Um, the protocol has never operated that way so I'm sort of confused why you think it would. In fact, the version 1 and version 2 of the protocol wouldn't even answer at all if you sent it an incorrect community name. Version 3 does issue a "report" saying the cryptographic checksum was incorrect.
The security flaw is not in the protocol, but rather in how people and companies have implemented it. Unfortunately, most people did in fact implement it in such a way that makes the products vulerable to crashing and/or buffer-overflow attacks. A good portion of the SNMP code to date is written based on early work from the cmu-snmp package, which was a reference release of the protocol. Hence, many of the companies and products that make use of that original code (including ucd-snmp and net-snmp, which I'm the lead developer for) are subject to the vulnerabilities as well. The ucd-snmp and net-snmp packages have been fixed as of a few months ago (and upgrading software is easy on linux, *bsd, etc boxes). However, people with flashroms containing software will have a much more challanging time getting updates from their vendors and installing them in a quick fashion if the deployment numbers of those types of boxes are large.
The way I figure it, if you have to buy something then you're stuck turning on those features. However, since you're submitting your address, credit-cards and other personal-info to them it's unlikely you'll care much about mere tracking information. They've already got you, essentially.
Many sites become unusable w/out javascript
Actually, I've been amazed at the number that do work. You're right, of course, many require them. And I do have Konqueror configured to allow JS on some sites. However, by default preference setting is "off" for any "untrusted" site. The sites that I generally turn them on for are E-commerce (as you mentioned above) and other account-type sites where I have accounts located there.
It seems like it'd be a good idea if Konqueror added an option to ignore single-pixel tracking images... should we submit this to bugs.kde.org?
It's a good point, however I don't think it'll help. Many sites are finding otherways of getting around that like using forms parameters within the URL itself. Eventually they'll get intelligent and name the larger images with a tracker extension, but still return the same image. IE, src="logo.jpg-234987575" and merely have their nifty web server strip the extension off (and use it) before returning the image to the caller. You don't need 1x1 imagse when you can use real images.
If you carefully configure your web browser I would think you could avoid being tracked:
Turn off javascript support. This is likely how their doing their "what part of the page you're looking at" tricks (watching the scrollbar usage).
Don't accept cookies. Don't go to sites that force you to accept them.
Turn off auto-loading of images. This is the one that no-one does, but with the increasing frequency of single pixel tracking images, it might be a wise thing to do. Junkbuster is certainly a good alternative, but it won't catch everything.
Konqueror has the ability to change your user agent. It'd be cool to write a "random" mode to it where it randomly selected from it's list of user agents to send to the remote site;-)
You really want to encrypt everything, not just email. I'm not sure why the EU thinks encrypting just email will stop echelon from being effective. Even if echelon was was only sniffing email, they certainly would switch to sniffing other forms of communication if all email was encrypted.
The proper solution is to encrypt all your IP traffic through IPsec tunnels. Recent work within the IETF has given new ideas about how to start performing automatic IPsec connections with any host you can speak with. This is the type of solution that will help battle echelon like networks.
To be fair (something you don't see on/. very often), we're talking about the entertainment industry here. If any party has sold its soul to them for campaign contributions lately, it's been the Democrats.
Oh my word. I hope I didn't give the impression that I like the democrats any better than the republicans. That certainly wasn't my intent!!!
I say we put the DMCA up for auction on E-Bay as a "revenue protecting licence agreement text suitable for governments funded by large buisnesses". How much do you think it would go for?
Now what we need is for the Bush administration to order the Justice Department not to enforce the DMCA. The're already dropping useful judgements, maybe now they can do something useful themselves.
Unfortunately, they're only going to drop judgments where the ruling is not in favor of big companies making money (you know, the ones who fund the repubilican's advertisements that slam the other candidates). I could see him asking the judge to change his mind on this case while quoting star trek: "Sometimes the needs of the many outweigh the needs of the one" (sorry e-bay, you're a "one").
KDE has a kdepim-cellphone set of tools. I, unfortuantely, don't have a cellphone smart enough to use it so I didn't install it. Here's the rpm package info though:
rpm -qip kdepim-cellphone-2.2-1.i386.rpm
[Stuff deleted to get around the slashdot lameness filter]
BR> Packager : Red Hat, Inc.
URL : http://www.kde.org
Summary : KDE support for synchronizing data with cellphones.
Description :
KDE support for synchronizing data with cellphones.
Microsoft's entire, $25 billion-a-year business is based on the idea that software can be owned and sold and that the source code - the blueprints, instructions or secret formulas - are proprietary.
The author forgot to include "or rented".
