They didn't just scarf info from Google - they also did reverse DNS lookups and a ZoneTransfer. At least one college kid has had his door kicked in for having done a ZoneTransfer to a domain that had recently been hacked. (sigh) Port scanning is no biggie IMO but it seems to me a ZoneTransfer might be a little more "aggressive". Still, if their country doesn't care.....
It sure as hell isn't the CIA's running Exchange. They had a speaker at Lotusphere FROM the CIA who made it quite plain the Lotus Notes was what they were using. Very entertaining little guy too - loved it when the phone rang on the podium and he answered it. Wrong number(lol)!
Anyway, from what he said Exchange was NOT welcomed. Why would they bother to tell people that, present on it, run Notes on their Unclass server, and then run Exchange inside? You must be talking about another network....
You can simply copy the database locally and use a freely distributed tool to edit the ACL to add yourself or modify -Default-. That will NOT get you past encrypted mail using Public keys tho'. On disk encrypted dBs will also not be effected by this. Doesn't appear in the ACL log either of course. If the person hasn't set User Types you can also create a Group with the user's name and put yourself in it.
On top of that at least two folks have created code that's supposed to unlock the ID file. One by substituting the hash that's compared by the password dialog in memory with one that's created by a seperate application. That code isn't distributed depsite promises to release. The second piece of code is a bit shakier but is supposed to be able to backdoor the ID. These two groups are speaking to one another but as of yet I've not seen any results. http://www.falling-dominos.com/ was one of the sites that was working this but refuses to release code for fear of the DMCA. I want this code if anyone has it..
Lastly, there's code out there to dictionary attack the ID file. Some work would no doubt yield brute force code but source hasn't been released for this tool. I might know how it works though;-)
Overall though - Notes is damned secure compared to the MSFT crap that's out there. R6 is looking pretty good and the RC1 beta has been running on my server\workstation for several months now rock solid. Lotus came up witha workable PKI long before X509 seemed to have caught on. Port encryption and all sorts of nice goodies too. I happen to like the client and its dirt easy to build simple apps. Even workflow apps aren't hard to build and publishing to the WEB is no biggie unless you get really tricky. My home server is running Notes and except for the mile long URLs I find it pretty friendly...
If you told an airplane engineer about how the Wright Brother's designed and built their airplane that they'd kringe too! This guy apparenty welds structures for a lving and if you read the story they didn't send the kidster over anything but the mildest portions of the track. I'd say the guy is at least trying to be safe about it - we cannot eliminate all risk from life can we?
That sounds fair actually. I'll shoot you a couple of bux however before you bring it back up it sounds like you might want to crunch down a few of th epics. If they're really 700K you'd be much better off squishing them down to say 70K. Depending upon how you set it up - say thumbnails - you could really cut down the bandwidth that we're easting up on the site.
Will be interesting to see who actually contributes, please post back and let us know;-)
If your only beef is the lack of PCI it CAN take two cards. It also has 10/100 Ethernet on it so it can network just fine. With everything it's already got I was just wondering why more than one PCI card was so important. Insight is all...
TV tuner makes sense, I hadn't thought of that but what else? I'd think that for many people this sucker would be pretty good. Not for a super-duper server or anything but you've got to give them credit - they put an awful lot into it.
Hrm, wonder if it could be run off of a 12volt battery pack or gel cell. That CPU very thirsty? Very hot?
Its got quite a bit of onboard I/O on it already. AGP video, sound and ethernet have been taken care of as has TV out. What would you use the PCI slot for other than maybe a modem or second NIC? This isn't meant to be a mainstream gaming machine or desktop box... However at the price they've quoted I'd bet it would work well as a portable MP3 box for the car or whatnot. It's ogt lot's of possibilities IMO. Maybe slap a wireless card in it and go wardriving with it?:-)
P.s. Looks like one of the optional modules was a cable for a "2nd PCI device" so perhaps it's more flexible than you realized?
Address that. Was the DMCA not in effect? How is what Sony charged different?
Frankly, legal or not it sux. I'm more than willing to violate those laws that are just plain crap. I will support the EFF and I will continue to try and educate those folks I meet who don't understand why the DMCA needs to be dumped. Kripes the damned thing contains a clause protecting BOAT HULL DESIGN! Add this new SSSCA pile and the protections that Disney and friends purchased. I'm more than happy to boycott, vote, and support while violating. Honestly though the list of companies screwing us is getting to long and entangled that it's mighty hard to keep track of them all (sigh).
In that case the BnetD guys are in the clear
on
EFF Takes Bnetd Case
·
· Score: 2
And Blizzard should be going after the client side violators. In your example I see no infraction by the BnetD folks - all they did was provide software that clients CHOSE to use. Where's the problem? We should prosecute knife makers for murders too? That's an extreme example but can you follow the logic?
Does this differ from IBM suing Phoenix for reverse engineering the SOFTWARE in their BIOS? These people had NO access to the original source SERVER software - this was a black box reverse engineering job - simple as that. Does the DMCA prevent Reverse Engineering? If so I wonder where we would be without 3rd party BIOS implementations... For that matter Sony vs Bleem is a good example as well - they reversed how it worked, built server software of a sort and even SOLD it (the horror!). So, how exactly does this differ? There was a protection mechanism of sorts present, this is true, but instead of breaking it they simply failed to implement it. Where did they do wrong?
You'd be $hit out of luck IMHO. If you build a networking protocol that only allows certain computers or clients to talk to one another and someone decides they want to do the same thing by reverse engineering yours you've got no leg to stand on. Unless there was some sort of copy protection (DMCA SUX!) in it that they had to crack then Sorry Charlie.
