This strategy is too simple to be efficient in real world.
Some of the worms would most probably be deleted by anti-virus programs before they could infect their share of the network. Many of them wouldn't even succeed to install itself in the first place.
You may try to remedy this off-line, using techniquest from error correcting codes and fault-tolerant computations but I assume that doing it on-line is much simpler. OTH, if you have a degree in CS and like to create worms than
why not try to learn some theory.
Back in the old days, I came over quite a weird bug in BASIC's floating point code on 8-bit Atari (XE series, at least).
1^43 was 1 (^ being 'power' operator)
1^44 was 2
Now, some time after doing numerical analysis on university I still fail to see a possible reason for this. It really does not make any sense.
And for all of you who wish to see how the famous Slashdot effect works over the net, there is this
statistics showing over 100 000 hits the day
the
story about FreeCraft was posted.
Well, the software is still very easy to block.
I assume that they use HTTP as the transport. So it's enough to use firewall that understands HTTP, i.e. any that is advertised as 'application layer' firewall.
And if you don't block per IP you probably already use such an firewall. The only difference is that you will scan for forbidden URL (or a part of thereof) in the POST fields or GET agruments and not in the URL prefix.
Writing a piece of software that monitors all your HTTP connections and blocks any that match the string 'goatse' is very easy (less than 4 hours if you don't care about scalability and configurability).
Dude, it looks like your company has expertise in just about everything under the sun.
It has expertise in everything that is mentioned on the web page. We either made projects using these technologies (the latest are i.e. WAN card drivers for BSD family or registration system for Warsaw University or a VOD system) or we teach our students how to use them. Does it count?
Ok, so I pay for this track, probably can't burn it, move it to another device, I don't know how long I have it for, and they can take it from me at anytime? This is a good thing?
Think of it as renting a track, just as you may rent DVDs now. As long as you are informed of the model and there are ways to purchase the track forever (i.e. by buying a CD) then there is no real issue there.
And they can't take it away at any time - this would be violation of licensing agreement.
Another way to make a customer pay for search result is better relevance to the subject.
Google, no matter how good it is, is still a computer (read mindless) search engine.
Perhaps creating a small, well indexed, database of carefully chosen sites may be of greater use to some people. I personally like the idea of directories created by human beings. Sure, they have their drawbacks, but sometimes they are better than Google.
Or you may add some personalization possibilities that are available only in the paid zone. Like keywords you generally don't like to appear in searched documents. I'm sure there are many features that people would pay for.
Yes, I agree that smartcards make the system more secure.
But there are still possibilities to attack such system. In summary, all you need is to feed the smartcard with your (attacker's) data. Quick instruction follows.
1. An Attacker wants to sign document A as User X.
2. An Attacker gains access to any of the computers (presumably PC) used by User X and installs his trojan software.
3. User X creates some document D that he needs to sign.
4. User X clicks 'Sign' button and enters his passphrase/PIN/biometrics.
5. In normal situation the document D is passed to the smartcard and signed there.
6. The trojan software installed by the Attacker passes also document A to the smartcard and then sends it to the Attacker.
7. Attacker has obtained document A of his choice, (irrefutably) signed by User X. Voila.
Please note that even use of biometrics did not protect the user.
One protection is constructing the system around 'authorize once, sign once' principle.
It still can be circumvented, though, it's just more prone to be quickly discovered.
The system has many properties of a computer network.
I wonder if they will use the same routing protocols as are used in Internet.
Welcome, loops! Or are they 'round-abouts' in this contex?
I remember that somewhat similar conclusions (that aging and cancer are connected) were drawn after discovering that telomers (structures that 'cap' DNA ends) are shortened during normal cell replication but not in cancer cells.
The answer the scientist got then to 'oh, no, no immortality' was that it was only going to be harder - i.e. you would have to protect telomers artificially trying to avoid uncontrolled replication known as cancer.
So no, it's not the end of dreams of cancer cure and long-evity.
Not exactly. The line can be easily tapped but then you have problems with recreating the signal.
