Before you take a job with the government, consider that you will become one of "them", and you will no longer be able to ridicule government employees in your/. posts without becoming a hypocrite.
Naw. Once you've seen the inside, you gain new understanding. You get to chuckle at the misconceptions expressed within this forum. And you get to ridicule the ineptitude of those around you in your daily work schedule. And unlike the unknowing critics, you actually speak from experience.
Whats scarry is when the ignorant make outlandish observations that are actually far too close to the truth.
The fact that it is freeware does not change the copyright that applies to it.
Oh, certainly. I agree. However, I tossed that bit in there because I seem to remember some legal finding awhile back that specifically mentioned the price paid for software or somesuch (I probably shouldn't go off on tangents when I'm tired).
I guess the bottom line is, that in my opinion it doesn't look very professional to have a link on the front page to software that infringes on someones copyright. No matter how shitty that original software is.
Yea, but the links provided included an article too. Though, I guess it would be much more interesting if the article was on CNN or MSNBC, etc.
WTF? I mean, are we going to see front-page links to warez copies of AutoCAD here soon, just because we don't agree with the way Autodesk wrote their software?
You have a valid point tossed in with all the blame towards Slashdot. That point being the question of how legal and/or moral it is to hack and distribute freeware to remove undesired functionality (and would it make any difference if the app in question wasn't freeware). But I have to disagree with the overall tone of the post.
First, this is a valid event. It is part of the backlash towards Kazaa for their business practices. And it is a popular action too, judging from the article and the fact that the last few times Kazaa has been the subject of a Slashdot article, Kazaa-Lite gets multiple mentions.
For a site that is supposed to be so Open Source aware this seems especially strange. Open Source does not condone piracy. Instead it allows for alternatives. So why not have an article about a good Open Source alternative, instead of linking to illegal software?
Let's not confuse issues here. This has NOTHING to do with Open Source. Heck - Kazaa has nothing to do with Open Source software itself. Though the suggestion to mention Open Source alternatives is a fair one.
so if the checksums were performed on the crapware to make sure it was un-altered?
Have your trojan (in the good sense) app check the newest install file. It could locate the required file, generate a checksum on the requested offset of that file, and then return it... all without ever having to install the malware. And since it deals with the latest install file (either user-supplied or auto-downloaded?), the "authentication" is automagically updated as new install files become available.
1. Netscape was having Engineering problems by the time IE was released. Microsoft had an advantage because they started with a fresh code base right when everyone was learning from Netscape's mistakes.
Could you clarify this point? Unless you've forgoten version numbers, I believe you're off. IE was built with code licensed from Spyglass (Mosaic). And, true to Microsoft form, it wasn't until IE3.x that they began to get it right and start gaining serious market share. And it was IE4 (and their introduction of the integrated browser) vs. Netscape4 (ie: Communicator - one had to go out of one's way to get just the browser) when it became clear Microsoft had gained the traction they needed and Netscape had began to stumble.
Now we have IE6 versus Netscape 6... and Netscape 6 is just a horrible rip of Mozilla. Netscape 6 is worthless - I'm sticking to mozilla.
Yea, I'm sticking with Mozilla too. But come, come. Netscape 6 is a rip of Mozilla? If it wasn't for the actions and funding from Netscape, Mozilla would not exist. Netscape using Mozilla for their next browser offering is how the system is supposed to work.
Granted - they began harvesting from the Mozilla orchard a bit early. The fruits are still a tad green for the public pallet. But that's their decission.
Meanwhile, Mozilla marches on. It gets better. And I gladly use it. And I thank Netscape for making it possible.
Why? Because it's bloody software we're talking about here! And although, granted, the philosophy behind the propogation of this software can be interesting, it's clearly not something anyone who isn't part of a LUG is going to be remotely interested in.
Its just software. Its just computers. Its just a world-spanning network available to an unprecidented number of individuals.
And the printing press was just a machine.
To some people, a tool is just a tool. Even those in the business of making tools sometimes see them as simple end products. Something generated to, in turn, generate income.
Others realize the impact these tools can have on a society. They recognize that a tool becomes a vehicle of change. And because of that change, the tool in turn wields a greater degree of power, and requires a higher degree of respect than just an object that generates cash flow.
Open Source and Free Software may be about technology. But they are also about the social aspects of that technology.
