My iPhone lock uses a passphrase - all 26 letters, upper and lower (52), all numbers (10), all characters (35), and the space - and not a PIN. It's also considerably longer that 4 characters. For fun, I put in 25 characters and it was ready to accept more.
98 ^ 25 = 6.03 x 10^49 combinations - you'd be there awhile.
What version are you running? You might want to consider updating.
Uhm... USB 2.0 bandwidth is 54 mbps. In order to filter traffic going through it, you'd have to use the bus twice - once to send a packet to it, and once to get the packet (provided it was permitted) back from it.
I'm sure *internally* it'd handle it at wirespeed, but... otherwise, I can't see how even 50% of wirespeed is possible. Possibly closer to 20%, which, incidentally, is still faster than most home user's bandwidth.
One of the biggest strengths of Snort is also its biggest weakness - the "User Community". Literally anyone and their mom can write a sig for Snort and submit it. Are you going to vet every sig they write? If you could, why not just do it yourself then?
Or do you wait a few days until they've been vetted by the "regulars" and the signature is stable? Well by then you've lost your 'same day sig' advantage.
People who know enough to make their own IPS' from scratch generally already have a clue about network security enough that this thread isn't going to help them.
Someone who really needs to read this thread is generally going to need a non-DIY solution - the product they buy is as much signature research and development subscription as the physical box.
This is the manual I used when I trained as a 98C (Signals Intelligence Analyst = SigInt) some 10 years ago. This is *still used* now.
FOUO classification means it shouldn't have been published at all. Just because it's common knowledge does NOT declassify a document. The document can only be declassified by the originating authority (the people who wrote it, and classified it to begin with). You'll see "DECL:OADR" on these docs a lot - "Declassify on Originating Authority Directive".
This FM is meant to teach the basics of cryptology to ASVAB-passing recruits. We run through the whole thing. Some very smart people go into Intel. Some pretty dumb ones do too:).
Everyone is expected to pass the final after this is taught, which consists of 4 days worth of simulated "traffic" being passed between target stations. We've reference books for traffic pattern types, run locational analysis, crack subsitution ciphers - it's romping good fun.
The encryption methods taught are still used in the field, though less and less thanks to the Internet, crypto-secured frequency-hopping radios, and whatnot, mostly for Meteo and Logistics.
Brings back some nostalgia, reading though this. I hope they don't get into too much trouble for posting it.
The Axis Video Server vulnerabilies found several months ago had hackers using Google to find vulnerable cameras. Check out "Axis Video Server" for a nice list of sometimes very-controllable cams.
Nothing new here.
Re:Anti-Military?
on
Defining Google
·
· Score: 2, Informative
God's honest truth this happened.
They asked me what projects or other work I'd done that I was proud of (typical background question = allows the candidate to put forth their best work).
When I started talking about how I'd had the job of analyzing enemy data traffic comms and how I'd been able to build a nice, concise map of their network from traceroutes and DNS zone transfers, they lit into me about how could I even consider myself eligible for Google (they must've said "Do No Harm" like 10 times, no joke), and how effective my targeting was, and how many people did I think I killed with this information. When I explained to them that this information wasn't probably used to kill anyone, then they lit into me about why I thought I should be proud of this work when obviously it wasn't ever used.
I was basically damned if I did, and damned if I didn't - I either was proud of my work and was an effective soldier (and therefore "Harmful" = strike 1-2-3 you're out!), or I was an ineffective nobody who's work wasn't good for anything (and therefore "Incompetent" by my own admission = strike 1-2-3 you're out!).
I was really disappointed. It really was just two people together during one of my 4 interview sessions that day, but it seemed their negative reviews sunk any hopes I might have had. I was never given a complete answer as to why I was rejected, other than I was 'unsuitable'.
It may have just been the individuals who interviewed me, but when they started going through my employment history and hit my military service, the interview took a dive.
They pulled out the Google mantra of "Do No Harm" and started asking pointed questions about how I could possibly work for them when I was this horrible warmonger. They would ask me what I did while I was in (I was M.I. = Intel), and then started asking me if I thought the intelligence products I'd developed had killed anyone.
At that point, all technical questions regarding my technical ability were basically dropped in favor of bashing my experiences in the Army.
