Does anyone think someone who allegedly plots to hijack airliners and kill as many people as possible in a short period of time is going to think twice about using secure encryption because it is against the law in the very country he detests?
"How can I get message to my henchmen to kill all Americans on site?"
"Encrypt it sir."
"Can't do that, illegal."
That's a dream world. Sure, they could prohibit strong encryption algorithms from ever reaching him, but there are already plenty of good ones out there, and whose to say they couldn't make their own?
As opposed to Linux, which has made huge inroads in originality, striking advances in graphical user interfaces, etc...
Seriously, what would qualify as an "original operating system"? Can you name one? Can you tell me what features it has that can't be traced back to some prior development?
The funniest part about this is the fact that about 2 posts above and 2 posts below yours, are two of the comments you linked to! Someone must have searched them out and pasted them here, one even contains the "signature" of the guy who wrote it in the first place, StoneWolf! I guess repeat articles offer great chances to gain some karma.
Furthermore, (I'm not sure about this - can someone who knows more about XP comment?), the ability to generate raw IP packets often goes hand-in-hand with the ability to put the ethernet card in 'promiscuous' mode, and sniff all packets on the local ethernet. Imagine a virus that, once installed, sniffs for passwords in local LAN traffic. Not good.
I wouldn't say they go "hand in hand". The ability to put a card into promiscuous mode doesn't have much to do with the IP stack at all. Lower layers and the actual network adapter play a part in that. The network adapter will normally check that data on the Ethernet is addressed to its 48 bit MAC address. If it is, it will pass up the data to the higher layers in the stack. All promiscuous mode does is pass up the data regardless.
As for a virus doing this, there are plenty of things out there (not virus per se) that do this kind of thing already. In fact, such tricks have pretty much been the staple of UNIX hacking over the last decade. First, exploit a machine, second install a packet sniffer to find interesting traffic, more passwords, and higher access. This kind of thing has been much more popular on the UNIX cracking scene than Windows for some reason, although that could change.
And in fact, your idea of a "virus" (although I prefer to call them an automated exploit, since they really don't infect files) or an automated exploit that does this has I'm sure already been imagined and implemented, and will only become more widespread. However, you cannot blame raw sockets for anything! Especially the ability to sniff traffic on a local LAN, this is a design feature/problem of Ethernet LANS, and can be avoided in many ways already.
By "more safety to the user" do they mean the tone is less alarming to the person with the phone, or that people won't beat the crap out of them anymore when Take Me Out To The Ballgame starts playing in the middle of a good movie?
Re:All the wonderful things Quake gave us:
on
Five Years of Quake
·
· Score: 1
Quake 1 required a Pentium 90, and the CD had not more than 30 or 40 MB of files. Quake 2 on the other hand, went up to like 400 MB. But as for system requirements and Q1, I feel they were very reasonable, even at the time.
Yes, Quake might feel like another doom clone. While not initially impressed by Quakes graphics or game play (although good) , what made Quake was TCP/IP. Who doesn't remember their first time joining a server hundreds of miles away and fragging people you never knew. Kids today don't think twice about doing that with Counterstrike/Q3 etc, but it used to mean something. We used to have LAN emulation with things like Kali and the like, and the games WOULD NEVER WORK. Yet we'd keep trying. I think I maybe had 1 playable game of DuekNukem on Kali in 3 months, but just the fact I was playing was cool enough. Now if you have an 80 ping, players bitch of Lag. I only stopped playing Quake last year, but its amazing how far online gaming has come since, and due to, Quake I. Long live Quake I, tonight I'll drink to you.
This is wrong. You cannot obtain personal files of random Pentagon employees with the FOIA. Yet, these could be exposed by giving away an old hard drive.
All this is is a short 2 paragraph write up on policy of giving away old hard drives to schools that might contain senstivie (not classified) data. No where does the pentagon claim to have discovered anything new here, and the way it is written in the story is just to explain it to people who don't understand that information might be able to be retreived from a hard drive. If anything, this is only interesting because it marks a slight change of policy, but beyond that it seems the only reason Taco posted this was so that he could show that he too can find some (however minor) faults in a CNN story's technical content. So to answer your question, no, this story did not amuse me as much as it apparently did you.
