What's worse is that there is no way to distiguish between authentic "User Account Control" dialog and a fake one that is poped up by a malicious application trying to collect admin credentials.
Unless Vista allows customizing generic "UAC" dialog (with an image or a text) or easily authenticate it in some other way, UAC being ON appears to pose a greater risk to a system security then when it is OFF.
The original statement was that Digg users were "led to install Alexa for the sake of adding to the view count for Digg". I want to know what this accusation is based on.. and I didn't ask if the demographics of Netcraft and Alexa users are different (neither of both is statistically representative by the way).
Was there a campaign "Help Digg, Install Alexa toolbar" ? Where they not letting you create an account on digg.com if you haven't had Alexa toolbar installed ? What was the evil stuff they did to cook the numbers ?
Just remember that ICECC is a pre-requirement for entering Advanced Social Engineering course offered by not-so-ethical hacker training facility next door.:)
It does not need to be "suitable for commercial use" to drive the demand up. And given the very nature of anonymous networking, it will do just that.
On a side note -
You can argue all you want, but cooperative anonymity in a group of random people is bound to create very serious ethical issues. These issues are not specific to child porn either, but it is a common ethical denominator for a lot of people, so that is why it surfaces frequently.
Whether they matter to you obviously depends on you alone, and noone can change that. But as other people pointed out, your position is very much disturbing.
You forget that child pornography is not just an ungodly perversion, it is also a fully commercialized illegal INDUSTRY.
In addition to the producers (those you are referring to) there are also consumers. It's a typical supply-demand scheme and providing means for secure distribution does one thing only - facilitates their trade.
If you were not running anonymizing node on your box, some asshole would've not been able to download more 'material' and this would've not caused the supplier to increase its volume. Ie to rape another child.
Or perhaps they can bundle a ticket with a coupon for a subsequent DVD purchase at insane discount.
Don't know how it works for other people, but for me $25 buys either a pair of movie tickets or a DVD. Never both. So unless they figure out a way to combine the experience of movie theather with a convenience of DVD, their attendence will just keep dropping.
She might however require you to keep it quiet and I would very much like to see you typing on the laptop as silently as if you were using a pen.
Paying or not, you should comply to certain classroom standards and not because she's having PMS or affraid of the laptops, but because you actually distract other people in a room.
It might not be a quick hack, but it definitely didn't go through a proper usability testing and evaluation.
The fact that it does a cool zoom effect when you click somewhere does not excuse the absence of 'insider transactions' link on the stock page. And neither does it justify the presence of company address, summary and management list. Leave alone some useless blog links. The view is overcrowded with information that is not needed on a day-to-day basis. And it rather feels more like a 'miscellaneous information' page than a concise summary.
And in this light, finance.google.com is almost an exact opposite of google.com, which is indeed an "everything you need, nothing you don't" deal.
Unless Google will allow customizing stock views, I don't see how this thing can take off the ground at all. Sure it looks nice, but it is barely usable. Though of course it is very subjective take on things.
PS. Yahoo Finance got it nearly perfect. No pretty graphs, which I'm sure they will add shortly and which are not critical to have anyway.
Except when rendered in Firefox, the background of "Find anything using the new Windows Live" bubble is few pixels short at the bottom and the whole page looks odd because of that.
All in all, it feels exactly like Microsoft iPod packaging. I don't like it. It's neither clean nor simple. It's not polished either.
PS Have anyone noticed that their <input> field in the main search form has the same ID as the one on Google ? So they can borrow browser's history of form inputs that people used with google.com. Seems more sly, than clever.
How crazy would the world get if I could download mercedes.torrent, big_mac_combo.zip, and refreshing columbianblow.rar?.. INFECTED big_mac_combo.zip.. that'd be fun for the whole family:)
Not much bigger or clunkier
on
IE7 Leaked
·
· Score: 1
Firefox's problem is not the size of its code (which you *can* reduce by tying to the host OS), it is a bloat of its run-time data. This is an indication of a poor memory management, no user control over run-time cache and/or fundamental flaws in datamodel or engine design.
