And what about being a sinner if you don't believe in God? I guess all the jewish kids are going to hell anyway. They might as well know it at an early age.
? - It damn well better. Some people actually need to keep complete logs. NT can be set to wrap around logging or halt when the log is full. Any installation with any security sense has NT to halt when logs fill, of course, they generally never let it get full either.
As a network security specialist, I'm as paranoid as they come, and because of that paranoia, I am starting to suspect key officials in our government are on crack. Unfortunately, this is knee jerk reactionism at its worst. Think of the government as the worlds pointiest haired boss. As I'm sure most of you know.. the solution to any problem in their mind is to tack on more technology! Nevermind properly configuring and maintaining the products you already have! If the goverment is worried about the vulnerabilities in key network infrastructures, a nationwide IDS is NOT the answer. It does little good to detect an intrusion after the fact, when you could have used those resources to protect the damn systems in the first place. I won't even go into the privacy issues surrounding this.
P.S. Does anyone want to sponser my citizenship to another country?
Parents have the right to instill what ever morals they see fit into their children. The problem arises when parents leave it up to TV and Movies to teach their children these morals with no supervision. Who here really thinks that nudity is generally more questionable than violence? Next thing you know someone from the christian right will be screaming for carding at art exibits displaying BREASTS! Nudity is only a big deal because American society has made it taboo.
After thinking about my reply on yesterdays story of BO2K, I came to this conclusion:
No, BO2K or any other remote admin tool do not expose any security flaws. Windows systems are all single user, and have adequate security for single user systems. (Granted of course, you don't have machines that need security running Windows 9x, since the level of security in Windows 9x is effectively NONE).
However, single user machines have no business being attached to a network of any kind, and if you are fool hearty enough to trust sensitive data to a networked single user machine, god help you.
P.S. Any misspellings or faults of grammar you think you detect are mearly transmition errors, and probably your fault anyway.
BO2K (or BO for that matter) do not exploit anything. Ever hear of "Remotely Possible","PC Anywhere", or any one of the numerous other remote control products? The only security flaw it seems to be exploiting is the ease of hiding a process from the user. This isn't to say that BO isn't a security risk, because it most definitely is. Maybe that is mainly due to the mindset of most Microsoft product users, but other users of other systems are not immune.
Basically BO enables a single-user system to act with some of the functionality of a multi-user system. Something, Windows 9x definitely doesn't have the security for. Windows NT has some protection in this realm, but still, not enough for a multi-user system. They were never designed to be multi-user systems. But then again, a root kit will enable the same functions on a linux box as this does on a Windows box, it just may be a bit more of a challenge to get the thing installed.
One interesting flaw (well, IMHO it's a flaw) that this could potentially exploit with the right plug-in, is a feature of the MS Crypto-API that will release any certificates installed in the system. If someone teaches the BO doggy a new trick to extract certificates (which as a process of the user, it has the right to do, WITHOUT authentication) there could potentially be a big problem with digital signatures, which are now becoming accepted as substitutes for "wet" signatures (think: paper and pen).
Oh.. think of the possibilities..
P.S. - I am a spelling and grammer genius. Any errors you think you see in this document are probably just transmition errors, and most likely your fault.
Re:I wonder if transmeta's new chip will run qnx?
on
Amiga Technology Brief
·
· Score: 1
C as an interpreted language?
Message passing is as efficient as you can code it. Just because something is coded in assembly does not automatically make it faster. Generally the speed increase of well coded assembly over well coded C isn't terribly much. Only systems that require every drop of performance need to be coded in assembly anymore.
Actually, those are satalite shrouds. They are microwave transparent, but obviously you can't see through them. It's to hide the dish orientation so noone knows what satalite each dish is looking at.
Heh, Unfortunately, this isn't entirely accurate. I can't remember who did this, but one little fun thing that is possible and has happened: Modify the compiler to alter login with a back door. Modify the compiler to alter itself on a self compile to insert the code required to continue this behavior. Distribute this binary, and uninfected compiler and login source. Pretty sneaky. The goals of the distro seem to be pretty good. Build in good crypto protection, compile all SUID programs / Daemons with stackguard to protect against buffer overflows. That will take care of big chunks of intrusion protection. A good overall design will help out with authorized user protection. Now someone just needs to find a good way to protect against heap overflows.
An assuming you aren't in an NT domain environment where security has any priority. SID changing programs may be sufficient for workstations, but maybe not. There is no way you can Ghost domain controllers, and I personally would worry about any ghosted NT machine. All hail the registry.
