There are several places. First, most such apps use the "All Users" folder to store common files between users. There is also the ProgramData folder which has Read/Write permissions for User. This has been true since XP, nearly 10 years ago. How old is this program?
The P4 was introduced at the end of 2000, and Windows 98 was already a dinosaur. Windows 2000 and ME were what was shipped with computers at the time. XP came out a few months later. So, unless you bought the first P4's off the rack, it should have come with XP.
No large organization is going to use open source software without a support contract from the vendor. In virtually every case i've seen (RedHat, Ubuntu, etc..) the enterprise support licenses exceed the license costs of Windows for the same environment. Now, granted, the level of support maybe be greater with the open source support contract, but it's still more expensive... so "saving millions of dollars" is just a smoke screen. Open source, when accompanied by support contracts, is seldom cheaper.
Revolution only occurs when the vast majority of people have their lives destroyed by the government. As long as there is a large middle class, Revolution will never occur. People need to have nothing left to lose before they are willing to risk their lives. And seriously, if you're on slashdot, that means you almost certainly have a home, a job (or someone who pays your bills), a computer, electricity, food, shelter, etc... you have a lot to lose, and most people aren't willing to risk that.
What does a comment about copyleft have to do with patents? The answer would be "nothign", and as such would be pretty bizarred on a blog about patents. What's confusing is why YOU think anyone should rail against 10+ year old coments about something not related to what you're talking about.
Regarding the "200 patents" bit or whatever it was, that wasn't an actual lawsuit that was filed. Many predicted (including myself) at the time that Microsoft would never sue any Linux vendor over those alleged patents. And so far, they haven't. As such, again, I fail to understand why someone should rail against an imaginary lawsuit that never happened.
Oh right, microsoft bad.. don't confuse people with facts... gotcha.
Jesus, are you really this stupid? Do you really have such a hard time understanding the written word?
I did not say that a backdoor does not give you priveledged access, I said it doesn't need to give you privledged access to be considered a back door. Wow. You are just fucking dumb as a bag of hammers... seriously. I'm surprised you even know what a computer is.
And a patched su binary is no different than a patched login binary. In fact, login and su are essentially the same thing.
It's simple. A backdoor gives you access, a rootkit ensures that you keep access without being detected. A rootkit can open a backdoor, and a backdoor can be part of a rootkit, but they are two seperate functions, and you can have either without the other.
Who said anything about a server? I was talking about someone running Linux on their desktop. I'm not quite sure what your point is? That servers are secure? No, because if the server is internet facing it has to have some services it's exposing to the internet and any of those services could be an attack vector (HTTP, SMTP, DNS...).
But regardless, the fact that you think blended attacks are virtually non-existent says a lot.
Blended attacks, where multiple vulnerabilities are used in conjunction with one another, are quite common these days.
In fact, I have no idea what your point is, since it neither applies to an internet facing server, nor a desktop user connecting to the internet.
And no, it doesn't require a 'clearly documented' security flaw. Have you never heard of a 0-day exploit?
No. A backdoor doesn't even have to give any priviledged access. It can just give them normal user access. A backdoor doesn't even have to be intentional, it can be the result of poor programming or a hole in the configuration of the machine.
While the two may often be used together, they are not the same thing.
Yes, local root vulnerabilities are often found, but they usually only affect a small percentage of the Linux population (usually because they're isolated to a particular distro's custom kernel). What makes this unique is that it basically affects all versions of Linux.
No. Read nothing. You're seeing something in that link that isn't there.
Continued priviledged access is not a back door. A back door is when you allow someone to access a computer via a non-normal access mechanism that is typically unknown to the authorized user(s).
As I said, while a rootkit *CAN* expose a backdoor, it doesn't need to do so to be a rootkit.
For example, the Sony rootkit did not expose a backdoor. But it was still a rootkit.
Yes, a patched copy of login is a backdoor, it is not a rootkit.
What part of Web *BROWSER* did you not understand?
I said nothing about a server. Even so, you don't need a shell to execute arbitrary code. You just need to be able overflow a buffer or some other kind of attack. A shell is meaningless.
