It doesn't do that. You will need an egress firewall to do what you think you're doing. And it's going to have to somehow be stateful and understand the difference between a legitimate outgoing connection, and one which isn't. Good luck!
You understand it does do that...
With an entry such as:
127.0.0.1 ads.yahoo.com
all traffic that would be routed to ads.yahoo.com is blocked. replace ads.yahoo.com with an ip address, and that ip address is blocked.
I'm surprised that the people here at/. are that naive about such a simple method of blocking hacking/attempts to hack.
By updating the Host file (yes, it will be a back and forth thing) the ability to block the web sites and keep this crap from coming in - or going out. Great, they can capture all the key strokes they want. HOWEVER: if the data can't make it out, it is useless to them.
Also - for those of us who use a different computer for bank activities: how can we block entire countries?
And this is why I have about 100TB of hard drives lying around. “accidents” happen. Companies change policy. Three hard drives rotated; and this problem wouldn’t exist. I still want to know: How to backup (retain) my email from Yahoo. I wish him the best. I would also be interested in knowing why his accounts were deleted.
First: I've had to use style cop. It sucks. But... we each have our own variation of 'style'; which can be seen here.
So, why not have a 'stylecop' that acts locally; on white space & comments? If I like 3 spaces, and you like 4; we can just get along. The style is formatted on view, not on compile.
This would also fix his problem: When he views it... it will 're-format' to something he likes to see.
You already have to pay your domain registrar and your home ISP.
I actually tried to avoid an itemized... oh well
Many home ISPs' acceptable use policies prohibit running a publicly accessible server from your basement, and they enforce it either through a firewall (blocking inbound connections on 80/443 or on all ports), through carrier-grade network address translation (CGNAT) which doesn't give your computer a public IPv4 address in the first place, or simply through threat of having your home disconnected from the Internet for twelve months. To avoid this threat of disconnection, many customers upgrade to a business-class plan that includes an IPv4 address with inbound and no server ban in the AUP.
... one key term (missing) "commercial"; for profit; (If they start blocking, I switch ISP's... there are three nice ones in the area. It is good having a little competition) I'm using my server as an non-profit information portal. The technique also can route traffic to different ports (using 6 now) based on the actual domain (URL). As for CGNAT implementation... I'll start bitching about being blocked by wikipedia and other broken websites. I will continually ask for credit for non-working internet access. After several credits, they will need to reconsider implementation of CGNAT.
How long ago were these three days spent? If it was years ago, perhaps the installer has improved since then.
It was 2-3 years ago. From above: I'll re-try installation (work... please... work!)
You trust Microsoft to implement the features you need...
Now *THAT* is funny!
They (M$) keep pulling features I need, keep adding bugs (and features) I don't want. Further... key features that I do need as an administrator (Example: export / import a black list of IP addresses is not available.) I *WISH* I could move to a different OS (Linux) but that would add even more to my painful process.
Thank you for the URL, however 'letsencrypt.org' won't work (that I can see) for me... I have windows servers (only worried about one that is public facing). It appears that they only support Linux.
Plan "B"?
I've been trying to replace / upgrade the my key server; the upgrade is dependent on a change to the network. The change to the network involves finding need documentation on non-straightforward 'rout' commands.
Now I have to pay someone else to have a web site that will visible to the public.
My website is primarily static information (actually, it is only static information). I don't exchange any data (other than standard log files)... I don't even use cookies. Now big-ass Google is coming in and I need to pay someone else to have an encryption certificate.
If things were bad enough, the last one I tried to implement... after three days I was not able to implement SSL on my server (help!?!). I suspect that implementation of SSL is one of those "if you know it - it's simple. If you don't - good luck".
Has anyone looked into blocking unwanted communication with mother Microsoft? Using host file, or other techniques (example: router) to keep the system from communicating with servers...
Did the submitter even bother to read the article??
