I agree depending on the price but it is still a great 4x drive.
I've had my 451S for about 6 months. I got it at *cough cough* Walmart for $89 (cheapest place at the time without rebates). This drive was popular and was a highly reviewed and liked. I am sure there are many already in circulation that can be used as a guinea pigs
Or even more fun, long documents you produce for meetings or public distribution. Embeded within are names harvested from your address book appended with a few choices words?
Somewhat related but using a different attack vector. A few years ago, A guy and a few of his friends I knew, would scan blocks of ISP's ip space with nmap and nbtscan tools to find open and or default Windows shares. From there using smbclient [note 1] to mount, you could edit the eudora.ini file to modify signatures, the real name, modify documents in the attachments directory, change win.ini, delete c:\*.ini and many others. Of course this was not automatted and not as efficient as what you describe but from what I saw, it raised much havok.
I bet that line in the autoexec.bat sending win386.swp | lpt1 used alot of paper and ink on bootup.
[note 1] Versions of Windows prior to W2K had a strage way of handling remote computer names that were connected to shares. If you connected to \\COMPUTER1 but specified your own computer name with the -n switch in smbclient as COMPUTER1, the shared connection would not show up on the real COMPUTER1. Bascially, the user of COMPUTER1 has no idea that anyone was connected at all and netview (or whatever it was called) would show no remote connections. If they shutdown while you were connected, they would get a prompt that COMPUTER1 was connected remotely, do you still want to shutdown. Not very informative.
fastmail.fm (aka allmail.net and many others domain names) has SSL/IMAP access on all their accounts. The paid accounts are not expensive either and the web interface, if needed, is very clean and straight to the point. It is not Yahoo like you asked for but might a good alternative if you really want to supplement your existing IMAP provider with another IMAP account. I've been using it for about a year now polling with fetchmail and have no complaints.
W2K and XP do have this. Right click on a shortcut, select the "Run As Different User" box. Disclaimer. I have no idea how this compares to sudo or su but I know it is there as I've had to use this for some applications when the users were not in the administrators or power users group for various applications before. My useage of this function and others in the past before is probably typical of 50% of the people I have worked with in the past that were paid and responsible for a Windows administration. Click around and mess with it until what you are trying to do works but have no real idea what the side effects are of what you did to get it to work. IMHO, this "ease of use" tactic is both the biggest advantage and disadvantage of administrating any version of MS Windows.
I can not site a specific year and month but back in the early eighties, Stereo Review did extensive blind A/B tests using different speakers and db levels. In one test, almost ~90% of the participants picked a certain test to sound the better then another one. That test was the same exact pair of speakers but played an average of only 1db louder. The hard part is actually picking a better sounding speaker as a cheap piece of crap with a higher efficiency will fool most people. Take a very common case like subwoofers for example. IMHO, a sealed enclosure system sonically beats a typical ported box setup in just about every aspect except for one, output level at a narrow frequency range that the speakers port is tuned too. Ask a group of people which sub woofer "sounds" better and almost every one of them will select the almost monotone thumpy but louder ported box.
I call bull on the liability thing. If your company is actually paying the bill directly to the provider, the company would be the first one contacted but the company can always point the authorities to the employee responsible. Just as using your company supplied phone to call in a death treat would not be the companies liability.
Currently modded as funny but that is almost exactly what I do now at home. My kids each have a computer in their rooms. They know I monitor the sites, the web caches, the AIM logs, and they know I use VNC. I'm sure they sneak stuff past me but I always tell them, I will eventually find out if they are doing something I do not approve of, It might not be today, or this week but I WILL eventually find it. I am not just talking about porn or gore either. I don't like when they use IE for anything other then a few specific sites (my son's main computer is Mandrake so not an issue), when they use WinMx or Kazaa or similar (I use P2P but not for music which is all they seem to use it for), download screensavers and anything else that breeds spyware and a few others. It is very clear what I do not want them doing, if they do it anyway and I find out, they lose the computer for a while or I do something that I know makes them mad, disable AIM for a few days.
That is the point, look at all the things you listed that should be required, configured, and maintained just so the *average* person can browse the web with IE. That combination of items is not something you can blame on the "stupid users need trained".
