I used to admin at a University. One of the most frustrating things I encountered was the incessant desire for there to be no restrictions on any of the computing systems that the students used. This includes the servers. The firewall was just an expensive router. We were not allowed to run blocks from the internet to inside IPs, as that defeated the spirit of free access. I tried to explain why it was a 'Bad Thing(tm)' repeatedly, but alway met with resistance from the shared governance committee. One cannot blame the administrators in this thing. I assure you they feel just as powerless as I did. This kind of thing will become more and more rampant as clueless faculty (or upper-management in the business world) are allowed to influence major IT decision-making.
A 'plum' I would seriously like to see is giving us subscribers access to the rejected stories 'bin'. There are a goodly number of quality posts that get killed due to not fitting into the 'schema' of the moment or for any of another various and sundry reasons. Perhaps we just get a link on the sidebar somewhere between 'preferences' and 'submit story', or a new slashbox.. Either way, I think this would be something that would be very easy to implement and I think would bring some additional value to the subscription with no real effort. How about it Taco?
So, since I'm a subscriber, am I actually typing this in the future as well since the title bar is green? It's really red, but I am seeing it green, thus I must be operating in the future! Jeez, and I though Babylon 5 was confusing!
You know that copy of Borland C++ your father just bought you? It's not a monitor-stand! You might consider learning that now, and not listening to the fool of a teacher who said that PASCAL would be the root of all future programming. She's a divy!
In fact, everyone should go beyond just passively not claiming their share of this settlement, and actually submit the appropriate paperwork to exclude yourselves, in essence rejecting the settlement. We all know this isn't a fair compensation, and the more people who speak out and say so the better the chances that a more equitable settlement will be reached.
I couldn't agree more! I'll even take the liberty of helping this along:
Just so you don't have to find the means of doing this: From the settlement:
If you do not wish to be bound by the terms of the proposed Settlement described in this Notice, you may request to be excluded from the Settlement. To do so, you MUST send a written request for the exclusion to:
Your request for exclusion must be postmarked by or before March 3, 2003, must clearly state that you want to be excluded from the Settlement, and must provide your full, legal name(s), address, telephone number, and the name and number of this Litigation (In re: Compact Disc Minimum Advertised Price Antitrust Litigation, MDL Docket No. 1361). NO REQUEST FOR EXCLUSION WILL BE CONSIDERED VALID UNLESS ALL OF THE INFORMATION DESCRIBED ABOVE IS INCLUDED IN ANY SUCH REQUEST.
It was getting dark. Not that the sun setting brought any true darkness to the Shire. These folks knew well the power of the Shire weed and it's potent effects on the uninitiated mind. Parties in the Shire could last for ages and involve imbibing liquids of every known colour and spectra in ghastly quantities. I had been sent to write a report for the Elvish council on the elventy-first birthday of one Bilbo Baggins. Not that I worked for the elves mind you. I was a free spirit in those days. A veritable nomad of unclouded opinion with truly obscene powers of light and fire. Working with the elves afforded me the opportunity to wallow in the heart of the Shire dream. To bathe in the glow of that hairy-footed dimunitive candor which all wizards aspire to, but none achieve. Truly to become one with the earth and to live amongst the Hobbits. I had to prepare for this journey well.. In addition to the wagonload of poppers, crackers, sparklers, flaming dragons, and starbursts, I needed to find a keg of the finest honeywine I could get. I needed to be prepared for an undertaking of this monumental scope.
My in-laws live in Maryville, so I've had lots of time in that area to check shit out while avoiding the homefront. While there, check out Gatlinburg just across the Smokies. It's a hell of a tourist trap, but the restaraunts are awesome. There is a killer little road that'll take you there from Chapman highway on the Sevierville (Knoxville) side through the State Park so it has no traffic and is very picturesque. Also, in Pigeon Forge the strip is in full-swing. There's about a million ways to spend money on the family all on one half-mile stretch of road. I vastly prefer the strip to Gatlinburg for sheer entertainment value. For example, you've got killer burgers (Bellaire Grill) right next to the three-story go-cart track right next to the bungee-jumping.. I even dig the car museum they have right next to the Ripley's (tourist trap, beware).. Just thought you might want to know.. After going to both Dollywood, and hanging on the strip, Dollywood got the boot (pun intended, as I loathe country music). Trust me on this.
