You're not a native English speaker? Then maybe you can understand it??! I'm a native English speaker, and it sounds outrageous. But it's also confusing to read! Why can't contracts be in plain ENGLISH? Hire your lawyer to draw up a Terms of Service agreement, and then give it an office receptionist or someone to translate. Use *That* as the agreement!
I was skimming through the comments and saw this. I thought it was some bigotted statement because they provided you with poor service or whatever.
But then I realized how right you are. I don't use Sprint for my web access, but my ISP has frequent outages. One day I decided to see why I couldn't get out, and I ran traceroute. It spat off about 10 lines, and then paused in between several "*.sprintlink.net" addresses. After about three lines of timeout asterisks, I stopped it. (That's forty-five seconds of no data.)I do agree, however, that it would be hard to kick them off the Internet. I suppose if you could sue them for a few trillion dollars or something...:)
I've actually told people to send me viruses. (Virii?) They brag about being some super L33t h4x0r or whatever, and mention that they have lots of viruses to send to people who bug them. They always look at me funny when I say "Send it to me." (I have, however, replied to virus warnings with things like "OH MY GOD!!! THANKS FOR TELLING ME! THIS VIRUS WOULD WASTE MY BANDWIDTH! I'LL HAVE TO BE CAREFUL! THANK YOU!")
Anyway... My point. I do not want a filtering ISP. They might start by filtering out known viruses, but if I write a program named "Melissa.exe" and send it to my girlfriend named "Melissa", would they delete my message and try to sue me?
I'm probably violating MY ISP's TOS by posting this, but my TOS stinks! (Trying to keep it clean, my TOS prevents obscene language, too.)
What really gets me is that they prevent "TELNET" and "FTP". They're essentially telling us we can't use UNIX unless we shut down every single service on it, and, after that, you might as well be using a Windoze box...
However, I try to telnet into my firewall/server occasionally. Why? They say no "TELNET". Try it! Type "TELNET" at the command prompt. What happens? "TELNET: Command not found." I'm not using TELNET, I'm using telnet.:)
They can challenge us, yell at us for violating their TOS. But, truthfully, it wouldn't stand up court. It's not written in legal babble -- it's normal gibberish. I have to wonder if THEY understood what they were writing... If strictly interpreted, you can't use a computer with their service. (It depends on your interpretation of "server" -- my desktop computer is a server. FTP, telnet, HTTP, mail... Who connects to it? Me. From where? It. I very rarely connect to my desktop computer remotely. But it's still a server.)
I'm convinced that patents are harming us. Everyone seems to think patents are getting dumber and dumber, but has anyone really considered what we're doing? Rather than creating new, innovative ideas, we're patenting everything that already exists. I think it's time the patent office made some big changes. Because, the more you look at it, the more you realize that patents are not serving their intended purpose -- preventing people from stealing *new* ideas. Rather, they're stifling competition by making it illegal to breath unless you pay someone royalties. (Okay, that's still a few years off.)
...this recent development can pose grave national-security-related concerns
Umm... Now I'm scared. Hasn't Microsoft always been a security threat? I started this post off as a joke, but then I realized something -- the US government is filing an "Anti-Trust" lawsuit against Microsoft. Now, last time I checked, "Anti-Trust" means that you don't trust them...
So why are they just now saying that they should be wary of Microsoft products? Strangely, I'm reminded of that ad Microsoft ran in Germany, with pictures of penguins with an elephant's trunk, etc..., saying something to the effect of "What if your penguin becomes something else?" It just seems so fitting when reversed. What if your "super-high-security" Windows server suddenly becomes the carrier of a virus the crackers did, when they "cracked" into Microsoft? Nothing! It's closed source; you're left to fear Microsoft. But what about Linux? If it suddenly warps into the same thing, you remove a few lines of code, and go over it to make sure it's secure.
A few people I know (I would hesitate to call them friends) occasionally poke fun at me for spending too much time in the computer lab. I thought I'd tell my little tale because of its bizarrity: most of these people tell me this when they see me in the computer lab. Something doesn't figure. I suppose it has to do with the fact that I use UNIX machines and lots of terminal windows, while they use Internet Explorer to go to "normal people" sites.