Actually he did. The article has the quote "kill off"... (I was going to post the same thing when the article was in Firehose -- but decided not to) however if you read the article the PC isn't killed (reality nothing is) just the MBR is nuked. Anyone ever hear of "backup" ?
The only thing "exciting" about this one is the detection that is being removed... then it removed the MBR. But there is no elaboration on this action.
Given that they (Facebook) currently censor many posts, given that they continually force us to view "most popular" (by their arbitrary ranking)... why should we trust their "news" ?
I wish those that use it... would find another medium.
Then you have never looked for a software tester / QA position at Boeing.
For example you search Boeing jobs for QA on 5/2/2015 you will see 15 jobs -- none are software specific QA, two of them are software fields... including Cloud Architect 4 and a
Software Release Engineer
If you search for test you will see 97 (Adjusted search for only IT); and a typical job posting (most of the "Software Engineer" postings) will have something like: Other duties may include:
-- Develops software verification plans, test procedures and test environments, executing the test procedures and documenting test results to ensure software system requirements are met;
They may "conform to the DO-178B / DO-178C standard"... but my point is the person performing the test is NOT a software QA professional, rather is the developer of the software.
Full disclosure: There currently are a few QA/test positions open -- including one that is a subsidiary of Boeing.
For all of the QA at Boing; they don't believe in software QA. Take a look at their job openings some time: In years of searching, I've seen only one software QA position, and it wasn't dealing with aircraft. Any such search results will return developers that are to write their own tests against the spec. Developers are not Testers.... and I'll ask: How many more such bugs are out there?
I know of two other software "bugs"... that can be attributed to a lack of QA. How many people will die due to a bad management decision on the part of Boeing?
Disclosure: Yes, I'm a software QA / Test professional.
Given my knowledge of Boeing, the problem isn't with "quality"; the problem is with bad management -- and a culture of failure to admit that management can do no wrong. This can be easily exposed: Take a look at the jobs at Boeing. Look for a software tester / QA position. You will be lucky to find ONE. The jobs you do find are not test/qa; but rather development that can test their own code to the specifications written. And here is where QA comes in: what it there is a problem with the spec? And there is testing: How much testing should be done.
I remember / know of at least two (somewhat recent) incidents with Boeing aircraft that (for anyone that knows software) resulted in a crash of the aircraft -- that can be directly traced to this culture of management can do no wrong and developers test their own code.
In court room.... Defense attorney: Did you test it for purity? Cop/CSI: No Defense attorney: Did you test to determine percentage of illegal substance? Cop/CSI: No Defense attorney: Can I borrow a bill from your wallet? (if necessary... Here, I'll let you keep one of mine.)
Defense attorney then runs water over bill into a small container. Then tests water for cocaine (80% chance that it will test positive) Defense attorney: (several actions... )
1. Move to suppress evidence as Cop/CSI is/has a (potential) conflict -- he has drugs on his person.
2. Move to suppress evidence as anyone including Cop/CSI has drugs on their person.
3. Move to suppress evidence as anyone including Cop/CSI has drugs on their person, as something as simple as a dollar bill from anyone can show drugs on their person, there must be a test or standard to show purity and quantity -- and show evidence that something other than contact with a dollar bill to needs be established before evidence can be entered. (this one is under the assumption of large distribution quantity) ....or any other such / similar action
Not a big fan of execution (takes to long, cost to much, arbitrary application)... however:
Why not use such drugs as cocaine, heroin and the like? There should be a good stock pile of it, they need to test the purity for trials, and when the when necessary dispose of it (the drugs). During the execution... the perpetrator won't feel a thing... and if they did, they wouldn't care about it.