I'm spending my -day- off assembling toys that have been purchased or 'delivered by Santa' for my son. Mr phillips-head, Mr Duracell, and Mr Band-Aid are treating me poorly as I discover new and even more ingenious ways to bind toys that are in no way assembled to the cardboard boxes they came in. The joys of Christmas are truly without number. Twist-ties and styrofoam bricks provide a nice seat for me while I curse with reckless abandon the SOB who figured that GI Joe vehicles should practically be through-bolted to their respective boxes. Soon, I will get the portable propane torch and ignite the remaining boxes with the goodies still in them. The boy gets what survives the inferno. I like to think of this as Christmas Darwinism. Amusingly, of the many and expensive toys he received from various family, he is most taken with the $15 helicopter so far.
Honestly, can any court of law take this man seriously? He already had to move his residence to a more tolerant (read: lax) legal system. I sincerely doubt he has any real room to maneuver here. I personally welcome a lawsuit that states that you cannot spam a spammer. The sheer hypocrisy is just priceless here. What is recourse in this situation? Subpoena slashdot for the user information attached to our screen names? That'll accomplish nothing but give him a list of usable e-mail addresses to add to his bulk-mailer scripts. I feel no remorse here. I personally wish I had signed him up for some great mailers from PETA, NAMBLA, various anti-abortion groups, and pretty much anything from Jerry Falwell. His harrassment is the best schadenfreud I can think of.
I don't know -- if you started watching the right movies. For instance, let's say one day you sat down for a nice marathon of movies. You start out with the Seige, then Collateral Damage, Air Force One, Executive Decision, True Lies, In the Line of Fire, and the The Peacemaker. Next day, the cops show up at your door and arrest you as a one-man "sleeper cell." Coincidence, anyone?
Or more likely even would be that the police would show up with some estrogen injections for you.
-You- "Who is it?" -Police- "It's the police sir" -You- "Ummm.. can I help you?" -Police- "We're here with some estrogen sir." -You- "Why?" -Police- "Well, we received a disturbing 911 from your Tivo, it said your testicles needed to be taken back a notch."
I think the real problem is that most movies are so rehashed, uninspired, and predictable these days that we can easily tell what the entire thing will be like regardless of the trailer.
Agreed. When I came back to the US, after living in South Korea with no American radio or television, I went with my friends to a movie they wanted to see. The only thing I knew was it was called "Ghost and the Darkness". I bought my ticket and watched the flick with the rest of them. When the realization of what was happening and why was revealed, I was just engrossed. 'Wow!' 'How wild is that?' 'Imagine!' My friends were very ho hum, and when we walked out at the end, said they didn't care for the movie, and that was it. To me, walking in totally blind to everything but the movie name, it was a great flick. They already knew what was going to happen because of the previews.
Even better was when I happened upon "Horror Planet" one day while surfing the UHF. I watched it from beginning to end, and when it did end (no spoilers here) I just sat there in my chair totally dumbfounded. 'That's not how movies end' 'WTF?' Then about an hour later, it hit me. How incredibly cool was that? Not only was it not predictable, but it completely threw cinematic convention out the window. Terrible movie, but hey, you should watch it just to see it all the way through. Don't read any spoilers though, it'll take away from the experience.
I have a Slack box on my desk at work for all my primary needs. It has all the tools I require to do my job and automate as much as possible. It is -in short- my life here. Sitting not three feet from it is my laptop running Win2K Server (server strictly for the network monitor). It's sole purpose in my day-to-day grind is to run Outlook 2000, the corporate standard, and grind out the Visio drawings for my PHB. We have no POP access to our exchange boxes, and no web outlook means no evolution+ximian connector. Thus the 2K stays on my laptop for email and Visio, and the real work gets done on slack.
Now home is a different story. The primary machine runs Win2K Pro, for games, but more importantly to serve as a buffer from my wife's wrath. You see, I loaded Gentoo on it once after a drive crashed. My wife came home, saw KDE, and my consoles piled up on it, and blew her top. I cherished the sexual side of our marraige enough to put Windows back on it, and relegated my Gentoo install back to the crufty machine. I may be a geek-at-heart, and I love linux as much as the next guy, but uptime/tweakability/power/toolset/zealotness is just no substitute for sex.