In this case it would seem that Blizzard feels that they DID have some sort of copy protection and that this software went around it - that's not so. What Blizzard HAD was a FEATURE in their server software that performed the JOB of checking for legit copies. While that could be construed as some sort of "copy protection" these guys did NOT crack it. They did NOT infringe - they simply chose not to include that feature. And for this Blizzard is unhappy? Would they have been happier if these guys had cracked their feature and implemented it? I think not...
The scenario of the early IBM BIOS has ben brought up before and I believe it's a VERY good parallel. IBM tried to take Phoenix and others to court for creating a "clone" BIOS years ago. However these folks were smart enough to have created a "clean room" implementation of the IBM BIOS. They simply (cough) created two teams - one to examine the original BIOS completely and the other to create a version of it without ever seeing the real original code. They were able to ask questions about timings and what occured when certain signals were injected into the "black box" - the results of those questions influenced their coding. When done they had code that did the same JOB as the original firmware but one that didn't actually the same CODE.
IBM lost their case - as Blizzard should surely lose theirs. These programmers never had access to Blizzard's original works - how could they possibly have infringed? IMO this is pretty cut and dry. Unless these people have included portions of the Blizzard binary or other "works" in their code they have no leg to stand on. Saddest of all is that these people are FANS of Blizzard's work and they are being stupid enough to alienate them. Duh!
Personally, I'm happiest with clients like iD has created (Quake etc.). Yeah, they rely on a "master server" but they don't require you to go through their "portal" to get the information you want. For that matter iD releases SOURCE of older games - they're VERY friendly to their fans and I buy their products as a result. Tribes and others have used this model too - it's nice though I don't think they release source. The GameSpy software sprung from this and I think it's terrific when a 3rd party can concentrate on a niche like that. Enter Blizzard... I don't know how different the Blizzard model is but if it's "broken" enough for people to work to code their own then they've got problems that need to be addressed by something other than a lawsuit against their fans. somehow I cannot imagine a company like iD doing this. Funny, I was considering buying one of their games too - glad I DL'ed the server code before it got zapped:-) Not that I'm o sure I want to deal with Blizzard after this mind you....
Steering systems were apparently being run under NT in some way. I cannot imagine anyone feeling WIN9x was ever suitable for a mission critical application like that but possibly NT. That they apparently didn't have a suitable mechanical backup is telling - no chance of power being knocked out to that system during an actual fight? No chance of the computer hardware taking smoke damage and dying? Who builds these things?!
Those that are really serious about hacking Microsoft products need to see the source code in order to figure this out don't they? Let's just hide it away and keep building products based off of it - it'll be secure that way won't it?
Don't kid yourself. If you think that looking at the source code is all that it would take to force your servers to replicate with a hacked BDC then perhaps you shouldn't be running NT. Look at what the SAMBA group has done with regards to reversing NT's mechanisms, do you really think that someone else wouldn't be able to do that if there was only something obsfucated hiding the problems? Did the SAMBA group have access to soource? Nope! You've got the source for Linux available to you and everyone else yet for some reason the result hasn't been massive failures but rather betterment of the code.
Hiding problems isn't the way to secure a machine, you sure you don't maybe work for Microsoft? You certainly sound like you might. Microsoft would love nothing more than to keep their security issues out of the public eye. That will do nothing but drive exploits underground - not that he DMCA hasn't already contributed greatly to that very thing (sigh).
Buffer overflows may have just become even easier to get Admin with. Certainly the server should be faster (cough). Frankly, I don't want to see IIS go away I just want to see it become more secure!
I setup a water cooled system on my highly overclocked CPU some time ago with some interesting results.
The water block was made from a cutoff PCV piping cap mounted over an old heatsink. I used a surplus Peltier from All Electronics and I used my computer's power supply to run the Peltier. The water pump was a fountain unit sourced from an online supply company and was intended for 24X7 use squirting water in the air of someone's small pond.
My first problem was SEALING the damned water block. Pinhole leaks were a PITA but with time I got a good seal using some SERIOUS automotive gasket sealer (Tough Stuff I think it was called). Nowadays you can buy built water blocks - I'd suggest doing this! They're not THAT expensive and you really don't need a super big one for this project. The second problem was that the water supply got VERY warm over the course of about 8 hours. This was 5gallons of water in an old cat litter bucket - sealed. There was actually steam rising from the water! Solving this was as simple as buying a trans cooler at the local auto-suply store. The water still got hot until I put a small FAN on the trans cooler - this is a must! With no airflow the trans cooler acted as a very poor heatsink. Melted quite a bit of snow on it though;-)
The above setup allowed me to nearly double the clock speed of the CPU I was using - an older Celeron. I don't recall my highest peak but I'm pretty sure I was hitting a Gig long before Intel released one. I ran Distributed Net's program so the CPU was tasked 100% 24X7. This program raises CPU temps noticably! Temp on the CPU sensor was nearly freezing measured from just under the CPU - I used a special add-in board to measure this as MBs at that time had no temp sensing. Unfortunatly this nice board is no longer sold or supported - it was called Heat Sentry I think.
The best part about this whole system was the silence. I mean ZERO noise except from the power supply fan. The pump barely hums when it runs submerged and I was able to remove ALL of my case fans - there were many of these. I loved this system! I found that a small amount of Clorox would kill the bacteria that quickly formed (ick!) and had no need to experiment with Water Wetter or dishwasher spot remover in order to up the cooling ability - my CPU temps were stable and reliable.
