, actually, a little overwhelming at first.
So do you have any interest in doing Leno or Letterman?
I was offered to, but I decided not to because I thought it wouldn't be so much "Who are you, Ellen Feiss?" It would be more like, "Are you a stoner?" blah blah blah. I did get other offers besides that that I'm getting into. MTV wants to talk to me. They're doing a pilot on me. The guy's going to come to my house in two weeks and interview me, and then show it to the CEO of MTV. I got a lot of crazy offers. I thought if I went on Letterman, it would be like I go on Letterman, and then I go on "Regis and Kelly," and then I go on Channel 5 News, and then it would kind of fizzle out pathetically. MTV's a little cooler.
Any idea what the MTV show would be about? No, he has no idea. He just said he liked the ads and said I was a cute kid.
Do you think this has the potential to jump-start a career in entertainment?
I don't know. I also got a call from the Farrelly Brothers. They were like, "You know we really like your ad," so they wrote down my name or something. I have an agent now. This guy writes me down -- the producer of all the Farrelly brothers movies -- and he's like this kid is whatever whatever, this ad is pretty funny, so he writes my name down and he's trying to get in contact with my agent. Since I didn't have an agent at that point... well it's a kind of confusing story, but anyway, they wanted me to be in one of their movies, but since they found out how old I was they don't think I can be in one. Supposedly, though, my agent is "floating my image," quote unquote. I don't know what the hell that means.
So have you made a bunch of new friends at school?
No, it isn't that weird. I get a lot of really obvious comments from people like "Did you know that there are mugs with your face on them?" and I'm like, "No I didn't; why don't you tell me about that?" Just comments like that. It's like, "Thanks for telling me about that."
Are you OK with all the Web sites, and people walking around wearing your face on their T-shirts?
Oh, whatever, I think it's kind of funny. These people don't have lives. I don't know, it was kind of bizarre at first. I went to my Web site but I decided not to read any of the comments because I thought it would be too weird. I heard about some of them, though, so I was like, "Weeell, I'm not going to read those."
Did you hear about the look-alike contest in Holland?
I did! I saw the pictures, too. It was really funny.
Did you have a favorite picture?
The toothless old man was hands down the best, but no one actually looked anything like me.
Has Apple tried to contact you since all this happened?
They contacted me to supposedly advise me. They were like, "We don't really want you to take this anywhere," but I decided to get an agent anyway. I went to Macworld in July. It seems like the kind of thing where if you're not in the biz.... I thought it was the most boring thing. I got shuttled down to New York, and I got VIP seating, and I was like, "Wow, I'm at the Oscars or something," but then I was like, "No, I'm at Macworld." I met Steve Jobs. He called me by my first name -- clever, huh? It was brief.
Do you have a favorite switch ad besides your own?
Probably Hamilton, just because I know him, and I saw him make it. It was so funny. Me and Hamilton have decided that our new nemesis is Jeremiah Cohick. He's our age, and he's trying to steal our limelight! We decided we don't like him. We're out to get him.
Does it bother you at all that some of your fame might be related to your perceived state of sobriety in the commercial?
It doesn't really bother me. I do admit to looking pretty out of it in that commercial -- I think I look horrible. It was after school, but I was the last person to make the commercial, so by the time I made it it was like 10, so I was really tired. The funny thing was, I was on drugs! I was on Benedryl, my allergy medication, so I was really out of it anyway. That's why my eyes were all red, because I have seasonal allergies. But no one believes me.
Do you feel any connection to the Dell dude?
No, none whatsoever. That guy's a doofus. I get a lot of "What if you guys had kids?" And I'm like, "What if we had kids?" Why would you ask that? What a weird question. They'd probably be blond
Slashdot Mirror
It's not a problem if you cant get the telco to fess up with their records.
