You're underestimating the problem here. Banks can sign their e-mails using S/MIME until the cows come home and it won't do a thing to combat phishing. Phishing victims are naive and would not relate to the importance of checking for a valid S/MIME signature. They already have similar funcitonality in their web browsers with SSL and the "lock" icon and it's not working.
As an aside, many banks are now using DKIM to sign their messages at SMTP time. It's up to the recipient to verify the signatures.
As usual, I see a lot of highly-moderated "Insightful" comments discussing how these viruses are written just for the sake of writing them. These viruses and worms are used to build botnets that are used for DDoS, phishing and spamming. The authors of Zotob allegedly released over 200 variants of their worm to help numerous people build botnets.
It's unfortunate that so much media attention is paid to the authors of the virus and so little paid to its consumers. They are the ones filling your e-mail box with advertisements for ClAIS and VÌAGRRA and asking for your SSN.
These worms are often used to build armies of zombie PCs that criminals use to do mean things with. Most of your spam comes from virus infected machines. Don't believe me? Check the received headers.
I doubt that you will ever find me working for the #1 company in a field, whether it be Google, Microsoft, or whoever. Almost anybody can help keep the company at the top on top, it's a matter of inertia. The real gems are those who can raise a company from the bottom to the top.
Admittedly, it's a lot easier going to a well-organized company that is on the top for a reason. But, what's the point? Work hard and be the next guy at the top.
Unless they are prepared to offer you two years severance pay as compensation for not being allowed to work in your field for two years, it would be foolish on your part to sign that contract. Don't do it. If you're any good, you shouldn't have trouble finding a new job.
To put things into perspective: I've just recently quit grad school and taken up a senior-level position at a major software company.
As long as you know your stuff, you'll be just fine. Work hard during your probation and do your best to fit in and make lots of friends around the office. Just as you did in grad school, befriend the administrative assistants. Keep sharp on your scholarly research area and try to keep publishing through your job. Try not to take on more that you can accomplish, no matter how eager you are.
Most importantly: Enjoy reaping the fruits of your labour!
On Sunday, I accidentally washed my MPman MP-F56. I heard a clunking sound coming from my washer/dryer but was preoccupied and didn't do anything about it. When I went to fold my laundry, there was my MPman, minus its battery and battery cover (still can't find it!). I put in a new battery and turned it on... still works!
The salesman who reluctantly sold it to me really wanted me to buy a HD-based player instead. Who's laughing now, jerk?
It seems that the submitter was in such a hurry to plagiarise this article that he didn't have time to proofread it first.
Without further ado, here are some corrections:
pushl $value of print/x *((int *) $ebp + 1)
movl $0xdeadbeef, %eax
ret
nop
To compile this code into an object file, type into the shell gcc -O2 -c assembly.s and then dissemble it by typing objdump -d assembly.o > input.txt.
For example, if %ebp equaled bf ff ef d8 it would become d8 ef ff bf. Once this is all done you can test your exploit by saving input.txt and then typing in./text < input.txt into the shell.
I work for a major AV company, so feel free to take this with a grain of salt.
Don't waste your time dealing with the symptoms of these virus attacks. Do something about the source: Insecure Windows-based desktop PCs.
Get your school to purchase a site license for a computer security suite that has an anti-virus engine, anti-spyware engine, a firewall and remote administration. My alma mater is a McAfee customer. They use EPO to manage and push updates to every Windows machine on campus as well as to control the firewall settings. I'd expect that Symantec's offerings are similar.
If your university's IT department has any budget at all, it should be an easy sell. They will quickly recover the cost of the software licenses through bandwidth conservation and fewer support tickets related to infected machines.
You are forgetting an important detail. AOL/Time Warner. RIAA, MPAA and ISP all in one. Being one of the largest ISPs in the world and a major producer of television/music/movies, why wouldn't they implement their own policies?
The basic scholarship that everyone applies to is the PGS Masters (or Doctoral). This year, it was worth $17,300. Competition is very tough for them and applications are usually due in September to start in the next year.
If you're willing to put in the work and earn a 4.0 grade point average, you are elligible for an Industrial Postgraduate Scholarship (IPS). They are worth a minimum of $21,000/yr for two years. The idea is that you work with a company (very similar to co-op for undergrads) who pays part of the scholarship in return for 20% of your time spent on a research project. There is no application deadline for this scholarship and it usually takes about a month for approval. I was pre-approved for one of these scholarships when I unsuccessfully applied for a PGS.