I did have some ongoing problems and one that finally killed the project until I have more time. First - condensation UNDER the CPU. Temps beneath the CPU were nearly freezing and certainly below dew point. Condensation would occasionally form around the pins of the CPU leading to an occasional system crash. Fixing this would sometimes require a hairdryer to dry the socket (sigh). I never tried dielectric grease or foam insulation under the CPU. Both of these ideas should be used if someone attempts to duplicate what I did. The second and worst problem was what occured when the system must've locked up early one day while I was at work. With no load to heat the Peltier it cooled WAY down. I came home to a dead system that had a solid block of ICE around the CPU socket area and onto the water block. As the ice furthest from the Peltier melted it dropped water onto my video card! The video card ended up fried but no other hardware was damaged. There were some tense moments with the hairdryer though! At that point I decided that the added frames in my game of the week and the extra keys in RC5 simply weren't worth the trouble of insulating everything. I pulled my fan\trans cooler out of the window and put it all away for another day. I DO still have the Peltier, tran cooler, water pump\resevoir, and a brand new aluminum water block on my shelf though. My unlocked AMD CPU now runs a bit over 1.4GIG with a good copper heatsink (aircooled). At some point when I've got time I'll water cool again as it was lot's of fun but I've simply not got the time right now.
A feedback system to monitor Peltier temps would've been a nice addition as would a seperate power supply to run it. I was using a +12 and a -5 lead if memory serves. Without water flowing the CPU block's water hoses got pretty pliable with the heat and I was sure the water in there was nearly boiling. Monitoring the pump and the Peltier would be good ideas especially with today's super fragile CPUs. I noted that my plastic hose deteriorating over time from having been submerged in water for so long. I also had to cut the mounting ends on my trans cooler in order to up the water flow and lower back pressure. No antifreeze was EVER used - it lowers cooling ability as any gearhead can tell you. I used tap water with infrequent water changes once the system was closed up.
Straight water does a VERY good job of removing the heat compared to convection and I predict that it won't be too long before we start using more advanced methods of cooling other than simply bolting on a still bigger block of heavy crap onto our CPUs. Cooling pipes at the very least look interesting as does liquid cooling sometime in the future. Lookup amatuer astronomy and how they cool the Peltiers that cool their CCDs to below freezing for ideas. These guys were way ahead of the Overclockers and I learned a great deal from some of their projects....
P.S. A shame I didn't see this article when first posted. No Karma for me this time;-)
Check your vendors site for a WEP patch, turn ON WEP (this will hurt bandwidth...), filter on MAC address, consider using static IPs for Wi-Fi clients, turn OFF beaconing on your AP. In addition change the default infomation on your AP and try not to use really descriptive strings with say your name in them (ahem). Something like "noneofyourbusiness" is a bad idea too - some turkey in my area has that one with WEP turned on and I'm VERY tempted to take him out;-)
Oh yeah, and I pray you didn't but a damned DLink AP. I've yet to figure out how to turn off beaconing on mine and the config program locks up my PC or the AP as often as it manages to make thc hanges I've requested! No ability to add an external antenna ability either. Grr!
While some folks think that 350feet is the max I've spoken to folks who have gone MILES. Just like those stupid baby monitor\bugs that people put in their house - the antenna on the reciever makes a BIG difference. While the moron that's using the crappy baby monitor reciever can only go a few feet with it before reception is lost anyone else with a decent antenna can pick it up blocks away! Same with 802.11b - I can pick up APs hundreds of yards away while driving along a 75mph down the road using NetStumbler. (shrug)
Interesting to see how many companies think they don't have wireless on their networks but DO because some bonehead slapped it on without telling the IT staff. 75% of the APs I find don't run WEP and those that do probably aren't patched. The smart ones don't beacon - most DO beacon. Airsnort should find all of them though but I've not YET tried it out. There's only one good sniffer I've found for Windows but it's expensive (WildPackets.com).
Go look at the nationwide map over a NetStumbler. http://www.netstumbler.com/nation.php Friends and I have contributed several hundred APs and I've "stumbled" a few others out doing the same thing. 802.11b is incredibly common these days. I used to pick up 2 APs between my house and the main highway, I picked up 8 this past weekend after not having checked for a month! One trip alone netted 66APs and that was a short trip. People are starting to map this stuff with MapPoint and convert the data for other programs too. Heh, it's fun actually. Amazing how many of those APs give out DHCP addresses too. It's almost easier to go find an open AP attached to a cable modem than it is to use my crappy modem at home to DL the big files (sigh).
Anyway, it's easy and it's fun. Judging from my logs it' also pretty popular in my area as I come across others doing the same...
Several very good programs support it including Netstumbler and it will allow the use of an external antenna. If you use Linux then consider the cheapo' DLink which has a Prism chipset that will support Airsnort. It can accept an external antenna with a bit of soldering:-)
So far as I can tell - it's not so much the card as it is the antenna. I own a DLink, Orinoco Gold, and Sony VAIO card right now. Using a crappy DLink AP (BIG mistake!) all of them work somewhat well but as range increases I can slap my antenna on the Orinoco or Sony cards and increase my signal reception easily. Do yourself a favor and spend a little more on the Orinoco card, get say a Linksys AP, and be happy. It really is a pretty neat technology. Portable too - my AP is going to BlackHat with me again this year;-)
BZZZZTTT!!! How many have YOU seen?
on
The Rise of CSI
·
· Score: 2
He mentions a guy who was into SPORTS falling in love with a hooker not with the SINGER. The white guy who was into sports DID fall for a hooker. He even did forensic tests on her blouse in order to prove that the guy spit on her. I believe it was an assualt case and she was being charged (missed the beginning) for attacking the security guy. Turns out the security guy provoked her by spitting on her etc..
Anyway, he ends up looking like he's fallen for her but ends up not getting involved at the very end. She kisses him and off he goes on his merry way. Katz refers to more than just this last episode:-P
Not quite like the Profiler show but they DID have a crime that spanned SEVERAL episodes. It took them three shows at least to catch this guy and it was a pretty tangled web by the time they were done. It started with a "suicide" that had the person telling the world why they were doing it on audio tape. It was pretty cool IMO but I'd agree they need to do it more often. Migh tbe interesting if they pulled some of their story lines from real crimes too.
