Slashdot Mirror


User: Alex+Belits

Alex+Belits's activity in the archive.

Stories
0
Comments
6,525
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,525

  1. Server-side applications other than CGI on Perl Domination in CGI Programming? · · Score: 1

    There are a lot of things other than CGI that can be used on HTTP servers -- most servers have either their own scripting language, or C API. The problem with most of those things is that most of scripting langages are limited, and most of C API are either complex or unsafe (run in server's address space and can cause all kinds of trouble if program misbehaves). I have designed my own API for fhttpd, trying to avoid both problems, and IMHO the result is usable.

  2. "Geeks"? Where? on Geeks, Silicon Valley, and Politics · · Score: 1

    As I see it, geeks have nothing to do with it -- our favorite PHBs became a target of courting for campaign contribution, and politicians most likely will either support some more generous "groups" of companies, or just companies. First thing may be bad or merely annoying, second one definitely will be bad for everyone else.

    I don't see geeks influencing politicians at more extent than those geeks influence PHB and marketing people at their work, so this is definitely useless for us. Probably helping a politician to make a decent web site and explaining him issues that geeks will vote for at the next electons can give geeks much more influence over government than millions donated to the campaigns. Regardless of what will politicians will now use those money for, it will either alienate us by exposing ignorance, arrogance and stupidity, or it will never reach us at all, but very inexpensive process of getting a clue and expressing it in the way acceptable to the person with a brain, using the media, suitable for people with 12 hours work day and little tolerance for listening to bullshit, can go a long way.

  3. Original idea on Salon Writes on The Troubles with "Trek" · · Score: 1

    If Paramount really wanted to do something original based on Star Trek, they would at least few times consider the idea of making series or movie that do not revolve around humans. Most of races are well known from series, yet the details of their political system, culture and psychology are defined just enough to be a base for something creative. While I won't really care about a plot that will revolve entirely around Ferengi (it would require to lose everything that even pretends to look seriously), it's perfectly possible to "develop" other races past the level of caricature -- DS9 is less human-dominated than the rest, and it didn't do any harm to the show itself or its "Star Trek-ness", so making a series or movie without a Federation captain running everything wouldn't be that much of a stretch.

    But the fact that it wasn't considered probably means that people at Paramount either can't see it, or never cared to look -- instead they have Voyager where they made the best possible excuse for inventing more alien races without any obligation to "develop" them.

  4. Patenting locations of stars? on DNA Code - IP or Public Domain? · · Score: 1

    If existing but hard to reproduce in human-readable form information can be patented (DNA is easy to repreduce in non-human-readable form already, so all they did is converting existing information in human-readable form), it can be applied to more ridiculous things -- say, someone can patent his measurements of stars positions and then claim that everyone who is going to use them for navigation (on Earth or in space) can't use them anymore.

    Or, better, patent foreign or disappeared languages.

  5. Re:The example... on Mouse Fun from Microsoft · · Score: 1

    Ummm... Then set the mode to instant, rather than fade. There are always options for that kind of thing. You know, the "turn animations off" mode.

    And how is it related to ANYTHING I've said?

  6. The example... on Mouse Fun from Microsoft · · Score: 1

    ..they have in the picrure is ABSOLUTELY AWFUL. It means, every time I touch the mouse, piece of text, previously visible on the screen is going to be obscured by a block of toolbars? What if I am just switching between windows looking at text in them? What if I want to do cut/paste in the area where those toolbars are appearing? What if I just don'r want to move my hand away from mouse if I am not using it for typing?

    Why not just use additional buttons instead of wasting them on "zooming" and other pointless operations?

  7. Re:Revenants... on Kill -9 With a Doom Shotgun · · Score: 1

    But this is what init does -- respawning some processes (among other things).

  8. Re:Why do people love IE5? on Linux to Get Windows Apps? · · Score: 1

    Window shades are useful for handling large browser windows, too, and immediate reaction to window operations doesn't work well without a window manager if browser is busy doing something.

