Er, using Occam's Razor, I deduce that it's a simple matter of the Agent Smith that crossed into the real world has gone mad, and cut his hand for the hell of it.
People who have lost their mind do things like that, you know. Self mutilation. He doesn't care about the body he's inhabiting, maybe the pain helped crystalize his hatered towards Neo?
I don't think he was going to shake his hand, he was going to stab him.:)
Except, with Ghost, you could install 1000 machines in 30 minutes - using multicast.
A couple might fail and you'd have to redo them, but if you have a 100Mbit switched network (or gig, even better) then its about 30 minutes to blast a Windows 2000 install to any number of machines.
I love macs, typing this on a PB17", but all the apple zealots out there really make me ashamed sometimes.
Macs are strong in some areas, and weak in others. If it wins in something, DONT RUB PEOPLES FACES IN IT. They don't care.
It's a bit underhanded, I know, and some people might actually LIKE getting called by telemarketers - but it struck me that it would be rather easy to automate adding every phone number listed in the United States to the DNC registry.
Write a script that hits the page, enters in 3 phone numbers, waits for the mail to be sent to an address it generates on the fly, 'clicks' the link, rinse, repeat.
No telemarketing!:D
Ok, Bad Idea. I should remember where I'm writing this. Someone is likely to go off and do it.
If the worm writer was a little bit smarter, he would have had the worm distribute the patches the same way it distributes itself - via the TFTP server.
Ho ho ho.
It's times like these I love running Mac OS X. Mind you, that doesn't mean I'm safe from trojans. It just means I'm safe from Windows trojans.;)
Today it's a good worm that patches your machine, tomorrow it's a good worm that patches your machine and installs a very well hidden trojan that turns your machine into a packet generator for some lame IRC script kiddie.
So-called "good" worms have a far higher potential for damage than known "bad" worms - simply because people like you will make the mistake that it's doing you a favour, and won't do the right thing when they get infected with it.
"Oh, its a GOOD worm. That makes it ok! I won't worry about it. I'll let it just get on with what it's doing, good little wormy wormy!" *pat pat*
Unfortunately, with windows it's very hard to *push* a patch out to a few thousand machines. You can do it with SMS (System Management Service or whatever it's called) but not everyone pays for that.
So, usually it involves the 10 or so helpdesk monkeys to split up the 2000 machines between themselves, and work through it.
All the while answering questions from curious users about the virus, how it spread, what damage it is doing, etc.
That can take a few days at least.
Then they have to hunt down the last 2 machines that are somewhere on their network that they cannot find but are still infected... which takes a few days.
So, I don't find is suprising that most nets hit by MSBlast hadn't been fully patched yet.
1) When it infects machines, 99% of the time it is unable to download the patch. This makes it pointless.
No, I don't know why, I guess its because windows update URL has changed? All the machines that we've found with this virus have not been patched and had to have the patch applied anyway.
2) It tries to ping every machine on it's local network as fast as it can, repeatedly. It doesn't just do a single scan then shut up til 2004 (it's expiry date) - oh no, it continually scans. Thats ok if you have 2 machines on your LAN, but when you have a huge switched lan with a few hundred or thousand hosts on a/16, thats a lot of traffic.
I see LOTS of ARP traffic from the machines doing the scanning to hosts on the local network, and I see loads of ICMP echo-request destined for outside our network. Which I filter now.
3) It runs as a service that isn't detected by many virus scanners, for some reason Nortons didn't find it though McAffee did. Again I have no idea why.
The thing did a LOT of collateral damage on our network with a couple of hundred machines. I shudder to think about what kind of damage it is doing to large networks at universities etc.
I did a quick calc against my gentoo-sources tree. Sure, its a bit different to vanilla, but what the hell, it will be roughly right.
4592051 lines of code, only counting.h and.c files.
168276 lines of disputed code, stated by SCO in their latest press release.
If every line of code SCO claims to be in Linux IS in Linux, then it is only 3.6% (roughly) - and of that code, they claim that MOST of it is the NUMA and RCU (what is RCU? Can someone enlighten me?) - code that 99% of people don't even use anyway!
Warning: Too many connections in/var/www/html/mainfile.php on line 42
Warning: MySQL Connection Failed: Too many connections in/var/www/html/mainfile.php on line 42 Unable to select database
1) Persistant connections can screw things up just as much as they can help. Put a limit on them.
