Passwords submitted to Apache, um, aren't coming in from the user's keyboard, they're coming in in an HTTP header. The browser takes keyboard input, fashions an HTTP request with the user-input password in it, then sends that to the server in the form of TCP/IP packets. The server can't tell if the browser got that password from the keyboard.
The same would go for the OS, if the user is logging in remotely. The only situation under which keyboard input could be checked would be if the user is logging in directly on the console (a program can call isatty(...) to see if standard-input is connected to a terminal or not, but this wouldn't be that reliable).
Limit the amount of data that can be inputted from any particular source, depending on how fast the system can handle the requests. Has your system ever slowed down so much that you type something and it appears...five seconds later? Same idea. Why should the system allow gigabytes of data to be inputted when the given system can only handle -- say -- 100 MB at a time?
This has absolutely nothing to do with overflow. You can cause a buffer overflow with 2 bytes of data, if the space the programmer allocated was only one byte long. Thus, the extraneous data spills over into memory where it should not, possibly overwriting executable segments. If the data happens to be valid machine instructions... you just inserted arbitrary code into the program.
The only reason buffer overflows typically involve large gobs of data is that most programmers allocate their buffers to some standard size like 1024 (this is usually a value known as BUFSIZ in C standard I/O), so it takes 1025 or more bytes to cause an overflow.
What you're describing is another type of problem, that of a denial of service attack by saturating a program with too much data at once. The program can fit the data in its buffers fine (a typical program probably loops, putting 1024 bytes in the buffer, processing it, flushing the buffer, than taking another 1024), it just takes an astronomical amount of time to do it.
Once can punch buttons on a telephone without ever thinking about why there are area codes, prefixes, and so forth. A lot of people probably think the segmentation of a telephone number -- 800-555-1212 -- is just to make it easier to read, like a comma in a big number like 1,000,000.
Social security numbers -- 666-01-2345 -- are hierarchical, too, but did you know, or care? The first segment has something to do with what state you were registered in; I forget the rest. To most people, they're all just numbers.
For copy rights to be enforceable, under the various international treaties, documents must use the word copyright. If you write it in any other language, it is not enforceable.
I would assume the same holds for words like trade mark. Additionally, we're talking about a symbol for a word -- "TM" -- not the word itself. Just like "(C)" is the symbol for copyright even if in your language the word doesn't start with a "C," the symbol for a trademark would be "TM" no matter what the words are.
English is not only the de facto language of the Internet, it is the de jure language of the various relevant IP treaties.
Of course, as noted above, the newsgroup would be called C-Sharp since that's what the language is called; however, the symbol itself can be called a pound sign.
Also, think about the tactics used to make junk mail look official. That goes out the window with eMail.
What, they cant make an email look like it came from somewhere official? Actually, a far more common spam practice is to make the email look like something from someone you know, which has the same effect: make you open it.
From: "Dave"
Subject: Re: that report you sent me
filtering port 80 to stop nimda is great. but there are 2 assumptions to using arbitrary > 1024 ports: 1. viruses are not written to expect standard services on non-standard ports, 2. if i'm smart enough to change the port, i'm smart enough to patch my machines.
You can probably expect newer viruses to eventually try non-standard ports. Virus writers do not exactly care about flooding the network (witness CodeRed and Nimda), so I also dont think they would mind writing one that portscans. I know some security scanners like DALnets proxy checker will hit you on about a dozen common non-standard ports (81, 82, 1080, 8000, 8080, 8081, 3128,...), so viruses could also employ this tactic in the future.
Secondly, why would knowing how to change a port indicate that youre the slightest bit savvy about administration? For example: Im an op in a channel on DALnet where we get the stupidest people dropping in by accident (<newbie> is tihs teh mp3 chanal???). These people can evade bans, script flood, clone, download and run bots, but they cant even tell the difference between JOIN # mp3s and JOIN #mp3s.
