I read it twice. Instead of blindly taking what you are reading, think about what it says and what it doesnt say. All I am trying to point out is it sounds to me as if the prosecuters are calling the "hacking into a users computer", the act of using a mail server that does not belong to the hacker himself and spoofing the from and to fields. Indictments are not written by IT folks. I an not conviced that he was "taking control" of a users desktop and firing off emails from it. What he did in terms of "hacking" seems to me to be a very small fraction of what spammers do thousands of times a day. They use other peoples mail servers, fake the headers, and send millions of messages a day. Put that into perspective with thier claim of 117 million in fines.
If you think it is more then that would you like to share your theory on what you think they mean by he hacked into computers of unsuspecting users and from those computers launched spam e-mail attacks or how else you go about hacking into to someones computer and send spoofed email? One thing that comes to mind is maybe the unsuspecting people had unpatched *nix boxes? Who knows..
I read the article. There is nothing in there that specifies he hacked into a desktop computer or someones workstation. All of his actions of sending and spoofing emails CAN be done by connecting to the victims mail server, you don't need to connect to a workstation on a network to send mails as that person. By "hacking into other computers" your saying that he somehow connected to someones workstation, fired up Outlook or whatever the victim used for email and sent mail that way? And did this same thing on other company networks too? I'd like to know how that was done. Maybe they were all running VNC and he had the password. Another reason I don't think that happened is they spotted a Shaw IP address for the attackes. That is vague but you could assume his ip address was found in the mailservers or the outgoing mails, this would not be the case if he was using a workstation within the company. If he was sending FROM another workstation, his IP address would not be included in the email and only logged by the workstation (not likely) or some IDS or firewall which if were in use would alert others and probably prevent connecting directly to other workstations. Basically, I am assuming the judgement is not written by someone with technical knowledge and they are considering connecting to a mailserver directly as hacking and gaining unauthorized access through computer ports (like the article states). The theory he hacked into desktops to accomplish this does not make sense when you can do the same exact thing connecting directly to the mailserver without the extra hassle of trying to get to a desktop to do it.
Did he really "hack" into thier accounts or was he using them as the from field? I see complaints every day from users who claim someone "used their computer" because they got a bounce back from sobigE and they did not send it. A few years ago I sent a mail from root@localhost to root@localhost to a user on a LUG mailing list using his machines mailserver with the subject, "HAHA, I have your root password now." He posted to the LUG mailing list the next day and although many theories were flying around, not one person suggested it could have been a fake email. Basically everyone assumed he was hacked and he finally reinstalled his entire system.
Backup your maildir on your IMAP server? A simple tar command will do that for you and you can move and store the resulting file to any PC or burn it to a cd for safe keeping. Doing that elimiates using a specific mail client that provides that functionality which kind of defeats the purpose of using IMAP in the first place. As long as the IMAP format does not make any drastic changes in the future, you will always be able to restore that mail and read it again with any future mail client, or notepad and pico if you want to. Using a client to back it up would more then likely make your backup proprietary and not as easy to get back into another IMAP server later.
Even though the free version they offer is not licenced for network use, it will still act on viruses that found on accessed files located on mapped drives. I WAS using free-av which was comparable but would not even scan remote files. I am just pointing this out, not trying to get someone to violate the licence they have on the free version.
Imagine GM having a patent for an oil light for your car. What about a tachometer to monitor engine speed. How about movable windows in a car. What about a bumper? Add computer or internet into it and you can get a patent.
I have never used it over wireless but I use it many times daily at work on a 100mbit switch. It takes about 9-13 minutes to pull a 2.1GB image over from our P3-1ghz Samba server. We have different types of hardware so we use sysprep with a decent sysprep.inf so you can add another 5 for it to boot up and get a login prompt the first time. I do not consider a 15 minute average from any problem to total reinstall a long time and probably much less then it would take someone to troubleshoot any single application and reinstall that app if required. I'm sure the wireless would add a significant delay but you could always plug it in and do it.
"According to four of SCO's board members, Mcbride is a top five influential executive."
