is not to say "Well we all think its bad", but to produce a proof-of-concept exploit.
If an exploit can't actually be exploited, it's not and exploit.
How quickly you kids forget. First, it looks like colin has produced a POC--read the damn paper. Second, let's go waaaaaay back to the what, 1992 and the L0pht response to a security problem in Windows. "That vulnerability is completely theoretical." -- Microsoft. L0pht, Making the theoretical practical since 1992.
RTFA. The editors are aparently trying to get rid of O'Gara. The problem is that their management seems to make the final decision, which is too bad.
You can help by sending emails to the publisher asking for her removal and drop your subscription and don't visit the site if they don't. Remember, if the publisher is keeping her around because she is driving dollars, you and the linux community can fire back by walking away with those dollars.
dude, by a 10$ optical mouse and get over yourself.
Ever try to use an optial mouse while balancing that laptop on your lap while in the airport, restaruant, the sofa, or the easy chair? I barely have room to put my g40 and a glass of water on the flimsy little airport tray. Grrg. Argh.
I have also had a hell of a time trying to use photoshop with a trackpad or anything other than a trackpoint or a mouse.
This is jsut an elaborate experiment to test whether time travel ever becomes possible. If no one shows up, we know that time travel never happens. Glad to see some serious research coming out of MIT.
Silly rabbit. If no one shows up, it means they have something better to do than show up at a MIT event. An event that was probably motivated by students trying to get them (future peeps) to answer the question of whether time travel is possible.:)
The feature your talking about is called "Strike Back" and what it does is send some email, do a port scan, some other shit. It does not, in face, "attack" anything in a meaningful way. It is just a colorful phrase.
Yes, but if you read the whole post, you would have seen that I addressed that. But to be really clear, the product only provides an indication of something abnormal happening. It takes an admin to determine of the event is malicous or not. I am going to assume that flash traffic is not generally malicious.
If I read this correctly, if you take part in a DDOS attack also known as "Slashdotting",
No, a denial of service against a web server such as a syn flood or a resource attack doesn't look like/.ing. When a/. event occurs, the clients actually try to complete the TCP connections and HTTP transactions. The flow of data is two way. Think about what HTTP looks like from a packet perspective. From client to server, the initiation of the HTTP session, small packets to the server signifying GETs and POSTs or TCP ACK, and more data from server to client returning pages, images, etc. It's a pretty well known behavior.
In a denial of service like a syn flood, there are a bunch of incomplete TCP handshakes, often from the reserved address space. In a resource starvation attack, the TCP may complete, but the client doesn't actually send any traffic to the host, in the case of an HTTP transation, would be a GET or a POST--so you get a TCP set-up and then nothing else.
In a/. event, what Peakflow will is a a spike in traffic but it will also see that clients are attempting transactions and they are coming from valid addresses (non reserved). That looks different.
Ok, Peakflow SP tracks and reports on network flows and the associated data gleaned from a flow such as src/dst IP addresses and ports, bytes transferred, duration of flow, etc. It does't capture packet data (though you can do that on a limited basis). A flow is a unique network transaction that starts with the first packet from a source to a destination and ends with either a time-out(no packet sent) or in the case of TCP, a close sequence (RST, FIN).
What is interesting about this is that traffic like DoS/DDoS attacks port scans have unique network fingerprints. For example, a DDoS attack is a large amount of traffic to a single source, often without any return traffic. That is unusual. Sure, the/. effect might trigger a DoS alert, but someone has to go investigate the cause. Besides, how many sites get/.ed on a daily basis? But in general, flash traffic would be seen.
What this means for service providers, hopefully, is that they can more quickly respond to attacks and improve the general health of the networks they manage by locating the source of the malicious traffic more quickly.
But finding un-biased opinions is becoming increasingly difficult.
Nah, it is impossible and always has been. Even the simple dissemination of "fact(s)" is biased because the person(s) dissemenating the "fact(s)" decides which facts are important enough to disseminate.
Perhaps some people are less biased than others, but they are all biased, but that all depends on your point of view.:)
You mena the local dork that sends his teen age employees out to the sidewalk in chicken suits waving a sign that says "Honk if you hate pop-ups" isn't a profesional outfit?
My family and friends don't bug me that much about computer problems, but when they do, they know that:
I will treat them with respect
I will fix their problem (usually)
I will give them advise to avoid the problem next time
And I outside of the occasional meal, I am free.:)
I think that the reason it became so popular was the close file format.
Whaaaa? Cart or horse, which comes first?