That string is plain old Netscape 4.75. Remember, Netscape, IE, Mozilla itself, and Opera all use something containing Mozilla. The actual Mozilla browser has something like Gecko/$VERSION appended to it.
Even if you are running as root (the parent does run as root even though the child processes are nobody:nobody) you could just set up a cron to check for that file every few minutes: #!/bin/sh WORM='/tmp/.a' if [ -f "$WORM" ] ; then
echo 'APACHE WORM DETECTED'
rm "$WORM" ||
echo "ERROR: Was unable to delete $WORM" fi
If this runs as a cron, the output will be mailed to you.
All Macintoshes work this way. In the U.S. keyboard layout, which keys are dead is sort of intuitive: its basically the most-common letter that accent would appear over. Option-e Option-i Option-u Option-n ~ Option-` `
Everything I download to [a user] (and this may even include Web pages -- the scheme is that far-reaching) will have some manner of digital cert which MS and its family of cronies will have established beforehand.
It seems that is their plan.
Who's been smoking the crack at MSNBC?
on
Is Linux Dead?
·
· Score: 0, Troll
Heh.
Hehehe....
Hehehe heheeh heh eheheheehe hehehe...
Hahahah ahahahaa ahahahh ahahahahh hah ahhaa haahaha hahaahaha haahaa ha hah ha hah haha hah aha aahaaha aha aha aha aha aha aha aha aha aha aahaaa ahaa haa aahhaaha ahahhhahaa HAHAAAHAAHAHAHH
HTF did you make the leap from an atmosphere becoming saturated with greenhouse gases and the atmosphere blowing off the planet? Seriously, if you want to see what a runaway greenhouse effect looks like, take a look at Venus. The atmosphere on Venus is much, much thicker than it is on Earth (and composed mostly of poisonous chemicals like sulphuric acid).
I was thinking more about the myriad of free/open-source IM clones out there; I believe there are several that support encryption and can interact with the de facto standard IM clients like AIM, ICQ, and MSN. Imagine an IM network that is set up to tunnel over SSH/SSL (SIM?), but also can allow unencrypted connections from any or all the popular protocols. Maybe the central server(s) for this SIM protocol also connect themselves to the AIM/ICQ/MSN servers so people using it can see and talk to the people using the real AIM/ICQ/MSN.
So, if one connects to this SIM server, they have access to the entire AIM/ICQ/MSN chat network.
The IP-blocking proxy solution would probably work until someone invents a P2PSIM service distributed across multitudes of IPs. One would simply find out the IP-of-the-day before going into work, then configure their client to use that. By this point, instead of an allow all, deny explicitly unauthorized policy, one would have to go with deny all, allow explicitly authorized which would probably be far too restrictive to be useful.
Block the IM ports? A user can change the port. Block all unnecessary ports? Some IM protocols can go over HTTP, or tunnel over SSH/SSL, or whatever. Block the hostname or IP? A lot of IM clients support proxying. Or a user can SSH out to another machine and IM from there. Prevent them from installing the software? There are web-based Java clients and there are CLI clients one could install on their own machine and SSH into.
22 or 443, excellent. IM over SSH/SSL, anyone? Not only can they still IM but now they can encrypt it so you cant sniff the packets. If it doesnt exist now, Im guessing I just gave someone a good idea for a new project.:}
Um, that wouldnt be possible unless Google had a bot sitting in every channel on every IRC network. Or, the IRC daemon could be rewritten to dump all public channel messages to a logfile which could be archived somehow (like posted to a website daily).
Along those lines, you could certainly set up your own bot to record your favorite channel conversations, and save them as HTML or text files to a webserver somewhere, and then have Google spider the server like it does every other webserver. I suggest you advertise this prominently in the channel topic that everything is being archived so no one gets pissy about having their conversations recorded.
Thats a stupid analogy. A more accurate analogy would be something like, soda companies charge a flat rate for access to a huge-ass reservior of soda and a dozen people suck up half of it. So then they decide to raise the charge for those twelve people. Which doesnt seem that unreasonable. But that was still a stupid analogy.