I was really disappointed - it seemed like a great working environment, and I was more that qualified for the job (really!). It was before the IPO, so that would have been nice as well (*wink*), but I really wanted to be there for the atmosphere more than anything else.
Any others with this kind of experience? Or was my disaster a localized incident?
There's a couple of problems with handling the issue on the victim-side. Generally, a DDOS attack is a flood of packets with spoofed IP's (thus my eariler comment). This makes back-tracking or attacker isolation next to impossible to do. And since most attackers aren't following RFC 3514 (http://slashdot.org/articles/03/04/01/133217.shtm l) the firewall can't inherently detect which packets are 'naughty' and which packets are 'nice'.
Firewalls sometimes deal with connection overload by proxying the TCP three-way handshake and only allowing the completed handshakes through to the end server. Under attack, however, the firewalls themselves can have these connection queues saturated and then they begin selectively dropping a percentage of the connection requests. Since it can't tell valid from hostile, real users experience connectivity issues.
For UDP-based protocols, used by many real-time online games, there's simply no way to stem the flood other than drop packets above a certain threshold, also causing a partial DOS for valid users.
All of these measures also cannot address the bandwidth consumption issue. This can *only* be addressed upstream.
With IP spoof protection in place at end points where hostiles live, or at gateways to foreign networks, we can at least keep attackers to real IP's that we can then isolate and prosecute.
I agree - Null Routes aren't the answer here. But something that ISP's *can* do, and could have done all along but have yet to, is to incorporate anti-spoofing measures in their networks.
It's a fairly simple concept, but a lot of work to do it with routers. Every customer end-point should have ACL's on them that block any traffic coming out of their segment that isn't assigned to their IP space. This keeps end-points honest, regardless of what IP's they try to use, which also makes zombie isolation a lot easier. They have to use their own IP, or at least a valid IP on their network, just to affect the target they are trying to attack.
Apparently this is such a Herculean effort, however, that no ISP's I know of do this consistantly. There's really no upside for them anyway, except for a warm fuzzy that they're contributing to the health of the Internet.
Maybe if these sort of extortion schemes happen enough, proper pressure can be brought to bear on the ISP's to do this.
I usually try to mentally block out the billboards on my way into work - they're always selling something. If I wanted to buy it, I'd find out by myself. I don't need people mucking up what little view is left.
Oh yeah, guns... right...
It was just said by BMO - sheltering your child only renders them powerless to act in important situations - indeed it keeps them from recognizing the seriousness of events.
Knowledge is power - learn all you can, and teach your kids all you can. You can give them knowledge about something and keep it separate from morality of whether doing that sort of thing is a good idea or not.
Classic example: Talk to your kids about what drugs are, how they are used, and what effects they provide. Tell them that using them is bad. You don't have to give a class on how to freebase coke, but arm them with enough information so that they will recognize it when they see it - if for nothing else than they can know to GET OUT!
The classic example is the robber that enters, gets shot by the homeowner, and drags himself outside to die. If the guy dies in the house (or maybe just on the property) then it's clearly a case of defense. If he dies outside, it can be construed that he was fleeing. Big fat gray/grey area.
Easy answer to this - Gun Control. No, not the Brady-thing, I'm talking about hitting what you aim at.
Funny how a guy can't run back outside if he's missing half his head, or has a.45 caliber hole through his chest.
Don't buy whimpy handguns. Smaller caliber's just not going to cut it -.22, 9mm, etc. Get something with some stopping power -.40,.45, 10mm (who knew the difference a single mm would make!). Smaller caliber handguns have great penetration power, but tend to do a through-and-through because of it, doing little noticable damage at the time. For close-in home defense, you don't want penetration power, you want stopping power - case in point:
I remember seeing the video of the attorney being shot by a disgruntled ex-client outside the courthouse - the attorney was shot POINT BLANK 5 times (including the head) by the assailant with a light caliber revolver (.32 I believe) and yet stayed standing, and running.
If the guy had used a.45, the first hit would have done it - put the guy on his ass and kept him there. I doubt he would have survived. I'm not condoning what that guy did, but it does make for a good example as to why light caliber handguns are not good for much more than tin cans.
