We could have been in trouble if we had believed that a request for a proof was an authorization to perform penetration testing. I believe that I would have requested a signed authorization before doing it, but it is easy to imagine a well-meaning student being not as cautious (or I could have forgotten to request the written authorization, or they could have refused to provide it...). ---- ALWAYS HAVE A GET OUT OF JAIL FREE CARD rule Zero of any kind of pen testing no card no proof (and have it signed, printed and copied by +1 level from the guy you are talking to)
no you see what you do is just make sure that 1 he remains alive but not combat ready 2 hes so loaded that he can't think (just juice him a mil or so higher than needed) 3 flag down the nearest/ next availible group of soldiers and transfer him to them (cuasing the whole injured soldier worse than dead problem) 4 get him to talk 5 Patriot!!
somebody needs to code some sort of Sanity Check program. kind of like when you are at a very big casino and before you get to use a $$$$$$$$ line of credit some dude that was compiled without a sense of humour/fancy/ or anything but dead serious has to wave off on it.
"Warning this file fails (with a score of 98.5% probability) safety checks please inform the sender via nonelectronic means EMAIL AND ATACHED FILE HAS BEEN DELETED USING DOD SPECS, HAND"
Re:The CVS Copout....
on
The CVS Cop-Out
·
· Score: 3, Insightful
okay so make a cvs tarball WITH ALL LIBS INCLUDED and put it online so an end user can compile the source
This is the big problem with the CVS CopOUT is to actually compile some projects you need to somehow get the cvs checkout done (from a server that has half of its bits different from the docs) chase (and compile) 20 different libs that need to be exact versions (and half of them are cvs versions) then compile the project with make foo --dm=kde-sucks massive holes but compile anyway --with fing-crang yats2.3.99.cvs --gibber=(60 character unicode string)
what really needs to happen is multiple "versions" of Air Marshalls 1 the current Brass Band and Parade version 2 a covert/sleeper version (in this case would only act if the BBP one got taken out) 3 the MIF deep cover version (would be trained to do take downs quietly)
it would be a big surprise for #criminal if he found out that the cute little angel he just grabbed just happened to be an Air Marshall.
the problem is one of Context even if you don't think you use RW markers you will see "sterotypes" in the result. proof use an extended set of "elements" to create a set of races Fire Water Earth Air Time Space Mind Life Death i bet you will find that stereotypes make their way onto the list
1 a lot of spam is either a crime or is used to fund crimes 2 a portion of the money makes it to "terrorists" 3 start sending these folks to Gitmo and make sure the rest of the population knows that the guys in "pink jumpsuits" are spammmers 4 Profit!!
do yourself a favour if you do indeed have pre rj14 jacks then don't use the wire for any kind of phone calls (replace the jacks with current rj14 and wire them up with some cheap cat5 just run a single line from the demark block to each jack you use (think cat5+ hub not token ring)
okay lets try this the towers have batteries/ generators cables the conntecting office has a room full of batteries/ and another room with generators (at this point you are now at the phone company (and for these folks 80 column tech is new!)) cables so now we are at the NOC/Central office i would thijnk they have buildings full of batteries/generators cables any card carrying ATT folks want to comment?
Webcam, phone/headset, internet.. you can hear me, you can see me, now let me do my work! - the big problem comes into play with two factors
1 the diff between residental and business net access 2 sometimes being able to reach out and hit somebody is required (sometimes the suits need "facetime"
the big problem is something called "chain of custody" unless the "sample" is collected by a police officer (csi) and each step is logged in the sample is not valid in court. so roughly the chain would go 1 the dude in question 2 police officer takes sample seals it in a bag (and signs the bag/fills out form printed on bag) 3 it is handed to the lab tech who does the id run and prints the results/adds the info to the db any breaks and it would be thrown out of court
and for a practical example set your wayback machine to January 15 1990 and try to make a long distance call inside the US http://www.voidspace.org.uk/technology/hacker_crac kdown/hack_part1.shtml The crash was a grave corporate embarrassment. The "culprit" was a bug in AT&T's own software (caused by a stray semicolon)
umm you do know that if you are a carrier of a disease you can pass the disease on even if you don't have the disease (symtoms). ie you could have a dog infected with "foo plague" and it could be the happiest canine on the planet but infect (sweat, breath, spit - all the way up to blood vectors) every woman he was near.
slashdot mini poll if you see the number 404 you automatically think #item not found 10% 20% 30% 50% 70% 100% Commander Taco% of the time
and this wacko is why this may come to be
on
No Space for MySpace?
·
· Score: 2, Interesting
How would you like to see Your Childs "mySpace" room defaced by this person?
me if i ran a site (and had the jingle to run as a private club) this guy (or any friends of his) would find their account VAPOR.
as it happens i know of one company (with stock) that has blocked myspace from all corporate owned locations and if you somehow get past the block you can be FIRED ON THE SPOT (ie "give me your name tag")
oh lets see 1 the entire signal corp (ret) 2 that wierd guy that always seems to get very busy if some sort of disaster hits 3 the first guy to poke his head up when the disater is HERE (see 9/11 and katrina and (insert name of every cat 4 hurricane for the last 20 years)) 4 the first guy to hand you a shovel to dig yourself out when "its your turn for disaster" (oh and a sandwich when you are out)
Slashdot Mirror
We could have been in trouble if we had believed that a request for a proof was an authorization to perform penetration testing. I believe that I would have requested a signed authorization before doing it, but it is easy to imagine a well-meaning student being not as cautious (or I could have forgotten to request the written authorization, or they could have refused to provide it...).