2) Increase the number of max connections in MySQL.
3) Make sure the tables for your site are all in INNODB format. Slow DB connections are often caused by keeping MyISAM.
4) use something like PHP Smarty to manage templates. It can dramatically speed up your page load times.
5) Increase the number of apache connections. Really, if you have a gig of mem, 500 concurrent connections are quite easy to deal with.
Your server doesn't HAVE to frickin choke on the first few hundred visitors from slashdot...
It never ceases to amaze me the number of people who put up great looking PHP sites but forget to do the simple tuning to make it scale.
Gah!
Of course, I've left out things that could be done, and probably made mistakes here, but who cares. The point is; look in those config files. They are not there for nothing.
... Run make depend now? [y]./makedepend echo arg.c array.c cmd.c dump.c form.c hash.c search.c stab.c str.c util.c version.c | tr ' ' '\012' >.clist Finding dependencies for arg.o. Finding dependencies for array.o. Finding dependencies for cmd.o. Finding dependencies for dump.o. Finding dependencies for form.o. Finding dependencies for hash.o. Finding dependencies for search.o. Finding dependencies for stab.o. Finding dependencies for str.o. Finding dependencies for util.o. Finding dependencies for version.o. echo Makefile.SH makedepend.SH | tr ' ' '\012' >.shlist Updating Makefile... Now you must run a make. chrome@zaphod $ make make: *** No rule to make target `', needed by `arg.o'. Stop.
Setting a lock password, and starting the screensave, when I move the mouse the authentication dialog pops up. I type some 'a' characters, select the text with shift-left, ctl-k it then hold down ctl-y until the box stops scrolling.
Hit enter.
Screensaver crashes back to desktop, not typed my real password at all.
I don't know why it didn't work for you, but you must have done it differently.
Actually, I believe that the version of GCC they used for the tests was unoptimised standard GCC compiled for Darwin, where the verson of GCC actually has vendor extensions enabled, and a fair amount of tweakage.
chrome@ghandi:~$ gcc -v Reading specs from/usr/libexec/gcc/darwin/ppc/3.1/specs Thread model: posix Apple Computer, Inc. GCC version 1175, based on gcc version 3.1 20020420 (prerelease)
I think stuff compiled with their developer tools will perform better than the benchmarks say... so if anything, things run even faster on a mac if you do things right!
I just wish Apple would stop developing new things completely. I just bought their 17", and that almost bankrupted me - now I need the dual 2GHz G5! When will it end?
Apple! Go away! Stop giving us choice! Then people won't argue over benchmarks!
Ha ha. Life just wouldn't be fun if people didn't have things to whine about.
Reading some of the comments here about the security of these cards, and it makes me worry somewhat.
I used to sysadmin for a shell account company, and we saw huge amounts of credit card fraud, mostly from kids looking to run bots on IRC, or just because they collected shell accounts.
One thing I came away with from that experience was the definite feeling that Credit card companies don't seem to think it is in their interest to stop credit card fraud.
After all, if the owner of a card is frauded, the bill goes on their card, and interest is accrued. If the owner of the card isn't diligent, its possible they might just automatically pay the card off, without even realise they have been a victim of card fraud.
Certainly, the credit card companies don't seem to go after the fraudsters as much as they should. One of my friends on Dalnet used to regularly give the full details of people that she had discovered doing carding. One kid was so blatant, he put up a web page, with pictures of him holding up all the crap he had bought with stolen card numbers.
He was 12, and his mother didn't care in the slightest he was stealing. And neither did the credit card companies. The police were interested though, but he didn't have much repercussions - just a couple of weeks in a counselling center for kids.
Anyway, I digress.
Proximity cards are a great ieda. It means I can just wave my wallet near the scanner to pay for an item.
But, if this is not couple with some new form of identification currently not in use with credit cards (a pin number would suffice, or something biometric such as a thumb-print), then I fear that fraud will just increase.
People will get a hold of the scanners, and set up their iPod to capture the card numbers of anyone in proximit to it, and just walk up behind people, snapping up numbers.