And before one dismisses this as some political ideology, that social aspect also affects business. How much of your corporate infrastructure is dependant on a single vendor and their marketing strategy?
Are the leaders of these movements obscure to the general public? Sure. But that does not mean the movement, and the ideas of these leaders, are not worthy of documentation. And it certainly doesn't mean the movements themselves have no value outside of hobbiests and the enthusiast.
I guess I really don't understand this "everything must be free" mentality. I use Windows, and I think it's worth the $140 (Windows 2000 OEM) because Windows helps me make money doing my job.
Like many IT industry people, you are completely missing the meaning of "free". You have assigned it the designation of "without a fee". And you have missed the real power of Open Source for the end user: freedom.
To be sure, we all like to hold on to our funds. And sometimes that alone is a justification for one particular piece of software over another. But it is only one issue (and a minor one to many organizations with the appropriate funding).
Sometimes technical decissions are made to support marketing. Often to the detriment of the end user - locking them in to a more profitable path. And while Microsoft is not the only one who does this, they have often proven to be especially adept at the practice.
Open Source projects tend to make technical decissions for technical reasons. By its nature, it is difficult to use such technology to force a customer in to a set path (at any time, they can contract their own coders and go their own direction). And, of course, open source technology favors open standards which means an infrastructure will be compatible with other technology following the same standard (proprietary or not). Freedom.
...I believe that you should chip in your support to those vendors that you feel are making a good product, regardless of whether that product is being offered as a free download or not.
And often those who desire monetary compensation DO have ways for end users to offer that compensation. I have paid for boxed sets of Linux for my own use (and that of my clients). I've recommended a mixed environment when the commercial and competing Open Source packages offered different strengths for different reasons (and actually - that competition helped ensure my employer got an improved product in the commercial package). I've seen my employer take GPL code, pay for development to improve functions needed for their own use, and return those changes to the project. And I've seen my employer contract a major Linux company for desktop support of their official desktop Linux rollout.
Of course, that all involves fees. I've also supported my favorite Open Source projects with code (though I'm horrid at that). Artwork. Documentation. Bug reporting and working with developers to track down the problem. I've certainly helped improve those projects. And THAT is an important aspect of Open Source too.
Keep that in mind next time you bash someone for using a product that costs money.
Microsoft does not get bashed because their products cost money. Some of their free offerings (IE, Outlook Express, etc) get heavy criticism. And to be honest... anyone who wants to get Microsoft products for free has only to look for "pirated" copies.
Microsoft gets criticized because of their marketing. This is where they take advantage of their customers. This is where they attack and attempt to strangle competition. This is where they attempt to subvert open standards. This is where they leverage their market leadership to illegaly maintain their monopoly. This is where they gain the tittle "evil".
Have you ever read Debt of Honor by Tom Clancy? Well, I bet someone who helped to plan the 9/11 attack did.
Tom Clancy's stuff always spawns converstations over how plausible his ideas are. I suppose the real draw to his works is that they are plausible enough. And then there's the fact that Clancy doesn't just pull ideas out of thin air. They're often based on real events and concerns.
Does that mean nobody would have thought of using an airplane as a weapon without Clancy's work? Hardly. The concept was proven rather effective since WWII and the war in the Pacific.
This book seemed like an unrealistic problem until it actually happened. No one took it seriously until a real airplane was used as a weapon.
So I do not agree that some obscure website called "10 easy ways to Hijack an airliner and slam it into a building" would have saved anyone any grief.
I completely agree here. If a major publication from Tom Clancy doesn't gain attention, then its unlikely an obscure web site would either. But then, I still maintain that the existance of such a document would not guarentee a terrorist attack either.
Of course... this leads to an observation on security (from infosec to physical)...
Security only comes from pain.
When you're trying to sell a security concept to the uninitiated, comfortable in their status quo, you have to tell a "scare the horses" story. You have to hit home why it will affect them, and part of that is show the carnage already done to someone else.
Even then, sometimes you just have to wait until its time to pick up the pieces, perform damage control, and put a new system in place.
The only way to avoid that is perform the "carnage" yourself. Demonstrate the weekness in a security system by attacking it in a non-destructive manner and prove its weakness. This is the bassis behind such actions as infosec penetration testing as well as the embarassingly successful Red Cell unit in the US Navy.
They tried to attack their captors but their captors cut the oxygen to the passenger cabins. Black box audio reports say that.