SuSE comes (came) on SIX CD's. You can do a fairly reasonable installation from it (although I still cannot figure out how keep the darned KDE from installing). I had played with RedHat on a small hard drive, and I decided to spring for something bigger and better. I went out and bought a 20 GB hard drive. Came home, put SuSE into the CD drive, and began a fresh install. Full install, every single thing on the CDs. It took several hours, and I would occasionally catch it installing something highly bizarre (I distinctly recall seeing "German ZIP Code Database" on the package installation list). When all was said and done, I had used up just under half of my 20 GB drive.
Do I moan about having a 10 GB Linux installation? Heck no! Compare it to having a large house. If anything, I brag about the size of my install. I think the people who are determined to squeeze their entire OS into a few megs of space and save the rest of their precious oxidized metal for their own documents are nuts. I'm constantly downloading junk, and my hard drive is shown as being at 48% use. With an enormous OS installation, I still have over 10 GB for stuff.
Re:Sounds really intuitive, no no, really.
on
3D GUI Project
·
· Score: 1
I know several people, including myself, who have a 2-button mouse, and a wheel. The wheel is used as a third button. Pressing both at the same time is an uncomfortable thing to do; not something I'd want to do every time I go to start a program.
Also, what about the average computer user - who has two buttons? They have to throw out their mouse and try to find a piece of hardware that is barely made?!
C3D will have2 different Perspectives 3rd Person and 1st Person. 3rd Person is shown here... the 1st Person Perspective is even faster to use than the 3rd Person view point. The 1st Person View Point will not be discussed at this time.
"We have this great new technology that is faster and better. It will not be discussed at this time.
What?! Okay, now I'm really curious. Could someone please explain to everyone the difference? I'm going to die of curiousity!
Re:The only way this could be done. . .
on
Nazis on Napster
·
· Score: 1
No, seriously. What the heck is a "Nazi song"? You seem to allude to the fact that it's rather broad. I'm questioning what the heck it's supposed to mean in the first place.
BMG has been requested to stop all trading of music with lyrics that some find offensive.
I think people who request outrageous things ("Someone might find this offensive! We better get rid of it!") should be permanently banned from the Internet.
Perhaps they should, just to be on the "safe side", put a warning that, in nicer words, says "To the disappointment of some, you have not died and gone to heaven. Therefore, please understand that, by using our service, you may encounter offensive content. If you are one of the idiots who expects the Internet to be maintained to the likings of the Pope, you are prohibited from accessing our service."
(BTW, in case it comes up... I am *not* making fun of the Pope or anything of that nature.)
I was just adjusting my user preferences (some AC has been acting up again), and I saw that you could adjust the posting preferences -- the format for your post. There was HTML Formatted, Plain Text, and "Code". (There were a few others, too.)
I don't quite know what it does, perhaps you've already tried it. But I just wanted to point out that it does exist.
It's quite likely that I've missed something; please help me understand Distributed.net.
A bunch of people get data from a central server, and all the computer analyze this data. In essence, what they're doing is cracking encryption.
I'm pretty sure I'm right on that, but I still don't understand why. Are you trying to find security loopholes? I think this is the point, in which case I find the whole project rather pointless - anyone who pools together millions of computers can crack encryption eventually. As an analogy... Imagine that you are testing a new computer for Mil Spec - it has to be extremely durable. I see Distributed.net as the equivalent of stacking up 40,000 tanks and dropping them all at once from a helicopter. Oh my gosh! You found a problem with the server. But in reality, who on earth is going to do it?!
Again, I might misunderstand - this project could be something that is done for "fun" (let's see who can crack the code quickest), or for more devious purposes... Please reply with your comments; I think I misunderstand the project.
Some people might say that this is... just a corporate scheme to get some kids arrested.
You're absolutely right, but this is an outrageous idea. There was a huge discussion over whether or not this was "entrapment" (which only the FBI can do, or something like that). You're catching them in the act. Your example of a video camera is good. You are not really doing anything different (by running a honeypot), except it can deny them access to your network. But if you see the person who stole the candy bar trying to come into your store, and you tell him to stay out, is this entrapment? I think not!