They would be right. Influential meaning having or exercising influence. It does not have to be a "good" influence to be influential. Drugs use in public schools is influential, a neighborhood bully is influential and I fully agree, recently McBride has been very influential and acting like he is under the influence.
To add. You could split the number in half (every other bit going to either file A or file B) and then run each file through some type of algorithm. If these file were distrubuted separately, you would be one step further from being accused of distributing any type of IP as each file independent of the other one is completely useless. Of course someone might "find" each half, run the algorithm and put them back together. In this situation, it would be vary hard to prosecute an individual unless they were distributing both files. You could take this a little further and break it up into 20 or 50 pieces.
Another situation, not really practical though.
20 different people post 1/20th of the resulting broken up number on a web page in plain text. Someone makes a list of web sites that you could then go through and download all 20 parts. The next step would be software to automate this function. What if these files were posted to Usenet in a text group? What about a binary group? What about software to automate the process of piecing all the parts together?
P2P like KaZaa has some of these features now with the exception of everyone having the whole resulting number already, you only get pieces from them and reesemble. What if they were only distrubuting pieces? And I'm not talking about sequential bits of the original number that could used to create a smaller portion of the original.
Double edged sword there... These are the same DSL companies that want to tier service and/or cut off the so called top 5% that use more bandwidth then the others. So enough file sharing ability to get you interested in DSL but not too much that you might cost us more in bandwidth fee's. What a business plan.
That application had been customized by a former employee, but the original perl source was deliberately obfuscated, and the customizations were an ugly hack, completely undocumented, and had been done by an employee who was later fired.
Wow, that "guy" gets around. Everyone who inherits code must have got it from that same guy as they all have the same exact complaints.
Funny thing is a quote from CAGW is being served by none other then microsoft.com themselves. Odd situation here.. they are against wasting tax payer money so they stand with MS's fight against using open source in the government.
One of their press releases released last year looks very similar to the recent MA complaints. The president of CAGW seems to have somewhat good intentions as a whole, but does not seem to have enough knowledge of the commercial software industry to justify his postion on this issue. Saving taxpayers money is one thing and consistant with what CAGW stands for, the theory he has I quoted below is good, but his final conclusion on how this can actually save taxpayer money is very misguided and provides the opposite of what he is trying to point out. Spoon fed?
When purchasing software, the government should examine which products are the most compatible, efficient, technologically advanced, and cost-effective on the market. Purchasing source codes would provide no inducement for software makers to become competitive and would hinder the development of new products.
I wonder if he could explain what he means by that or who is he looking out for there. Maybe someone should ask him how far in the future he is looking or if he is aware of Microsoft's save some now but pay later and forever method of licensing through "software assurance" and their long standing history of making sure just enough information is held back to make any true competition is hard to find. Add in the cost of getting everything MS so it works just right or to ensure compatibility and it looks much worse.
Like through the drywall and getting stuck behind there. I had one in between the walls and actually thought of letting him stay in there but I did not have the conscience and did not want to smell him when he died. He chewed his way in there, why could he not chew his way out. I could hear him for days. I finally cut several large holes in the wall until he finally popped out. My advice.. If you want small furry animals, get some small white mice. They are cheaper then hamsters as most pet stores have them as feeders. A hamsters whole goal in life is to escape from the cage and will spend every awaken hour trying. Mice seem to be content walking around in the area you provide them plus they are much more active and funner to watch on the wheel. They will get out of given the chance but they are not actively looking for a passage.
OP is quoting or paraphrasing an interview (at the bottom) from Chris Wypol and seen on EWeek.
I find it very odd that Chris Wysopal is trying to completely blow off the context of the study and making the comparison with a flaw in TCP/IP. His statement is a 100% a pure corporate puppet remark and pretty much sums up where @Stakes interests really are.
He SPECIFICALLY stated he was NOT representing his employer. How much clearer could he make that? Knowing where he works and who he was representing in the paper was VERY clear and spelled out.
If he said "Production Line Worker, General Motors", would that mean he was representing GM? What if he stated he was catholic, would that mean he was representing the Pope?
Do you think that if had no specific reference to CTO of @Stake that the outcome here would be any different and he'd still be working there? What would you suggest he should have done? Do you think your idea would have prevented him from being fired?
