Is the GSM association clueless?
on
Cracking GSM
·
· Score: 1
The GSM Association, a trade group for suppliers and mobile network operators, is downplaying the problem. It admits a potential vulnerability exists but argues that this would be very difficult to exploit in practice.
Does anyone know if its possible to make a device that exploits such a vulnerability?
I don't buy into the very difficult to exploit crap. As far as I can tell from this information (but IANAHE - im not a hardware engineer) it would be possible to design hardware that can systematically exploit this vulnerability and it would be a godsent for governments of countries with less than adequate constitutions and really handy to have for large companies who would like to hear what their competition has to say. It would be an extremely valuable device. Very difficult to exploit in practise, maybe, worth it to some? totally..
troll... The KDE file dialogue allows you to open files from ftp, sftp, http, https, smb (windows networking), local file system and many other sources seamlessly into its applications (like the excellent Kate (programmer) editor or the award winning quanta html/php editor. (Or konqueror, the browser/file manager)
Just go to file -> open -> bookmarks (or enter the sftp://user@host address)
Kde's file dialogue doesn't need fixing:) Gnome's works fine but misses this flexibility.
According to most polls including the one on open for business mandrake is the most widely used distribution. Throughout the years Mandrake has gained the reputation of being a consumer oriented, fun & easy Linux. Even where RedHat, SuSe and other distro's have caught up with mandrake in user friendliness the perception persists.
I run mandrake on a ti powerbook g4 (apple) and the support from the mandrake ppc community is excellent. (Stew Benedict deserves mentioning). Mandrake PPC is on a slower (annual) release cycle.
I hope mandrake can stay the most popular linux distribution, it earned it through dedication to user friendliness and keeping to the spirit of open source arguably better than RedHat and SuSe.
You realize of course that the only core component in linux is the kernel. It's perfectly possible to run just linux as a router and only use the kernel. It would be interesting to see how minimal you can make an MS win2k/xp/2k3 install and then check how many patches were made for that minimal install. RPC is installed by default and was updated, there are MANY others updates in the default install. Can you remove MSIE? No, so it's a core component from the security perspective. A perspective that is sorely lacking from MS.
MSDOS: 20+ years without remote hole in the default install
That's because MSDOS doesnt have any native networking in the default install. Troll.
A lot of not most users on winxp/2k run as administrator or as a user with equivalent powers. Any worm or virus running as that user will have total command over the system.
*nix based multi user systems often run few processes as root and those are usually the most audited pieces of software on the planet (like bind, sendmail, etc). Very few people run as root user.
If there was a virus spreading through evolution mail it would only have the rights of the evolution user. It wouldn't be able to open services on ports below 1024, wouldn't be allowed to delete or modify system binaries...
Windows is (very) slowly moving in the right direction but microsoft has had so much time to fix this and still vulnerabilities pop up because of poor systems design.
Also in linux and other open source OS the source is open so vulnerabilities can be spotted easily and fixes can be written and distributed in no time.
We'll probably be moving towards a much greater linux install base over the next decades, we'll probably see much more secure systems because of it.
When high unemployment hits hard like in Germany in the 1930s or Russia in the 1910's things turn terribly messy.
The article is true in most respects except in its implied assumption the unemployed will just take the loss of home, food, security, etc without trying to somehow secure that anyway. Interestingly enough this concentration theory reminds me of old Marx who pretty much said the same thing with the addition that the workers would rise and throw over the system. Quite the opposite happened, the system rose up (commies, nazis) and took away peoples freedom.
"Running an (IM) network is expensive," said Lisa Gurry, group product manager for MSN at Microsoft. "We can't sustain multiple other people's businesses, particularly if they charge for certain versions of their software. We're introducing licensing processes for third parties like Trillian."
Gaim developer: "Hello MS, I represent GAIM and want a free license to your ms protocol for our free multi messenger client".
MS: "You represent who? Are you the owner or a person able to CONTRACT WITH US"
Gaim developer: "uhhhhhh"
RTFA... The post on slashdot itself said The company's Internet unit, MSN, contacted third-party providers like Trillian and Odigo with a suggestion to buy access licenses.
to buy access licenses so while MS doesnt have to pay access to its own network anyone else does and anyone who gives away their IM client for free is crap out of luck except MS itself...
Well trillian is a commercial product so you can actually buy a client and part of the license fees will be paid to MS for use of the protocol (thats how i understood it). MS apparently already was in touch with trillian about that.
The whole idea of having to pay for messenger access is fairly ridiculous anyway, user records dont need alot of space on the server, clients could message p2p.. so you only need a very thin server side daemon. The idea that its more secure... ms is using its own flaws in its own defense.
I dont normally see things in a ms vs open source light but in this case there is little other reason evident.
MS is charging a license fee, not an access fee. So if integrated messenger X puts up the money and allows you to download it for free you can communicate on the ms messenger network without paying a fee. Otherwise you have no option but to use MS messenger itself. Which will of course remain free.
