The SP (Socialist Party) is adamently against software patents, GroenLinks (Green Left) replied with vaguery, but they'll basically play ball with slight amendments which they won't elaborate on in any way, the PvdA (social democrats) haven't answered at all. So, for us Dutch people, don't expect too much from the left (except of course the SP, but then, in the EP they're allied with parties that actually call themselves Communist).
Which brings us to this Reality Check: There is no anonymity on the Net, period, full stop, end of story.
Was there ever supposed to be? (Did I miss a meeting?) Is there some constitutional sub-text granting us anonymity on privately-owned Internet bulletin boards/communities? I don't believe there is... Should there be? Maybe, maybe not, but that's a topic for a different thread.
Checking out books at the library is also not anonymous, and never has been. However, there is an expectation of privacy; you don't think a librarian would run to the feds to tell them if you read one book too many about Stalin. And even if one librarian did, most of them just wouldn't give a rat's behind, nor would they feel inclined to cooperate with bothersome government requests for information on all sorts of "suspicious" persons. Not without a warrant. That stops a lot of unwarrented (no pun intended) government intrusion right there because there's this little thing called judicial oversight that curtails some of their powers. Suddenly they need a good reason to get that information. Like, due cause.
The "PATRIOT" act changes that so that librarians, ISPs, banks, etc. are forced by the FBI to spy on their customers on their behalve - on NO basis for suspicion whatsoever. There is NO judicial oversight, and the government is entirely free to do with that information what it wants, and gag everyone involved in the process.
Are you old enough to remember McCarthy? Read up on him some time.
This suit is a prime example. The feds can already get secret wiretaps if they want. If this guy was so dangerous, they could just bug his home, attach all sorts of wiretapping equipment on his telephone line, etc. But they're too lazy to do that (or more likely the guy isn't a threat), so they go after the one guy running an ISP, and then tell him that he can't argue; and now that he does he's prohibited from even discussing the effects of the "PATRIOT" act.
The "PATRIOT" act is just a thinly veiled instrument to establish a secret police that spies on US citizens. Any country that has had such a secret police can tell you how wildly succesful that approach is to enhance "national security".
There are firms out ther pushing "intelligence" software that can track people's "association" 30 degrees of separation deep. Talk about guilt by association, when it's widely assumed that you know every one in the world in only 6 degrees of separation..
I see this less as an Evil, "They're Taking Our Rights Away, Big Brother is the SuXXor!" thing as I do a testimony to the naivete of so many people raised on the Internet thinking it is some kind of Magic Utopian Prometheus-Provided Happy Cyber-Town Forum and not the built-by-the-military and run-by-businss entity it really is.
The toilet at work is owned by your boss. I don't suppose you mind if he is forced to install a covert and secret FBI camera to check for suspicious, well.. weenies..
As an aspiring network security professional, I am very impressed with your skills in tracking down traffic that you don't want on your network. I have to ask though, wouldn't it be simpler to have a desktop policy that will take away the users ability to install p2p/IM apps?
Can't use SNORT to do that;-)
Seriously though, there are some useful policies you can define for windows desktops if your workstations are hooked up to a domain/active directory.
Most useful perhaps are the Windows XP (you must use 2003 server, or define them locally) software restriction policies; you can simply define applications that aren't allowed to run, and they are identified by their hash-value, path, internet-zone or a certificate.
The path option is the most useful one, just restrict access to stuff in directories users can't write to. IIRC though, shortcuts are also affected, which is a bad thing (do you allow everything in the start menu, which is in a users profile, or disallow it and add items ad hoc?).
SMS apparently has some of this functionality as well.
Still, that is all defeated by using one of those SuSE or knoppix live CDs, becoming local administrator (simply use the password resetting bootfloppy), or as by using a laptop.
Of course you could imagine scenarios where that wouldn't work, but there is a trade off between absolute security and usability.
junkbusters has an interesting mention of something called a prohibitory order.
If you fill out USPS form 1500 against any non-governmental organization, they MUST stop sending you mail. It was originally meant to stop pornographic junk mail, but since one man's porn is another man's art, it's now up to you to determine whether you find), let's say, mortgage offers arousing and/or patently offensive.
Not really. Laws are in place to have penalties for doing the wrong thing. That's not the same as 'not doing the right thing'.
That's what tax breaks are for. If you want to stimulate something, make it a write-off. You don't even need to know exactly what it is that's causing the good things you're encouraging, just reward the outcome.
