Since before the days of divx SP has been distributed via the net. I've got copies of the original real audio/video files from the first season when that was the only way to get em. Shotgunning 56k's ftw.
Even a properly configured Port secure network could be attacked. Supposing the location has a high degree of security, only allows user level access to workstations and has auto lockout on screensaver on every workstation. Just presuming perfect, or nearly perfect, physical security on the user access side. The users still having a common vlan...
Presuming the above and having 2 open network drops to shove a pocket system onto.
For instance, physical access attacker: Nic 1 listens for arp from the target and responds on Nic 1. It spoofs up the requests through Nic 2 to the gateway.
It never has to say it's got any other addresses. Point of fact it doesn't respond to arp requests whatsoever until it sees the target traffic.
We all know this is not the way of things in reality. Very few locations have this degree of security. But given enough forethought an attacker can get in.
What most likely will happen is an attacker will use some XSS vulnerability or a browser flaw and get the user to install the tap on their own system.
Just to make sure Samba gets credit where samba is due... They wrote the spec, not Microsoft. If it weren't for them CIFS wouldn't exist as it does today. MSFT embraced and extended as always.
Does that mean if people connect to a honeypot WAP, get their credentials sniffed, personal information compromised and their system exploited the owner of the honeypot could sue them too?
I'd rather schools spend money on tubas and cello's than on Windows. Besides teaching kids linux doesn't make a lick of sense. Teaching kids how to solve their own problems... well that will help them with every topic, not just computers. What better environment to teach that then Linux, where all (or nearly all) you need to know is at your fingertips without needing incredibly expensive software (for the most part) and all the headaches that come with managing hardware/windows zombie machines.
IMO (as a former Sys admin for a large school district for many years): Dumb terminals on centralized hardware for 80% of students (pick your *nix) for the other 20% purpose built systems (desktop publishing, video production, school administration, etc.)
Use the "right" (read: required) software in places where absolutely necessary, and use free*nix everywhere else. One exception to this might be RHEL as it's nearly free at $50 a site license.
Still, schools have to think about money just as much as anyone else. In reality, gaining 70-100 large in MS Licensing you don't have to pay yearly is nice start.
I was just thinking the same thing, only it would be even greater justice if you could find multiple nodes and have them attack each other.
As far as the control of the C&C goes my guess is they have a passive way of identifying their boxen. (Likely DNS related.) Crack that, and someone will use the DDoS functionality for endless fun.
Ahh the bot dilemma. A good bot will be able to follow your tendencies and play against them. Don't believe me? Ever play Any console fighting games on super hard modes? We had the tech to do that in the 90's imagine what is available to an enterprising person or (business for that matter.)
Don't throw something out because you don't understand it. nLite can be a very powerful tool in business to do the things you need to get done with a very nice pricetag. I've seen nlite do wonders for thousands of systems to streamline automated deployments.
What nLite did to windows in that instance the user TOLD nLite to do to windows.
This is not the first time airport security has made a stupid determination that benign gadgets are a threat to the security of others. (See Steve Mann's encounter with airport security.) Breadboards are inside all sorts of consumer electronics, laptops etc. Someone could build an IED inside a digital camera (that still worked!) and get it through airport security uninhibited. This individual had it on their person where a logo goes, similar to other devices available for public consumption (see thinkgeek: t-qualizer mentioned in other posts) and they go ape shit.
Water bottles, fingernail clippers and geek art will get you detained at Airport security. Sounds like the stuff that people can really do damage with have been curtailed. Good job America, mission accomplished.
Civil: #1 is closer than #2 but only by 2 percentage points.
In most civil trials the plaintiff only has to prove a preponderance of evidence. Which (kind of) equates to about 51% or greater possibility of the argument being true.
The day that happens is the day millions start downloading the next best thing *BSD.
The greatest thing about free software is it works a bit like efficient single cell organisms. It replicates and forks so damn fast that their slow moving competitors are consumed quickly. Hell there are software applications that ride on top of the monolithic piles of garbage that tens of millions are using because it is better and free. (Firefox etc)
The development is by the people for the people, not by the pocketbook, for the pocketbook.
The old way of software development is still thundering along, but that doesn't mean the petri dishes aren't spawning on their own at an incredible rate. The thing the Microsofts of the world are failing to see is free information is a positive feedback loop. The more of it there is, the easier it is to learn, recreate, and recombine it into solutions.
If Linux has to go underground it'll be to the detriment of society but another will take it's place. We've already learned the lessons and doing it a second time is often better than the first anyways./rant
So why not do away with artificially propped up labels and artists and over marketed crap altogether? How many thousands of leisure products (books, movies, albums) get produced that end up getting recycled at best, or landfilled at worst? Let em fail if they aren't worth listening to.
Art for arts sake is a dead concept for most of the crap I end up chucking in the bin after 10minutes/50 pages/2 tracks. How much bubblegum can the world actually chew?
It needn't actually escalate right away, it need only steal the password and use it to authenticate later (or to re-use the tried and true *nix login fake prompt again to re-request after "failing" to get the right password)
Slashdot Mirror
Bad for Nintendo, bad for consumers, and good for intrepid jackasses.
To Nintendo: Produce more Wiis.
To Consumers: Pay Retail.
To jackasses: Die a fiery death.
Maybe they should do this: That way they know if they break the boot.ini again... fsking brilliant.
Next they'll contract a russian ISP and put the torrent up on one of their trackers...
Since before the days of divx SP has been distributed via the net. I've got copies of the original real audio/video files from the first season when that was the only way to get em. Shotgunning 56k's ftw.
Ahh those were the days.
Well if anybody would know they would.