IMHO, he was fired because MS is their biggest client and as a consultant, he said something negative about them (on his own time). In the financial industry this process is heavily regulated by the SEC and can be labeled as deceptive and is illegal. Not illegal in the non finacial world but definately a questionable practice.
Funny you mentioned that. In the DC area there is actually commercials for the those warcraft by Boeing and LM, they've been on news radio for years (the radio news station, WTOP is the most listened to station in the area). I assume these organizations are trying to influence decision makers in the area but we all get the *pleasure* of hearing them. Verizon vs SBC using the "voices for choices" campaign, GE and the Hudson river contamination, the steel industry in support of the Bush (just heard today), various auto industry and enviromental groups etc... Some are directly related to political parties but most are companies or organizations trying to flood public and law makers in the area with their side the story before some upcoming legislation gets rolling.
If you have having a technical problem, don't give up.. If you just don't want to use it, oh well. Just like usenet, there are still the diehard anti yEnc's out there but they are decreasing in number quickly. If you can't beat 'em, join 'em
I really don't know what caused Cingular networks problems but I HAVE noticed an increase in blaming problems on viruses. Maybe there really is a connection but it seems odd. Our company switched all of our data over to Sprint recently and within a week we had major packet loss. Sprints answer was the Blaster virus. Well for the past month we have had the same sporadic packet loss and I really doubt the Blaster virus is the root cause. Recently they moved us over to "a different blade" to try to resolve one of the outages. Sounds like people are very quick to jump on the virus bandwagon. Veritas seems to be taking the same road. Their first step for any troubleshooting always seems to you reboot everything. Then they move on to the potential virus thing. I take it with a grain of salt, maybe it is, maybe not but seems like an excuse.
Slashdot Mirror
if all the wires in the CPU are treated like transmission lines and properly terminated
Considering the size and density of a CPU and 2.4Ghz having a wavelength of 125mm, do you really think wavelengths are a design factor?
I read it twice. Instead of blindly taking what you are reading, think about what it says and what it doesnt say. All I am trying to point out is it sounds to me as if the prosecuters are calling the "hacking into a users computer", the act of using a mail server that does not belong to the hacker himself and spoofing the from and to fields. Indictments are not written by IT folks. I an not conviced that he was "taking control" of a users desktop and firing off emails from it. What he did in terms of "hacking" seems to me to be a very small fraction of what spammers do thousands of times a day. They use other peoples mail servers, fake the headers, and send millions of messages a day. Put that into perspective with thier claim of 117 million in fines.
If you think it is more then that would you like to share your theory on what you think they mean by he hacked into computers of unsuspecting users and from those computers launched spam e-mail attacks or how else you go about hacking into to someones computer and send spoofed email? One thing that comes to mind is maybe the unsuspecting people had unpatched *nix boxes? Who knows..
I read the article. There is nothing in there that specifies he hacked into a desktop computer or someones workstation. All of his actions of sending and spoofing emails CAN be done by connecting to the victims mail server, you don't need to connect to a workstation on a network to send mails as that person. By "hacking into other computers" your saying that he somehow connected to someones workstation, fired up Outlook or whatever the victim used for email and sent mail that way? And did this same thing on other company networks too? I'd like to know how that was done. Maybe they were all running VNC and he had the password. Another reason I don't think that happened is they spotted a Shaw IP address for the attackes. That is vague but you could assume his ip address was found in the mailservers or the outgoing mails, this would not be the case if he was using a workstation within the company. If he was sending FROM another workstation, his IP address would not be included in the email and only logged by the workstation (not likely) or some IDS or firewall which if were in use would alert others and probably prevent connecting directly to other workstations. Basically, I am assuming the judgement is not written by someone with technical knowledge and they are considering connecting to a mailserver directly as hacking and gaining unauthorized access through computer ports (like the article states). The theory he hacked into desktops to accomplish this does not make sense when you can do the same exact thing connecting directly to the mailserver without the extra hassle of trying to get to a desktop to do it.