For example; lower taxes on your car if your car doesn't pollute. Or tax-breaks for the rich, because you want to encourage people to get rich.
A GOOD firewall will be doing more then just blocking ports. It will analyze packets to determine the type of comunication being used. Which is not to say such things can't be circumvented, but it is much harder then just using a proxy.
Not quite. Case in point; try blocking instant messengers on your network. Turns out that if you block specific ports, you'll find that they start using port 80.
Ok, block any IM content on port 80, and they move to port 443, that's HTTPS, encrypted.
Ok, so you block some IM server hostnames (there are many) on your DNS server and block access to outside DNS and proxies. Then you find out that there are apps such as htthost/httport that will happily run on a box outside your network accepting encrypted traffic on the HTTPS port and with HTTPS headers, but that are actually proxies (similar things can be achieved on a linux box with a simple enough shellscript). This works easily enough to be downloaded by your smarter-than-average bear.
P2P programs could easily go the HTTPS route if blocking becomes enough of a nuisance. They went route 80 (HTTP port) a long while ago.
So what are your alternatives? Perhaps degrade network performance by interrupting (apparent) HTTPS sessions once in a while so that people won't be able to use certain applications? Or disallow any kind of encrypted communications?
Creative people will always find a way around it. You're better off dealing with those sorts of threats from the inside by dealing with the people rather than the technology. That's probably also true for outside hackers, script-kiddies and virusauthors, but those you typically don't know.
Many of us have been conditioned to think that both standards and innovation are good things. And the latter is an overused word that Microsoft marketing has forced into the memestream. But really, standards tend to stifle innovation.
That all depends which layer you're looking at. Standards tend to set things in stone, which is actually a good thing when the thing you're trying to innovate lives above the standardized layer.
For example; do you really want everybody to download the newest whizz-bang version of some operating system that doesn't comply with any standards daily? You'd have to port all your stuff all the time. Not much time left to do innovative stuff!
In fact, some standards don't preclude innovation, but they abstract it out of view. Most software is easily ported amond POSIX compliant OSes, because they, well, adhere to the POSIX standards. That doesn't mean the OS can be really innovative, with whizz-bang multimedia features, a microkernel, and a database filesystem.
TCP/IP sockets are a good example of a standard that encourages innovation; you can just open a socket and write bytes to it, or read from them. Your application can be a peer2peer voip application, and the network implementation doesn't care about that. The network can be a satellite internet connection, gigabit, or even postal pigeons, and the application doesn't care about that (well.. pigeons might be a bad choice for VOIP, but stay with me here).
Of course, it isn't all good; if you want all the nifty features of IPv6 you will have to rewrite some applications.. But IPv4 has seen us through twenty odd years. I'd say that was one of them good standards.
How would engineers like it if there were no standards for bolts and rivets? Bridge building would be a nightmare!
That 30million isn't real money though because it never really leaves the football transfer system. They may as well trade in shiny beads quite frankly. Player salaries however, are different as the payment becomes the property of the player to spend, presumably, in the general economy.
That money was minted though - it came from somewhere (the rest of the economy). Let them switch to beads and give me the money!
A good example of actual fake money is "market capitalization" or "$x million in stock" (where in reality, if all those shares were dumped on the market, you couldn't find any one to buy them, most certainly not at the listed stock price). Too bad decisions about actual money are made based on phony figures like that.
Regardless of how you feel about this case, this guy wasn't caught with a few plants that had blown into his field. He was collecting the seeds from the patented plant and planting them himself.
Personally, I think (shudder) Monsanto deserved to win this case. The farmer was infringing on Monsanto's patent, and this case really is as simple as that.
Not really. You have to remember that these plants reproduce themselves. It's quite possible to 'engineer' produce that doesn't reproduce; that's what they do with potatoes for example.
Keeping seeds and planting them is not in itself a patentable technology for blindingly obvious reasons.
Let's say you get one of them nifty gene-treatments. Sure, that sort of thing should be patentable (if you agree with the notion that otherwise those cures wouldn't be developed). Now, let's say the gene-therapy also causes your subsequent offspring to be immune to a certain disease. Should you pay royalties to the pharmaceutical company for your children? Even if they never come in contact the disease and would not have needed the therapy? (Much like the crops that were never sprayed with Roundup.)
