The point of the Honynet Project is to raise awareness and teach the fundamentals of forensics. The book is just a "job well done" and pat on the back.
The OpenHack challenge is just another one of those crack-this-box challenges which you see every month or so. Not to take anything away from it, but I find forensics much more interesting. What do you find more interesting: trying to crack a box, or trying to produce a cost-analysis report and details on _who_ cracked a box. I'll take the forensics any day.
I don't want to get into a holy war about what package manager is better, but I think is a rather weak argument. Instead of downloading the binary rpm you simply download the source rpm (SRPM) and install it, then you look in/usr/src/redhat/SOURCES to see the source.
I build rpm's on a daily basis and while it does lack some robustness in the dependancies arena, I think it's overall A Good Thing. And by the way, RPM != Red Hat... I can't stand it when people use the two interchangably.
People, nowhere in this entier blurb does it say that anybody is actually going to use the "voting system." Do they have leverage? Of course. Will people use it? I do not know. I think after this most recent election tempers were flaring, but they have calmed a little bit now and perhaps people will be willing to hear the pitfalls of electronic voting.
I voted in a computer this year in Morris County, NJ. It was just like the old pull-dial ones but you pushed buttons instead. Is this hackable? Probably not.
While I do think that the code should be auditied THOROUGLY I do not think there is need for as many flames as this article is drawing. Let them make the system. If local/county/state/federal governments start to use it then use your constituional right to yell at every elected official telling them that with the errors these might cause, they may not get elected:)
Yeah, the whopping $20 really broke my wallet. Perhaps you script kiddies (note the stress on the word "kiddie") and trolls (very short, and usually young and stupid, people) should get jobs.:)
I hate to break it to you, but the day I installed LinuxPPC on my G3 I went out and bought a cheapo Kensington three button scrolling mouse. I've been using it with no problem now for several years.
This argument is such a sign of unintelligence. If you've ever used an Apple G[34] then you would know they're USB, and just about any USB mouse/keyboard works on it with no problem.
I know that many doctors travel quite a bit, especially those which are highly regarded. What is to stop them from travelling to a neighboring state (MD, for example, where they have an office) to do their research?
I am saying that I do not totally agree with the law but understand it. It's pitfalls such as this that stop us from having a national langauge as well. Any "official language" means that all government business must be done in that language. I remember reading an article, quite a while back, about certain govenermental agencies such as the INS that conduct offical business in Spanish because that's their main clientele (ie, border jumpers from the South).
Life is a bag of tradeoffs, and I think this is a fair one. I'd rather have people not looking at porn at work. Look at a quote from the article:
"Sexually explicit is defined as any depiction or description of ``sexual excitement,'' ``sexual conduct,'' or ``a lewd exhibition of nudity.''"
This says nothing about investigating sexual disorders. Different states have different interpretations of that law and the general interpretation has changed over time. It used to be that if you could see any pubic hair it was "explicit", but I think we can all agree that has changed quite a bit over the years.
If you have a sexual disorder and plan on going to a Virginia university hospital, perhaps you should reconsider - your doctor is barred by law from researching your disorder online.
I do not think this is totally true. Are all Virginia University's owned by the state? I'm sure some are private. Even if they receive some state funding that does not mean they are owned by the state. FUD is a bad thing.
nmap is not a vulnerability scanner, it is a portscanner. Does nmap tell you that a vulnerable ftpd is running on host X? No. All it does is tell you that the port is open, and what other ports are open, while providing you with a ballpark guess at the OS (which is better then nothing, but far from accurte).
Yeah, because he's not making enough money at Transmeta.:) Not to take any value away from Linus, but there are many more people which make this happen (take AC [not, not Anonymous Coward]) for example...
Which then leads the question: Is there such a standard in place for this? I have no idea as this is way out of my league, but would be interested to know if any standards groups are working on a specification.
I remember reading something a while back about doing this with DVDs: different color lasers, and different wavelengths. I assume this is the same principle that would be applied to CD media
I assume you know the difference between the two: MkLinux uses the Mach microkernel, whereas LinuxPPC is the same as most conventional Linuxi (Linux's?) which use a monolithic kernel.
I'm no know-it-all, but AFAIK the microkernel handles all the low-level stuff such as I/O, keybaord, etc...
So merging them does not make much sense... unless you mean LinuxPPC should be sponsored by Apple, which MkLinux is (the last time I checked;))
I can't seem to find any mirrors on.com or.org, perhaps you could reply back to this with the name of this mirror? I'd like to upgrade my box at home while I'm snowed in, hammered, this NYE weekend:)
10" - 20"... I lub snow!@#
Re:They are one in the same to me
on
CS vs CIS
·
· Score: 1
Actually, as a CIS major I needed to take two EE classes as well: CPEG 210 Introduction to Combinational Logic and CPEG 211 Introduction to Sequential Circuits.:)
They are one in the same to me
on
CS vs CIS
·
· Score: 1
I am a recent graduate from the University of Delaware (Spring 2k), and there was no "CS" program offered, only CIS: Computer and Information Sciences. My degree is worth plenty and, contrary to some of the previous posts, we did not go easy on the math and heavy on the business and accounting. In fact I only took three business classes my entire time as free electives because I chose too.