Every SMS has an originating point, usually a phone. Each of these originating points are mapped to an account. Said accounts are billed on a per SMS sent basis. If it was in any way possible for a person to send SMS's without having said SMS's mapped to any of their identifying information, you can bet your ass the Telcos would put a stop to it pretty damn quick. After all, to them its just money. If they cant track an SMS back to an account (and by extention, details on whom to send the bill to), they're screwed.
So, all you need to do is get yourself a court order and you can track it back to someone. Of course, you may find its a pre-paid account, with fake details. In this case, you'd have to actually track the phone location while it was in use. That kind of thing is possible, but not my area of expertise/knowledge so I couldnt really give details of how its done.
Well, considering no-one in Australia actually pays for *incoming* SMS (or incoming calls for that matter), i cant see what the problem is. Sure, if we were like some other countries where we payed for both outgoing and incoming sms/calls/data, it would need to be banned. But really, when the incoming SMS costs you nothing to receive, and the phone companies get their compensation for those millions of messages from the spam originator, whats the problem? Other than sheer annoyance that is.
Why slashdot doesn't, for subscribers only (key concept guys: revenue generation!):
:)
1) Put karma back to a numeric rating
2) Place NO limit on karma
3) Generate a top 10/100/1000 list of subscriber karmic users (perhaps viewable to non-subs as well for promotion).
Frankly i dont care about seeing/notseeing ads. Im used to them. But I'd pay to be able to compete against others in karma.
Bridged firewalls support VPNs, in that they'll pass VPN traffic. however, as they have no IP addresses, you can make them endpoints for the VPN tunnel. What you'd have to do is setup a 2nd host inside the bridged firewall, and use that. Keep in mind however that anyone who can authenticate to your VPN is treated as an internal user. So, if you have business parter type companies connecting, its best to keep a close eye on VPN traffic coming OUT of your VPN endpoint and into your internal network.
Actually, thats not exactly correct.
Using restrictive ACL's on your outbound interfaces, you can kill connectivity for most types of malicious connections. For protocols you MUST run - say HTTP, outgoing SQL, outgoing SMTP and the like - you *proxy* every single connection, and ensure each connection is authenticated.
The beauty of this solution is two-fold. First, it blocks off almost every type of malware connection you're going to see from exiting your network to $SKIDDIOT on the outside. Secondly, those smart enough to use something that can a)use a port such as HTTP's TCP80, or b)encrypt while doing a, are not a problem if you're using decent proxy software. By definition, proxying requires that the proxy machine be intimately familiar with the protocol being proxied. As such, it can recognise the data within thing such as FTP and HTTP requests being proxied through it and (heres the interesting part...), BLOCK connections it does not recognise as being legitimate. BAM, no more netcat over port 80.
Of course, if your malware is controlled via web interface and thus uses legit HTTP protocol commands, you may have a harder time of it.
I suspect you haven't actually tried to implement a PIX yet. The Cisco PIX (at least, the low-end 506 we have) *does* support what you're talking about - although what you're talking about isn't really a transparent (also known as *bridged*) firewall.
m l
Setup the PIX. Use static maps for the IP addresses, so your webservers etc are behind the pix but using the public IP's. When an internal machine tries to connect to the IP address of your website (say 210.20.38.129), the request is forwarded to your default router (border router usually, unless you're on a larger network). The router gets the request, goes "hey, im responsible for that IP. It should go *HERE*" and fowards it back to the webserver *through* the PIX. At no point does the PIX attempt to map the IP address of 210.20.38.129 to the MAC addy of your webserver for the internal connection. Only after the connection has bounced off the border router does the PIX go "hey, incoming *external* request for 210.20.28.129. I've got a static route for that. I'll send it to $webserver". And your connection works.
Now, if you use a domain name for the request (as most people do when using a web browser), your internal requests will first bounce off your internal DNS. And that's where the problem is. Your internal DNS is configured to point www.myinternalwebserver.com to 192.168.0.129 (or whatever the machine's internal interface is) instead of the public IP address. If it was pointed at the public address, your machine would get said address returned to it after doing the DNS lookup and follow the steps in the paragraph above. Namely, the req bounces off the border router.
