Well, we still don't have something like the DMCA here in Europe.
Depends on what part of Europe. Unfortunately, if your country is a signatory to the convention regarding intellectual property (I wanted to say berne Convention, but I'm not sure that's correct), then your government may be obliged to pass a law equivalent to whatever idiot legislation we pass here to "protect" copyright owners.
Thanks for the sentiment. We've still got a few more things to fix though. I'm waiting for the day when all the Berne Convention countries have adopted our draconian IP laws, and then the Supreme Court overturns them in the US.
That would be kinda like the town bully organizing a gang, only to have his mom tell him he can't go out on the night they had planned to spray paint the school.
Exactly. And should it be determined that being classified as software is more financially beneficial to the copyright owners, then all audio CDs will start shipping with a copy of FunLove, too.
Yes, Tom's right in that any of us who actually buy a motherboard and AMD processor on the open market, and then lose our heatsink, will have our hardware fried.
AMD's right in the sense that it is technically possible to add an electronic thermometer that will cut power to the box if the temperature goes too high.
If those facts are accurate, I don't see how Tom isn't completely vindicated.
I happen to be typing on a machine using that motherboard, but running with the hotter (faster) version of that CPU. In a tower, the bottom of my heatsink is vertical. Should a clip break, the fan and heatsink drop to the bottom of the case, and my machine fries during the time that I'm still wondering what that clunk was. I'm kinda thinking that I want an extra temperature board now. Well no, actually I want my CPU to just slow itself down like the P4 does.... but barring that, I want a temperature board.
No, Tom's results show that when the heatsink is removed, the blue smoke gets out. The AMD video shows the machine shutting itself down. The differences is that the Intel processors simply slow way down, but keep running.
AMD's test is apparantly usings a thermal shutdown sensor, which shuts the power down when the CPU gets too hot. Not all motherboards have those, and they can be disabled in software. Intel processors apparantly have a similar function built-in.
Wasn't it later determined that the Titanic sank because they forgot to adequately shield a heat exhaust vent, which led to a chain reaction that sunk the boat?
Elias and Al have turned the reins for a couple of their lists over to other SecurityFocus employees. Dave, Jensenne, and Mario are all very capable moderators. Your note makes it sound vaguely like we're abandoning our free services, we're not. All of us spend some time working on the free stuff as part of our jobs. That's one of the great things about working here.
Yes, that's the one. It's a special thing we do with posts from time-to-time, we call it a "summary". It's when the moderator takes the time out of his day to collect a bunch of e-mail on a subject, tracks who gets credit, and puts them into a single e-mail for the sake of brevity. The alternative is to let through 20 individual e-mails that have massively quoted previous mails, etc..
If I ever have to wait for my machine to do something, it's too slow. I don't care if it's idle the majority of the time, I want it to be insanely responsive when I'm in front of it.
But your point is valid, if the current software weren't using all the new speed, we might already be there. (Well, for most things. Crypto cracking will still use an infinite amount of CPU...)
Perhaps more features. I can see some uses for a robust watermark that identifies artist, song, and album.
Of course, most of the uses center around improving my cataloging of songs that I didn't rip from CD myself, so maybe the DRM people wouldn't be so excited about that...
Actually, if you click on the "buy it today" link in the article, it looks like there are 3 models to choose from, including one w/64K colors, and one w/64K colors and bluetooth.
The shortest turnaround I've seen is about 12 hours for someone else to figure out a hole that didn't have all the details published initially.
These many arguments that "full disclosure pushes Microsoft along in releasing the fix" have no grounded basis in reality.
Sure they do. That is how it happened. Microsoft used to be one of the companies that would hide bugs, slipstream fixes, try to hide details, etc.. this was about 3-4 years ago. They are much better now. Guess why.
Besides couldn't it be possible to rile up the media hype necessary WITHOUT giving information as to how the exploit occurs?
Nope. The reporter wouldn't do a story with no details. There is no story without details. And the bug has to be sexy enough, too.
The only thing the average user needs to know is "it's a security hole, it's bad".
No, they also need to know if it affects them, and what does "Bad" mean. If they don't believe that it is really bad, average users won't bother.
There WAS no time limit, until eEye decided to instill one by releasing the code.
They did not release any code.
Re:More information?
on
Code Red III
·
· Score: 4, Funny
The name Code Red came from Marc and Ryan at eEye. When the version of the original Code Red with the "improved" random number generator came out, they named the new variant CRv2, and re-named the first one CRv1. When we found the one that leaves the back doors, inside is the string "CodeRedII", which is used as an atom name. The author named that one himself.
Other people keep referring to CodeRed III, or CodeRed3. I *think* they are all talking about CodeRed II. We have yet to verify any fourth version.