I don't think it is at all as clear cut as you put it. Which is probably the reason why it made its way to the Supreme Court. Personally, I'd be more comfortable reading the actual verdict (and any dissenting opinions) before claiming any party should 'obviously' win.
One thought though.. Why didn't Monsanto make sure the crop wouldn't reproduce? They wouldn't have to deal with intentional "copying" or with accidental "infection".
Instead of a simple technological solution they like to go the litigation route. Naturally, they are then intent on extracting as much money during the process as possible. And to use verdicts as an instrument to bully people. That's what lawyers are for.
Sound familiar? It's only what every technologically inept company with a handful of patents does. Yay for patents.
All the large companies I have worked with over the last 30 years require that individuals transfer patent rights to the company as a condition of employment. Even the university here is considering the same. What they don't realize is that the requirement stifles patent applications.
Some corporations give their employees a bonus for each patent issued in their name. IIRC Philips gives their employees $100. Though possibly an additional silver dollar might be involved. Yay.
GPG (and PGP) already compress the encrypted data. It seems PGP only use the.zip format but GPG also support bzip2 and gzip. Look at the -z and --compress-algo options of GPG.
PGP/GPG uses compression for security purposes (remove as much entropy as possible) but IIRC it doesn't archive; i.e. include multiple files (and a directory structure) in one file.
This capability is precisely what bit WinZip in the ass (WinZip lives for archiving) because they left the meta-data that lists filenames etc. unencrypted.
Archiving multiple files before encrypting them is also a good idea, since you'd be sending out as much as possible in one go - if you encrypt each file separately you're again leaving meta-data around the place (if only the fact that you sent n emails, 1 of size 10K, the other.. etc.).
Encrypted military communications lines are said to be transmitting constantly, even when not being used to send messages (sending garbage in stead) to prevent any eaves dropper from detecting sudden spikes in communications. Kind of like installing one of those suspensions that rocks your car about to prevent people from guessing when the van's a-rockin', don't come a knockin'..
Note that WinZip could just as well use/invoke GPG "under the hood" without users even knowing about it.
Probably some old dude who's been neglected and treated like shit his whole life will be willing to push the button.
Try this one on for size (for a screenplay perhaps?)
"Hey kid, I really want a picture of the President, but I can't make it tomorrow. Do you think you could take a snapshot of him? My camera has only one exposure left though, so make sure you've got a good shot of him, and don't press that button before he's in your sights!"
Perhaps our terrorist would be offering the kid some cash as well, and be posing as a journalist, and Brad Pitt could play the role of the reporter that notices something odd and decides to investigate. Working title: DEAD. LINE. (spoken in "coming soon to a theater near you" tone of voice).
Given the amount of alternatives to using mobile phones as detonators (not to mention the fact that any terrorist worth his/her salt will have noticed the Spanish terrorists got caught because and not in spit of using them in that way) I can think of better security measures than blocking phone calls.
So how can we distinguish between an application that simply uses the right buzzwords, like AES, from an application that is actually secure?"
By only using peer reviewed open source software for starters.
Also note how the "UNIX" tradition of chaining smaller, single-purpose applications together would have also prevented the problems described in this paper. If you first create an archive (tar.bz or even ZIP), and then run it through gpg, the metadata is encrypted by default, and these problems would not have arisen. Furthermore, there's no need to check every archiver under the sun for subtle encryption snafus, since the encryption is done by a specialized application. Wheter you GPG a.rar or a.zip, you only need to look at GPG to find bugs. And if and when you do, fix GPG, or use something else.
I wonder why people use a.ZIP plugin in outlook to encrypt mail, even though outlook has encryption (though admittedly, using cumbersomely acquired SSL certificates) built right in..
Also note that in the EU (now 25 countries!) public key cryptography such as GPG and SSL is all but mandated for electronic signatures that will stand up in court; better to use public key crypto than to rely on a shared key if you need to rely on file's or email's authenticity/non-repudiation.
Not that there aren't hundreds of other ways around this useless technology, but your suggestion would just cause the bomb to blow up as soon as the terrorist carried it into the protected area, most likely having no effect on the intended target (who would be at the center of the area, not at its edges).
Bombs are usually planted in advance. This has several benefits for the bomb-planters, among those being not getting arrested and not getting blown up.
Still, a good old timer does the job as well.
Using some sort of over-the-air detonation can have benefits as well though; for example, say terrorists plant a bomb in some police cars. Upon seeing one of the compromised police cars (they are usually numbered right on the roof) close to the target, they detonate.
