As realistic as possible my eye!
on
Hack IIS6 Contest
·
· Score: 2, Interesting
This site isn't "realistic" at all!
A "realistic" website would have some dynamically created pages, or forms, or a shopping cart. These guys have setup a "realistic" site meaning that it serves some html pages via http. All their pages are static.
The site is probably indeed unhackable. That is, unless someone discovers a buffer overflow in URLScan or IIS itself and doesn't notify M$ before they develop an exploit. But, the site's also useless to any business who actually uses the internet for generating revenue instead of just a glorified phone book.
Setting up a hardened server with static pages is simple... refuse all verbs except for GET; don't process any user input (= no asp/perl/php pages, no forms); run it under a non-privileged account with access to absolutely nothing (no databases, no files other than the static html); disable all of the web admin services.
If they were to write some ASP using a MS SQL database backend and then challenge the security community to a duel, I'd be impressed.
A chrooted 'nobody' context apache server running pages off of a ramdisk that's updated from CD every half hour would be just as unhackable. Plus , with syncookies enabled, it would be faster and less susceptible to the/. effect. That site is crawling! But, again with static only pages, what's it good for?
I got my free ipod this week. It took a while to get all of the completions I needed since I'm not willing to push any "cancel later" offers on my friends or family.
The email account I created for the iPod offer has stayed remarkably free of SPAM. My snail mail spam hasn't increased either. I still get 10 offers a week to re-finance my house. But, that was the normal background noise before I gave them my address. There's been no marketing that I could track back to the freeiPods offer.
I'm really enjoying the iPod. I would not have spent the money on it. But, now that I've got it, I really think it's worth the $250 (really, any other HD MP3 player would be for that matter).
And, if you are worried about the compatibility with linux, I haven't had the first problem. I use gtkpod. It emerges beautifully on Gentoo.
Every time I've had a problem with a miscategorization, I've reported it to websense (online form without a login). It has subsequently been fixed within 24 hours. I've tried half a dozen of the enterprise quality content filters and have found Websense's database the most accurate and complete of any.
I don't work for Websense and I've had problems in the past with their software. But, I have no complaints about their database.
1) Websense has a category set for Spyware to stop it at the firewall.
2) Spyware Blaster is an excellent free Spyware prevention program. I've never had a problem with users who run it.
The best would of course be to convert your enterprise to linux with Firefox. But, if everybody did that, the organized crime that is Spyware would target linux systems. Security through obscurity only works as long as you don't have the market share. However, open source tends to converge on security fixes more quickly anyway. So, even if there were major browser vulnerabilities more often, the fixes would be here faster...
Doesn't selling DVDs and videos contribute to piracy as well? I mean, if the pirates couldn't buy the DVDs or videos in the first place, it would be harder to copy them. I think they should ban the sale of DVDs;) And while their at it, the practice of renting them contributes to a ton of piracy. Therefore, Blockbuster and it's smaller competitors should be banned from renting DVDs or videos to consumers.
If you're worried about repricussions, then use a public library terminal and a new hotmail type free mail account. Most public libraries intentionally do not keep traffic logs these days anyway (because of the privacy issues involved with turning over those logs if they are subpoenaed).
But, I'm a security admin at a university... I occasionally have students bring vulnerabilities to me. Often I already know about it, but I still welcome the input and am thankful for the extra eyes watching the network. I've just got too many nodes to keep up with to catch every computer.
According to this Gartner Group article on SCO's website, "SCO has indicated that the libraries are available from SCO for $149, or lower with discounts."
I wonder how deep the discounts are? How deep will Micro$oft's discount be if they try to become the exclusive distributor of SCO's "licensed" linux?
They claim that this is not dangerous to humans. But, it's enough impact to be the equivalent "of several thousand tons of TNT." So, what are the chances that this is the real explanation for spontaneous combustion?
It's about time that the modern assumption that science is the savior of the world and the ultimate measure of truth dies. In an increasingly postmodern world, we're giving up on our ability to find truth using our heads. We just aren't capable of being sufficiently objective to discover real truth about our world. The notion that people are allowing for some supernatural ( = superscientific, post-scientific) answers is seen by me as a positive thing. Nietzsche, Foucault, Derrida, and many other great postmodern thinkers have been saying this is coming for years.