Blackbox audio also records someone in the cockpit saying "they're coming". The assumption has been that the voice is that of the hijackers in responce to the passangers. This corresponds with background noise heard from mobile phone conversations at the time. There is obviously some question as to how successful the passenger revolt was - but it did happen. They did attack. And as is evidence from following incidents, passangers are likely to take that route again rather than sit back and hope for the best.
The new information you mentioned about using the planes as missiles was used to shoot the plane down by fighter planes
No. What I am saying is that the planes that managed to hit their targets were effectively guided missiles.
But now that you mention it... yes, I've heard of the rumor. From the very day that the aircraft went down. But there has been no solid evidence. I could understand why such an event wouldn't have happened. And I could see it happening (I've been on alert ground crews before - but not CONUS). And I could understand why shooting down a civilian aircraft would be a sticky subject for the PR-minded top brass.
But then... all that has little to do with my point.
Take a look at the instructions. From what I can understand (from a dodgy translation via Google), the instructions actually shut down sections of rail rather than sabotage passanger safety. Though messing with a system could have other consequences the author of the article are not aware of.
Having said that - if you're so concerned about safe passage, look in to the issue. Maybe you're not as safe as you think you are.
That the average Joe on the street doesn't want to cut power to a domestic railway system, but that your average nutcase or terrorist might.
What would you say to a site that said
"10 easy ways to Hijack and airliner and slam it into a building" ?
Nice shot at a knee-jerk reaction.
What would I say to such a document? Post it. Link to it. Alert the media. Get CNN to do a cyber-scare article on it. Get people thinking about the state of security in their airports and the danger this represents.
Know why a group of people were able to seize guided missiles for the price of some flying lessons, airline tickets, and box cutters? It wasn't because box cutters are such a formidable weapon. It is because the passangers and crew of those airlines did not expect what was to come. Up to that point, hijackings tended to be isolated events that lead up to a police standoff on the ground. Most of the time, the majority of hijack victoms survived.
The passangers of Flight 93 quickly learned of the fate of other hijacked airlines that day thanks to mobile phones. With the cry of "let's roll" (accredited to Todd Beamer), the passangers of that flight attacked their captors. It cost them their lives as the entire flight went down in a field in western Pennsylvania. But their flight was the only one to not also crash in to a monument and take additional lives on the ground (authorities believe the flight was headed for a target in Washington).
The difference between Flight 93 and other doomed flights that day was a slim margin of knowledge. A realization that the threat was different than the past. Information.
If a group attempted the same tactic today (with box cutters, much less the nail-clippers being confiscated by airport security now), they would meet the same resistance. Additional attempts of airline terrorism (the shoe-bomber being a prime example) has lead to quick action by fellow passangers to subdue their would-be attacker.
What would a document called "10 easy ways to Hijack an airliner and slam it into a building" do? I can tell you what a lack of such a document didn't do - stop the events of 9/11 from happening.
We now have proof of a machiavellian genious working within the USPTO. We may not know his intent, but we do know his modus operandi: absurdity.
Maybe the agent posseses a sense of humor and an apreciation for irony that has slowly twisted his mind over the years. It started simply. A inane little patent. Won't hurt anything. But it was darned funny. And nobody caught it. So he upped the stakes with another gem. Unnoticed. And another. And another. The beancounter souless zombies that are his coworkers oblivious to the parade of delicious irony under their noses, presented by inane claims, burried in a sea of paperwork. Taunting him. Daring him. Just a little more. They'll appreciate his humor. If he just found one obvious enough.
Maybe our mastermind is actually an activist. Working from the inside. Sabotaging the system. Poisoning the dignity of the entire USPTO system with more and more outlandish patent grants. Daring the public to see the USPTO for the foolishness that it really is. They'll apreciate how foolish it all is. If he just made it obvious enough.
Or maybe there is no mastermind. We are simply witnessing the byproduct of a reality distortion only known to exist within the proximity of US Governmental beurocracy and Steve Jobs.
So many posibilities. And we've only just began to scratch the surface...
I'm curious what the reaction here would be if a different company developed this? If some linux company pioneered this would the posts here be about how linux saves you even more money and the triumphs of open source? I think so.