As for relationships - yes those are starting to finally form! What I think is interesting is how for instance one guy is big into bugs, another is awesome with recorded tapes, ad how some are good at other things - but they've never really spelled his out. I've seen them talk about how Grism (sp?) is the big bug guy but no one has mentioned anything about how this one guy got so good with audio and video. He's a musician and apparently gifted but no other reason has yet been given. (shrug) Hopefully that will develop with time...
As I recall they didn't have an "exact" number but were sort of taking side bets and guessing as to the numbers. I'm not sure they ever confirmed exactly how many people had been there but it's possible they were exaggerating.
I've used a black light to show urine (pets!) on carpet but never tried it with any other substance. I suppose it's possible the light would show semen etc. as a different color. Even using the UV on my carpet I sometimes find things that aren't urine from a pet accident so I guess nearly any chemical might change the way the material is seen. If you're looking at bedsheets then whatever funky stain shows up is probably going to be semen etc..
As for changing the sheets... Yeah, I seem to recall they made a big deal out of the guy's place being neat (fuzzy memory). If so then why weren't the sheets washed more often? The girl was pregnant and far along enough that she knew it so figure at least a couple of weeks. He didn't wash his sheets for WEEKS?! Umm, yeah that's kind of weird. It's not like the stains don't show up without the benefit of UV either. I don't know about you but sleeping in a bed polka dotted with "stains" would creep me out - those seets would be in the trash or the laundry ASAP....
FWIW - I LIKE this show. I've missed VERY few episodes and while the science sometimes seems stretched I still like it. What I wonder about mostly though is how these folks get to spend so much time on each case. The lab guy is always bitching about being so backed up yet these people work on maybe 2 cases a night and are the "night shift". What, Day Shift accounts for so much work that the lab guy can hardly keep up? I can only hope that someone will have that kind of time if I get accused of something to save my ass. Chances are good that they won't:-( Heh, then again if you're O.J. you can hire the best to find out when the cops don't follow procedure or taint the evidence.... Yeah, I think he was guilty but if I'd been on the jury seeing how the police had apparently mucked with the evidence I'd have had to let him go too!
We've now run this against some older CISCO stuff with an older IOS that we'll upgrade for testing. With some testing you can get it to reboot or overflow in about 2 packets:-) Send it to a broadcast address and unleash HELL! This could be interesting, I'm surprised no one has built something to do this on a widespread basis yet. Perhaps they've not done the testing to find the magic packets or mayboe not all equipment is this vulnerable? We'll see...
Only a few places where they can be used legitimately? Try WAR! Have we gotten so damned PC that we're squeemish about war? What's next, we don't actually kill our enemies we put them in cushy prisons instead? Oh wait, we do that don't we?
Sorry, but if we're at WAR with enemies then lay mines if that's what you must do to stop an opposing force. If a civilian gets killed then that really sux but I'd prefer a civilian than one of our soldiers.
After the war when the mines must be removed then by all means it's nice to have maps but if they were laid in haste then we'll deal with that when the time comes. Does that suck for places like Afghanistan? Yes, it does but we can't all live in a fluffy bunny world where everyone is afraid to offend much less hurt an enemy (rolleyes). In a WAR I can think of LOT'S of proper places to put mines....
I was made aware of this test suite just a few days before CERT put out it's alert on this - early I might add. The software has been available on that WEB site for MONTHS! Anyone who cared to download it could've tested this themselves - it's a pretty complete test suite.
Anyway, I was asked to test this set of tools against MSFT servers and then some networking hardware. So far the tests against WIN2K have been pretty good. I've managed to get SNMP to die gracefully a total of 2 times. No BSOD, the service simply dies. Howver in order to do this I had to run all 4 test sets at once and damn near FLOOD the machine I was testing - over 5meg worth of data at one point. When the service did die it didn't die consistantly - that is to say we cannot pick a single "magic packet" to kill WIN2K's SNMP service. Starting all test suites at the same point kills the service only occasionally and always at different test sets. I've been told via word of mouth that NT4 is even more robust - we're testing that next.:-)
IF we get the same results from NT4 then it would seem to me that Microsoft's response to this isn't so bad. Their software doesn't APPEAR to be particularly vulnerable - hell if anything I was surprised at how robust it seemed to be with the absolute FLOOD of pure crap we were sending it's way - SNORT was going nutz BTW noting "potentially dangerous traffic" (lol).
Networking hardware may or may not be effected more easily. We've had some procurement issues but I expect we'll be attacking some test equipment soon - starting with CISCO stuff. Network management software also tends to talk SNMP. TIVOLI (note IBM didn't really mention this in their response - AIX?!), Compaq Insight Manager, TNG, HP OpenView, and many others could be effected. We're going to test what we can based on what we use. Printers and other networked office equipment might also have issues but that's low on my list of priorities right now.
Overall, I'm not really worried by this YET. When it was first brought to my attention the message was one of panic - that this software would be the "kiss of death" for most anything running SNMP even if the Community string wasn't known. Well, so far it's really yet to kill much of anything in our lab! I'm sure we'll find some things that keel over more quickly but so far our primary operating platform has shrugged off 99% of these attacks and our IDS spotted it even without having an alert put on it just for this traffic.
Anyone else testing this software? Finding problems? Hint: it seems to work best when run off of LINUX\Java. When run on a WIN2K\Java platform it didn't appear to form the packets correctly - we're getting different\better results on LINUX (shrug). I'd still be careful to only test this on isolated test netowkrs though - just in case;-)
And that can supposedly tell when it's being tampered with and sound an alarm? Hrm, think he'd have been caught faster or just caught a litle slower? I think he would still have been caught unless there's some way you can lock the door and REALLY prevent entrance. If that's possible then there's another thing that needs to be improved onthe airlines!