As a side note, transparent firewalls are synonyms for bridged firewalls. I.e. it's impossible to actually gain network connectivity to the firewall because for all intents and purposes, it's setup to act as an intercept on a peice of cat5, not as two interfaces seperating two network segments. Think of it as tapping a Cat5 cable and trying to ping the tap itself. Not going to happen, as neither the bridged firewall system (or the tap, per example) have interfaces with an IP address.
There's a guide floating around the net on how to implement bridged/transparent firewalls using OpenBSD if you're interested. It can be found at http://ezine.daemonnews.org/200207/transpfobsd.ht
1) Use both inbound and OUTBOUND ACL lists on routers, firewalls and other access control devices. Go with the highest level of restriction you can get away with, and log everyhing to a central point.
2) For services you must offer to internal users (www access etc), use good proxies and authenticate every connection.
3) Ensure all services/software products are up to date with security patches. This INCLUDES user workstations.
4) Keep track of security-related sites and lists, such as bugtraq, packetstorm etc.
5) IDS' inside your perimeter to detect anything you're missing. After all, no-one (and by extention, no-one's ACLs) is perfect.
6) Ensure you pay close attention to any remote-access you offer. Modem banks, VPN endpoints etc. Preferably these should also be access-controlled via ACL's of some sort.
7) Ensure you configure your software properly. Seems stupid, I know. But a perfectly secure (from a bugs point of view) mail server is suddenly a problem if you've forgotten to disable mail relay.
8) Ensure you have the right topology. There's no point in spending hundreds of man hours securing services, auditing router ACLs etc etc if theres fifteen different ingress/egress points to your network. The less, err, gresses you have, the more you can concentrate your efforts and thus use your time effectively.
Caveats: I may have missed one or two points in the above summary of practice, but hey - it's a friday arvo and I want to get my work finished so im not here late.
Also note that while the above list sounds relatively easy to implement, IT ISN'T. Be prepared for a lot of work if you want to do it right.
Push technology pushing multimedia content. Meh, it was a bad idea 4 years ago when they first tried it with normal Web content. Why would anyone thing that using bandwidth-hungry archives/multimedia/whatever is going to make Push suddenly a sucessful content. Speaking even in the simplest terms of ISP data charges, people go looking for what they want (music/movies/etc), then pay for it (fees to ISP for data Xfer). People wont pay for a lot of crap they dont want in any way on the off chance they may receive that which they do.
http://www.everythinglinux.com.au/item/1886411999 Note that the book is currently on back order. Originally they only ordered three... and I have two of them :)
http://j-walk.com/blog/docs/conference.htm
"Advance Fee fraud popularly known as 419 has also been in the rise. Early in the year, a Nigerian diplomat, Michael Waydi, was reported killed inside a Prague embassy by a 72 year-old retired Czech who was allegedly duped by a Nigerian fraudster. Before the gunman was eventually apprehended, he had shot and wounded a 37 year-old embassy clerk."
The Google has you.
The easiest way to acheive what you want is to change your network security policy, and enforcing it by way of ACL's on the INSIDE interface of your PIX. By this, I mean:
2 PApp basis. But i digress.
Go from your current "Internal users can access anything they want" (default allow), to "Internal users can ONLY access what we allow" (default deny). The beauty of this is that you *don't* waste time tracking down various ports for each and every application you want to block. Nor do you have to worry about keeping up with the latest spyware-ridden P2P client crap to be released. The only thing it *won't* cover is applications using protocols you allow (such as using port 80 for data xfers in $P2PappName). You can cover this with more specific ACL's on a per-shittyFsckingMakeMyNetworkAdminLifeMiserableP
The PIX makes this very easy - matter of fact, we do this exact same thing at work.
First thing you need to do is take a list of all network applications (or protocols) that your users require to do their jobs. Things like FTP, WWW, SSH and the like. Next, you formulate your ACL list to be applied to the inside interface (or whatever name you gave to the interface your users sit on. It defaults to INSIDE with a security level of 100). Do this in a text file, and check it for sanity BEFORE you apply it to your PIX (otherwise you have irate users calling you 100 at a time, screaming that you broke $nameOfAppINeedToDoMyJob).