There are many many other sources of info that describe how software and malware get onto your computer using combinations of holes in Windows and IE that does not present the user an acceptance screen. The links referenced are just a sample of what is out in the wild, they are not exceptions, they are the norm.
And in rally, the drivers fix the cars during the race. Its great to see a co pilot get out every time he sees water near the track to fill up a leaking radiator so they can make it to the end. For those that have never watched or seen highlights from a race, I suggest checking the clips at the WRC web site.
Feds have a hunch drugs are being sold in your neighborhood. They take it upon themselves to search each and every house looking for them. After everything settles, they sort out the details of the illegal searches. Ya, I see that being the "best of both worlds".
Every car produced in the US has the ability to exceed any posted speed limit. Every car maker makes a point of performance and the capabilities of the cars and even note the top speed and HP. Third party companies sell modifications that increase a cars performance even more. You can not assume just because you have a car that can break the law that you are guilty of speeding. You need to be caught in the act of speeding, burning out, or driving reckless. I can go online and tell stories of me driving 120MPH in a 65MPH zone and doing burnouts in my neighborhood and still not get a ticket because I was not caught in the act or even witnessed at the scene. I have a hard time understanding how these web sites that DTV is "monitoring" for activity and the selling of these products is any different. "Oh, I can steal cable with this, I'll buy one" compared to "Oh, this will increase my top speed to 175MPH, I'll buy one" That does not mean I actually followed through with any of this and I may have never even opened the box or turned the TV on and watched anything without authorization.
You do not have to go to a sanctioned track once a year to justify owning a car that can break the speed limit.
Hell, you can buy Potassium Perchlorate, fine Aluminum powder, and some timed fuse legally online.
I've been running Samba in one form or another since 1995-1996. It was much easier to get help back then as Samba was limited in functionality and the only popular clients were DOS and W3.11. Luckily I learned the basics of Samba then as now the documentation is almost a nightmare. Samba offers at least 5 different methods of authentication and depending on what MS OS and service pack or KB fixes you have installed, things may operate differently. Roaming profiles? Domain logins? Using AD for account creation on the Samba machines? The list goes on and on. I would say the "poor" documentation comes from the success and confurability of Samba.
I bought 2 cheap machines preloaded with Linux, one Lindows and one Lycoris. I downloaded and converted them both to Mandrake within 2 weeks. At the time, I had never used Mandrake but figured it was probably better then either of the preloads. IMHO, it has been much better for me, the "home admin" to pick and choose what I wanted to install and maintain from the Mandrake and general community as a whole then being limited to what Lindows could provide. The kids did not care either way, maybe if they were maintaining their own computers, using the Lindows support and software would be an easier option and worth the money.
I don't think my situation helped Lindows, Mandrake, RH or Fedora make a buck. Maybe Lindows got a piece of my PC price but at the time, the store (Walmart) had a no OS version of the PC for same price.
A dude that owned a business on a heavily traveled road in my hometown had a completely burned to a crisp Dodge car with a flashing sign pointing to it that said, "Ask my about Joe's Dodge before buying there" (Joe's is an example, I forget the real name). The car had 2000 miles on it when the fuel line ruptured in the engine compartment. Obviously the thing went up in flames and was destroyed. The Dodge dealer claimed they were only responsible for the faulty part which was the $100 dollar fuel line. Legally I don't know what the dealer is really responsible for but bottom line was the local newspapers and everyone in the town knew the story and saw the torched car.
Modded as funny but you can pick up analog calls on some tv's.
Analog cell phones use the frequencies close to the upper end of the UHF stations. If you have an old school tv with an analog tuner, you can stretch to the upper end and pick up the conversations. Way back in the late 80's when I was living in the military barracks in Orlando my portable B&W tv picked them up fine. Back then, it seemed just about every conversation was about drugs. You also USED to be able to listen to them with a scanner but the FCC made listening to these frequencies a crime and then extended the ban several times to make it illegal to recieve the band at all and then made it illegal to modify a scanner to recieve the band. Basically the FCC made the law to protect the industy growth and acceptance and allow the cell companies to milk out the old tecnology and blow off your security and privacy. Great example of the FCC looking out for the big business. Almost as bad as the FCC giving itself authority to tell the cell companies they can modify my phone contract at will and raise the rates I negotiated months earlier to pay for an unchecked and undisclosed total amount to recover for WLNP. Think about this when the cell companies are trying to get something from the FCC in the future.