The one thing I'd like to stress is this - poking around isn't necessarily wrong.
Sure, if I randomly decided to "poke around" at guessing the root password on the company's main server, I could understand being fired. But finding a new server on the network and seeing if your account works should not be something you challenge - provided that they only try their account.
BTW, people who try to crack the desktop of a security professional should be put on record as having being fired for both attempting to breach system security and for stupidity. ("Oh, let's go hack the IT security guy's desktop. Bet he'll never figure it out!" Duh...)
And for those who are even more adventuresome, reactive honeypots can be configured to flood the intruder's IP...
There was a case quite a while ago about whether "hacking back" was legal or not. I don't really remember the details, but I think someone hacked into a company's servers, and the IT staff at the company saw this and "hacked back" (maybe they just DoS'd the attacker).
The one thing I still remember from this is the line (to paraphrase, most likely) "Not only did they do something illegal; they issued a press release bragging to the world that they did it."
The bottom line - think twice about this. Even if you are 100% sure that the IP you're about to flood is the IP of someone who's trying to bring down your system. I don't know the laws, but I don't think the same kind of "personal defense" laws apply here. (I could be wrong.)
I can't imagine a hacker not doing a 'users' upon login, and figuring out something was up...
This isn't hard to fix... Either create a bunch of accounts and manually log in, or have another system login.
Let's go back to the VM idea...Set up an old server to run two VM's. One is the honeypot, and one is a server with *no* outside access, that is given random IPs. (It is easy to give multiple IPs to one NIC.) Create maybe 20 usernames, and write a script to randomly log them in/out.
Of course, if I were a cracker (I am not), and I broke into a machine and saw that 75 people were using it, I would want to either crash it real quick, or I'd want to get out of there until no one was on. Perhaps what you want is an up-to-date "last", so that they will see that a bunch of people logged off at 5. They will surmise that the "workers" left, and that they have the system to themselves.
I've seen VMware lock up, and when it does, I've seen the whole system go down. I can't speak for the new versions, this was quite some time ago. But if you decide to run a bunch of VM's on a critical machine and open them up to crackers, you're asking for trouble.
That said, if you want to save money by running several VM's on an old unimportant machine, go for it...
The only other thing is that they're technically working on your server. It shouldn't be too hard to figure out the "real" machine you're working on, and crack that.
Set up a system that is rather easy to crack, but will take a good amount of time to crack. Then whip up a small script that will - the second *anyone* successfully logs in - shutdown the server.
I would pay money to see the look on the crackers face as they see this:
Welcome... (MOTD)
[root@firewall/root]#
Message from root:
This system is going down NOW!
It would be nice to turn the tables around and, for once, make the script kiddy the one who gets ticked off...
Yep. This whole thing came up a while, and it is one of the primary reasons for not doing it.
Of course, if you set this up in a business scenario and your job is to watch people in real-time, this might not be a problem - if all else fails, you pull the cord.
But if you're setting up a honeypot just for your own amusement at home, better be really cautious about this. (Is it possible to stick it behind an invisible firewall that will block *everything* except telnet, and only to the IP that they are from?)
Slashdot Mirror
You're not a native English speaker? Then maybe you can understand it??! I'm a native English speaker, and it sounds outrageous. But it's also confusing to read! Why can't contracts be in plain ENGLISH? Hire your lawyer to draw up a Terms of Service agreement, and then give it an office receptionist or someone to translate. Use *That* as the agreement!
Sorry for the useless italics... I guess I absent-mindedly put in an "I" tag. It has no significance at all.
But then I realized how right you are. I don't use Sprint for my web access, but my ISP has frequent outages. One day I decided to see why I couldn't get out, and I ran traceroute. It spat off about 10 lines, and then paused in between several "*.sprintlink.net" addresses. After about three lines of timeout asterisks, I stopped it. (That's forty-five seconds of no data.)I do agree, however, that it would be hard to kick them off the Internet. I suppose if you could sue them for a few trillion dollars or something... :)
Anyway... My point. I do not want a filtering ISP. They might start by filtering out known viruses, but if I write a program named "Melissa.exe" and send it to my girlfriend named "Melissa", would they delete my message and try to sue me?