Depending on your specific discipline, they offer other scholarships as well. I suggest that you check it out for yourself.
Here is a possible way for how you can find the odds of an asteroid hitting the Earth.
Measure the trajectory of the asteroid multiple times and find the mean, E(X), and variance, V(X), of your measurements. These measurements will follow a normal distribution.
Compute two distances between the Earth and the mean estimate of the the asteroid's position. These two distances should be the closest that the asteroid can be to hit the Earth and the farthest.
Take these two distances and convert the distribution to a standard normal distribution using the formula (E(x) - d)/sqrt(V(X)). Then, use your lookup table for the cumulative density function of the standard normal distribution (it's on the inside cover of most statistics books) to find P(d1 = x = d2), the probability that the asteroid will intersect with the Earth.
That'll teach me to carry my cell phone in my pocket so close to my junk. My children are going to be able to stick to walls and control fire.
Missed an important detail in his criticism
on
How Can I Trust Firefox?
·
· Score: 4, Insightful
It dutifully tells me the extension isn't signed (good), but makes the default choice Install Now (bad). This is the opposite of what Internet Explorer decided to default to when it detected unsigned code (ref: above). Now tell me again, which is the more secure browser?
Of course, FireFox won't install any extension downloaded from a site not explicitly whitelisted. It should also be noted that the only site that is whitelisted by default is update.mozilla.org. If Mozilla.org was going to pwn you with a Firefox extension, why wouldn't the save themselves some trouble and just pwn you with TrojanFox?
Was this a deliberate omission? Probably.
Also, complaining about MessageBoxes not working when running software in a non-standard environment (virtual machine) is silly. Odds are that the problem was display driver-related anyway.
WalMart doesn't want to go to the expense of sending the product back to the vendor. As far as I know, they can't resell software and music as new once it's been opened. It's just easier for them to say "It's illegal for you to return this software" than "We don't want to deal with the RMA or take a loss on it."
Judging by the +3 and higher comments, it seems that nobody is thinking outside the box. There is no mutual information between an e-mail not having a hashcash stamp on it and being spam. However, if an e-mail has a valid hashcash stamp, it's probably legitimate. Thus, while hashcash can't really help your spam filter reduce false negatives (spams that it lets through), it helps reduce false positives (legitimate e-mails that are blocked).
I personally stamp all of my outgoing e-mail with 20 bits of hashcash postage. It's easy to do and requires very little CPU time. Here's how I do it:
I have stunnel listening on port 465 which forwards connections to MEsmtpd. After authenticating the sender, MEsmtpd pipes the message to hashcash-sendmail which adds 20-bit stamps for each recipient to the e-mail and passes it on to sendmail. I don't have to do anything at all in my e-mail clients. There you have it, easy as pie.
Regarding that stupid "your spam solution won't work" checklist, Spam classification is a hard problem. It can't be solved by any one approach. Even though Hashcash won't stop any spam, it can still make your spam filter more effective.
P.S. SpamAssassin supports Hashcash. See Mail::SpamAssassin::Plugin::Hashcash.
You are mistaken about why McDonald's served coffee so hot. It was not to satisfy the request of customers but so that the coffee would keep fresh longer before they would need to make a new pot [1]. Stella Liebeck was scalded because McDonald's wanted to increase profits by saving money on coffee grounds.
I know that in the ligitious society that you live in, it is popular (and probably deserved) to mock lawsuits. However, in this particular case, McDonalds willfully and knowingly did something dangerous in the name of profit. Had Liebeck not filed suit, the number of customers seriously burned would not have stopped at 700.
Big business does a lot of shady, dangerous things in the name of making more money. If anything, more people should sue when it is necessary.
I can see the submitter's apartment building from my front window but I have no idea who they are. Not that any Slashdot reader could ever be accused of seldom going outside to meet one's neighbours...
P.S. I don't play badminton, but I do play squash.
Slashdot Mirror
Please contact me by e-mail.
