Uh, spam is theft by conversion. The spammers force third party ISPs to host their advertising by means of disk storage. Often spammers hijack third party mailservers to send their spew -- theft of service. Sending junk e-mail to a domain that has specifically stated that it is not desired is trespass to chattel.
Spam is illegal. Spammers should be tortured and killed, their heads should be placed on pikes that should line Silicon Valley.
Unless the X-Box's OS is stored on the console's hard drive, it shouldn't be a problem. Anyway, I doubt that the X-Box is designed to run things like the PC-Friendly software on DVD discs.
You might be able to create something to hose the X-Box to some extent, but it would have to be specifically designed for the console and it's unlikely something like that could sneak into a DVD production master.
There is a DVD "spec" for programming and formatting special features such as menu interaction and other things, but it's an incredibly broad spec, so much so that some players can't play certain movies that use an obscure feature never in use when the player was designed.
There's also the issue of how far a "spec" can be stretched for cute or interesting effects beyond the scope intended from the original design. Ghostbusters (and some later discs) offered MST3K-style silhouettes of the people as they offered commentary on the movie by hiding it in the subtitle track -- though some players (very few) had problems playing it because of the tricks used.
I don't know about the encoding or programming or how easy it is for home use, though it apparently isn't too difficult to hack together a simple menu system considering the "features" sometimes found on bootleg DVDs.
The company is replacing all infected DVDs. The problem is getting word out to consumers about the recall. The problem is also moron consumers who read the headline "DVD infected with virus" and suddenly panic and flood customer support lines with concerns over what an infected DVD might do to their standalone Toshiba or Sony player.
I won't get into the problem that allows a DVD to be mastered and pressed with an virus in the supplimental software.
From the story it appears to check the browser type. Apparently changing the browser type string that Opera sends by one letter gets around the problem. It also explains why Netscape 6.1 can get in when Mozilla can't.
The "service pack" was a DVD update driver to resolve some movie playback functions not unlike firmware updates for standalone DVD players.
1) This affects *only* the DVD movie playback feature, it has no impact whatsoever on the games themselves. The PS2 is, as I stated, a gaming console for PS2 games *first* and everything else second or further.
2) While I don't like it, DVD firmware updates are common amongst console DVD players as the features of some newly released DVD suddenly breaks on an existing console (what with the DVD standards being so intricate and multi-faceted). Most firmware updates require sending the unit to a service center, the PS2 method is much easier by comparison.
There is the possibility that MS was well aware of the risks of improper ventilation and extended use of the console and instructed or advised software store companies of the proper storage and care for the kiosk units, but were ignored. Certainly not an uncommon occurance.
PS2 does have some backwards compatability problems with a few PSX games (often those problems pop up only when using the "advanced" PSX features: texture smoothing and fast disc access). It also has some problems with a few DVD movies (may of which are resolved with updated drivers that can be put on a memory card), but 1) every DVD player has problems with at least a disc or two and 2) the PS2 is marketed as a PS2 game playing console first, DVD player second.
I've also never seen an incident of a PS2 breaking down or crashing in a kiosk (though I never asked much).
I've lurked quite a bit on PS2 discussion boards and I've not heard much about problems with actual PS2 games on the PS2 console. Pretty stable, apparently.
I don't disagree regarding the graphics. The only playable demo at the local software stores where I live is Munch's Oddysee. I know that it's a first-gen game but I remember many first-gen PS2 games that looked better (better texture quality, mostly).
The rest of the disc was just "non-interactive", and I try not to judge game footage based upon console FMV -- there is always significant degredation of the image quality. Still, it didn't impress me terribly, didn't look like anything I'd want to play.
I find it more likely that if viruses are called acts of terrorism, MS will accuse security companies of aiding and providing information to terrorists with security alerts exposing backdoors and other security holes.
No, it was correctly identified as Ex Post Facto. Statute of Limitations refers to the amount of time that may pass between the comission of a crime and the prosecution, however the law must have been in place at the time of the "incident" or no prosecution can take place.
I'm not sure how trying to retroactively remove the statute of limitations and retroactively declaring computer crimes as acts of terrorism will fly with the courts -- it could be argued that Ex Post Facto protects people from being branded as terrorists because their actions were not legally "acts of terrorism" when they occured. Not that Ashcroft seems to care about the Constitution one way or the other right now.
