Um...nothing. I'm not sure where other parts of this thread have gone, but I think the main point is that it's important for everyone to apply the patch, because a working exploit exists for most of the platforms that people use, and it can be used to create a worm. Anything beyond that is religion, and it's pointless to get caught up in that.
Windows XP SP2 is the current version of Windows. Has been for almost two years. Aside from Windows XP SP1 all other versions of Windows are no longer supported by Microsoft.
Well, that's a relief. I was worried that millions of PCs and servers might still be out there running Windows 2000 and NT, and might help propagate some sort of worm. As long as all computers are magically running the currently-supported versions of Windows, I guess we're OK.
which was deemed wormable on all Windows versions, including Windows XP SP2 and Windows Server 2003 SP1
HD Moore posted a followup to the Daily Dave mailing list admitting defeat on those two platforms:
Time to eat my words. The wcscpy() destination pointer trick doesn't seem doable on XP SP2 or 2003 SP1. I don't believe you can exploit this bug for more than a DoS on 2003 SP2/XP SP1. If you have information to the contrary, please share.
All other Windows platforms remain easily exploitable, though.
Perhaps, like me, he simply chose to forget that the second and third Matrix films were ever conceived and made. I think the first movie was some excellent sci-fi, and didn't get too far into the hokey theology.
And why do you have to hate on Mad Max? Once again leaving aside the sequels, that was a classic!
I haven't been downloading much lately just because I have DirecTV and Tivo now but I downloaded this week's Simpsons' and Arrested Development episodes because they were both preempted by Survivor's off-night finale bullshit.
So, since Survivor is on CBS and the shows you missed are on Fox, you must have Survivor ranked higher on your Tivo than Simpsons and Arrested Development? If so, you got what you deserved.
Cycles are being wasted just so that some jack-ass can come along and close your work up again.
Of course, no one can close code that has been released with a BSD license. That person IS free to release their own closed version, or something else that incorporates the original code, but the copyright remains intact and the original codebase is not affected. This is the point of the BSD license -- free, unencumbered access to the source code while preserving copyright.
In contrast, the GPL grants full access to source, so long as all changes are released in turn. That's a noble cause, but it is imposing restrictions that the BSD license does not.
This document, which is copyright 1993, describes a similar system. If nothing else, it may give you a starting point to talk to some people that developed similar applications prior to that one.
It's mighty early in the morning, so I won't try to tackle all the questions, just these that jumped out at me:
1. There's no reason why a workstation participating in an Active Directory domain shouldn't be able to access older style NT or Samba shares. There are a few departments where I work that have (stupidly) deployed Active Directory, but it hasn't affected their access to our NT 4 file server. Well, except that they have no idea what they're doing, so that gets them sometimes:)
2. Using Kerberos in Win2k should work, as long as any Unix Kerb5 servers are slaves to the 2k server. From my reading, any attempt to use the AD LDAP for anything else is doomed to failure. Microsoft is supporting heterogeneous environments only to the extent that it moves people to their software, so they won't make it easy to maintain support of Unix systems.
3. If you're given your own Organizational Unit within the active directory, you can choose to block inheritance of permissions and policies and whatnot, and maintain a certain level of autonomy.
5. We've been going through the preliminary planning of rolling out AD in our mixed environment(NT, Solaris, Netware), and while it's been ugly, it doesn't seem hopeless. Services for Unix 2 promises a lot (password sync among them), and if it can deliver, then integration becomes that much easier. Just keep in mind that any Microsoft solution is offerred with the intention of burying your Unix boxes.
Yes, it's been EVALUATED, not certified. Bad choice of words. The evaluation, however, means that it is a C2-rated product. Semantics is an ugly game.
I understand that the 3.5 certification was without a network or floppy drive, but that isn't the only C2 rated NT product, which is what I was driving at.
I hate being put into a position where I feel like I'm defending Microsoft, but it's silly to play word games with these ratings. NT 4 has been evaluated at C2, and so it has a C2 rating.
This bores me now. Anyone that actually cares to know can jump around the TPEP site and draw their own conclusions.
Well, yeah. The best you can do is duplicate the configuration under which they achieved the C2 certification, unless you want to pay for certification of your own setup. It doesn't change the fact that they achieved the rating, and that by following the same guidelines, someone else can have their installation certified. Since C2 can only be officially certified on a case-by-case basis, it seems like they've done all they can to prepare people for it.
I linked to a checklist of things you need to change to match their configuration, so I didn't intend to mean a default install of NT is compliant. I simply intended to show that NT4 can be made C2 compliant, and put an end to the 3.51/no floppy/no network anecdotes.