MS messenger is available natively for windows & mac. It's available through plugins (gaim, kopete) on linux/bsd. Gaim/kopete wont be able to license ms messenger. So the only change this will bring is that linux/bsd clients no longer have a ms messenger protocol: effectively linux & *bsd access will be blocked on the msmsngr network.
MS integrated messenger in windows to build momentum. The moment they have a significant market share they lock down the protocol and start to license access to their users. I'm interested in talking to people who use msn, not in using the protocol, I could care less what protocol is being used. But now MS forces me to start emailing all those people who use MS messngr that they either have to get another IM account or they wont be able to chat with me through IM anymore. SO now they all have to get a yahoo account, download the client, configure, install, blah blah blah stuff they can totally do without. Thank you Microsoft.
I can't run windows or mac because they dont have the applications i work with.
If you work with macs, get a mac, if you work with PCs, get a PC, they're two completely different worlds.
Unless you run linux which can run on either. For linux users the question revolves around gcc's readiness to compile with 970 optimalizations. A totally optimized linux desktop on a dual 2.0ghz g5 will be the top of the line linux desktop.
It's got altivec in the CPU which can speed up vector computations dramatically - photoshop on mac also uses altivec optimalizations which is why its so very fast compared to photoshop on a comparable intel. I bet the dna sequencers use the altivec. (prolly ppc linux w gcc)
people who run their compiler from the command line or through make.. I bet tons of people will start using this to get solid performance increases on the mac if not i86 architectures
There are gamers who go to the edge to squeeze another megaherz out of their processors, another fps out of their q3 game... In photoshop it'll matter if you have several large images open (64 bit addressing) in Gaming it'll matter because people will want to have the 64 bits port of the game. I'm sure you've "covered it" with whomever "we" are but apparently that "we" isnt all inclusive:P
The performance gap would be very big, it might dissuade people from buying a mac laptop at this time, they'd wait until there was a G5 laptop... Could be a while before they figure out how to cool one down to fit into a laptop.
But when will we see a 64 bit SMP version of quake3? Or any other game? Will game dev studios be required to develop multiple versions of Mac games now?
Mainstreat Intel based OS will see the same problems I guess, 32 and 64 bit versions, linux, windows versions...
But I bet you if id software releases doom3 for a dual g2 64 bits mac... it'll be fabulous performance compared to intel architectures.
Most if not all of the well known universities in Europe are funded by tax money and cases such as these would create a serious outrage. It is not uncommon for a university to cooperate with a corporation but it is rather unusual for a professor to be this corrupted.
It is appalling how a convicted monopolist can use the profit it is continuing to make out of its monopoly to buy out the educational system the world over. What a disgrace.
You know, I have slashdot periods, in which all this stuff seems of supreme importance to me. Then I can have months where it all seems ridiculous and heavily compartimentalized fringe material. I do unix & linux system admin & some c programming professionally so it's quite natural i find myself interested in slashdot.. Slashdot is absurd in this that it is both a community and an abberation of modern urban society. News for nerds, stuff that matters... So sometimes it hurts and you get remarks like the one i posted above.:)
i read 'max factor' first - i didnt eat much today and something seems to be wrong with me so it seemed logical they would know how to reconstruct a face being a cosmetics company and all - then it hit me that they wouldnt have an institute for computer science, they usually have some flashy institute for beta caleotones or whatever the latest face goo is called... max planck makes a lot more sense in the end than max factor.. maybe i shouldnt post this. or post it anonymously? ohwell
Lucky so far that the virus is such a botched hack job that it reboots the computer, if it hadn't shut down RPC and rebooted systems, people wouldn't patch until whatever next incarnation of this worm made them patch. This could have been zillion times more dangerous.
Alternative "fix":
1) insert knoppix cd in drive
2) reboot computer
3) activate booting from cd in bios
Slashdot Mirror
Does anyone know if its possible to make a device that exploits such a vulnerability?
I don't buy into the very difficult to exploit crap. As far as I can tell from this information (but IANAHE - im not a hardware engineer) it would be possible to design hardware that can systematically exploit this vulnerability and it would be a godsent for governments of countries with less than adequate constitutions and really handy to have for large companies who would like to hear what their competition has to say. It would be an extremely valuable device. Very difficult to exploit in practise, maybe, worth it to some? totally..
Just go to file -> open -> bookmarks (or enter the sftp://user@host address)
Kde's file dialogue doesn't need fixing :) Gnome's works fine but misses this flexibility.
hint hint :)
I run mandrake on a ti powerbook g4 (apple) and the support from the mandrake ppc community is excellent. (Stew Benedict deserves mentioning). Mandrake PPC is on a slower (annual) release cycle.
I hope mandrake can stay the most popular linux distribution, it earned it through dedication to user friendliness and keeping to the spirit of open source arguably better than RedHat and SuSe.
MSDOS: 20+ years without remote hole in the default install
That's because MSDOS doesnt have any native networking in the default install. Troll.
*nix based multi user systems often run few processes as root and those are usually the most audited pieces of software on the planet (like bind, sendmail, etc). Very few people run as root user.