I have to disagree. The grinding of teeth you hear is not a knee-jerk reaction to the word "Microsoft", as you imply. It is a reaction to the memories of "winmodems" this idea brings up. Remember, politics aside, this site IS frequented by the more technically minded. And software modems have a far less than sparkling reputation. Linux only adds to the pre-existing list of grievances.
The people buying this are not going to be hardcore wifi enthusiasts, but home and business buyers with CPUs on almost eternal idle.
Right. In other words, people who don't know any better.
It'd be great if information could always be free, but unless we restrict dangerous forms of it, we are simply giving up our safe way of life. Although one might *want* to give arbitrary individuals access to all information, you're essentially allowing arbitrary individuals the power to do anything they desire. This system will eventually lead to catastrophe, because you cannot make the entire world's population obey an honor system.
Information will flow. Faster. And faster. There is nothing you can do about it short of completely dismantling the very systems that we are becoming more and more dependant on.
When I first got in to computing, a home computer was very unique, let alone one equiped with a MODEM. Most communities flourishing on BBS' (I hadn't heard of the Internet then) were completely out of the mainstream. Some communities were even further underground from the BBS community norm of social discussions and user group chatter. Illicit information flowed.
By today's standards, the BBS community (and real-space user groups - ie: 2600) were disconnected pockets. The Internet changed that. Communication is vastly improved. And information will flow to a greater extent whether it is known or driven underground.
Illicit data exists and will always exist for those who seek it out. The question is... can your system survive it?
Right now, we are experiencing considerable angst and pain over the state of information security. Much of this is due to public and professional ignorance. Many are simply unaware of the issues. And many of our networks and systems have been built on this ignorance. Despite the warnings of those who understand the issues and pay attention to this flow if illicit data.
This pain is required. People tend to ignore warnings until they understand the dire situation. Pain (either experienced or witnessed) drives this point home.
In the end, our networks and systems must evolve and improve. It is possible. A major difference between physical security and information security is that physical security deals with rules and laws we do not define (though we adapt our security and circumvention technology as we gain new understanding of these physical laws). With data structures and systems, we define our own rules and can change them to suit the situation.
This change can happen with the aid of all information, or it must happen despite its hidden nature. If it does not, the system will fail. And no amount of calling information "dangerous" will prevent it.
Those who deal with lethal viruses and diseases often can't just make samples and research easily accessible to anyone, even anonymous people. Why should virus "researchers" be able to do what is essentially the same thing?
The bar for experts working with dangerous biological agents is pretty high. And rightfully so. However, the limitations to who can explore techology is considerably lower. This goes for information security issues as well.
Who is to say who is the expert? Would you limit such research and tools to industry professionals?
Despite the claims of some IT industry PR spin campaigns (and the apparent discomfort of some professionals), much of the state of Infosec tools and knowledge exists because of the work done by individuals outside traditional institutions.
Cool. Finally something that comes CLOSE to backing up these claims. Of course, its an older distro with known vulnerabilities. In comparison, the same document notes that a Win98 install was compromised in under 24hrs. Unfortunately it doesn't talk about other architectures (even though a Solaris machine is mentioned in another context).
Still, this statistic is hardly a good indication that all Linux installations "in the wild" are being compromised within X hours. And this is the claim that is constantly made, complete with bogus statistics.
The third should be a technical and not a marketing challenge but if MS can convince every PHB that they're products are secure and that any problems are down to incompetent admins......
For the last few years, Microsoft has been treating security as a PR / Marketing issue. The tactic is beginning to fail. IT consumers are beginning to realized that there are problems with Microsoft product security - even if they aren't quite sure what those problems are.
Keep in mind their past history, as well. The article mentions that this latest push - Gates' latest memo - is only one of three. Take a look at those last two.
...
The first was to get Windows onto every desktop.
...
The second memo? The Internet.
One of the amazing things about Microsoft is its ability to turn on a dime. They almost missed the Internet. Then they played an amazing game of catch-up.
But that does not mean they will be able to do it every time.
There is a major difference in the nature of Microsoft's first two challenges (desktop and internet) and its current one (security). The first two were really exercises in marketing. The third is a technical challenge.
Before you feel all high and mighty I think I should point out that something likely 75% of all redhat boxes are rooted in the first 24 hours.
I've seen you, and others, bandy about this type of statistic for some time. But I have not found a single reference to back it up. Can you back this statistic up with a valid reference?