If shooting big iron is uncomfortable, then the previous suggestion of a shotgun (autoloading, and high-capacity, of course) is your next best bet. I'm not sure why the movies always portray people using pump shotguns - maybe it's the dramatic and intimidating Cha-Chunk that preceeds every shot fired, but I can make my 20 gauge autoloader sound very intimidating the first time (spring-close the bolt = CHUNK!). But when it comes down to 'business' that thing will reload in nothing flat, which is one less thing to worry about. Additionally, autoloading shotguns (heck, any autoloader, including handguns and rifles) will absorb some of the blow-back when firing. This is a good thing.
I don't own a handgun, but would like to, if I had the time to spend practicing with it. Like others have said, training is a necessary requirement for weapon ownership. An untrained person with a firearm is as dangerous to himself as his assailant.
This has been stated several times already, but because this posting is at '+4, Informative' I have to comment.
With respect to the author, this should be "-4, Ignorant". The AIM: URL protocol handler is incorporated into the operating system (Yay for Browsers integrated into the OS!) and so *any* program that calls the AIM: URL will in turn be sent to AIM for handling and overflowing.
To reiterate: You *don't* necessarily have to click anything at all. Hover over links ALL DAY LONG, but get one HTTP re-direct, one Javascript imbedded in a hacked website, and you're OWNED.
This already had it's posting over the weekend, but... say you're chatting it up nicely at Starbucks or what-have-you on the wireless network. You're web-browsing while you're at it when - Wham! - someone injects a webpage into your browsing session with a redirect to an aim: URL with the buffer overflow. You've just been AirPwn'd
Supposedly trusted but hacked sites could also be used to inject malicious content. Case In Point: The most recent Bagel virus making the rounds used a binary file called 2.jpg as it's method of downloading itself to new victims. Even though it had the.jpg extension, it was an exe. Most of the hacked websites that it downloaded from were Polish or Russian, but one notable exception: http://financial.washingtonpost.com.
I'd say it's always safer to remove the vulnerability than to live in denial about having vulnerable vectors open. Hackers, like Love, will always find a way.
Why not? The 'DarkNet' concept uses *already allocated* IP space that just happens to not be actually used at present. ARIN has nothing to do with this - they've already given out the addresses to registered holders.
I'm Mr. Huge ISP, with gobs of class B's and class C's already allocated to me, the routes for these subnets already advertised on the backbone as coming to me, I might as well do something with the space until I can put some servers there later.
Fire up a Juniper IDP and configure it for those unused networks. Then when bad guys come a'callin', you'll be able to log or block as you like.
The Juniper (NetScreen/OneSecure) IDP has done a similar thing for years now.
You can assign it any IP and port combination, and it will ACK for any SYN's sent to it, whether there's a real server running on that IP or not. Such 'unsolicited' connections are a bad-traffic giveaway.
10/100BaseT Ethernet, which pretty much everyone uses these days, is limited to 1500 snaplen. But the good old FDDI was a whopping 4500!
With -s 0, it basically means "All" - you don't have to think about what transmission medium you're using.
I also usually name my packet captures with extention *.pcap, and just make Ethereal be the default *.pcap file handler.
I'll also use tcpdump to whittle my pcaps down. Say I capture for a long time and end up with a 500MB+ pcap. Opening this in most any workstation with Ethereal will cause you to wait awhile, and could actually crash your box (yay for WinXP pre-fetch!).
So when I've found a particular port or host I want to extract from a stream to make the pcap more managable, I'll do something like this:
tcpdump -s 0 -r infile.pcap -w outfile.pcap host x.x.x.x and port xxx
Sometimes, I'll use tethereal instead to go a little deeper. tethereal is ***SLOW*** compared to tcpdump, but the granularity is worth it sometimes. Just set it going, and go get a coffee or something.
When examining a capture of some malware trying to spread, often times it will SYN several hundred machines without getting a reply. Trolling through these can be a pain. But by using tethereal, you can make what I call "Jesus" pcaps (no SYN's). To make it complete, I also filter RST's like so:
Uh - they already have that - ReplayTV allows you to set up 'buddies' with other, registered Replays on thier network - so you can get shows you missed.
What people are missing is this - and I don't necessarily agree with this, but:
The person who watches a TV show is perched on a large pyramid - Under this person is the vast infrastructure that brings these show to this person:
-Cable Companies (can be bypassed with an arial antenna for some shows) -Television Stations/Channels -Television Show Production Houses -Commercial Advertisement Production Houses -Ad Agencies -Product Manufacturer's Marketing/PR Departments
Money starts at the bottom and flows upwards - and for reasons. If those reasons are not met, money does not flow.
