" Note, by the way, that Caltech demanded Harvey Mudd to return the cannon on threat of legal action only after Caltech students attempted to negotiate with Harvey Mudd's administration in good faith for a number of ways to recapture the cannon--including air-lifting it and moving it in the middle of the night. When Harvey Mudd declined all such negotations, it was clear that Harvey Mudd wasn't playing along, that the act of "prankerism" became an act of theft, and that's when the lawyers were called in. "
Am I the only person who keeps thinking of this Guy?
My experiences (and links to a few of my papers)...
I realized that (while reconfiguring and dropping my crypto) that a neighbor came onto my wireless network.
The obvious thing to do would have been to shup him out, and secure the network. Since I maintain data on a seperate drive (with its own power supply), I cut the drive out, and decided that I had a great opportunity to practice with my security tools.
I did a paper on what I found (was published in 2600: The Hacker Quarterly):
http://iamsam.com/papers/Tracking_Wireless_Neighbo rs.htm
What's interesting is that if someone connects to your wireless access point, they can also put themselves at risk. Their network shares or shared drives can be exposed, their VPN or other simultaneous network connections may potentially be traversed by you, etc... So, this isn't truly a one-way-street
I also did an earlier article on what I saw with my wireless PDA walking through Times Square.
http://iamsam.com/papers/Warwalking_in_Times_Squar e.htm
My other papers (http:// www . i am sam . com)
(Remove Spaces)
Sam
Sam Nitzberg
sam @ i am sam . com
(remove spaces to e-mail)
Unless the school has a segregated network specially set up for this, there could be all kinds of potential problems. Students running sniffing tools could see data that other students might consider confidential (even regardless of university policies that might not cover this). Some scanning and sniffing techniques may compromise the network, and risk crashing workstations, servers,or network devices.
I wonder what the professor's response would be if a student were able to monitor the professor's computer session, or capture his e-mail.
Of course, a fast-track to an "A" might be for a group of students to set up an enclave of systems, set up attacks, and monitor them with appropriate tools.
One paper I published (2600 Magazine. It's also on my website) - I described how a neighbor came onto my wireless network, and how I was able to watch him with various tools. Naturally, I kept my data on a seperate drive and powered down. These students could set up a wireless access point, and see who comes onto it.
Sam Nitzberg http: / / w w w . i a m s a m . c o m s a m @ i a m s a m . c o m
As I recall, the frequency range covered by Wireless 802.11 A,B,and G (approx 2.4 and 5.0 GHz) is in the unregulated spectrum. OK that might not be the exact technical term (repliers invited to provide correct details).
I think that any attempted regulation here might only be within the realm of the FCC's authority. Is this body within its rights or authority to attempt regulation on this?
"Have you bought and played any music CDs lately?"... There are standards for what constitutes a "CD" (I am not familiar with the technical definition - and I imagine an audio CD, in particular... I am thinking of any formal definition that Phillips (?) might have done years ago...
As soon as there is software on the CD, does it fit this formal definition, or must / should it actually be called something else? If the "CD" is not clearly labeled (that it's a variant of the audio CD definition), is this a fundamental misrepresentation?
In 1996, I did a related ACM (Association for Computing Machinery) publication: Emerging Security Issues Involving the Presence of Microphones and Video Cameras in the Computing Environment
"(*) I truly have no idea how one backs up a petabyte"
I honestly don't know how to either, but part of the solution may involve trucks and tapes and an off-site storage facility. In the event of a disaster, reloading the data set will likely be non-trivial, and not cheap either. Of course, there is some "latency" in this model.
I doubt that sending this data off over a network pipe will be a viable approach...
I'd find organizations that have backed up huge amounts of data - and investigate with them an appropriate solution for you that covers both routine data loss, as well as disasters.
Your backup management solution may in and of itself be quite costly...
I did a little PDA Security article a while back that was published in BlackListed 411! magazine. It briefly surveys a number of key issues, and has some good links/ references at the end.
I think that buffer overruns and the need for proper and effective memory management were properly understood and built into systems such as the IBM System 360 and System 370 - decades ago...
I'd recommend a cable-together with a lock. Not perfect security, but it helps, especially if / when she takes the notebook anywhere to work on it. All notebooks pretty much support a universal notebook-lock system.