They could even just use the police frequencies, since those are unlikely to be blocked, especially when there is a large police presence. Remember, they're terrorists, if they feel like using off-limits frequencies, they can. (If you want to call 911, you're stuck with licensed frequencies).
Not possible. All you will get is a bunch of WAV-files, you have no way to tell which file belong to which codec.
Check the contents of the sampleXX.zip files; you actually get an mp3, an.ogg vorbis, an mp4 and 3 flacs. If you want to be biased either for or against mp3/oggvorbis/quicktime itunes AAC, you can.
Patricia Russo, the CEO, claims that Lucent has turned the corner and proven it can survive. The article quotes a few statistics on just what has survived: for instance, revenues down from $28.9B in FY2000 to an expected $8.9B in FY2004, and headcount dropping from 157K to 32.5K over that time.
Mass firings, revenues dropping to the point where you have to wonder if they even have a product, and an extatic CEO preaching their revival? Sounds like Lucent might still have some of that Bell Labs UNIX copyrights under their sleeve!
I was not aware NT 4.0 had a built in firewall, i can't evenn find information about it. Could you eleberate a little? I know it has IPSec filtering but that only aplies to remote vpn conections or other conections using the IPSecurity protocals.
Windows NT 4.0
1. In Control Panel, double-click Network.
2. Click the Protocol tab, click TCP/IP Protocol, and then click Properties.
3. Click the IP Address tab, and then click Advanced.
4. Click to select the Enable Security check box, and then click Configure.
5. In the TCP Ports column, the UDP Ports column, and the IP Protocols column, click to select the Permit only setting.
6. Click OK, and then close the Network tool.
The windows XP firewall, contrary to popular conception, isn't a full fledged firewall. It only deals with incoming conections and has no ability to monitor outbound or aplication trafic. While this is effective in securing from threats such as recent worms and such, if the computer was to be infected, it could open ports for remote users/hackers/crackers to conect and use your computer acordingly without user intervention.
The good thing about it (and the only good thing about it) is that it's built-in, and available to select during setup, right off the CD, and has been, since NT 4.0. The XP SP2 firewall is somewhat better.
If you're looking for a more fully fledged firewall for post-install use, you could consider the open source tdifw. It's not interactive, but it works a charm, especially for rolling out to a loads of workstations of unwitting users. Too bad it requires a reboot though.
Okay, but most people (stick with me here, it will be relevant to you) will not do the fix when the comany anounces the problem.
Those people won't patch in time either when a patch is issued. Hence sasser.
Although applying a workaround fix for that DCOM bug a while back (i.e. using a firewall) would ALSO have stopped sasser in its tracks.
Anyway, where is the worm or virus for OS X that is spreading like mad, proving your point?
I only debunked 2 reasons against full disclosure, that doesn't mean using "responsible disclore" in stead suddenly results in millions of worms breaking out.
Full disclosure might actually encourage worm writing - since publishing a worm draws attention to the vulnerability. Just like full disclosure does, and when a vulnerability is under a lot of attention it is more likely to be patched. Writing a worm is a last resort, exactly because it is so much like full disclosure.
However, there's no way of knowing how many bugs are in a "responsible disclosure" process of slowly being patched (or not) and how many systems are being compromised by stealthy, non-worm-writing, blackhats, as we speak.
Windows NT 4.0 (no service packs) has IP filtering. It filters incoming connections only. A fully fledged firewall is only in XP service pack 2 which is not on general release.
Security through obscurity is wrong and stupid, but so is security through full disclosure. I hate to say it; I love Free Software and I am happier trusting the security of my data to it than I would be trusting anything proprietary, especially Windows. But I can't buy the argument that telling the world about an exploit before anyone has had a chance to patch is a good thing.
You're assuming a) that the black-hat community does NOT disseminate vulnerabilities amongst themselves even before the white-hat community does b) that patching is the only way to get rid of a vulnerability.
Case in point wrt b) the Sasser worm is effectively killed by switching on your friendly neighborhood firewall/IP filtering (which is built right in to the affected OSes). You don't even need to switch off a single service (though in many cases only a single service (or daemon) is affected).
Slashdot Mirror
The SP (Socialist Party) is adamently against software patents, GroenLinks (Green Left) replied with vaguery, but they'll basically play ball with slight amendments which they won't elaborate on in any way, the PvdA (social democrats) haven't answered at all. So, for us Dutch people, don't expect too much from the left (except of course the SP, but then, in the EP they're allied with parties that actually call themselves Communist).