Found this on Microsoft's site a while back, and somewhere else on their site is a document explaining how they got C2 certification for NT4. The story about 3.51 being certified without a network connection or floppy drive is quickly becoming urban legend, or at least a standard slur whenever the subject is brought up.
Anyway, they seem to have C2 certification for NT4.
Of course, one coudl always revert to a standard news reader, get onto usenet, and forgo the middleman altogether, couldn't they???
Oh my. Surely you aren't suggesting that a web browser isn't the best way to do everything on the internet? The idea of people using the proper tool for the job must wake Mozilla developers in the middle of the night, screaming.
My mistake...apparently I've been feeding a troll. I apologize to the Slashdot community, and to Emerson's mother for not leaving any money on the nightstand when I left.
How can you laud this kind of insult to music? I am utterly insulted by the idea that you could reduce a great art form like music to little numbers and digits. So I suppose we can just forget about all the creativity and emotion that are infused into the works of a musician and classify it as something soulless and robotic like math?
Well, it works for putting music on CDs, doesn't it?
That's odd. If I were looking to find the next Timothy McVeigh, I'd be checking on people that bought massive amounts of fertilizer, and rented a Ryder truck. I don't think any amount of email-scanning would have stopped that one, so let's not have any more red herrings, ok?
I'd like to know exactly what information the FBI believes it can gain, that cannot be gained through the process of collecting actual evidence. They claim that Carnivore has been used 16 times this year, 10 of those times in matters of "national security." What were these national security issues? I'm sure they'd love for us to believe that they caught 10 big bad terrorists, but I imagine they well all along the lines of reading MafiaBoy's email.
I'm all for stopping terrorism, but how naive do you have to be to believe that the FBI actually means it when they bring up terrorism and kiddy porn? The bottom line is that they want to keep track of every single person that they can, and Carnivore allows them to gather all kinds of nifty information, which they will not ever be held accountable for, since they only need to reveal they've done it if they try to use the information in prosecution.
If you plan to establish any sort of TCP connection (in order to download or upload files, that's pretty hard to get around), you will at least be visible to the computer you've connected with. Gnutella provides a means to advertise a different IP, but once the connection is established, it's pretty tough to hide.
They really need to do something about their website. I'm not likely to buy any product based on zero information, and just a claim that it will work. Digging a little deeper, it would appear that their Exchange client requires a component to be installed on the Exchange server, which makes it largely useless to most people, who are unwilling/unable to make changes to their server.
My company uses Microsoft Exchange (or Lotus Notes). Will I be able to replace my Windows machine with a Linux machine running Evolution?
We will support as many (useful) open protocols as we can, but the first release will most likely not be able to interoperate with all of the features of various closed proprietary systems.
Beyond that, I have no idea. Personally, I use Exchange webmail to access my mail from OpenBSD and Be, so I'm content to wait until they have something worthwhile to download.
In the FAQ, they mention that they're working on open protocols first, and hope to introduce support for proprietary systems like Exchange and Domino later.
Slashdot Mirror
What would you have Microsoft do?
Um...nothing. I'm not sure where other parts of this thread have gone, but I think the main point is that it's important for everyone to apply the patch, because a working exploit exists for most of the platforms that people use, and it can be used to create a worm. Anything beyond that is religion, and it's pointless to get caught up in that.
Windows XP SP2 is the current version of Windows. Has been for almost two years. Aside from Windows XP SP1 all other versions of Windows are no longer supported by Microsoft.
Well, that's a relief. I was worried that millions of PCs and servers might still be out there running Windows 2000 and NT, and might help propagate some sort of worm. As long as all computers are magically running the currently-supported versions of Windows, I guess we're OK.
which was deemed wormable on all Windows versions, including Windows XP SP2 and Windows Server 2003 SP1
HD Moore posted a followup to the Daily Dave mailing list admitting defeat on those two platforms:
Time to eat my words. The wcscpy() destination pointer trick doesn't seem
doable on XP SP2 or 2003 SP1. I don't believe you can exploit this bug
for more than a DoS on 2003 SP2/XP SP1. If you have information to the
contrary, please share.
All other Windows platforms remain easily exploitable, though.
Slashdot has ads? Can't say as I've seen them. That may explain why many Slashdot/Firefox/AdBlock users aren't complaining.
And why do you have to hate on Mad Max? Once again leaving aside the sequels, that was a classic!
That's GNU/MyDoom
I haven't been downloading much lately just because I have DirecTV and Tivo now but I downloaded this week's Simpsons' and Arrested Development episodes because they were both preempted by Survivor's off-night finale bullshit.