First, unless you're using ksplice, you have to reboot. So it may download and install the new kernel, but unless the user reboots they're still vulnerable.
Second, There's tons of apps that access the internet that can be potential points of ingres. Browsers, Flash, Acrobat, Media Players, etc.. many hackers sit on exploits to these kinds of programs so they can use them when a big flaw like this one is exposed, so unless you're completely isolated from the internet, you could potentially be vulnerable.
Open web browser, go to site which exploits a flaw in your browser. Hostile attacker can run arbitrary code as you, the user. Hostile attacker executes local privilege escalation exploit. You are owned. Game over.
If you use code to access any remote data, there's always a chance that attackers can exploit you locally.
And this is why so many people get compromised. You think "Oh, it's just a local vulnerability".
The problem is, virtually anything you might do that goes out onto the internet could potentially exploit a local vulernability. Unless you don't allow people to access the internet at all, your web browser, email client, streaming radio player, Instant Messenger, etc.. all of them can (and probably do) have flaws that could be used in conjunction with a local root vulnerability to gain root access. Let's say you're one version behind on Firefox, well any malicious hacker can own your computer by combining this vulnerability (or any of several others) with this local root vulnerability and you're owned.
All you have to do is visit the attackers site. Bam. Ownage. Should someone actually want to do so.
A rootkit doesn't (necessarily) leave a back door. Yes, a rootkit can, but so can any other kind of exploit. A rootkit is a rootkit because it installs itself at a low level of the OS to hide itself from the tools you might use to find it (for instance, it installs itself as a kernel module and then it patches api's that pull lists of processes to remove itself from the list).
Uhh.. dude. Seriously. Did you even think about this?
Your web browser runs as a local user. If there is a flaw in your web browser (and all of them have had plenty), then they can use that flaw, just by looking at a web site, to gain root access to your machine using this vulnerability.
So yes. This *IS* the kind of flaw that just looking at someones web site can exploit, if they can also attack your web browser (which is typically pretty easy to do as most people aren't always up to date).
It's true that they're susceptible to brute force attacks. However, the inability to know when you have the correct cipher makes it pointless. Yes, you can brute force the key, but because you don't know if it's the actual key or not, you have no way to know if you've succeeded. Simply being readable text doesn't mean anything because there are millions of other readable text pads that can come out of it.
My guess is that you don't really understand how the one-time pad works.
Why would one hold a belief that one did not believe was correct?
I have many beliefs, that doesn't mean tha I am correct, or that anyone elses beliefs are wrong. A belief is different from proven fact. Certainly, technical people have no monopoly on this, as evidenced by Tea Partiers, Religious nut jobs, etc.. but as a profession, they seem more prone to it.
Right. When Aiplex and the MPAA attack sites and people, that's OK. If some group attacks them in return, it's akin to terrorism
I didn't say it was ok. But neither is it ok to respond in kind, especially when the group itself (nor it's members) were specifically the target (the same is true of Scientology, Anonymous certainly is not CoS target audience).
It's not supposition that Terrorists are more frequently engineers. It's fact. And it's the same mentality that lets one be a terrorist as what Anonymous is doing.
Did it ever occur to anyone that maybe, just maybe, such DDoS attacks might also be hurting others? People on the same subnet? People at the same ISP? Such flagrant disregard for collateral damage is another similarity to terrorism.
I'm not pro MPAA, or CoS or anything, but I think this behavior is stupid, and not only does it help the cause, it hurts it.
Yes, but only technical people are attacking the MPAA and it's cronies. You don't see anyone sending pipe bombs to them, or going out and cutting their power and/or data lines? Those are things non-technical people would do, but they don't.
The only people that are attacking them are technical people.
Slashdot Mirror
There are several places. First, most such apps use the "All Users" folder to store common files between users. There is also the ProgramData folder which has Read/Write permissions for User. This has been true since XP, nearly 10 years ago. How old is this program?
A p4 running Windows 98?
