Automatic responses to email, SMTP specifically, is discussed in RFC 822. This RFC was published on August 13, 1982 and is listed as an industry standard.
4.4.4. AUTOMATIC USE OF FROM / SENDER / REPLY-TO
For systems which automatically generate address lists for
replies to messages, the following recommendations are made:
o The "Sender" field mailbox should be sent notices of
any problems in transport or delivery of the original
messages. If there is no "Sender" field, then the
"From" field mailbox should be used.
o The "Sender" field mailbox should NEVER be used
automatically, in a recipient's reply message.
o If the "Reply-To" field exists, then the reply should
go to the addresses indicated in that field and not to
the address(es) indicated in the "From" field.
o If there is a "From" field, but no "Reply-To" field,
the reply should be sent to the address(es) indicated
in the "From" field.
Sometimes, a recipient may actually wish to communicate with
the person that initiated the message transfer. In such
cases, it is reasonable to use the "Sender" address.
This recommendation is intended only for automated use of
originator-fields and is not intended to suggest that replies
may not also be sent to other recipients of messages. It is
up to the respective mail-handling programs to decide what
additional facilities will be provided.
The screenshots conveniently leave out the destination ports. With out that information and without knowing what programs the user had installed or running, the entire article is a waste of time. We have no idea if the traffic is associated with a program he's running or if it's something else. He's concerned about connections that appear to originate from the U.S. Government, but isn't phased by the connections appearing to come from China. Oh noes!?! China has a backdoor in Vista!!
My guess is that he's running some P2P software. Guess what? The U.S. Government does get 0w3nD and does have problems with viruses, trojans, and P2P software.
Forced upgrades to new versions of MS Office is a normal experience in a large company. Typical senerio:
One week after a new version of MS Office is release, someone in the company gets a new computer. Unless the company has a strict policy that controls all incoming computer hardware and makes sures that said hardware is reinstalled with a standard baseline image, the company is about to go through a forced upgrage. The new computer is going to have the latest version of MS Office installed. Since it's a new computer, someone important (management) is getting said computer. The first thing the user does is open some important Excel spreadsheet or Access database that is has been deemed critical to day-to-day operations. Because it's a new version of MS Office, the user is asked if they'd like to upgrade the format that the file is formated/saved in. Of course the user will click "OK". Now, this user is the only person that can open and edit this critical file. The next thing the user does after getting a new version of MS Office is create some Word document. As soon as the user saves this document, they email it to everyone in the company. Complaints about not being able to open this document flood the HelpDesk as soon as the user hit the Send button. Instead of complaining about how the latest version of MS Office was allowed into the company without authorization, everyone complains that "so and so has the latest version of MS Office. Why don't I have the latest version of MS Office?" And the company has to shell out $LARGE_SUM to bring everyone up-to-date with the latest version of MS Office one week after it's released.
Sinse, repeat.... has it really only been 4 years since that last forced upgrage of MS Office?
I'd like to have something to make my morning commutes quicker. TomTom and a few others can receive traffic reports. If a report of a traffic jam is received, the user is given the option to detour around the traffic jam. Now if I get get everyone to detour around my daily commute route...
"Colony Collapse Disorder (CCD) occurs when a hive's inhabitants suddenly disappear, leaving only queens, eggs and a few immature workers, like so many apian Mary Celestes. The vanished bees are never found, but thought to die singly far from home. The parasites, wildlife and other bees that normally raid the honey and pollen left behind when a colony dies, refuse to go anywhere near the abandoned hives."
If parasites, wildlife, and other bees refuse to go near an abandoned hive when normally they would, then something is wrong with the hive.
Cell phone technology and the frequencies they use are not new. Unless someone can point out a new cellular or RF technology that is using a previously unused freguency and was widely distributed through out the US and Europe in the last year, then it would be hard to point to cell phones and claim they are the problem.
There is also another possibility. SCO could be trying to bait Judge Kimball into making a comment or statement about Groklaw that SCO can then use to claim he's biased. SCO would do almost anything to get the cases thrown out at this point. Why else would they make such a claim in the case that IBM is not a party to? Delay is the obvious reason. But my guess is they are fishing for more.