I think the real question is that of the school, and how the _school_ views the difference between the two. What people say here does not mean much since the difference varies wildly from school to school.
This was one of the issues raised while Netscape was considering open-source IIRC. I remember reading an article or two about how they had to either a) get vendor consent or b) rip that portion of the code out. This was espeically apparent in the cryptography stuff.
We all see how good Netscape 6 is.:) Open-source is not for everybody, but most people seem to think it is.
I've been working for a Linux security company for the past few months, and was pretty much on top of security before that. I can honestly tell you that to me CERT looks like a joke.
1) CERT is way behind anybody else
They issued an advisory about wu-ftpd and rpc.statd in July or August when exploits, and proof of concepts, were on bugtraq in late May.
2) CERT has turned into a laughing stock.
The funniest thing I think I've seen in a long time is Jamie Rishaw's mock advisory about the Sony Aibo. This is just a slap in the face of CERT.
I'm not mocking the concept... an entity such as CERT serves a very big purpose. Being associated with the SEI one would think a much more active one. However since white hats are just as skilled as the black hats it doesn't take somebody at the SEI to write an exploit. By the time they do, somebody has already posted it to bugtraq or it's already out in the wild.
I do not have much knowledge on this subject, but there was recently a pretty informative thread on sec uri tyjobs, a mailing list run by Security Focus about all of this.
After reading the thread I think the general concensus was to get married and get a green card:). Crispan Cowan even used the example of the movie as a not-so-far-from-life situation.
I see articles like the all the time and I wonder: what constitutes the "IT" field? I work at a Linux company with five people, and seriously doubt they're counting me... with the influx of small open-source companies now accurately are these small companies being counted?
I don't really consider myself an "IT" worker, so maybe we're not being counted at all, which could be because more and more "IT" type people are migrating to open-source companies with very different goals. I'd much happier hacking in perl then installing Netscape on somebody's computer, but that's just me:)
I have no backing for either of these claims, but just thought I'd throw them out there. Flame away...
This is the most unprofessional thing I have ever seen on slashdot. Granted the quality of reporting has gone WAY downhill over the last couple of years but this reaches an all-time low.
The purpose of a "news" source is to be objective and present the facts, allowing people to make up their own minds on an issue. Slashdot has a very wide-reaching effect on people, and by bashing GWB you throw away all of the ethics behind being a "news" source.
Perhaps in the future you should think before you post a story. It's sad enough that so many people are too ignorant to make their own minds up, there is no need to make matters worse by doing something of the sort.
Slashdot Mirror
... which he can then encrypt and prosecute he who cracks it, starting the cycle all over again? ;)
I don't know about Mandrake, but the /etc/rc.d/ structure has been out of Red Hat since 7.0...
:) rwm
[root@elite RedHat-7.0-RPMS]# ls -la wu-ftpd-2.6.1-6.i386.rpm
-rw-r--r-- 1 root root 196336 Aug 30 18:16 wu-ftpd-2.6.1-6.i386.rpm
As far as I know this is not vulnerable. The wu exploit that most people use has these offsets harcoded:
0 - RedHat 6.2 (?) with wuftpd 2.6.0(1) from rpm
1 - RedHat 6.2 (Zoot) with wuftpd 2.6.0(1) from rpm
So I do not think it is. The only exploit I know of for Red Hat 7 is the lpd one. AFAIK RH 7 does not even install inetd (xinetd) by default.
r
The OpenHack challenge is just another one of those crack-this-box challenges which you see every month or so. Not to take anything away from it, but I find forensics much more interesting. What do you find more interesting: trying to crack a box, or trying to produce a cost-analysis report and details on _who_ cracked a box. I'll take the forensics any day.
rwm
I build rpm's on a daily basis and while it does lack some robustness in the dependancies arena, I think it's overall A Good Thing. And by the way, RPM != Red Hat... I can't stand it when people use the two interchangably.
rwm
I voted in a computer this year in Morris County, NJ. It was just like the old pull-dial ones but you pushed buttons instead. Is this hackable? Probably not.
While I do think that the code should be auditied THOROUGLY I do not think there is need for as many flames as this article is drawing. Let them make the system. If local/county/state/federal governments start to use it then use your constituional right to yell at every elected official telling them that with the errors these might cause, they may not get elected :)
rwm
rwm
This argument is such a sign of unintelligence. If you've ever used an Apple G[34] then you would know they're USB, and just about any USB mouse/keyboard works on it with no problem.
