Stop tring to act like BO actually breaks security. It runs as a background process. It accept connections on port 31337 I believe. It breaks almost as much security as a telnet daemon. The problem is it doesn't make ANY attempt to alert the user that it's running. Windows provides many methods for any application to do this. If you wanted to write an application/daemon in Linux that would be invisible, it would be just as easy. Sure you could run ps, but it's easy enough to make the process name appear to be "in.telnetd" or some such thing. And Windows has process viewers too..
If the people at cDc were really interested in MS beefing up security, they would release the "exploits" BO uses to vendors, instead of every script kiddie in the world. When a exploit arises in Linux, the responsible person doesn't write a program to make it easier to run, s/he writes a patch for it. The people who write exploits are just as bad as script kiddies. Don't try to argue that.
You can all argue that DefCon is not a cracker confrence, but who will believe you? Your best arguement is that "well we've changed the definition of hacker/cracker, so of course it isn't!!".. Sorry if this apears to be a flame, but some of the posts I've seen today are pretty rediculous..
BO was from the start intended to be a trojan. The user is not alerted that the "tool" is installed on his/her system. They are never alterted that it has started sucessfully at boot. They aren't even told it's filename. No one using this tool ever tells the user that their system has this wonderful *cough* tool, or that they are using it. The original BO doesn't even run on NT, which is where this "tool" would generally be used more then 9x....
I read something on that. It said that the UDMA/66 didn't run at full speed very often.. It wasn't much of an improvement over regular ATA IDE (20 MBPS). And it boggs down the processor some... We've got UDMA/33 on most new machines. That actually runs at 33 MBPS. UW SCSI II runs over 80 MBPS. If you see something saying we're faster then SCSI, this is only true of older SCSI [SCSI I, SCSI II (not ultra wide)].
"There has been no official statement from Rome... "
This is very signifigant. Unless there is an official statement from Rome, this is just a rumor. I'm not saying it won't happen.. I'm just saying that it's not definite yet. At all.
The problem with birth control is that it separates sex from the act of creating new life. This goes against natural law. This is also the problem with homosexual relations (note: the Church doesn't say homosexual inclinations are evil, it says homosexual relations are wrong). This is ALSO the problem with abortion.. Please don't try to tell me that you honestly think sex was intended for pleasure (that just happens to be a wonderful side effect:). -- A practicing Roman Catholic
When someone asks me if I can "hack" (read: crack), I tell them "not what you call hacking". It seems to me that the definition of hacking has 3 meanings (to the computer related world that is).
1) Someone who uses their computer to solve problems, write great code, save the world, etc. etc. etc.
2) Someone who seeks information illegally (see also systems cracker)
3) Someone who breaks things (see also script kiddie, newbie, LeEt0,...)
My definition is the first. People try to justify the second, but the problem is, _even if you want the information there are legal ways to get it_. You cannot justify breaking a law. Breaking into someone's system is a computer crime. If you think the law is unjust, _CHANGE_ it. Isn't that what's so great about America? We have freedoms, that includes the freedom to change an unjust law. The problem is it won't get changed.. Because it would open a million loop holes for script kiddies.
So many people seem to think that getting root on someone else's computer just to "explore the system" or "gain information" or "gain expirience/education) is OK. There's no harm done in exploring the system, but if you want to do that, ask the sys admin nicely. If he still doesn't let you then too bad. Explore your own system. If you want information, there are legal ways of getting it. If you still can't do it legally, then they have their right to privacy. As to the third, are you going to put on your resume "I can break into any system!! I've r00t3d 31337 boxes!!" Will that get you into college? or any job? Will it get you respect (that's worth having)? Learn on your own system, it's usually better then learning on someone elses. (Note that you will never know everything about your system. But trying to is fun;)
The third definition is usually justified by saying it's "fun" or "I wanted revenge". It's a thrill, sure, that doesn't make it OK. And revenge is never a good excuse..
Well.. these are just my thoughts on the whole ordeal. I never have to say I'm a hacker. There's too much red tape. If someone asks me I just try to explain to them "what I do is probably not what you call hacking", and then I explain what I do, and the difference between hacking and cracking.