The P4 was introduced at the end of 2000, and Windows 98 was already a dinosaur. Windows 2000 and ME were what was shipped with computers at the time. XP came out a few months later. So, unless you bought the first P4's off the rack, it should have come with XP.
Assuming you can find a driver for all your hardware for xp, which is becoming more and more unlikely.
Umm.. the network settings are identical to the ones in XP. How can you possibly have trouble with that?
http://news.softpedia.com/newsImage/Windows-7-Networking-5.jpg/
No large organization is going to use open source software without a support contract from the vendor. In virtually every case i've seen (RedHat, Ubuntu, etc..) the enterprise support licenses exceed the license costs of Windows for the same environment. Now, granted, the level of support maybe be greater with the open source support contract, but it's still more expensive... so "saving millions of dollars" is just a smoke screen. Open source, when accompanied by support contracts, is seldom cheaper.
Oh please. We're nowhere near an insurrection.
Revolution only occurs when the vast majority of people have their lives destroyed by the government. As long as there is a large middle class, Revolution will never occur. People need to have nothing left to lose before they are willing to risk their lives. And seriously, if you're on slashdot, that means you almost certainly have a home, a job (or someone who pays your bills), a computer, electricity, food, shelter, etc... you have a lot to lose, and most people aren't willing to risk that.
Wait...
So, the government is supposed to protect people who are breaking the law from being prosecuted for breaking the law?
How does that work exactly?
I'm sorry,
What does a comment about copyleft have to do with patents? The answer would be "nothign", and as such would be pretty bizarred on a blog about patents. What's confusing is why YOU think anyone should rail against 10+ year old coments about something not related to what you're talking about.
Regarding the "200 patents" bit or whatever it was, that wasn't an actual lawsuit that was filed. Many predicted (including myself) at the time that Microsoft would never sue any Linux vendor over those alleged patents. And so far, they haven't. As such, again, I fail to understand why someone should rail against an imaginary lawsuit that never happened.
Oh right, microsoft bad.. don't confuse people with facts... gotcha.
And we come full circle. IBM started with Iron core memory, and now they're doing it again.
Jesus, are you really this stupid? Do you really have such a hard time understanding the written word?
I did not say that a backdoor does not give you priveledged access, I said it doesn't need to give you privledged access to be considered a back door. Wow. You are just fucking dumb as a bag of hammers... seriously. I'm surprised you even know what a computer is.
And a patched su binary is no different than a patched login binary. In fact, login and su are essentially the same thing.
It's simple. A backdoor gives you access, a rootkit ensures that you keep access without being detected. A rootkit can open a backdoor, and a backdoor can be part of a rootkit, but they are two seperate functions, and you can have either without the other.
Who said anything about a server? I was talking about someone running Linux on their desktop. I'm not quite sure what your point is? That servers are secure? No, because if the server is internet facing it has to have some services it's exposing to the internet and any of those services could be an attack vector (HTTP, SMTP, DNS...).
But regardless, the fact that you think blended attacks are virtually non-existent says a lot.
Blended attacks, where multiple vulnerabilities are used in conjunction with one another, are quite common these days.
In fact, I have no idea what your point is, since it neither applies to an internet facing server, nor a desktop user connecting to the internet.
And no, it doesn't require a 'clearly documented' security flaw. Have you never heard of a 0-day exploit?
Really? Tell that to the army of zombies out there running on single user machines.
No. A backdoor doesn't even have to give any priviledged access. It can just give them normal user access. A backdoor doesn't even have to be intentional, it can be the result of poor programming or a hole in the configuration of the machine.
While the two may often be used together, they are not the same thing.
Yes, local root vulnerabilities are often found, but they usually only affect a small percentage of the Linux population (usually because they're isolated to a particular distro's custom kernel). What makes this unique is that it basically affects all versions of Linux.
No. Read nothing. You're seeing something in that link that isn't there.
Continued priviledged access is not a back door. A back door is when you allow someone to access a computer via a non-normal access mechanism that is typically unknown to the authorized user(s).
As I said, while a rootkit *CAN* expose a backdoor, it doesn't need to do so to be a rootkit.