Cable Companies get a variety of channels to entice customers to pay for the different tiers.
Television Channels contract the productions of popular shows to entice viewers to watch them, so they can demonstrate a large 'flock of sheep' to the Ad Agencies - the more popular the show, presumably the more people will watch the Ad Agencies' commericals.
A sucessful commerical allows Ad Agencies to get more money from the Marketing deparments of companies that want thier stuff shown on TV, with the idea that people will want to buy thier products if they see the commercials enough. This pumps more money up the pipeline, benefitting everyone.
What PVR's do is screw up the demographics of people who are supposed to be watching this or that commerical, in two ways:
-Competing channels will purposely put good shows against one another in the same timeslot to win 'mindshare' - they presume you can't watch two shows at once. With the time-shifting effect PVR's have, you can. This makes thier Neilsen ratings pointless - a major barometer for how effective an ad campaign is.
-PVR's have the ability to cleanly fast-forward thtough commercials (either by skipping 30 seconds at a time, or detecting commerical blocks and skipping the block automatically). This means you're not watching - which is the primary motivator for the money flow from the bottom of the pyramid.
The idea is, if enough PVR's are sold, it will, eventually, undermine the basic principle of how and why TV shows are made and distributed. Marketing departments have no motivation to pay for commericals that everyone will just skip. The money dries up at the source, and everyone downstream (or up-pyramid) eventually dies off or finds another way to exist.
Which just means they'll eventually need to come up with a different model. But this industry is one of the slowest to change (being right up there with the other major media categories - MPAA/RIAA). And if they come out with a pay-to-play service, all the 'sheep-who-don't-mind-being-spoonfed-thier-opinion s-to-themselves-for-free' are going to start bleating.
Who would want to pay extra for commerical-free content that we've already paid extra (for our PVR's) and are getting already? The difference is, my money went to SonicBlue, not Gillette or Nike.
How's XM doing these days? Not too well, at last check...
I'm happy to snub my nose at the ad agencies for the time being with my ad-skipping ReplayTV (which I love!), but I realize this isn't going to last - like Napster, all these cool free things will soon come to an end. What happens next is anyone's guess!
If you're in the San Francisco East Bay (or don't mind driving there), there's the Tri-Valley Security Group (TVSG) that meets every other Tuesday in Dublin. www.tvsg.org
This is a recent development, I think. My dad has SB, and if you don't use the proprietary Windows-only driver, you get like 10% of rated through-put. Apparently the actual line speed is *much* lower than advertised, and they make the Marketing numbers by using compression.
The Ethernet option's bound to have the same speed limitations.
While may appear to be a point to point communication (from a 'cursory view') the impersonality (not specifying the recipient by any identifyable means) and the inappropriateness (sending an HR oriented letter to a random account) of the email decidedly tag this as SPAM.
The generally accepted point is, Bernie sent Unsolicited Commercial Email (UCE) to Neil. It was unsolicited; Neil didn't ask anyone for resumes of pompus laywer-wannabe IT consultants in the greater Chicago area, but Bernie sent it anyway. It was commerical; Bernie's asking for money for services. I hope you're not arguing it wasn't email.
The fact that others recieved exactly the same mail message confirms the 'group' requirement you're hung up on.
The complaint Neil used was fairly standard boilerplate for this sort of thing. I can't quite see how you'd consider it bogus or inappropriate. Neil definately put more effort into his email than Bernie did for his. Go figure.
An ISP won't generally kill access with a single spam complaint. It takes a number of complaints to get most admin's attention. This also solves your "but what if it was only sent to one person" blah blah.
I think Bernie's fsck'd, but he did it to himself. It's called self destruct!
Slashdot Mirror
My iPhone lock uses a passphrase - all 26 letters, upper and lower (52), all numbers (10), all characters (35), and the space - and not a PIN. It's also considerably longer that 4 characters. For fun, I put in 25 characters and it was ready to accept more.
98 ^ 25 = 6.03 x 10^49 combinations - you'd be there awhile.
What version are you running? You might want to consider updating.
