While you are probably right this does not make it futile to give them laptops. Every organization does what i does best. The OLPC provides laptops, some charities provide clothing, food etc. Now feel free to create a new foundation which provides electricity for every child instead of whining about the activities of other charities which have other goals.
The hack was NOT presented by Steil and Domke. It was only presented at the end of their talk about xbox360 security at the CCC Congress. But the actual hack was presented by another person which name i don't know.
There is a reason why IT- and Communication-Equipment is usually stored inside secure and locked rooms. There are usually very valuable information and data at risk.
Your management is either crazy, insanely stupid or stingy or a combination of these. Even if they deny you the workplace a human beeing shall deserve (have you thought about switching jobs?), they should not deny the security aspects.
Now i'm german and there is simply no problem to buy a Wii here in Germany. It is available not only at Amazon but also at every major electronic store.
First: VDSL is already in active deployment e.g. in Germany (offered in speeds of 25/5 and 50/10 mbit here). Second: VDSL does NOT stand for "Vectored DSL" but for "Very High Speed DSL".
Oh to the contrary! "Anonymous Coward" is actually one of the oldest user "accounts" on slashdot. It must be worth millions on ebay. Maybe even more then uid 1 because Anonymous Coward clearly is much more involved with slashdot than CmdrTaco given the amount of comments made by Anonymous Coward.
Really, i don't get it. I was reading slashdot someday in the morning when user registration was announced. I created an account and now i have a fairly low uid. So, wow, but still, whats so special about it? It does not make me any wiser or more important than any other user of slashdot. While, yes, it feels cool to have been with something like slashdot for such a long time, but past is past. Buying in on a low uid is just faking oneselfs identity.
Some server will deny some/more recipients even after only one prior recipient. The reason? Spam filtering during the SMTP phase and conflicting configuration of the different recipients. Doing spam filtering during SMTP is good, as you can cleanly deny spam instead of just acting like a black hole and throwing it away. In the case of a false positive the sender will at least get a clean error message without having to send one of these nowadays very annoying bounce messages. If you ever became victim to some spammer abusing your mail address as the sender of spam and you've got 25000 bounces, you know why bounce messages need to be eliminated thanks to spammers.
Unfortunately spam filtering has became so complex that more often than not one there is no one-size-fits-them-all configuration. But this means that the same message might be acceptable to the configuration settings of user A but not to the settings of user B. When now a mail sender tries to send a message to A and B, it will be necessary to deny recipient B due to the differing config (at least for filters which are based on content and thus can not be run before the recipient was accepted and the message sent).
Yes, this breaks a proposed standard. But so do a lot of other spam filtering techniques like RBL, SPF and Greylisting. Thanks to the spammers we have broken SMTP quite some while ago and one is to wonder why internet mail is still quite reliable. I predict it can only go downhill from here.
First: If he accesses the server from germany, development will not be considered to happen outside of germany. Second: Won't matter anyway, as german law declares itself to be applicable to what a german does even outside of germany.
Maybe you should not only link to Wikipedia, but also read the linked article at least once. What you assumed (VIA C3 using thermal noise for random) is wrong. From the article:
All VIA C3 microprocessors have included a hardware RNG on the processor chip since 2003. Instead of using thermal noise, raw bits are generated by using four freerunning oscillators which are designed to run at different rates.
Due to the fact that Harald Welte (maintainer of iptables - you know, the guy who sues companies not following the GPL!) is one of the developers of this phone, i'm very sure that they will follow the GPL exactly. Stop spreading FUD.
Re:Three years isn't a whole lot.
on
A Mighty Number Falls
·
· Score: 2, Informative
Even worse: When your key can be cracked in 10 years, someone can create false signatures in your name dated 10 years back. Think about long-running contracts etc....