If there was a virus spreading through evolution mail it would only have the rights of the evolution user. It wouldn't be able to open services on ports below 1024, wouldn't be allowed to delete or modify system binaries...
Windows is (very) slowly moving in the right direction but microsoft has had so much time to fix this and still vulnerabilities pop up because of poor systems design.
Also in linux and other open source OS the source is open so vulnerabilities can be spotted easily and fixes can be written and distributed in no time.
We'll probably be moving towards a much greater linux install base over the next decades, we'll probably see much more secure systems because of it.
The article is true in most respects except in its implied assumption the unemployed will just take the loss of home, food, security, etc without trying to somehow secure that anyway. Interestingly enough this concentration theory reminds me of old Marx who pretty much said the same thing with the addition that the workers would rise and throw over the system. Quite the opposite happened, the system rose up (commies, nazis) and took away peoples freedom.
Gaim developer: "Hello MS, I represent GAIM and want a free license to your ms protocol for our free multi messenger client".
MS: "You represent who? Are you the owner or a person able to CONTRACT WITH US"
Gaim developer: "uhhhhhh"
to buy access licenses so while MS doesnt have to pay access to its own network anyone else does and anyone who gives away their IM client for free is crap out of luck except MS itself...
The whole idea of having to pay for messenger access is fairly ridiculous anyway, user records dont need alot of space on the server, clients could message p2p.. so you only need a very thin server side daemon. The idea that its more secure ... ms is using its own flaws in its own defense.
I dont normally see things in a ms vs open source light but in this case there is little other reason evident.
Also see this article
MS messenger is available natively for windows & mac. It's available through plugins (gaim, kopete) on linux/bsd. Gaim/kopete wont be able to license ms messenger. So the only change this will bring is that linux/bsd clients no longer have a ms messenger protocol: effectively linux & *bsd access will be blocked on the msmsngr network.
MS integrated messenger in windows to build momentum. The moment they have a significant market share they lock down the protocol and start to license access to their users. I'm interested in talking to people who use msn, not in using the protocol, I could care less what protocol is being used. But now MS forces me to start emailing all those people who use MS messngr that they either have to get another IM account or they wont be able to chat with me through IM anymore. SO now they all have to get a yahoo account, download the client, configure, install, blah blah blah stuff they can totally do without. Thank you Microsoft.
I can't run windows or mac because they dont have the applications i work with.
Unless you run linux which can run on either. For linux users the question revolves around gcc's readiness to compile with 970 optimalizations. A totally optimized linux desktop on a dual 2.0ghz g5 will be the top of the line linux desktop.
It's got altivec in the CPU which can speed up vector computations dramatically - photoshop on mac also uses altivec optimalizations which is why its so very fast compared to photoshop on a comparable intel. I bet the dna sequencers use the altivec. (prolly ppc linux w gcc)
people who run their compiler from the command line or through make.. I bet tons of people will start using this to get solid performance increases on the mac if not i86 architectures
There are gamers who go to the edge to squeeze another megaherz out of their processors, another fps out of their q3 game... In photoshop it'll matter if you have several large images open (64 bit addressing) in Gaming it'll matter because people will want to have the 64 bits port of the game. I'm sure you've "covered it" with whomever "we" are but apparently that "we" isnt all inclusive :P
The performance gap would be very big, it might dissuade people from buying a mac laptop at this time, they'd wait until there was a G5 laptop... Could be a while before they figure out how to cool one down to fit into a laptop.
Mainstreat Intel based OS will see the same problems I guess, 32 and 64 bit versions, linux, windows versions...
But I bet you if id software releases doom3 for a dual g2 64 bits mac... it'll be fabulous performance compared to intel architectures.
It is appalling how a convicted monopolist can use the profit it is continuing to make out of its monopoly to buy out the educational system the world over. What a disgrace.
You know, I have slashdot periods, in which all this stuff seems of supreme importance to me. Then I can have months where it all seems ridiculous and heavily compartimentalized fringe material. I do unix & linux system admin & some c programming professionally so it's quite natural i find myself interested in slashdot.. Slashdot is absurd in this that it is both a community and an abberation of modern urban society. News for nerds, stuff that matters... So sometimes it hurts and you get remarks like the one i posted above. :)
yeah but im willing to go the extra mile and be plainly ridculous!
i read 'max factor' first - i didnt eat much today and something seems to be wrong with me so it seemed logical they would know how to reconstruct a face being a cosmetics company and all - then it hit me that they wouldnt have an institute for computer science, they usually have some flashy institute for beta caleotones or whatever the latest face goo is called. .. max planck makes a lot more sense in the end than max factor.. maybe i shouldnt post this. or post it anonymously? ohwell
Thats how you spell defense in the old world.
It's time for the government to rise up, point a finger and yell: "It's all Microsoft's fault!" Man we've waited for that forever! :)
Alternative "fix":
1) insert knoppix cd in drive
2) reboot computer
3) activate booting from cd in bios