Ah, here it is:
http://isc.sans.org/diary.html?storyid=3823
WELCOME TO LAST YEAR. This sort of SQL injection - DECLARE/CAST/EXEC has been going on since last November.
Uhm... USB 2.0 bandwidth is 54 mbps. In order to filter traffic going through it, you'd have to use the bus twice - once to send a packet to it, and once to get the packet (provided it was permitted) back from it.
I'm sure *internally* it'd handle it at wirespeed, but... otherwise, I can't see how even 50% of wirespeed is possible. Possibly closer to 20%, which, incidentally, is still faster than most home user's bandwidth.
And yes, this gadget's a total gimmick.
I believe the item in question is called a *MAC address*.
You send a wireless packet of any kind, and there it is. In the clear. And it has to be, or they can't address packets back to you.
One of the biggest strengths of Snort is also its biggest weakness - the "User Community". Literally anyone and their mom can write a sig for Snort and submit it. Are you going to vet every sig they write? If you could, why not just do it yourself then?
Or do you wait a few days until they've been vetted by the "regulars" and the signature is stable? Well by then you've lost your 'same day sig' advantage.
People who know enough to make their own IPS' from scratch generally already have a clue about network security enough that this thread isn't going to help them.
Someone who really needs to read this thread is generally going to need a non-DIY solution - the product they buy is as much signature research and development subscription as the physical box.
This is the manual I used when I trained as a 98C (Signals Intelligence Analyst = SigInt) some 10 years ago. This is *still used* now.
:).
FOUO classification means it shouldn't have been published at all. Just because it's common knowledge does NOT declassify a document. The document can only be declassified by the originating authority (the people who wrote it, and classified it to begin with). You'll see "DECL:OADR" on these docs a lot - "Declassify on Originating Authority Directive".
This FM is meant to teach the basics of cryptology to ASVAB-passing recruits. We run through the whole thing. Some very smart people go into Intel. Some pretty dumb ones do too
Everyone is expected to pass the final after this is taught, which consists of 4 days worth of simulated "traffic" being passed between target stations. We've reference books for traffic pattern types, run locational analysis, crack subsitution ciphers - it's romping good fun.
The encryption methods taught are still used in the field, though less and less thanks to the Internet, crypto-secured frequency-hopping radios, and whatnot, mostly for Meteo and Logistics.
Brings back some nostalgia, reading though this. I hope they don't get into too much trouble for posting it.
The Axis Video Server vulnerabilies found several months ago had hackers using Google to find vulnerable cameras. Check out "Axis Video Server" for a nice list of sometimes very-controllable cams.
Nothing new here.
God's honest truth this happened.
They asked me what projects or other work I'd done that I was proud of (typical background question = allows the candidate to put forth their best work).
When I started talking about how I'd had the job of analyzing enemy data traffic comms and how I'd been able to build a nice, concise map of their network from traceroutes and DNS zone transfers, they lit into me about how could I even consider myself eligible for Google (they must've said "Do No Harm" like 10 times, no joke), and how effective my targeting was, and how many people did I think I killed with this information. When I explained to them that this information wasn't probably used to kill anyone, then they lit into me about why I thought I should be proud of this work when obviously it wasn't ever used.
I was basically damned if I did, and damned if I didn't - I either was proud of my work and was an effective soldier (and therefore "Harmful" = strike 1-2-3 you're out!), or I was an ineffective nobody who's work wasn't good for anything (and therefore "Incompetent" by my own admission = strike 1-2-3 you're out!).
I was really disappointed. It really was just two people together during one of my 4 interview sessions that day, but it seemed their negative reviews sunk any hopes I might have had. I was never given a complete answer as to why I was rejected, other than I was 'unsuitable'.
It may have just been the individuals who interviewed me, but when they started going through my employment history and hit my military service, the interview took a dive.
They pulled out the Google mantra of "Do No Harm" and started asking pointed questions about how I could possibly work for them when I was this horrible warmonger. They would ask me what I did while I was in (I was M.I. = Intel), and then started asking me if I thought the intelligence products I'd developed had killed anyone.
At that point, all technical questions regarding my technical ability were basically dropped in favor of bashing my experiences in the Army.