Although he was alarmed by Slashdot's haphazard release of its users' online replies, CEO CmdrTaco said Wednesday the privacy concerns raised by that breach won't change his website's practice of storing posts made by it's users.
"We are reasonably satisfied... that this sort of thing would not happen at Slashdot, although you can never say never," CmdrTaco said during an appearance at a major website conference in Walla Walla, WA.
The security breakdown, disclosed earlier this week, publicly exposed about 19 million replies made by over 1 million Slashdot posters during the three months ended in May. OSTG's Slashdot intended to release the data exclusively to spammers and government spooks, but the information somehow surfaced on the Internet and was widely ignored.
The lapse provided a glaring example of how the information that people post on the website can provide a window into their embarrassing, or even potentially incriminating _ wishes and desires. The replies leaked by Slashdot included condemnations of the current government as well an infatuation with Natalie Portman and hot grits.
Then you need to spend more money to secure the laptops. They should have a minimum of a host-based firewall and a VPN that is used to connect while on the road.
You also need a poilcy (THAT'S ENFORCED), that all laptops being plugged into the network need to have a vulnerability scanner and virus scanner run against them first. It sounds draconian and the users will hate it, but the policy HAS to be followed to keep the internal network secure.
Oh, and don't give the luzer's Admin access. No matter what. The first thing they do is disable any security settings or security programs that they think might get in the way.
Laptops are an easy backdoor to bypassing a network's security. Draconian measures are really the only solution. Do you think you can trust the users to do the right thing? I've seen the above measures successfully implemented. The users hate it at first. But they eventually get over it.
"Allegations in an article over at CNET propose that alternate browsers such as Firefox and Opera impede law enforcement and investigation efforts because they "use different structures, files and naming conventions for the data that investigators are after", which can "cause trouble for examiners.""
Biometrics is one mechanism for authentication. The three mechanisms for authentication are generally grouped into, something you know (password), something you have (swipe card), and something you are (biometrics). If either of the first two become compromised, they can be changed. Biometric features on your body cannot be changed. This is the major flaw behind biometrics. So the biometric community periodically playes games with the data on the backend hoping to misdirect the users away from the major flaw. "See, we hash your data, so it's secure...."
A story that is still relavent whenever biometrics is brought up:
You're missing an important point here. Massport owns the airport that Continental Airlines is broadcasting its signal from.
I understood that part. Massport is just using the wrong argument.
If Massport is going to claim that the wireless service that Continental is providing is a threat to safety and security, then Massport needs to shutdown it's own wireless service. That arguement falls under FCC regulations. However, if Massport claims that Continental is not authorized to run a wireless service, then that will more than likely fall under contract laws. The article sounds like Massport is making a false claim to get rid of the competition.
The only way the airport can have a case is if the Wi-fi signal interferes with a licensed service
If that's the case, then Massport needs to discontinue it's own wireless service. Saying that the other wireless service, "presents an unacceptable potential risk to Logan's safety and security systems" is a false claim to get rid of the competition.
This part sets out the regulations under which an intentional,
unintentional, or incidental radiator may be operated without an
individual license.
Specifically:
Sec. 15.5 General conditions of operation.
(a) Persons operating intentional or unintentional radiators shall
not be deemed to have any vested or recognizable right to continued use
of any given frequency by virtue of prior registration or certification
of equipment, or, for power line carrier systems, on the basis of prior
notification of use pursuant to Sec. 90.63(g) of this chapter.
(b) Operation of an intentional, unintentional, or incidental
radiator is subject to the conditions that no harmful interference is
caused and that interference must be accepted that may be caused by the
operation of an authorized radio station, by another intentional or
unintentional radiator, by industrial, scientific and medical (ISM)
equipment, or by an incidental radiator.
Here's a link that explains things better. It's and FAQ for Wireless ISPs when they encounter interferance from HAM operators.
Long story short, if you think someone is interferring with your wireless service, too bad. You're only recourse is to complain to the FCC and say the the offending party is operating outside of Part 15 (or whatever part may apply). I.E. - they are transmitter too much power. Commercial interest doesn't mean anything since you're an unlicensed user.