When using two orthogonal quantum states, the eavesdropper has 50% chance of recreating any given state, even assuming that it was fully destroyed.
Funny thing is that you do not have to measure a photon (thus collapsing its quantum state) to obtain some information. One of the most clever attack ideas was to entangle trasmitted photons with your own and take measurement after both parties exchanged information via public channel. It was proved only in '98 that a scheme developed in '84 by Bennett and Brassard (BB84) is secure to such attacks.
See my slides on quantum crypto for a high-level look at BB84 and other stuff related to quantum computing and its applications to cryptography.
Quantum cryptography, even in it simplest form (scheme BB73, from Bennett and Brassard) is unbreakable, even using unlimited computational power, both classical and quantum.
In short, you can create a key for one time pad (which BTW is proven to be the only unbreakable classical crypto scheme) in such a way that no-one knows it.
As for eavesdropping - you can detect if someone is eavesdropping / attacking your scheme during key exchange, so you simply can restart it. Restarting mean that the attacker can DOS your key exchange - i.e. produce noise so you won't be able to agree on the key. Thus you will not be able to encrypt any data. But you will not leak any, either.
What's more - there exist some solutions for the DOS problem - one can enhance the exchanged knowledge is a way that minimizes the chance of attacker to possess it too. But these are probabilistical schemes, not fully safe. And rather impractical as they require much redundancy and communication.
So, the short answer is that proving P=NP probably won't ruin your encryption. On the other hand, if someone did prove it, there will probably be a mad scramble to invent some new encryption schemes, just in case.
First of all, it depends on how the P=?NP problem would be solved.
If someone shows algorithm for solving [i.e.] 3-SAT in O(n^3) time then
most of the current encryption schemes would be rendered substantially useless.
If someone shows that a polynomial algorithm exists but it's not known how to construct it - the crypto is only weakened (you know it's possible to break it but you don't know how).
Another things to remember are hashing functions and all the digital signatures based on them. It is proven that P=NP if and only if there exists one-way function. This simply means that no [keyless] hash function can be cryptographically secure under the assumption that P=NP.
Furthermore, if you understand some maths behind you will note that this technique is very similar to one called information dispersal.
The application should be easy. Assuming you get a file that fits into N packets, you 'magically' make (1+epsilon)*N packets and send them. If the receiver got at least N packets it can reproduce the original file.
And, if you are clever enough, you can incorporate some tagging into the scheme, so receiver is able to ask for retransmission of the part that is missing. Of course, if you use the scheme for streaming it's not big help. But if you do FTP, it is. Imagine sending 3 retransmissions for 1 GB file.
Well, i didn't accept any cookies from the datagrid page and the result was amusing - I've never seen such an artistic error page. Try for yourself.
Tested under Netscape 6.2 only...
I think that he is missing the point.
One the aims of all the package management tools is to make the management easier. In particular this means, that you don't have to care, where are the files of application XYZ. So, if you wish to delete this, you ask your manager instead of finding all the subdirectories created by the package. You want to save your time, so you use the tools available. Era of manually managing everything is long gone.
Please note, that under Unices most of the applications are not installed in single directory - one is for binaries, one for documents, etc.
Under DOS and Windows, even the apps that went into their subdirectory had an annoing habbit of creating miscellaneous temporary/configuration files all over the place. And lack of file attributes did a lot to help this.
Well, calling this AI is a bit far-fetched. From what I understand, the system is a very simple genetic algorithm using some 'bio-feedback'. So the only new thing here is this feedback and evaluation function and that only if it's not trivial.
Apart from that, there is nothing special. Been there, done that and in high-school.
There is no trusted path between the user's memory and the bank. Fake ATMs have been installed in shopping malls, collecting PINs and ATM cards from unsuspecting victims. Do you *really trust* every single PIN keypad at every shady gas station, grocery store, and Wal-Mart, not to have logging devices installed? Replay attacks are not rocket science.
And also one can install minature cameras on real ATMs to take pictures when you type your PIN. It already has been done - a few months ago in Poland. The thing got quite a lot of attention, as an ATM of one of the biggest banks were 'hacked' this way. And this wasn't done by insiders - just a couple of smart 'kids' hooked on electronics.