Put that in your pipe and smoke it :).
rwm
I am saying that I do not totally agree with the law but understand it. It's pitfalls such as this that stop us from having a national langauge as well. Any "official language" means that all government business must be done in that language. I remember reading an article, quite a while back, about certain govenermental agencies such as the INS that conduct offical business in Spanish because that's their main clientele (ie, border jumpers from the South).
Life is a bag of tradeoffs, and I think this is a fair one. I'd rather have people not looking at porn at work. Look at a quote from the article:
"Sexually explicit is defined as any depiction or description of ``sexual excitement,'' ``sexual conduct,'' or ``a lewd exhibition of nudity.''"
This says nothing about investigating sexual disorders. Different states have different interpretations of that law and the general interpretation has changed over time. It used to be that if you could see any pubic hair it was "explicit", but I think we can all agree that has changed quite a bit over the years.
Okay I'm done rambling now. :)
rwm
I do not think this is totally true. Are all Virginia University's owned by the state? I'm sure some are private. Even if they receive some state funding that does not mean they are owned by the state. FUD is a bad thing.
rwm
-r
-r
I remember reading something a while back about doing this with DVDs: different color lasers, and different wavelengths. I assume this is the same principle that would be applied to CD media
I'm no know-it-all, but AFAIK the microkernel handles all the low-level stuff such as I/O, keybaord, etc...
So merging them does not make much sense... unless you mean LinuxPPC should be sponsored by Apple, which MkLinux is (the last time I checked ;))
Ryan
10" - 20"... I lub snow!@#
Actually, as a CIS major I needed to take two EE classes as well: CPEG 210 Introduction to Combinational Logic and CPEG 211 Introduction to Sequential Circuits. :)
I think the real question is that of the school, and how the _school_ views the difference between the two. What people say here does not mean much since the difference varies wildly from school to school.
Just my $.02. Best of luck to you.
This was one of the issues raised while Netscape was considering open-source IIRC. I remember reading an article or two about how they had to either a) get vendor consent or b) rip that portion of the code out. This was espeically apparent in the cryptography stuff.
:) Open-source is not for everybody, but most people seem to think it is.
We all see how good Netscape 6 is.
There is a thread entitled "hacksdmi" going on security focus' vuln-dev list, somebody at Salon probably read it and saw some of it and just assumed.
In any case, they put the ass in assume here. Gotta love irresponsible reporting.
1) CERT is way behind anybody else
They issued an advisory about wu-ftpd and rpc.statd in July or August when exploits, and proof of concepts, were on bugtraq in late May.
2) CERT has turned into a laughing stock.
The funniest thing I think I've seen in a long time is Jamie Rishaw's mock advisory about the Sony Aibo. This is just a slap in the face of CERT.
I'm not mocking the concept... an entity such as CERT serves a very big purpose. Being associated with the SEI one would think a much more active one. However since white hats are just as skilled as the black hats it doesn't take somebody at the SEI to write an exploit. By the time they do, somebody has already posted it to bugtraq or it's already out in the wild.
Just my $.02.
In order to look at the archives you have to deal with their absoutely _ANNOYING_ method of keeping you wrapped in their frames, so this URL will look pretty ugly, but you can find them at: http://www.s ecu rityfocus.com/frames/?content=/templates/archive.p ike%3Fend%3D2000-09-30%26list%3D77%26sta rt%3D2000-09-24%26threads%3D0%26%26_ref%3D10534417 63.
After reading the thread I think the general concensus was to get married and get a green card :). Crispan Cowan even used the example of the movie as a not-so-far-from-life situation.
Cheers,
Ryan
I see articles like the all the time and I wonder: what constitutes the "IT" field? I work at a Linux company with five people, and seriously doubt they're counting me... with the influx of small open-source companies now accurately are these small companies being counted?
:)
I don't really consider myself an "IT" worker, so maybe we're not being counted at all, which could be because more and more "IT" type people are migrating to open-source companies with very different goals. I'd much happier hacking in perl then installing Netscape on somebody's computer, but that's just me
I have no backing for either of these claims, but just thought I'd throw them out there. Flame away...
This is the most unprofessional thing I have ever seen on slashdot. Granted the quality of reporting has gone WAY downhill over the last couple of years but this reaches an all-time low.
The purpose of a "news" source is to be objective and present the facts, allowing people to make up their own minds on an issue. Slashdot has a very wide-reaching effect on people, and by bashing GWB you throw away all of the ethics behind being a "news" source.
Perhaps in the future you should think before you post a story. It's sad enough that so many people are too ignorant to make their own minds up, there is no need to make matters worse by doing something of the sort.
Shame on you.
... Slashdot/Andover/VA will just sell out as usual...