"Hackers solve problems, crackers create them"
"Being able to break security doesn't make you a hacker anymore then being able to hot wire a car makes you an automotive engineer" --ESR, Hacker-HOWTO
The limitation is placed by ext2fs, which is a 32 bit FS. SGI is going to open source XFS soon though, and that is a 64 bit journaling FS, and it will probably (hopefully?) be incorporated into Linux.
It's not the newbies on AOL who do spamming.. The newbies don't know what spam is (they just know how to get annoyed when their AOL mail box has 100 messages inviting them to porn sites), let alone what USENET is, let alone how to spam... It's the "AOL Script Kiddies"... They aren't REALLY script kiddies.. But they're AOL's equivalant. The unfortunate thing is that there are a lot of them, but they aren't AOL.
Telling someone that you shouldn't do this doesn't stop them from doing this. The people that do this are doing it for the wonderful 15 cents a click. They don't care that it bothers someone or it's wrong.. They care about themselves..
If you're going to ban AOL from USENET, ban every ISP that has a few script kiddies who spam it too.
I don't think it's that the schools don't WANT to teach you how to program.. I think it's that they don't have properly trained staff to do it.. Think about it.. If you're a CS major, are you going to take 20-40k a year teaching at a high school, or will you go for 300k a year as a consultant?
Let's assume that the test will be "rigged" so that NT wins. The reason I say we assume this is because of the Mindcraft credibitily issues that many people have pointed out in previous posts.
The Linux community has to come back and provide patches within the next month or so to improve Linux in the area's it lost in. Then we go out and say, "Look at us!! In but a month we've improved the flaws/bugs/Bad Things in our OS. Let's see NT do that." I belive that we can do this. I've been lead to believe that this is the strength of Linux and Open Source in general..
Basically, if Linux loses, we have to do our best to let the general public know that it lost, but here's why it lost. And here's how we fixed it.
Refusing to cooperate with this test would be DISASTEROUS.. We don't even have a *chance* of winning in that case.
Slashdot Mirror
I'm not sure if it's sadder that you really see this on AOL, or that everyone on Slashdot appears to think that this what everyone on AOL is like..
Stop tring to act like BO actually breaks security. It runs as a background process. It accept connections on port 31337 I believe. It breaks almost as much security as a telnet daemon. The problem is it doesn't make ANY attempt to alert the user that it's running. Windows provides many methods for any application to do this. If you wanted to write an application/daemon in Linux that would be invisible, it would be just as easy. Sure you could run ps, but it's easy enough to make the process name appear to be "in.telnetd" or some such thing. And Windows has process viewers too..
If the people at cDc were really interested in MS beefing up security, they would release the "exploits" BO uses to vendors, instead of every script kiddie in the world. When a exploit arises in Linux, the responsible person doesn't write a program to make it easier to run, s/he writes a patch for it. The people who write exploits are just as bad as script kiddies. Don't try to argue that.
You can all argue that DefCon is not a cracker confrence, but who will believe you? Your best arguement is that "well we've changed the definition of hacker/cracker, so of course it isn't!!".. Sorry if this apears to be a flame, but some of the posts I've seen today are pretty rediculous..
BO was from the start intended to be a trojan. The user is not alerted that the "tool" is installed on his/her system. They are never alterted that it has started sucessfully at boot. They aren't even told it's filename. No one using this tool ever tells the user that their system has this wonderful *cough* tool, or that they are using it. The original BO doesn't even run on NT, which is where this "tool" would generally be used more then 9x....
Think about what you're saying..
Linux can :)
Use the GPM (if you want to copy and paste with X, just set up X to use the GPM as a repeater.. It's all in the docs)
I read something on that. It said that the UDMA/66 didn't run at full speed very often.. It wasn't much of an improvement over regular ATA IDE (20 MBPS). And it boggs down the processor some... We've got UDMA/33 on most new machines. That actually runs at 33 MBPS. UW SCSI II runs over 80 MBPS. If you see something saying we're faster then SCSI, this is only true of older SCSI [SCSI I, SCSI II (not ultra wide)].
There was a Windows 2.0 too.
"There has been no official statement from Rome ... "
This is very signifigant. Unless there is an official statement from Rome, this is just a rumor. I'm not saying it won't happen.. I'm just saying that it's not definite yet. At all.
Actually the patron saint of students is St. Joseph Coupertino (spelling?)