Slashdot Mirror
Passwords submitted to Apache, um, aren't coming in from the user's keyboard, they're coming in in an HTTP header. The browser takes keyboard input, fashions an HTTP request with the user-input password in it, then sends that to the server in the form of TCP/IP packets. The server can't tell if the browser got that password from the keyboard.
The same would go for the OS, if the user is logging in remotely. The only situation under which keyboard input could be checked would be if the user is logging in directly on the console (a program can call isatty(...) to see if standard-input is connected to a terminal or not, but this wouldn't be that reliable).
The only reason buffer overflows typically involve large gobs of data is that most programmers allocate their buffers to some standard size like 1024 (this is usually a value known as BUFSIZ in C standard I/O), so it takes 1025 or more bytes to cause an overflow.
What you're describing is another type of problem, that of a denial of service attack by saturating a program with too much data at once. The program can fit the data in its buffers fine (a typical program probably loops, putting 1024 bytes in the buffer, processing it, flushing the buffer, than taking another 1024), it just takes an astronomical amount of time to do it.
Once can punch buttons on a telephone without ever thinking about why there are area codes, prefixes, and so forth. A lot of people probably think the segmentation of a telephone number -- 800-555-1212 -- is just to make it easier to read, like a comma in a big number like 1,000,000.
Social security numbers -- 666-01-2345 -- are hierarchical, too, but did you know, or care? The first segment has something to do with what state you were registered in; I forget the rest. To most people, they're all just numbers.
For copy rights to be enforceable, under the various international treaties, documents must use the word copyright. If you write it in any other language, it is not enforceable.
I would assume the same holds for words like trade mark. Additionally, we're talking about a symbol for a word -- "TM" -- not the word itself. Just like "(C)" is the symbol for copyright even if in your language the word doesn't start with a "C," the symbol for a trademark would be "TM" no matter what the words are.
English is not only the de facto language of the Internet, it is the de jure language of the various relevant IP treaties.
- Hash
- Pound
- Number [sign]
- Sharp
- Crosshatch
- Octothorpe
Of course, as noted above, the newsgroup would be called C-Sharp since that's what the language is called; however, the symbol itself can be called a pound sign.Also, think about the tactics used to make junk mail look official. That goes out the window with eMail.
What, they cant make an email look like it came from somewhere official? Actually, a far more common spam practice is to make the email look like something from someone you know, which has the same effect: make you open it.
From: "Dave"
Subject: Re: that report you sent me
From: "Bob"
Subject: Friday night
And so on.
filtering port 80 to stop nimda is great. but there are 2 assumptions to using arbitrary > 1024 ports: 1. viruses are not written to expect standard services on non-standard ports, 2. if i'm smart enough to change the port, i'm smart enough to patch my machines.
...), so viruses could also employ this tactic in the future.
You can probably expect newer viruses to eventually try non-standard ports. Virus writers do not exactly care about flooding the network (witness CodeRed and Nimda), so I also dont think they would mind writing one that portscans. I know some security scanners like DALnets proxy checker will hit you on about a dozen common non-standard ports (81, 82, 1080, 8000, 8080, 8081, 3128,
Secondly, why would knowing how to change a port indicate that youre the slightest bit savvy about administration? For example: Im an op in a channel on DALnet where we get the stupidest people dropping in by accident (<newbie> is tihs teh mp3 chanal???). These people can evade bans, script flood, clone, download and run bots, but they cant even tell the difference between JOIN # mp3s and JOIN #mp3s.
That string is plain old Netscape 4.75. Remember, Netscape, IE, Mozilla itself, and Opera all use something containing Mozilla. The actual Mozilla browser has something like Gecko/$VERSION appended to it.