The bottom line is that a single Firefix instance showing yahoo.com should NOT consume 180MB of memory, this is just ridiculous.
I would think the MS would have a department of crackers and hackers to try to do shit like this.
Cracking is largely driven by curiosity, geniune dislike towards software vendor or a criminal intent. Neither really fit the full-timer profile, leave alone someone being employed by the company itself.
MS can hire 10 departments of 'crackers and hackers', it will still not do them any good.
I dealt with IPsec *very* extensively in the past and in the first revision we were in fact using IKE for p2p and SSL for client-server security. The issue was essentially that IKE was an overkill and SSL added 4 extra messages to the login sequence. Former affected development schedule and latter affected server performance under the load (yes, I am aware of HW SSL accelleration, it was not an option at that moment).
For the second revision we stripped down all unused IKE features (like proposals, notification messages, etc), at which point it started to look more like JFK. We then reused this security handshake for replacing SSL and also added support for PSK (preshared key) authentication. And that's what exists at the moment.
Bulk p2p traffic is essentially ESP in AES256-HMAC-SHA1 mode. I think the only difference is that IV goes *after* the data and not in front of it. Same padding method, replay protection, etc
Basically we were going after IKE/SSL version that is highly optimized for our specific needs. We didn't do it from scratch and we didn't mix security paradigms from different protocols. We combined independent parts, so technically we didn't re-invent the wheel. We assembled it from prebuilt parts.
I completely agree that it needs a peer review. I would be more than willing to engage in one if there are people interested in doing this.
.. yes, a public, routable, full blown, IP address.
No, it is not. It's exactly the opposite. The address is private and globally UNroutable.
Who the fuck do they think they are distributing IP addresses like that?
Hamachi uses 5.0.0.0/8 for *private* networking. We are not distributing Internet addresses, we are distributing IPs used in Hamachi's own routing domain. Which of course is fully isolated from Internet.
The only problem Hamachi can run into later on is if IANA starts assigning IPs from this subnet to Internet nodes. These nodes will need to employ some creative routing to get Hamachi going. That's it, no dead end. No broken Internet.
IPv6 is not an option. At least not now. Try talking your parents through setting up IPv6 stack on windows, and then making poor box work again.
PS In case if anyone has any doubts, - I'm involved with Hamachi project./apankrat
Running VPN over TCP is bad for another major reason, which seems to completely escape the attention of people promoting this type of VPNs.
TCP is an UNAUTHENTICATED sessioned transport and the state of entire VPN DEPENDS on it. Anyone capable of closing TCP session can bring VPN down. Moreover VPN nodes may not even get a chance to exchange a single packet if an attacker proactively resets all connection attempts.
This is drastically different from standard VPNs that use IP or UDP for data delivery. In order for a packet to alter VPN state it must first be authenticated.
Essentially TCP-based VPNs are not resilient. They might be OK for an occasional use, but deploying them in a production is far too risky.
Moreover, this technique looks like it should work with any kind of NAT,
Looks can be deceiving. Hamachi's main strength IS its NAT traversal capabilities. In addition to symmetric, cone-this, cone-that types, it supports traversing a handful of completely obscure NAT types. Like reverse sequential NAT (external ports are allocated in decreasing order), burst overloaded NAT (ports are incremented in random increments), and random port NAT. Statistically it can connect 95% of all UDP-capable peers. The rate of standard NAT traversal techniques (including nat-traverse thingy) is about 80%.
And, yes, I am involved with Hamachi project, so I do know what I am talking about.
Slashdot Mirror
What's worse is that there is no way to distiguish between authentic "User Account Control" dialog and a fake one that is poped up by a malicious application trying to collect admin credentials.
Unless Vista allows customizing generic "UAC" dialog (with an image or a text) or easily authenticate it in some other way, UAC being ON appears to pose a greater risk to a system security then when it is OFF.
e-a-t-m-o-r-c-h-i-k-i-n !
How do these numbers relate to the question ?
.. and I didn't ask if the demographics of Netcraft and Alexa users are different (neither of both is statistically representative by the way).
The original statement was that Digg users were "led to install Alexa for the sake of adding to the view count for Digg". I want to know what this accusation is based on
Was there a campaign "Help Digg, Install Alexa toolbar" ?