You know, with micropayments becoming more of a viable buisness model, I could see Bill wanting to charge you for every second that you're using his software. It'd add up the time, and send the summary to MS HQ when you connect to the internet the next time (or would stop working if 30 days had elapsed since the last time you connected to the internet).
Got screwed?
Securing an open system would be hard
on
Secure IRC?
·
· Score: 3, Insightful
In other words, trying to secure IRC would be difficult to do successfully. Most of the problems associated with IRC come from it's allowed annonymous access by many servers. IE, you don't need an account with a password to join. This gives annonymous access and hence can be nice if you have debatable things to say that you don't want others to see. However, it also allows for "flashing" DoS and other IRC related fun. The proper way to secure IRC against abuse would to be only allow servers that check authentication and make people accountable. It is possible to do this, however, without sacrificing annonimity if you trust the servers you're using (ie, they authenticate you for accountability purposes promising they won't give out who you are without a court order). This will likely not prove to be popular among people who want to be annonymous further than that (like Flashers, of course).
So, let me get this straight: you plug in an external device into your machine and the mother board gets damaged because of it. Since the article is completely informationless as to what the actual cause of the problem is, I'll assume it's a problem with voltage levels on the serial port (ie, the palm is using voltage levels higher than what the mother board is designed to handle).
Since I strongly doubt that the palm device is using voltage levels that are significantly higher than the expected levels, I'd bet that the "certain PC brand" mother boards are, um, well, some of the cheapest boards ever made. (Warning: If you don't use voltage levels between 0.000000 and 5.0000001, we can't be responsible for damage to your mother board).
Yes some people say it is not "bad" it just needs a bit of work because it is hard to use, hard to implement correctly (with out help or a lot of experience), and generally misunderstood. That's a complex way of saying "bad" in my mind. It doesn't, however, mean that it can't be touched up to make it "good". Specifically, removing some of the unused options is generally believed to be one solution that will help make it more easily implemented and used (a view I generally agree with).
How many times did you read the RFCs before understanding them. And if you re-read them again, I bet you'd learn something new (again).
IKE, for instance (the key exchange mechanism used by the IPsec security protocol) has also been pronounced "bad" and is going to be replaced or modified.
I gaurantee when you get 2300 people (the current conference attendance) together, they'll disagree on many a topic. The good news is that the (frequenly lively) debates are certainly fun to participate in, hence the reason I came.
Yeah, but the flip side is...
on
Bionic Nurses
·
· Score: 3
now they can use them to hold you down with one hand while they give you a shot with the other.
What what's the scream going to sound like now?
on
Xena To Join X-Files
·
· Score: 2
Slashdot Mirror
Um, the protocol has never operated that way so I'm sort of confused why you think it would. In fact, the version 1 and version 2 of the protocol wouldn't even answer at all if you sent it an incorrect community name. Version 3 does issue a "report" saying the cryptographic checksum was incorrect.
The security flaw is not in the protocol, but rather in how people and companies have implemented it. Unfortunately, most people did in fact implement it in such a way that makes the products vulerable to crashing and /or buffer-overflow attacks. A good portion of the SNMP code to date is written based on early work from the cmu-snmp package, which was a reference release of the protocol. Hence, many of the companies and products that make use of that original code (including ucd-snmp and net-snmp, which I'm the lead developer for) are subject to the vulnerabilities as well. The ucd-snmp and net-snmp packages have been fixed as of a few months ago (and upgrading software is easy on linux, *bsd, etc boxes). However, people with flashroms containing software will have a much more challanging time getting updates from their vendors and installing them in a quick fashion if the deployment numbers of those types of boxes are large.
If you're playing "duck, duck, duck, GOOSE" I really really really don't want to be the goose that gets "tapped" on the head!
Beavis: Heh... Heh... Microsoft said "swallow".
Butthead: Yeah... "Swallow"
That wasn't the guy who invented the protocol that was used....
--- begin secret encrypted text ---
Vg jnf gur thl jub vairagrq ebg13
--- end secret encrypted text ---
not in years, no.
The way I figure it, if you have to buy something then you're stuck turning on those features. However, since you're submitting your address, credit-cards and other personal-info to them it's unlikely you'll care much about mere tracking information. They've already got you, essentially.
Actually, I've been amazed at the number that do work. You're right, of course, many require them. And I do have Konqueror configured to allow JS on some sites. However, by default preference setting is "off" for any "untrusted" site. The sites that I generally turn them on for are E-commerce (as you mentioned above) and other account-type sites where I have accounts located there.
It's a good point, however I don't think it'll help. Many sites are finding otherways of getting around that like using forms parameters within the URL itself. Eventually they'll get intelligent and name the larger images with a tracker extension, but still return the same image. IE, src="logo.jpg-234987575" and merely have their nifty web server strip the extension off (and use it) before returning the image to the caller. You don't need 1x1 imagse when you can use real images.