Don't know of any link in English if you want the full story, though.
I didn't find any info on this on Intersect, but what happens if someone roots the machine and unloads the module? No more logging then. And an excellent opportunity to erase all the existing logs.
I assume that the logs are kept somewhere safe (another host maybe, or just printed as some prefer), so it is not a *huge* issue, but still ability to turn off the logging (and leave some trojans / backdoors without further traces) is somewhat scary.
Yes, I know that after being rooted you shall reinstall.
No, it's not just a glorified facelift for the various/var/log parts.
With SNARE you are able to monitor much, much more than what appears in/var/log. In example you can check who and when opened a particular file (like/etc/passwd) or run a particular process, and with what command-line options. Or which program bound to some port (great for detecting trojans 'calling home').
I assume that you can also enhance it to monitor *all* system calls, if you are particulary interested or aware of some. Nothing comes to my mind right now, but for sure there some you wish to monitor, if not control.
As it was alredy stated - you cannot dedicate CPUs to virtual hosts.
But to make Beowulf you don't need to - you still got a virtual machine for each host. The fact that they use the same CPU does not matter - they will only get slower.
And yes, virtual hosts can be independently (to some extent) accessible. As written in the note, they can use distinct IP addresses meaning i.e. that all the vhosts can bind to the same port simultaneously. If you want more independence, why not install some multi-interface cards (or just 4 ol' Ethernet NICs).
Slashdot Mirror
This strategy is too simple to be efficient in real world.
Some of the worms would most probably be deleted by anti-virus programs before they could infect their share of the network. Many of them wouldn't even succeed to install itself in the first place.
You may try to remedy this off-line, using techniquest from error correcting codes and fault-tolerant computations but I assume that doing it on-line is much simpler. OTH, if you have a degree in CS and like to create worms than why not try to learn some theory.
And there is this patch which allows you to limit the CPU usage if nice is not enough for you.
Back in the old days, I came over quite a weird bug in BASIC's floating point code on 8-bit Atari (XE series, at least).
1^43 was 1 (^ being 'power' operator)
1^44 was 2
Now, some time after doing numerical analysis on university I still fail to see a possible reason for this. It really does not make any sense.
And for all of you who wish to see how the famous Slashdot effect works over the net, there is this statistics showing over 100 000 hits the day the story about FreeCraft was posted.
This is a must see for any of you wondering how the famous Slashdot effect works - over 100 000 hits the day the story was posted.
Well, the software is still very easy to block.
I assume that they use HTTP as the transport. So it's enough to use firewall that understands HTTP, i.e. any that is advertised as 'application layer' firewall.
And if you don't block per IP you probably already use such an firewall. The only difference is that you will scan for forbidden URL (or a part of thereof) in the POST fields or GET agruments and not in the URL prefix.
Writing a piece of software that monitors all your HTTP connections and blocks any that match the string 'goatse' is very easy (less than 4 hours if you don't care about scalability and configurability).
Dude, it looks like your company has expertise in just about everything under the sun.
;)
It has expertise in everything that is mentioned on the web page. We either made projects using these technologies (the latest are i.e. WAN card drivers for BSD family or registration system for Warsaw University or a VOD system) or we teach our students how to use them. Does it count?
Oh, and we don't have "Invest now!" link
Ok, so I pay for this track, probably can't burn it, move it to another device, I don't know how long I have it for, and they can take it from me at anytime? This is a good thing?
Think of it as renting a track, just as you may rent DVDs now. As long as you are informed of the model and there are ways to purchase the track forever (i.e. by buying a CD) then there is no real issue there.
And they can't take it away at any time - this would be violation of licensing agreement.
Another way to make a customer pay for search result is better relevance to the subject.
Google, no matter how good it is, is still a computer (read mindless) search engine.
Perhaps creating a small, well indexed, database of carefully chosen sites may be of greater use to some people. I personally like the idea of directories created by human beings. Sure, they have their drawbacks, but sometimes they are better than Google.