I was really disappointed - it seemed like a great working environment, and I was more that qualified for the job (really!). It was before the IPO, so that would have been nice as well (*wink*), but I really wanted to be there for the atmosphere more than anything else.
Any others with this kind of experience? Or was my disaster a localized incident?
There's a couple of problems with handling the issue on the victim-side. Generally, a DDOS attack is a flood of packets with spoofed IP's (thus my eariler comment). This makes back-tracking or attacker isolation next to impossible to do. And since most attackers aren't following RFC 3514 (http://slashdot.org/articles/03/04/01/133217.shtm l) the firewall can't inherently detect which packets are 'naughty' and which packets are 'nice'.
Firewalls sometimes deal with connection overload by proxying the TCP three-way handshake and only allowing the completed handshakes through to the end server. Under attack, however, the firewalls themselves can have these connection queues saturated and then they begin selectively dropping a percentage of the connection requests. Since it can't tell valid from hostile, real users experience connectivity issues.
For UDP-based protocols, used by many real-time online games, there's simply no way to stem the flood other than drop packets above a certain threshold, also causing a partial DOS for valid users.
All of these measures also cannot address the bandwidth consumption issue. This can *only* be addressed upstream.
With IP spoof protection in place at end points where hostiles live, or at gateways to foreign networks, we can at least keep attackers to real IP's that we can then isolate and prosecute.
I agree - Null Routes aren't the answer here. But something that ISP's *can* do, and could have done all along but have yet to, is to incorporate anti-spoofing measures in their networks.
It's a fairly simple concept, but a lot of work to do it with routers. Every customer end-point should have ACL's on them that block any traffic coming out of their segment that isn't assigned to their IP space. This keeps end-points honest, regardless of what IP's they try to use, which also makes zombie isolation a lot easier. They have to use their own IP, or at least a valid IP on their network, just to affect the target they are trying to attack.
Apparently this is such a Herculean effort, however, that no ISP's I know of do this consistantly. There's really no upside for them anyway, except for a warm fuzzy that they're contributing to the health of the Internet.
Maybe if these sort of extortion schemes happen enough, proper pressure can be brought to bear on the ISP's to do this.
I usually try to mentally block out the billboards on my way into work - they're always selling something. If I wanted to buy it, I'd find out by myself. I don't need people mucking up what little view is left.
Oh yeah, guns... right...
It was just said by BMO - sheltering your child only renders them powerless to act in important situations - indeed it keeps them from recognizing the seriousness of events.
Knowledge is power - learn all you can, and teach your kids all you can. You can give them knowledge about something and keep it separate from morality of whether doing that sort of thing is a good idea or not.
Classic example: Talk to your kids about what drugs are, how they are used, and what effects they provide. Tell them that using them is bad. You don't have to give a class on how to freebase coke, but arm them with enough information so that they will recognize it when they see it - if for nothing else than they can know to GET OUT!
The classic example is the robber that enters, gets shot by the homeowner, and drags himself outside to die. If the guy dies in the house (or maybe just on the property) then it's clearly a case of defense. If he dies outside, it can be construed that he was fleeing. Big fat gray/grey area.
.45 caliber hole through his chest.
.22, 9mm, etc. Get something with some stopping power - .40, .45, 10mm (who knew the difference a single mm would make!). Smaller caliber handguns have great penetration power, but tend to do a through-and-through because of it, doing little noticable damage at the time. For close-in home defense, you don't want penetration power, you want stopping power - case in point:
.45, the first hit would have done it - put the guy on his ass and kept him there. I doubt he would have survived. I'm not condoning what that guy did, but it does make for a good example as to why light caliber handguns are not good for much more than tin cans.
Easy answer to this - Gun Control. No, not the Brady-thing, I'm talking about hitting what you aim at.
Funny how a guy can't run back outside if he's missing half his head, or has a
Don't buy whimpy handguns. Smaller caliber's just not going to cut it -
I remember seeing the video of the attorney being shot by a disgruntled ex-client outside the courthouse - the attorney was shot POINT BLANK 5 times (including the head) by the assailant with a light caliber revolver (.32 I believe) and yet stayed standing, and running.