Knowing of mortality; my daughter was murdered, my father died to cancer and my wife was recently diagnosed with cancer. The thought that comes to mind - and as a geek you might see it: What was done on Terminator. Record everything you can. Show her that - you were there for her as much as you can. There was a movie -- I watched as a child where a lady found out that had cancer, and wasn't going to live. She made tape recordings for her daughter (I wish I could remember the name)
You might also consider gifts and/or recordings for her -- example 16th birthday, 18th birthday, graduation and so on. Start now, learn to become comfortable with your recordings. The recordings might be video, audio both... what you feel comfortable with. What little I have of my father are songs that he had song to my mother, and very little of photographs.
As you make the recordings -- I believe that you will think more in terms of what legacy you can provide her. Telling her that she seems to have the same geek that you have, that you were hoping to guild her when she got older. Tell her about going out and getting her that gift for her 16th birthday, how hard it is for you now, and wishing that you were there with her. Much good advise is here on/.
... and management failed to implement policies and practices in place to prevent development from having direct access to production DB's (without oversight). (It did appear that backups were maintained)
Even some thing as simple as "database cleanup" can be a problem when not properly tested. In once instance I was testing a server/database migration/upgrade. In the Test Plan, I called out that permission issues could not be tested (security wouldn't allow it) and failure to test could result in data loss. As predicted - there was a problem that came to permissions that I was disallowed from testing -- that resulted in data loss (Self defense: I tested as best as I could around the known permission issue).
Some highlights: o Worked for large co; found several "Sev 1" bugs on a product was was proposed to be released soon. I was put on inventorying computers; product became one of the larges failures in company's history due to -- bugs. o Same co, later: needed to make a code drop to another business. My job: To make sure that the code worked as expected, and could compile. (they got a "special" version of the code.) I told the PM that we shouldn't have the code on a given storage server -- it (the code) could accidentally be "compiled" causing problems. PM said that would not happen. A few days later, someone compiled the coded on the storage server. PM required that I had to find a way to 'fix it'. At the same time I looked into 'who' compiled the code: The same PM. (This PM was also was responsible for a lawsuit that cost the company millions... and was promoted.)
o Worked for a local utility. Was told that we were going to use a copy of "live customer data" for dev/testing. Objected, was told that "test" customer data could NEVER be visible to "real world". Two weeks into testing: Customer Service contact us -- customer billings were off. Sure enough: "test" was crossed over with "production". (My contract was suddenly "ended" shortly after I reported the security error - that was EXACTLY as I had predicted). About six months later, the state Attorney General was looking into the utility for using... live customer data for testing. o Worked for an aerospace co. Spend a week creating a detailed functional spec on a report needed by the business department. The developed report (delivered a month late) looked NOTHING like the spec. The totals didn't add up to anything, the columns were out of sequence, the colors were wild (not random -- just not anywhere near the spec.) Three days later, my contract suddenly ended. o Worked for a company that managed big data. Found out that they had single point of failure ("fail-over"), and I had experience with fail-over situations. Was told that the data center could never be down for very long, and that this risk was minimal. About three months later, the data center suffered a catastrophic failure that took over a week to get minimal power restored. People involved with the failure were promoted.
So many, many, many more times: Like when development released product to production without consulting testing and caused customer data errors, like development removing all permissions on a SQL table to get their dev work done (when the permissions were re-applied, the code didn't work any more)
A good QA / Tester need to know all of the jobs: Development, PM, customer service and Testing to get the job done. Unfortunately QA never gets paid the level of knowledge that it has, the risk that it assumes, and - it's not unusual for bad management to (FREQUENTLY) have QA reporting to development; for bad management frequently blame the messenger. Interesting all the years that I've worked in QA -- I've never seen bad management get the blame.
At least this article admits to a level of "programmer error". However --- like most "computer error" news articles, this one misses a key point: This (like many others) is actually management error. Management failed to oversee programmers. Management failed implement test. Management failed.
I just wonder how much longer before software testing will get the respect it deserves.
Slashdot Mirror
It doesn't do that. You will need an egress firewall to do what you think you're doing. And it's going to have to somehow be stateful and understand the difference between a legitimate outgoing connection, and one which isn't. Good luck!