Human reason isn't the end all to be all. Maybe it's about time we started coming to terms with this.
If you're going to the trouble to make a custom laptop, you should ruggedize it. It would be easier to modify a ruggedized briefcase than to get someone to fabricate a custom plastic case. And, it would look a whole lot cooler.
First one's a tea cup (i.e. flying saucer). Second one's a one "on star" (i.e. a Cadillac). Third's a missile. The rest look like sharks, maybe we should alert PETA.
The quote refers to humanity as a whole. I think the fear is, now that the ground has been broken, people will begin to do things with cloning just because they can without any consideration for whether or not they should. Maybe even when they know they shouldn't if there's money to be made.
I am a Christian and I agree with drwiii that it will be fun to watch the reaction of fundamentalist christian groups. However, I don't think that the issues are any kind of religious conjecture about copying souls or some nonsense like that. I think the issues here are ones that we should all be worried about. For instance, rights of a clone -- can they be used as slaves or be killed for parts if that was the whole reason they were created? Or, less terrifying, will duplicate DNA change its use as evidence in court cases?
I think the fears of negative religious implications are unfounded. On the contrary, clones could support or disprove many behaviourist theories of genetic influences on personality/morality. The behaviourist school of thought is one of the most formidable adversaries of christian apologetics today (IMHO).
I do think this is a wonderful advancement in technology. But, I'm afraid that history will repeat itself and we will be irresponsible with the technology.
Science has helped us discover powerful things like nuclear reactions, it hasn't helped us learn to use them responsibly. For that you need values -- something we seem to have a shortage of these days.
Slashdot Mirror
This site isn't "realistic" at all!
/. effect. That site is crawling! But, again with static only pages, what's it good for?
A "realistic" website would have some dynamically created pages, or forms, or a shopping cart. These guys have setup a "realistic" site meaning that it serves some html pages via http. All their pages are static.
The site is probably indeed unhackable. That is, unless someone discovers a buffer overflow in URLScan or IIS itself and doesn't notify M$ before they develop an exploit. But, the site's also useless to any business who actually uses the internet for generating revenue instead of just a glorified phone book.
Setting up a hardened server with static pages is simple... refuse all verbs except for GET; don't process any user input (= no asp/perl/php pages, no forms); run it under a non-privileged account with access to absolutely nothing (no databases, no files other than the static html); disable all of the web admin services.
If they were to write some ASP using a MS SQL database backend and then challenge the security community to a duel, I'd be impressed.
A chrooted 'nobody' context apache server running pages off of a ramdisk that's updated from CD every half hour would be just as unhackable. Plus , with syncookies enabled, it would be faster and less susceptible to the
I got my free ipod this week. It took a while to get all of the completions I needed since I'm not willing to push any "cancel later" offers on my friends or family.
The email account I created for the iPod offer has stayed remarkably free of SPAM. My snail mail spam hasn't increased either. I still get 10 offers a week to re-finance my house. But, that was the normal background noise before I gave them my address. There's been no marketing that I could track back to the freeiPods offer.
I'm really enjoying the iPod. I would not have spent the money on it. But, now that I've got it, I really think it's worth the $250 (really, any other HD MP3 player would be for that matter).
And, if you are worried about the compatibility with linux, I haven't had the first problem. I use gtkpod. It emerges beautifully on Gentoo.
It's funny to me that so many people commented on it's striking resemblance to either the death star or a walnut.
We all posted before reading the other comments I guess...
Just don't let covenant wake that thing up.
it looks like ANOTHER death star, or a giant walnut. You take your pick.
I saw one called "Bad Poodles" while war walking around a University Campus I was a network admin for.
Every time I've had a problem with a miscategorization, I've reported it to websense (online form without a login). It has subsequently been fixed within 24 hours. I've tried half a dozen of the enterprise quality content filters and have found Websense's database the most accurate and complete of any.
I don't work for Websense and I've had problems in the past with their software. But, I have no complaints about their database.
to mitigating Spyware that I've had sucess with:
1) Websense has a category set for Spyware to stop it at the firewall.