Or you may add some personalization possibilities that are available only in the paid zone. Like keywords you generally don't like to appear in searched documents. I'm sure there are many features that people would pay for.
Yes, I agree that smartcards make the system more secure.
But there are still possibilities to attack such system. In summary, all you need is to feed the smartcard with your (attacker's) data. Quick instruction follows.
1. An Attacker wants to sign document A as User X.
2. An Attacker gains access to any of the computers (presumably PC) used by User X and installs his trojan software.
3. User X creates some document D that he needs to sign.
4. User X clicks 'Sign' button and enters his passphrase/PIN/biometrics.
5. In normal situation the document D is passed to the smartcard and signed there.
6. The trojan software installed by the Attacker passes also document A to the smartcard and then sends it to the Attacker.
7. Attacker has obtained document A of his choice, (irrefutably) signed by User X. Voila.
Please note that even use of biometrics did not protect the user.
One protection is constructing the system around 'authorize once, sign once' principle.
It still can be circumvented, though, it's just more prone to be quickly discovered.
The system has many properties of a computer network.
I wonder if they will use the same routing protocols as are used in Internet.
Welcome, loops! Or are they 'round-abouts' in this contex?
I remember that somewhat similar conclusions (that aging and cancer are connected) were drawn after discovering that telomers (structures that 'cap' DNA ends) are shortened during normal cell replication but not in cancer cells.
The answer the scientist got then to 'oh, no, no immortality' was that it was only going to be harder - i.e. you would have to protect telomers artificially trying to avoid uncontrolled replication known as cancer.
So no, it's not the end of dreams of cancer cure and long-evity.
Not exactly. The line can be easily tapped but then you have problems with recreating the signal.
When using two orthogonal quantum states, the eavesdropper has 50% chance of recreating any given state, even assuming that it was fully destroyed.
Funny thing is that you do not have to measure a photon (thus collapsing its quantum state) to obtain some information. One of the most clever attack ideas was to entangle trasmitted photons with your own and take measurement after both parties exchanged information via public channel. It was proved only in '98 that a scheme developed in '84 by Bennett and Brassard (BB84) is secure to such attacks.
See my slides on quantum crypto for a high-level look at BB84 and other stuff related to quantum computing and its applications to cryptography.
Quantum cryptography, even in it simplest form (scheme BB73, from Bennett and Brassard) is unbreakable, even using unlimited computational power, both classical and quantum.
. html for further references.
In short, you can create a key for one time pad (which BTW is proven to be the only unbreakable classical crypto scheme) in such a way that no-one knows it.
As for eavesdropping - you can detect if someone is eavesdropping / attacking your scheme during key exchange, so you simply can restart it. Restarting mean that the attacker can DOS your key exchange - i.e. produce noise so you won't be able to agree on the key. Thus you will not be able to encrypt any data. But you will not leak any, either.
What's more - there exist some solutions for the DOS problem - one can enhance the exchanged knowledge is a way that minimizes the chance of attacker to possess it too. But these are probabilistical schemes, not fully safe. And rather impractical as they require much redundancy and communication.
If you have mathematical background, see http://www.cs.mcgill.ca/~crepeau/CRYPTO/Biblio-QC
So, the short answer is that proving P=NP probably won't ruin your encryption. On the other hand, if someone did prove it, there will probably be a mad scramble to invent some new encryption schemes, just in case.
First of all, it depends on how the P=?NP problem would be solved.
If someone shows algorithm for solving [i.e.] 3-SAT in O(n^3) time then most of the current encryption schemes would be rendered substantially useless.
If someone shows that a polynomial algorithm exists but it's not known how to construct it - the crypto is only weakened (you know it's possible to break it but you don't know how).
Another things to remember are hashing functions and all the digital signatures based on them. It is proven that P=NP if and only if there exists one-way function. This simply means that no [keyless] hash function can be cryptographically secure under the assumption that P=NP.
Furthermore, if you understand some maths behind you will note that this technique is very similar to one called information dispersal.