Modded as funny but I have two computers with 1.4 Durons from Walmart ($199 a piece) and they work great. Mandrake and W2K. Both play full screen dixv and xvid videos with no problems and the gaming is not too bad (thats what the consoles and MY computer are for).
I don't know either but you could try the existing known accounts for yourself on your own router. This won't help if a backdoor is there with different credentials but provide piece of mind that the two well known ones either do or do not work. Getting off topic here but the main advantage of full disclosure with bugs and similar issues like this is you have the ability to verify and test for yourself. Sure beats getting an email that a patch is available and you have no idea what it fixed or how it fixed it.
The answer to this problem is requiring every SMTP connection to be authenticated.
Comcast requires auth both within their network and when you use it from the outside. This provides a good balance between usability and security as far as their SMTP server is concerned.
But the first thing that needs to be done is to prevent machines from connecting directly out to another ISP's SMTP server.
I do not think that is a good idea from a user prespective. If everyone was using AUTH, you should be able to use any ISP's server that you have a password to use.
Hire an independent contractor to do some type of tradesman job for you (home repair, etc.), and you'll find that they greatly appreciate it if you pay them in cash.
And the fact that if and when you find out they ripped YOU off, they are harder to track down. I know this is a somewhat common practice to want cash but I'd guess that a business owner willing to defraud the government is running a shacky business and more willing to defraud you also. I'd only pay cash for contracting/helping hand work to someone I positively know.
Slashdot Mirror
don't bother with purchasing one.
I agree depending on the price but it is still a great 4x drive.
I've had my 451S for about 6 months. I got it at *cough cough* Walmart for $89 (cheapest place at the time without rebates). This drive was popular and was a highly reviewed and liked. I am sure there are many already in circulation that can be used as a guinea pigs
Or even more fun, long documents you produce for meetings or public distribution. Embeded within are names harvested from your address book appended with a few choices words?
Somewhat related but using a different attack vector.
A few years ago, A guy and a few of his friends I knew, would scan blocks of ISP's ip space with nmap and nbtscan tools to find open and or default Windows shares.
From there using smbclient [note 1] to mount, you could edit the eudora.ini file to modify signatures, the real name, modify documents in the attachments directory, change win.ini, delete c:\*.ini and many others. Of course this was not automatted and not as efficient as what you describe but from what I saw, it raised much havok.
I bet that line in the autoexec.bat sending win386.swp | lpt1 used alot of paper and ink on bootup.
[note 1]
Versions of Windows prior to W2K had a strage way of handling remote computer names that were connected to shares. If you connected to \\COMPUTER1 but specified your own computer name with the -n switch in smbclient as COMPUTER1, the shared connection would not show up on the real COMPUTER1. Bascially, the user of COMPUTER1 has no idea that anyone was connected at all and netview (or whatever it was called) would show no remote connections. If they shutdown while you were connected, they would get a prompt that COMPUTER1 was connected remotely, do you still want to shutdown. Not very informative.
fastmail.fm (aka allmail.net and many others domain names) has SSL/IMAP access on all their accounts. The paid accounts are not expensive either and the web interface, if needed, is very clean and straight to the point. It is not Yahoo like you asked for but might a good alternative if you really want to supplement your existing IMAP provider with another IMAP account. I've been using it for about a year now polling with fetchmail and have no complaints.
POP3 is soooo 1990's
I agree 100%..
W2K and XP do have this. Right click on a shortcut, select the "Run As Different User" box. Disclaimer. I have no idea how this compares to sudo or su but I know it is there as I've had to use this for some applications when the users were not in the administrators or power users group for various applications before.
My useage of this function and others in the past before is probably typical of 50% of the people I have worked with in the past that were paid and responsible for a Windows administration. Click around and mess with it until what you are trying to do works but have no real idea what the side effects are of what you did to get it to work. IMHO, this "ease of use" tactic is both the biggest advantage and disadvantage of administrating any version of MS Windows.
good thing Diebold has its ATM product line to fall back on.