Correct me if I'm wrong...
I'm afraid you're wrong. IPsec has it's own method of tunneling that isn't based on GRE.
Now, what you could have noted was the internet-draft I pointed to required storing keys within secure-dns, which hasn't been deployed yet either...
The proper solution is to encrypt all your IP traffic through IPsec tunnels. Recent work within the IETF has given new ideas about how to start performing automatic IPsec connections with any host you can speak with. This is the type of solution that will help battle echelon like networks.
Oh my word. I hope I didn't give the impression that I like the democrats any better than the republicans. That certainly wasn't my intent!!!
I say we put the DMCA up for auction on E-Bay as a "revenue protecting licence agreement text suitable for governments funded by large buisnesses". How much do you think it would go for?
Unfortunately, they're only going to drop judgments where the ruling is not in favor of big companies making money (you know, the ones who fund the repubilican's advertisements that slam the other candidates). I could see him asking the judge to change his mind on this case while quoting star trek: "Sometimes the needs of the many outweigh the needs of the one" (sorry e-bay, you're a "one").
KDE has a kdepim-cellphone set of tools. I, unfortuantely, don't have a cellphone smart enough to use it so I didn't install it. Here's the rpm package info though:
rpm -qip kdepim-cellphone-2.2-1.i386.rpm
[Stuff deleted to get around the slashdot lameness filter] BR>
Packager : Red Hat, Inc.
URL : http://www.kde.org
Summary : KDE support for synchronizing data with cellphones.
Description :
KDE support for synchronizing data with cellphones.
- Microsoft's entire, $25 billion-a-year business is based on the idea that software can be owned and sold and that the source code - the blueprints, instructions or secret formulas - are proprietary.
The author forgot to include "or rented". You know, with micropayments becoming more of a viable buisness model, I could see Bill wanting to charge you for every second that you're using his software. It'd add up the time, and send the summary to MS HQ when you connect to the internet the next time (or would stop working if 30 days had elapsed since the last time you connected to the internet). Got screwed?Shotgun!
In other words, trying to secure IRC would be difficult to do successfully. Most of the problems associated with IRC come from it's allowed annonymous access by many servers. IE, you don't need an account with a password to join. This gives annonymous access and hence can be nice if you have debatable things to say that you don't want others to see. However, it also allows for "flashing" DoS and other IRC related fun. The proper way to secure IRC against abuse would to be only allow servers that check authentication and make people accountable. It is possible to do this, however, without sacrificing annonimity if you trust the servers you're using (ie, they authenticate you for accountability purposes promising they won't give out who you are without a court order). This will likely not prove to be popular among people who want to be annonymous further than that (like Flashers, of course).
is it big enough we can all move there? Or maybe we should just buy a fleet of air craft carries?
So, let me get this straight: you plug in an external device into your machine and the mother board gets damaged because of it. Since the article is completely informationless as to what the actual cause of the problem is, I'll assume it's a problem with voltage levels on the serial port (ie, the palm is using voltage levels higher than what the mother board is designed to handle).
Since I strongly doubt that the palm device is using voltage levels that are significantly higher than the expected levels, I'd bet that the "certain PC brand" mother boards are, um, well, some of the cheapest boards ever made. (Warning: If you don't use voltage levels between 0.000000 and 5.0000001, we can't be responsible for damage to your mother board).
Ah, that makes me feel better...
insert appropriate number of "C-x u" here....
Yes some people say it is not "bad" it just needs a bit of work because it is hard to use, hard to implement correctly (with out help or a lot of experience), and generally misunderstood. That's a complex way of saying "bad" in my mind. It doesn't, however, mean that it can't be touched up to make it "good". Specifically, removing some of the unused options is generally believed to be one solution that will help make it more easily implemented and used (a view I generally agree with).
How many times did you read the RFCs before understanding them. And if you re-read them again, I bet you'd learn something new (again).
/Wes -- I was there too
Maybe I haven't gotten over the 8 hour jet-lag yet like I thought I had...
s/pronounced/proclaimed/g
IKE, for instance (the key exchange mechanism used by the IPsec security protocol) has also been pronounced "bad" and is going to be replaced or modified.
I gaurantee when you get 2300 people (the current conference attendance) together, they'll disagree on many a topic. The good news is that the (frequenly lively) debates are certainly fun to participate in, hence the reason I came.
now they can use them to hold you down with one hand while they give you a shot with the other.
Mulllllderrrranahahahahahahahahahahahahaah
(commence ass kicking here)