Your story or your facts make no sense. A smurf attack would not use the attacker's IP address anywhere in the violator's stream. A smurf is basically just a broadcast ping to a network that accepts broadcast pings, with the reply address being faked to that of the victim. Hense, if your address was suspect, you would either have to be a victim, or a hapless "amplifier". Either way, your story or the facts in the story are fishy.
Why is it the position of these "visionaries" that other cultures around the world want technology in the same way our's does? I agree, food for the starving, but internet for all? There is no one true way.
Unfortunately, That isn't the case. The CDDB evolved from an open source project I believe. They used to distribute just a flat file of all entered titles, and then moved on to developing the CDDB Protocol. Reverse engineering would be simple, you can do lookups with telnet. As a matter of fact, I have a perl script I wrote to do just that. They base the uniqe value for lookups on track length I believe. I have some C code to generate that for Windows (adopted from the example they (used to?) give out on their page. I seem to remember, that all the servers are run by volunteers as well. They may own the protocol, but i doubt they own the information. It wouldn't be terribly hard to write a script to rip down all the information and populate it into a "new" database.
Re: Sprint is not totally off base...
on
Rumours
·
· Score: 1
Secondly, there's no one to sue if something goes wrong. As sad as that sounds, it's a fact of life.
Give me one example of a company suing a software manufacturer and I'll accept that line of reasoning.
Much of what we do is time-critical, and with all forms of free software, immediate support cannot be guaranteed.
Give me one example of anything in a distributed environment (ie, not mainframe) where immediate support is guaranteed and I'll accept that line of reasoning.
Thirdly, if we had a linux expert who set up a bunch of systems, and got his by a truck tomorrow, we'd be screwed. With SGI, Sun, HP, etc, we could bring in an expert immediately.
Prove to me that a Linux expert is harder to find than an SGI, Sun, or HP expert and I'll accept that line of reasoning. Also prove to me that an OS expert would be of any help in this situation. Technical expertise is more a function of how expert a person is in your systems, not the OS.
Your arguments are paranoid and dillusional. There are many institutions that can deal with problems such as you are experiancing. If that fails, there are several fine chemicals that can in fact help.
Slashdot Mirror
And what about being a sinner if you don't believe in God? I guess all the jewish kids are going to hell anyway. They might as well know it at an early age.
? - It damn well better. Some people actually need to keep complete logs. NT can be set to wrap around logging or halt when the log is full. Any installation with any security sense has NT to halt when logs fill, of course, they generally never let it get full either.
As a network security specialist, I'm as paranoid as they come, and because of that paranoia, I am starting to suspect key officials in our government are on crack. Unfortunately, this is knee jerk reactionism at its worst. Think of the government as the worlds pointiest haired boss. As I'm sure most of you know.. the solution to any problem in their mind is to tack on more technology! Nevermind properly configuring and maintaining the products you already have! If the goverment is worried about the vulnerabilities in key network infrastructures, a nationwide IDS is NOT the answer. It does little good to detect an intrusion after the fact, when you could have used those resources to protect the damn systems in the first place. I won't even go into the privacy issues surrounding this.
P.S. Does anyone want to sponser my citizenship to another country?
Parents have the right to instill what ever morals they see fit into their children. The problem arises when parents leave it up to TV and Movies to teach their children these morals with no supervision. Who here really thinks that nudity is generally more questionable than violence? Next thing you know someone from the christian right will be screaming for carding at art exibits displaying BREASTS! Nudity is only a big deal because American society has made it taboo.
After thinking about my reply on yesterdays story of BO2K, I came to this conclusion:
No, BO2K or any other remote admin tool do not expose any security flaws. Windows systems are all single user, and have adequate security for single user systems. (Granted of course, you don't have machines that need security running Windows 9x, since the level of security in Windows 9x is effectively NONE).
However, single user machines have no business being attached to a network of any kind, and if you are fool hearty enough to trust sensitive data to a networked single user machine, god help you.
P.S. Any misspellings or faults of grammar you think you detect are mearly transmition errors, and probably your fault anyway.
BO2K (or BO for that matter) do not exploit anything. Ever hear of "Remotely Possible","PC Anywhere", or any one of the numerous other remote control products? The only security flaw it seems to be exploiting is the ease of hiding a process from the user. This isn't to say that BO isn't a security risk, because it most definitely is. Maybe that is mainly due to the mindset of most Microsoft product users, but other users of other systems are not immune.