What do you think Spammers use? Dial-up modems? Maybe this will put a few spammers out of business
Two points.
First, as it has been stated, it does not take much bandwidth to spam. The Behind Enemy Lines site shows one apparently successful spam outfit using stolen AOL accounts.
Secondly, ISPs are already aware of this issue. I believe they filter outbound port 25 traffic to eliminate this abuse. One then configures one's email server to use the ISP's server as a smart host - esentially bouncing outbound email through the provided email gateway. This way, email abuse is quickly noted (and recorded, if not controlled) by the ISP. Inbound traffic to your personal email server should be unaffected.
However, if you block the banners or ads from the site itself, I feel that you have crossed a line. Receiving the ads is the price of visiting the site. While you are welcome to receive the site's content in any way that you want, blocking banners, etc., is essentially the same as shoplifting. You are taking what you want without paying the costs.
I like to support the sites I frequent. I don't mind "paying" a reasonable bandwidth cost for banner ads. But that doesn't mean I will pay any cost in the name of advertising.
The Web is not a broadcast medium. This still manages to escape many media outlets and advertising types. Still, the one thing they understand is cost. If an advertising campaign becomes costly, it will be dropped.
I don't mind ad banners. I do mind stupid java tricks, tracking cookies, and flash ads. In fact, flash ads have me using Junkbuster again. Abusive ads are blocked. Acceptable ads get a view.
Abusive ads become ineffecitve and costly. With luck, and many more users doing what I do, they will also cease to be used by advertisers.
Consider the Office files I used to test ThinkFree's compatibility -- documents I've received in e-mail from friends, co-workers, contributors and publicists over the past few years.
Most of the Word files would have looked no different as "rich text format" documents. Nearly all of the Excel files were nothing more than glorified tables. Almost every PowerPoint presentation amounted to a minimally illustrated, bullet-point list, and some only consisted of a single graphic on a page.
It's a waste to use $480 worth of Office suite for such simple work. But it's not a surprise either. To paraphrase what others have said: When Microsoft Office is your only hammer, pretty much everything begins to look like a nail.
The point is that a vast marjority of documents are actually very simple and do not require the features of Microsoft Office to produce.
Sure. These documents may have a lot of value. And a smart business will pick tools that enable their people to produce those documents. There are certainly cases where Microsoft Office's features justify the price. But just because a document is valuable does not mean it requires expensive tools to produce.
Naw. Once you've seen the inside, you gain new understanding. You get to chuckle at the misconceptions expressed within this forum. And you get to ridicule the ineptitude of those around you in your daily work schedule. And unlike the unknowing critics, you actually speak from experience.
Whats scarry is when the ignorant make outlandish observations that are actually far too close to the truth.
Oh, certainly. I agree. However, I tossed that bit in there because I seem to remember some legal finding awhile back that specifically mentioned the price paid for software or somesuch (I probably shouldn't go off on tangents when I'm tired).
Yea, but the links provided included an article too. Though, I guess it would be much more interesting if the article was on CNN or MSNBC, etc.
You have a valid point tossed in with all the blame towards Slashdot. That point being the question of how legal and/or moral it is to hack and distribute freeware to remove undesired functionality (and would it make any difference if the app in question wasn't freeware). But I have to disagree with the overall tone of the post.
First, this is a valid event. It is part of the backlash towards Kazaa for their business practices. And it is a popular action too, judging from the article and the fact that the last few times Kazaa has been the subject of a Slashdot article, Kazaa-Lite gets multiple mentions.
Let's not confuse issues here. This has NOTHING to do with Open Source. Heck - Kazaa has nothing to do with Open Source software itself. Though the suggestion to mention Open Source alternatives is a fair one.
Have your trojan (in the good sense) app check the newest install file. It could locate the required file, generate a checksum on the requested offset of that file, and then return it... all without ever having to install the malware. And since it deals with the latest install file (either user-supplied or auto-downloaded?), the "authentication" is automagically updated as new install files become available.
Could you clarify this point? Unless you've forgoten version numbers, I believe you're off. IE was built with code licensed from Spyglass (Mosaic). And, true to Microsoft form, it wasn't until IE3.x that they began to get it right and start gaining serious market share. And it was IE4 (and their introduction of the integrated browser) vs. Netscape4 (ie: Communicator - one had to go out of one's way to get just the browser) when it became clear Microsoft had gained the traction they needed and Netscape had began to stumble.
