Sounds to me like he wants an answer for students that *want* to GPL their stuff. Not a bad tactic, actually. It ensures that they will have use of it later.
If you want to have more than 1 kid, you should pay more tax.
Limit couples to only 1 kid? Or did you mean per person? His and Hers? Limiting couples to one kid would quickly reduce the population.... hey wait a sec... if we're all going to live forever, why allow any kids?
Besides, those of us with more than 1 DO pay more taxes, or more specifically, our kids end up contributing more. You're going to need extra kids contributing to social security if you're planning to retire at 65 and live forever after that...
The judge did not rule that the FBI is not subject to Russian law, only that the evidence could not be excluded.
That is, in essence, exactly what he ruled. You can't enter evidence that was illegally obtained, therefore the judge considers this legal. Since they did violate a Russian law, they must not be subject.
they had no reasonable expectation to Fourth Amendment privacy.
Several people have brought that up... I don't see what that has to do with anything (other than that it was mentioned in the article.) So they have no expectation, fine. The FBI knows what their password is. That gives them no right to *use* it, though. You can bet that if I shoulder-surf someone's password when they are using my machine, and then use their password to get into their account, I'd be arrested. I'd be charged with illegal possesion of an access device (the password) and computer trespassing (no permission to be on that machine.)
The feds can hack the Russian computers because the Russian laws don't apply to them. They were after the Russian hackers because they had broken into US computers. Their laws don't apply to us, but ours apply to them.
I hope the FBI agents don't fall for the "lure them into Russia and arrest them" trick.
Nee Arrowpoint, the web balancers Slashdot itself uses.
It stores an MD5 checksum of a webpage to determine if the page it retrieved is complete. This is part of its timing mechanism to determine load. Pretty sure they did this prior to Feb. 99.
Multicasting doesn't really equate with needing high-end hardware. In fact, the requirements would be much lower for multicasting, as opposed to having to do the equivalent number of unicasts.
Multicasting has more to do with switch and router configuration.
I'm continually amazed at all the parties "investigating" this problem. There's a line between checking for evidence of a vulnerability, and actually exploiting it. I'm seeing any number of people in thes story going over the line, and actually compromising DoubleClick.
Briefly, we provide a way to automate your incident reporting, correlation with other users who have been attacked by the same IP, and essentially a way to cast one more "vote" against an attacker. The latter two items can't be done in isolation. Plus, we provide links to what your IDS description actually means, in case you want to look it up.
How secure a particular NT installation is is dependant on the skill of the administrator securing it, and how carefully the administrator watches for new holes, and aggressively patches them away. We have those functions adequately covered.
If they get compromised, everybody using their services will be painted in red as potential targets.
Not really. IDS' don't typically record whether the intrusion was successful, they just record attempts. This information doesn't really help you attack anybody. You'd still have to make the attempt yourself to determine vulnerability.
First, what the heck is the definition of an "incident"?
Actually, that's done on a per IDS entry basis. We take each attack description that comes out of each IDS, and correlate those all to a central attack description of our own creation. Then, for each of those, we make a judgement call on whether it is something that should be reported or not. The majority of reports we get are classified as event or probes, things you should't report on. They aren't attacks in and of themselves. There are other attempts that, were the victim vulnerable to what was being checked for, they would just have been penetrated. Those we classify as incidents.
If some goofball script kiddie runs a script that sends out 100,000 pings of death, is that one incident, or 100,000? If he tries a Syn flood attack on my site, setting up 1,000 sessions, is that one incident, or 1,000?
It depends how your IDS groups them. We get our information from the IDS logs. Many IDS systems can treat that sort of thing as a collective event.
How do we know SecurityFocus can be trusted? How do we know we're not handing our log files over to someone who's already hacked SecurityFocus?
That's the reason we provide an anonymous upload capability, and the upload tool is open-source. You can check yourself exactly what is being sent.
Absolutely. Users who create an account and submit their logs have access to the following:
- A service designed to assist users in reporting incidents. We look up the appropriate contacts for the offending organization and their upstream provider, allow you to select which incidents you wish to report, and draft a report fo you with all the pertinant information.
- Access to descriptions about what the attack was that your IDS spotted. This includes links into the Bugtraq database where approrpiate, articles, exploit code (so you can see if the compromise was successful or not), etc...
- The ability to see how many other ARIS users your attacker has attacked, in case that factors into your decision on whether to report or not.
- We track which incidents have been reported (thorugh our system) for you.
- We cross-correlate reports from different IDS brands, for those users who have more than one type.
We're happy to have all users, whether corporate security professionals, college kids, or home users. if you have an IDS in place, please feel free to participate.
Slashdot Mirror
Heh. Yeah, they just popped this one while I was reading this story:
9 93677539710
http://images.slashdot.org/banner/vali0034en.gif?
You work in the middle of the desert?
Sounds to me like he wants an answer for students that *want* to GPL their stuff. Not a bad tactic, actually. It ensures that they will have use of it later.
Limit couples to only 1 kid? Or did you mean per person? His and Hers? Limiting couples to one kid would quickly reduce the population.... hey wait a sec... if we're all going to live forever, why allow any kids? Besides, those of us with more than 1 DO pay more taxes, or more specifically, our kids end up contributing more. You're going to need extra kids contributing to social security if you're planning to retire at 65 and live forever after that...