So.. in short, the reason I have windows on two out of four machines I use daily: Work - Corporate Standard + PHB Home - Sex
Actually, not true, most movie theatres get the movie the night before the day it premiers, and the movie is usually put together that night, late, after the theatre closes.
Well, when I was working for a theater a few (ahem) years back, we got the movies two weeks in advance. This was at a Loews. We used to have employee night on Fridays after the theater closed and watch all the new stuff weeks before others got to see it. 'Course then downloading over the internet wasn't really a problem because 2400 baud connections to the local BBS was pretty cutting-edge in those days.
While running some trajectory simulations through MacSpin 2.0 on my Mac Classic back in 1991, I had MacSpin bail on me and the entire System froze to this bizarre gray screen with a single dialogue box. It said: You have entered the Twilight Zone at sector -27359. Continue? The only button said 'OK'.
I actually called Apple about this error, and after chewing on it for about 12 hours, they called me back and said they felt it was a trap left in by the programmers of MacSpin, and to just reboot.
Just out of interest, has anyone here realized the potential weaponry we already have to stop potential attacks from the RIAA, MPAA, et al? Folks, we control the routers. Last time I looked, the internet was an organic beast controlled more or less by us. (checking my router monitoring CGI scripts) If you don't like the policies, or 'legitimately' fear an attack from a network, then isn't our responsibility to either route around them, or crank up some access-lists to block them? Attacks from a network certainly generate access-lists on my WAN routers.. I'll just leave you folks with that, and let you marinate on it...
In the shatter exploit he's linking on his website, there is a virus in the sploit.bin file. It's a W32.Beavuh, and Norton Corporate flagged it immediately. So, surfer beware! It's hard to take security fame-seekers seriously when their code is trojaned.
We're extremely co-located here at my current job. In fact the closest server is two hours from me. (This is for security reasons) Anyway, we do it all with just a few terminals and a whole lot of VNC. I think the best answer for you is to set up a few simple boxen that exist to only run VNC sessions for guests and the like, and then hook up a tunnel encryption to the servers if you are worried about it. I can honestly say that Zebedee has been the easiest thing to set up. It runs over port 11965 if you want to push it out the firewalls as well.
KVM switches rock, but tie you to one location, and then you fight over the terminal with the other admins. When you can do it all from your desk with just a click, why not?
Not having a GUI?!?
I've been running Snort for some time now, and love it! I'm using MySQL logging with ACID and ADODB under Apache for a front end. You just can't get any easier than fill-in-the-blanks SQL querys and intuitive packet layouts. Obviously, they want a strictly out-of-the-box product, and aren't willing to invest any time to make a solid IDS.
As to the false positives, I can concur that in the beginning it was daunting seeing the flood of alerts, but in time, you figure out what is normal and what is not. A little restructure, or a few rule overrides, or rewritten rules, and it's seamless. All it takes is time. This is akin to bitching that your fresh *nix install doesn't have everything just the way you want it, with all your custom apps and modules. You can easily reduce the number of snort alerts by passing the command option as: snort -D -o -i eth2 -c/etc/snort/snort.conf
This (the -o) changes the rules order to Pass:Alert:Log killing home network normal activity before alert processing. It helps immensely!
Haryy's quest to continue to find He-Who-Must-Not-Be-Named as he journeys across the wild and exotic backdrop of rural China. Along the way he encounters the loveable but stern Master who takes him in and teaches him Leopard-Style Kung-Fu, the only Kung-Fu capable of beating the Voldemort's Dragon-Style. Armed with a quarter staff and the ability to make feathers float, he resumes his quest only to finally meet up with Voldemort against the oft-used-but-still-unappreciated-backdrop of the Great Wall. They challenge each other, make feathers float, then begin the fateful duel. Hilarity ensues. This book has dubbbed speech, or you can choose the subtitle option, where the english shows up at the bottom of the book as a footnote.
You're right about the treatment given theoretical vs. actual threats by most companies. I don't know what the cure for that is going to be. Complancency with regard to systems updating and patching, as we have discovered (read: Code Red), affects us all. In the case of Code Red or Nimda, which used an arsenal of attacks that had patches already released, the liability landed squarely on the admins shoulders. I think that BugTraq and it's ilk are valuable tools for the discussion and dissemination of information, and I admittedly would be lost without them.
I have no problems with liability being ascribed to the software-house when an exploit is disclosed, and nothing is done to fix it. Financial awards are the only thing that is going to wake the industry up from it's casual disregard.