If the guy had used a
If shooting big iron is uncomfortable, then the previous suggestion of a shotgun (autoloading, and high-capacity, of course) is your next best bet. I'm not sure why the movies always portray people using pump shotguns - maybe it's the dramatic and intimidating Cha-Chunk that preceeds every shot fired, but I can make my 20 gauge autoloader sound very intimidating the first time (spring-close the bolt = CHUNK!). But when it comes down to 'business' that thing will reload in nothing flat, which is one less thing to worry about. Additionally, autoloading shotguns (heck, any autoloader, including handguns and rifles) will absorb some of the blow-back when firing. This is a good thing.
I don't own a handgun, but would like to, if I had the time to spend practicing with it. Like others have said, training is a necessary requirement for weapon ownership. An untrained person with a firearm is as dangerous to himself as his assailant.
...be a theat unless there is evidence to the contrary
:)
So if I break in with a Barney suit on, it's okay?
This has been stated several times already, but because this posting is at '+4, Informative' I have to comment.
With respect to the author, this should be "-4, Ignorant". The AIM: URL protocol handler is incorporated into the operating system (Yay for Browsers integrated into the OS!) and so *any* program that calls the AIM: URL will in turn be sent to AIM for handling and overflowing.
To reiterate: You *don't* necessarily have to click anything at all. Hover over links ALL DAY LONG, but get one HTTP re-direct, one Javascript imbedded in a hacked website, and you're OWNED.
This already had it's posting over the weekend, but... say you're chatting it up nicely at Starbucks or what-have-you on the wireless network. You're web-browsing while you're at it when - Wham! - someone injects a webpage into your browsing session with a redirect to an aim: URL with the buffer overflow. You've just been AirPwn'd
.jpg extension, it was an exe. Most of the hacked websites that it downloaded from were Polish or Russian, but one notable exception: http://financial.washingtonpost.com.
Supposedly trusted but hacked sites could also be used to inject malicious content. Case In Point: The most recent Bagel virus making the rounds used a binary file called 2.jpg as it's method of downloading itself to new victims. Even though it had the
I'd say it's always safer to remove the vulnerability than to live in denial about having vulnerable vectors open. Hackers, like Love, will always find a way.
A bit closer than that. :)
Why not? The 'DarkNet' concept uses *already allocated* IP space that just happens to not be actually used at present. ARIN has nothing to do with this - they've already given out the addresses to registered holders.
I'm Mr. Huge ISP, with gobs of class B's and class C's already allocated to me, the routes for these subnets already advertised on the backbone as coming to me, I might as well do something with the space until I can put some servers there later.
Fire up a Juniper IDP and configure it for those unused networks. Then when bad guys come a'callin', you'll be able to log or block as you like.
The Juniper (NetScreen/OneSecure) IDP has done a similar thing for years now.
You can assign it any IP and port combination, and it will ACK for any SYN's sent to it, whether there's a real server running on that IP or not. Such 'unsolicited' connections are a bad-traffic giveaway.
Actually -s 0 is better.
:)
10/100BaseT Ethernet, which pretty much everyone uses these days, is limited to 1500 snaplen. But the good old FDDI was a whopping 4500!
With -s 0, it basically means "All" - you don't have to think about what transmission medium you're using.
I also usually name my packet captures with extention *.pcap, and just make Ethereal be the default *.pcap file handler.
I'll also use tcpdump to whittle my pcaps down. Say I capture for a long time and end up with a 500MB+ pcap. Opening this in most any workstation with Ethereal will cause you to wait awhile, and could actually crash your box (yay for WinXP pre-fetch!).
So when I've found a particular port or host I want to extract from a stream to make the pcap more managable, I'll do something like this:
tcpdump -s 0 -r infile.pcap -w outfile.pcap host x.x.x.x and port xxx
Sometimes, I'll use tethereal instead to go a little deeper. tethereal is ***SLOW*** compared to tcpdump, but the granularity is worth it sometimes. Just set it going, and go get a coffee or something.
When examining a capture of some malware trying to spread, often times it will SYN several hundred machines without getting a reply. Trolling through these can be a pain. But by using tethereal, you can make what I call "Jesus" pcaps (no SYN's). To make it complete, I also filter RST's like so:
tethereal -r infile.pcap -w outfile -R "tcp.flags.syn==0 && tcp.flags.reset==0"
There is a way to do this in tcpdump, but it's much more complicated. Besides, you need the break anyway, right?