I've never seen an accurate benchmarking of Linux Vs Windows yet. They are always skewed in one way. I can always find some tuning that they've done to one of the candidates that they've not done to the other. For example, after about 2 minutes skimming through, I noticed this:
Appendix C. File Server Performance Tuning
Windows Server 2003:
[stuff] Created HKLM/System/CurrentControlSet/Control/FileSystem/D isablelastaccess and set to 1.
(I can never find backslash on my japanese keyboard, hahahaha)
But there wasn't a corresponding change to the filesystem mount options in linux. Therefore atime was getting updated on Linux and not on Windows! That would make a very large difference!
I'm not a Linux bigot by any means but that kind of blatant lopsided testing gets up my nose.
Most of what Usenet was originally designed to do has been replaced by other technology, such as pHpBB and it's ilk, traditional mailinglists, etc. And Usenet has become a nightmare to administrate.
To take a *full feed* you need hundreds of gigs of storage (if you want decent retention on the popular groups) and you need several edge-network servers taking those feeds and de-spamming it before you deposit into your main NNTP servers. You need a couple of employees tweaking the groups, retention, access lists, spam filtering heuristics. Legal issues with copyrighted material... most companies don't want to touch it, let alone run a non-binary server.
I've never found it very useful except when looking for porn.
Still, there are many newsgroups on there worth saving. Maybe a housecleaning is in order? Get rid of all the groups they don't need. Get rid of the binaries. We really don't need those; it's not as if the warez guys don't have enough open FTP servers out there to exploit. And I can get my pr0n elsewhere.
If you get rid of the pointless groups and keep the stuff that is actually interesting and relevant, people will stay and Usenet will thrive, rather than wither.
I think you misunderstood what I said. I didn't say hire someone with a masters degree, straight out of college.
I don't know where you got that from.
Sure get someone with experience, but that person doesn't need to have rooted nameservers with a bind exploit 1000 times over to be good at his job. He just needs to be on top of whats out there and be (gasp, I'm about to say it) pro-active about stuff.
I fail to see how you need to be a criminal to be good at security. I'm sorry, I just don't see it.
And, please, don't ignore the main point of what I was saying. People like Mitnick might have a role to play in securing the net, but by *rewarding* people like him with respect and even a high paying job we are just encouraging more people to do the same thing as him!
Well, if Kevin Mitnick can do a few years in the clapper and come out, start a security business, make loads of cash etc - so can I! All I need to do is cause some serious damage and then get caught! Wonderful!
And yeah, I've been doing this crap for at least as long as you, and I've worked in one of the largest ISPs in Europe too - and I've seen so called 'security hotshots' come in, blow through, and disappear.
Do you know who the best security guy I ever saw was? A mild mannered, methodical tech who had been in the industry twice as long as me, who goes to 3rd world countries to set up net access for the needy as a hobby and who never had a breach either.
I can dig that, old-timer. I can see where you are coming from too. I came in on the tail-end of the BBS era, just when it was really starting to die, and the internet was just started to get around, in Australia. I could really have done with some of these phreaking deals when I was a kid ($2000AU phone bill, ouch).
The thing is, I'd hire you, as you have not been caught, yet you freely admit your past. Mitnick, however, was caught - yet he repeatedly complains about the rough deal. Who is the better hire?
Sometimes, with the smarter ones. But that is only a small percentage.
Most are fairly dumb. Probably no smarter than I.;)
The main reason they get started is they think its cool. Thats all there is to it. They hang around with a bunch of guys on IRC, find some hacking related channels, suck up to various people, start trying to develop some skills so they can get cred, and it goes from there.
With a trojan kit and half an hour of time (and a few weeks of waiting for the trojan to propogate), you to can be a DoS attack kiddie's best friend along with your 1000 drones or so.
Being a Kevin Mitnick is neither hard nor clever. It is very, very easy in this day and age.
No, the argument is that hiring ex-hackers based on their experience as a 'real life cracker' is going to give the next generation of crackers and script-kiddies one more lame excuse to be doing what they are doing.
The people doing this stuff are smart, yet, but they don't think about the one realistic thing that could happen to them (that is, go to jail). They only think about all the reasons FOR doing the thing they are doing.
It will help me get a job in the security industry if I do all this stuff now - look at Kevin Mitnick! (hypothetical - if he gets hired by someone big).
I might be able to make big money
They can't track me anyway - I'm waaaay to smart for the FBI/Police.