What really gets me is that they prevent "TELNET" and "FTP". They're essentially telling us we can't use UNIX unless we shut down every single service on it, and, after that, you might as well be using a Windoze box...
However, I try to telnet into my firewall/server occasionally. Why? They say no "TELNET". Try it! Type "TELNET" at the command prompt. What happens? "TELNET: Command not found." I'm not using TELNET, I'm using telnet. :)
They can challenge us, yell at us for violating their TOS. But, truthfully, it wouldn't stand up court. It's not written in legal babble -- it's normal gibberish. I have to wonder if THEY understood what they were writing... If strictly interpreted, you can't use a computer with their service. (It depends on your interpretation of "server" -- my desktop computer is a server. FTP, telnet, HTTP, mail... Who connects to it? Me. From where? It. I very rarely connect to my desktop computer remotely. But it's still a server.)
Okay, I'm done. Sorry for my rant. :)
I'm convinced that patents are harming us. Everyone seems to think patents are getting dumber and dumber, but has anyone really considered what we're doing? Rather than creating new, innovative ideas, we're patenting everything that already exists. I think it's time the patent office made some big changes. Because, the more you look at it, the more you realize that patents are not serving their intended purpose -- preventing people from stealing *new* ideas. Rather, they're stifling competition by making it illegal to breath unless you pay someone royalties. (Okay, that's still a few years off.)
Umm... Now I'm scared. Hasn't Microsoft always been a security threat? I started this post off as a joke, but then I realized something -- the US government is filing an "Anti-Trust" lawsuit against Microsoft. Now, last time I checked, "Anti-Trust" means that you don't trust them...
So why are they just now saying that they should be wary of Microsoft products? Strangely, I'm reminded of that ad Microsoft ran in Germany, with pictures of penguins with an elephant's trunk, etc..., saying something to the effect of "What if your penguin becomes something else?" It just seems so fitting when reversed. What if your "super-high-security" Windows server suddenly becomes the carrier of a virus the crackers did, when they "cracked" into Microsoft? Nothing! It's closed source; you're left to fear Microsoft. But what about Linux? If it suddenly warps into the same thing, you remove a few lines of code, and go over it to make sure it's secure.
A few people I know (I would hesitate to call them friends) occasionally poke fun at me for spending too much time in the computer lab. I thought I'd tell my little tale because of its bizarrity: most of these people tell me this when they see me in the computer lab. Something doesn't figure. I suppose it has to do with the fact that I use UNIX machines and lots of terminal windows, while they use Internet Explorer to go to "normal people" sites.
Do I moan about having a 10 GB Linux installation? Heck no! Compare it to having a large house. If anything, I brag about the size of my install. I think the people who are determined to squeeze their entire OS into a few megs of space and save the rest of their precious oxidized metal for their own documents are nuts. I'm constantly downloading junk, and my hard drive is shown as being at 48% use. With an enormous OS installation, I still have over 10 GB for stuff.
Umm... Yes, but sans the trading part. Also, they will not throw the planets around and have weird pointless magic stuff happen.
Maybe they use Plan-9 on Planet 9!
Also, what about the average computer user - who has two buttons? They have to throw out their mouse and try to find a piece of hardware that is barely made?!
"We have this great new technology that is faster and better. It will not be discussed at this time.
What?! Okay, now I'm really curious. Could someone please explain to everyone the difference? I'm going to die of curiousity!
We all know that it was Al Gore's Internet. (TM?)
No, seriously. What the heck is a "Nazi song"? You seem to allude to the fact that it's rather broad. I'm questioning what the heck it's supposed to mean in the first place.
I think people who request outrageous things ("Someone might find this offensive! We better get rid of it!") should be permanently banned from the Internet.
Perhaps they should, just to be on the "safe side", put a warning that, in nicer words, says "To the disappointment of some, you have not died and gone to heaven. Therefore, please understand that, by using our service, you may encounter offensive content. If you are one of the idiots who expects the Internet to be maintained to the likings of the Pope, you are prohibited from accessing our service."
(BTW, in case it comes up... I am *not* making fun of the Pope or anything of that nature.)
