But didn't the experimental quantum computer factor something like 15 with 7 qubits? So the number of qubits needed is on the order of the same number of bits you're trying to factor, or maybe twice as many. Heck, for overhead's sake, say it's 100 times as many. Surely we'll eventually be able to round up several thousand qubits.
Re:Kevin Mitnick got exactly what he deserved.
on
Kevin Free
·
· Score: 2
Kevin Mitnick was a theif and a fool. He wouldn't have given a shit about any of his "supporters" if positions were reversed and it really amazes me to see that there are still some morons who haven't copped onto this fact.
You're an ignorant troll. Kevin has always been extremely grateful for his supporters, and has never failed to be appreciative.
If you'd ever supported him, you'd know that.
Re:Free Kevin - with every purchase?
on
Kevin Free
·
· Score: 3, Insightful
I always thought that the idea of freeing Kevin was retarded. I'm not even interested in what he was charged with originally. The guy skipped bail and ran from the law for two years.
He didn't skip bail. He left on the last day of his probation, which he was allowed to do. Turns out that LE wanted to see him for some reason on that day. Once he heard about that, he went into hiding. He was prosecuted for crimes committed while on the run. He was never even charged with skipping out on anything.
Why? I'm sorry, but I don't buy anyone's excuses about how there was no way he could get a fair trial under our corrupt, draconian legal system.
Hmm... and you think the fact that the Judge, who doesn't even try to hide her personal dislike for him, and that denied him his Constitutionally-guaranteed right to a bail hearing, was any cause for concern? You'd feel comfortable being tried by a judge who was willing to publically break the rules to screw you? The dollar amount for damages that the FBI had made up carried a maximum potential sentence of around 80 years.
The media, for all intents and purposes, keeps the legal system fair.
The same media system that created the lies about Mitnick that folks like yourself believe, and keep getting perpetuated? The media system that made front-page news out of Kevin, so that LE felt they had little choice but to make an example of him?
If you are being unjustly accused, there are many American organizations who will work to get the word out about your case,
The EFF didn't want to help, the ACLU didn't want to help.
Look at the Dimitry case; ridiculous charges are leveled at him, Slashdot posts a story about it every two weeks, and in the end he gets off
Yeah, he was innocent, and he got to spend months in jail, and had to stay here even after he was released. Worked out great for him.
Look at Kevin Poulsen, one of the more famous hackers of the early 80's. He got caught, plead guilty, served a short prison sentence,
Yeah, him they tried to hang a treason charge on, and he could have faced the death penalty.
Clearly, our justice system is working just fine, and these guys don't need our help.
He didn't steal the credit card numbers. Someone sent him a copy in his email, and they were sitting on his harddrive when his machine was confiscated. Quite a number of people had a copy of that file at the time.
The last "big" book I had a hand in was 824 pages long, Hack Proofing Your Network, Second Edition. The publisher was concerned about it getting any larger, apparently once you get to 850, you have to have some special binding.
It would have been extremely difficult to fit the material we covered in 300 or so pages. The standard layout stuff that tends to add pages is there, but no appendices with code listings or anything like that.
There are some sections that I would call beginner sections that could have been left out if we were targeting specificly advanced users, it could have been smaller, maybe 500 pages.
Still, at 800, there are still topics that didn't get coverage that could have, so I don't think page count by itself is any measure of how good the book will be.
Plenty of reasons.. to direct one to a honeynet, to lie to the OS fingerprinter, to make the attacker spin more cycles, to give inconsistent results each time...
They're just a little bit more than slightly different. Try them out, you might be surprised.
Oh, and that's Dan's normal speaking and writing style. I've heard him speak several times, and he wrote a couple of chapters for me for Hack Proofing Your Network, 2nd Edition. Really good stuff. Dan's writing has a lot of really good stuff in it, but you have to be paying attention.
I guess he refers to embedding a code in each packet sent out to validate that only "real" packets are accepted by the receiver as "Inverse SYN Cookie". I don't understand why this is important, tho.
With a traditional scanner, the scanner either has to maintain state (i.e. don't accept a reply to my scan request if I haven't sent it yet, nor if it doesn't match my sequence number, etc..) or it will be subject to the scanee spoofing replies. For example, if you figure out that I'm scanning you, then you can just start generating SYN-ACK packets and lie to me.
By using inverse SYN cookies, the scanee can't reply until/unless it gets the actual SYN packet, and the scanner doesn't have to maintain any state, and can just blast full-speed.