This is the stuff they did on that film hackers, and they all got hot chicks didn't they and I've never even SEEN a real live girl, let alone touched one, so if I am an uber-elite hacker, I'll pull some serious tail.
All my friends on IRC do it and if I don't do it too I won't be cool and I really need to look cool to people I've never met, never will meet, are a bunch of losers and have no girls either.
etc, etc, etc.
One point about Kevin Mitnick. The man has done his time, and he should be free to seek employment in any job that he feels he is qualified for. But I think people should keep in mind that a convicted felon may not be the smartest choice for a position as a security consultant.
This is the main point that Christopher Painter made, and I agree with that too.
Got enough of the lil blighters out there already!
on
Should You Hire a Hacker?
·
· Score: 3, Insightful
From the article: Regardless of whether or not a hacker with a record has reformed, the bottom line, said Painter, is that paying former criminals big bucks sends the wrong message to the young, up-and-coming technology workforce. He added, "That's like saying the best way to a high pay check is to go out and be a criminal hacker."
Too right. I agree with this 100%.
If we encourage kids to do this, by promising them a long and lucrative career in 'Security', then we will just have even more crackers out there trying out their so-called skills.
I've had one guy who repeatedly downed a DALnet server I managed tell me that basically he hoped to put his skills on the market once he finished his Degree. He laughed at me when I suggested having a criminal record might slow him down.
If you run an IT department, don't hire crooks. No matter HOW good they say they are, a trained professional without a criminal record is a thousand times better than some thug who has spent his youth trying to make lives for people like me a misery.
I work in Japan in a tech company full of other gaijin.
The people here are using linux on Compaq PDAs (ir equivalants) pretty much exclusively. There are good apps for doing everything you need and that japanese input works fine.
I've not got one myself, so I can't tell you exactly what you need, maybe someone else can enlighten you.
Slashdot Mirror
Er, using Occam's Razor, I deduce that it's a simple matter of the Agent Smith that crossed into the real world has gone mad, and cut his hand for the hell of it.
:)
People who have lost their mind do things like that, you know. Self mutilation. He doesn't care about the body he's inhabiting, maybe the pain helped crystalize his hatered towards Neo?
I don't think he was going to shake his hand, he was going to stab him.
Exactly.
Except, with Ghost, you could install 1000 machines in 30 minutes - using multicast.
A couple might fail and you'd have to redo them, but if you have a 100Mbit switched network (or gig, even better) then its about 30 minutes to blast a Windows 2000 install to any number of machines.
I love macs, typing this on a PB17", but all the apple zealots out there really make me ashamed sometimes.
Macs are strong in some areas, and weak in others. If it wins in something, DONT RUB PEOPLES FACES IN IT. They don't care.
Get over it.
It has nothing to do with TTLs or RFCs, though they are good reasons in and of themselves.
It also has nothing to do with being a good network citizen.
It has to do with how much memory your webserver has.
Start at A.com and work your way up to ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ.com.
Do this from a few hundred locations, constantly.
Watch root nameservers die.
(Actually, don't know if this would work, but possible - if they cache every request.)
It's a bit underhanded, I know, and some people might actually LIKE getting called by telemarketers - but it struck me that it would be rather easy to automate adding every phone number listed in the United States to the DNC registry.
:D
Write a script that hits the page, enters in 3 phone numbers, waits for the mail to be sent to an address it generates on the fly, 'clicks' the link, rinse, repeat.
No telemarketing!
Ok, Bad Idea. I should remember where I'm writing this. Someone is likely to go off and do it.
I, for one, welcome our new robotic overlords!
Right.
;)
If the worm writer was a little bit smarter, he would have had the worm distribute the patches the same way it distributes itself - via the TFTP server.
Ho ho ho.
It's times like these I love running Mac OS X. Mind you, that doesn't mean I'm safe from trojans. It just means I'm safe from Windows trojans.
Thats what they want you to think.
Today it's a good worm that patches your machine, tomorrow it's a good worm that patches your machine and installs a very well hidden trojan that turns your machine into a packet generator for some lame IRC script kiddie.
So-called "good" worms have a far higher potential for damage than known "bad" worms - simply because people like you will make the mistake that it's doing you a favour, and won't do the right thing when they get infected with it.