  9. Re:Why do people love IE5? on Linux to Get Windows Apps? · · Score: 1

    MSIE _resizes_ faster than Netscape. Windows has no window manager, so resizing/maximizing/un-maximizing is done often, and Netscape redraws take a lot of time. X has window managers, so the last thing X user will do is resizing Netscape window just to fit something on the screen.

  10. Re:13u7 `//|-|47 `//i11 u d0... on MTV Hacker Saga Gets Worse · · Score: 2

    what the hell does that mean.

    13u7 `//|-|47 `//i11 u__ d0...
    B_ut w__h__at w__ill you do...
    ...`//|-|3|\| 14/v\0|~5p33|< `//i11 fi|\|411y |~3p14<3 3|\|91i5|-| ?
    ...w__h__en__ lam__er_speak_ w__ill fin__ally r_eplace En__glish__ ?

  11. 13u7 `//|-|47 `//i11 u d0... on MTV Hacker Saga Gets Worse · · Score: 2

    ...`//|-|3|\| 14/v\0|~5p33|< `//i11 fi|\|411y |~3p14<3 3|\|91i5|-| ?

  12. Creativity lacking on both sides on MTV Hacker Saga Gets Worse · · Score: 1

    With my poor abilities to pretent being a common criminal, if faced with a problem, "Shamrock" described -- a bunch of MTV journalists who can't go away without something outrageous even after being pointed to all decent sources of information -- I would rather make something like:

    "In underground I am known as Blue Sucker, and this room is where I do all my hacking. This is my five computers that I have stolen from companies -- it's very easy to do by pretending to be a janitor. Oh, sorry, only two of them, most expensive ones, with K6-2-475, are stolen, and these two I have found in a dumpster -- see, this one has two fans because it has two processors, and this one has a big hole because someone came there before me and taken a CD drive. And this one I have bought at some garage sale, paid $25 for it, however it's garbage, can't be used to break into anything more than 50 miles away.

    I live here alone, and have to pay rent for the whole place -- it's dangerous to have roommates when you have that much sensitive information around. Some my friends say that it's a waste of money, and it's easier to break into the records of some real estate company and make something disappear, but the problem is, I don't want to have a place where no one does repairs, phone lines can be cut at any moment, and neighbors can become suspicious.

    I don't have a job, but I don't need it because I can always get enough money by breaking into banks. It's simple -- see: first you need to find their web site. You just go into the bank, take their booklet, and they have the address there. This is a booklet, this is the address, now I take from the address part between slashes, and give it into nslookup. nslookup is an 31337 hacker's tool, it gives four numbers that allow to access that bank's computer. You know, there are four digits in PINs for bank's ATM -- but banks don't rely on just four digits, they use four numbers between 0 and 255 to get more security. Then you feed those four numbers to traceroute, another hacker's tool. traceroute is even more 31337 than nslookup, it allows you to trace everything that comes into that computer. See those numbers and times? And on the last line, there is the number I have asked, and one time mark is replaced by a star. This is because they use Solaris, see -- sun is a star, so star in this line means Solaris. This means, we now can access the computer. To do that we don't need any special programs, just telnet. See, telnet to the same number that was in traceroute, port 80. It doesn't answer by itself, so we need to send first command blindly -- "GET /". Now it answered, but disconnected me immediately. This is bad, they could detect me, but if I'll erase logs soon enough, noone will notice. It looks like they use HTTP -- see how many time it said "http" in the reply , so trying again, now asking "GET / HTTP/1.0". Now computer didn't disconnect me, so I was right, but it didn't answer anything either. "User-Agent: Blue Sucker" -- still nothing. It's safe to use "Blue Sucker" there -- they have no idea who I am, and everybody already knows that someone called Blue Sucker exists. "Connection: Keep-Alive" -- nothing. Umm... what about sending nothing? Pressing "enter" again -- it answered, and didn't disconnect me. Now I can request transactions to accounts in another already cracked bank, call that bank from a payphone, and after four or five transfers send money to my account.

    This thing probably won't work anymore after I'll try it two or three times, but for now I don't have to worry about the rent.