Get a seperate external USB drive (or other device) to copy her files to. Should the machine go missing (and its not kept with the USB drive), she will have her data - this may be worth more to her than the $1000 that "commodity" notebooks are going for... She can move data off of the notebook entirely that she's not using. Should the notebook go missing, noone gets here documents. Also, with basic crypto software, this can help protect her documents, photos, papers, etc.
My iPaq has an accessory CF-card expansion sleeve (PCMCIA - format also available). My gps card plugs right in... GPS Software can be had for as little as $10 on clearance... no problem. If your model doesn't support the expansion sleeve (some of the new ones might now, you can still use bluetooth GPS...
Slashdot Mirror
Muuuuaaaaahahahahhahahahahahahaha ! ONE BILLION DOLLARS !
That just reminded me that one of the (older?) terms for perfume-spray bottles is "atomizer" :-)
"
Note, by the way, that Caltech demanded Harvey Mudd to return the cannon on threat of legal action only after Caltech students attempted to negotiate with Harvey Mudd's administration in good faith for a number of ways to recapture the cannon--including air-lifting it and moving it in the middle of the night. When Harvey Mudd declined all such negotations, it was clear that Harvey Mudd wasn't playing along, that the act of "prankerism" became an act of theft, and that's when the lawyers were called in.
"
Am I the only person who keeps thinking of this Guy?
http://en.wikipedia.org/wiki/Harry_Mudd
My experiences (and links to a few of my papers)... I realized that (while reconfiguring and dropping my crypto) that a neighbor came onto my wireless network. The obvious thing to do would have been to shup him out, and secure the network. Since I maintain data on a seperate drive (with its own power supply), I cut the drive out, and decided that I had a great opportunity to practice with my security tools. I did a paper on what I found (was published in 2600: The Hacker Quarterly): http://iamsam.com/papers/Tracking_Wireless_Neighbo rs.htm
What's interesting is that if someone connects to your wireless access point, they can also put themselves at risk. Their network shares or shared drives can be exposed, their VPN or other simultaneous network connections may potentially be traversed by you, etc... So, this isn't truly a one-way-street
I also did an earlier article on what I saw with my wireless PDA walking through Times Square.
http://iamsam.com/papers/Warwalking_in_Times_Squar e.htm
My other papers (http: // www . i am sam . com)
(Remove Spaces)
Sam
Sam Nitzberg
sam @ i am sam . com
(remove spaces to e-mail)
Unless the school has a segregated network specially set up for this, there could be all kinds of potential problems.
Students running sniffing tools could see data that other students might consider confidential (even regardless of university policies that might not cover this).
Some scanning and sniffing techniques may compromise the network, and risk crashing workstations, servers,or network devices.
I wonder what the professor's response would be if a student were able to monitor the professor's computer session, or capture his e-mail.
Of course, a fast-track to an "A" might be for a group of students to set up an enclave of systems, set up attacks, and monitor them with appropriate tools.
One paper I published (2600 Magazine. It's also on my website) - I described how a neighbor came onto my wireless network, and how I was able to watch him with various tools. Naturally, I kept my data on a seperate drive and powered down. These students could set up a wireless access point, and see who comes onto it.
Sam Nitzberg
http: / / w w w . i a m s a m . c o m
s a m @ i a m s a m . c o m
Suddenly, I don't feel so bad about eating duck anymore...
:-)
Actually, I already didn't feel bad about eating duck
... "WTF is FTW?"
FTW = (WTF) ^ -1
QED
- - -
ok - I put this here because the 'lameness' filter didn't like all the CAPS......
Yes - a piss-poor pun,indeed :-)
As I recall, the frequency range covered by Wireless 802.11 A,B,and G (approx 2.4 and 5.0 GHz) is in the unregulated spectrum. OK that might not be the exact technical term (repliers invited to provide correct details).
I think that any attempted regulation here might only be within the realm of the FCC's authority. Is this body within its rights or authority to attempt regulation on this?
"Have you bought and played any music CDs lately?" ... There are standards for what constitutes a "CD" (I am not familiar with the technical definition - and I imagine an audio CD, in particular... I am thinking of any formal definition that Phillips (?) might have done years ago...