"Oh, its a GOOD worm. That makes it ok! I won't worry about it. I'll let it just get on with what it's doing, good little wormy wormy!" *pat pat*
Unfortunately, with windows it's very hard to *push* a patch out to a few thousand machines. You can do it with SMS (System Management Service or whatever it's called) but not everyone pays for that.
... which takes a few days.
So, usually it involves the 10 or so helpdesk monkeys to split up the 2000 machines between themselves, and work through it.
All the while answering questions from curious users about the virus, how it spread, what damage it is doing, etc.
That can take a few days at least.
Then they have to hunt down the last 2 machines that are somewhere on their network that they cannot find but are still infected
So, I don't find is suprising that most nets hit by MSBlast hadn't been fully patched yet.
1) When it infects machines, 99% of the time it is unable to download the patch. This makes it pointless.
/16, thats a lot of traffic.
No, I don't know why, I guess its because windows update URL has changed? All the machines that we've found with this virus have not been patched and had to have the patch applied anyway.
2) It tries to ping every machine on it's local network as fast as it can, repeatedly. It doesn't just do a single scan then shut up til 2004 (it's expiry date) - oh no, it continually scans. Thats ok if you have 2 machines on your LAN, but when you have a huge switched lan with a few hundred or thousand hosts on a
I see LOTS of ARP traffic from the machines doing the scanning to hosts on the local network, and I see loads of ICMP echo-request destined for outside our network. Which I filter now.
3) It runs as a service that isn't detected by many virus scanners, for some reason Nortons didn't find it though McAffee did. Again I have no idea why.
The thing did a LOT of collateral damage on our network with a couple of hundred machines. I shudder to think about what kind of damage it is doing to large networks at universities etc.
I did a quick calc against my gentoo-sources tree. Sure, its a bit different to vanilla, but what the hell, it will be roughly right.
.h and .c files.
4592051 lines of code, only counting
168276 lines of disputed code, stated by SCO in their latest press release.
If every line of code SCO claims to be in Linux IS in Linux, then it is only 3.6% (roughly) - and of that code, they claim that MOST of it is the NUMA and RCU (what is RCU? Can someone enlighten me?) - code that 99% of people don't even use anyway!
Warning: Too many connections in
Warning: MySQL Connection Failed: Too many connections in
Unable to select database
1) Persistant connections can screw things up just as much as they can help. Put a limit on them.
2) Increase the number of max connections in MySQL.
3) Make sure the tables for your site are all in INNODB format. Slow DB connections are often caused by keeping MyISAM.
4) use something like PHP Smarty to manage templates. It can dramatically speed up your page load times.
5) Increase the number of apache connections. Really, if you have a gig of mem, 500 concurrent connections are quite easy to deal with.
Your server doesn't HAVE to frickin choke on the first few hundred visitors from slashdot
It never ceases to amaze me the number of people who put up great looking PHP sites but forget to do the simple tuning to make it scale.
Gah!
Of course, I've left out things that could be done, and probably made mistakes here, but who cares. The point is; look in those config files. They are not there for nothing.
Run make depend now? [y]
echo arg.c array.c cmd.c dump.c form.c hash.c search.c stab.c str.c util.c version.c | tr ' ' '\012' >.clist
Finding dependencies for arg.o.
Finding dependencies for array.o.
Finding dependencies for cmd.o.
Finding dependencies for dump.o.
Finding dependencies for form.o.
Finding dependencies for hash.o.
Finding dependencies for search.o.
Finding dependencies for stab.o.
Finding dependencies for str.o.
Finding dependencies for util.o.
Finding dependencies for version.o.
echo Makefile.SH makedepend.SH | tr ' ' '\012' >.shlist
Updating Makefile...
Now you must run a make.
chrome@zaphod $ make
make: *** No rule to make target `', needed by `arg.o'. Stop.
I just tested it on my G4 17" running 10.2.6.
Its verified.
Setting a lock password, and starting the screensave, when I move the mouse the authentication dialog pops up. I type some 'a' characters, select the text with shift-left, ctl-k it then hold down ctl-y until the box stops scrolling.
Hit enter.
Screensaver crashes back to desktop, not typed my real password at all.
I don't know why it didn't work for you, but you must have done it differently.
