Sorry, you have it the other way around.
The ONLY reason differentiated service for 911 exists in the protocol specifications is because FCC and other regulatory bodies across the world mandate that it be so. See http://www.fcc.gov/911/ for an example.
Similar regulations exist across the world.
Maybe it's before your time, but 911 systems were once the target of many exploits before the first crackdowns, mainly because its implementation had to obey strict rules that usually meant that 911 systems were a bit more exposed than other telco components. But that was then, and now is now - still, I would not be surprised if 911 services proved themselves to be a gateway for hacking into modern voip facilities...
Yes and no - by all means run a "play" server on company hardware, if you're allowed. It does indeed let you play around with new versions, etc.
But by all means do NOT put your personal content on it, or use it to run your personal domain or your personal email. At the minimum, this would violate "fair use of company resources".
Have a "play" server at work, even use it to try out new versions of software or new configurations that you intend to put on your own server, all the better if you can use that knowledge to improve your employers' systems - but _content_ is where the line is drawn.
They're using the wrong approach if they're trying to sell it to vintners.
This shouldn't be marketed as a way to _replace_ ageing, but rather as a way to complement it. If it can make a not-so-good wine much better, imagine what this wine will be like after you allow it to age in the traditional way.
This is another clear example of security by stupidity. Since most managers can't understand the complex and real risks in information systems, they always choose the "simple" stuff that they can understand instead of focusing on the real problems.
Managers don't believe users can send confidential information outside the company by uploading it to external web sites using HTTPS. Why not? Because they look at their silly "windows explorer" and all the drives they see are on local machines and company servers - so they "assume" that files can only be copied to those places - local disk, company server, cd-rw, usb drive.
Security will never evolve without the really bad things happening once in a while. Sadly, the largest percentage of people - including most managers - is still without technical knowledge, without any kind of common-sense, and without the required amount of humbleness to realise that they don't know anything about it and they should ask a professional.
The niche where I'd recommend a layer 7 firewall is when it's unsafe to update production systems to fix a vulnerability
I wouldn't just say "unsafe", but also when it is unfeasible. Production systems are sometimes commercial products, sometimes they are custom built but you don't have anyone who can read, understand or touch the code.
Sometimes it is a lot easier to implement and maintain a simple app-level filter that screens traffic for known-good patterns and leaves out everything else than it is to even understand in which part of a production application to put that kind of filtering.
Your post made me remember the "interrupt" switch - we used an H-H switch on the serial port and a watchdog to monitor it. The problem was that the OS/2 PM event queue was read by a single thread, yes.
At least IBM has courses named "OS/2 Hang and Trap Analysis" - I should known, I attended one.
The idea is that only the most skilled, black hat hacker can open the preferences for his VoIP software and change the port number.
Wow, really? I guess the rest of the world will just have to go script-kiddio and download the "VoIP Panama Hacker" tool or something, to make it work again...
Yes, you're right, NetBIOS is not NETBEUI.
Still, NetBIOS is a mess and you don't want to go there. Ever. Believe me. I know.
Re:Is this going to be the new whipping boy?
on
MS Palladium Patent
·
· Score: 2
shouldnt the paranoia level be turned down a notch till we have something a little more concrete?
I don't think so. In fact, it should go up, and we should be taking steps to create a viable, open source alternative to a cryptographically secure operating system (albeit with a different root - think FSF root certificates instead of Microsoft's) instead of waiting idly for this to catch us with our pants down in a couple of years.
Nobody as in "none of the slashdot crowd"? Think again. The public doesn't know better, the public doesn't care, the public will buy it. Then, they will flood the market with this stuff. Then, They will say that any computer that doesn't implement this is only likely to be used by pirates and, oh dear, terrorists. And the blind, believing, bought governme nt will go for it. And then, suddenly, you either comply or get busted.
Microsoft has the power of marketing and an installed base. We have the power of numbers, of skills, and of a culture of open design.