Dude, Word did not get popular because of proprietary file format. Users don't give a rats ass about file format until they need to export/import from one to the other. That the file format is commonly used is a result of the programs popularity. Word got popular for other reasons such as aggressive marketing, aggressive pricing, aggressive positioning, feature richness, useability, blah, blah.
Ah, this already happening with the elecgtric utility. There are two parts to the bill. One for infrastructure and maintenance which goes to the incumbent power company, and another part which goes to whoever you purchase the trons or gas from.
The telephone company is also required to lease access to the PSTN so that other telcos can compete. There is no reason cable companies can't be forced to do the same.
Both you and Kjella are talking about encrypted ram and enforced restrictions of RAM, features that are not evey implemented yet. Are there chips available that will utlize those features? Or are they even on the horizon? The only one I know of is Intels LeGrande technology and Intel isn't even indicating when that will be shipped.
Also, the TPM that are in use today, and for the future DON'T do bulk encryption, so the data protection by the TPM is the protection of the encryption keys, which to be used, must be avaialable in RAM in the clear.
The people who designed the TPM are very smart, but no amount of brains will overcome market forces. Crypto chips are expensive. Getting fabricators to re-engineer the boards is expensive. Supporting multiple OS's with varying degrees of hardware and software for companies that want to use the TPM is expensive. It is highly doubtful that we will ever see draconian enforcement of material via the TPM on a wide scale.
Trusted computing is going to take it away from you and hand it over to a machine that others trust.
Shhh, don't tell anyone, but digital media vendors have no reason to "trust" your computer regardless of whether your using a TPM or not.
The TPM stores stuff. It is not a bulk encryptor. So let's say a MP3 player wants to play a song but the MP3 player needs to use the TPM to unlock something. It asks the TPM for the key, and after assuring the TPM that it is the valid requester of the key, the TPM coughs up it up to the application. Now guess where that secret key is residing? In ram in the clear! It has to be in the clear so the application can decrypt the files.
Is it created because today you have total power over your data
You still do with the TPM, see?. Ahahahahaha. Keep that secret between us, OK?
It depends on what data is protected by the TPM and how.
First of all, if the TPM is even enabled, but the data that you want to recover is NOT protected by the TPM in anyway (either through the application or the OS), then you can recover the files.
If the application/OS that created or manipulated the files are using the TPM, then it MAY get a bit more tricky.
Here is the quick and dirty:
The TPM manages keys and encrypts and/or signs small blobs of stuff--pretty much other keys. It is not a bulk encryptor.
The root of storage key is used to protect (encrypt) all other keys generated by the TPM. It is generated by the TPM in hardware and you can't export this key.
Other keys created by the TPM or by an application external to the TPM (but stored by teh TPM), can be flagged as exportable, which means they can be backed up (they will be in the (clear). The software that is requesting a new key, has to request it be exportable which means that feature is a software dependency.
You can recover the files (files are just blobs of bits, right?), the problem is that you can't decrypt them.
If the data is protected by an application that uses the TPM, and the key the appliation uses has been exported, then you can reinstall the operating system and software and import your keys back into the TPM. Then you can access your files..
Here is an similar example. Let's say that I use PGP to protect some files and that my keyrings are backed up onto a CD. If my hard drive crashes for some reason, then I can't access my data normally. But I can recover the encrypted files and put them on a new computer. Then I can recover my backed-up pgp keys to decrypt the files.
The major requirement is that the application, including the OS, must support the back-up of TPM protected keys.
Anybody who tell you differnt that what I have said above is wrong. Now, go read the faq here.
Basically, the TPM doesn't do bulk crypto and may be useful for key management, which would be useful for lots of applications.
But market pressure will pertty much depress draconian use of the TPM because the general public won't want it. If you think slashdotter are concerned about security, the general populace who is generally far less informed about the technology they will is even more paranoid.
Besides, the TPM has to be enabled to be used. It is not required.
The thing is... they act like forks are bad things.
For enterprises and organizations, yeah, forks are bad things. They take up time and resources to manage and maintain. What happens if an organization chooses the wrong fork for the base OS? That is a very tough call.
The really only useful choices that I know of, and admitedly I am not too hip to all the distros out there, out there are the ones that offer true support and will survive the software cycle.
Think of forking like windows upgrades. Both impart uncertainty about the future. Both require investigation about the best choice. Both carry risk. That is hard for an organization to simply move on. That is one of the reasons that Windows upgrades take so long some times.
And when compromised, they should pay my identity theft insurance premiums. This free value we deliver to them has a cost when it's abused, and such insecurity abuse is now obviously standard practice.
Yep. There needs to be federal legislation enforcing that rule and I have no idea how to start, but I would love to be involved. Maybe the EFF...