Did he really "hack" into thier accounts or was he using them as the from field? I see complaints every day from users who claim someone "used their computer" because they got a bounce back from sobigE and they did not send it. A few years ago I sent a mail from root@localhost to root@localhost to a user on a LUG mailing list using his machines mailserver with the subject, "HAHA, I have your root password now." He posted to the LUG mailing list the next day and although many theories were flying around, not one person suggested it could have been a fake email. Basically everyone assumed he was hacked and he finally reinstalled his entire system.
Backup your maildir on your IMAP server? A simple tar command will do that for you and you can move and store the resulting file to any PC or burn it to a cd for safe keeping. Doing that elimiates using a specific mail client that provides that functionality which kind of defeats the purpose of using IMAP in the first place. As long as the IMAP format does not make any drastic changes in the future, you will always be able to restore that mail and read it again with any future mail client, or notepad and pico if you want to.
Using a client to back it up would more then likely make your backup proprietary and not as easy to get back into another IMAP server later.
Or mediaplayer classic.
Even though the free version they offer is not licenced for network use, it will still act on viruses that found on accessed files located on mapped drives. I WAS using free-av which was comparable but would not even scan remote files. I am just pointing this out, not trying to get someone to violate the licence they have on the free version.
Imagine GM having a patent for an oil light for your car. What about a tachometer to monitor engine speed. How about movable windows in a car. What about a bumper?
Add computer or internet into it and you can get a patent.
I have never used it over wireless but I use it many times daily at work on a 100mbit switch. It takes about 9-13 minutes to pull a 2.1GB image over from our P3-1ghz Samba server. We have different types of hardware so we use sysprep with a decent sysprep.inf so you can add another 5 for it to boot up and get a login prompt the first time. I do not consider a 15 minute average from any problem to total reinstall a long time and probably much less then it would take someone to troubleshoot any single application and reinstall that app if required. I'm sure the wireless would add a significant delay but you could always plug it in and do it.
with Apple having the edge in classroom integration experience.
Can someone explain what that means. Integration with what?
Maybe they were going to publish it themselves.
"According to four of SCO's board members, Mcbride is a top five influential executive."
They would be right. Influential meaning having or exercising influence. It does not have to be a "good" influence to be influential. Drugs use in public schools is influential, a neighborhood bully is influential and I fully agree, recently McBride has been very influential and acting like he is under the influence.
Yeah but look what Skynet was able to acomplish with only a piece of a CPU.
You can change IE's default to Google with this
I mainly use Mozilla and I use the Google toolbar from here.
To add.
You could split the number in half (every other bit going to either file A or file B) and then run each file through some type of algorithm. If these file were distrubuted separately, you would be one step further from being accused of distributing any type of IP as each file independent of the other one is completely useless. Of course someone might "find" each half, run the algorithm and put them back together. In this situation, it would be vary hard to prosecute an individual unless they were distributing both files. You could take this a little further and break it up into 20 or 50 pieces.
Another situation, not really practical though.
20 different people post 1/20th of the resulting broken up number on a web page in plain text. Someone makes a list of web sites that you could then go through and download all 20 parts. The next step would be software to automate this function. What if these files were posted to Usenet in a text group? What about a binary group? What about software to automate the process of piecing all the parts together?
P2P like KaZaa has some of these features now with the exception of everyone having the whole resulting number already, you only get pieces from them and reesemble. What if they were only distrubuting pieces? And I'm not talking about sequential bits of the original number that could used to create a smaller portion of the original.
Double edged sword there... These are the same DSL companies that want to tier service and/or cut off the so called top 5% that use more bandwidth then the others. So enough file sharing ability to get you interested in DSL but not too much that you might cost us more in bandwidth fee's. What a business plan.
Wow, I've heard your type of reply to posts so may fucking times its... oh wait.
That application had been customized by a former employee, but the original perl source was deliberately obfuscated, and the customizations were an ugly hack, completely undocumented, and had been done by an employee who was later fired.
Wow, that "guy" gets around. Everyone who inherits code must have got it from that same guy as they all have the same exact complaints.
Funny thing is a quote from CAGW is being served by none other then microsoft.com themselves. Odd situation here.. they are against wasting tax payer money so they stand with MS's fight against using open source in the government.