For people who are asking in other threads here, CRv1 and CRv2 uses NNNNNNNN's in their URL. CodeRed II uses XXXXXXXXXX's.
Honestly, if we can keep PacMan, Ms. PacMan, PacMan Jr., PacLand, and SuperPacMan distinct, why not the Code Red names?
In any case, if someone is able to translate
this link That would be a huge help.
Those are going to a shared e-mail alias. I get copies of everything, as well as a few other people. Unfortunately, because they are coming in many format types, we have to compile them by hand. But absolutely, please do send us the logs and have them in the format requested.
It doesn't affect its own netspace exclusively. Initial analysis indicates that it will do so 6 out of 7 times. The 1 out of 7 will go outside its network range.
We'll have full details posted to the Incidents list shortly.
No, the DMCA is about copy protection. Copy protection can always be broken. Doesn't matter how good an encrpytion algorithm is used, because the player has to decrypt the content to use it. If the means to decrypt it are in the player, then you can make a decrpyted copy.
Yeah, I'm pretty sure that distributed.net doesn't pass around 537 petabyte blocks.
The more "efficient method" would be something like, "block #x doesn't match". That's the point of testing a whole block... so it can be eliminated a block at a time. Assuming 1K messages per block, that's only 16GB for the number of blocks you cite.
Since we've established they've got an OC-12 or better, shouldn't be too much of a problem.:) In fact, at 622mbps, 16GB should take something like 256 second, @$.59/sec, his charge should be more like $151.04.
$.59/second
x 60 seconds/min
x 60 minutes/hour
x 24 hours/day
x 30 days/month
= $1,529,280/month
That's a heck of a lot of bandwidth... I used to have a T3 at a previous job for only $15K/month.
This must be something like an OC-12. Amazing that they didn't notice him using the entire thing just for himself, either... well, I assume he was using it just for himself, since he's getting charged the full amount.
Slashdot Mirror
...Like facing the wrong way, using a mirror to see the screen? 3D glasses? Cross-dressing? I'm just not following you...
Well, we still don't have something like the DMCA here in Europe.
Depends on what part of Europe. Unfortunately, if your country is a signatory to the convention regarding intellectual property (I wanted to say berne Convention, but I'm not sure that's correct), then your government may be obliged to pass a law equivalent to whatever idiot legislation we pass here to "protect" copyright owners.
Thanks for the sentiment. We've still got a few more things to fix though. I'm waiting for the day when all the Berne Convention countries have adopted our draconian IP laws, and then the Supreme Court overturns them in the US.
That would be kinda like the town bully organizing a gang, only to have his mom tell him he can't go out on the night they had planned to spray paint the school.
Exactly. And should it be determined that being classified as software is more financially beneficial to the copyright owners, then all audio CDs will start shipping with a copy of FunLove, too.
Yes, Tom's right in that any of us who actually buy a motherboard and AMD processor on the open market, and then lose our heatsink, will have our hardware fried.
AMD's right in the sense that it is technically possible to add an electronic thermometer that will cut power to the box if the temperature goes too high.
If those facts are accurate, I don't see how Tom isn't completely vindicated.
I happen to be typing on a machine using that motherboard, but running with the hotter (faster) version of that CPU. In a tower, the bottom of my heatsink is vertical. Should a clip break, the fan and heatsink drop to the bottom of the case, and my machine fries during the time that I'm still wondering what that clunk was. I'm kinda thinking that I want an extra temperature board now. Well no, actually I want my CPU to just slow itself down like the P4 does.... but barring that, I want a temperature board.
No, Tom's results show that when the heatsink is removed, the blue smoke gets out. The AMD video shows the machine shutting itself down. The differences is that the Intel processors simply slow way down, but keep running.
AMD's test is apparantly usings a thermal shutdown sensor, which shuts the power down when the CPU gets too hot. Not all motherboards have those, and they can be disabled in software. Intel processors apparantly have a similar function built-in.
Wasn't it later determined that the Titanic sank because they forgot to adequately shield a heat exhaust vent, which led to a chain reaction that sunk the boat?
No, that was the Death Star.
Just to clarify...
Elias and Al have turned the reins for a couple of their lists over to other SecurityFocus employees. Dave, Jensenne, and Mario are all very capable moderators. Your note makes it sound vaguely like we're abandoning our free services, we're not. All of us spend some time working on the free stuff as part of our jobs. That's one of the great things about working here.
You mean like this message to bugtraq
Yes, that's the one. It's a special thing we do with posts from time-to-time, we call it a "summary". It's when the moderator takes the time out of his day to collect a bunch of e-mail on a subject, tracks who gets credit, and puts them into a single e-mail for the sake of brevity. The alternative is to let through 20 individual e-mails that have massively quoted previous mails, etc..