For example, the Sony rootkit did not expose a backdoor. But it was still a rootkit.
Yes, a patched copy of login is a backdoor, it is not a rootkit.
What part of Web *BROWSER* did you not understand?
I said nothing about a server. Even so, you don't need a shell to execute arbitrary code. You just need to be able overflow a buffer or some other kind of attack. A shell is meaningless.
First, unless you're using ksplice, you have to reboot. So it may download and install the new kernel, but unless the user reboots they're still vulnerable.
Second, There's tons of apps that access the internet that can be potential points of ingres. Browsers, Flash, Acrobat, Media Players, etc.. many hackers sit on exploits to these kinds of programs so they can use them when a big flaw like this one is exposed, so unless you're completely isolated from the internet, you could potentially be vulnerable.
Fail.
Open web browser, go to site which exploits a flaw in your browser. Hostile attacker can run arbitrary code as you, the user. Hostile attacker executes local privilege escalation exploit. You are owned. Game over.
If you use code to access any remote data, there's always a chance that attackers can exploit you locally.
And this is why so many people get compromised. You think "Oh, it's just a local vulnerability".
The problem is, virtually anything you might do that goes out onto the internet could potentially exploit a local vulernability. Unless you don't allow people to access the internet at all, your web browser, email client, streaming radio player, Instant Messenger, etc.. all of them can (and probably do) have flaws that could be used in conjunction with a local root vulnerability to gain root access. Let's say you're one version behind on Firefox, well any malicious hacker can own your computer by combining this vulnerability (or any of several others) with this local root vulnerability and you're owned.
All you have to do is visit the attackers site. Bam. Ownage. Should someone actually want to do so.
A rootkit doesn't (necessarily) leave a back door. Yes, a rootkit can, but so can any other kind of exploit. A rootkit is a rootkit because it installs itself at a low level of the OS to hide itself from the tools you might use to find it (for instance, it installs itself as a kernel module and then it patches api's that pull lists of processes to remove itself from the list).
None of this has to do with backdoors.
Uhh.. dude. Seriously. Did you even think about this?
Your web browser runs as a local user. If there is a flaw in your web browser (and all of them have had plenty), then they can use that flaw, just by looking at a web site, to gain root access to your machine using this vulnerability.
So yes. This *IS* the kind of flaw that just looking at someones web site can exploit, if they can also attack your web browser (which is typically pretty easy to do as most people aren't always up to date).
It's true that they're susceptible to brute force attacks. However, the inability to know when you have the correct cipher makes it pointless. Yes, you can brute force the key, but because you don't know if it's the actual key or not, you have no way to know if you've succeeded. Simply being readable text doesn't mean anything because there are millions of other readable text pads that can come out of it.
My guess is that you don't really understand how the one-time pad works.
I have many beliefs, that doesn't mean tha I am correct, or that anyone elses beliefs are wrong. A belief is different from proven fact. Certainly, technical people have no monopoly on this, as evidenced by Tea Partiers, Religious nut jobs, etc.. but as a profession, they seem more prone to it.
I didn't say it was ok. But neither is it ok to respond in kind, especially when the group itself (nor it's members) were specifically the target (the same is true of Scientology, Anonymous certainly is not CoS target audience).
It's not supposition that Terrorists are more frequently engineers. It's fact. And it's the same mentality that lets one be a terrorist as what Anonymous is doing.
Did it ever occur to anyone that maybe, just maybe, such DDoS attacks might also be hurting others? People on the same subnet? People at the same ISP? Such flagrant disregard for collateral damage is another similarity to terrorism.
I'm not pro MPAA, or CoS or anything, but I think this behavior is stupid, and not only does it help the cause, it hurts it.
Yes, but only technical people are attacking the MPAA and it's cronies. You don't see anyone sending pipe bombs to them, or going out and cutting their power and/or data lines? Those are things non-technical people would do, but they don't.
The only people that are attacking them are technical people.
I think you need to read the referenced article. I'm not asserting that engineers are more likely to be terrorists, it's a proven fact.