Which brings us to this Reality Check: There is no anonymity on the Net, period, full stop, end of story.
Was there ever supposed to be? (Did I miss a meeting?) Is there some constitutional sub-text granting us anonymity on privately-owned Internet bulletin boards/communities? I don't believe there is... Should there be? Maybe, maybe not, but that's a topic for a different thread.
Checking out books at the library is also not anonymous, and never has been. However, there is an expectation of privacy; you don't think a librarian would run to the feds to tell them if you read one book too many about Stalin. And even if one librarian did, most of them just wouldn't give a rat's behind, nor would they feel inclined to cooperate with bothersome government requests for information on all sorts of "suspicious" persons. Not without a warrant. That stops a lot of unwarrented (no pun intended) government intrusion right there because there's this little thing called judicial oversight that curtails some of their powers. Suddenly they need a good reason to get that information. Like, due cause.
The "PATRIOT" act changes that so that librarians, ISPs, banks, etc. are forced by the FBI to spy on their customers on their behalve - on NO basis for suspicion whatsoever. There is NO judicial oversight, and the government is entirely free to do with that information what it wants, and gag everyone involved in the process.
Are you old enough to remember McCarthy? Read up on him some time.
This suit is a prime example. The feds can already get secret wiretaps if they want. If this guy was so dangerous, they could just bug his home, attach all sorts of wiretapping equipment on his telephone line, etc. But they're too lazy to do that (or more likely the guy isn't a threat), so they go after the one guy running an ISP, and then tell him that he can't argue; and now that he does he's prohibited from even discussing the effects of the "PATRIOT" act.
The "PATRIOT" act is just a thinly veiled instrument to establish a secret police that spies on US citizens. Any country that has had such a secret police can tell you how wildly succesful that approach is to enhance "national security".
There are firms out ther pushing "intelligence" software that can track people's "association" 30 degrees of separation deep. Talk about guilt by association, when it's widely assumed that you know every one in the world in only 6 degrees of separation..
I see this less as an Evil, "They're Taking Our Rights Away, Big Brother is the SuXXor!" thing as I do a testimony to the naivete of so many people raised on the Internet thinking it is some kind of Magic Utopian Prometheus-Provided Happy Cyber-Town Forum and not the built-by-the-military and run-by-businss entity it really is.
The toilet at work is owned by your boss. I don't suppose you mind if he is forced to install a covert and secret FBI camera to check for suspicious, well.. weenies..
It could also be $4 million..
Or tax-breaks for the rich, because you want to encourage people to get rich.
Please, tell me how this is supposed to work?
Through the magic of sarcasm.
As an aspiring network security professional, I am very impressed with your skills in tracking down traffic that you don't want on your network. I have to ask though, wouldn't it be simpler to have a desktop policy that will take away the users ability to install p2p/IM apps?
;-)
Can't use SNORT to do that
Seriously though, there are some useful policies you can define for windows desktops if your workstations are hooked up to a domain/active directory.
Most useful perhaps are the Windows XP (you must use 2003 server, or define them locally) software restriction policies; you can simply define applications that aren't allowed to run, and they are identified by their hash-value, path, internet-zone or a certificate.
The path option is the most useful one, just restrict access to stuff in directories users can't write to. IIRC though, shortcuts are also affected, which is a bad thing (do you allow everything in the start menu, which is in a users profile, or disallow it and add items ad hoc?).
SMS apparently has some of this functionality as well.
Still, that is all defeated by using one of those SuSE or knoppix live CDs, becoming local administrator (simply use the password resetting bootfloppy), or as by using a laptop.
Of course you could imagine scenarios where that wouldn't work, but there is a trade off between absolute security and usability.
junkbusters has an interesting mention of something called a prohibitory order.
If you fill out USPS form 1500 against any non-governmental organization, they MUST stop sending you mail. It was originally meant to stop pornographic junk mail, but since one man's porn is another man's art, it's now up to you to determine whether you find), let's say, mortgage offers arousing and/or patently offensive.
Not really. Laws are in place to have penalties for doing the wrong thing. That's not the same as 'not doing the right thing'.
That's what tax breaks are for. If you want to stimulate something, make it a write-off. You don't even need to know exactly what it is that's causing the good things you're encouraging, just reward the outcome.