Where they not letting you create an account on digg.com if you haven't had Alexa toolbar installed ?
What was the evil stuff they did to cook the numbers ?
.. has lead many Digg users to install Alexa for the sake of adding to the view count for Digg
Any facts to back up this bold statement ?
MIT stole Saratov State University's cannon.
.. more likely S-300 or something
Just remember that ICECC is a pre-requirement for entering Advanced Social Engineering :)
course offered by not-so-ethical hacker training facility next door.
It does not need to be "suitable for commercial use" to drive the demand up.
And given the very nature of anonymous networking, it will do just that.
On a side note -
You can argue all you want, but cooperative anonymity in a group of random people
is bound to create very serious ethical issues. These issues are not specific to child
porn either, but it is a common ethical denominator for a lot of people, so that is why
it surfaces frequently.
Whether they matter to you obviously depends on you alone, and noone can change
that. But as other people pointed out, your position is very much disturbing.
You forget that child pornography is not just an ungodly perversion, it is also a fully commercialized illegal INDUSTRY.
In addition to the producers (those you are referring to) there are also consumers. It's a typical supply-demand scheme and providing means for secure distribution does one thing only - facilitates their trade.
If you were not running anonymizing node on your box, some asshole would've not been able to download more 'material' and this would've not caused the supplier to increase its volume. Ie to rape another child.
Comprende ?
I think Mr Jobs is getting ready 'to pursue other endeavours' as they say.
Or perhaps they can bundle a ticket with a coupon for a subsequent DVD purchase at insane discount.
Don't know how it works for other people, but for me $25 buys either a pair of movie tickets or a DVD. Never both. So unless they figure out a way to combine the experience of movie theather with a convenience of DVD, their attendence will just keep dropping.
She might however require you to keep it quiet and I would very
much like to see you typing on the laptop as silently as if you
were using a pen.
Paying or not, you should comply to certain classroom standards
and not because she's having PMS or affraid of the laptops, but
because you actually distract other people in a room.
What I don't understand how not having laptops in class is going to help
students un-focus from "trying to transcribe every word that was I saying".
She is just a laptopophob if you ask me.
It might not be a quick hack, but it definitely didn't go through a proper usability testing and evaluation.
The fact that it does a cool zoom effect when you click somewhere does not excuse the absence of 'insider transactions' link on the stock page. And neither does it justify the presence of company address, summary and management list. Leave alone some useless blog links. The view is overcrowded with information that is not needed on a day-to-day basis. And it rather feels more like a 'miscellaneous information' page than a concise summary.
And in this light, finance.google.com is almost an exact opposite of google.com, which is indeed an "everything you need, nothing you don't" deal.
Unless Google will allow customizing stock views, I don't see how this thing can take off the ground at all. Sure it looks nice, but it is barely usable. Though of course it is very subjective take on things.
PS. Yahoo Finance got it nearly perfect. No pretty graphs, which I'm sure they will add shortly and which are not critical to have anyway.
What version of Firefox? Looks fine to me in 1.5.0.1...
1.0.7
might want to try upgrading.
Why would I want that ? It is not my problem that their
website does not render correctly in my version of browser.
Except when rendered in Firefox, the background of "Find anything using the new Windows Live" bubble is few pixels short at the bottom and the whole page looks odd because of that.
All in all, it feels exactly like Microsoft iPod packaging. I don't like it. It's neither clean nor simple. It's not polished either.
PS Have anyone noticed that their <input> field in the main search form has the same ID as the one on Google ? So they can borrow browser's history of form inputs that people used with google.com. Seems more sly, than clever.
Russian cosmonaut will take his trusty six iron ..
sounds pretty much like
American astronaut will take his trusty balalajka and play few of his favourite tunes
ie - completely out of space.
PS For those loonies who put this news bit together - 90% of Russians don't even *know* what the golf is.
How crazy would the world get if I could download mercedes.torrent, big_mac_combo.zip, and refreshing columbianblow.rar? .. INFECTED big_mac_combo.zip .. that'd be fun for the whole family :)
>> Non Disclosure Agreements and Really Good Lawyers, that's what it's all about.