You understand it does do that...
/. are that naive about such a simple method of blocking hacking/attempts to hack.
With an entry such as:
127.0.0.1 ads.yahoo.com
all traffic that would be routed to ads.yahoo.com is blocked. replace ads.yahoo.com with an ip address, and that ip address is blocked.
I'm surprised that the people here at
By updating the Host file (yes, it will be a back and forth thing) the ability to block the web sites and keep this crap from coming in - or going out. Great, they can capture all the key strokes they want. HOWEVER: if the data can't make it out, it is useless to them.
Also - for those of us who use a different computer for bank activities: how can we block entire countries?
And this is why I have about 100TB of hard drives lying around. “accidents” happen. Companies change policy. Three hard drives rotated; and this problem wouldn’t exist. I still want to know: How to backup (retain) my email from Yahoo.
I wish him the best. I would also be interested in knowing why his accounts were deleted.
First: I've had to use style cop. It sucks. ... we each have our own variation of 'style'; which can be seen here.
But
So, why not have a 'stylecop' that acts locally; on white space & comments? If I like 3 spaces, and you like 4; we can just get along. The style is formatted on view, not on compile.
This would also fix his problem: When he views it... it will 're-format' to something he likes to see.
Wonder how many lawyers are going to line up, with "discovery" motions to get a look at it. (How are you sure that it was "my" client you tracked...)
You already have to pay your domain registrar and your home ISP.
I actually tried to avoid an itemized ... oh well
Many home ISPs' acceptable use policies prohibit running a publicly accessible server from your basement, and they enforce it either through a firewall (blocking inbound connections on 80/443 or on all ports), through carrier-grade network address translation (CGNAT) which doesn't give your computer a public IPv4 address in the first place, or simply through threat of having your home disconnected from the Internet for twelve months. To avoid this threat of disconnection, many customers upgrade to a business-class plan that includes an IPv4 address with inbound and no server ban in the AUP.
How long ago were these three days spent? If it was years ago, perhaps the installer has improved since then.
It was 2-3 years ago. From above: I'll re-try installation (work... please... work!)
Thank you for the info: I'll follow-up!
You trust Microsoft to implement the features you need...
Now *THAT* is funny!
They (M$) keep pulling features I need, keep adding bugs (and features) I don't want. Further... key features that I do need as an administrator (Example: export / import a black list of IP addresses is not available.) I *WISH* I could move to a different OS (Linux) but that would add even more to my painful process.
You already have to pay your domain registrar and hosting provider.
I actually tried to avoid an itemized list. (Hosting provider: My basement)
But you don't have to pay StartSSL, WoSign, or Let's Encrypt for a TLS certificate.
As noted: After three days of working on just this problem; I was not able to implement SSL.
Thank you for the URL, however 'letsencrypt.org' won't work (that I can see) for me... I have windows servers (only worried about one that is public facing). It appears that they only support Linux.
Plan "B"?
I've been trying to replace / upgrade the my key server; the upgrade is dependent on a change to the network. The change to the network involves finding need documentation on non-straightforward 'rout' commands.
Now I have to pay someone else to have a web site that will visible to the public.
... I don't even use cookies. Now big-ass Google is coming in and I need to pay someone else to have an encryption certificate.
... after three days I was not able to implement SSL on my server (help!?!). I suspect that implementation of SSL is one of those "if you know it - it's simple. If you don't - good luck".
My website is primarily static information (actually, it is only static information). I don't exchange any data (other than standard log files)
If things were bad enough, the last one I tried to implement
Has anyone looked into blocking unwanted communication with mother Microsoft? Using host file, or other techniques (example: router) to keep the system from communicating with servers...
Did the submitter even bother to read the article??
Actually he did. The article has the quote "kill off"... (I was going to post the same thing when the article was in Firehose -- but decided not to) however if you read the article the PC isn't killed (reality nothing is) just the MBR is nuked. Anyone ever hear of "backup" ?