Once you have this list and you think it's complete, add a default deny rule to the bottom. Now before you go pointing out that PIX already has default-deny, you should STILL add this because the PIX won't log packets that hit its default deny - only packets that match an explicitly defined Default Deny ACL.
Very basic example ACL list:
access-list PERMIT_OUT permit tcp any any eq 80
access-list PERMIT_OUT permit tcp any any eq 21
access-list PERMIT_OUT deny any any (denys all other traffic from any source to any destiation on any port, and logs it)
The above will allow FTP and HTTP outbound for your users (you need to use protocol fixup on the FTP), and deny ALL other traffic! Problem solved, and it only takes about 10 minutes to do.
Funnily enough, there *was* an Apple-related company at one point in the past called Snapple. They were a group of independant Australian Apple resellers who joined together for the "synergies".
Unfortuantely for them, they hadnt really thought it through and they went broke. On the plus side, there's a really interesting documentary running around on the short life of Snapple. You might be able to source it from ABC or sbs
If a connection to your AP is not a legitimate, authorised connection (i.e. one made by the people the AP/wireless connectivitiy was put in place for), it doesn't matter what the reason for the connection.
Saying that 71% of all unauthorised Wireless access attempts are attempts at spamming is nothing more than a useless statistic. If you have Wireless in place and have not properly secured it (Mac lists/VPN/VPN endpoint in DMZ), then you've got bigger problems than your local Wiget reseller using bandwidth you paid for, to annoy a few million people.
Counting NAT'ed hosts. It's possible (due to the non-random way most OS's handle the IPid field (NOT sequence numbers) in TCP headers.
AFAIK OpenBSD has a side-project going to negate this technique. However, i seriously doubt your ISP is actually putting this method into practice - its just too much work.
alt.sysadmin.recovery on printers
""If it's not loud, it doesn't work!" -- Blank Reg, from "Max Headroom"
/. comments, only to find the above as Slashdot's "random" quote...
Just finished reading the article and the
Heh.
Microsoft Baseline Security Analyzer has the capability to check for MS-SQL and subsequently check the program's patch level against a current XML definition stored at microsoft.com. Which is nice.
I will however agree with you that hotfix installation orders are a shit. The last server I setup at work, I was left with inconclusive results for the patching of six vulnerabilities (one critical). I wasted a *lot* of time manually tracking down and fixing the cause of that.
Disabling TCP/IP for SQL only works, as in your situation, where the server and its application reside on the same box. If you face heavy load and must therefore have a dedicated DB box, disabling TCP/IP SQL comms is not an option.
Does anyone know where we can purchase Revolution OS in Australia? I dont want to purchase from an overseas retailer, and both ChaosDVD.com.au and Ezydvd.com.au dont want anything to do with it.
We have one of these babies in the labs right now for review. According to LaCiE they'll be released in Australia (and I would assume, althought I may be wrong) and Asia/Pacific soon - probably for Xmas.
If this cloud seeding really does work, and it's possible to generate up to 250 times the average rainfall for an area (as was the case according to the BBC report), then why the hell don't they test it in a place that wont kill anyone. You know, like, say the Australian outback, where 250 times the average rainfall won't pose a risk to population centres, and the scientists can test away to their hearts content 'till they figure out how to control the process.
I see a lot of mis-guided and mis-informed posts on this subject. Not surprising really, since the waste 'recyclers' don't exactly advertise their business practices.
1) In most cases, the countries involved in importing PC waste *do not* ask for it. Recent case-in-point being China, which after banning the import of US PC waste *still* cops both US and non-US PC waste. The people don't want it*, the government doesn't want it. But the businesses can make a f*#ckload of money doing it, so it continues.