Nimda also spreads via e-mail, file shares, etc... so it's much more than just machines with administrators that get infected. That's one of the big reasons for Nimda's "success".
One year anniversary was last week some time. We had been running DeepSight (nee ARIS) in a test mode at the time, and actually detected some test runs of Code Red about a week before the big outbreak.
Folks will notice though that the fixed version of Code Red I (CodeRed.B) is still going. Picked up a couple of hits today.
It was a DEC Rainbow using a modified Dvorak layout and running CP/M. A few years later, another similar end note indicated he had switched to an IBM PC compatible machine.
Most companies' idea of DRM limits you as to where you can put your music. And that measn not allowing it go go on a device that doesn't support the right flavor if DRM, if it supports it at all.
So, example scenarios:
You buy a $500 MP3 player device. It works great for a while hooked up to your Windows box. MS kicks on DRM one day, and you can't upload music to it anymore. It might be your rightfully-owned music, mind you... you could have ripped them all yourself from your own CDs.
Microsoft decides that MP3 files can't properly support DRM like WMA files can. So, they turn off the ability to play MP3, or maybe they delete them, or convert them to WMA. Since your portable player doesn't support WMA, you're screwed. Oh, and MS just happens to benefit financially since they control the WMA format, codecs, etc...
Maybe they do something really silly like force you to put the physical music CD in your drive whenever you want to play a digital song that was ripped from that album. Sounds stupid, I know, but what was the last game you played on CD that didn't require the disk in the drive to run?
The basic problem is that someone else's idea of what is reasonable to do with digital music will rarely match up with mine. I want to take a CD I bought, and pretty much use the music on any device I have that can play music. The problem is, of course, that the ability to do so also gives me the ability to share music on Kazaa if I choose.
I'm not neccessarily trying to argue that sharing music is legal or right (though I do believe the music companies are idiots for their handling of the situation.) I'm just saying that if I'm to retain my ability to play my music on any device that I want, I will also retain my ability to share it, that's just how it works.
Fortunatly, the cat is well out of the bag, and it's just not possible from a technical standpoint to prevent someone who can code and build their own machines from doing so. There are just too many MP3, Ogg, whatever players out there, and too many free OSes to stop it.
They would have to make it illegal to have hardware that would cooperate with the software of your choice. They would have to make it illegal to reverse-engineer systems in the privacy of my own home for my own use. They would have to make it illegal to attempt to bypass copy protection mechanisms, or even discuss it. They would have to give the copyright holders what amounts to police powers to show up at any time, and demand to see your license documentation under penalty of decades in prison.
That's one of the things I tell people when I'm speaking on the topic of credit card theft:
How do you know how well a site is protecting your card number? Go to your user profile. Can you see your full credit card number and expiration date there? Well, guess what...
Why does the web server need to decrypt? It should be storing the sensitive info in the DB encrypted with the public key. If your personnel need to decrypt it for something, do that on a seperate machine.
There's no reason to think that they would be losing the same amount of money of each box now. Production costs will drop as they improve the process, parts get cheaper, etc..
It's common for clone makers when doing a school contract for a couple of years to price the machines at a loss up front. The first several months that they sell them will be at a loss. However, they know that the prices will quickly catch up by then, and they'll be making a nice profit.
He said it was faculty mostly who were the problem. But at the K12 level (in the US, at least) you most certainly can get expelled for porn at school. I can't imagine a faculty member who was caught with porn at school would have much of a career.
Let's see... you have no policy, you can't get one, you can't just cut people off....
You could make the P2P stuff run so slow as to be useless... or you could send your own trojans that will erase the drives of the problem users...or you could send them porn, and get them fired...(oh, and don't get caught doing any of the above.)
Or, perhaps you're just screwed because you're trying to enforce rules where you have no authority to do so. I'm not neccessarily saying you shouldn't have the authority... just that you clearly don't, and any attempt to enforce your idea of policy is bound to cause you trouble. You time is probably best spent figuring out how to get a policy.
Slashdot Mirror
But didn't the experimental quantum computer factor something like 15 with 7 qubits? So the number of qubits needed is on the order of the same number of bits you're trying to factor, or maybe twice as many. Heck, for overhead's sake, say it's 100 times as many. Surely we'll eventually be able to round up several thousand qubits.