... then it removed the MBR. But there is no elaboration on this action.
The only thing "exciting" about this one is the detection that is being removed
Given that they (Facebook) currently censor many posts, given that they continually force us to view "most popular" (by their arbitrary ranking) ... why should we trust their "news" ? ... would find another medium.
I wish those that use it
You have no idea what you are talking about.
Then you have never looked for a software tester / QA position at Boeing.
... including Cloud Architect 4 and a
Software Release Engineer
... but my point is the person performing the test is NOT a software QA professional, rather is the developer of the software.
For example you search Boeing jobs for QA on 5/2/2015 you will see 15 jobs -- none are software specific QA, two of them are software fields
If you search for test you will see 97 (Adjusted search for only IT); and a typical job posting (most of the "Software Engineer" postings) will have something like:
Other duties may include:
-- Develops software verification plans, test procedures and test environments, executing the test procedures and documenting test results to ensure software system requirements are met;
They may "conform to the DO-178B / DO-178C standard"
Full disclosure: There currently are a few QA/test positions open -- including one that is a subsidiary of Boeing.
For all of the QA at Boing; they don't believe in software QA. Take a look at their job openings some time: In years of searching, I've seen only one software QA position, and it wasn't dealing with aircraft. Any such search results will return developers that are to write their own tests against the spec. Developers are not Testers.... and I'll ask: How many more such bugs are out there?
... that can be attributed to a lack of QA. How many people will die due to a bad management decision on the part of Boeing?
I know of two other software "bugs"
Disclosure: Yes, I'm a software QA / Test professional.
Given my knowledge of Boeing, the problem isn't with "quality"; the problem is with bad management -- and a culture of failure to admit that management can do no wrong. This can be easily exposed: Take a look at the jobs at Boeing. Look for a software tester / QA position. You will be lucky to find ONE. The jobs you do find are not test/qa; but rather development that can test their own code to the specifications written. And here is where QA comes in: what it there is a problem with the spec? And there is testing: How much testing should be done.
I remember / know of at least two (somewhat recent) incidents with Boeing aircraft that (for anyone that knows software) resulted in a crash of the aircraft -- that can be directly traced to this culture of management can do no wrong and developers test their own code.
"he was originally convicted after calling several banks and getting them to send him upwards of £1.8 million."
I want to know what you say to a bank to get them to release that kind (quantity) of money!
In court room.... ... )
....or any other such / similar action
Defense attorney: Did you test it for purity?
Cop/CSI: No
Defense attorney: Did you test to determine percentage of illegal substance?
Cop/CSI: No
Defense attorney: Can I borrow a bill from your wallet? (if necessary... Here, I'll let you keep one of mine.)
Defense attorney then runs water over bill into a small container. Then tests water for cocaine (80% chance that it will test positive)
Defense attorney: (several actions
1. Move to suppress evidence as Cop/CSI is/has a (potential) conflict -- he has drugs on his person.
2. Move to suppress evidence as anyone including Cop/CSI has drugs on their person.
3. Move to suppress evidence as anyone including Cop/CSI has drugs on their person, as something as simple as a dollar bill from anyone can show drugs on their person, there must be a test or standard to show purity and quantity -- and show evidence that something other than contact with a dollar bill to needs be established before evidence can be entered. (this one is under the assumption of large distribution quantity)
Not a big fan of execution (takes to long, cost to much, arbitrary application) ... however: ... the perpetrator won't feel a thing ... and if they did, they wouldn't care about it.
Why not use such drugs as cocaine, heroin and the like? There should be a good stock pile of it, they need to test the purity for trials, and when the when necessary dispose of it (the drugs). During the execution
Knowing of mortality; my daughter was murdered, my father died to cancer and my wife was recently diagnosed with cancer. The thought that comes to mind - and as a geek you might see it: What was done on Terminator. Record everything you can. Show her that - you were there for her as much as you can. There was a movie -- I watched as a child where a lady found out that had cancer, and wasn't going to live. She made tape recordings for her daughter (I wish I could remember the name)
... what you feel comfortable with. What little I have of my father are songs that he had song to my mother, and very little of photographs.