2) One previous poster has pointed out that the Chinese people *want* the waste dumps to continue, so that they may work. To which I say, "utter bullshit". If you're a techie and, because of the economic climate are forced to work as a dish pig in the local diner, does that mean that you *want* to work there? No. You work there because *that's all there is!* It's the same with the people in China and other 3rd/2nd-world countries who panhandle our old 286 motherboards in corrosive acid for the tiny amounts of gold on the traces.
3) For anyone who thinks putting this crap in landfil is a *good* solution (like one previous poster) - lead, arsenic and other chemicals that remain on PCBs and other PC parts can *kill* you. If you don't believe me, try regularly eating old-paint flakes that contain lead.
4) To all the people who cite refurbishment of old PC parts, networked clusters and the like: You must look at the entire energy chain before you can assert that refurbishment of old equipment is better than replacing with new. Five networked 486's are all going to need power. They're all going to give off at least some amount of ozone. Basically, they're all going to pollute when running. Compare this to the pollution and energy usage of the single Athlon 1GHz you would have replaced it with, combined with the energy cost and pollution generated by recycling the old machines properly. Once you have your result (and you better use a proper equation, not just some approximations), THEN you can talk about refurbishment being more environmentally friendly than proper recycling.
This "BSD is dying" joke gets progressively older and less funny every time someone is lame enough to modify it for $topicAtHand
the apple of apple's eye: ellen feiss
... well it's a kind of confusing story, but anyway, they wanted me to be in one of their movies, but since they found out how old I was they don't think I can be in one. Supposedly, though, my agent is "floating my image," quote unquote. I don't know what the hell that means.
.... I thought it was the most boring thing. I got shuttled down to New York, and I got VIP seating, and I was like, "Wow, I'm at the Oscars or something," but then I was like, "No, I'm at Macworld." I met Steve Jobs. He called me by my first name -- clever, huh? It was brief.
her pc crashed, she made the switch, and now she's famous. meet the internet's latest it girl.
By Zachary Frechette
Ellen Feiss is a lot like most 15-year-olds, with one notable exception: Some guy in Holland is wearing a T-shirt with her face on it right now. Actually, a lot of people are wearing that shirt with her picture or drinking coffee from a similarly themed mug purchased on one of Ellen's numerous fan sites. After appearing in a "Switch" ad for Apple computer (www.apple.com/switch/ads), Feiss quickly became an Internet celebrity, spawning stories in newspapers from coast to coast and sparking discussion in chat rooms across the world. There was even a look-alike contest held outside Amsterdam, although most of the entrants were men. Some have argued she seems a bit too, um, light-headed in her commercial, but that hasn't stopped Leno and Letterman from trying to book her (actually, it probably helped). As a sophomore in high school, Ellen still isn't quite sure what to make of her 15 minutes, but between meetings with her agent and MTV executives, she took some time to answer questions for Post-.
How did you get involved with the Apple switch campaign in the first place?
It's kind of a funny story. I'm friends with the son of the director, Errol Morris. I'm friends with his son Hamilton. I went with him after school, him and two of my friends. We didn't think we were going to make ads; we were just going to get the free set food. So we go there, and they're like, "We need a couple more people, so I guess the three of you can make ads." So we all made ads, and me and Hamilton's got picked. I had no idea I was going to do it until I got there.
Is the story you told true?
Oh yeah, it's definitely true.
What was the paper about?
It was about Chinatown, and the formation of Chinatowns in America. I lost like three pages of it; it was terrible. It was a really, really good paper.
Did Apple compensate you for the commercial at all?
I'm not actually sure how much I got paid because it was in installments, and the whole contract was dealt with by my parents, so I'm not actually sure. Oh, and I got an iPod. It's like the coolest thing ever.
What was the initial response of your friends and family to the commercial?
They all freaked out. I called my dad while I was at the set because I had to get him to say that he was my guardian and it was OK for me to do it, and he didn't believe me that I was going to do it. So they all freaked out when they found out I got the ad.
Did you get a lot of phone calls after it aired?