What I do think turns the tables is when the security company releases proof-of-concept code into the mailing lists of the world. BugTraq is a lifesaver. I wouldn't be adequately informed without it. However, I don't think for a second that easily half the subscribers to the list are script kiddies looking for some nice code to drop in their lap. In this case, I think the liability points directly to the security company for failure to use common sense and good disclosure practices.
Can you imagine what would happen if everyone who was affected by a worm generated from proof-of-concept code filed a class action against the company that released the code? If each plaintiff only sued for man hours lost, the damages would be astronomical. This weapon could be wielded at Microsoft or any other company as well that failed to patch an exploit that was reported diligently using best-practices, and later used as a worm.
Usually the only way to make companies listen is to hit them where they'll notice.
that would explain all the firewall hits from 64.28.67.150.
Offtopic == they dont get it
In this particular case, I think your signature is going to be right on target...
For those that don't get it, that's the public IP for/.
This exploit brought to you by the letters ISS
on
Apache Worm in the Wild
·
· Score: 2, Interesting
It is becoming increasingly discouraging when the 'security consultants' are releasing more exploits than any group of crackers ever could. It seems that BugTraq and NTBugTraq are full of more and more exploit traffic by these companies that are supposed to be protecting us from the threats. It looks to me like these companies are actively engaging in the process of breaking software, pointing to the offending buffer, then proclaiming "See! We help you by protecting you from someone who might have discovered this! By the way, here is the code for 'proof of concept' that any moron with gcc can load on his 1337 box for a little Friday night shenanigans!" When is the security end-user community going to come together and fight this as a united front? Make the repurcussions for releasing exploit code so financially devastating, that companies will tremble in fear of releasing -anything- without following proper disclosure. Perhaps litigation and financial awards would be a good start. I know eEye should owe me some money for their wonderful disclosure prinicipals last summer.. It was a long weekend rebuilding all our ftp servers.
My take on this article is that what they are seeking to do is essentially drop honeypots on the P2P nets to discourage would-be downloaders of copyrighted material. Using misleading tags to trick someone into being redirected to a web/dev/null isn't anything new, or particularly illegal for that matter. The warez and porn sites are practically doing that anyway with the 'vote for me before I'll let you mouse-over this option' redirects, and 248 pop-ups of promising links of underage girls and unsuspecting barnyard mammals. There is no mention of Denial of Service or anything destructive. In fact, the article goes out of it's way to specifically state, that there will be no attacks that will be detrimental to carriers or the downloader's machine. Sounds like they're trying a new tactic, and as much as it might disappoint me, there is certainly nothing that I can find that raises the morality alarms. Just another pawn moved on the board while both sides jockey for the quickest checkmate.
Slashdot Mirror
I used to admin at a University. One of the most frustrating things I encountered was the incessant desire for there to be no restrictions on any of the computing systems that the students used. This includes the servers. The firewall was just an expensive router. We were not allowed to run blocks from the internet to inside IPs, as that defeated the spirit of free access. I tried to explain why it was a 'Bad Thing(tm)' repeatedly, but alway met with resistance from the shared governance committee. One cannot blame the administrators in this thing. I assure you they feel just as powerless as I did. This kind of thing will become more and more rampant as clueless faculty (or upper-management in the business world) are allowed to influence major IT decision-making.
A 'plum' I would seriously like to see is giving us subscribers access to the rejected stories 'bin'. There are a goodly number of quality posts that get killed due to not fitting into the 'schema' of the moment or for any of another various and sundry reasons. Perhaps we just get a link on the sidebar somewhere between 'preferences' and 'submit story', or a new slashbox.. Either way, I think this would be something that would be very easy to implement and I think would bring some additional value to the subscription with no real effort. How about it Taco?
So, since I'm a subscriber, am I actually typing this in the future as well since the title bar is green? It's really red, but I am seeing it green, thus I must be operating in the future! Jeez, and I though Babylon 5 was confusing!
Note to 12 yr old self:
You know that copy of Borland C++ your father just bought you? It's not a monitor-stand! You might consider learning that now, and not listening to the fool of a teacher who said that PASCAL would be the root of all future programming. She's a divy!