We have in germany some really brain-fucked law about the requirement of digital signatures (s/mime based) on electronic invoices, but one idea they actually got right: You will get an invoice which is signed by the vendor. If you are required to keep incoming invoices (businesses) every once in a while you need to take the current file and sign it again with your own (current) key. So document+signature becomes (document+signature)+signature, then (((document+signature)+signature)+signature. So you will sign repeatedly an older signature with your newer key. This builds a chain of signatures and still proves integrity of the document and the signature when the original signature key length is long broken required you have done this "renew" regularly.
[1]However, NAT has several downsides. First of all, incoming connections don't work anymore, because when a session request comes in from the outside, the NAT device doesn't know which internal host this request should go to.
This problem was already addressed and the answer is Universal Plug and Play (UPnP). Using UPnP a client device can ask the residential gateway (aka NAT router) to open up a port and forward incoming traffic on that port. Of course this is a security risk, but it is a way to address this specific NAT problem, and the security implications could be addressed the same way as if the client would have a real ip address: Only allow specific (predefined) ports either by firewalling the others or having the UPnP-Daemon only accept those specific ports.
Nonsense. It isn't about the "price" of the ip addresses but the simple fact that dialup users will send their mail in 99.9% through their providers mailserver and therefore nearly everything coming directly from a dialup ip is abuse by spam or virus sending trojans. It just makes sense to block dialup ips and it would have been better if users would have been forced to use their providers servers from the beginning, because its a lot easier to track abuse when mail is going through the isps relay.
Very likely you felt victim to a criminal and not to a device malfunction and fraudulent next user. It is a usual method by criminals to prepare an ATM to be able to see the PIN entered (e.g. by hiding a very small, RF-operated video camera above the pinpad or by just standing aroung and watching you entering the PIN) and either to copy the cards content by an additional card reader attached in front of the real one or manipulate the machine in a way that the card will get stuck and can only be removed with the right knowledge. Sometimes getting the real card is more interesting for the criminals, e.g. in Germany, Austria and Switzerland you can only get money from an ATM using the original card (which has a builtin security technology) but not using an copied one.
There is a point to learn here: If your card get "stuck" in the machine, especially after you've entered the correct PIN, NEVER walk away. ACT IMMEDIATELY, by either calling police or your bank. Only if it is very clear that the ATM itself took the card (e.g. when a message on screen told so), you are safe. In all other cases you are at high risk to fall for criminals. While your story is heart-breaking, you really should take the blame on yourself. By just walking away and planning to resolve the case after several hours(!) you acted totally irresponsible. Even if this was the "established" procedure at that time, it was wrong to do so. If the ATM is broken in such a way that cards get stuck often: complain, this should not happen. By operating a ATM with such an regular error the bank is lowering the security standards to the disadvantage of the normal customers as they will accept a stuck card as another malfunction and oversee the possible risk that a criminal is at work.
If you really believe that it its only a malfunction of the ATM, at least check the machine for any unusual circumstances e.g. said video camera, an pinpad glued onto the original one (which records the PIN) or other alarm signs. It is also good practice to always enter the pin in such a way it can't be seen by others or a camera (won't help against the fake pinpad, however). I usually put my right hand on the pinpad and hold my purse with the left hand above it, covering my fingers. No, i'm not paranoid, just cautious.
You get it all wrong. The problem are not people like the guy you answered to.
The problem is that (especially american) people are sheep and accept the insecure systems in use. There is nothing wrong with using debit cards, even using them for most day-to-day purchases. It is not the fault of the user if the system is badly designed. After all it is possible to setup debit card systems where the security is high (e.g. by requiring PINs, certified vending equipment etc.) and the risk is low (e.g. by having clauses which restrict the damage to the customer or by requiring the bank to prove on case-by-case that the system was not abused by another person).