Basically BO enables a single-user system to act with some of the functionality of a multi-user system. Something, Windows 9x definitely doesn't have the security for. Windows NT has some protection in this realm, but still, not enough for a multi-user system. They were never designed to be multi-user systems. But then again, a root kit will enable the same functions on a linux box as this does on a Windows box, it just may be a bit more of a challenge to get the thing installed.
One interesting flaw (well, IMHO it's a flaw) that this could potentially exploit with the right plug-in, is a feature of the MS Crypto-API that will release any certificates installed in the system. If someone teaches the BO doggy a new trick to extract certificates (which as a process of the user, it has the right to do, WITHOUT authentication) there could potentially be a big problem with digital signatures, which are now becoming accepted as substitutes for "wet" signatures (think: paper and pen).
Oh.. think of the possibilities..
P.S. - I am a spelling and grammer genius. Any errors you think you see in this document are probably just transmition errors, and most likely your fault.
C as an interpreted language?
Message passing is as efficient as you can code it. Just because something is coded in assembly does not automatically make it faster. Generally the speed increase of well coded assembly over well coded C isn't terribly much. Only systems that require every drop of performance need to be coded in assembly anymore.
Actually, those are satalite shrouds. They are microwave transparent, but obviously you can't see through them. It's to hide the dish orientation so noone knows what satalite each dish is looking at.
Heh, Unfortunately, this isn't entirely accurate. I can't remember who did this, but one little fun thing that is possible and has happened: Modify the compiler to alter login with a back door. Modify the compiler to alter itself on a self compile to insert the code required to continue this behavior. Distribute this binary, and uninfected compiler and login source. Pretty sneaky. The goals of the distro seem to be pretty good. Build in good crypto protection, compile all SUID programs / Daemons with stackguard to protect against buffer overflows. That will take care of big chunks of intrusion protection. A good overall design will help out with authorized user protection. Now someone just needs to find a good way to protect against heap overflows.
An assuming you aren't in an NT domain environment where security has any priority. SID changing programs may be sufficient for workstations, but maybe not. There is no way you can Ghost domain controllers, and I personally would worry about any ghosted NT machine. All hail the registry.
Your story or your facts make no sense. A smurf attack would not use the attacker's IP address anywhere in the violator's stream. A smurf is basically just a broadcast ping to a network that accepts broadcast pings, with the reply address being faked to that of the victim. Hense, if your address was suspect, you would either have to be a victim, or a hapless "amplifier". Either way, your story or the facts in the story are fishy.
Why is it the position of these "visionaries" that other cultures around the world want technology in the same way our's does? I agree, food for the starving, but internet for all? There is no one true way.
Please keep comments like this to yourself! Keyboards are expensive and dont' stand up to having coke spit up onto them! :)
"from the brain-stem-humor dept"
Unfortunately, That isn't the case. The CDDB evolved from an open source project I believe. They used to distribute just a flat file of all entered titles, and then moved on to developing the CDDB Protocol. Reverse engineering would be simple, you can do lookups with telnet. As a matter of fact, I have a perl script I wrote to do just that. They base the uniqe value for lookups on track length I believe. I have some C code to generate that for Windows (adopted from the example they (used to?) give out on their page. I seem to remember, that all the servers are run by volunteers as well. They may own the protocol, but i doubt they own the information. It wouldn't be terribly hard to write a script to rip down all the information and populate it into a "new" database.
Secondly, there's no one to sue if something goes wrong. As sad as that sounds, it's a fact of life.
Give me one example of a company suing a software manufacturer and I'll accept that line of reasoning.
Much of what we do is time-critical, and with all forms of free software, immediate support cannot be guaranteed.
Give me one example of anything in a distributed environment (ie, not mainframe) where immediate support is guaranteed and I'll accept that line of reasoning.
Thirdly, if we had a linux expert who set up a bunch of systems, and got his by a truck tomorrow, we'd be screwed. With SGI, Sun, HP, etc, we could bring in an expert immediately.
Prove to me that a Linux expert is harder to find than an SGI, Sun, or HP expert and I'll accept that line of reasoning. Also prove to me that an OS expert would be of any help in this situation. Technical expertise is more a function of how expert a person is in your systems, not the OS.
Your arguments are paranoid and dillusional. There are many institutions that can deal with problems such as you are experiancing. If that fails, there are several fine chemicals that can in fact help.