Kevin Mitnick was a theif and a fool. He wouldn't have given a shit about any of his "supporters" if positions were reversed and it really amazes me to see that there are still some morons who haven't copped onto this fact.
You're an ignorant troll. Kevin has always been extremely grateful for his supporters, and has never failed to be appreciative.
If you'd ever supported him, you'd know that.
I always thought that the idea of freeing Kevin was retarded. I'm not even interested in what he was charged with originally. The guy skipped bail and ran from the law for two years.
He didn't skip bail. He left on the last day of his probation, which he was allowed to do. Turns out that LE wanted to see him for some reason on that day. Once he heard about that, he went into hiding. He was prosecuted for crimes committed while on the run. He was never even charged with skipping out on anything.
Why? I'm sorry, but I don't buy anyone's excuses about how there was no way he could get a fair trial under our corrupt, draconian legal system.
Hmm... and you think the fact that the Judge, who doesn't even try to hide her personal dislike for him, and that denied him his Constitutionally-guaranteed right to a bail hearing, was any cause for concern? You'd feel comfortable being tried by a judge who was willing to publically break the rules to screw you? The dollar amount for damages that the FBI had made up carried a maximum potential sentence of around 80 years.
The media, for all intents and purposes, keeps the legal system fair.
The same media system that created the lies about Mitnick that folks like yourself believe, and keep getting perpetuated? The media system that made front-page news out of Kevin, so that LE felt they had little choice but to make an example of him?
If you are being unjustly accused, there are many American organizations who will work to get the word out about your case,
The EFF didn't want to help, the ACLU didn't want to help.
Look at the Dimitry case; ridiculous charges are leveled at him, Slashdot posts a story about it every two weeks, and in the end he gets off
Yeah, he was innocent, and he got to spend months in jail, and had to stay here even after he was released. Worked out great for him.
Look at Kevin Poulsen, one of the more famous hackers of the early 80's. He got caught, plead guilty, served a short prison sentence,
Yeah, him they tried to hang a treason charge on, and he could have faced the death penalty.
Clearly, our justice system is working just fine, and these guys don't need our help.
He didn't steal the credit card numbers. Someone sent him a copy in his email, and they were sitting on his harddrive when his machine was confiscated. Quite a number of people had a copy of that file at the time.
Pages 2 and 3 are also only one page long each, but if you consider them collectively, then it's a bit more substantial.
The last "big" book I had a hand in was 824 pages long, Hack Proofing Your Network, Second Edition. The publisher was concerned about it getting any larger, apparently once you get to 850, you have to have some special binding.
:)
It would have been extremely difficult to fit the material we covered in 300 or so pages. The standard layout stuff that tends to add pages is there, but no appendices with code listings or anything like that.
There are some sections that I would call beginner sections that could have been left out if we were targeting specificly advanced users, it could have been smaller, maybe 500 pages.
Still, at 800, there are still topics that didn't get coverage that could have, so I don't think page count by itself is any measure of how good the book will be.
Its not the size, it's how you use it.
Plenty of reasons.. to direct one to a honeynet, to lie to the OS fingerprinter, to make the attacker spin more cycles, to give inconsistent results each time...
They're just a little bit more than slightly different. Try them out, you might be surprised.
Oh, and that's Dan's normal speaking and writing style. I've heard him speak several times, and he wrote a couple of chapters for me for Hack Proofing Your Network, 2nd Edition. Really good stuff. Dan's writing has a lot of really good stuff in it, but you have to be paying attention.
I guess he refers to embedding a code in each packet sent out to validate that only "real" packets are accepted by the receiver as "Inverse SYN Cookie". I don't understand why this is important, tho.
With a traditional scanner, the scanner either has to maintain state (i.e. don't accept a reply to my scan request if I haven't sent it yet, nor if it doesn't match my sequence number, etc..) or it will be subject to the scanee spoofing replies. For example, if you figure out that I'm scanning you, then you can just start generating SYN-ACK packets and lie to me.
By using inverse SYN cookies, the scanee can't reply until/unless it gets the actual SYN packet, and the scanner doesn't have to maintain any state, and can just blast full-speed.
Nimda also spreads via e-mail, file shares, etc... so it's much more than just machines with administrators that get infected. That's one of the big reasons for Nimda's "success".
http://online.securityfocus.com/cgi-bin/sfonline/v ulns.pl?vendor=Apple
One year anniversary was last week some time. We had been running DeepSight (nee ARIS) in a test mode at the time, and actually detected some test runs of Code Red about a week before the big outbreak.