    No, I don't want to buy a new box and replace these two stolen computers, it's impossible to buy a good box now in a store. However I will trade them for one Solaris box, I want to use Solaris box to break into other Solaris boxes, so those boxes will think that it's just another Solaris box on their network. You know, when I use PC I pretend to be a PC in their office, and PCs aren't allowed to make transactions as large as other Solaris boxes in other banks."

    Then if they will show that it will at least make a statement that won't require an excuse.

  13. Re:Really... on Woman Avoids $70,000 Online Gambling Debt · · Score: 1

    Either this is a prank by the makers of slashdot, or this troll has found a way to bypass moderation

    The comment is _long_ therefore is considered to be one point upper.

  14. Re:Use UTF-8 on Li18nux Effort Announced · · Score: 1

    Being implementable does not make it usable. This is why no one actually uses it.

  15. Re:Use UTF-8 on Li18nux Effort Announced · · Score: 1

    Why is UTF-8 inadequate? Because it requires everything to be in Unicode, and Unicode is inadequate.

  16. An alternative that works in SF Bay Area: on Hands on Review of pdQ Palm/Cellphone · · Score: 1

    PalmIII + Ricochet modem on the belt on the right side (my celphone, leatherman-like tool and flashlight are on the left side). No integration though.

  17. Re:Teaching the world English on Li18nux Effort Announced · · Score: 1
    My English is perfectly suitable for al flamewars I have participated in (except ones that were in Russian ;-), however as a person whose native language is Russian I:
    1. Disagree.
    2. Offended.
    3. Feel no obligation to justify my position to a person who doesn't know my language.
  18. Re:Use UTF-8 on Li18nux Effort Announced · · Score: 2
    UTF-8 is inadequate for any use other than word processing, and is not used by any developed nation except ones that are using ASCII and ISO8859-1 already -- that happened to be first 255 characters of Unicode, UTF-8 is based on.

    And yes, you are a troll here.

  19. Why should we care, what he says? on BBC Solicts Questions to Ask Bill Gates · · Score: 1

    I mean, really -- what will ANY his answer change, if his actions speak for themselves, and he is unlikely to magically produce any justification for them? What will it accomplish -- just making a statement for "general public" by asking questions?

  20. I am deeply offended... on New Mexico Drops Creationists, Decides to Evolve · · Score: 1

    by the existence of the whole debate. Creationism (as well as ban of abortions, prayer and ten commandments text) is a part of religion, and in this country religion is declared to be separated from state. So there should be no any possibility that state-sponsored schools will teach religious belief as fact or theory, mo matter what.

  21. Chinese-blaming season ended... on Russians Crack US Department of Defense Computers · · Score: 1

    ...now everybody start blaming Russians for all US government's troubles.

  22. The shot that you can hear, missed you on Dvorak Takes On The Crackers · · Score: 1

    This is true for almost everything that is supposed to run on "protected" host that is supposed to have insecure software at the same time. So Dvorak should be advised to put his "firewall" and his stories about corageously thwarted probes to his telnet and ident ports into the place that deserves them. Wait, isn't zdnet publication one of such places? Um.. nevermind.

  23. Re:Why can't Cisco et. al. on Dvorak Takes On The Crackers · · Score: 2

    IE...wouldn't DoS attacks become impossible if routers could be programmed with somethink like "if number of packets from A to B on port X > Y, drop connection A". Sorta like how most IRC servers have flood protection, IE...wouldn't DoS attacks become impossible if routers could be programmed with somethink like "if number of packets from A

    If this ever will be used, "reverse" DoS attacks will be rampant -- it will be enough to pretend that victim's address is trying to do something "bad" (and it will be easy because checks can't implement complex checks against spoofing because then they will become CPU-intensitive and will be a victims for DoS against them), and legitimate packets from that address will be blocked by "secure" router.

  24. Answers... on Jane's Intelligence Review Needs Your Help With Cyberterrorism · · Score: 2

    1. Using CT, how easy or otherwise is it to bring down or attack vital systems?

    This depends on the level/quality of security measures and goals of the attackers. "Attacks" against computers and networks most likely don't have a goal to perform actual destruction -- access to "enemy's" computers and networks is much more valuable for gathering information while those systems are considered to be secure rather than for performing actual acts of destruction and very likely exposing the insecurity. Well-known cases of successful unauthorized access to computers are more at the level of high-visibility pranks (defacing web pages, demonstrating the access to private information stored on some company's servers, etc.), and even though they can be used to threaten companies and governments, there is no evidence that it ever was done.