Slashdot Mirror
They didn't just scarf info from Google - they also did reverse DNS lookups and a ZoneTransfer. At least one college kid has had his door kicked in for having done a ZoneTransfer to a domain that had recently been hacked. (sigh) Port scanning is no biggie IMO but it seems to me a ZoneTransfer might be a little more "aggressive". Still, if their country doesn't care.....
It sure as hell isn't the CIA's running Exchange. They had a speaker at Lotusphere FROM the CIA who made it quite plain the Lotus Notes was what they were using. Very entertaining little guy too - loved it when the phone rang on the podium and he answered it. Wrong number(lol)!
Anyway, from what he said Exchange was NOT welcomed. Why would they bother to tell people that, present on it, run Notes on their Unclass server, and then run Exchange inside? You must be talking about another network....
You can simply copy the database locally and use a freely distributed tool to edit the ACL to add yourself or modify -Default-. That will NOT get you past encrypted mail using Public keys tho'. On disk encrypted dBs will also not be effected by this. Doesn't appear in the ACL log either of course. If the person hasn't set User Types you can also create a Group with the user's name and put yourself in it.
;-)
On top of that at least two folks have created code that's supposed to unlock the ID file. One by substituting the hash that's compared by the password dialog in memory with one that's created by a seperate application. That code isn't distributed depsite promises to release. The second piece of code is a bit shakier but is supposed to be able to backdoor the ID. These two groups are speaking to one another but as of yet I've not seen any results. http://www.falling-dominos.com/ was one of the sites that was working this but refuses to release code for fear of the DMCA. I want this code if anyone has it..
Lastly, there's code out there to dictionary attack the ID file. Some work would no doubt yield brute force code but source hasn't been released for this tool. I might know how it works though
Overall though - Notes is damned secure compared to the MSFT crap that's out there. R6 is looking pretty good and the RC1 beta has been running on my server\workstation for several months now rock solid. Lotus came up witha workable PKI long before X509 seemed to have caught on. Port encryption and all sorts of nice goodies too. I happen to like the client and its dirt easy to build simple apps. Even workflow apps aren't hard to build and publishing to the WEB is no biggie unless you get really tricky. My home server is running Notes and except for the mile long URLs I find it pretty friendly...
If you told an airplane engineer about how the Wright Brother's designed and built their airplane that they'd kringe too! This guy apparenty welds structures for a lving and if you read the story they didn't send the kidster over anything but the mildest portions of the track. I'd say the guy is at least trying to be safe about it - we cannot eliminate all risk from life can we?
P.S. Send the guy a few bux, we trashed his site.
That sounds fair actually. I'll shoot you a couple of bux however before you bring it back up it sounds like you might want to crunch down a few of th epics. If they're really 700K you'd be much better off squishing them down to say 70K. Depending upon how you set it up - say thumbnails - you could really cut down the bandwidth that we're easting up on the site.
;-)
Will be interesting to see who actually contributes, please post back and let us know
If your only beef is the lack of PCI it CAN take two cards. It also has 10/100 Ethernet on it so it can network just fine. With everything it's already got I was just wondering why more than one PCI card was so important. Insight is all...
TV tuner makes sense, I hadn't thought of that but what else? I'd think that for many people this sucker would be pretty good. Not for a super-duper server or anything but you've got to give them credit - they put an awful lot into it.
Hrm, wonder if it could be run off of a 12volt battery pack or gel cell. That CPU very thirsty? Very hot?
Its got quite a bit of onboard I/O on it already. AGP video, sound and ethernet have been taken care of as has TV out. What would you use the PCI slot for other than maybe a modem or second NIC? This isn't meant to be a mainstream gaming machine or desktop box... However at the price they've quoted I'd bet it would work well as a portable MP3 box for the car or whatnot. It's ogt lot's of possibilities IMO. Maybe slap a wireless card in it and go wardriving with it? :-)
P.s. Looks like one of the optional modules was a cable for a "2nd PCI device" so perhaps it's more flexible than you realized?
Address that. Was the DMCA not in effect? How is what Sony charged different?
Frankly, legal or not it sux. I'm more than willing to violate those laws that are just plain crap. I will support the EFF and I will continue to try and educate those folks I meet who don't understand why the DMCA needs to be dumped. Kripes the damned thing contains a clause protecting BOAT HULL DESIGN! Add this new SSSCA pile and the protections that Disney and friends purchased. I'm more than happy to boycott, vote, and support while violating. Honestly though the list of companies screwing us is getting to long and entangled that it's mighty hard to keep track of them all (sigh).
And Blizzard should be going after the client side violators. In your example I see no infraction by the BnetD folks - all they did was provide software that clients CHOSE to use. Where's the problem? We should prosecute knife makers for murders too? That's an extreme example but can you follow the logic?
Does this differ from IBM suing Phoenix for reverse engineering the SOFTWARE in their BIOS? These people had NO access to the original source SERVER software - this was a black box reverse engineering job - simple as that. Does the DMCA prevent Reverse Engineering? If so I wonder where we would be without 3rd party BIOS implementations... For that matter Sony vs Bleem is a good example as well - they reversed how it worked, built server software of a sort and even SOLD it (the horror!). So, how exactly does this differ? There was a protection mechanism of sorts present, this is true, but instead of breaking it they simply failed to implement it. Where did they do wrong?
You'd be $hit out of luck IMHO. If you build a networking protocol that only allows certain computers or clients to talk to one another and someone decides they want to do the same thing by reverse engineering yours you've got no leg to stand on. Unless there was some sort of copy protection (DMCA SUX!) in it that they had to crack then Sorry Charlie.
:-) Not that I'm o sure I want to deal with Blizzard after this mind you....