You're underestimating the problem here. Banks can sign their e-mails using S/MIME until the cows come home and it won't do a thing to combat phishing. Phishing victims are naive and would not relate to the importance of checking for a valid S/MIME signature. They already have similar funcitonality in their web browsers with SSL and the "lock" icon and it's not working.
As an aside, many banks are now using DKIM to sign their messages at SMTP time. It's up to the recipient to verify the signatures.
As usual, I see a lot of highly-moderated "Insightful" comments discussing how these viruses are written just for the sake of writing them. These viruses and worms are used to build botnets that are used for DDoS, phishing and spamming. The authors of Zotob allegedly released over 200 variants of their worm to help numerous people build botnets.
It's unfortunate that so much media attention is paid to the authors of the virus and so little paid to its consumers. They are the ones filling your e-mail box with advertisements for ClAIS and VÌAGRRA and asking for your SSN.
Botnets, phishing, spamming, ddos.
These worms are often used to build armies of zombie PCs that criminals use to do mean things with. Most of your spam comes from virus infected machines. Don't believe me? Check the received headers.
I doubt that you will ever find me working for the #1 company in a field, whether it be Google, Microsoft, or whoever. Almost anybody can help keep the company at the top on top, it's a matter of inertia. The real gems are those who can raise a company from the bottom to the top.
Admittedly, it's a lot easier going to a well-organized company that is on the top for a reason. But, what's the point? Work hard and be the next guy at the top.
See you there!
Unless they are prepared to offer you two years severance pay as compensation for not being allowed to work in your field for two years, it would be foolish on your part to sign that contract. Don't do it. If you're any good, you shouldn't have trouble finding a new job.
To put things into perspective: I've just recently quit grad school and taken up a senior-level position at a major software company.
As long as you know your stuff, you'll be just fine. Work hard during your probation and do your best to fit in and make lots of friends around the office. Just as you did in grad school, befriend the administrative assistants. Keep sharp on your scholarly research area and try to keep publishing through your job. Try not to take on more that you can accomplish, no matter how eager you are.
Most importantly: Enjoy reaping the fruits of your labour!
...is that they have content worth protecting in the first place.
I'm really not too interested in "consuming" their content in the first place, let alone "stealing" it.
On Sunday, I accidentally washed my MPman MP-F56. I heard a clunking sound coming from my washer/dryer but was preoccupied and didn't do anything about it. When I went to fold my laundry, there was my MPman, minus its battery and battery cover (still can't find it!). I put in a new battery and turned it on... still works!
The salesman who reluctantly sold it to me really wanted me to buy a HD-based player instead. Who's laughing now, jerk?
Without further ado, here are some corrections:
To compile this code into an object file, type into the shell gcc -O2 -c assembly.s and then dissemble it by typing objdump -d assembly.o > input.txt.
For example, if %ebp equaled bf ff ef d8 it would become d8 ef ff bf. Once this is all done you can test your exploit by saving input.txt and then typing in
I work for a major AV company, so feel free to take this with a grain of salt.
Don't waste your time dealing with the symptoms of these virus attacks. Do something about the source: Insecure Windows-based desktop PCs.
Get your school to purchase a site license for a computer security suite that has an anti-virus engine, anti-spyware engine, a firewall and remote administration. My alma mater is a McAfee customer. They use EPO to manage and push updates to every Windows machine on campus as well as to control the firewall settings. I'd expect that Symantec's offerings are similar.
If your university's IT department has any budget at all, it should be an easy sell. They will quickly recover the cost of the software licenses through bandwidth conservation and fewer support tickets related to infected machines.
You are forgetting an important detail. AOL/Time Warner. RIAA, MPAA and ISP all in one. Being one of the largest ISPs in the world and a major producer of television/music/movies, why wouldn't they implement their own policies?
Not to nit pick your nit pick, but he is not the only potential CS/engineering graduate student who reads Slashdot.
If you'll be studying in Canada, you need to look at the Natural Science and Engineering Research Council's web site. They are the major source of academic funding in Canada, offering several types of scholarships.
The basic scholarship that everyone applies to is the PGS Masters (or Doctoral). This year, it was worth $17,300. Competition is very tough for them and applications are usually due in September to start in the next year.