The problem with birth control is that it separates sex from the act of creating new life. This goes against natural law. This is also the problem with homosexual relations (note: the Church doesn't say homosexual inclinations are evil, it says homosexual relations are wrong). This is ALSO the problem with abortion.. Please don't try to tell me that you honestly think sex was intended for pleasure (that just happens to be a wonderful side effect :). -- A practicing Roman Catholic
Bravo :)
My older brother's live in AZ. One of them couldn't afford AC. It wasn't fun in the summer, but they survived. (They have AC now though)
When someone asks me if I can "hack" (read: crack), I tell them "not what you call hacking". It seems to me that the definition of hacking has 3 meanings (to the computer related world that is).
...)
;)
1) Someone who uses their computer to solve problems, write great code, save the world, etc. etc. etc.
2) Someone who seeks information illegally (see also systems cracker)
3) Someone who breaks things (see also script kiddie, newbie, LeEt0,
My definition is the first. People try to justify the second, but the problem is, _even if you want the information there are legal ways to get it_.
You cannot justify breaking a law. Breaking into someone's system is a computer crime. If you think the law is unjust, _CHANGE_ it. Isn't that what's so great about America? We have freedoms, that includes the freedom to change an unjust law. The problem is it won't get changed.. Because it would open a million loop holes for script kiddies.
So many people seem to think that getting root on someone else's computer just to "explore the system" or "gain information" or "gain expirience/education) is OK.
There's no harm done in exploring the system, but if you want to do that, ask the sys admin nicely. If he still doesn't let you then too bad. Explore your own system.
If you want information, there are legal ways of getting it. If you still can't do it legally, then they have their right to privacy.
As to the third, are you going to put on your resume "I can break into any system!! I've r00t3d 31337 boxes!!" Will that get you into college? or any job? Will it get you respect (that's worth having)? Learn on your own system, it's usually better then learning on someone elses. (Note that you will never know everything about your system. But trying to is fun
The third definition is usually justified by saying it's "fun" or "I wanted revenge". It's a thrill, sure, that doesn't make it OK. And revenge is never a good excuse..
Well.. these are just my thoughts on the whole ordeal. I never have to say I'm a hacker. There's too much red tape. If someone asks me I just try to explain to them "what I do is probably not what you call hacking", and then I explain what I do, and the difference between hacking and cracking.
"Hackers solve problems, crackers create them"
"Being able to break security doesn't make you a hacker anymore then being able to hot wire a car makes you an automotive engineer"
--ESR, Hacker-HOWTO
The limitation is placed by ext2fs, which is a 32 bit FS. SGI is going to open source XFS soon though, and that is a 64 bit journaling FS, and it will probably (hopefully?) be incorporated into Linux.
It's not the newbies on AOL who do spamming.. The newbies don't know what spam is (they just know how to get annoyed when their AOL mail box has 100 messages inviting them to porn sites), let alone what USENET is, let alone how to spam... It's the "AOL Script Kiddies"... They aren't REALLY script kiddies.. But they're AOL's equivalant. The unfortunate thing is that there are a lot of them, but they aren't AOL.
Telling someone that you shouldn't do this doesn't stop them from doing this. The people that do this are doing it for the wonderful 15 cents a click. They don't care that it bothers someone or it's wrong.. They care about themselves..
If you're going to ban AOL from USENET, ban every ISP that has a few script kiddies who spam it too.
I don't think it's that the schools don't WANT to teach you how to program.. I think it's that they don't have properly trained staff to do it.. Think about it.. If you're a CS major, are you going to take 20-40k a year teaching at a high school, or will you go for 300k a year as a consultant?
Let's assume that the test will be "rigged" so that NT wins. The reason I say we assume this is because of the Mindcraft credibitily issues that many people have pointed out in previous posts.
:)
The Linux community has to come back and provide patches within the next month or so to improve Linux in the area's it lost in. Then we go out and say, "Look at us!! In but a month we've improved the flaws/bugs/Bad Things in our OS. Let's see NT do that." I belive that we can do this. I've been lead to believe that this is the strength of Linux and Open Source in general..
Basically, if Linux loses, we have to do our best to let the general public know that it lost, but here's why it lost. And here's how we fixed it.
Refusing to cooperate with this test would be DISASTEROUS.. We don't even have a *chance* of winning in that case.
These, of course, are just my opnions