In this case it would seem that Blizzard feels that they DID have some sort of copy protection and that this software went around it - that's not so. What Blizzard HAD was a FEATURE in their server software that performed the JOB of checking for legit copies. While that could be construed as some sort of "copy protection" these guys did NOT crack it. They did NOT infringe - they simply chose not to include that feature. And for this Blizzard is unhappy? Would they have been happier if these guys had cracked their feature and implemented it? I think not...
The scenario of the early IBM BIOS has ben brought up before and I believe it's a VERY good parallel. IBM tried to take Phoenix and others to court for creating a "clone" BIOS years ago. However these folks were smart enough to have created a "clean room" implementation of the IBM BIOS. They simply (cough) created two teams - one to examine the original BIOS completely and the other to create a version of it without ever seeing the real original code. They were able to ask questions about timings and what occured when certain signals were injected into the "black box" - the results of those questions influenced their coding. When done they had code that did the same JOB as the original firmware but one that didn't actually the same CODE.
IBM lost their case - as Blizzard should surely lose theirs. These programmers never had access to Blizzard's original works - how could they possibly have infringed? IMO this is pretty cut and dry. Unless these people have included portions of the Blizzard binary or other "works" in their code they have no leg to stand on. Saddest of all is that these people are FANS of Blizzard's work and they are being stupid enough to alienate them. Duh!
Personally, I'm happiest with clients like iD has created (Quake etc.). Yeah, they rely on a "master server" but they don't require you to go through their "portal" to get the information you want. For that matter iD releases SOURCE of older games - they're VERY friendly to their fans and I buy their products as a result. Tribes and others have used this model too - it's nice though I don't think they release source. The GameSpy software sprung from this and I think it's terrific when a 3rd party can concentrate on a niche like that. Enter Blizzard... I don't know how different the Blizzard model is but if it's "broken" enough for people to work to code their own then they've got problems that need to be addressed by something other than a lawsuit against their fans. somehow I cannot imagine a company like iD doing this. Funny, I was considering buying one of their games too - glad I DL'ed the server code before it got zapped
Steering systems were apparently being run under NT in some way. I cannot imagine anyone feeling WIN9x was ever suitable for a mission critical application like that but possibly NT. That they apparently didn't have a suitable mechanical backup is telling - no chance of power being knocked out to that system during an actual fight? No chance of the computer hardware taking smoke damage and dying? Who builds these things?!
Those that are really serious about hacking Microsoft products need to see the source code in order to figure this out don't they? Let's just hide it away and keep building products based off of it - it'll be secure that way won't it?
Don't kid yourself. If you think that looking at the source code is all that it would take to force your servers to replicate with a hacked BDC then perhaps you shouldn't be running NT. Look at what the SAMBA group has done with regards to reversing NT's mechanisms, do you really think that someone else wouldn't be able to do that if there was only something obsfucated hiding the problems? Did the SAMBA group have access to soource? Nope! You've got the source for Linux available to you and everyone else yet for some reason the result hasn't been massive failures but rather betterment of the code.
Hiding problems isn't the way to secure a machine, you sure you don't maybe work for Microsoft? You certainly sound like you might. Microsoft would love nothing more than to keep their security issues out of the public eye. That will do nothing but drive exploits underground - not that he DMCA hasn't already contributed greatly to that very thing (sigh).
Buffer overflows may have just become even easier to get Admin with. Certainly the server should be faster (cough). Frankly, I don't want to see IIS go away I just want to see it become more secure!
I setup a water cooled system on my highly overclocked CPU some time ago with some interesting results.
;-)
;-)
The water block was made from a cutoff PCV piping cap mounted over an old heatsink. I used a surplus Peltier from All Electronics and I used my computer's power supply to run the Peltier. The water pump was a fountain unit sourced from an online supply company and was intended for 24X7 use squirting water in the air of someone's small pond.
My first problem was SEALING the damned water block. Pinhole leaks were a PITA but with time I got a good seal using some SERIOUS automotive gasket sealer (Tough Stuff I think it was called). Nowadays you can buy built water blocks - I'd suggest doing this! They're not THAT expensive and you really don't need a super big one for this project. The second problem was that the water supply got VERY warm over the course of about 8 hours. This was 5gallons of water in an old cat litter bucket - sealed. There was actually steam rising from the water! Solving this was as simple as buying a trans cooler at the local auto-suply store. The water still got hot until I put a small FAN on the trans cooler - this is a must! With no airflow the trans cooler acted as a very poor heatsink. Melted quite a bit of snow on it though
The above setup allowed me to nearly double the clock speed of the CPU I was using - an older Celeron. I don't recall my highest peak but I'm pretty sure I was hitting a Gig long before Intel released one. I ran Distributed Net's program so the CPU was tasked 100% 24X7. This program raises CPU temps noticably! Temp on the CPU sensor was nearly freezing measured from just under the CPU - I used a special add-in board to measure this as MBs at that time had no temp sensing. Unfortunatly this nice board is no longer sold or supported - it was called Heat Sentry I think.
The best part about this whole system was the silence. I mean ZERO noise except from the power supply fan. The pump barely hums when it runs submerged and I was able to remove ALL of my case fans - there were many of these. I loved this system! I found that a small amount of Clorox would kill the bacteria that quickly formed (ick!) and had no need to experiment with Water Wetter or dishwasher spot remover in order to up the cooling ability - my CPU temps were stable and reliable.
