He's not suggesting that there's software that can do this. He's saying that if you were to take a tunneling electron microscope, you would be able to read more than just one layer of "erased" data. There was a VERY LONG and detailed thread about this on Full-Disclosure last month. Check the archive for the thread "Erasing a hard drive easily".
Was the error message produced by AIM? Many AV programs attempt to detect common exploit strings like a long series of "A"s, which are commonly used to fill up a buffer in an exploit.
"The article also discusses junk e-mail's impact on productivity, with one business reporting that 99.84 percent of all incoming mail is spam."
I've got a revolutionary system to fight spam that I guarantee will be 99.84% effective for this company! It's simple, free, and uses all existing tools! Here's some sample code:
root@mailhost# init 0
PS: Don't listen to people who tell you it has a high rate of false positives. 99.84% effective, man!
Button 2 is the middle mouse button. That should work in most mozilla-based browsers. Of course, it doesn't fix the slashdot-inserted space (why doesn't slashdot automatically make links clickable? If the link is too long, you can shorten it and add ellipses, while still making it point to the right place).
Actually, the new extension manager of FireFox 0.9 is supposed to solve that. Moreover, I've only seen two pieces of XPI-based spyware so far, and both of them hijacked Internet Explorer, which seemed absolutely retarded.
I've been following this on BugTraq. As others in this discussion have pointed out, it's not that big a deal, since most people turn the firewall on. There's also an interesting post about someone who bought a few of them and checked whether the firewall was enabled by default--it turns out that two of the three units he tested came with the firewall enabled.
Much more terrifying, though, is the fact that Netgear WG602 Access Points have a default admin account that can't be turned off, with the username "super" and the password "5777364". So expect anyone on the WLAN/LAN to be able to own your router if you have this product and enable the admin interface.
Yes, for example, the eigenfaces method converts each image into a vector, and constructs a new subspace based on the highest ranked common features between them (using Principal Component Analysis, aka the Karhunen Lòeve Transform). Then new images are projected into this space and the shortest distance between the new vector and the previously computed ones is found.
It was the first thing that popped into my head while reading the article too:)
Maybe this is something that the 2.6.x series has fixed; I wouldn't know. And maybe the general problem is that if a module screws up and wrongly decides it's still in use, there's no "rmmod -f" command to force removal.
Amusing that you should bring up rmmod -f -- this is precisely the command you would use:) From the rmmod man page:
-f --force
This option can be extremely dangerous: it has no effect unless CONFIG_MODULE_FORCE_UNLOAD was set when the kernel was compiled. With this option, you can remove modules which are being used, or which are not designed to be removed, or have been marked as unsafe (see lsmod(8)).
However, you are correct, this is only available with a 2.6 kernel.
LURHQ's analysis says that the code to exploit the LSASS vulnerability came from houseofdabus. who posted it to BugTraq. Given that exploit code, it would be pretty trivial to make Sasser...
"Upstream software developers" refers to the people who actually create the software. Debian takes their work and packages it for end users. Hence, they could accurately be called the link between upstream developers and end users. They are certainly not saying that they themselves are the upstream devels.
If I recall correctly (I was in Portland earlier this year, and took a peek at FreeGeek), they also run a small store at street level using the things they've refurbished. This probably pays for things like miscellaneous equipment.
Even then, it's not necessarily hypocritical--the DMCA is a Bad Law(TM), but certain portions of it are useful, like the safe harbor provisions for ISPs and search engines. Of course, I'd argue that safe harbor could be a lot more lenient about what it lets in, but that's another matter... In any case, even within a single law you can have portions you agree and disagree with.
So then exactly how big was MTU's network, if it was worth 97.8 billion, even with those limitations you mention? I'm thinking that the RIAA is probably a bit less strict in their assignment of damages than you imply...
The point about willfully is one I hadn't considered yet, though. By the way, what portion of copyright law are you quoting in italics?
There must me more to this story than you're telling, otherwise that's not actually fair use. Fair use is this. Unless you never listen to it and just store it for him for when he wants it (ie, space shifting), you're infringing copyright since you don't have a license to listen to that music, only your friend does.
Yeah, Wesleyan isn't exactly a technically oriented school. Another fun count is "how much could I get sued for?" Just take all mp3s, oggs, and wmas on the network and multiply by 150000. (Whether or not some of those are legal, I doubt the RIAA will care).
Slashdot Mirror
Sadly, even zgv isn't free from security flaws.
iptraf does this pretty well. You can have a look at screenshots of it in action here.
Someone on the full-disclosure has posted a good analysis of what this is. Have a look at this thread.