Makes me wonder how that system was developed and deployed..
Maybe the atmosphere within Diebold was different back then.
I can not site a specific year and month but back in the early eighties, Stereo Review did extensive blind A/B tests using different speakers and db levels. In one test, almost ~90% of the participants picked a certain test to sound the better then another one. That test was the same exact pair of speakers but played an average of only 1db louder. The hard part is actually picking a better sounding speaker as a cheap piece of crap with a higher efficiency will fool most people. Take a very common case like subwoofers for example. IMHO, a sealed enclosure system sonically beats a typical ported box setup in just about every aspect except for one, output level at a narrow frequency range that the speakers port is tuned too. Ask a group of people which sub woofer "sounds" better and almost every one of them will select the almost monotone thumpy but louder ported box.
I call bull on the liability thing. If your company is actually paying the bill directly to the provider, the company would be the first one contacted but the company can always point the authorities to the employee responsible. Just as using your company supplied phone to call in a death treat would not be the companies liability.
Currently modded as funny but that is almost exactly what I do now at home. My kids each have a computer in their rooms. They know I monitor the sites, the web caches, the AIM logs, and they know I use VNC. I'm sure they sneak stuff past me but I always tell them, I will eventually find out if they are doing something I do not approve of, It might not be today, or this week but I WILL eventually find it. I am not just talking about porn or gore either. I don't like when they use IE for anything other then a few specific sites (my son's main computer is Mandrake so not an issue), when they use WinMx or Kazaa or similar (I use P2P but not for music which is all they seem to use it for), download screensavers and anything else that breeds spyware and a few others. It is very clear what I do not want them doing, if they do it anyway and I find out, they lose the computer for a while or I do something that I know makes them mad, disable AIM for a few days.
The firewall is one part..
Changes to Functionality in Microsoft Windows XP Service Pack 2
That is the point, look at all the things you listed that should be required, configured, and maintained just so the *average* person can browse the web with IE. That combination of items is not something you can blame on the "stupid users need trained".
It's not IE's fault - it's the fault of stupid users.
If you believe that, you are no further ahead than the people you reference.
An analysis of the 180 Solutions Trojan.
A NTBugtraq post with info.
There are many many other sources of info that describe how software and malware get onto your computer using combinations of holes in Windows and IE that does not present the user an acceptance screen. The links referenced are just a sample of what is out in the wild, they are not exceptions, they are the norm.
The only way this will stop is by educating users
I hear ya..
My back is very thankfull, and every time i have to move a CRT monitor across campus, I am reminded about how thankfull my back is.
;)
Search Google for "hand cart". They really do help
And in rally, the drivers fix the cars during the race. Its great to see a co pilot get out every time he sees water near the track to fill up a leaking radiator so they can make it to the end. For those that have never watched or seen highlights from a race, I suggest checking the clips at the WRC web site.
Feds have a hunch drugs are being sold in your neighborhood. They take it upon themselves to search each and every house looking for them. After everything settles, they sort out the details of the illegal searches. Ya, I see that being the "best of both worlds".
An article describing SI's use of digital cameras for Superbowl 38.
Every car produced in the US has the ability to exceed any posted speed limit. Every car maker makes a point of performance and the capabilities of the cars and even note the top speed and HP. Third party companies sell modifications that increase a cars performance even more. You can not assume just because you have a car that can break the law that you are guilty of speeding. You need to be caught in the act of speeding, burning out, or driving reckless. I can go online and tell stories of me driving 120MPH in a 65MPH zone and doing burnouts in my neighborhood and still not get a ticket because I was not caught in the act or even witnessed at the scene. I have a hard time understanding how these web sites that DTV is "monitoring" for activity and the selling of these products is any different.
"Oh, I can steal cable with this, I'll buy one" compared to "Oh, this will increase my top speed to 175MPH, I'll buy one" That does not mean I actually followed through with any of this and I may have never even opened the box or turned the TV on and watched anything without authorization.
You do not have to go to a sanctioned track once a year to justify owning a car that can break the speed limit.
Hell, you can buy Potassium Perchlorate, fine Aluminum powder, and some timed fuse legally online.