If you're willing to put in the work and earn a 4.0 grade point average, you are elligible for an Industrial Postgraduate Scholarship (IPS). They are worth a minimum of $21,000/yr for two years. The idea is that you work with a company (very similar to co-op for undergrads) who pays part of the scholarship in return for 20% of your time spent on a research project. There is no application deadline for this scholarship and it usually takes about a month for approval. I was pre-approved for one of these scholarships when I unsuccessfully applied for a PGS.
Depending on your specific discipline, they offer other scholarships as well. I suggest that you check it out for yourself.
Here is a possible way for how you can find the odds of an asteroid hitting the Earth.
Measure the trajectory of the asteroid multiple times and find the mean, E(X), and variance, V(X), of your measurements. These measurements will follow a normal distribution.
Compute two distances between the Earth and the mean estimate of the the asteroid's position. These two distances should be the closest that the asteroid can be to hit the Earth and the farthest.
Take these two distances and convert the distribution to a standard normal distribution using the formula (E(x) - d)/sqrt(V(X)). Then, use your lookup table for the cumulative density function of the standard normal distribution (it's on the inside cover of most statistics books) to find P(d1 = x = d2), the probability that the asteroid will intersect with the Earth.
That'll teach me to carry my cell phone in my pocket so close to my junk. My children are going to be able to stick to walls and control fire.
Of course, FireFox won't install any extension downloaded from a site not explicitly whitelisted. It should also be noted that the only site that is whitelisted by default is update.mozilla.org. If Mozilla.org was going to pwn you with a Firefox extension, why wouldn't the save themselves some trouble and just pwn you with TrojanFox?
Was this a deliberate omission? Probably.
Also, complaining about MessageBoxes not working when running software in a non-standard environment (virtual machine) is silly. Odds are that the problem was display driver-related anyway.
Justify it however you want. Walmart does not own the copyright on the materials so it's really none of their business.
WalMart doesn't want to go to the expense of sending the product back to the vendor. As far as I know, they can't resell software and music as new once it's been opened. It's just easier for them to say "It's illegal for you to return this software" than "We don't want to deal with the RMA or take a loss on it."
Judging by the +3 and higher comments, it seems that nobody is thinking outside the box. There is no mutual information between an e-mail not having a hashcash stamp on it and being spam. However, if an e-mail has a valid hashcash stamp, it's probably legitimate. Thus, while hashcash can't really help your spam filter reduce false negatives (spams that it lets through), it helps reduce false positives (legitimate e-mails that are blocked).
I personally stamp all of my outgoing e-mail with 20 bits of hashcash postage. It's easy to do and requires very little CPU time. Here's how I do it:
I have stunnel listening on port 465 which forwards connections to MEsmtpd. After authenticating the sender, MEsmtpd pipes the message to hashcash-sendmail which adds 20-bit stamps for each recipient to the e-mail and passes it on to sendmail. I don't have to do anything at all in my e-mail clients. There you have it, easy as pie.
Regarding that stupid "your spam solution won't work" checklist, Spam classification is a hard problem. It can't be solved by any one approach. Even though Hashcash won't stop any spam, it can still make your spam filter more effective.
P.S. SpamAssassin supports Hashcash. See Mail::SpamAssassin::Plugin::Hashcash.
Oops. Wrong reference. Here is the correct one.
McDonald's Scalding Coffee Case
You are mistaken about why McDonald's served coffee so hot. It was not to satisfy the request of customers but so that the coffee would keep fresh longer before they would need to make a new pot [1]. Stella Liebeck was scalded because McDonald's wanted to increase profits by saving money on coffee grounds.
I know that in the ligitious society that you live in, it is popular (and probably deserved) to mock lawsuits. However, in this particular case, McDonalds willfully and knowingly did something dangerous in the name of profit. Had Liebeck not filed suit, the number of customers seriously burned would not have stopped at 700.
Big business does a lot of shady, dangerous things in the name of making more money. If anything, more people should sue when it is necessary.
Someone obviously didn't even LTFA. The target is black and white.
See: /usr/src/linux/Documentation/input/joystick-parpor t.txt
It's very easy to hook a number of controllers up to the parallel port. I've hooked up five SNES controllers in this manner.
I can see the submitter's apartment building from my front window but I have no idea who they are. Not that any Slashdot reader could ever be accused of seldom going outside to meet one's neighbours...
P.S. I don't play badminton, but I do play squash.