Intel, Microsoft et al. are proposing a system whereby the processor validates every and all hardware and system software before allowing a system bootstrap. This is all fine. Will this also mean that only a particular release of software (Read: Windows) kernel will load? I don't believe so. If the software is "trusted", by whom is it trusted? By Intel? Surely, they build the processors. And who will they trust? Microsoft? Yes. But they must also trust others, or they may be charged with cartelization. An Intel chip must have a specification open enough to allow trusted parties to build software for it. We must make sure the government forces Intel to allow this. And then we must build a system that Intel will trust. We must start a Palladium-equivalent counter-initiative, and we must start it NOW.
There must exist an open system that will boot in DRM enabled machines, and that will provide reasonable DRM protection while still maintaining what we believe are consumer's rights. Microsoft must not be the only one holding the ball on this.
A DRM-enabled linux/bsd/whatever must exist. Please think about this. I'll come back with more thoughts, but please, if you think this is a good idea, mail me.
I understand that Microsoft would very much like computer to only run microsoft-sanctioned code, and that one way to achieve this is by only allowing approved and digitally signed binaries to run.
The question is whether the customers will buy this. As far as companies go, what would such a move imply? Provisions must certainly be made to allow companies to keep running their own in-house code. And as for small independent development companies, they must sign their code as well. Who defines what can run on the computer? Who issues the signing certificates?
If this system does not allow companies to write and run their own scripts and programs, it's never going to fly. Remember, most of the world's software is still custom development...
This is NOT about cars, this is about software and about interchange formats!
I hope this law makes it: this will be the grounds for asking for a law that forces Microsoft et al. to open their document format.
Today, independent programmers cannot perform services for their customers because large software makers hide the specifications for document formats. This means that an independent programmer cannot properly access and service the customer's database/spreadsheet/file without specialized tools that he would be required to buy from the software maker. This, in fact, amounts to some degree of cartelization, in so far as only programmers "licensed" by the software maker have access to these tools, in what amounts to a cartel. By effectively preventing independent programmers from obtaining revenue from services, this situation limits choice for consumers and harms many independent programmers, who are sometimes the sole financial support for their family.
Slashdot Mirror
Maybe you should go out more...
ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn
Sorry, you have it the other way around. The ONLY reason differentiated service for 911 exists in the protocol specifications is because FCC and other regulatory bodies across the world mandate that it be so. See http://www.fcc.gov/911/ for an example. Similar regulations exist across the world. Maybe it's before your time, but 911 systems were once the target of many exploits before the first crackdowns, mainly because its implementation had to obey strict rules that usually meant that 911 systems were a bit more exposed than other telco components. But that was then, and now is now - still, I would not be surprised if 911 services proved themselves to be a gateway for hacking into modern voip facilities...
Haven't you read Dijkstra? GOTO is considered harmful. That's why I just sit here and never go anywhere these days.
Yes and no - by all means run a "play" server on company hardware, if you're allowed. It does indeed let you play around with new versions, etc. But by all means do NOT put your personal content on it, or use it to run your personal domain or your personal email. At the minimum, this would violate "fair use of company resources". Have a "play" server at work, even use it to try out new versions of software or new configurations that you intend to put on your own server, all the better if you can use that knowledge to improve your employers' systems - but _content_ is where the line is drawn.
They're using the wrong approach if they're trying to sell it to vintners. This shouldn't be marketed as a way to _replace_ ageing, but rather as a way to complement it. If it can make a not-so-good wine much better, imagine what this wine will be like after you allow it to age in the traditional way.
Does anyone know an address there? I'd gladly re-send them all the spam I get - that should fill the 100 Gb...
Managers don't believe users can send confidential information outside the company by uploading it to external web sites using HTTPS. Why not? Because they look at their silly "windows explorer" and all the drives they see are on local machines and company servers - so they "assume" that files can only be copied to those places - local disk, company server, cd-rw, usb drive.
Security will never evolve without the really bad things happening once in a while. Sadly, the largest percentage of people - including most managers - is still without technical knowledge, without any kind of common-sense, and without the required amount of humbleness to realise that they don't know anything about it and they should ask a professional.
Sorry, you can't use that. That's the address we use for network testing.
I wouldn't just say "unsafe", but also when it is unfeasible. Production systems are sometimes commercial products, sometimes they are custom built but you don't have anyone who can read, understand or touch the code.
Sometimes it is a lot easier to implement and maintain a simple app-level filter that screens traffic for known-good patterns and leaves out everything else than it is to even understand in which part of a production application to put that kind of filtering.