I did have some ongoing problems and one that finally killed the project until I have more time. First - condensation UNDER the CPU. Temps beneath the CPU were nearly freezing and certainly below dew point. Condensation would occasionally form around the pins of the CPU leading to an occasional system crash. Fixing this would sometimes require a hairdryer to dry the socket (sigh). I never tried dielectric grease or foam insulation under the CPU. Both of these ideas should be used if someone attempts to duplicate what I did. The second and worst problem was what occured when the system must've locked up early one day while I was at work. With no load to heat the Peltier it cooled WAY down. I came home to a dead system that had a solid block of ICE around the CPU socket area and onto the water block. As the ice furthest from the Peltier melted it dropped water onto my video card! The video card ended up fried but no other hardware was damaged. There were some tense moments with the hairdryer though! At that point I decided that the added frames in my game of the week and the extra keys in RC5 simply weren't worth the trouble of insulating everything. I pulled my fan\trans cooler out of the window and put it all away for another day. I DO still have the Peltier, tran cooler, water pump\resevoir, and a brand new aluminum water block on my shelf though. My unlocked AMD CPU now runs a bit over 1.4GIG with a good copper heatsink (aircooled). At some point when I've got time I'll water cool again as it was lot's of fun but I've simply not got the time right now.
A feedback system to monitor Peltier temps would've been a nice addition as would a seperate power supply to run it. I was using a +12 and a -5 lead if memory serves. Without water flowing the CPU block's water hoses got pretty pliable with the heat and I was sure the water in there was nearly boiling. Monitoring the pump and the Peltier would be good ideas especially with today's super fragile CPUs. I noted that my plastic hose deteriorating over time from having been submerged in water for so long. I also had to cut the mounting ends on my trans cooler in order to up the water flow and lower back pressure. No antifreeze was EVER used - it lowers cooling ability as any gearhead can tell you. I used tap water with infrequent water changes once the system was closed up.
Straight water does a VERY good job of removing the heat compared to convection and I predict that it won't be too long before we start using more advanced methods of cooling other than simply bolting on a still bigger block of heavy crap onto our CPUs. Cooling pipes at the very least look interesting as does liquid cooling sometime in the future. Lookup amatuer astronomy and how they cool the Peltiers that cool their CCDs to below freezing for ideas. These guys were way ahead of the Overclockers and I learned a great deal from some of their projects....
P.S. A shame I didn't see this article when first posted. No Karma for me this time
Check your vendors site for a WEP patch, turn ON WEP (this will hurt bandwidth...), filter on MAC address, consider using static IPs for Wi-Fi clients, turn OFF beaconing on your AP. In addition change the default infomation on your AP and try not to use really descriptive strings with say your name in them (ahem). Something like "noneofyourbusiness" is a bad idea too - some turkey in my area has that one with WEP turned on and I'm VERY tempted to take him out ;-)
:-)
Oh yeah, and I pray you didn't but a damned DLink AP. I've yet to figure out how to turn off beaconing on mine and the config program locks up my PC or the AP as often as it manages to make thc hanges I've requested! No ability to add an external antenna ability either. Grr!
For some fun goto NetStumbler.com
While some folks think that 350feet is the max I've spoken to folks who have gone MILES. Just like those stupid baby monitor\bugs that people put in their house - the antenna on the reciever makes a BIG difference. While the moron that's using the crappy baby monitor reciever can only go a few feet with it before reception is lost anyone else with a decent antenna can pick it up blocks away! Same with 802.11b - I can pick up APs hundreds of yards away while driving along a 75mph down the road using NetStumbler. (shrug)
Interesting to see how many companies think they don't have wireless on their networks but DO because some bonehead slapped it on without telling the IT staff. 75% of the APs I find don't run WEP and those that do probably aren't patched. The smart ones don't beacon - most DO beacon. Airsnort should find all of them though but I've not YET tried it out. There's only one good sniffer I've found for Windows but it's expensive (WildPackets.com).
Go look at the nationwide map over a NetStumbler. http://www.netstumbler.com/nation.php Friends and I have contributed several hundred APs and I've "stumbled" a few others out doing the same thing. 802.11b is incredibly common these days. I used to pick up 2 APs between my house and the main highway, I picked up 8 this past weekend after not having checked for a month! One trip alone netted 66APs and that was a short trip. People are starting to map this stuff with MapPoint and convert the data for other programs too. Heh, it's fun actually. Amazing how many of those APs give out DHCP addresses too. It's almost easier to go find an open AP attached to a cable modem than it is to use my crappy modem at home to DL the big files (sigh).
Anyway, it's easy and it's fun. Judging from my logs it' also pretty popular in my area as I come across others doing the same...
Several very good programs support it including Netstumbler and it will allow the use of an external antenna. If you use Linux then consider the cheapo' DLink which has a Prism chipset that will support Airsnort. It can accept an external antenna with a bit of soldering :-)
;-)
So far as I can tell - it's not so much the card as it is the antenna. I own a DLink, Orinoco Gold, and Sony VAIO card right now. Using a crappy DLink AP (BIG mistake!) all of them work somewhat well but as range increases I can slap my antenna on the Orinoco or Sony cards and increase my signal reception easily. Do yourself a favor and spend a little more on the Orinoco card, get say a Linksys AP, and be happy. It really is a pretty neat technology. Portable too - my AP is going to BlackHat with me again this year
He mentions a guy who was into SPORTS falling in love with a hooker not with the SINGER. The white guy who was into sports DID fall for a hooker. He even did forensic tests on her blouse in order to prove that the guy spit on her. I believe it was an assualt case and she was being charged (missed the beginning) for attacking the security guy. Turns out the security guy provoked her by spitting on her etc..
:-P
Anyway, he ends up looking like he's fallen for her but ends up not getting involved at the very end. She kisses him and off he goes on his merry way. Katz refers to more than just this last episode
Not quite like the Profiler show but they DID have a crime that spanned SEVERAL episodes. It took them three shows at least to catch this guy and it was a pretty tangled web by the time they were done. It started with a "suicide" that had the person telling the world why they were doing it on audio tape. It was pretty cool IMO but I'd agree they need to do it more often. Migh tbe interesting if they pulled some of their story lines from real crimes too.