Many countries in fact do have such systems and only low fraud rates. In Germany, for example, next to all people do carry a debit card from their own bank. These debit cards are connected to the "maestro" system and allow to get money at ATMs all over europe (and more places on the world) and purchases in mostly all shops who do accept plastic (very often only debit-cards are accepted but no credit cards). The security of german cards was upgraded a few years ago (it is believed that the formerly used 56 bit DES private key was broken by criminals) and nowadays uses at least 3DES with a bank-specific key. As the vending equipment can not recalculate or check the PIN (only the card issuing bank can), the PIN entered is usually encrypted and checked with a vending service provider over a dial-up or leased line. Some cards, however, also have a chip integrated which can check the PIN by itself (but needs to get synced to the central bank computer regularly). While cases of fraud still occur, it is believed that they are due to card copying by skimming devices (card readers who are attached in front of real card readers at ATMs). Most ATMs are now equipped with "anti-skimming devices" which disallow to attach external card reader.
Some merchants, often depending on the value, also allow paying with signature, without the PIN. In such cases, however, all the risk is on the side of the merchant and not on the side of the customer. If the signature was forged, tough luck for the merchant. As the bank by default do not see the signature of such transactions, they are considered to be transactions without "written consent of the account owner". Therefore it is very easy to get such transactions charged back: All you have to do is tell your bank that you are refuting a specific transactions and they will happily give you back your money (as required by law). It is then up to the merchant to get the money by other means.
So if all the american people would standup against outdated and insecure systems, using debit cards won't need to be a personal and security risk. Just act!
And how is he supposed to stop you? Gun force? This is a free world and you are free to buy your services where you want. There is really nothing, the old operator can do against this. So stop talking bullshit.
Often this step should be included before all others:
0. Update your DNS zones and lower the TTL to e.g. 10 Minutes. Otherwise people might not notice the new address for hours or even days (depending on your normal settings).
Slashdot Mirror
While you are probably right this does not make it futile to give them laptops. Every organization does what i does best. The OLPC provides laptops, some charities provide clothing, food etc. Now feel free to create a new foundation which provides electricity for every child instead of whining about the activities of other charities which have other goals.
The hack was NOT presented by Steil and Domke. It was only presented at the end of their talk about xbox360 security at the CCC Congress. But the actual hack was presented by another person which name i don't know.
There is a reason why IT- and Communication-Equipment is usually stored inside secure and locked rooms. There are usually very valuable information and data at risk.
Your management is either crazy, insanely stupid or stingy or a combination of these. Even if they deny you the workplace a human beeing shall deserve (have you thought about switching jobs?), they should not deny the security aspects.
Fact: The block for ham radio was not reclaimed and was not returned. Get your facts straight.
I felt like my UID was _really_ late compared to a lot of the 4-digits that were posting.
Wonder where they all went.
Sorry, can't help you with that question.
Now i'm german and there is simply no problem to buy a Wii here in Germany. It is available not only at Amazon but also at every major electronic store.
First: VDSL is already in active deployment e.g. in Germany (offered in speeds of 25/5 and 50/10 mbit here). Second: VDSL does NOT stand for "Vectored DSL" but for "Very High Speed DSL".
If you are on linux and have cabextract installed, try this:
../PowerPointViewer.exe (will extract some files, including ppviewer.cab)
.TTF files to whereever you want.
mkdir tmp
cd tmp
cabextract
cabextract ppviewer.cab
copy the extracted
Oh to the contrary! "Anonymous Coward" is actually one of the oldest user "accounts" on slashdot. It must be worth millions on ebay. Maybe even more then uid 1 because Anonymous Coward clearly is much more involved with slashdot than CmdrTaco given the amount of comments made by Anonymous Coward.
Really, i don't get it. I was reading slashdot someday in the morning when user registration was announced. I created an account and now i have a fairly low uid. So, wow, but still, whats so special about it? It does not make me any wiser or more important than any other user of slashdot. While, yes, it feels cool to have been with something like slashdot for such a long time, but past is past. Buying in on a low uid is just faking oneselfs identity.