I believe you mean you can download one of the "internets".
He's not suggesting that there's software that can do this. He's saying that if you were to take a tunneling electron microscope, you would be able to read more than just one layer of "erased" data. There was a VERY LONG and detailed thread about this on Full-Disclosure last month. Check the archive for the thread "Erasing a hard drive easily".
Was the error message produced by AIM? Many AV programs attempt to detect common exploit strings like a long series of "A"s, which are commonly used to fill up a buffer in an exploit.
I've got a revolutionary system to fight spam that I guarantee will be 99.84% effective for this company! It's simple, free, and uses all existing tools! Here's some sample code:
PS: Don't listen to people who tell you it has a high rate of false positives. 99.84% effective, man!
Button 2 is the middle mouse button. That should work in most mozilla-based browsers. Of course, it doesn't fix the slashdot-inserted space (why doesn't slashdot automatically make links clickable? If the link is too long, you can shorten it and add ellipses, while still making it point to the right place).
Actually, the new extension manager of FireFox 0.9 is supposed to solve that. Moreover, I've only seen two pieces of XPI-based spyware so far, and both of them hijacked Internet Explorer, which seemed absolutely retarded.
I've been following this on BugTraq. As others in this discussion have pointed out, it's not that big a deal, since most people turn the firewall on. There's also an interesting post about someone who bought a few of them and checked whether the firewall was enabled by default--it turns out that two of the three units he tested came with the firewall enabled.
Much more terrifying, though, is the fact that Netgear WG602 Access Points have a default admin account that can't be turned off, with the username "super" and the password "5777364". So expect anyone on the WLAN/LAN to be able to own your router if you have this product and enable the admin interface.
Yes, for example, the eigenfaces method converts each image into a vector, and constructs a new subspace based on the highest ranked common features between them (using Principal Component Analysis, aka the Karhunen Lòeve Transform). Then new images are projected into this space and the shortest distance between the new vector and the previously computed ones is found.
It was the first thing that popped into my head while reading the article too :)
Amusing that you should bring up rmmod -f -- this is precisely the command you would use :) From the rmmod man page:
However, you are correct, this is only available with a 2.6 kernel.
Hope this helps some...
LURHQ's analysis says that the code to exploit the LSASS vulnerability came from houseofdabus. who posted it to BugTraq. Given that exploit code, it would be pretty trivial to make Sasser...
"Upstream software developers" refers to the people who actually create the software. Debian takes their work and packages it for end users. Hence, they could accurately be called the link between upstream developers and end users. They are certainly not saying that they themselves are the upstream devels.
If I recall correctly (I was in Portland earlier this year, and took a peek at FreeGeek), they also run a small store at street level using the things they've refurbished. This probably pays for things like miscellaneous equipment.
Maybe you want this skin?
Either of you from Wesleyan? I'm in Middletown most of the year on account of that... where are SCOSUG meetings held?
I agree with the parent poster though, Klekolo is very tasty and only a few minutes walk away...
For the second problem, look at this page, section 7. Can't help you with the first, sadly...
-Brendan
Even then, it's not necessarily hypocritical--the DMCA is a Bad Law(TM), but certain portions of it are useful, like the safe harbor provisions for ISPs and search engines. Of course, I'd argue that safe harbor could be a lot more lenient about what it lets in, but that's another matter... In any case, even within a single law you can have portions you agree and disagree with.
-Brendan
Plus, once you've read Illuminatus! and looked a little bit into Discordianism, you get some of the more esoteric geek jokes...
One thing I thought was cute:
Any package created using automake/autoconf has its Makefiles seeded with fnords-Brendan
Only I keep getting this bizarre video of a person hitting "refresh" on a 2-dimensional array of numbers...
So then exactly how big was MTU's network, if it was worth 97.8 billion, even with those limitations you mention? I'm thinking that the RIAA is probably a bit less strict in their assignment of damages than you imply...
The point about willfully is one I hadn't considered yet, though. By the way, what portion of copyright law are you quoting in italics?
-Brendan
There must me more to this story than you're telling, otherwise that's not actually fair use. Fair use is this. Unless you never listen to it and just store it for him for when he wants it (ie, space shifting), you're infringing copyright since you don't have a license to listen to that music, only your friend does.
-Brendan
Yeah, Wesleyan isn't exactly a technically oriented school. Another fun count is "how much could I get sued for?" Just take all mp3s, oggs, and wmas on the network and multiply by 150000. (Whether or not some of those are legal, I doubt the RIAA will care).
Right now I'm at $17,642,850,000.
-Brendan