So, since Survivor is on CBS and the shows you missed are on Fox, you must have Survivor ranked higher on your Tivo than Simpsons and Arrested Development? If so, you got what you deserved.
Cycles are being wasted just so that some jack-ass can come along and close your work up again.
Of course, no one can close code that has been released with a BSD license. That person IS free to release their own closed version, or something else that incorporates the original code, but the copyright remains intact and the original codebase is not affected. This is the point of the BSD license -- free, unencumbered access to the source code while preserving copyright.
In contrast, the GPL grants full access to source, so long as all changes are released in turn. That's a noble cause, but it is imposing restrictions that the BSD license does not.
No. Sendmail doesn't accept external connections in a default OpenBSD install.
This document, which is copyright 1993, describes a similar system. If nothing else, it may give you a starting point to talk to some people that developed similar applications prior to that one.
On mouse-over, their links change to maroon in IE.
1. There's no reason why a workstation participating in an Active Directory domain shouldn't be able to access older style NT or Samba shares. There are a few departments where I work that have (stupidly) deployed Active Directory, but it hasn't affected their access to our NT 4 file server. Well, except that they have no idea what they're doing, so that gets them sometimes :)
2. Using Kerberos in Win2k should work, as long as any Unix Kerb5 servers are slaves to the 2k server. From my reading, any attempt to use the AD LDAP for anything else is doomed to failure. Microsoft is supporting heterogeneous environments only to the extent that it moves people to their software, so they won't make it easy to maintain support of Unix systems.
3. If you're given your own Organizational Unit within the active directory, you can choose to block inheritance of permissions and policies and whatnot, and maintain a certain level of autonomy.
5. We've been going through the preliminary planning of rolling out AD in our mixed environment(NT, Solaris, Netware), and while it's been ugly, it doesn't seem hopeless. Services for Unix 2 promises a lot (password sync among them), and if it can deliver, then integration becomes that much easier. Just keep in mind that any Microsoft solution is offerred with the intention of burying your Unix boxes.
I understand that the 3.5 certification was without a network or floppy drive, but that isn't the only C2 rated NT product, which is what I was driving at.
I hate being put into a position where I feel like I'm defending Microsoft, but it's silly to play word games with these ratings. NT 4 has been evaluated at C2, and so it has a C2 rating.
This bores me now. Anyone that actually cares to know can jump around the TPEP site and draw their own conclusions.
I linked to a checklist of things you need to change to match their configuration, so I didn't intend to mean a default install of NT is compliant. I simply intended to show that NT4 can be made C2 compliant, and put an end to the 3.51/no floppy/no network anecdotes.
Anyway, they seem to have C2 certification for NT4.
Oh my. Surely you aren't suggesting that a web browser isn't the best way to do everything on the internet? The idea of people using the proper tool for the job must wake Mozilla developers in the middle of the night, screaming.
My mistake...apparently I've been feeding a troll. I apologize to the Slashdot community, and to Emerson's mother for not leaving any money on the nightstand when I left.
Well, it works for putting music on CDs, doesn't it?
I'd like to know exactly what information the FBI believes it can gain, that cannot be gained through the process of collecting actual evidence. They claim that Carnivore has been used 16 times this year, 10 of those times in matters of "national security." What were these national security issues? I'm sure they'd love for us to believe that they caught 10 big bad terrorists, but I imagine they well all along the lines of reading MafiaBoy's email.
I'm all for stopping terrorism, but how naive do you have to be to believe that the FBI actually means it when they bring up terrorism and kiddy porn? The bottom line is that they want to keep track of every single person that they can, and Carnivore allows them to gather all kinds of nifty information, which they will not ever be held accountable for, since they only need to reveal they've done it if they try to use the information in prosecution.
Switched networks aren't impervious to sniffing. Switches were developed for speed, not security.
If you plan to establish any sort of TCP connection (in order to download or upload files, that's pretty hard to get around), you will at least be visible to the computer you've connected with. Gnutella provides a means to advertise a different IP, but once the connection is established, it's pretty tough to hide.
They really need to do something about their website. I'm not likely to buy any product based on zero information, and just a claim that it will work. Digging a little deeper, it would appear that their Exchange client requires a component to be installed on the Exchange server, which makes it largely useless to most people, who are unwilling/unable to make changes to their server.
Beyond that, I have no idea. Personally, I use Exchange webmail to access my mail from OpenBSD and Be, so I'm content to wait until they have something worthwhile to download.
Sorry 'bout that
In the FAQ, they mention that they're working on open protocols first, and hope to introduce support for proprietary systems like Exchange and Domino later.