Some server will deny some/more recipients even after only one prior recipient. The reason? Spam filtering during the SMTP phase and conflicting configuration of the different recipients. Doing spam filtering during SMTP is good, as you can cleanly deny spam instead of just acting like a black hole and throwing it away. In the case of a false positive the sender will at least get a clean error message without having to send one of these nowadays very annoying bounce messages. If you ever became victim to some spammer abusing your mail address as the sender of spam and you've got 25000 bounces, you know why bounce messages need to be eliminated thanks to spammers.
Unfortunately spam filtering has became so complex that more often than not one there is no one-size-fits-them-all configuration. But this means that the same message might be acceptable to the configuration settings of user A but not to the settings of user B. When now a mail sender tries to send a message to A and B, it will be necessary to deny recipient B due to the differing config (at least for filters which are based on content and thus can not be run before the recipient was accepted and the message sent).
Yes, this breaks a proposed standard. But so do a lot of other spam filtering techniques like RBL, SPF and Greylisting. Thanks to the spammers we have broken SMTP quite some while ago and one is to wonder why internet mail is still quite reliable. I predict it can only go downhill from here.
I wonder what the MPAA has to do with this case. Shouldn't the CMPDA be the more appropiate organisation to handle a scam-company in canada?
First: If he accesses the server from germany, development will not be considered to happen outside of germany. Second: Won't matter anyway, as german law declares itself to be applicable to what a german does even outside of germany.
Maybe you should not only link to Wikipedia, but also read the linked article at least once. What you assumed (VIA C3 using thermal noise for random) is wrong. From the article:
All VIA C3 microprocessors have included a hardware RNG on the processor chip since 2003. Instead of using thermal noise, raw bits are generated by using four freerunning oscillators which are designed to run at different rates.
Due to the fact that Harald Welte (maintainer of iptables - you know, the guy who sues companies not following the GPL!) is one of the developers of this phone, i'm very sure that they will follow the GPL exactly. Stop spreading FUD.
... does the hole run on linux?
Even worse: When your key can be cracked in 10 years, someone can create false signatures in your name dated 10 years back. Think about long-running contracts etc....
We have in germany some really brain-fucked law about the requirement of digital signatures (s/mime based) on electronic invoices, but one idea they actually got right: You will get an invoice which is signed by the vendor. If you are required to keep incoming invoices (businesses) every once in a while you need to take the current file and sign it again with your own (current) key. So document+signature becomes (document+signature)+signature, then (((document+signature)+signature)+signature. So you will sign repeatedly an older signature with your newer key. This builds a chain of signatures and still proves integrity of the document and the signature when the original signature key length is long broken required you have done this "renew" regularly.
93414 is lower than 893? What kind of math is that?
[1]However, NAT has several downsides. First of all, incoming connections don't work anymore, because when a session request comes in from the outside, the NAT device doesn't know which internal host this request should go to.
This problem was already addressed and the answer is Universal Plug and Play (UPnP). Using UPnP a client device can ask the residential gateway (aka NAT router) to open up a port and forward incoming traffic on that port. Of course this is a security risk, but it is a way to address this specific NAT problem, and the security implications could be addressed the same way as if the client would have a real ip address: Only allow specific (predefined) ports either by firewalling the others or having the UPnP-Daemon only accept those specific ports.
Nonsense. It isn't about the "price" of the ip addresses but the simple fact that dialup users will send their mail in 99.9% through their providers mailserver and therefore nearly everything coming directly from a dialup ip is abuse by spam or virus sending trojans. It just makes sense to block dialup ips and it would have been better if users would have been forced to use their providers servers from the beginning, because its a lot easier to track abuse when mail is going through the isps relay.
The screenshot shows this URL: http://www.amazon.com/gp/video/help/faq.html. It seems that this URL actually exists, because it gives 200 OK and a 48 byte response.