> Spot on.
Tell that to Cisco
Firefox's problem is not the size of its code (which you *can* reduce by tying to the host OS), it is a bloat of its run-time data. This is an indication of a poor memory management, no user control over run-time cache and/or fundamental flaws in datamodel or engine design.
The bottom line is that a single Firefix instance showing yahoo.com should NOT consume 180MB of memory, this is just ridiculous.
I would think the MS would have a department of crackers and hackers to try to do shit like this.
Cracking is largely driven by curiosity, geniune dislike towards software vendor or a criminal intent. Neither really fit the full-timer profile, leave alone someone being employed by the company itself.
MS can hire 10 departments of 'crackers and hackers', it will still not do them any good.
Hamachi is a second attempt at zero-conf system.
I dealt with IPsec *very* extensively in the past and in the first revision we were in fact using IKE for p2p and SSL for client-server security. The issue was essentially that IKE was an overkill and SSL added 4 extra messages to the login sequence. Former affected development schedule and latter affected server performance under the load (yes, I am aware of HW SSL accelleration, it was not an option at that moment).
For the second revision we stripped down all unused IKE features (like proposals, notification messages, etc), at which point it started to look more like JFK. We then reused this security handshake for replacing SSL and also added support for PSK (preshared key) authentication. And that's what exists at the moment.
Bulk p2p traffic is essentially ESP in AES256-HMAC-SHA1 mode. I think the only difference is that IV goes *after* the data and not in front of it. Same padding method, replay protection, etc
Basically we were going after IKE/SSL version that is highly optimized for our specific needs. We didn't do it from scratch and we didn't mix security paradigms from different protocols. We combined independent parts, so technically we didn't re-invent the wheel. We assembled it from prebuilt parts.
I completely agree that it needs a peer review. I would be more than willing to engage in one if there are people interested in doing this.
Wesley, I am fully aware of this quote. Hamachi was not designed 'over the morning coffee'. Please have a look at http://hamachi.cc/security.
Alex (ap@hamachi.cc)
.. yes, a public, routable, full blown, IP address.
/apankrat
No, it is not. It's exactly the opposite. The address is private and globally UNroutable.
Who the fuck do they think they are distributing IP addresses like that?
Hamachi uses 5.0.0.0/8 for *private* networking. We are not distributing Internet addresses, we are distributing IPs used in Hamachi's own routing domain. Which of course is fully isolated from Internet.
The only problem Hamachi can run into later on is if IANA starts assigning IPs from this subnet to Internet nodes. These nodes will need to employ some creative routing to get Hamachi going. That's it, no dead end. No broken Internet.
IPv6 is not an option. At least not now. Try talking your parents through setting up IPv6 stack on windows, and then making poor box work again.
PS In case if anyone has any doubts, - I'm involved with Hamachi project.
Running VPN over TCP is bad for another major reason, which seems
to completely escape the attention of people promoting this type
of VPNs.
TCP is an UNAUTHENTICATED sessioned transport and the state of
entire VPN DEPENDS on it. Anyone capable of closing TCP session
can bring VPN down. Moreover VPN nodes may not even get a chance
to exchange a single packet if an attacker proactively resets all
connection attempts.
This is drastically different from standard VPNs that use IP or
UDP for data delivery. In order for a packet to alter VPN state
it must first be authenticated.
Essentially TCP-based VPNs are not resilient. They might be OK
for an occasional use, but deploying them in a production is
far too risky.
Moreover, this technique looks like it should work with any kind of NAT,
Looks can be deceiving. Hamachi's main strength IS its NAT traversal capabilities. In addition to symmetric, cone-this, cone-that types, it supports traversing a handful of completely obscure NAT types. Like reverse sequential NAT (external ports are allocated in decreasing order), burst overloaded NAT (ports are incremented in random increments), and random port NAT. Statistically it can connect 95% of all UDP-capable peers. The rate of standard NAT traversal techniques (including nat-traverse thingy) is about 80%.
And, yes, I am involved with Hamachi project, so I do know what I am talking about.