I was just adjusting my user preferences (some AC has been acting up again), and I saw that you could adjust the posting preferences -- the format for your post. There was HTML Formatted, Plain Text, and "Code". (There were a few others, too.)
I don't quite know what it does, perhaps you've already tried it. But I just wanted to point out that it does exist.
BTW, I'm going to give the code a try. Thanks.
A bunch of people get data from a central server, and all the computer analyze this data. In essence, what they're doing is cracking encryption.
I'm pretty sure I'm right on that, but I still don't understand why. Are you trying to find security loopholes? I think this is the point, in which case I find the whole project rather pointless - anyone who pools together millions of computers can crack encryption eventually. As an analogy... Imagine that you are testing a new computer for Mil Spec - it has to be extremely durable. I see Distributed.net as the equivalent of stacking up 40,000 tanks and dropping them all at once from a helicopter. Oh my gosh! You found a problem with the server. But in reality, who on earth is going to do it?!
Again, I might misunderstand - this project could be something that is done for "fun" (let's see who can crack the code quickest), or for more devious purposes... Please reply with your comments; I think I misunderstand the project.
You're absolutely right, but this is an outrageous idea. There was a huge discussion over whether or not this was "entrapment" (which only the FBI can do, or something like that). You're catching them in the act. Your example of a video camera is good. You are not really doing anything different (by running a honeypot), except it can deny them access to your network. But if you see the person who stole the candy bar trying to come into your store, and you tell him to stay out, is this entrapment? I think not!
Sure, if I randomly decided to "poke around" at guessing the root password on the company's main server, I could understand being fired. But finding a new server on the network and seeing if your account works should not be something you challenge - provided that they only try their account.
BTW, people who try to crack the desktop of a security professional should be put on record as having being fired for both attempting to breach system security and for stupidity. ("Oh, let's go hack the IT security guy's desktop. Bet he'll never figure it out!" Duh...)
There was a case quite a while ago about whether "hacking back" was legal or not. I don't really remember the details, but I think someone hacked into a company's servers, and the IT staff at the company saw this and "hacked back" (maybe they just DoS'd the attacker).
The one thing I still remember from this is the line (to paraphrase, most likely) "Not only did they do something illegal; they issued a press release bragging to the world that they did it."
The bottom line - think twice about this. Even if you are 100% sure that the IP you're about to flood is the IP of someone who's trying to bring down your system. I don't know the laws, but I don't think the same kind of "personal defense" laws apply here. (I could be wrong.)
This isn't hard to fix... Either create a bunch of accounts and manually log in, or have another system login.
Let's go back to the VM idea...Set up an old server to run two VM's. One is the honeypot, and one is a server with *no* outside access, that is given random IPs. (It is easy to give multiple IPs to one NIC.) Create maybe 20 usernames, and write a script to randomly log them in/out.
Of course, if I were a cracker (I am not), and I broke into a machine and saw that 75 people were using it, I would want to either crash it real quick, or I'd want to get out of there until no one was on. Perhaps what you want is an up-to-date "last", so that they will see that a bunch of people logged off at 5. They will surmise that the "workers" left, and that they have the system to themselves.
I've seen VMware lock up, and when it does, I've seen the whole system go down. I can't speak for the new versions, this was quite some time ago. But if you decide to run a bunch of VM's on a critical machine and open them up to crackers, you're asking for trouble.
That said, if you want to save money by running several VM's on an old unimportant machine, go for it...
The only other thing is that they're technically working on your server. It shouldn't be too hard to figure out the "real" machine you're working on, and crack that.
Set up a system that is rather easy to crack, but will take a good amount of time to crack. Then whip up a small script that will - the second *anyone* successfully logs in - shutdown the server.
I would pay money to see the look on the crackers face as they see this:
Welcome... (MOTD) /root]#
[root@firewall
Message from root:
This system is going down NOW!
It would be nice to turn the tables around and, for once, make the script kiddy the one who gets ticked off...
But if you're setting up a honeypot just for your own amusement at home, better be really cautious about this. (Is it possible to stick it behind an invisible firewall that will block *everything* except telnet, and only to the IP that they are from?)