Yeah, a lot of old camp friends, actually.
When did you start getting the sense you were becoming a celebrity beyond the commercial itself?
I was on vacation in Arizona this summer, and when I left everything was fine. It was kind of like, "Oh this is cool, I'm in a commercial," but that's it. And so we left. When we get back two weeks later, it's like a bombard, it was so big. I have like 20 messages on the answering machine from different people telling me about this, random people like people who work with my parents and all these other people. I get back and I'm in The New York Times, and I'm in the L.A. Times, and Letterman wants me on his show, Leno wants me on his show. I'm like, "I just got back from vacation!" It's funny because I get back, and the New York Times is like, "Ellen is unreachable for comment because she's supposedly on vacation," and I was like, "How do they even know this?" It was really kind of scary, actually, a little overwhelming at first.
So do you have any interest in doing Leno or Letterman?
I was offered to, but I decided not to because I thought it wouldn't be so much "Who are you, Ellen Feiss?" It would be more like, "Are you a stoner?" blah blah blah. I did get other offers besides that that I'm getting into. MTV wants to talk to me. They're doing a pilot on me. The guy's going to come to my house in two weeks and interview me, and then show it to the CEO of MTV. I got a lot of crazy offers. I thought if I went on Letterman, it would be like I go on Letterman, and then I go on "Regis and Kelly," and then I go on Channel 5 News, and then it would kind of fizzle out pathetically. MTV's a little cooler.
Any idea what the MTV show would be about?
No, he has no idea. He just said he liked the ads and said I was a cute kid.
Do you think this has the potential to jump-start a career in entertainment?
I don't know. I also got a call from the Farrelly Brothers. They were like, "You know we really like your ad," so they wrote down my name or something. I have an agent now. This guy writes me down -- the producer of all the Farrelly brothers movies -- and he's like this kid is whatever whatever, this ad is pretty funny, so he writes my name down and he's trying to get in contact with my agent. Since I didn't have an agent at that point
So have you made a bunch of new friends at school?
No, it isn't that weird. I get a lot of really obvious comments from people like "Did you know that there are mugs with your face on them?" and I'm like, "No I didn't; why don't you tell me about that?" Just comments like that. It's like, "Thanks for telling me about that."
Are you OK with all the Web sites, and people walking around wearing your face on their T-shirts?
Oh, whatever, I think it's kind of funny. These people don't have lives. I don't know, it was kind of bizarre at first. I went to my Web site but I decided not to read any of the comments because I thought it would be too weird. I heard about some of them, though, so I was like, "Weeell, I'm not going to read those."
Did you hear about the look-alike contest in Holland?
I did! I saw the pictures, too. It was really funny.
Did you have a favorite picture?
The toothless old man was hands down the best, but no one actually looked anything like me.
Has Apple tried to contact you since all this happened?
They contacted me to supposedly advise me. They were like, "We don't really want you to take this anywhere," but I decided to get an agent anyway. I went to Macworld in July. It seems like the kind of thing where if you're not in the biz
Do you have a favorite switch ad besides your own?
Probably Hamilton, just because I know him, and I saw him make it. It was so funny. Me and Hamilton have decided that our new nemesis is Jeremiah Cohick. He's our age, and he's trying to steal our limelight! We decided we don't like him. We're out to get him.
Does it bother you at all that some of your fame might be related to your perceived state of sobriety in the commercial?
It doesn't really bother me. I do admit to looking pretty out of it in that commercial -- I think I look horrible. It was after school, but I was the last person to make the commercial, so by the time I made it it was like 10, so I was really tired. The funny thing was, I was on drugs! I was on Benedryl, my allergy medication, so I was really out of it anyway. That's why my eyes were all red, because I have seasonal allergies. But no one believes me.
Do you feel any connection to the Dell dude?
No, none whatsoever. That guy's a doofus. I get a lot of "What if you guys had kids?" And I'm like, "What if we had kids?" Why would you ask that? What a weird question. They'd probably be blond
...Bummer...