I've been running Samba in one form or another since 1995-1996. It was much easier to get help back then as Samba was limited in functionality and the only popular clients were DOS and W3.11. Luckily I learned the basics of Samba then as now the documentation is almost a nightmare. Samba offers at least 5 different methods of authentication and depending on what MS OS and service pack or KB fixes you have installed, things may operate differently. Roaming profiles? Domain logins? Using AD for account creation on the Samba machines? The list goes on and on. I would say the "poor" documentation comes from the success and confurability of Samba.
I bought 2 cheap machines preloaded with Linux, one Lindows and one Lycoris. I downloaded and converted them both to Mandrake within 2 weeks. At the time, I had never used Mandrake but figured it was probably better then either of the preloads. IMHO, it has been much better for me, the "home admin" to pick and choose what I wanted to install and maintain from the Mandrake and general community as a whole then being limited to what Lindows could provide. The kids did not care either way, maybe if they were maintaining their own computers, using the Lindows support and software would be an easier option and worth the money.
I don't think my situation helped Lindows, Mandrake, RH or Fedora make a buck. Maybe Lindows got a piece of my PC price but at the time, the store (Walmart) had a no OS version of the PC for same price.
Off topic but close ;)
A dude that owned a business on a heavily traveled road in my hometown had a completely burned to a crisp Dodge car with a flashing sign pointing to it that said, "Ask my about Joe's Dodge before buying there" (Joe's is an example, I forget the real name). The car had 2000 miles on it when the fuel line ruptured in the engine compartment. Obviously the thing went up in flames and was destroyed. The Dodge dealer claimed they were only responsible for the faulty part which was the $100 dollar fuel line. Legally I don't know what the dealer is really responsible for but bottom line was the local newspapers and everyone in the town knew the story and saw the torched car.
Modded as funny but you can pick up analog calls on some tv's.
Analog cell phones use the frequencies close to the upper end of the UHF stations. If you have an old school tv with an analog tuner, you can stretch to the upper end and pick up the conversations. Way back in the late 80's when I was living in the military barracks in Orlando my portable B&W tv picked them up fine. Back then, it seemed just about every conversation was about drugs. You also USED to be able to listen to them with a scanner but the FCC made listening to these frequencies a crime and then extended the ban several times to make it illegal to recieve the band at all and then made it illegal to modify a scanner to recieve the band. Basically the FCC made the law to protect the industy growth and acceptance and allow the cell companies to milk out the old tecnology and blow off your security and privacy. Great example of the FCC looking out for the big business. Almost as bad as the FCC giving itself authority to tell the cell companies they can modify my phone contract at will and raise the rates I negotiated months earlier to pay for an unchecked and undisclosed total amount to recover for WLNP. Think about this when the cell companies are trying to get something from the FCC in the future.
That is cheap.
Pricewatch
lists the CPU alone for roughly $70.
Modded as funny but I have two computers with 1.4 Durons from Walmart ($199 a piece) and they work great. Mandrake and W2K. Both play full screen dixv and xvid videos with no problems and the gaming is not too bad (thats what the consoles and MY computer are for).
I don't know either but you could try the existing known accounts for yourself on your own router. This won't help if a backdoor is there with different credentials but provide piece of mind that the two well known ones either do or do not work.
Getting off topic here but the main advantage of full disclosure with bugs and similar issues like this is you have the ability to verify and test for yourself. Sure beats getting an email that a patch is available and you have no idea what it fixed or how it fixed it.
The answer to this problem is requiring every SMTP connection to be authenticated.
Comcast requires auth both within their network and when you use it from the outside. This provides a good balance between usability and security as far as their SMTP server is concerned.
But the first thing that needs to be done is to prevent machines from connecting directly out to another ISP's SMTP server.
I do not think that is a good idea from a user prespective. If everyone was using AUTH, you should be able to use any ISP's server that you have a password to use.
Hire an independent contractor to do some type of tradesman job for you (home repair, etc.), and you'll find that they greatly appreciate it if you pay them in cash.
And the fact that if and when you find out they ripped YOU off, they are harder to track down. I know this is a somewhat common practice to want cash but I'd guess that a business owner willing to defraud the government is running a shacky business and more willing to defraud you also. I'd only pay cash for contracting/helping hand work to someone I positively know.