2) Spyware Blaster is an excellent free Spyware prevention program. I've never had a problem with users who run it.
The best would of course be to convert your enterprise to linux with Firefox. But, if everybody did that, the organized crime that is Spyware would target linux systems. Security through obscurity only works as long as you don't have the market share. However, open source tends to converge on security fixes more quickly anyway. So, even if there were major browser vulnerabilities more often, the fixes would be here faster...
I've got a 17-inch dell Flat Panel and have never had any problem. I play ET Pro on it all of the time...
Doesn't selling DVDs and videos contribute to piracy as well? I mean, if the pirates couldn't buy the DVDs or videos in the first place, it would be harder to copy them. I think they should ban the sale of DVDs ;) And while their at it, the practice of renting them contributes to a ton of piracy. Therefore, Blockbuster and it's smaller competitors should be banned from renting DVDs or videos to consumers.
I'm routinely "late" by an hour or more. But, considering I routinely work 2 1/2 hours late, nobody complains.
If you're worried about repricussions, then use a public library terminal and a new hotmail type free mail account. Most public libraries intentionally do not keep traffic logs these days anyway (because of the privacy issues involved with turning over those logs if they are subpoenaed).
But, I'm a security admin at a university... I occasionally have students bring vulnerabilities to me. Often I already know about it, but I still welcome the input and am thankful for the extra eyes watching the network. I've just got too many nodes to keep up with to catch every computer.
According to this Gartner Group article on SCO's website, "SCO has indicated that the libraries are available from SCO for $149, or lower with discounts."
I wonder how deep the discounts are? How deep will Micro$oft's discount be if they try to become the exclusive distributor of SCO's "licensed" linux?
When I tried to look at the mod, I received this message:
"This site is shutdown temporarily due to the slashdot effect."
First time I've seen a response rather than a timeout when someone was slashdotted.
This is proof that the Egyptians understood recursion. Clearly, they must have been influenced by alien visitors.
They claim that this is not dangerous to humans. But, it's enough impact to be the equivalent "of several thousand tons of TNT." So, what are the chances that this is the real explanation for spontaneous combustion?
It's about time that the modern assumption that science is the savior of the world and the ultimate measure of truth dies. In an increasingly postmodern world, we're giving up on our ability to find truth using our heads. We just aren't capable of being sufficiently objective to discover real truth about our world. The notion that people are allowing for some supernatural ( = superscientific, post-scientific) answers is seen by me as a positive thing. Nietzsche, Foucault, Derrida, and many other great postmodern thinkers have been saying this is coming for years.
Human reason isn't the end all to be all. Maybe it's about time we started coming to terms with this.
If you're going to the trouble to make a custom laptop, you should ruggedize it. It would be easier to modify a ruggedized briefcase than to get someone to fabricate a custom plastic case. And, it would look a whole lot cooler.
See the Halli Mac. This laptop modification was here on Slashdot back in August.
First one's a tea cup (i.e. flying saucer). Second one's a one "on star" (i.e. a Cadillac). Third's a missile. The rest look like sharks, maybe we should alert PETA.
The quote refers to humanity as a whole. I think the fear is, now that the ground has been broken, people will begin to do things with cloning just because they can without any consideration for whether or not they should. Maybe even when they know they shouldn't if there's money to be made.
I am a Christian and I agree with drwiii that it will be fun to watch the reaction of fundamentalist christian groups. However, I don't think that the issues are any kind of religious conjecture about copying souls or some nonsense like that. I think the issues here are ones that we should all be worried about. For instance, rights of a clone -- can they be used as slaves or be killed for parts if that was the whole reason they were created? Or, less terrifying, will duplicate DNA change its use as evidence in court cases?
I think the fears of negative religious implications are unfounded. On the contrary, clones could support or disprove many behaviourist theories of genetic influences on personality/morality. The behaviourist school of thought is one of the most formidable adversaries of christian apologetics today (IMHO).
I do think this is a wonderful advancement in technology. But, I'm afraid that history will repeat itself and we will be irresponsible with the technology.
Science has helped us discover powerful things like nuclear reactions, it hasn't helped us learn to use them responsibly. For that you need values -- something we seem to have a shortage of these days.