As soon as there is software on the CD, does it fit this formal definition, or must / should it actually be called something else? If the "CD" is not clearly labeled (that it's a variant of the audio CD definition), is this a fundamental misrepresentation?
Anyway, it's a thought...
In 1996, I did a related ACM (Association for Computing Machinery) publication:
_ 2000/emergent_security_issues_involving_microphone s_and_cameras_2000.html
Emerging Security Issues Involving the Presence of Microphones and Video Cameras in the Computing Environment
It is located here:
http://iamsam.com/papers/sigsac/sigsac.htm
It cites the actual CERT (Carnegie Mellon University Computer Emergency Response Team) Microphone Advisory:
CERT CERT ADVISORY CA-93:15
There is also a revised version from 2000 here :
http://iamsam.com/papers/emergent_security_issues
For anyone interested, my other papers are available here: http://www./ iamsam . com
Regards-
Sam
"(*) I truly have no idea how one backs up a petabyte"
I honestly don't know how to either, but part of the solution may involve trucks and tapes and an off-site storage facility. In the event of a disaster, reloading the data set will likely be non-trivial, and not cheap either. Of course, there is some "latency" in this model.
I doubt that sending this data off over a network pipe will be a viable approach...
I'd find organizations that have backed up huge amounts of data - and investigate with them an appropriate solution for you that covers both routine data loss, as well as disasters.
Your backup management solution may in and of itself be quite costly...
- Sam
Yogi Berra
http://en.wikiquote.org/wiki/Yogi_Berra
5^3 != 5*10^3 .LT. 200+
125 != 5E3
125 != 5000
BTW
125
" They've been dealing with rootkits seemingly forever. How did they manage?"
t ations/i002.02.html
tripwire - there's a commercial version available, and I've used the free version. Creates checksums to compare your system against...
A brief description here... (with download and install instructions)
http://www.cert.org/security-improvement/implemen
Sam
http:/// www . iamsam . com
It's not exactly the same thing, but the most powerful and clever C code example with an 'underhanded' purpose must be Ken Thompson's classic...
/www . iamsam . com
Reflections on Trusting Trust
http://www.acm.org/classics/sep95/
Other interesting papers that come to mind include Tom Duff's on Unix viruses, as well as McIlroy.
Sam
sam @ iamsam.com
http:
I did a little PDA Security article a while back that was published in BlackListed 411! magazine.
It briefly surveys a number of key issues, and has some good links/ references at the end.
For anyone interested, you can read it here:
http://iamsam.com/papers/PDA_Security.htm
Later-
Sam
Sam Nitzberg
sam @ iamsam . com
http:/// www. iamsam. com
2112...
could be a great yerar for Rush to play at Olympics !
-- Sam
Maybe they're just getting ready for the power supply testing for when the Pentium 5's are ready....
Iteration and loop counting is nice, but leads to reader fatigue and antipathy...
;-)
To ensure readability, make sure to translate all iterator use and loop constructs to recursive function calls and definitions.
Besides, if the next programmer can't deal with it, he's unworthy
I think that buffer overruns and the need for proper and effective memory management were properly understood and built into systems such as the IBM System 360 and System 370 - decades ago...
http://en.wikipedia.org/wiki/System/360
Quantum instability???
Just how fast do you drop your toast ?????
I'd recommend a cable-together with a lock. Not perfect security, but it helps, especially if / when she takes the notebook anywhere to work on it. All notebooks pretty much support a universal notebook-lock system.
...
Get a seperate external USB drive (or other device) to copy her files to. Should the machine go missing (and its not kept with the USB drive), she will have her data - this may be worth more to her than the $1000 that "commodity" notebooks are going for
She can move data off of the notebook entirely that she's not using. Should the notebook go missing, noone gets here documents. Also, with basic crypto software, this can help protect her documents, photos, papers, etc.
My iPaq has an accessory CF-card expansion sleeve (PCMCIA - format also available). My gps card plugs right in... GPS Software can be had for as little as $10 on clearance... no problem. If your model doesn't support the expansion sleeve (some of the new ones might now, you can still use bluetooth GPS...