I couldn't agree more! I'll even take the liberty of helping this along:
Just so you don't have to find the means of doing this:
From the settlement:
If you do not wish to be bound by the terms of the proposed Settlement described in this Notice, you may request to be excluded from the Settlement. To do so, you MUST send a written request for the exclusion to:
Compact Disc MAP Antitrust Litigation Administrator
Post Office Box 1643
Faribault, Minnesota 55021-1643
Your request for exclusion must be postmarked by or before March 3, 2003, must clearly state that you want to be excluded from the Settlement, and must provide your full, legal name(s), address, telephone number, and the name and number of this Litigation (In re: Compact Disc Minimum Advertised Price Antitrust Litigation, MDL Docket No. 1361). NO REQUEST FOR EXCLUSION WILL BE CONSIDERED VALID UNLESS ALL OF THE INFORMATION DESCRIBED ABOVE IS INCLUDED IN ANY SUCH REQUEST.
Hunter S. Thompson:
It was getting dark. Not that the sun setting brought any true darkness to the Shire. These folks knew well the power of the Shire weed and it's potent effects on the uninitiated mind. Parties in the Shire could last for ages and involve imbibing liquids of every known colour and spectra in ghastly quantities. I had been sent to write a report for the Elvish council on the elventy-first birthday of one Bilbo Baggins. Not that I worked for the elves mind you. I was a free spirit in those days. A veritable nomad of unclouded opinion with truly obscene powers of light and fire. Working with the elves afforded me the opportunity to wallow in the heart of the Shire dream. To bathe in the glow of that hairy-footed dimunitive candor which all wizards aspire to, but none achieve. Truly to become one with the earth and to live amongst the Hobbits. I had to prepare for this journey well.. In addition to the wagonload of poppers, crackers, sparklers, flaming dragons, and starbursts, I needed to find a keg of the finest honeywine I could get. I needed to be prepared for an undertaking of this monumental scope.
My in-laws live in Maryville, so I've had lots of time in that area to check shit out while avoiding the homefront. While there, check out Gatlinburg just across the Smokies. It's a hell of a tourist trap, but the restaraunts are awesome. There is a killer little road that'll take you there from Chapman highway on the Sevierville (Knoxville) side through the State Park so it has no traffic and is very picturesque. Also, in Pigeon Forge the strip is in full-swing. There's about a million ways to spend money on the family all on one half-mile stretch of road. I vastly prefer the strip to Gatlinburg for sheer entertainment value. For example, you've got killer burgers (Bellaire Grill) right next to the three-story go-cart track right next to the bungee-jumping.. I even dig the car museum they have right next to the Ripley's (tourist trap, beware).. Just thought you might want to know.. After going to both Dollywood, and hanging on the strip, Dollywood got the boot (pun intended, as I loathe country music). Trust me on this.
I rather like what Christmas has done to
--
RMS is a fucking asshole. [slashdot.org]
Oh yes, I can feel the love all the way here in Houston!
I'm spending my -day- off assembling toys that have been purchased or 'delivered by Santa' for my son. Mr phillips-head, Mr Duracell, and Mr Band-Aid are treating me poorly as I discover new and even more ingenious ways to bind toys that are in no way assembled to the cardboard boxes they came in. The joys of Christmas are truly without number. Twist-ties and styrofoam bricks provide a nice seat for me while I curse with reckless abandon the SOB who figured that GI Joe vehicles should practically be through-bolted to their respective boxes. Soon, I will get the portable propane torch and ignite the remaining boxes with the goodies still in them. The boy gets what survives the inferno. I like to think of this as Christmas Darwinism. Amusingly, of the many and expensive toys he received from various family, he is most taken with the $15 helicopter so far.
What is recourse in this situation? Subpoena slashdot for the user information attached to our screen names? That'll accomplish nothing but give him a list of usable e-mail addresses to add to his bulk-mailer scripts. I feel no remorse here. I personally wish I had signed him up for some great mailers from PETA, NAMBLA, various anti-abortion groups, and pretty much anything from Jerry Falwell. His harrassment is the best schadenfreud I can think of.
I assure you, I'll be sleeping soundly tonight.
Or more likely even would be that the police would show up with some estrogen injections for you.
-You- "Who is it?"
-Police- "It's the police sir"
-You- "Ummm.. can I help you?"
-Police- "We're here with some estrogen sir."
-You- "Why?"
-Police- "Well, we received a disturbing 911 from your Tivo, it said your testicles needed to be taken back a notch."