----
ALWAYS HAVE A GET OUT OF JAIL FREE CARD
rule Zero of any kind of pen testing no card no proof (and have it signed, printed and copied by +1 level from the guy you are talking to)
no you see what you do is just make sure that
1 he remains alive but not combat ready
2 hes so loaded that he can't think (just juice him a mil or so higher than needed)
3 flag down the nearest/ next availible group of soldiers and transfer him to them
(cuasing the whole injured soldier worse than dead problem)
4 get him to talk
5 Patriot!!
um i thimk that all you would need is to hijack the common dialog thing and then key into the standard "yes/okay" button
somebody needs to code some sort of Sanity Check program. kind of like when you are at a very big casino and before you get to use a $$$$$$$$ line of credit some dude that was compiled without a sense of humour/fancy/ or anything but dead serious has to wave off on it.
"Warning this file fails (with a score of 98.5% probability) safety checks please inform the sender via nonelectronic means EMAIL AND ATACHED FILE HAS BEEN DELETED USING DOD SPECS, HAND"
okay so make a cvs tarball WITH ALL LIBS INCLUDED and put it online so an end user can compile the source
This is the big problem with the CVS CopOUT is to actually compile some projects you need to
somehow get the cvs checkout done (from a server that has half of its bits different from the docs)
chase (and compile) 20 different libs that need to be exact versions (and half of them are cvs versions)
then compile the project with make foo --dm=kde-sucks massive holes but compile anyway --with fing-crang yats2.3.99.cvs --gibber=(60 character unicode string)
what really needs to happen is multiple "versions" of Air Marshalls
1 the current Brass Band and Parade version
2 a covert/sleeper version (in this case would only act if the BBP one got taken out)
3 the MIF deep cover version (would be trained to do take downs quietly)
it would be a big surprise for #criminal if he found out that the cute little angel he just grabbed just happened to be an Air Marshall.
their "goal" is simple
The USA can not win = we are still there
we need to do everything required to have the safety of say New York as a base line.
you may swear by that weasel scat coffee but "food lion"/generic works for 99.99% of the time.
the problem is one of Context even if you don't think you use RW markers you will see "sterotypes" in the result.
proof use an extended set of "elements" to create a set of races
Fire
Water
Earth
Air
Time
Space
Mind
Life
Death
i bet you will find that stereotypes make their way onto the list
easy way to get this going
1 a lot of spam is either a crime or is used to fund crimes
2 a portion of the money makes it to "terrorists"
3 start sending these folks to Gitmo and make sure the rest of the population knows that the guys in "pink jumpsuits" are spammmers
4 Profit!!
do yourself a favour if you do indeed have pre rj14 jacks then don't use the wire for any kind of phone calls (replace the jacks with current rj14 and wire them up with some cheap cat5 just run a single line from the demark block to each jack you use (think cat5+ hub not token ring)
okay lets try this
the towers have batteries/ generators
cables
the conntecting office has a room full of batteries/ and another room with generators
(at this point you are now at the phone company (and for these folks 80 column tech is new!))
cables
so now we are at the NOC/Central office i would thijnk they have buildings full of batteries/generators
cables
any card carrying ATT folks want to comment?
Webcam, phone/headset, internet.. you can hear me, you can see me, now let me do my work!
-
the big problem comes into play with two factors
1 the diff between residental and business net access
2 sometimes being able to reach out and hit somebody is required
(sometimes the suits need "facetime"
the big problem is something called "chain of custody"
unless the "sample" is collected by a police officer (csi) and each step is logged in
the sample is not valid in court. so roughly the chain would go
1 the dude in question
2 police officer takes sample seals it in a bag (and signs the bag/fills out form printed on bag)
3 it is handed to the lab tech who does the id run and prints the results/adds the info to the db
any breaks and it would be thrown out of court
http://www.speedtrap.org/speedtraps/stetlist.asp
if you get "tagged" and the place is listed you may want to bring that up at court
and for a practical example set your wayback machine to January 15 1990 and try to make a long distance call inside the USc kdown/hack_part1.shtml
http://www.voidspace.org.uk/technology/hacker_cra
The crash was a grave corporate embarrassment. The "culprit" was a bug in AT&T's own software (caused by a stray semicolon)
umm you do know that if you are a carrier of a disease you can pass the disease on even if you don't have the disease (symtoms).
ie you could have a dog infected with "foo plague" and it could be the happiest canine on the planet but infect (sweat, breath, spit - all the way up to blood vectors) every woman he was near.
slashdot mini poll
if you see the number 404 you automatically think #item not found
10%
20%
30%
50%
70%
100%
Commander Taco%
of the time
How would you like to see Your Childs "mySpace" room defaced by this person?
me if i ran a site (and had the jingle to run as a private club) this guy (or any friends of his) would find their account VAPOR.
as it happens i know of one company (with stock) that has blocked myspace from all corporate owned locations and if you somehow get past the block you can be FIRED ON THE SPOT (ie "give me your name tag")
Power = heat.
AC = cool
Freon loops in your computer case = Evil Bad and Wrong
just in case you aren't listening ham radio by definition works best when
THE INFRASTRUCTER IS NO LONGER THERE!!
ie its a mesh tech
oh lets see
1 the entire signal corp (ret)
2 that wierd guy that always seems to get very busy if some sort of disaster hits
3 the first guy to poke his head up when the disater is HERE (see 9/11 and katrina and (insert name of every cat 4 hurricane for the last 20 years))
4 the first guy to hand you a shovel to dig yourself out when "its your turn for disaster" (oh and a sandwich when you are out)
okay for you OLD GEEKS complete the poem
He died at the console
Of hunger and thirst.
Next day he was buried,
(bonus points if you can pull the complete reference)
too bad Adobe decided to suck the Atmosphere(r) out of the web.
but they can't find enough Lawyers to do testing with