If I ever have to wait for my machine to do something, it's too slow. I don't care if it's idle the majority of the time, I want it to be insanely responsive when I'm in front of it.
But your point is valid, if the current software weren't using all the new speed, we might already be there. (Well, for most things. Crypto cracking will still use an infinite amount of CPU...)
Red Book Audio is 150 kiloBYTES per second. MP3's are measured in BIT rates.
The patches for holes that Nimda took advantage of had been available for months. The relevent BIDs can be found in here:- Analysis-Nimda-v2.pdf
http://aris.securityfocus.com/alerts/nimda/010921
Perhaps more features. I can see some uses for a robust watermark that identifies artist, song, and album.
Of course, most of the uses center around improving my cataloging of songs that I didn't rip from CD myself, so maybe the DRM people wouldn't be so excited about that...
Actually, if you click on the "buy it today" link in the article, it looks like there are 3 models to choose from, including one w/64K colors, and one w/64K colors and bluetooth.
= 84348
http://www.pocketpcfanatic.com/compaq.asp?REFERER
(Note, the referer ID belongs to the pocketpcthoughts guy, not me.)
Yeah, but how much time?
The shortest turnaround I've seen is about 12 hours for someone else to figure out a hole that didn't have all the details published initially.
These many arguments that "full disclosure pushes Microsoft along in releasing the fix" have no grounded basis in reality.
Sure they do. That is how it happened. Microsoft used to be one of the companies that would hide bugs, slipstream fixes, try to hide details, etc.. this was about 3-4 years ago. They are much better now. Guess why.
Besides couldn't it be possible to rile up the media hype necessary WITHOUT giving information as to how the exploit occurs?
Nope. The reporter wouldn't do a story with no details. There is no story without details. And the bug has to be sexy enough, too.
The only thing the average user needs to know is "it's a security hole, it's bad".
No, they also need to know if it affects them, and what does "Bad" mean. If they don't believe that it is really bad, average users won't bother.
There WAS no time limit, until eEye decided to instill one by releasing the code.
They did not release any code.
The name Code Red came from Marc and Ryan at eEye. When the version of the original Code Red with the "improved" random number generator came out, they named the new variant CRv2, and re-named the first one CRv1. When we found the one that leaves the back doors, inside is the string "CodeRedII", which is used as an atom name. The author named that one himself.
Other people keep referring to CodeRed III, or CodeRed3. I *think* they are all talking about CodeRed II. We have yet to verify any fourth version.
For people who are asking in other threads here, CRv1 and CRv2 uses NNNNNNNN's in their URL. CodeRed II uses XXXXXXXXXX's.
Honestly, if we can keep PacMan, Ms. PacMan, PacMan Jr., PacLand, and SuperPacMan distinct, why not the Code Red names?
In any case, if someone is able to translate
this link
That would be a huge help.
Though I feel like one about now... long night. :)
Those are going to a shared e-mail alias. I get copies of everything, as well as a few other people. Unfortunately, because they are coming in many format types, we have to compile them by hand. But absolutely, please do send us the logs and have them in the format requested.
Took longer than expected (plus I slept a bit in there.. long night :) )
http://www.securityfocus.com/archive/75/201878
http://www.securityfocus.com/archive/75/201877
It installs a back door. (As indicated in the link referenced.)
It doesn't affect its own netspace exclusively. Initial analysis indicates that it will do so 6 out of 7 times. The 1 out of 7 will go outside its network range.
We'll have full details posted to the Incidents list shortly.
Yes, I bought a bumper sticker at Defcon that reads "My other computer is your linux box."
No, the DMCA is about copy protection. Copy protection can always be broken. Doesn't matter how good an encrpytion algorithm is used, because the player has to decrypt the content to use it. If the means to decrypt it are in the player, then you can make a decrpyted copy.
Yeah, I'm pretty sure that distributed.net doesn't pass around 537 petabyte blocks.
:) In fact, at 622mbps, 16GB should take something like 256 second, @$.59/sec, his charge should be more like $151.04.
The more "efficient method" would be something like, "block #x doesn't match". That's the point of testing a whole block... so it can be eliminated a block at a time. Assuming 1K messages per block, that's only 16GB for the number of blocks you cite.
Since we've established they've got an OC-12 or better, shouldn't be too much of a problem.
Or how much they apparently pay per month:
/second
/min
/hour
/day
/month
$.59
x 60 seconds
x 60 minutes
x 24 hours
x 30 days
= $1,529,280/month
That's a heck of a lot of bandwidth... I used to have a T3 at a previous job for only $15K/month.
This must be something like an OC-12. Amazing that they didn't notice him using the entire thing just for himself, either... well, I assume he was using it just for himself, since he's getting charged the full amount.