Very likely you felt victim to a criminal and not to a device malfunction and fraudulent next user. It is a usual method by criminals to prepare an ATM to be able to see the PIN entered (e.g. by hiding a very small, RF-operated video camera above the pinpad or by just standing aroung and watching you entering the PIN) and either to copy the cards content by an additional card reader attached in front of the real one or manipulate the machine in a way that the card will get stuck and can only be removed with the right knowledge. Sometimes getting the real card is more interesting for the criminals, e.g. in Germany, Austria and Switzerland you can only get money from an ATM using the original card (which has a builtin security technology) but not using an copied one.
There is a point to learn here: If your card get "stuck" in the machine, especially after you've entered the correct PIN, NEVER walk away. ACT IMMEDIATELY, by either calling police or your bank. Only if it is very clear that the ATM itself took the card (e.g. when a message on screen told so), you are safe. In all other cases you are at high risk to fall for criminals. While your story is heart-breaking, you really should take the blame on yourself. By just walking away and planning to resolve the case after several hours(!) you acted totally irresponsible. Even if this was the "established" procedure at that time, it was wrong to do so. If the ATM is broken in such a way that cards get stuck often: complain, this should not happen. By operating a ATM with such an regular error the bank is lowering the security standards to the disadvantage of the normal customers as they will accept a stuck card as another malfunction and oversee the possible risk that a criminal is at work.
If you really believe that it its only a malfunction of the ATM, at least check the machine for any unusual circumstances e.g. said video camera, an pinpad glued onto the original one (which records the PIN) or other alarm signs. It is also good practice to always enter the pin in such a way it can't be seen by others or a camera (won't help against the fake pinpad, however). I usually put my right hand on the pinpad and hold my purse with the left hand above it, covering my fingers. No, i'm not paranoid, just cautious.
You get it all wrong. The problem are not people like the guy you answered to.
The problem is that (especially american) people are sheep and accept the insecure systems in use. There is nothing wrong with using debit cards, even using them for most day-to-day purchases. It is not the fault of the user if the system is badly designed. After all it is possible to setup debit card systems where the security is high (e.g. by requiring PINs, certified vending equipment etc.) and the risk is low (e.g. by having clauses which restrict the damage to the customer or by requiring the bank to prove on case-by-case that the system was not abused by another person).
Many countries in fact do have such systems and only low fraud rates. In Germany, for example, next to all people do carry a debit card from their own bank. These debit cards are connected to the "maestro" system and allow to get money at ATMs all over europe (and more places on the world) and purchases in mostly all shops who do accept plastic (very often only debit-cards are accepted but no credit cards). The security of german cards was upgraded a few years ago (it is believed that the formerly used 56 bit DES private key was broken by criminals) and nowadays uses at least 3DES with a bank-specific key. As the vending equipment can not recalculate or check the PIN (only the card issuing bank can), the PIN entered is usually encrypted and checked with a vending service provider over a dial-up or leased line. Some cards, however, also have a chip integrated which can check the PIN by itself (but needs to get synced to the central bank computer regularly). While cases of fraud still occur, it is believed that they are due to card copying by skimming devices (card readers who are attached in front of real card readers at ATMs). Most ATMs are now equipped with "anti-skimming devices" which disallow to attach external card reader.
Some merchants, often depending on the value, also allow paying with signature, without the PIN. In such cases, however, all the risk is on the side of the merchant and not on the side of the customer. If the signature was forged, tough luck for the merchant. As the bank by default do not see the signature of such transactions, they are considered to be transactions without "written consent of the account owner". Therefore it is very easy to get such transactions charged back: All you have to do is tell your bank that you are refuting a specific transactions and they will happily give you back your money (as required by law). It is then up to the merchant to get the money by other means.
So if all the american people would standup against outdated and insecure systems, using debit cards won't need to be a personal and security risk. Just act!
And how is he supposed to stop you? Gun force? This is a free world and you are free to buy your services where you want. There is really nothing, the old operator can do against this. So stop talking bullshit.
Often this step should be included before all others:
0. Update your DNS zones and lower the TTL to e.g. 10 Minutes. Otherwise people might not notice the new address for hours or even days (depending on your normal settings).