Actually, I believe that the version of GCC they used for the tests was unoptimised standard GCC compiled for Darwin, where the verson of GCC actually has vendor extensions enabled, and a fair amount of tweakage.
/usr/libexec/gcc/darwin/ppc/3.1/specs
... so if anything, things run even faster on a mac if you do things right!
chrome@ghandi:~$ gcc -v
Reading specs from
Thread model: posix
Apple Computer, Inc. GCC version 1175, based on gcc version 3.1 20020420 (prerelease)
I think stuff compiled with their developer tools will perform better than the benchmarks say
I just wish Apple would stop developing new things completely. I just bought their 17", and that almost bankrupted me - now I need the dual 2GHz G5! When will it end?
Apple! Go away! Stop giving us choice! Then people won't argue over benchmarks!
Ha ha. Life just wouldn't be fun if people didn't have things to whine about.
Reading some of the comments here about the security of these cards, and it makes me worry somewhat.
I used to sysadmin for a shell account company, and we saw huge amounts of credit card fraud, mostly from kids looking to run bots on IRC, or just because they collected shell accounts.
One thing I came away with from that experience was the definite feeling that Credit card companies don't seem to think it is in their interest to stop credit card fraud.
After all, if the owner of a card is frauded, the bill goes on their card, and interest is accrued. If the owner of the card isn't diligent, its possible they might just automatically pay the card off, without even realise they have been a victim of card fraud.
Certainly, the credit card companies don't seem to go after the fraudsters as much as they should. One of my friends on Dalnet used to regularly give the full details of people that she had discovered doing carding. One kid was so blatant, he put up a web page, with pictures of him holding up all the crap he had bought with stolen card numbers.
He was 12, and his mother didn't care in the slightest he was stealing. And neither did the credit card companies. The police were interested though, but he didn't have much repercussions - just a couple of weeks in a counselling center for kids.
Anyway, I digress.
Proximity cards are a great ieda. It means I can just wave my wallet near the scanner to pay for an item.
But, if this is not couple with some new form of identification currently not in use with credit cards (a pin number would suffice, or something biometric such as a thumb-print), then I fear that fraud will just increase.
People will get a hold of the scanners, and set up their iPod to capture the card numbers of anyone in proximit to it, and just walk up behind people, snapping up numbers.
Maybe I'm just getting paranoid.
I've never seen an accurate benchmarking of Linux Vs Windows yet. They are always skewed in one way. I can always find some tuning that they've done to one of the candidates that they've not done to the other. For example, after about 2 minutes skimming through, I noticed this:
D isablelastaccess and set to 1.
Appendix C. File Server Performance Tuning
Windows Server 2003:
[stuff]
Created HKLM/System/CurrentControlSet/Control/FileSystem/
(I can never find backslash on my japanese keyboard, hahahaha)
But there wasn't a corresponding change to the filesystem mount options in linux. Therefore atime was getting updated on Linux and not on Windows! That would make a very large difference!
I'm not a Linux bigot by any means but that kind of blatant lopsided testing gets up my nose.
Most of what Usenet was originally designed to do has been replaced by other technology, such as pHpBB and it's ilk, traditional mailinglists, etc. And Usenet has become a nightmare to administrate.
... most companies don't want to touch it, let alone run a non-binary server.
To take a *full feed* you need hundreds of gigs of storage (if you want decent retention on the popular groups) and you need several edge-network servers taking those feeds and de-spamming it before you deposit into your main NNTP servers. You need a couple of employees tweaking the groups, retention, access lists, spam filtering heuristics. Legal issues with copyrighted material
I've never found it very useful except when looking for porn.
Still, there are many newsgroups on there worth saving. Maybe a housecleaning is in order? Get rid of all the groups they don't need. Get rid of the binaries. We really don't need those; it's not as if the warez guys don't have enough open FTP servers out there to exploit. And I can get my pr0n elsewhere.
If you get rid of the pointless groups and keep the stuff that is actually interesting and relevant, people will stay and Usenet will thrive, rather than wither.
I think you misunderstood what I said. I didn't say hire someone with a masters degree, straight out of college.
I don't know where you got that from.
Sure get someone with experience, but that person doesn't need to have rooted nameservers with a bind exploit 1000 times over to be good at his job. He just needs to be on top of whats out there and be (gasp, I'm about to say it) pro-active about stuff.