For example; lower taxes on your car if your car doesn't pollute. Or tax-breaks for the rich, because you want to encourage people to get rich.
A GOOD firewall will be doing more then just blocking ports. It will analyze packets to determine the type of comunication being used. Which is not to say such things can't be circumvented, but it is much harder then just using a proxy.
Not quite. Case in point; try blocking instant messengers on your network. Turns out that if you block specific ports, you'll find that they start using port 80.
Ok, block any IM content on port 80, and they move to port 443, that's HTTPS, encrypted.
Ok, so you block some IM server hostnames (there are many) on your DNS server and block access to outside DNS and proxies. Then you find out that there are apps such as htthost/httport that will happily run on a box outside your network accepting encrypted traffic on the HTTPS port and with HTTPS headers, but that are actually proxies (similar things can be achieved on a linux box with a simple enough shellscript). This works easily enough to be downloaded by your smarter-than-average bear.
P2P programs could easily go the HTTPS route if blocking becomes enough of a nuisance. They went route 80 (HTTP port) a long while ago.
So what are your alternatives? Perhaps degrade network performance by interrupting (apparent) HTTPS sessions once in a while so that people won't be able to use certain applications? Or disallow any kind of encrypted communications?
Creative people will always find a way around it. You're better off dealing with those sorts of threats from the inside by dealing with the people rather than the technology. That's probably also true for outside hackers, script-kiddies and virusauthors, but those you typically don't know.
Totally off-topic Nazi comparison made. Thread closed.
Many of us have been conditioned to think that both standards and innovation are good things. And the latter is an overused word that Microsoft marketing has forced into the memestream. But really, standards tend to stifle innovation.
That all depends which layer you're looking at. Standards tend to set things in stone, which is actually a good thing when the thing you're trying to innovate lives above the standardized layer.
For example; do you really want everybody to download the newest whizz-bang version of some operating system that doesn't comply with any standards daily? You'd have to port all your stuff all the time. Not much time left to do innovative stuff!
In fact, some standards don't preclude innovation, but they abstract it out of view. Most software is easily ported amond POSIX compliant OSes, because they, well, adhere to the POSIX standards. That doesn't mean the OS can be really innovative, with whizz-bang multimedia features, a microkernel, and a database filesystem.
TCP/IP sockets are a good example of a standard that encourages innovation; you can just open a socket and write bytes to it, or read from them. Your application can be a peer2peer voip application, and the network implementation doesn't care about that. The network can be a satellite internet connection, gigabit, or even postal pigeons, and the application doesn't care about that (well.. pigeons might be a bad choice for VOIP, but stay with me here).
Of course, it isn't all good; if you want all the nifty features of IPv6 you will have to rewrite some applications.. But IPv4 has seen us through twenty odd years. I'd say that was one of them good standards.
How would engineers like it if there were no standards for bolts and rivets? Bridge building would be a nightmare!
That 30million isn't real money though because it never really leaves the football transfer system. They may as well trade in shiny beads quite frankly. Player salaries however, are different as the payment becomes the property of the player to spend, presumably, in the general economy.
That money was minted though - it came from somewhere (the rest of the economy). Let them switch to beads and give me the money!
A good example of actual fake money is "market capitalization" or "$x million in stock" (where in reality, if all those shares were dumped on the market, you couldn't find any one to buy them, most certainly not at the listed stock price). Too bad decisions about actual money are made based on phony figures like that.
Regardless of how you feel about this case, this guy wasn't caught with a few plants that had blown into his field. He was collecting the seeds from the patented plant and planting them himself.
Personally, I think (shudder) Monsanto deserved to win this case. The farmer was infringing on Monsanto's patent, and this case really is as simple as that.
Not really. You have to remember that these plants reproduce themselves. It's quite possible to 'engineer' produce that doesn't reproduce; that's what they do with potatoes for example.
Keeping seeds and planting them is not in itself a patentable technology for blindingly obvious reasons.
Let's say you get one of them nifty gene-treatments. Sure, that sort of thing should be patentable (if you agree with the notion that otherwise those cures wouldn't be developed). Now, let's say the gene-therapy also causes your subsequent offspring to be immune to a certain disease. Should you pay royalties to the pharmaceutical company for your children? Even if they never come in contact the disease and would not have needed the therapy? (Much like the crops that were never sprayed with Roundup.)