Slashdot Mirror
Hello000. Filed in 2000? Let's see, I think Lotus Notes did something similar. So did Groupwise. Eudora, Pine.
Come on.
is not to say "Well we all think its bad", but to produce a proof-of-concept exploit.
If an exploit can't actually be exploited, it's not and exploit.
How quickly you kids forget. First, it looks like colin has produced a POC--read the damn paper. Second, let's go waaaaaay back to the what, 1992 and the L0pht response to a security problem in Windows. "That vulnerability is completely theoretical." -- Microsoft. L0pht, Making the theoretical practical since 1992.
Is your vulnerability reduced or eliminated by encapsulating your IPSEC tunnels in GRE tunnels?
First, why would you want to encaps IPSec into GRE? And no. It is a flaw in ESP.
RTFA. The editors are aparently trying to get rid of O'Gara. The problem is that their management seems to make the final decision, which is too bad.
You can help by sending emails to the publisher asking for her removal and drop your subscription and don't visit the site if they don't. Remember, if the publisher is keeping her around because she is driving dollars, you and the linux community can fire back by walking away with those dollars.
"But I have to tell a story. I'm not making these, oddly enough, to be giant, successful blockbusters."
Unfortunately, Luca is not a good story teller. He is great at effects and the details that bring a vision to life. He really needed Spielberg.
dude, by a 10$ optical mouse and get over yourself.
Ever try to use an optial mouse while balancing that laptop on your lap while in the airport, restaruant, the sofa, or the easy chair? I barely have room to put my g40 and a glass of water on the flimsy little airport tray. Grrg. Argh.
I have also had a hell of a time trying to use photoshop with a trackpad or anything other than a trackpoint or a mouse.
So no mon, it's not that easy.
This is jsut an elaborate experiment to test whether time travel ever becomes possible. If no one shows up, we know that time travel never happens. Glad to see some serious research coming out of MIT.
:)
Silly rabbit. If no one shows up, it means they have something better to do than show up at a MIT event. An event that was probably motivated by students trying to get them (future peeps) to answer the question of whether time travel is possible.
Mod parent down.
The feature your talking about is called "Strike Back" and what it does is send some email, do a port scan, some other shit. It does not, in face, "attack" anything in a meaningful way. It is just a colorful phrase.
Win2k DNS servers with this feature turned on are STILL vulnerable.
How so?
Yes, but if you read the whole post, you would have seen that I addressed that. But to be really clear, the product only provides an indication of something abnormal happening. It takes an admin to determine of the event is malicous or not. I am going to assume that flash traffic is not generally malicious.
If I read this correctly, if you take part in a DDOS attack also known as "Slashdotting",
/.ing. When a /. event occurs, the clients actually try to complete the TCP connections and HTTP transactions. The flow of data is two way. Think about what HTTP looks like from a packet perspective. From client to server, the initiation of the HTTP session, small packets to the server signifying GETs and POSTs or TCP ACK, and more data from server to client returning pages, images, etc. It's a pretty well known behavior.
/. event, what Peakflow will is a a spike in traffic but it will also see that clients are attempting transactions and they are coming from valid addresses (non reserved). That looks different.
No, a denial of service against a web server such as a syn flood or a resource attack doesn't look like
In a denial of service like a syn flood, there are a bunch of incomplete TCP handshakes, often from the reserved address space. In a resource starvation attack, the TCP may complete, but the client doesn't actually send any traffic to the host, in the case of an HTTP transation, would be a GET or a POST--so you get a TCP set-up and then nothing else.
In a
See?
Ok, Peakflow SP tracks and reports on network flows and the associated data gleaned from a flow such as src/dst IP addresses and ports, bytes transferred, duration of flow, etc. It does't capture packet data (though you can do that on a limited basis). A flow is a unique network transaction that starts with the first packet from a source to a destination and ends with either a time-out(no packet sent) or in the case of TCP, a close sequence (RST, FIN).
/. effect might trigger a DoS alert, but someone has to go investigate the cause. Besides, how many sites get /.ed on a daily basis? But in general, flash traffic would be seen.
What is interesting about this is that traffic like DoS/DDoS attacks port scans have unique network fingerprints. For example, a DDoS attack is a large amount of traffic to a single source, often without any return traffic. That is unusual. Sure, the
What this means for service providers, hopefully, is that they can more quickly respond to attacks and improve the general health of the networks they manage by locating the source of the malicious traffic more quickly.
But finding un-biased opinions is becoming increasingly difficult.
:)
Nah, it is impossible and always has been. Even the simple dissemination of "fact(s)" is biased because the person(s) dissemenating the "fact(s)" decides which facts are important enough to disseminate.