This is the homepage for Smart Tags
http://office.microsoft.com/assistance/2002/arti cl es/oQuickSmartTags.aspx
I read the whole description of them, it just sounds like a way to get stuff done in office, it doesn't mention the Web on the entire page.
It sounds good in theory, but the fact is in Japan that the original GameBoy and it's close relatives still outsold every new system, even in recent years. So I think Nintendo knows what they're doing, I think this thing is going to be incredibly popular with all age groups.
This book seems very amateurish, just from reading the above review. It sounds like it will try to entice people into buying it by leading them to believe they will be "hackers" when they are done with it. I mean, the "vulnerabilities" described seemed really old and outdated. And what is this "there are up to 50 vulnerable TCP ports". That is ridiculous, and from an abstract perspective of what a port is, it makes no sense. I think a better book than this one might be "Hacking Exposed" if you are towards the beginner end of this stuff. Otherwise, if you find yourself interested in infosec, try the two Intrusion Detection books by Amoroso and Bace.
Hypothetical question: If you knew that the information gathered would never be used against you per se (unless you were doing something illegal), would you still be opposed to Echelon? I mean, what if the government really just used it for tracking terrorist activities, and you could be sure? It seems to me it would be no problem then. And I don't see it being used for terribly bad things? Why does the NSA care what web sites I'm surfing? If the NSA is after me, I have bigger problems than that...
From the end user point of view, hardware encryption is rarely seen. I mean, how many people do you know who buy special purpose encryption devices for their PC's? Not many I'd guess. But for military/government/large organizations, hardware encryption is the way to go. I've read in the last 10 years, well over 90% of encryption is done in specialized hardware devices. This is real stuff. This is big stuff. Why though, why not software? Well, as Schneier points out, software encryption is scary. Why? Software can be replaced by an attacker much easier than hardware. True, not likely to happen in your home, but I'm not talking about your home. Also, software may swap memory to a disk, maybe your key is in memory, now your key is on a disk. That's not good. So hardware is safer (home users 99999/100,000 won't need that safety), it is faster (once again, not appreciably for encrypting your email, but what about encrypting a T3 data stream between corporate offices?), and it can be made to be tamperproof. There is still a very large market for hardware encryption (and there will be for the forseeable future), just not for home users.
I have a Question on the GPL. This server is under the GPL now. Pretend that the authors eventually have a final release version, can they remove it from the GPL and just give away the binaries without source? Or are they obliged to give away the souce, because now it is the "community's" code, and not theirs? But who would stop them from un-GPL'ing it, since they are the original authors, they are the only ones who can stop themselves in a way, right? So would that be OK or not?
What is worse, the fact that someone likens the mundane act of changing a BIOS setting to stretching the limits of human will and endurance, or the fact that two people thought it was insightful?
The beauty of this attack is that you don't NEED to listen...Say there is a server I want to exploit a trust relationship with. Say I can predict the ISN it is going to give me. I will spoof a SYN from the machine with the trust relationship with my own ISN. The server says "oh this machine wants to establish a connection, I'll send my own ISN back" Now I can't see that ISN, but I do'nt care, because I can predict what it is. So I send back a constructed ACK packet, without ever seeing that SYN/ACK the server sent. The connection is "complete" and I send data to the target machine. That's how it works in theory, is it difficult to pull off? Yes! Is it impossible? No!
Lots of people do not want to steam from the net right now. Think how many people don't have a good enough connection to get high quality music. Also, many people would not want to download mp3's as their primary source of a song. Many people I talk to cannot stand the quality of mp3's. Obviously, things will get better in the future. We'll "all" have great connections that will enable us to download half a gig in a reasonable amount of time. But this isn't happening tomorrow.
Slashdot Mirror
Does anyone think someone who allegedly plots to hijack airliners and kill as many people as possible in a short period of time is going to think twice about using secure encryption because it is against the law in the very country he detests?
