The attack software was installed primarily on computers using Sun Microsystems' Solaris and Linux--both variations of the Unix operating system. To break into those computers, the intruder took advantage of known vulnerabilities that allowed him or her to take almost complete control of a computer then erase his or her tracks, Dittrich said.
Interesting that, I've have thought having them on Win NT boxes would have been easier.
Having been closely involved with SDMI, I feel I can comment on most of these, without breaking NDAs. Note that my replies are only applicable to the SDMI management package that I'm using. With other packages, your mileage may vary.
1. It appears you can't move the music files around on your disk. They get stored in an encrypted form and if you try and reorganize them other than through the SDMI compliant software, they go boom!
Thats your software, badly implemented. Lets have a quick review of how it's supposed to work. You apply for a key from your SDMI supplier, it gets installed, and when you purchase music, it is purchased against that key. Where that music ends up on your hard drive doesn't matter. You can have the same key on multiple devices (otherwise SDMI players wouldn't work), so have a specific location locked into the file makes no sense.
2. At least with the software I have, it appears all your music must fit on one device, there is no provision for multiple catalogs on several devices.
I have a catalogue currently spanning 2 PCs at work, and my PC at home. None of them hold exactly the same music. Your software must bite:)
3. It appears that storing your music on read-only media like CDR will not be possible.
Definately wrong. At MIDEM (a worldwide music media conference) SDMI files were distributed on CD.
4. At least with the software I have, storing music on removable media like ZIP drives may not be possible.
See above.
5. It appears that if you have multiple computers, a laptop and a PC for example, you won't be able to transfer your music back and forth between the two
See above
6. It appears SDMI is a security standard only and doesn't guarantee interoperability between SDMI devices from multiple manufacturers.
Sort of. SDMI files are encoded against your key, and your key is specific to your "trust provider", there is currently no global keyspace. If a device doesn't support your trust provider, then it may not play. Each trust provider, I believe, is free to use their own encryption methods.
7. I have yet to determine if the directory containing SDMI music can be safely backed up and restored.
It can, but you have to backup your keys as well. Your software should provide a method for this.
8. It looks like SDMI might be one of those "standards" that can't be distributed as open source without its security being broken.
Not as far as I am aware. The trust provider we're working with is using RSA and a couple of other bits and bobs. Nothing exciting, nothing secret, it's just they don't publish the fact unless you ask them. However remember, this is a Windows world primarily here, so attitudes are different.
Now I'm not going to get involved with arguements on why should people use SDMI over plain MPEGs or how easy it is to break. But from my background, including have games I wrote copied, distributed and never saying a penny, personally if I was producing music I'd like the idea that I might get paid for my work *shrug*
You want to be really fussy? Isn't it ECMA Script? AS it stands Microsoft's JScript implementation does a better job of sticking to the W3C DOM than Netscape's does.
It depends. Certainly, for those people who have a PC to run games on,as consoles get more powerful, the PC won't be needed any more.
However there's more to a PC than that. What about those that want to word process? I've yet to see a web based word processor, spreadsheet, presentation manager, configurable database, graphics design etc. etc.
There's more to home usage than games and PDA functions.
Now maybe a PC that plugs into the TV at a decent resolution might push most PCs outwards to the fringes.
Unless, as seems to be a growing trend in the UK at least, you go and drive to Taco Bell to get your munchies. Then your slowed reactions get really dangerous.
IE, like Netscape was based on Mosiac. If you look in IE's about box you'll see Microsoft still credit Mosiac, "Based on NCSA Mosaic. NCSA Mosaic(TM); was developed at the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign. Distributed under a licensing agreement with Spyglass, Inc."
Note that it's now only based on, I'd doubt there's much code left over from IE2.
Personally, it amuses me that Microsoft still credits Mosaic, but Netscape dropped the credit quickly.
Thats not IIS though, that's Front Page extentions, you can set it up to do the same thing under any of the other web servers Front Page mangles. I know it may be snobby, but would you trust your credit card numbers to a site written in Front Page?
And additionaly use Trusted Connections. Trusted connections use the NT login that the user/IIS process is running under. No passwords need to be stored. This is just a config option.
The worst ones I've seen are sites using Frontpage *shudder* to store credit cards in clean text files in a sub directory off the web root. Mind you they were spammer sites, so tough noggies:)
Yea but who added HTML extensions first? Netscape:) Who passed on making their scripting ECMA compatible? Netscape. Grrrr such a royal pain to try to get a site to render in Netscape after their "bent" the standards.