Uh - they already have that - ReplayTV allows you to set up 'buddies' with other, registered Replays on thier network - so you can get shows you missed.
n s-to-themselves-for-free' are going to start bleating.
What people are missing is this - and I don't necessarily agree with this, but:
The person who watches a TV show is perched on a large pyramid - Under this person is the vast infrastructure that brings these show to this person:
-Cable Companies (can be bypassed with an arial antenna for some shows)
-Television Stations/Channels
-Television Show Production Houses
-Commercial Advertisement Production Houses
-Ad Agencies
-Product Manufacturer's Marketing/PR Departments
Money starts at the bottom and flows upwards - and for reasons. If those reasons are not met, money does not flow.
Cable Companies get a variety of channels to entice customers to pay for the different tiers.
Television Channels contract the productions of popular shows to entice viewers to watch them, so they can demonstrate a large 'flock of sheep' to the Ad Agencies - the more popular the show, presumably the more people will watch the Ad Agencies' commericals.
A sucessful commerical allows Ad Agencies to get more money from the Marketing deparments of companies that want thier stuff shown on TV, with the idea that people will want to buy thier products if they see the commercials enough. This pumps more money up the pipeline, benefitting everyone.
What PVR's do is screw up the demographics of people who are supposed to be watching this or that commerical, in two ways:
-Competing channels will purposely put good shows against one another in the same timeslot to win 'mindshare' - they presume you can't watch two shows at once. With the time-shifting effect PVR's have, you can. This makes thier Neilsen ratings pointless - a major barometer for how effective an ad campaign is.
-PVR's have the ability to cleanly fast-forward thtough commercials (either by skipping 30 seconds at a time, or detecting commerical blocks and skipping the block automatically). This means you're not watching - which is the primary motivator for the money flow from the bottom of the pyramid.
The idea is, if enough PVR's are sold, it will, eventually, undermine the basic principle of how and why TV shows are made and distributed. Marketing departments have no motivation to pay for commericals that everyone will just skip. The money dries up at the source, and everyone downstream (or up-pyramid) eventually dies off or finds another way to exist.
Which just means they'll eventually need to come up with a different model. But this industry is one of the slowest to change (being right up there with the other major media categories - MPAA/RIAA). And if they come out with a pay-to-play service, all the 'sheep-who-don't-mind-being-spoonfed-thier-opinio
Who would want to pay extra for commerical-free content that we've already paid extra (for our PVR's) and are getting already? The difference is, my money went to SonicBlue, not Gillette or Nike.
How's XM doing these days? Not too well, at last check...
I'm happy to snub my nose at the ad agencies for the time being with my ad-skipping ReplayTV (which I love!), but I realize this isn't going to last - like Napster, all these cool free things will soon come to an end. What happens next is anyone's guess!
If you're in the San Francisco East Bay (or don't mind driving there), there's the Tri-Valley Security Group (TVSG) that meets every other Tuesday in Dublin.
www.tvsg.org
This is a recent development, I think. My dad has SB, and if you don't use the proprietary Windows-only driver, you get like 10% of rated through-put. Apparently the actual line speed is *much* lower than advertised, and they make the Marketing numbers by using compression.
The Ethernet option's bound to have the same speed limitations.
AC,
While may appear to be a point to point communication (from a 'cursory view') the impersonality (not specifying the recipient by any identifyable means) and the inappropriateness (sending an HR oriented letter to a random account) of the email decidedly tag this as SPAM.
The generally accepted point is, Bernie sent Unsolicited Commercial Email (UCE) to Neil. It was unsolicited; Neil didn't ask anyone for resumes of pompus laywer-wannabe IT consultants in the greater Chicago area, but Bernie sent it anyway. It was commerical; Bernie's asking for money for services. I hope you're not arguing it wasn't email.
The fact that others recieved exactly the same mail message confirms the 'group' requirement you're hung up on.
The complaint Neil used was fairly standard boilerplate for this sort of thing. I can't quite see how you'd consider it bogus or inappropriate. Neil definately put more effort into his email than Bernie did for his. Go figure.
An ISP won't generally kill access with a single spam complaint. It takes a number of complaints to get most admin's attention. This also solves your "but what if it was only sent to one person" blah blah.
I think Bernie's fsck'd, but he did it to himself. It's called self destruct!