Perhapse it is IE4 that you're referring to?
Yea, I'm sticking with Mozilla too. But come, come. Netscape 6 is a rip of Mozilla? If it wasn't for the actions and funding from Netscape, Mozilla would not exist. Netscape using Mozilla for their next browser offering is how the system is supposed to work.
Granted - they began harvesting from the Mozilla orchard a bit early. The fruits are still a tad green for the public pallet. But that's their decission.
Meanwhile, Mozilla marches on. It gets better. And I gladly use it. And I thank Netscape for making it possible.
Its just software. Its just computers. Its just a world-spanning network available to an unprecidented number of individuals.
And the printing press was just a machine.
To some people, a tool is just a tool. Even those in the business of making tools sometimes see them as simple end products. Something generated to, in turn, generate income.
Others realize the impact these tools can have on a society. They recognize that a tool becomes a vehicle of change. And because of that change, the tool in turn wields a greater degree of power, and requires a higher degree of respect than just an object that generates cash flow.
Open Source and Free Software may be about technology. But they are also about the social aspects of that technology.
And before one dismisses this as some political ideology, that social aspect also affects business. How much of your corporate infrastructure is dependant on a single vendor and their marketing strategy?
Are the leaders of these movements obscure to the general public? Sure. But that does not mean the movement, and the ideas of these leaders, are not worthy of documentation. And it certainly doesn't mean the movements themselves have no value outside of hobbiests and the enthusiast.
Like many IT industry people, you are completely missing the meaning of "free". You have assigned it the designation of "without a fee". And you have missed the real power of Open Source for the end user: freedom.
To be sure, we all like to hold on to our funds. And sometimes that alone is a justification for one particular piece of software over another. But it is only one issue (and a minor one to many organizations with the appropriate funding).
Sometimes technical decissions are made to support marketing. Often to the detriment of the end user - locking them in to a more profitable path. And while Microsoft is not the only one who does this, they have often proven to be especially adept at the practice.
Open Source projects tend to make technical decissions for technical reasons. By its nature, it is difficult to use such technology to force a customer in to a set path (at any time, they can contract their own coders and go their own direction). And, of course, open source technology favors open standards which means an infrastructure will be compatible with other technology following the same standard (proprietary or not). Freedom.
And often those who desire monetary compensation DO have ways for end users to offer that compensation. I have paid for boxed sets of Linux for my own use (and that of my clients). I've recommended a mixed environment when the commercial and competing Open Source packages offered different strengths for different reasons (and actually - that competition helped ensure my employer got an improved product in the commercial package). I've seen my employer take GPL code, pay for development to improve functions needed for their own use, and return those changes to the project. And I've seen my employer contract a major Linux company for desktop support of their official desktop Linux rollout.
Of course, that all involves fees. I've also supported my favorite Open Source projects with code (though I'm horrid at that). Artwork. Documentation. Bug reporting and working with developers to track down the problem. I've certainly helped improve those projects. And THAT is an important aspect of Open Source too.
Microsoft does not get bashed because their products cost money. Some of their free offerings (IE, Outlook Express, etc) get heavy criticism. And to be honest... anyone who wants to get Microsoft products for free has only to look for "pirated" copies.
Microsoft gets criticized because of their marketing. This is where they take advantage of their customers. This is where they attack and attempt to strangle competition. This is where they attempt to subvert open standards. This is where they leverage their market leadership to illegaly maintain their monopoly. This is where they gain the tittle "evil".
Tom Clancy's stuff always spawns converstations over how plausible his ideas are. I suppose the real draw to his works is that they are plausible enough. And then there's the fact that Clancy doesn't just pull ideas out of thin air. They're often based on real events and concerns.
Does that mean nobody would have thought of using an airplane as a weapon without Clancy's work? Hardly. The concept was proven rather effective since WWII and the war in the Pacific.
I completely agree here. If a major publication from Tom Clancy doesn't gain attention, then its unlikely an obscure web site would either. But then, I still maintain that the existance of such a document would not guarentee a terrorist attack either.
Of course... this leads to an observation on security (from infosec to physical)...
Security only comes from pain.
When you're trying to sell a security concept to the uninitiated, comfortable in their status quo, you have to tell a "scare the horses" story. You have to hit home why it will affect them, and part of that is show the carnage already done to someone else.