Even a properly configured Port secure network could be attacked.
Supposing the location has a high degree of security, only allows user level access to workstations and has auto lockout on screensaver on every workstation. Just presuming perfect, or nearly perfect, physical security on the user access side. The users still having a common vlan...
Presuming the above and having 2 open network drops to shove a pocket system onto.
For instance, physical access attacker:
Nic 1 listens for arp from the target and responds on Nic 1. It spoofs up the requests through Nic 2 to the gateway.
It never has to say it's got any other addresses. Point of fact it doesn't respond to arp requests whatsoever until it sees the target traffic.
We all know this is not the way of things in reality. Very few locations have this degree of security. But given enough forethought an attacker can get in.
What most likely will happen is an attacker will use some XSS vulnerability or a browser flaw and get the user to install the tap on their own system.
Just some basic understanding of the networking stack. You can easily arp spoof to create a MITM attack against users on a common subnet.
http://www.watchguard.com/infocenter/editorial/135324.asp
Just to make sure Samba gets credit where samba is due... They wrote the spec, not Microsoft. If it weren't for them CIFS wouldn't exist as it does today. MSFT embraced and extended as always.
Only laptops make up 40% of corporate use, and I only see it increasing. A DMZ per laptop maybe, or you're just infecting other laptops.
Does that mean if people connect to a honeypot WAP, get their credentials sniffed, personal information compromised and their system exploited the owner of the honeypot could sue them too?
I'm in the wrong business...
I'd rather schools spend money on tubas and cello's than on Windows. Besides teaching kids linux doesn't make a lick of sense. Teaching kids how to solve their own problems... well that will help them with every topic, not just computers. What better environment to teach that then Linux, where all (or nearly all) you need to know is at your fingertips without needing incredibly expensive software (for the most part) and all the headaches that come with managing hardware/windows zombie machines.
IMO (as a former Sys admin for a large school district for many years):
Dumb terminals on centralized hardware for 80% of students (pick your *nix) for the other 20% purpose built systems (desktop publishing, video production, school administration, etc.)
Use the "right" (read: required) software in places where absolutely necessary, and use free*nix everywhere else. One exception to this might be RHEL as it's nearly free at $50 a site license.
Still, schools have to think about money just as much as anyone else. In reality, gaining 70-100 large in MS Licensing you don't have to pay yearly is nice start.
I was just thinking the same thing, only it would be even greater justice if you could find multiple nodes and have them attack each other.
As far as the control of the C&C goes my guess is they have a passive way of identifying their boxen. (Likely DNS related.) Crack that, and someone will use the DDoS functionality for endless fun.
Ahh the bot dilemma. A good bot will be able to follow your tendencies and play against them. Don't believe me? Ever play Any console fighting games on super hard modes? We had the tech to do that in the 90's imagine what is available to an enterprising person or (business for that matter.)
Mod parent insightful.
Christ. The awful bit is it's true.
The sad thing is the reviews on Pricegrabber all read like a merchandising catalog description of the product.
Don't throw something out because you don't understand it. nLite can be a very powerful tool in business to do the things you need to get done with a very nice pricetag. I've seen nlite do wonders for thousands of systems to streamline automated deployments.
What nLite did to windows in that instance the user TOLD nLite to do to windows.
This is not the first time airport security has made a stupid determination that benign gadgets are a threat to the security of others. (See Steve Mann's encounter with airport security.) Breadboards are inside all sorts of consumer electronics, laptops etc. Someone could build an IED inside a digital camera (that still worked!) and get it through airport security uninhibited. This individual had it on their person where a logo goes, similar to other devices available for public consumption (see thinkgeek: t-qualizer mentioned in other posts) and they go ape shit.
Water bottles, fingernail clippers and geek art will get you detained at Airport security. Sounds like the stuff that people can really do damage with have been curtailed. Good job America, mission accomplished.
Depends on the court, in the states:
Criminal: #2
Civil: #1 is closer than #2 but only by 2 percentage points.
In most civil trials the plaintiff only has to prove a preponderance of evidence. Which (kind of) equates to about 51% or greater possibility of the argument being true.
IANAL etc...
If Fark is any indication, initial tests in Florida seem to be going well.
The day that happens is the day millions start downloading the next best thing *BSD.
/rant
The greatest thing about free software is it works a bit like efficient single cell organisms. It replicates and forks so damn fast that their slow moving competitors are consumed quickly. Hell there are software applications that ride on top of the monolithic piles of garbage that tens of millions are using because it is better and free. (Firefox etc)
The development is by the people for the people, not by the pocketbook, for the pocketbook.
The old way of software development is still thundering along, but that doesn't mean the petri dishes aren't spawning on their own at an incredible rate. The thing the Microsofts of the world are failing to see is free information is a positive feedback loop. The more of it there is, the easier it is to learn, recreate, and recombine it into solutions.
If Linux has to go underground it'll be to the detriment of society but another will take it's place. We've already learned the lessons and doing it a second time is often better than the first anyways.
The industry doesn't lose it, the brick and mortar store eats the loss.
It makes you wonder how much faster xorg could appear if it booted up async as windows does.
So why not do away with artificially propped up labels and artists and over marketed crap altogether? How many thousands of leisure products (books, movies, albums) get produced that end up getting recycled at best, or landfilled at worst? Let em fail if they aren't worth listening to.
Art for arts sake is a dead concept for most of the crap I end up chucking in the bin after 10minutes/50 pages/2 tracks. How much bubblegum can the world actually chew?
It needn't actually escalate right away, it need only steal the password and use it to authenticate later (or to re-use the tried and true *nix login fake prompt again to re-request after "failing" to get the right password)