/.
You might also consider gifts and/or recordings for her -- example 16th birthday, 18th birthday, graduation and so on. Start now, learn to become comfortable with your recordings. The recordings might be video, audio both
As you make the recordings -- I believe that you will think more in terms of what legacy you can provide her. Telling her that she seems to have the same geek that you have, that you were hoping to guild her when she got older. Tell her about going out and getting her that gift for her 16th birthday, how hard it is for you now, and wishing that you were there with her. Much good advise is here on
... and management failed to implement policies and practices in place to prevent development from having direct access to production DB's (without oversight). (It did appear that backups were maintained)
Even some thing as simple as "database cleanup" can be a problem when not properly tested. In once instance I was testing a server/database migration/upgrade. In the Test Plan, I called out that permission issues could not be tested (security wouldn't allow it) and failure to test could result in data loss. As predicted - there was a problem that came to permissions that I was disallowed from testing -- that resulted in data loss (Self defense: I tested as best as I could around the known permission issue).
Some highlights: ... live customer data for testing.
o Worked for large co; found several "Sev 1" bugs on a product was was proposed to be released soon. I was put on inventorying computers; product became one of the larges failures in company's history due to -- bugs.
o Same co, later: needed to make a code drop to another business. My job: To make sure that the code worked as expected, and could compile. (they got a "special" version of the code.) I told the PM that we shouldn't have the code on a given storage server -- it (the code) could accidentally be "compiled" causing problems. PM said that would not happen. A few days later, someone compiled the coded on the storage server. PM required that I had to find a way to 'fix it'. At the same time I looked into 'who' compiled the code: The same PM. (This PM was also was responsible for a lawsuit that cost the company millions... and was promoted.) o Worked for a local utility. Was told that we were going to use a copy of "live customer data" for dev/testing. Objected, was told that "test" customer data could NEVER be visible to "real world". Two weeks into testing: Customer Service contact us -- customer billings were off. Sure enough: "test" was crossed over with "production". (My contract was suddenly "ended" shortly after I reported the security error - that was EXACTLY as I had predicted). About six months later, the state Attorney General was looking into the utility for using
o Worked for an aerospace co. Spend a week creating a detailed functional spec on a report needed by the business department. The developed report (delivered a month late) looked NOTHING like the spec. The totals didn't add up to anything, the columns were out of sequence, the colors were wild (not random -- just not anywhere near the spec.) Three days later, my contract suddenly ended.
o Worked for a company that managed big data. Found out that they had single point of failure ("fail-over"), and I had experience with fail-over situations. Was told that the data center could never be down for very long, and that this risk was minimal. About three months later, the data center suffered a catastrophic failure that took over a week to get minimal power restored. People involved with the failure were promoted.
So many, many, many more times: Like when development released product to production without consulting testing and caused customer data errors, like development removing all permissions on a SQL table to get their dev work done (when the permissions were re-applied, the code didn't work any more)
A good QA / Tester need to know all of the jobs: Development, PM, customer service and Testing to get the job done. Unfortunately QA never gets paid the level of knowledge that it has, the risk that it assumes, and - it's not unusual for bad management to (FREQUENTLY) have QA reporting to development; for bad management frequently blame the messenger. Interesting all the years that I've worked in QA -- I've never seen bad management get the blame.
At least this article admits to a level of "programmer error". However --- like most "computer error" news articles, this one misses a key point: This (like many others) is actually management error. Management failed to oversee programmers. Management failed implement test. Management failed.
I just wonder how much longer before software testing will get the respect it deserves.
Why wait that long?
Request: Linux developers -- please provide us with a smooth migration path!
Let me get rid of my various Windows OS's.