I fail to see how you need to be a criminal to be good at security. I'm sorry, I just don't see it.
And, please, don't ignore the main point of what I was saying. People like Mitnick might have a role to play in securing the net, but by *rewarding* people like him with respect and even a high paying job we are just encouraging more people to do the same thing as him!
Well, if Kevin Mitnick can do a few years in the clapper and come out, start a security business, make loads of cash etc - so can I! All I need to do is cause some serious damage and then get caught! Wonderful!
And yeah, I've been doing this crap for at least as long as you, and I've worked in one of the largest ISPs in Europe too - and I've seen so called 'security hotshots' come in, blow through, and disappear.
Do you know who the best security guy I ever saw was? A mild mannered, methodical tech who had been in the industry twice as long as me, who goes to 3rd world countries to set up net access for the needy as a hobby and who never had a breach either.
here: http://www.stupendous.net/mirrors/transluxent/
;)
In case of slashdot effect
Nice article:
The TMC Primer
I can dig that, old-timer. I can see where you are coming from too. I came in on the tail-end of the BBS era, just when it was really starting to die, and the internet was just started to get around, in Australia. I could really have done with some of these phreaking deals when I was a kid ($2000AU phone bill, ouch).
The thing is, I'd hire you, as you have not been caught, yet you freely admit your past. Mitnick, however, was caught - yet he repeatedly complains about the rough deal. Who is the better hire?
Sometimes, with the smarter ones. But that is only a small percentage.
;)
Most are fairly dumb. Probably no smarter than I.
The main reason they get started is they think its cool. Thats all there is to it. They hang around with a bunch of guys on IRC, find some hacking related channels, suck up to various people, start trying to develop some skills so they can get cred, and it goes from there.
With a trojan kit and half an hour of time (and a few weeks of waiting for the trojan to propogate), you to can be a DoS attack kiddie's best friend along with your 1000 drones or so.
Being a Kevin Mitnick is neither hard nor clever. It is very, very easy in this day and age.
The people doing this stuff are smart, yet, but they don't think about the one realistic thing that could happen to them (that is, go to jail). They only think about all the reasons FOR doing the thing they are doing.
It will help me get a job in the security industry if I do all this stuff now - look at Kevin Mitnick! (hypothetical - if he gets hired by someone big).
I might be able to make big money
They can't track me anyway - I'm waaaay to smart for the FBI/Police.
This is the stuff they did on that film hackers, and they all got hot chicks didn't they and I've never even SEEN a real live girl, let alone touched one, so if I am an uber-elite hacker, I'll pull some serious tail.
All my friends on IRC do it and if I don't do it too I won't be cool and I really need to look cool to people I've never met, never will meet, are a bunch of losers and have no girls either.
etc, etc, etc.
One point about Kevin Mitnick. The man has done his time, and he should be free to seek employment in any job that he feels he is qualified for. But I think people should keep in mind that a convicted felon may not be the smartest choice for a position as a security consultant.
This is the main point that Christopher Painter made, and I agree with that too.
From the article: Regardless of whether or not a hacker with a record has reformed, the bottom line, said Painter, is that paying former criminals big bucks sends the wrong message to the young, up-and-coming technology workforce. He added, "That's like saying the best way to a high pay check is to go out and be a criminal hacker."
Too right. I agree with this 100%.
If we encourage kids to do this, by promising them a long and lucrative career in 'Security', then we will just have even more crackers out there trying out their so-called skills.
I've had one guy who repeatedly downed a DALnet server I managed tell me that basically he hoped to put his skills on the market once he finished his Degree. He laughed at me when I suggested having a criminal record might slow him down.
If you run an IT department, don't hire crooks. No matter HOW good they say they are, a trained professional without a criminal record is a thousand times better than some thug who has spent his youth trying to make lives for people like me a misery.
I work in Japan in a tech company full of other gaijin.
The people here are using linux on Compaq PDAs (ir equivalants) pretty much exclusively. There are good apps for doing everything you need and that japanese input works fine.
I've not got one myself, so I can't tell you exactly what you need, maybe someone else can enlighten you.
The rule back home in oz was that if you make an april fool's joke after midday, you were the fool.
Well, it's after midday here in Japan, so slasdot are all fools! Hah! the jokes on them!