Even then, sometimes you just have to wait until its time to pick up the pieces, perform damage control, and put a new system in place.
The only way to avoid that is perform the "carnage" yourself. Demonstrate the weekness in a security system by attacking it in a non-destructive manner and prove its weakness. This is the bassis behind such actions as infosec penetration testing as well as the embarassingly successful Red Cell unit in the US Navy.
Blackbox audio also records someone in the cockpit saying "they're coming". The assumption has been that the voice is that of the hijackers in responce to the passangers. This corresponds with background noise heard from mobile phone conversations at the time. There is obviously some question as to how successful the passenger revolt was - but it did happen. They did attack. And as is evidence from following incidents, passangers are likely to take that route again rather than sit back and hope for the best.
No. What I am saying is that the planes that managed to hit their targets were effectively guided missiles.
But now that you mention it... yes, I've heard of the rumor. From the very day that the aircraft went down. But there has been no solid evidence. I could understand why such an event wouldn't have happened. And I could see it happening (I've been on alert ground crews before - but not CONUS). And I could understand why shooting down a civilian aircraft would be a sticky subject for the PR-minded top brass.
But then... all that has little to do with my point.
Having said that - if you're so concerned about safe passage, look in to the issue. Maybe you're not as safe as you think you are.
Nice shot at a knee-jerk reaction.
What would I say to such a document? Post it. Link to it. Alert the media. Get CNN to do a cyber-scare article on it. Get people thinking about the state of security in their airports and the danger this represents.
Know why a group of people were able to seize guided missiles for the price of some flying lessons, airline tickets, and box cutters? It wasn't because box cutters are such a formidable weapon. It is because the passangers and crew of those airlines did not expect what was to come. Up to that point, hijackings tended to be isolated events that lead up to a police standoff on the ground. Most of the time, the majority of hijack victoms survived.
The passangers of Flight 93 quickly learned of the fate of other hijacked airlines that day thanks to mobile phones. With the cry of "let's roll" (accredited to Todd Beamer), the passangers of that flight attacked their captors. It cost them their lives as the entire flight went down in a field in western Pennsylvania. But their flight was the only one to not also crash in to a monument and take additional lives on the ground (authorities believe the flight was headed for a target in Washington).
The difference between Flight 93 and other doomed flights that day was a slim margin of knowledge. A realization that the threat was different than the past. Information.
If a group attempted the same tactic today (with box cutters, much less the nail-clippers being confiscated by airport security now), they would meet the same resistance. Additional attempts of airline terrorism (the shoe-bomber being a prime example) has lead to quick action by fellow passangers to subdue their would-be attacker.
What would a document called "10 easy ways to Hijack an airliner and slam it into a building" do? I can tell you what a lack of such a document didn't do - stop the events of 9/11 from happening.
Maybe the agent posseses a sense of humor and an apreciation for irony that has slowly twisted his mind over the years. It started simply. A inane little patent. Won't hurt anything. But it was darned funny. And nobody caught it. So he upped the stakes with another gem. Unnoticed. And another. And another. The beancounter souless zombies that are his coworkers oblivious to the parade of delicious irony under their noses, presented by inane claims, burried in a sea of paperwork. Taunting him. Daring him. Just a little more. They'll appreciate his humor. If he just found one obvious enough.
Maybe our mastermind is actually an activist. Working from the inside. Sabotaging the system. Poisoning the dignity of the entire USPTO system with more and more outlandish patent grants. Daring the public to see the USPTO for the foolishness that it really is. They'll apreciate how foolish it all is. If he just made it obvious enough.
Or maybe there is no mastermind. We are simply witnessing the byproduct of a reality distortion only known to exist within the proximity of US Governmental beurocracy and Steve Jobs.
So many posibilities. And we've only just began to scratch the surface...
...which means the same stellar history of secure code, but with more people to blame for individual incidents!
More or less the same business model present in the current IT Industry.
I have to disagree. The grinding of teeth you hear is not a knee-jerk reaction to the word "Microsoft", as you imply. It is a reaction to the memories of "winmodems" this idea brings up. Remember, politics aside, this site IS frequented by the more technically minded. And software modems have a far less than sparkling reputation. Linux only adds to the pre-existing list of grievances.
Right. In other words, people who don't know any better.