Actually the support knowledge base using an identical knowledge base to the one on-line, and there is a seperate set of databases with answers that haven't made it that far yet. But the interface is damned clunky.
Yea if it's sent by mistake, but reading all the coverage I think M/S were assuming it was sent out to someone on *purpose*, i.e. someone inside was sending trade secrets outside. Now if they had that view, then of course it's illegal.
robots.txt only works for well behaved bots. Spam bots, site rippers etc. are quite free to ignore it. These days people are getting lazy about writing well behaved search engines, for example I had Infoseek's bot hit my site twice this week, and it attached 20 sessions at once *grrr*
As an aside the METAR data is freely available. Drop me an email and I'll pass it onto a friend who has written a bit of software to grab flying weather information. He can point you to the protocols and you should be able to wrap your own:)
That sounds an awful lot like Internet Explorer doesn't it?
Re:What about the following FUD?
on
Stopping the FUD
·
· Score: 1
Who really cares about USB, though?
Quite a few of use, I run keyboard, scanner, MPEG3 player, mouse and a video conference camera all on USB. Why? I don't want to have to use a seperate IRQ for each thing, if I didn't I'd have ran out ages ago. So don't just dismiss it.
Choose an OS for what it's good for.
Thats the crux of the whole deal. I use NT at work for lots of stuff I can't use Linux for,
Running Photoshop and Illustrator
Running WAP server stuff
Running SQL 7.0, which is a damned fine database
etc. etc.
No operating system is the magic bullet we're looking for and the sooner we all realise this, and promote OSes based on their strengths and not comparing it to other OS's weaknesses the better. It will be better for the consumer and won't make us look like religous zealots.
OK nows there's a common FUD. Who hijacked HTML first? Netscape or MS? Errrr Nitscrape. Damned blink tags, layer tags, Javascript that doesn't conform to the ECMA standards...
As an aside You ghosted NT setups? Ewww! NT setups have a GUID for each machine, and when you ghost NT onto lots of boxes, and the same GUID is used, kiss stable networking goodbye under certain circumstances:)
Slashdot Mirror
From news.com
The attack software was installed primarily on computers using Sun Microsystems' Solaris and Linux--both variations of the Unix operating system. To break into those computers, the intruder took advantage of known vulnerabilities that allowed him or her to take almost complete control of a computer then erase his or her tracks, Dittrich said.
Interesting that, I've have thought having them on Win NT boxes would have been easier.
Having been closely involved with SDMI, I feel I can comment on most of these, without breaking NDAs. Note that my replies are only applicable to the SDMI management package that I'm using. With other packages, your mileage may vary.
1. It appears you can't move the music files around on your disk. They get stored in an encrypted form and if you try and reorganize them other than through the SDMI compliant software, they go boom!
Thats your software, badly implemented. Lets have a quick review of how it's supposed to work. You apply for a key from your SDMI supplier, it gets installed, and when you purchase music, it is purchased against that key. Where that music ends up on your hard drive doesn't matter. You can have the same key on multiple devices (otherwise SDMI players wouldn't work), so have a specific location locked into the file makes no sense.
2. At least with the software I have, it appears all your music must fit on one device, there is no provision for multiple catalogs on several devices.
I have a catalogue currently spanning 2 PCs at work, and my PC at home. None of them hold exactly the same music. Your software must bite :)
3. It appears that storing your music on read-only media like CDR will not be possible.
Definately wrong. At MIDEM (a worldwide music media conference) SDMI files were distributed on CD.
4. At least with the software I have, storing music on removable media like ZIP drives may not be possible.
See above.
5. It appears that if you have multiple computers, a laptop and a PC for example, you won't be able to transfer your music back and forth between the two
See above
6. It appears SDMI is a security standard only and doesn't guarantee interoperability between SDMI devices from multiple manufacturers.
Sort of. SDMI files are encoded against your key, and your key is specific to your "trust provider", there is currently no global keyspace. If a device doesn't support your trust provider, then it may not play. Each trust provider, I believe, is free to use their own encryption methods.
7. I have yet to determine if the directory containing SDMI music can be safely backed up and restored.
It can, but you have to backup your keys as well. Your software should provide a method for this.
8. It looks like SDMI might be one of those "standards" that can't be distributed as open source without its security being broken.
Not as far as I am aware. The trust provider we're working with is using RSA and a couple of other bits and bobs. Nothing exciting, nothing secret, it's just they don't publish the fact unless you ask them. However remember, this is a Windows world primarily here, so attitudes are different.