Now they no longer only know what you're buying, but exactly where you are, to the nearest light-fitting...
Does that mean the slimy sales people will start showing up in person?
The person who mod'd this down didn't bother to check out the link. It's steganography in spam. Quite clever.
I think about 5% of the Americans play the first post game.
The judge did not rule that the FBI is not subject to Russian law, only that the evidence could not be excluded.
That is, in essence, exactly what he ruled. You can't enter evidence that was illegally obtained, therefore the judge considers this legal. Since they did violate a Russian law, they must not be subject.
they had no reasonable expectation to Fourth Amendment privacy.
Several people have brought that up... I don't see what that has to do with anything (other than that it was mentioned in the article.) So they have no expectation, fine. The FBI knows what their password is. That gives them no right to *use* it, though. You can bet that if I shoulder-surf someone's password when they are using my machine, and then use their password to get into their account, I'd be arrested. I'd be charged with illegal possesion of an access device (the password) and computer trespassing (no permission to be on that machine.)
The feds can hack the Russian computers because the Russian laws don't apply to them. They were after the Russian hackers because they had broken into US computers. Their laws don't apply to us, but ours apply to them.
I hope the FBI agents don't fall for the "lure them into Russia and arrest them" trick.
His name is "Ensign Toast".
Nee Arrowpoint, the web balancers Slashdot itself uses.
It stores an MD5 checksum of a webpage to determine if the page it retrieved is complete. This is part of its timing mechanism to determine load. Pretty sure they did this prior to Feb. 99.
Binaries can be audited too.
Not legally in the US anymore, thanks to the DMCA. At least, not if the license says you can't.
Not to imply that I agree with Kurt's article in any way...
Multicasting doesn't really equate with needing high-end hardware. In fact, the requirements would be much lower for multicasting, as opposed to having to do the equivalent number of unicasts.
Multicasting has more to do with switch and router configuration.
That, or it's not very funny.
Anyway, the answer is no. If they can tamper with your hardware, you're throughly screwed.
I guess they don't realize that some people actually do this? VTCP/Secure from Infoexpress does in fact have a mode that tunnels over HTTP.
I'm continually amazed at all the parties "investigating" this problem. There's a line between checking for evidence of a vulnerability, and actually exploiting it. I'm seeing any number of people in thes story going over the line, and actually compromising DoubleClick.
Briefly, we provide a way to automate your incident reporting, correlation with other users who have been attacked by the same IP, and essentially a way to cast one more "vote" against an attacker. The latter two items can't be done in isolation. Plus, we provide links to what your IDS description actually means, in case you want to look it up.
How secure a particular NT installation is is dependant on the skill of the administrator securing it, and how carefully the administrator watches for new holes, and aggressively patches them away. We have those functions adequately covered.
If they get compromised, everybody using their services will be painted in red as potential targets.
Not really. IDS' don't typically record whether the intrusion was successful, they just record attempts. This information doesn't really help you attack anybody. You'd still have to make the attempt yourself to determine vulnerability.
First, what the heck is the definition of an "incident"?
2 41&cid=92
Actually, that's done on a per IDS entry basis. We take each attack description that comes out of each IDS, and correlate those all to a central attack description of our own creation. Then, for each of those, we make a judgement call on whether it is something that should be reported or not. The majority of reports we get are classified as event or probes, things you should't report on. They aren't attacks in and of themselves. There are other attempts that, were the victim vulnerable to what was being checked for, they would just have been penetrated. Those we classify as incidents.
If some goofball script kiddie runs a script that sends out 100,000 pings of death, is that one incident, or 100,000? If he tries a Syn flood attack on my site, setting up 1,000 sessions, is that one incident, or 1,000?
It depends how your IDS groups them. We get our information from the IDS logs. Many IDS systems can treat that sort of thing as a collective event.
How do we know SecurityFocus can be trusted? How do we know we're not handing our log files over to someone who's already hacked SecurityFocus?
That's the reason we provide an anonymous upload capability, and the upload tool is open-source. You can check yourself exactly what is being sent.
What does this service do for us?
A took a short at proving that bit of info here:
http://slashdot.org/comments.pl?sid=01/03/26/1631
Well, the US sure seems to be getting bombarded.
That's the number of attacks the US is sending, not receiving.
Absolutely. Users who create an account and submit their logs have access to the following:
- A service designed to assist users in reporting incidents. We look up the appropriate contacts for the offending organization and their upstream provider, allow you to select which incidents you wish to report, and draft a report fo you with all the pertinant information.
- Access to descriptions about what the attack was that your IDS spotted. This includes links into the Bugtraq database where approrpiate, articles, exploit code (so you can see if the compromise was successful or not), etc...
- The ability to see how many other ARIS users your attacker has attacked, in case that factors into your decision on whether to report or not.
- We track which incidents have been reported (thorugh our system) for you.
- We cross-correlate reports from different IDS brands, for those users who have more than one type.
We're happy to have all users, whether corporate security professionals, college kids, or home users. if you have an IDS in place, please feel free to participate.
So who said anything about sniffing?
They can't be mapped to your physical address, phone number, etc. without a call to your ISP
Umm... and what do you think happens when you oder something online from one of these sites that has the web bug?