Agreed. When I came back to the US, after living in South Korea with no American radio or television, I went with my friends to a movie they wanted to see. The only thing I knew was it was called "Ghost and the Darkness". I bought my ticket and watched the flick with the rest of them. When the realization of what was happening and why was revealed, I was just engrossed. 'Wow!' 'How wild is that?' 'Imagine!'
My friends were very ho hum, and when we walked out at the end, said they didn't care for the movie, and that was it. To me, walking in totally blind to everything but the movie name, it was a great flick. They already knew what was going to happen because of the previews.
Even better was when I happened upon "Horror Planet" one day while surfing the UHF. I watched it from beginning to end, and when it did end (no spoilers here) I just sat there in my chair totally dumbfounded. 'That's not how movies end' 'WTF?' Then about an hour later, it hit me. How incredibly cool was that? Not only was it not predictable, but it completely threw cinematic convention out the window. Terrible movie, but hey, you should watch it just to see it all the way through. Don't read any spoilers though, it'll take away from the experience.
Now home is a different story. The primary machine runs Win2K Pro, for games, but more importantly to serve as a buffer from my wife's wrath. You see, I loaded Gentoo on it once after a drive crashed. My wife came home, saw KDE, and my consoles piled up on it, and blew her top. I cherished the sexual side of our marraige enough to put Windows back on it, and relegated my Gentoo install back to the crufty machine. I may be a geek-at-heart, and I love linux as much as the next guy, but uptime/tweakability/power/toolset/zealotness is just no substitute for sex.
So.. in short, the reason I have windows on two out of four machines I use daily:
Work - Corporate Standard + PHB
Home - Sex
Actually, not true, most movie theatres get the movie the night before the day it premiers, and the movie is usually put together that night, late, after the theatre closes.
Well, when I was working for a theater a few (ahem) years back, we got the movies two weeks in advance. This was at a Loews. We used to have employee night on Fridays after the theater closed and watch all the new stuff weeks before others got to see it. 'Course then downloading over the internet wasn't really a problem because 2400 baud connections to the local BBS was pretty cutting-edge in those days.
I just dated myself there didn't I...?
While running some trajectory simulations through MacSpin 2.0 on my Mac Classic back in 1991, I had MacSpin bail on me and the entire System froze to this bizarre gray screen with a single dialogue box. It said:
You have entered the Twilight Zone at sector -27359. Continue?
The only button said 'OK'.
I actually called Apple about this error, and after chewing on it for about 12 hours, they called me back and said they felt it was a trap left in by the programmers of MacSpin, and to just reboot.
Just out of interest, has anyone here realized the potential weaponry we already have to stop potential attacks from the RIAA, MPAA, et al? Folks, we control the routers. Last time I looked, the internet was an organic beast controlled more or less by us. (checking my router monitoring CGI scripts) If you don't like the policies, or 'legitimately' fear an attack from a network, then isn't our responsibility to either route around them, or crank up some access-lists to block them? Attacks from a network certainly generate access-lists on my WAN routers.. I'll just leave you folks with that, and let you marinate on it...
In the shatter exploit he's linking on his website, there is a virus in the sploit.bin file. It's a W32.Beavuh, and Norton Corporate flagged it immediately. So, surfer beware! It's hard to take security fame-seekers seriously when their code is trojaned.
don't give 'em any ideas!
Looks over shoulder warily
We're extremely co-located here at my current job. In fact the closest server is two hours from me. (This is for security reasons) Anyway, we do it all with just a few terminals and a whole lot of VNC. I think the best answer for you is to set up a few simple boxen that exist to only run VNC sessions for guests and the like, and then hook up a tunnel encryption to the servers if you are worried about it. I can honestly say that Zebedee has been the easiest thing to set up. It runs over port 11965 if you want to push it out the firewalls as well.
KVM switches rock, but tie you to one location, and then you fight over the terminal with the other admins. When you can do it all from your desk with just a click, why not?
Not having a GUI?!?
/etc/snort/snort.conf
I've been running Snort for some time now, and love it! I'm using MySQL logging with ACID and ADODB under Apache for a front end. You just can't get any easier than fill-in-the-blanks SQL querys and intuitive packet layouts. Obviously, they want a strictly out-of-the-box product, and aren't willing to invest any time to make a solid IDS.