Slashdot Mirror
Automatic responses to email, SMTP specifically, is discussed in RFC 822. This RFC was published on August 13, 1982 and is listed as an industry standard.
4.4.4. AUTOMATIC USE OF FROM / SENDER / REPLY-TO
For systems which automatically generate address lists for
replies to messages, the following recommendations are made:
o The "Sender" field mailbox should be sent notices of
any problems in transport or delivery of the original
messages. If there is no "Sender" field, then the
"From" field mailbox should be used.
o The "Sender" field mailbox should NEVER be used
automatically, in a recipient's reply message.
o If the "Reply-To" field exists, then the reply should
go to the addresses indicated in that field and not to
the address(es) indicated in the "From" field.
o If there is a "From" field, but no "Reply-To" field,
the reply should be sent to the address(es) indicated
in the "From" field.
Sometimes, a recipient may actually wish to communicate with
the person that initiated the message transfer. In such
cases, it is reasonable to use the "Sender" address.
This recommendation is intended only for automated use of
originator-fields and is not intended to suggest that replies
may not also be sent to other recipients of messages. It is
up to the respective mail-handling programs to decide what
additional facilities will be provided.
Examples are provided in Appendix A.
...writer gets writer's block, blames in on (looks up excuse of the day) lack of imagination
http://en.wikipedia.org/wiki/Harry_Potter_and_the_ Deathly_Hallows
Spoilers for those who need them. The link does not pop because Slashdot strips out target=_blank.
The screenshots conveniently leave out the destination ports. With out that information and without knowing what programs the user had installed or running, the entire article is a waste of time. We have no idea if the traffic is associated with a program he's running or if it's something else. He's concerned about connections that appear to originate from the U.S. Government, but isn't phased by the connections appearing to come from China. Oh noes!?! China has a backdoor in Vista!!
My guess is that he's running some P2P software. Guess what? The U.S. Government does get 0w3nD and does have problems with viruses, trojans, and P2P software.
Nothing to see here. Move along....
Forced upgrades to new versions of MS Office is a normal experience in a large company. Typical senerio:
One week after a new version of MS Office is release, someone in the company gets a new computer. Unless the company has a strict policy that controls all incoming computer hardware and makes sures that said hardware is reinstalled with a standard baseline image, the company is about to go through a forced upgrage. The new computer is going to have the latest version of MS Office installed. Since it's a new computer, someone important (management) is getting said computer. The first thing the user does is open some important Excel spreadsheet or Access database that is has been deemed critical to day-to-day operations. Because it's a new version of MS Office, the user is asked if they'd like to upgrade the format that the file is formated/saved in. Of course the user will click "OK". Now, this user is the only person that can open and edit this critical file. The next thing the user does after getting a new version of MS Office is create some Word document. As soon as the user saves this document, they email it to everyone in the company. Complaints about not being able to open this document flood the HelpDesk as soon as the user hit the Send button. Instead of complaining about how the latest version of MS Office was allowed into the company without authorization, everyone complains that "so and so has the latest version of MS Office. Why don't I have the latest version of MS Office?" And the company has to shell out $LARGE_SUM to bring everyone up-to-date with the latest version of MS Office one week after it's released.
Sinse, repeat.... has it really only been 4 years since that last forced upgrage of MS Office?
In Soviet Russia, missle defense system's target you!
I'd like to have something to make my morning commutes quicker. TomTom and a few others can receive traffic reports. If a report of a traffic jam is received, the user is given the option to detour around the traffic jam. Now if I get get everyone to detour around my daily commute route...
From the article:
"Colony Collapse Disorder (CCD) occurs when a hive's inhabitants suddenly disappear, leaving only queens, eggs and a few immature workers, like so many apian Mary Celestes. The vanished bees are never found, but thought to die singly far from home. The parasites, wildlife and other bees that normally raid the honey and pollen left behind when a colony dies, refuse to go anywhere near the abandoned hives."
If parasites, wildlife, and other bees refuse to go near an abandoned hive when normally they would, then something is wrong with the hive.