As for relationships - yes those are starting to finally form! What I think is interesting is how for instance one guy is big into bugs, another is awesome with recorded tapes, ad how some are good at other things - but they've never really spelled his out. I've seen them talk about how Grism (sp?) is the big bug guy but no one has mentioned anything about how this one guy got so good with audio and video. He's a musician and apparently gifted but no other reason has yet been given. (shrug) Hopefully that will develop with time...
As I recall they didn't have an "exact" number but were sort of taking side bets and guessing as to the numbers. I'm not sure they ever confirmed exactly how many people had been there but it's possible they were exaggerating.
:-( Heh, then again if you're O.J. you can hire the best to find out when the cops don't follow procedure or taint the evidence.... Yeah, I think he was guilty but if I'd been on the jury seeing how the police had apparently mucked with the evidence I'd have had to let him go too!
I've used a black light to show urine (pets!) on carpet but never tried it with any other substance. I suppose it's possible the light would show semen etc. as a different color. Even using the UV on my carpet I sometimes find things that aren't urine from a pet accident so I guess nearly any chemical might change the way the material is seen. If you're looking at bedsheets then whatever funky stain shows up is probably going to be semen etc..
As for changing the sheets... Yeah, I seem to recall they made a big deal out of the guy's place being neat (fuzzy memory). If so then why weren't the sheets washed more often? The girl was pregnant and far along enough that she knew it so figure at least a couple of weeks. He didn't wash his sheets for WEEKS?! Umm, yeah that's kind of weird. It's not like the stains don't show up without the benefit of UV either. I don't know about you but sleeping in a bed polka dotted with "stains" would creep me out - those seets would be in the trash or the laundry ASAP....
FWIW - I LIKE this show. I've missed VERY few episodes and while the science sometimes seems stretched I still like it. What I wonder about mostly though is how these folks get to spend so much time on each case. The lab guy is always bitching about being so backed up yet these people work on maybe 2 cases a night and are the "night shift". What, Day Shift accounts for so much work that the lab guy can hardly keep up? I can only hope that someone will have that kind of time if I get accused of something to save my ass. Chances are good that they won't
We've now run this against some older CISCO stuff with an older IOS that we'll upgrade for testing. With some testing you can get it to reboot or overflow in about 2 packets :-) Send it to a broadcast address and unleash HELL! This could be interesting, I'm surprised no one has built something to do this on a widespread basis yet. Perhaps they've not done the testing to find the magic packets or mayboe not all equipment is this vulnerable? We'll see...
Only a few places where they can be used legitimately? Try WAR! Have we gotten so damned PC that we're squeemish about war? What's next, we don't actually kill our enemies we put them in cushy prisons instead? Oh wait, we do that don't we?
Sorry, but if we're at WAR with enemies then lay mines if that's what you must do to stop an opposing force. If a civilian gets killed then that really sux but I'd prefer a civilian than one of our soldiers.
After the war when the mines must be removed then by all means it's nice to have maps but if they were laid in haste then we'll deal with that when the time comes. Does that suck for places like Afghanistan? Yes, it does but we can't all live in a fluffy bunny world where everyone is afraid to offend much less hurt an enemy (rolleyes). In a WAR I can think of LOT'S of proper places to put mines....
I was made aware of this test suite just a few days before CERT put out it's alert on this - early I might add. The software has been available on that WEB site for MONTHS! Anyone who cared to download it could've tested this themselves - it's a pretty complete test suite.
:-)
;-)
Anyway, I was asked to test this set of tools against MSFT servers and then some networking hardware. So far the tests against WIN2K have been pretty good. I've managed to get SNMP to die gracefully a total of 2 times. No BSOD, the service simply dies. Howver in order to do this I had to run all 4 test sets at once and damn near FLOOD the machine I was testing - over 5meg worth of data at one point. When the service did die it didn't die consistantly - that is to say we cannot pick a single "magic packet" to kill WIN2K's SNMP service. Starting all test suites at the same point kills the service only occasionally and always at different test sets. I've been told via word of mouth that NT4 is even more robust - we're testing that next.
IF we get the same results from NT4 then it would seem to me that Microsoft's response to this isn't so bad. Their software doesn't APPEAR to be particularly vulnerable - hell if anything I was surprised at how robust it seemed to be with the absolute FLOOD of pure crap we were sending it's way - SNORT was going nutz BTW noting "potentially dangerous traffic" (lol).
Networking hardware may or may not be effected more easily. We've had some procurement issues but I expect we'll be attacking some test equipment soon - starting with CISCO stuff. Network management software also tends to talk SNMP. TIVOLI (note IBM didn't really mention this in their response - AIX?!), Compaq Insight Manager, TNG, HP OpenView, and many others could be effected. We're going to test what we can based on what we use. Printers and other networked office equipment might also have issues but that's low on my list of priorities right now.
Overall, I'm not really worried by this YET. When it was first brought to my attention the message was one of panic - that this software would be the "kiss of death" for most anything running SNMP even if the Community string wasn't known. Well, so far it's really yet to kill much of anything in our lab! I'm sure we'll find some things that keel over more quickly but so far our primary operating platform has shrugged off 99% of these attacks and our IDS spotted it even without having an alert put on it just for this traffic.
Anyone else testing this software? Finding problems? Hint: it seems to work best when run off of LINUX\Java. When run on a WIN2K\Java platform it didn't appear to form the packets correctly - we're getting different\better results on LINUX (shrug). I'd still be careful to only test this on isolated test netowkrs though - just in case
And that can supposedly tell when it's being tampered with and sound an alarm? Hrm, think he'd have been caught faster or just caught a litle slower? I think he would still have been caught unless there's some way you can lock the door and REALLY prevent entrance. If that's possible then there's another thing that needs to be improved onthe airlines!