Long ago I heard of a CGI script by the name of WebPoison. It would generate a page of random text; the first set of text would be random words that all linked to differently parsed URLs right back to the same page. The second and much longer set of text was a long list of randomly generated bogus e-mail addresses. Because the recursive links were all different (and random) it would theoretically cause a spambot to contunally follow a circular path and constantly retrieve hundreds of fake e-mail addresses (thus the name Webpoison -- it poisons their list).
There were some flaws. You'd need a webserver that let you run CGI scripts without necessarily having.cgi show up in the URL (to fool the spambots) and you'd have to have some mechanism to check that the random addresses did not use real domains. Might also use up your bandwidth as bots got stuck, but you could then use their IP to file a complaint against their ISP (and ban them from hitting your server in the future).
Sadly, I've not found any information on it recently. Perhaps someone could hack out a more efficient version of such to address potential problems and bugs.
Newsflash (in an alternate universe)
on
Linux Kernel Bugs
·
· Score: 1, Troll
Linus Torvalds, creator of the Linux operating system, commented today on the newly discovered root-exploit present in the operating system since version 2.2.0 of the software imploring bug tracker teams not to release such information to the public.
"Security companies have a responsibility to protect the public", said a visibly upset Linux, "and releasing information such as this practically gives out blueprints for weapons to attack private systems." He went on to say that "System administrators shouldn't have to worry about whether or not their box could be rooted out from an end user's explot script or even a third party exploiting a hole in a remote service." He called the notion of letting people know about potential vulnerabilities, "Wholly irresponsible" and referred to the demonstration of example scripts for exposing and exploiting such vulnerabilities "dangerous and destructive."
Linus finally called upon security companies to "excercise self-restraint" on issues of security flaws.
"We're working with Microsoft", he stated, "to help develop an industry-wide standard. We will keep our systems secure, even if we have to classify every insecurity and vulnerability as copyrighted material and prosecute reporters under the DMCA to do it."
Well it's not exactly a remote hole. The user still needs to have execute privs on the system they want to root out.
The "laughing" at MS's security holes isn't necessarily about how easiy it is for a user to gain administrative priveledges, but how easy it is for anyone anywhere to gain remote admin privs.
Not that I'm saying your comments are completely without merit; a hole like this should have been spotted sooner IMO (though I don't know how obvious it was). I'm also not blind to the fact that remote exploits have been found on Linux systems/services.
I'm aware that the exploit is within ptrace and not newgrp itself but...
...the SecurityFocus notice uses newgrp as an example of a program from where the hole can be exploited and it states that most Linux distributions default with newgrp suid root and world-executable. Call me odd, but I'm not sure I understand why a sysadmin would want newgrp to be world-executable.
You have a good point about the suggestion to grab the DRM cracking utilities, though I disagree with your sentiments that violating MicroSoft's copyright is somehow justifiable. Microsoft's engineers worked hard to create an effective system for helping large corporations control their copyrights and here some anonymous hacker has broken all of their hard work and rendered the fruits of their money and efforts worthless, all in a single package that you can download here. Slashdotters, you should be ashamed that you are being encouraged to download this file and HeUnique should be ashamed for suggesting that people grab this file.
Note the phrasing though: "best-of-breed MSN content". Legally it's covered because they don't claim to be giving the best content, just the best MSN content.
In other words, you're getting the best content that the worst provider has to offer.
Seems somewhat easy to overcome
on
RIAA to DoS Pirates?
·
· Score: 5, Insightful
Doesn't sound like a typical DoS attack. From the article it looks more like the RIAA would have machines set up to look for copyrighted material and make repeated download requests, then download very very slowly to keep servers with connection limits filled up. How hard would it be to require a minimum transfer rate -- that is, for the servers that do not already offer such a setting -- and then code in a setting to allow banning of IPs that engage in suspect behaviour consistently.
The scarier RIAA attempt IMO is their attempt to make themselves exempt from liability if they damage a system while looking for copyright. The wording alone allowing for immunity to any prosecution provided that the break-in was by a copyright holder (in the article) appears so utterly vague as to be used as a carte blanche for anyone to break into a system (Honestly, your honor, I was trying to make sure that they weren't pirating a Star Trek TNG Fanfic that I wrote nine years ago!). What's scarier is the quotes suggesting that not only have they considered it legal in the past, but they have already been engaging in such activity.