I wrote a reply to their previous paper on Open Source issues. Maybe I'll have to do the same again...
Seriously, these guys are ridiculous. The sad part is that the media even listens to them...
Your post made me remember the "interrupt" switch - we used an H-H switch on the serial port and a watchdog to monitor it. The problem was that the OS/2 PM event queue was read by a single thread, yes. At least IBM has courses named "OS/2 Hang and Trap Analysis" - I should known, I attended one.
Does this bug affect Outlook? Because if it does, it's suddenly a bit more serious.
And if it doesn't, what stops anyone from "crashing hotmail" (if you get my drift...)
how would that be "similar to an SMTP system"???
do you know what you're talking about? or is it me that should really go get some sleep?
Wow, really? I guess the rest of the world will just have to go script-kiddio and download the "VoIP Panama Hacker" tool or something, to make it work again...
</irony>
Netware? Do those guys still exist??? And what on earth are they selling now? Gee, you don't say! A vaccum cleaner with MySQL installed? Wow!
I think the author realizes this, but also realizes that "the carrot is better than the stick" when trying to motivate people for long-term results.
I fully agree. Still, for short-term tangible results, a stick works so much better than waiting for the donkey to get hungry...
Yes, you're right, NetBIOS is not NETBEUI. Still, NetBIOS is a mess and you don't want to go there. Ever. Believe me. I know.
I don't think so. In fact, it should go up, and we should be taking steps to create a viable, open source alternative to a cryptographically secure operating system (albeit with a different root - think FSF root certificates instead of Microsoft's) instead of waiting idly for this to catch us with our pants down in a couple of years.
Nobody as in "none of the slashdot crowd"? Think again. The public doesn't know better, the public doesn't care, the public will buy it. Then, they will flood the market with this stuff. Then, They will say that any computer that doesn't implement this is only likely to be used by pirates and, oh dear, terrorists. And the blind, believing, bought governme nt will go for it. And then, suddenly, you either comply or get busted.
Microsoft has the power of marketing and an installed base. We have the power of numbers, of skills, and of a culture of open design.
Intel, Microsoft et al. are proposing a system whereby the processor validates every and all hardware and system software before allowing a system bootstrap. This is all fine. Will this also mean that only a particular release of software (Read: Windows) kernel will load? I don't believe so. If the software is "trusted", by whom is it trusted? By Intel? Surely, they build the processors. And who will they trust? Microsoft? Yes. But they must also trust others, or they may be charged with cartelization. An Intel chip must have a specification open enough to allow trusted parties to build software for it. We must make sure the government forces Intel to allow this. And then we must build a system that Intel will trust. We must start a Palladium-equivalent counter-initiative, and we must start it NOW.
There must exist an open system that will boot in DRM enabled machines, and that will provide reasonable DRM protection while still maintaining what we believe are consumer's rights. Microsoft must not be the only one holding the ball on this.
A DRM-enabled linux/bsd/whatever must exist. Please think about this. I'll come back with more thoughts, but please, if you think this is a good idea, mail me.
The question is whether the customers will buy this. As far as companies go, what would such a move imply? Provisions must certainly be made to allow companies to keep running their own in-house code. And as for small independent development companies, they must sign their code as well. Who defines what can run on the computer? Who issues the signing certificates?
If this system does not allow companies to write and run their own scripts and programs, it's never going to fly. Remember, most of the world's software is still custom development...
When I read the article title, I thought it was some kind of new movie about Sep. 11...
This is NOT about cars, this is about software and about interchange formats!
I hope this law makes it: this will be the grounds for asking for a law that forces Microsoft et al. to open their document format.
Today, independent programmers cannot perform services for their customers because large software makers hide the specifications for document formats. This means that an independent programmer cannot properly access and service the customer's database/spreadsheet/file without specialized tools that he would be required to buy from the software maker. This, in fact, amounts to some degree of cartelization, in so far as only programmers "licensed" by the software maker have access to these tools, in what amounts to a cartel. By effectively preventing independent programmers from obtaining revenue from services, this situation limits choice for consumers and harms many independent programmers, who are sometimes the sole financial support for their family.
This about it. This may be the way to go.