    However if the goal is to actually perform something destructive, the possibilities are abundant -- everything that is controlled by computers theoretically can be vulnerable to some kind of computer-based attack. The possibility of attack depends on the possible ways, computer and/or network can be accessed.

    2. What sort of skills would be needed to do so, and are they common/teachable?

    Basic skills are very common, and are available to every person with basic understanding of computers and networks. Pre-made scripts, kits, etc. (software-only) are widely available, and skills, necessary to apply them are at the "advanced computer user" level. Some of them are targeted for gaining unauthorized access to some kind of systems, some are designed to temporarily disable some functions (denial of service attacks) however none of them are specifically targeted to perform actual destruction of something in particular (phone systems, banks, military, etc.) -- some more advanced knowledge is required to actually perform an attack with noticeable consequences beyond the level of shutting random computers down, disabling parts of networks, disrupting email and file transfer services and gaining unauthorized access to various information.

    Skills necessary to design software for sophisticated attack, perform the attack while unknown obstacles are present, and establish monitoring of compromised systems or networks are less common, however still widespread. In most of cases they are at the college student level.

    Skills, necesary to establish an outside link from the closed network or standalone computer, with communication equipment present, are basic skills necessary for any work with computer/communication equipment, however it does not include the ability to perform those actions secretly.

    3. Commercial-off-the-shelf software: can it really do CT?

    Both commercial and noncommercial software can be used for all kinds of attacks. Software specifically designed to be used for such attacks is available as well as various kinds of security probes, monitoring software, etc. that are not specifically designed for such a goal yet can be used for it. However more important is that large amount of software that is used in various systems is vulnerable to attacks because of poor design, bugs or unrealistic expectation of secure environment, the software is supposed to work in.

    4. Which systems are actually attackable?

    Obviously, system that is not connected to any kind of communications is only vulnerable to the direct physical attack, and if physical access is gained, attack can't be stopped by any means other than disabling the access and recovering the system. However the goal of the physical access to that kind of computer may be to establish some kind of communications between those kinds of machines and something else instead of performing destructive actions or copying the data directly -- for example, by attaching some kind of communication equipment, by the use of existing but disabled equipment, etc. Usual physical security measures and restricted access to this kind of computers can prevent all kinds of physical attacks, and measures that restrict the use of communication equipment, shielding, etc. can prevent unauthorized links.

    Computers, connected to some closed local network (with no physical links outside the secure environment -- not systems that have networks with physical connections outside, restricted by some kind of firewalls or gateways), or have long console links are vulnerable to attacks that originate from within the network. The difference from true standalone system is that those networks already have large number of communication equipment working, and their size and accessibility allow more possibilities to establish "invisible" links. In most of cases there is some possibility to attach something that establishes this kind of link without bringing any additional equipment, and even in the case when external communications are severely restricted (no phone lines) it's possible to add some wireless device, powerline communications, etc.

    Computers, connected to some restricted local network (with connections outside, restricted by some kind of firewalls and gateways) are vulnerable to various kinds of attacks, originated both from within and from outside. Attack from outside may be started from using some service, accessible from outside for some reason, or from directly compromising a firewall, accessible from outside. Attack from inside can be everything mentioned above plus compromising firewall or installing some software or hardware that establishes connections from something outside by mimicking a legitimate use of the firewall, and attack from outside very likely can have a goal of installing a software of this kind. After firewall is compromised, this configuration can remain inactive for a long time without being detected by any reasonable means. The service, used for initial attack can be something innocent-looking enough to be allowed by the firewall and vulnerable enough to be used for its compromise -- email with vulnetable mailreaders, HTTP with vulnerable browsers, etc.

    Virus or trojan programs can be used for initial attack if the computing environment in such a network allows them to be viable.