Here's an idea for someone with Caller ID. If you have an incoming call and you know from the ID readout that it is either a wrong number or a Telemarketer answer with:
"Hello, is Dave there?"
See if they get caught off guard. If there is no Dave there, tell them "Sorry, wrong number." and hang up.
In my case they ask for a "Mrs. $LASTNAME" where $LASTNAME = my boyfriend's surname. Since we can't legally marry and there are no Mrs. $LASTNAMEs available in the house the assumption is that the telemarketer is looking to reach his mother. I simply inform the TM that she is deceased and to promptly FOAD.
I'm aware of the law, but I need to get a phone conversation recording device. I once told that to a telemarketer and received a harsh, "No!" before he hung up. I wanted to sue, but I didn't have any documentation:(
And don't forget that with the SSSCA or whatever it's called, you won't be legally allowed to run anything but WinXP or an "approved" OS -- so securing your linux boxes to prevent such a hack is a no-no.
This is getting slightly annoying, I just compiled 2.4.11 on my box last night and now I hafta do it again, only to learn of a new bug.
It seems that the last few kernel releases have had some kind of serious problem in one of the drivers. I think it was 2.4.8 that had a emu10k driver issue and 2.4.9 that had ntfs problems (could have those versions wrong), now 2.4.11 has a symlink bug and 2.4.12 has a paralell port driver.
2.4.11 sounds serious, though I've not done anything that could have triggered it since I put it in place (I use SuSE but not yast2), and 2.4.12 won't affect me at all because I don't use my paralell port, but still, it's kind of disheartening to read of a new bug discovered just after a new release...
...then again, perhaps I should find it encouraging that the problems are discovered (and patchable) so quickly rather than languishing about until the next release.
You forgot the provision that allows the MPAA, the RIAA or any company that pays a substantial amount to one of those organizations to order said arrests.
Slashdot Mirror
Uh, spam is theft by conversion. The spammers force third party ISPs to host their advertising by means of disk storage. Often spammers hijack third party mailservers to send their spew -- theft of service. Sending junk e-mail to a domain that has specifically stated that it is not desired is trespass to chattel.
Spam is illegal. Spammers should be tortured and killed, their heads should be placed on pikes that should line Silicon Valley.
Unless the X-Box's OS is stored on the console's hard drive, it shouldn't be a problem. Anyway, I doubt that the X-Box is designed to run things like the PC-Friendly software on DVD discs.
You might be able to create something to hose the X-Box to some extent, but it would have to be specifically designed for the console and it's unlikely something like that could sneak into a DVD production master.
There is a DVD "spec" for programming and formatting special features such as menu interaction and other things, but it's an incredibly broad spec, so much so that some players can't play certain movies that use an obscure feature never in use when the player was designed.
There's also the issue of how far a "spec" can be stretched for cute or interesting effects beyond the scope intended from the original design. Ghostbusters (and some later discs) offered MST3K-style silhouettes of the people as they offered commentary on the movie by hiding it in the subtitle track -- though some players (very few) had problems playing it because of the tricks used.
I don't know about the encoding or programming or how easy it is for home use, though it apparently isn't too difficult to hack together a simple menu system considering the "features" sometimes found on bootleg DVDs.
The company is replacing all infected DVDs. The problem is getting word out to consumers about the recall. The problem is also moron consumers who read the headline "DVD infected with virus" and suddenly panic and flood customer support lines with concerns over what an infected DVD might do to their standalone Toshiba or Sony player.
I won't get into the problem that allows a DVD to be mastered and pressed with an virus in the supplimental software.
From the story it appears to check the browser type. Apparently changing the browser type string that Opera sends by one letter gets around the problem. It also explains why Netscape 6.1 can get in when Mozilla can't.
The "service pack" was a DVD update driver to resolve some movie playback functions not unlike firmware updates for standalone DVD players.
1) This affects *only* the DVD movie playback feature, it has no impact whatsoever on the games themselves. The PS2 is, as I stated, a gaming console for PS2 games *first* and everything else second or further.