Information will flow. Faster. And faster. There is nothing you can do about it short of completely dismantling the very systems that we are becoming more and more dependant on.
When I first got in to computing, a home computer was very unique, let alone one equiped with a MODEM. Most communities flourishing on BBS' (I hadn't heard of the Internet then) were completely out of the mainstream. Some communities were even further underground from the BBS community norm of social discussions and user group chatter. Illicit information flowed.
By today's standards, the BBS community (and real-space user groups - ie: 2600) were disconnected pockets. The Internet changed that. Communication is vastly improved. And information will flow to a greater extent whether it is known or driven underground.
Illicit data exists and will always exist for those who seek it out. The question is... can your system survive it?
Right now, we are experiencing considerable angst and pain over the state of information security. Much of this is due to public and professional ignorance. Many are simply unaware of the issues. And many of our networks and systems have been built on this ignorance. Despite the warnings of those who understand the issues and pay attention to this flow if illicit data.
This pain is required. People tend to ignore warnings until they understand the dire situation. Pain (either experienced or witnessed) drives this point home.
In the end, our networks and systems must evolve and improve. It is possible. A major difference between physical security and information security is that physical security deals with rules and laws we do not define (though we adapt our security and circumvention technology as we gain new understanding of these physical laws). With data structures and systems, we define our own rules and can change them to suit the situation.
This change can happen with the aid of all information, or it must happen despite its hidden nature. If it does not, the system will fail. And no amount of calling information "dangerous" will prevent it.
The bar for experts working with dangerous biological agents is pretty high. And rightfully so. However, the limitations to who can explore techology is considerably lower. This goes for information security issues as well.
Who is to say who is the expert? Would you limit such research and tools to industry professionals?
Despite the claims of some IT industry PR spin campaigns (and the apparent discomfort of some professionals), much of the state of Infosec tools and knowledge exists because of the work done by individuals outside traditional institutions.
Still, this statistic is hardly a good indication that all Linux installations "in the wild" are being compromised within X hours. And this is the claim that is constantly made, complete with bogus statistics.
For the last few years, Microsoft has been treating security as a PR / Marketing issue. The tactic is beginning to fail. IT consumers are beginning to realized that there are problems with Microsoft product security - even if they aren't quite sure what those problems are.
One of the amazing things about Microsoft is its ability to turn on a dime. They almost missed the Internet. Then they played an amazing game of catch-up.
But that does not mean they will be able to do it every time.
There is a major difference in the nature of Microsoft's first two challenges (desktop and internet) and its current one (security). The first two were really exercises in marketing. The third is a technical challenge.
I've seen you, and others, bandy about this type of statistic for some time. But I have not found a single reference to back it up. Can you back this statistic up with a valid reference?
Two points.
First, as it has been stated, it does not take much bandwidth to spam. The Behind Enemy Lines site shows one apparently successful spam outfit using stolen AOL accounts.
Secondly, ISPs are already aware of this issue. I believe they filter outbound port 25 traffic to eliminate this abuse. One then configures one's email server to use the ISP's server as a smart host - esentially bouncing outbound email through the provided email gateway. This way, email abuse is quickly noted (and recorded, if not controlled) by the ISP. Inbound traffic to your personal email server should be unaffected.
Voila. Personal server. No spam.
I like to support the sites I frequent. I don't mind "paying" a reasonable bandwidth cost for banner ads. But that doesn't mean I will pay any cost in the name of advertising.
The Web is not a broadcast medium. This still manages to escape many media outlets and advertising types. Still, the one thing they understand is cost. If an advertising campaign becomes costly, it will be dropped.
I don't mind ad banners. I do mind stupid java tricks, tracking cookies, and flash ads. In fact, flash ads have me using Junkbuster again. Abusive ads are blocked. Acceptable ads get a view.
Abusive ads become ineffecitve and costly. With luck, and many more users doing what I do, they will also cease to be used by advertisers.
Right. And your argument was that the hammer should cost $480. What are you? A DoD contractor?
There are other tools available. But few bother to look.
Let's look at the statement in context, shall we?
The point is that a vast marjority of documents are actually very simple and do not require the features of Microsoft Office to produce.
Sure. These documents may have a lot of value. And a smart business will pick tools that enable their people to produce those documents. There are certainly cases where Microsoft Office's features justify the price. But just because a document is valuable does not mean it requires expensive tools to produce.