Now I'm not going to get involved with arguements on why should people use SDMI over plain MPEGs or how easy it is to break. But from my background, including have games I wrote copied, distributed and never saying a penny, personally if I was producing music I'd like the idea that I might get paid for my work *shrug*
You want to be really fussy? Isn't it ECMA Script? AS it stands Microsoft's JScript implementation does a better job of sticking to the W3C DOM than Netscape's does.
It depends. Certainly, for those people who have a PC to run games on,as consoles get more powerful, the PC won't be needed any more.
However there's more to a PC than that. What about those that want to word process? I've yet to see a web based word processor, spreadsheet, presentation manager, configurable database, graphics design etc. etc.
There's more to home usage than games and PDA functions.
Now maybe a PC that plugs into the TV at a decent resolution might push most PCs outwards to the fringes.
Back in the XT days I remember the old IBM Technical manuals had the assembler source code for the BIOS printed out.
(And I can still remember the excitement of getting a full 5.25" high hard drive and DOS 3)
Unless, as seems to be a growing trend in the UK at least, you go and drive to Taco Bell to get your munchies. Then your slowed reactions get really dangerous.
IE, like Netscape was based on Mosiac. If you look in IE's about box you'll see Microsoft still credit Mosiac, "Based on NCSA Mosaic. NCSA Mosaic(TM); was developed at the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign. Distributed under a licensing agreement with Spyglass, Inc."
Note that it's now only based on, I'd doubt there's much code left over from IE2.
Personally, it amuses me that Microsoft still credits Mosaic, but Netscape dropped the credit quickly.
Netcraft says www.securityportal.com is running Apache/1.3.9 (Unix) on Linux.
Can't remember if it's SQL 7, or 7.5 (in beta) but it specifically asks you if you want to leave the sa password blank.
Thats not IIS though, that's Front Page extentions, you can set it up to do the same thing under any of the other web servers Front Page mangles. I know it may be snobby, but would you trust your credit card numbers to a site written in Front Page?
And additionaly use Trusted Connections. Trusted connections use the NT login that the user/IIS process is running under. No passwords need to be stored. This is just a config option.
The worst ones I've seen are sites using Frontpage *shudder* to store credit cards in clean text files in a sub directory off the web root. Mind you they were spammer sites, so tough noggies :)
Yes they are, I filled on in three weeks ago :)
In *theory* dodgy NICs I suppose :)
Yea but who added HTML extensions first? Netscape :) Who passed on making their scripting ECMA compatible? Netscape. Grrrr such a royal pain to try to get a site to render in Netscape after their "bent" the standards.
I think you're reading too much ... they admitted that the boxes couldn't handle the load. That sounds more like hardware to me.
Actually the support knowledge base using an identical knowledge base to the one on-line, and there is a seperate set of databases with answers that haven't made it that far yet. But the interface is damned clunky.
Yea if it's sent by mistake, but reading all the coverage I think M/S were assuming it was sent out to someone on *purpose*, i.e. someone inside was sending trade secrets outside. Now if they had that view, then of course it's illegal.
robots.txt only works for well behaved bots. Spam bots, site rippers etc. are quite free to ignore it. These days people are getting lazy about writing well behaved search engines, for example I had Infoseek's bot hit my site twice this week, and it attached 20 sessions at once *grrr*
As an aside the METAR data is freely available. Drop me an email and I'll pass it onto a friend who has written a bit of software to grab flying weather information. He can point you to the protocols and you should be able to wrap your own :)
That sounds an awful lot like Internet Explorer doesn't it?
Who really cares about USB, though?
Quite a few of use, I run keyboard, scanner, MPEG3 player, mouse and a video conference camera all on USB. Why? I don't want to have to use a seperate IRQ for each thing, if I didn't I'd have ran out ages ago. So don't just dismiss it.
Choose an OS for what it's good for.
Thats the crux of the whole deal. I use NT at work for lots of stuff I can't use Linux for,
No operating system is the magic bullet we're looking for and the sooner we all realise this, and promote OSes based on their strengths and not comparing it to other OS's weaknesses the better. It will be better for the consumer and won't make us look like religous zealots.
OK nows there's a common FUD. Who hijacked HTML first? Netscape or MS? Errrr Nitscrape. Damned blink tags, layer tags, Javascript that doesn't conform to the ECMA standards ...
As an aside You ghosted NT setups? Ewww! NT setups have a GUID for each machine, and when you ghost NT onto lots of boxes, and the same GUID is used, kiss stable networking goodbye under certain circumstances :)
Except when I see a blank user_agent I tend to view it as a spam bot trawling for email addresses, and redirect accordingly.
Why would any politican get involved? Political brownie points and to garner votes.