2) While I don't like it, DVD firmware updates are common amongst console DVD players as the features of some newly released DVD suddenly breaks on an existing console (what with the DVD standards being so intricate and multi-faceted). Most firmware updates require sending the unit to a service center, the PS2 method is much easier by comparison.
There is the possibility that MS was well aware of the risks of improper ventilation and extended use of the console and instructed or advised software store companies of the proper storage and care for the kiosk units, but were ignored. Certainly not an uncommon occurance.
PS2 does have some backwards compatability problems with a few PSX games (often those problems pop up only when using the "advanced" PSX features: texture smoothing and fast disc access). It also has some problems with a few DVD movies (may of which are resolved with updated drivers that can be put on a memory card), but 1) every DVD player has problems with at least a disc or two and 2) the PS2 is marketed as a PS2 game playing console first, DVD player second.
I've also never seen an incident of a PS2 breaking down or crashing in a kiosk (though I never asked much).
I've lurked quite a bit on PS2 discussion boards and I've not heard much about problems with actual PS2 games on the PS2 console. Pretty stable, apparently.
I don't disagree regarding the graphics. The only playable demo at the local software stores where I live is Munch's Oddysee. I know that it's a first-gen game but I remember many first-gen PS2 games that looked better (better texture quality, mostly).
The rest of the disc was just "non-interactive", and I try not to judge game footage based upon console FMV -- there is always significant degredation of the image quality. Still, it didn't impress me terribly, didn't look like anything I'd want to play.
I find it more likely that if viruses are called acts of terrorism, MS will accuse security companies of aiding and providing information to terrorists with security alerts exposing backdoors and other security holes.
No, it was correctly identified as Ex Post Facto. Statute of Limitations refers to the amount of time that may pass between the comission of a crime and the prosecution, however the law must have been in place at the time of the "incident" or no prosecution can take place.
I'm not sure how trying to retroactively remove the statute of limitations and retroactively declaring computer crimes as acts of terrorism will fly with the courts -- it could be argued that Ex Post Facto protects people from being branded as terrorists because their actions were not legally "acts of terrorism" when they occured. Not that Ashcroft seems to care about the Constitution one way or the other right now.
Long ago I heard of a CGI script by the name of WebPoison. It would generate a page of random text; the first set of text would be random words that all linked to differently parsed URLs right back to the same page. The second and much longer set of text was a long list of randomly generated bogus e-mail addresses. Because the recursive links were all different (and random) it would theoretically cause a spambot to contunally follow a circular path and constantly retrieve hundreds of fake e-mail addresses (thus the name Webpoison -- it poisons their list).
.cgi show up in the URL (to fool the spambots) and you'd have to have some mechanism to check that the random addresses did not use real domains. Might also use up your bandwidth as bots got stuck, but you could then use their IP to file a complaint against their ISP (and ban them from hitting your server in the future).
There were some flaws. You'd need a webserver that let you run CGI scripts without necessarily having
Sadly, I've not found any information on it recently. Perhaps someone could hack out a more efficient version of such to address potential problems and bugs.
Linus Torvalds, creator of the Linux operating system, commented today on the newly discovered root-exploit present in the operating system since version 2.2.0 of the software imploring bug tracker teams not to release such information to the public.
"Security companies have a responsibility to protect the public", said a visibly upset Linux, "and releasing information such as this practically gives out blueprints for weapons to attack private systems." He went on to say that "System administrators shouldn't have to worry about whether or not their box could be rooted out from an end user's explot script or even a third party exploiting a hole in a remote service." He called the notion of letting people know about potential vulnerabilities, "Wholly irresponsible" and referred to the demonstration of example scripts for exposing and exploiting such vulnerabilities "dangerous and destructive."
Linus finally called upon security companies to "excercise self-restraint" on issues of security flaws.
"We're working with Microsoft", he stated, "to help develop an industry-wide standard. We will keep our systems secure, even if we have to classify every insecurity and vulnerability as copyrighted material and prosecute reporters under the DMCA to do it."
Well it's not exactly a remote hole. The user still needs to have execute privs on the system they want to root out.
The "laughing" at MS's security holes isn't necessarily about how easiy it is for a user to gain administrative priveledges, but how easy it is for anyone anywhere to gain remote admin privs.