I don't think it is at all as clear cut as you put it. Which is probably the reason why it made its way to the Supreme Court. Personally, I'd be more comfortable reading the actual verdict (and any dissenting opinions) before claiming any party should 'obviously' win.
One thought though.. Why didn't Monsanto make sure the crop wouldn't reproduce? They wouldn't have to deal with intentional "copying" or with accidental "infection".
Instead of a simple technological solution they like to go the litigation route. Naturally, they are then intent on extracting as much money during the process as possible. And to use verdicts as an instrument to bully people. That's what lawyers are for.
Sound familiar? It's only what every technologically inept company with a handful of patents does. Yay for patents.
All the large companies I have worked with over the last 30 years require that individuals transfer patent rights to the company as a condition of employment. Even the university here is considering the same. What they don't realize is that the requirement stifles patent applications.
Some corporations give their employees a bonus for each patent issued in their name. IIRC Philips gives their employees $100. Though possibly an additional silver dollar might be involved. Yay.
GPG (and PGP) already compress the encrypted data. It seems PGP only use the .zip format but GPG also support bzip2 and gzip. Look at the -z and --compress-algo options of GPG.
PGP/GPG uses compression for security purposes (remove as much entropy as possible) but IIRC it doesn't archive; i.e. include multiple files (and a directory structure) in one file.
This capability is precisely what bit WinZip in the ass (WinZip lives for archiving) because they left the meta-data that lists filenames etc. unencrypted.
Archiving multiple files before encrypting them is also a good idea, since you'd be sending out as much as possible in one go - if you encrypt each file separately you're again leaving meta-data around the place (if only the fact that you sent n emails, 1 of size 10K, the other.. etc.).
Encrypted military communications lines are said to be transmitting constantly, even when not being used to send messages (sending garbage in stead) to prevent any eaves dropper from detecting sudden spikes in communications. Kind of like installing one of those suspensions that rocks your car about to prevent people from guessing when the van's a-rockin', don't come a knockin'..
Note that WinZip could just as well use/invoke GPG "under the hood" without users even knowing about it.
Still, a good old timer does the job as well.
Probably some old dude who's been neglected and treated like shit his whole life will be willing to push the button.
Try this one on for size (for a screenplay perhaps?)
"Hey kid, I really want a picture of the President, but I can't make it tomorrow. Do you think you could take a snapshot of him? My camera has only one exposure left though, so make sure you've got a good shot of him, and don't press that button before he's in your sights!"
Perhaps our terrorist would be offering the kid some cash as well, and be posing as a journalist, and Brad Pitt could play the role of the reporter that notices something odd and decides to investigate. Working title: DEAD. LINE. (spoken in "coming soon to a theater near you" tone of voice).
Given the amount of alternatives to using mobile phones as detonators (not to mention the fact that any terrorist worth his/her salt will have noticed the Spanish terrorists got caught because and not in spit of using them in that way) I can think of better security measures than blocking phone calls.
So how can we distinguish between an application that simply uses the right buzzwords, like AES, from an application that is actually secure?"
.rar or a .zip, you only need to look at GPG to find bugs. And if and when you do, fix GPG, or use something else.
.ZIP plugin in outlook to encrypt mail, even though outlook has encryption (though admittedly, using cumbersomely acquired SSL certificates) built right in..
By only using peer reviewed open source software for starters.
Also note how the "UNIX" tradition of chaining smaller, single-purpose applications together would have also prevented the problems described in this paper.
If you first create an archive (tar.bz or even ZIP), and then run it through gpg, the metadata is encrypted by default, and these problems would not have arisen.
Furthermore, there's no need to check every archiver under the sun for subtle encryption snafus, since the encryption is done by a specialized application. Wheter you GPG a
I wonder why people use a
Also note that in the EU (now 25 countries!) public key cryptography such as GPG and SSL is all but mandated for electronic signatures that will stand up in court; better to use public key crypto than to rely on a shared key if you need to rely on file's or email's authenticity/non-repudiation.
Not that there aren't hundreds of other ways around this useless technology, but your suggestion would just cause the bomb to blow up as soon as the terrorist carried it into the protected area, most likely having no effect on the intended target (who would be at the center of the area, not at its edges).
Bombs are usually planted in advance. This has several benefits for the bomb-planters, among those being not getting arrested and not getting blown up.
Still, a good old timer does the job as well.