The application should be easy. Assuming you get a file that fits into N packets, you 'magically' make (1+epsilon)*N packets and send them. If the receiver got at least N packets it can reproduce the original file.
And, if you are clever enough, you can incorporate some tagging into the scheme, so receiver is able to ask for retransmission of the part that is missing. Of course, if you use the scheme for streaming it's not big help. But if you do FTP, it is. Imagine sending 3 retransmissions for 1 GB file.
Well, i didn't accept any cookies from the datagrid page and the result was amusing - I've never seen such an artistic error page. Try for yourself.
Tested under Netscape 6.2 only...
I think that he is missing the point.
One the aims of all the package management tools is to make the management easier. In particular this means, that you don't have to care, where are the files of application XYZ. So, if you wish to delete this, you ask your manager instead of finding all the subdirectories created by the package. You want to save your time, so you use the tools available. Era of manually managing everything is long gone.
Please note, that under Unices most of the applications are not installed in single directory - one is for binaries, one for documents, etc.
Under DOS and Windows, even the apps that went into their subdirectory had an annoing habbit of creating miscellaneous temporary/configuration files all over the place. And lack of file attributes did a lot to help this.
Yes, but it was protect as in make it more secure. So we'd had some fun, all having solid background in computer security and crypto.
In the company I'd been working previously (until it went under) we've done a set-top box that, among others, had Netscape (4.7x) with ICA plugin.
The user was able to securely connect to Citrix server(s) and work on M$ Windows. Or just browse the web.
The STB had also support for smart-cards to authorize end-users, plus used IPSec to protect user data.
All this was packed into 32 MB of flash memory.
No text editor though, except from one you got from your server.
The whole thing wasn't GPL-ed, as our CEO wanted to protect the code developed by the company. Sigh.
Well, calling this AI is a bit far-fetched. From what I understand, the system is a very simple genetic algorithm using some 'bio-feedback'. So the only new thing here is this feedback and evaluation function and that only if it's not trivial.
Apart from that, there is nothing special. Been there, done that and in high-school.
There is no trusted path between the user's memory and the bank. Fake ATMs have been installed in shopping malls, collecting PINs and ATM cards from unsuspecting victims. Do you *really trust* every single PIN keypad at every shady gas station, grocery store, and Wal-Mart, not to have logging devices installed? Replay attacks are not rocket science.
And also one can install minature cameras on real ATMs to take pictures when you type your PIN. It already has been done - a few months ago in Poland. The thing got quite a lot of attention, as an ATM of one of the biggest banks were 'hacked' this way. And this wasn't done by insiders - just a couple of smart 'kids' hooked on electronics.
Don't know of any link in English if you want the full story, though.
I didn't find any info on this on Intersect, but what happens if someone roots the machine and unloads the module? No more logging then. And an excellent opportunity to erase all the existing logs.
I assume that the logs are kept somewhere safe (another host maybe, or just printed as some prefer), so it is not a *huge* issue, but still ability to turn off the logging (and leave some trojans / backdoors without further traces) is somewhat scary.
Yes, I know that after being rooted you shall reinstall.
No, it's not just a glorified facelift for the various /var/log parts.
/var/log. In example you can check who and when opened a particular file (like /etc/passwd) or run a particular process, and with what command-line options. Or which program bound to some port (great for detecting trojans 'calling home').
With SNARE you are able to monitor much, much more than what appears in
I assume that you can also enhance it to monitor *all* system calls, if you are particulary interested or aware of some. Nothing comes to my mind right now, but for sure there some you wish to monitor, if not control.
As it was alredy stated - you cannot dedicate CPUs to virtual hosts.
But to make Beowulf you don't need to - you still got a virtual machine for each host. The fact that they use the same CPU does not matter - they will only get slower.
And yes, virtual hosts can be independently (to some extent) accessible. As written in the note, they can use distinct IP addresses meaning i.e. that all the vhosts can bind to the same port simultaneously. If you want more independence, why not install some multi-interface cards (or just 4 ol' Ethernet NICs).