Not that I'm saying your comments are completely without merit; a hole like this should have been spotted sooner IMO (though I don't know how obvious it was). I'm also not blind to the fact that remote exploits have been found on Linux systems/services.
I'm aware that the exploit is within ptrace and not newgrp itself but...
...the SecurityFocus notice uses newgrp as an example of a program from where the hole can be exploited and it states that most Linux distributions default with newgrp suid root and world-executable. Call me odd, but I'm not sure I understand why a sysadmin would want newgrp to be world-executable.
You have a good point about the suggestion to grab the DRM cracking utilities, though I disagree with your sentiments that violating MicroSoft's copyright is somehow justifiable. Microsoft's engineers worked hard to create an effective system for helping large corporations control their copyrights and here some anonymous hacker has broken all of their hard work and rendered the fruits of their money and efforts worthless, all in a single package that you can download here. Slashdotters, you should be ashamed that you are being encouraged to download this file and HeUnique should be ashamed for suggesting that people grab this file.
Cries of "fair use" do not render valid laws and copyrights obsolete. Just because DRM is easily circumvented is no excuse to ignore Microsoft's intellectual property.
Note the phrasing though: "best-of-breed MSN content". Legally it's covered because they don't claim to be giving the best content, just the best MSN content.
In other words, you're getting the best content that the worst provider has to offer.
Doesn't sound like a typical DoS attack. From the article it looks more like the RIAA would have machines set up to look for copyrighted material and make repeated download requests, then download very very slowly to keep servers with connection limits filled up. How hard would it be to require a minimum transfer rate -- that is, for the servers that do not already offer such a setting -- and then code in a setting to allow banning of IPs that engage in suspect behaviour consistently.
The scarier RIAA attempt IMO is their attempt to make themselves exempt from liability if they damage a system while looking for copyright. The wording alone allowing for immunity to any prosecution provided that the break-in was by a copyright holder (in the article) appears so utterly vague as to be used as a carte blanche for anyone to break into a system (Honestly, your honor, I was trying to make sure that they weren't pirating a Star Trek TNG Fanfic that I wrote nine years ago!). What's scarier is the quotes suggesting that not only have they considered it legal in the past, but they have already been engaging in such activity.
Here's an idea for someone with Caller ID. If you have an incoming call and you know from the ID readout that it is either a wrong number or a Telemarketer answer with:
"Hello, is Dave there?"
See if they get caught off guard. If there is no Dave there, tell them "Sorry, wrong number." and hang up.
In my case they ask for a "Mrs. $LASTNAME" where $LASTNAME = my boyfriend's surname. Since we can't legally marry and there are no Mrs. $LASTNAMEs available in the house the assumption is that the telemarketer is looking to reach his mother. I simply inform the TM that she is deceased and to promptly FOAD.
I'm aware of the law, but I need to get a phone conversation recording device. I once told that to a telemarketer and received a harsh, "No!" before he hung up. I wanted to sue, but I didn't have any documentation :(
And don't forget that with the SSSCA or whatever it's called, you won't be legally allowed to run anything but WinXP or an "approved" OS -- so securing your linux boxes to prevent such a hack is a no-no.
This is getting slightly annoying, I just compiled 2.4.11 on my box last night and now I hafta do it again, only to learn of a new bug.
It seems that the last few kernel releases have had some kind of serious problem in one of the drivers. I think it was 2.4.8 that had a emu10k driver issue and 2.4.9 that had ntfs problems (could have those versions wrong), now 2.4.11 has a symlink bug and 2.4.12 has a paralell port driver.
2.4.11 sounds serious, though I've not done anything that could have triggered it since I put it in place (I use SuSE but not yast2), and 2.4.12 won't affect me at all because I don't use my paralell port, but still, it's kind of disheartening to read of a new bug discovered just after a new release...
...then again, perhaps I should find it encouraging that the problems are discovered (and patchable) so quickly rather than languishing about until the next release.
IIRC Postal is very very old, either from the days of Windows 95 or earlier. Anyone know why Loki would pick something this aged up?
Not that I've a problem with it; I was intrigued by POSTAL when it was first released and may now check it out when it is released.
You forgot the provision that allows the MPAA, the RIAA or any company that pays a substantial amount to one of those organizations to order said arrests.