    If a restricted network allows some computers outside to access some "privileged" services that can be used for an attack, those computers can be the initial target, and once compromised, can be used to access the restricted network even if the means for communications between those outside computers and restricted network are secure. If the means of access are in some way insecure, they can be attacked instead of computers with the goal of spoofing communications with those computers and gaining access on their behalf.

    Stand-alone computer with dial-out or dial-in modems, or closed local networks with such computers are in the same category as restricted local networks.

    Restricted network after the firewall compromise are either in the same state as unrestricted networks, or, most likely, unrestricted and compromised in some way.

    Computers, connected to unrestricted local networks or "directly to the Internet" (what is basically the same thing) can be vulnerable to various attacks, with vulnerability depending on the secure configuration of the Internet" (what is basically the same thing) can be vulnerable to various attacks, with vulnerability depending on the secure configuration of the system software and applications running on it. Vulnerabilities can be divided into two classes -- "local" and "remote". Local vulnerabilities allow various kinds of access to data and functions (up to absolute control of the system) to users that already have some restricted access to the system. Remote vulnerability allow users that have absolutely no access to the system except possibly the use of services, available to the "public" -- such as sending email to the system, accessing HTTP server, etc. to gain some access, and often absolute control of the system. Note that "local" in this case does not mean that user is physically present anywhere near the computer -- it means that user has to perform some action while logged into his account on the computer, as opposed to "remote" user that may have no accounts at all. Protection against attacks directed against such computers include proper configuration of security features, provided by applications and operating systems and disabling unnecessary or known to be vulnerable software and services.

    All kinds of computers, including ones that are connected to restricted or closed networks, should be protected against attacks of this kind, even if restrictions placed on the networks are supposed to prevent them. This is important because networks, despite being protected, often have large number of point of failures from the security standpoint, and attack may originate from within the network. Networks that have computers, using software known to lack security features, should have those computers separated from the rest into subnets, with firewalls, configured to prevent exposing those vulnerabilities to all other, even "friendly" computers.

    Networks can be compromised to allow an intruder to read, disable or spoof traffic through them, thus allowing the possibilities to attack computers attached to them. In general, once one computer or router is compromised, and attacker gained the complete control over it (root, administrator, etc), part of the network is compromised with it. In different network configurations such compromise may be limited to the traffic to/from the host, some local group of computers, local subnet, group of sumnets before some firewall, or the whole organization.

    Computer, connected to non-compromised local network or "directly to the Internet" is in most of cases more secure than computer, connected to compromised network, unless it uses unencrypted or poorly encrypted communications to pass sensitive data through parts of the network that can be compromised. Computer, connected to compromised network can remain secure if it only uses sufficiently encrypted communications, and does not depend on other computers that are already compromised.

    5. Can a recovery be made from such attacks?

    In most of cases once something is compromised, it can't be trusted until all potentially corrupted data/prograns are replaced. This means use of backups, loss of some data and potential risk of restoring compromised data.

    Recovery from denial of service attacks is easy however temporary, unless the vulnerability is eliminated.

    6. Is it likely to improve/get worse?

    With the increase of software quantity, lack of increase of software quality from security standpoint, vulnerability in general will increase. With the adoption of computers in various activities the possible harm from successful attack will increase.

    7. What sort of preventitive work would you recommend them to carry out?

    1. Competent sysadmins (with sufficient education to understand the threats, design and implement security measures for every particular situation -- this is beyond usual sysadmin training programs).

    2. Physical security and no-connection policy on standalone systems, use of secure software everywhere else, minimal configuration of users and services on all security-sensitive computers, use of sufficient encryption in all sensitive communications, separation of secure and insecure parts of the networks with minimal insecure traffic between them, distrust of any protection provided by firewalls except against minor denial-of-service problems, security-aware backups policy.

  25. Re:A few questions... on Exoatmospheric Kill Vechicle Test Successful · · Score: 1

    Well, if the objective is to deter wackos or accidental launches, then we won't NEED to deter a volley of missiles.

    Wackos most likely will use something other than ICBM to deliver a nuke, but even if they will, most likely missile will launch large number of fake targets simply because all missiles will have them.