"How can I get message to my henchmen to kill all Americans on site?"
"Encrypt it sir."
"Can't do that, illegal."
That's a dream world. Sure, they could prohibit strong encryption algorithms from ever reaching him, but there are already plenty of good ones out there, and whose to say they couldn't make their own?
As opposed to Linux, which has made huge inroads in originality, striking advances in graphical user interfaces, etc...
Seriously, what would qualify as an "original operating system"? Can you name one? Can you tell me what features it has that can't be traced back to some prior development?
The funniest part about this is the fact that about 2 posts above and 2 posts below yours, are two of the comments you linked to! Someone must have searched them out and pasted them here, one even contains the "signature" of the guy who wrote it in the first place, StoneWolf! I guess repeat articles offer great chances to gain some karma.
Furthermore, (I'm not sure about this - can someone who knows more about XP comment?), the ability to generate raw IP packets often goes hand-in-hand with the ability to put the ethernet card in 'promiscuous' mode, and sniff all packets on the local ethernet. Imagine a virus that, once installed, sniffs for passwords in local LAN traffic. Not good.
I wouldn't say they go "hand in hand". The ability to put a card into promiscuous mode doesn't have much to do with the IP stack at all. Lower layers and the actual network adapter play a part in that. The network adapter will normally check that data on the Ethernet is addressed to its 48 bit MAC address. If it is, it will pass up the data to the higher layers in the stack. All promiscuous mode does is pass up the data regardless. As for a virus doing this, there are plenty of things out there (not virus per se) that do this kind of thing already. In fact, such tricks have pretty much been the staple of UNIX hacking over the last decade. First, exploit a machine, second install a packet sniffer to find interesting traffic, more passwords, and higher access. This kind of thing has been much more popular on the UNIX cracking scene than Windows for some reason, although that could change. And in fact, your idea of a "virus" (although I prefer to call them an automated exploit, since they really don't infect files) or an automated exploit that does this has I'm sure already been imagined and implemented, and will only become more widespread. However, you cannot blame raw sockets for anything! Especially the ability to sniff traffic on a local LAN, this is a design feature/problem of Ethernet LANS, and can be avoided in many ways already.
By "more safety to the user" do they mean the tone is less alarming to the person with the phone, or that people won't beat the crap out of them anymore when Take Me Out To The Ballgame starts playing in the middle of a good movie?
here is the guys rc5 output click
Quake 1 required a Pentium 90, and the CD had not more than 30 or 40 MB of files. Quake 2 on the other hand, went up to like 400 MB. But as for system requirements and Q1, I feel they were very reasonable, even at the time.
Yes, Quake might feel like another doom clone. While not initially impressed by Quakes graphics or game play (although good) , what made Quake was TCP/IP. Who doesn't remember their first time joining a server hundreds of miles away and fragging people you never knew. Kids today don't think twice about doing that with Counterstrike/Q3 etc, but it used to mean something. We used to have LAN emulation with things like Kali and the like, and the games WOULD NEVER WORK. Yet we'd keep trying. I think I maybe had 1 playable game of DuekNukem on Kali in 3 months, but just the fact I was playing was cool enough. Now if you have an 80 ping, players bitch of Lag. I only stopped playing Quake last year, but its amazing how far online gaming has come since, and due to, Quake I. Long live Quake I, tonight I'll drink to you.
I hope this story amuses you all as much as it did me.
-from last story
that amuses the hell out of me.
Either someone seeded the TacoBot with the word "amuse" today (normally it is the word "interesting") or he's just really easily amused.
This is wrong. You cannot obtain personal files of random Pentagon employees with the FOIA. Yet, these could be exposed by giving away an old hard drive.
All this is is a short 2 paragraph write up on policy of giving away old hard drives to schools that might contain senstivie (not classified) data. No where does the pentagon claim to have discovered anything new here, and the way it is written in the story is just to explain it to people who don't understand that information might be able to be retreived from a hard drive. If anything, this is only interesting because it marks a slight change of policy, but beyond that it seems the only reason Taco posted this was so that he could show that he too can find some (however minor) faults in a CNN story's technical content. So to answer your question, no, this story did not amuse me as much as it apparently did you.