Using some sort of over-the-air detonation can have benefits as well though; for example, say terrorists plant a bomb in some police cars. Upon seeing one of the compromised police cars (they are usually numbered right on the roof) close to the target, they detonate.
They could even just use the police frequencies, since those are unlikely to be blocked, especially when there is a large police presence. Remember, they're terrorists, if they feel like using off-limits frequencies, they can. (If you want to call 911, you're stuck with licensed frequencies).
Not possible. All you will get is a bunch of WAV-files, you have no way to tell which file belong to which codec.
.ogg vorbis, an mp4 and 3 flacs. If you want to be biased either for or against mp3/oggvorbis/quicktime itunes AAC, you can.
Check the contents of the sampleXX.zip files; you actually get an mp3, an
Patricia Russo, the CEO, claims that Lucent has turned the corner and proven it can survive. The article quotes a few statistics on just what has survived: for instance, revenues down from $28.9B in FY2000 to an expected $8.9B in FY2004, and headcount dropping from 157K to 32.5K over that time.
Mass firings, revenues dropping to the point where you have to wonder if they even have a product, and an extatic CEO preaching their revival? Sounds like Lucent might still have some of that Bell Labs UNIX copyrights under their sleeve!
I was not aware NT 4.0 had a built in firewall, i can't evenn find information about it. Could you eleberate a little? I know it has IPSec filtering but that only aplies to remote vpn conections or other conections using the IPSecurity protocals.
.
Windows NT 4.0
1. In Control Panel, double-click Network.
2. Click the Protocol tab, click TCP/IP Protocol, and then click Properties
3. Click the IP Address tab, and then click Advanced.
4. Click to select the Enable Security check box, and then click Configure.
5. In the TCP Ports column, the UDP Ports column, and the IP Protocols column, click to select the Permit only setting.
6. Click OK, and then close the Network tool.
The windows XP firewall, contrary to popular conception, isn't a full fledged firewall. It only deals with incoming conections and has no ability to monitor outbound or aplication trafic. While this is effective in securing from threats such as recent worms and such, if the computer was to be infected, it could open ports for remote users/hackers/crackers to conect and use your computer acordingly without user intervention.
The good thing about it (and the only good thing about it) is that it's built-in, and available to select during setup, right off the CD, and has been, since NT 4.0.
The XP SP2 firewall is somewhat better.
If you're looking for a more fully fledged firewall for post-install use, you could consider the open source tdifw.
It's not interactive, but it works a charm, especially for rolling out to a loads of workstations of unwitting users. Too bad it requires a reboot though.
Regarding your .sig ;
I'll go fly one now..
Damn you, Jesse!
Okay, but most people (stick with me here, it will be relevant to you) will not do the fix when the comany anounces the problem.
Those people won't patch in time either when a patch is issued. Hence sasser.
Although applying a workaround fix for that DCOM bug a while back (i.e. using a firewall) would ALSO have stopped sasser in its tracks.
Anyway, where is the worm or virus for OS X that is spreading like mad, proving your point?
I only debunked 2 reasons against full disclosure, that doesn't mean using "responsible disclore" in stead suddenly results in millions of worms breaking out.
Full disclosure might actually encourage worm writing - since publishing a worm draws attention to the vulnerability. Just like full disclosure does, and when a vulnerability is under a lot of attention it is more likely to be patched. Writing a worm is a last resort, exactly because it is so much like full disclosure.
However, there's no way of knowing how many bugs are in a "responsible disclosure" process of slowly being patched (or not) and how many systems are being compromised by stealthy, non-worm-writing, blackhats, as we speak.
Windows NT 4.0 (no service packs) has IP filtering. It filters incoming connections only.
A fully fledged firewall is only in XP service pack 2 which is not on general release.
Security through obscurity is wrong and stupid, but so is security through full disclosure. I hate to say it; I love Free Software and I am happier trusting the security of my data to it than I would be trusting anything proprietary, especially Windows. But I can't buy the argument that telling the world about an exploit before anyone has had a chance to patch is a good thing.
You're assuming
a) that the black-hat community does NOT disseminate vulnerabilities amongst themselves even before the white-hat community does
b) that patching is the only way to get rid of a vulnerability.
Case in point wrt b) the Sasser worm is effectively killed by switching on your friendly neighborhood firewall/IP filtering (which is built right in to the affected OSes). You don't even need to switch off a single service (though in many cases only a single service (or daemon) is affected).