Perhaps some people are less biased than others, but they are all biased, but that all depends on your point of view.
Nothing to worry about. They can clamor all they like, but let's face, no country is going to let the UN have control over anything of value.
I have nothing against the UN.
My family and friends don't bug me that much about computer problems, but when they do, they know that:
And I outside of the occasional meal, I am free.
I think that the reason it became so popular was the close file format.
Whaaaa? Cart or horse, which comes first?
Dude, Word did not get popular because of proprietary file format. Users don't give a rats ass about file format until they need to export/import from one to the other. That the file format is commonly used is a result of the programs popularity. Word got popular for other reasons such as aggressive marketing, aggressive pricing, aggressive positioning, feature richness, useability, blah, blah.
Ah, this already happening with the elecgtric utility. There are two parts to the bill. One for infrastructure and maintenance which goes to the incumbent power company, and another part which goes to whoever you purchase the trons or gas from.
The telephone company is also required to lease access to the PSTN so that other telcos can compete. There is no reason cable companies can't be forced to do the same.
Both you and Kjella are talking about encrypted ram and enforced restrictions of RAM, features that are not evey implemented yet. Are there chips available that will utlize those features? Or are they even on the horizon? The only one I know of is Intels LeGrande technology and Intel isn't even indicating when that will be shipped.
Also, the TPM that are in use today, and for the future DON'T do bulk encryption, so the data protection by the TPM is the protection of the encryption keys, which to be used, must be avaialable in RAM in the clear.
The people who designed the TPM are very smart, but no amount of brains will overcome market forces. Crypto chips are expensive. Getting fabricators to re-engineer the boards is expensive. Supporting multiple OS's with varying degrees of hardware and software for companies that want to use the TPM is expensive. It is highly doubtful that we will ever see draconian enforcement of material via the TPM on a wide scale.
Trusted computing is going to take it away from you and hand it over to a machine that others trust.
Shhh, don't tell anyone, but digital media vendors have no reason to "trust" your computer regardless of whether your using a TPM or not.
The TPM stores stuff. It is not a bulk encryptor. So let's say a MP3 player wants to play a song but the MP3 player needs to use the TPM to unlock something. It asks the TPM for the key, and after assuring the TPM that it is the valid requester of the key, the TPM coughs up it up to the application. Now guess where that secret key is residing? In ram in the clear! It has to be in the clear so the application can decrypt the files.
Is it created because today you have total power over your data
You still do with the TPM, see?. Ahahahahaha. Keep that secret between us, OK?
First of all, if the TPM is even enabled, but the data that you want to recover is NOT protected by the TPM in anyway (either through the application or the OS), then you can recover the files.
If the application/OS that created or manipulated the files are using the TPM, then it MAY get a bit more tricky.
Here is the quick and dirty:
Here is an similar example. Let's say that I use PGP to protect some files and that my keyrings are backed up onto a CD. If my hard drive crashes for some reason, then I can't access my data normally. But I can recover the encrypted files and put them on a new computer. Then I can recover my backed-up pgp keys to decrypt the files.
The major requirement is that the application, including the OS, must support the back-up of TPM protected keys.
Anybody who tell you differnt that what I have said above is wrong. Now, go read the faq here.
... see the article at Secure Enterprise.
Their stuff works, works well, and they seem to fit the "benevolent benefactor" quite nicely.
Sadly, you are wrong, read this from Secure Enterprise to see why.
Basically, the TPM doesn't do bulk crypto and may be useful for key management, which would be useful for lots of applications.
But market pressure will pertty much depress draconian use of the TPM because the general public won't want it. If you think slashdotter are concerned about security, the general populace who is generally far less informed about the technology they will is even more paranoid.
Besides, the TPM has to be enabled to be used. It is not required.
The thing is... they act like forks are bad things.
...
For enterprises and organizations, yeah, forks are bad things. They take up time and resources to manage and maintain. What happens if an organization chooses the wrong fork for the base OS? That is a very tough call.
The really only useful choices that I know of, and admitedly I am not too hip to all the distros out there, out there are the ones that offer true support and will survive the software cycle.
Think of forking like windows upgrades. Both impart uncertainty about the future. Both require investigation about the best choice. Both carry risk. That is hard for an organization to simply move on. That is one of the reasons that Windows upgrades take so long some times.
just a thought
And when compromised, they should pay my identity theft insurance premiums. This free value we deliver to them has a cost when it's abused, and such insecurity abuse is now obviously standard practice.
...
Yep. There needs to be federal legislation enforcing that rule and I have no idea how to start, but I would love to be involved. Maybe the EFF