Myth #2: Because I am incapable of doing something, it can't be done.
This is the homepage for Smart Tagsi cl es/oQuickSmartTags.aspx
http://office.microsoft.com/assistance/2002/art
I read the whole description of them, it just sounds like a way to get stuff done in office, it doesn't mention the Web on the entire page.
It sounds good in theory, but the fact is in Japan that the original GameBoy and it's close relatives still outsold every new system, even in recent years. So I think Nintendo knows what they're doing, I think this thing is going to be incredibly popular with all age groups.
This book seems very amateurish, just from reading the above review. It sounds like it will try to entice people into buying it by leading them to believe they will be "hackers" when they are done with it. I mean, the "vulnerabilities" described seemed really old and outdated. And what is this "there are up to 50 vulnerable TCP ports". That is ridiculous, and from an abstract perspective of what a port is, it makes no sense. I think a better book than this one might be "Hacking Exposed" if you are towards the beginner end of this stuff. Otherwise, if you find yourself interested in infosec, try the two Intrusion Detection books by Amoroso and Bace.
Hypothetical question: If you knew that the information gathered would never be used against you per se (unless you were doing something illegal), would you still be opposed to Echelon? I mean, what if the government really just used it for tracking terrorist activities, and you could be sure? It seems to me it would be no problem then. And I don't see it being used for terribly bad things? Why does the NSA care what web sites I'm surfing? If the NSA is after me, I have bigger problems than that...
From the end user point of view, hardware encryption is rarely seen. I mean, how many people do you know who buy special purpose encryption devices for their PC's? Not many I'd guess. But for military/government/large organizations, hardware encryption is the way to go. I've read in the last 10 years, well over 90% of encryption is done in specialized hardware devices. This is real stuff. This is big stuff. Why though, why not software? Well, as Schneier points out, software encryption is scary. Why? Software can be replaced by an attacker much easier than hardware. True, not likely to happen in your home, but I'm not talking about your home. Also, software may swap memory to a disk, maybe your key is in memory, now your key is on a disk. That's not good. So hardware is safer (home users 99999/100,000 won't need that safety), it is faster (once again, not appreciably for encrypting your email, but what about encrypting a T3 data stream between corporate offices?), and it can be made to be tamperproof. There is still a very large market for hardware encryption (and there will be for the forseeable future), just not for home users.
I have a Question on the GPL. This server is under the GPL now. Pretend that the authors eventually have a final release version, can they remove it from the GPL and just give away the binaries without source? Or are they obliged to give away the souce, because now it is the "community's" code, and not theirs? But who would stop them from un-GPL'ing it, since they are the original authors, they are the only ones who can stop themselves in a way, right? So would that be OK or not?
What is worse, the fact that someone likens the mundane act of changing a BIOS setting to stretching the limits of human will and endurance, or the fact that two people thought it was insightful?
this is how i feel about this sort of thing... click
Methinks I should dig up my DVD and watch it again soon.
There you go again Taco, showing off your ambition.
You call your boss honey?
The beauty of this attack is that you don't NEED to listen...Say there is a server I want to exploit a trust relationship with. Say I can predict the ISN it is going to give me. I will spoof a SYN from the machine with the trust relationship with my own ISN. The server says "oh this machine wants to establish a connection, I'll send my own ISN back" Now I can't see that ISN, but I do'nt care, because I can predict what it is. So I send back a constructed ACK packet, without ever seeing that SYN/ACK the server sent. The connection is "complete" and I send data to the target machine. That's how it works in theory, is it difficult to pull off? Yes! Is it impossible? No!
Lots of people do not want to steam from the net right now. Think how many people don't have a good enough connection to get high quality music. Also, many people would not want to download mp3's as their primary source of a song. Many people I talk to cannot stand the quality of mp3's. Obviously, things will get better in the future. We'll "all" have great connections that will enable us to download half a gig in a reasonable amount of time. But this isn't happening tomorrow.
About the breakins you don't hear about...