Cell phone technology and the frequencies they use are not new. Unless someone can point out a new cellular or RF technology that is using a previously unused freguency and was widely distributed through out the US and Europe in the last year, then it would be hard to point to cell phones and claim they are the problem.
When you sue you're customers, don't be surprised when they stop buying you're product.
Previous story submitters didn't allude to a conspiracy that the government is getting 0wn3d.
There is also another possibility. SCO could be trying to bait Judge Kimball into making a comment or statement about Groklaw that SCO can then use to claim he's biased. SCO would do almost anything to get the cases thrown out at this point. Why else would they make such a claim in the case that IBM is not a party to? Delay is the obvious reason. But my guess is they are fishing for more.
http://www.google.com/search?q=+site%3Amicrosoft.c om+%22microsoft+confidential%22&btnG=Search
I always enjoy seeing proprietary markings on a company's documents. It makes finding them with a search engine much easier. Other fun search terms:
site:microsoft.com "Microsoft Internal Use Only"
site:microsoft.com "Internal Use Only"
site:microsoft.com NDA
Although he was alarmed by Slashdot's haphazard release of its users' online replies, CEO CmdrTaco said Wednesday the privacy concerns raised by that breach won't change his website's practice of storing posts made by it's users.
... that this sort of thing would not happen at Slashdot, although you can never say never," CmdrTaco said during an appearance at a major website conference in Walla Walla, WA.
"We are reasonably satisfied
The security breakdown, disclosed earlier this week, publicly exposed about 19 million replies made by over 1 million Slashdot posters during the three months ended in May. OSTG's Slashdot intended to release the data exclusively to spammers and government spooks, but the information somehow surfaced on the Internet and was widely ignored.
The lapse provided a glaring example of how the information that people post on the website can provide a window into their embarrassing, or even potentially incriminating _ wishes and desires. The replies leaked by Slashdot included condemnations of the current government as well an infatuation with Natalie Portman and hot grits.
Global Thermal Nuclear War
With China making recent threats of using nuclear weapons during a confrontation over Taiwan, this could get a little scary. Cold War II?
You also need a poilcy (THAT'S ENFORCED), that all laptops being plugged into the network need to have a vulnerability scanner and virus scanner run against them first. It sounds draconian and the users will hate it, but the policy HAS to be followed to keep the internal network secure.
Oh, and don't give the luzer's Admin access. No matter what. The first thing they do is disable any security settings or security programs that they think might get in the way.
Laptops are an easy backdoor to bypassing a network's security. Draconian measures are really the only solution. Do you think you can trust the users to do the right thing? I've seen the above measures successfully implemented. The users hate it at first. But they eventually get over it.
http://lists.immunitysec.com/pipermail/dailydave/2 005-September/002347.html
Dave's "Exactly 500 word essay on "Why hacking is cool, so that Marcus changes his web site"." http://lists.immunitysec.com/pipermail/dailydave/2 005-September/002366.html
A story that is still relavent whenever biometrics is brought up:
http://www.hindustantimes.com/news/7242_1301216,00 180008.htm
"Mod me down again......"
2 + 2 = 5
For large values of 2.
http://www.access-board.gov/508.htm
Any mention of breaking the law and violating the rights of those with disabilities will get the attention of any decision maker. (Think lawsuits!!!)
If Massport is going to claim that the wireless service that Continental is providing is a threat to safety and security, then Massport needs to shutdown it's own wireless service. That arguement falls under FCC regulations. However, if Massport claims that Continental is not authorized to run a wireless service, then that will more than likely fall under contract laws. The article sounds like Massport is making a false claim to get rid of the competition.
http://www.access.gpo.gov/nara/cfr/waisidx_04/47cf r15_04.html
Specifically: Here's a link that explains things better. It's and FAQ for Wireless ISPs when they encounter interferance from HAM operators.http://www.qrpis.org/~k3ng/ham_wisp.html
Long story short, if you think someone is interferring with your wireless service, too bad. You're only recourse is to complain to the FCC and say the the offending party is operating outside of Part 15 (or whatever part may apply). I.E. - they are transmitter too much power. Commercial interest doesn't mean anything since you're an unlicensed user.