As to the false positives, I can concur that in the beginning it was daunting seeing the flood of alerts, but in time, you figure out what is normal and what is not. A little restructure, or a few rule overrides, or rewritten rules, and it's seamless. All it takes is time. This is akin to bitching that your fresh *nix install doesn't have everything just the way you want it, with all your custom apps and modules. You can easily reduce the number of snort alerts by passing the command option as:
snort -D -o -i eth2 -c
This (the -o) changes the rules order to Pass:Alert:Log killing home network normal activity before alert processing. It helps immensely!
Haryy's quest to continue to find He-Who-Must-Not-Be-Named as he journeys across the wild and exotic backdrop of rural China. Along the way he encounters the loveable but stern Master who takes him in and teaches him Leopard-Style Kung-Fu, the only Kung-Fu capable of beating the Voldemort's Dragon-Style. Armed with a quarter staff and the ability to make feathers float, he resumes his quest only to finally meet up with Voldemort against the oft-used-but-still-unappreciated-backdrop of the Great Wall. They challenge each other, make feathers float, then begin the fateful duel. Hilarity ensues. This book has dubbbed speech, or you can choose the subtitle option, where the english shows up at the bottom of the book as a footnote.
You're right about the treatment given theoretical vs. actual threats by most companies. I don't know what the cure for that is going to be. Complancency with regard to systems updating and patching, as we have discovered (read: Code Red), affects us all. In the case of Code Red or Nimda, which used an arsenal of attacks that had patches already released, the liability landed squarely on the admins shoulders.
I think that BugTraq and it's ilk are valuable tools for the discussion and dissemination of information, and I admittedly would be lost without them.
I have no problems with liability being ascribed to the software-house when an exploit is disclosed, and nothing is done to fix it. Financial awards are the only thing that is going to wake the industry up from it's casual disregard.
What I do think turns the tables is when the security company releases proof-of-concept code into the mailing lists of the world. BugTraq is a lifesaver. I wouldn't be adequately informed without it. However, I don't think for a second that easily half the subscribers to the list are script kiddies looking for some nice code to drop in their lap. In this case, I think the liability points directly to the security company for failure to use common sense and good disclosure practices.
Can you imagine what would happen if everyone who was affected by a worm generated from proof-of-concept code filed a class action against the company that released the code? If each plaintiff only sued for man hours lost, the damages would be astronomical. This weapon could be wielded at Microsoft or any other company as well that failed to patch an exploit that was reported diligently using best-practices, and later used as a worm.
Usually the only way to make companies listen is to hit them where they'll notice.
that would explain all the firewall hits from 64.28.67.150.
/.
Offtopic == they dont get it
In this particular case, I think your signature is going to be right on target...
For those that don't get it, that's the public IP for
It is becoming increasingly discouraging when the 'security consultants' are releasing more exploits than any group of crackers ever could. It seems that BugTraq and NTBugTraq are full of more and more exploit traffic by these companies that are supposed to be protecting us from the threats. It looks to me like these companies are actively engaging in the process of breaking software, pointing to the offending buffer, then proclaiming "See! We help you by protecting you from someone who might have discovered this! By the way, here is the code for 'proof of concept' that any moron with gcc can load on his 1337 box for a little Friday night shenanigans!"
When is the security end-user community going to come together and fight this as a united front? Make the repurcussions for releasing exploit code so financially devastating, that companies will tremble in fear of releasing -anything- without following proper disclosure.
Perhaps litigation and financial awards would be a good start. I know eEye should owe me some money for their wonderful disclosure prinicipals last summer.. It was a long weekend rebuilding all our ftp servers.
My take on this article is that what they are seeking to do is essentially drop honeypots on the P2P nets to discourage would-be downloaders of copyrighted material. Using misleading tags to trick someone into being redirected to a web /dev/null isn't anything new, or particularly illegal for that matter. The warez and porn sites are practically doing that anyway with the 'vote for me before I'll let you mouse-over this option' redirects, and 248 pop-ups of promising links of underage girls and unsuspecting barnyard mammals. There is no mention of Denial of Service or anything destructive. In fact, the article goes out of it's way to specifically state, that there will be no attacks that will be detrimental to carriers or the downloader's machine. Sounds like they're trying a new tactic, and as much as it might disappoint me, there is certainly nothing that I can find that raises the morality alarms. Just another pawn moved on the board while both sides jockey for the quickest checkmate.