Even if you are running as root (the parent does run as root even though the child processes are nobody:nobody) you could just set up a cron to check for that file every few minutes:
#!/bin/sh
WORM='/tmp/.a'
if [ -f "$WORM" ] ; then
echo 'APACHE WORM DETECTED'
rm "$WORM" ||
echo "ERROR: Was unable to delete $WORM"
fi
If this runs as a cron, the output will be mailed to you.
Two posts to the same Register article in as many days. Whatd they ever do to you to deserve that kind of slashdotting?
It needs a for(;;) loop (or while(1) if youd like).
Ive received many with $variables like this in them.
All Macintoshes work this way. In the U.S. keyboard layout, which keys are dead is sort of intuitive: its basically the most-common letter that accent would appear over.
Option-e
Option-i
Option-u
Option-n ~
Option-` `
Heh.
Hehehe....
Hehehe heheeh heh eheheheehe hehehe...
Hahahah ahahahaa ahahahh ahahahahh hah ahhaa haahaha hahaahaha haahaa ha hah ha hah haha hah aha aahaaha aha aha aha aha aha aha aha aha aha aahaaa ahaa haa aahhaaha ahahhhahaa HAHAAAHAAHAHAHH
BWAHAHAHAAAHAAAHAAAAHAAAHAAAHA!!!!!
HTF did you make the leap from an atmosphere becoming saturated with greenhouse gases and the atmosphere blowing off the planet? Seriously, if you want to see what a runaway greenhouse effect looks like, take a look at Venus. The atmosphere on Venus is much, much thicker than it is on Earth (and composed mostly of poisonous chemicals like sulphuric acid).
Let them get their own toilet paper.
I was thinking more about the myriad of free/open-source IM clones out there; I believe there are several that support encryption and can interact with the de facto standard IM clients like AIM, ICQ, and MSN. Imagine an IM network that is set up to tunnel over SSH/SSL (SIM?), but also can allow unencrypted connections from any or all the popular protocols. Maybe the central server(s) for this SIM protocol also connect themselves to the AIM/ICQ/MSN servers so people using it can see and talk to the people using the real AIM/ICQ/MSN.
So, if one connects to this SIM server, they have access to the entire AIM/ICQ/MSN chat network.
The IP-blocking proxy solution would probably work until someone invents a P2PSIM service distributed across multitudes of IPs. One would simply find out the IP-of-the-day before going into work, then configure their client to use that. By this point, instead of an allow all, deny explicitly unauthorized policy, one would have to go with deny all, allow explicitly authorized which would probably be far too restrictive to be useful.
Block the IM ports? A user can change the port. Block all unnecessary ports? Some IM protocols can go over HTTP, or tunnel over SSH/SSL, or whatever. Block the hostname or IP? A lot of IM clients support proxying. Or a user can SSH out to another machine and IM from there. Prevent them from installing the software? There are web-based Java clients and there are CLI clients one could install on their own machine and SSH into.
22 or 443, excellent. IM over SSH/SSL, anyone? Not only can they still IM but now they can encrypt it so you cant sniff the packets. If it doesnt exist now, Im guessing I just gave someone a good idea for a new project. :}
Um, that wouldnt be possible unless Google had a bot sitting in every channel on every IRC network. Or, the IRC daemon could be rewritten to dump all public channel messages to a logfile which could be archived somehow (like posted to a website daily).
Along those lines, you could certainly set up your own bot to record your favorite channel conversations, and save them as HTML or text files to a webserver somewhere, and then have Google spider the server like it does every other webserver. I suggest you advertise this prominently in the channel topic that everything is being archived so no one gets pissy about having their conversations recorded.
Oreilly also has a Mastering Regular Expressions book.
The If I ever meet you in real life I will kick your ass! trolls Ive seen would suddenly take on a new meaning.
10:55 AM, I got to MacSlash with the www.
Thats a stupid analogy. A more accurate analogy would be something like, soda companies charge a flat rate for access to a huge-ass reservior of soda and a dozen people suck up half of it. So then they decide to raise the charge for those twelve people. Which doesnt seem that unreasonable. But that was still a stupid analogy.