One of their press releases released last year looks very similar to the recent MA complaints. The president of CAGW seems to have somewhat good intentions as a whole, but does not seem to have enough knowledge of the commercial software industry to justify his postion on this issue. Saving taxpayers money is one thing and consistant with what CAGW stands for, the theory he has I quoted below is good, but his final conclusion on how this can actually save taxpayer money is very misguided and provides the opposite of what he is trying to point out. Spoon fed?
When purchasing software, the government should examine which
products are the most compatible, efficient, technologically advanced, and
cost-effective on the market. Purchasing source codes would provide no
inducement for software makers to become competitive and would hinder the
development of new products.
I wonder if he could explain what he means by that or who is he looking out for there.
Maybe someone should ask him how far in the future he is looking or if he is aware of Microsoft's save some now but pay later and forever method of licensing through "software assurance" and their long standing history of making sure just enough information is held back to make any true competition is hard to find. Add in the cost of getting everything MS so it works just right or to ensure compatibility and it looks much worse.
Like through the drywall and getting stuck behind there. I had one in between the walls and actually thought of letting him stay in there but I did not have the conscience and did not want to smell him when he died. He chewed his way in there, why could he not chew his way out. I could hear him for days. I finally cut several large holes in the wall until he finally popped out. My advice.. If you want small furry animals, get some small white mice. They are cheaper then hamsters as most pet stores have them as feeders. A hamsters whole goal in life is to escape from the cage and will spend every awaken hour trying. Mice seem to be content walking around in the area you provide them plus they are much more active and funner to watch on the wheel. They will get out of given the chance but they are not actively looking for a passage.
Did you even read the paper?
OP is quoting or paraphrasing an interview (at the bottom) from Chris Wypol and seen on EWeek.
I find it very odd that Chris Wysopal is trying to completely blow off the context of the study and making the comparison with a flaw in TCP/IP. His statement is a 100% a pure corporate puppet remark and pretty much sums up where @Stakes interests really are.
You are very correct, I did misunderstand.
He SPECIFICALLY stated he was NOT representing his employer. How much clearer could he make that? Knowing where he works and who he was representing in the paper was VERY clear and spelled out.
If he said "Production Line Worker, General Motors", would that mean he was representing GM? What if he stated he was catholic, would that mean he was representing the Pope?
Do you think that if had no specific reference to CTO of @Stake that the outcome here would be any different and he'd still be working there? What would you suggest he should have done? Do you think your idea would have prevented him from being fired?
IMHO, he was fired because MS is their biggest client and as a consultant, he said something negative about them (on his own time). In the financial industry this process is heavily regulated by the SEC and can be labeled as deceptive and is illegal. Not illegal in the non finacial world but definately a questionable practice.
Funny you mentioned that. In the DC area there is actually commercials for the those warcraft by Boeing and LM, they've been on news radio for years (the radio news station, WTOP is the most listened to station in the area). I assume these organizations are trying to influence decision makers in the area but we all get the *pleasure* of hearing them. Verizon vs SBC using the "voices for choices" campaign, GE and the Hudson river contamination, the steel industry in support of the Bush (just heard today), various auto industry and enviromental groups etc... Some are directly related to political parties but most are companies or organizations trying to flood public and law makers in the area with their side the story before some upcoming legislation gets rolling.
If you have having a technical problem, don't give up.. If you just don't want to use it, oh well.
Just like usenet, there are still the diehard anti yEnc's out there but they are decreasing in number quickly.
If you can't beat 'em, join 'em
I really don't know what caused Cingular networks problems but I HAVE noticed an increase in blaming problems on viruses. Maybe there really is a connection but it seems odd. Our company switched all of our data over to Sprint recently and within a week we had major packet loss. Sprints answer was the Blaster virus. Well for the past month we have had the same sporadic packet loss and I really doubt the Blaster virus is the root cause. Recently they moved us over to "a different blade" to try to resolve one of the outages. Sounds like people are very quick to jump on the virus bandwagon. Veritas seems to be taking the same road. Their first step for any troubleshooting always seems to you reboot everything. Then they move on to the potential virus thing. I take it with a grain of salt, maybe it is, maybe not but seems like an excuse.