Folks will notice though that the fixed version of Code Red I (CodeRed.B) is still going. Picked up a couple of hits today.
He said President, not CEO. They are often not the same person.
And you didn't become suspicious when your parents said "here, go play with hot glass"?
Surely, it must be 12cm, which is more CD-size. I get that impression from the pics.
It was a DEC Rainbow using a modified Dvorak layout and running CP/M. A few years later, another similar end note indicated he had switched to an IBM PC compatible machine.
I've never gotten the impression that they go looking for trouble. They just do what they always do, but they stick up for themselves.
mmm...Troll food. I'll answer anyway.
Most companies' idea of DRM limits you as to where you can put your music. And that measn not allowing it go go on a device that doesn't support the right flavor if DRM, if it supports it at all.
So, example scenarios:
You buy a $500 MP3 player device. It works great for a while hooked up to your Windows box. MS kicks on DRM one day, and you can't upload music to it anymore. It might be your rightfully-owned music, mind you... you could have ripped them all yourself from your own CDs.
Microsoft decides that MP3 files can't properly support DRM like WMA files can. So, they turn off the ability to play MP3, or maybe they delete them, or convert them to WMA. Since your portable player doesn't support WMA, you're screwed. Oh, and MS just happens to benefit financially since they control the WMA format, codecs, etc...
Maybe they do something really silly like force you to put the physical music CD in your drive whenever you want to play a digital song that was ripped from that album. Sounds stupid, I know, but what was the last game you played on CD that didn't require the disk in the drive to run?
The basic problem is that someone else's idea of what is reasonable to do with digital music will rarely match up with mine. I want to take a CD I bought, and pretty much use the music on any device I have that can play music. The problem is, of course, that the ability to do so also gives me the ability to share music on Kazaa if I choose.
I'm not neccessarily trying to argue that sharing music is legal or right (though I do believe the music companies are idiots for their handling of the situation.) I'm just saying that if I'm to retain my ability to play my music on any device that I want, I will also retain my ability to share it, that's just how it works.
Fortunatly, the cat is well out of the bag, and it's just not possible from a technical standpoint to prevent someone who can code and build their own machines from doing so. There are just too many MP3, Ogg, whatever players out there, and too many free OSes to stop it.
They would have to make it illegal to have hardware that would cooperate with the software of your choice. They would have to make it illegal to reverse-engineer systems in the privacy of my own home for my own use. They would have to make it illegal to attempt to bypass copy protection mechanisms, or even discuss it. They would have to give the copyright holders what amounts to police powers to show up at any time, and demand to see your license documentation under penalty of decades in prison.
Oh, wait...
If a hole was discovered in that library, it could be used as a vector for viruses.
Works on *nix and Windows:
http://online.securityfocus.com/bid/1503
Yes, nicely worded.
That's one of the things I tell people when I'm speaking on the topic of credit card theft:
How do you know how well a site is protecting your card number? Go to your user profile. Can you see your full credit card number and expiration date there? Well, guess what...
Why does the web server need to decrypt? It should be storing the sensitive info in the DB encrypted with the public key. If your personnel need to decrypt it for something, do that on a seperate machine.
There's no reason to think that they would be losing the same amount of money of each box now. Production costs will drop as they improve the process, parts get cheaper, etc..
It's common for clone makers when doing a school contract for a couple of years to price the machines at a loss up front. The first several months that they sell them will be at a loss. However, they know that the prices will quickly catch up by then, and they'll be making a nice profit.
He said it was faculty mostly who were the problem. But at the K12 level (in the US, at least) you most certainly can get expelled for porn at school. I can't imagine a faculty member who was caught with porn at school would have much of a career.
Let's see... you have no policy, you can't get one, you can't just cut people off....
You could make the P2P stuff run so slow as to be useless... or you could send your own trojans that will erase the drives of the problem users...or you could send them porn, and get them fired...(oh, and don't get caught doing any of the above.)
Or, perhaps you're just screwed because you're trying to enforce rules where you have no authority to do so. I'm not neccessarily saying you shouldn't have the authority... just that you clearly don't, and any attempt to enforce your idea of policy is bound to cause you trouble. You time is probably best spent figuring out how to get a policy.
The vuln-dev thread started yesterday, that's the source for the MSNBC story.
4 -29/2002-05-05/0
http://online.securityfocus.com/archive/82/2002-0