Re:For me, its the optical zoom ability
on
Beyond Megapixels
·
· Score: 1
This is a good point that most people don't realize. In a low light situation you should zooming your lens to the focal length that has the widest aperature. Typically this is zooming out to 1X or more. With more light coming into the camera you will get a faster shutter speed and less camera shake. Camera shake is what blurs low light pictures and absolutely trashes resolution. Also with a wider aperature the camera will use a lower ISO resulting in less noise.
So next time you are taking a low light picture, like an aligator in the shade and too far away for flash, try 1X zoom and crop later. You end up with more resolution in the final picture.
Mudge from the L0pht talked about taking down the internet in 30 minutes with a router DoS attack in front of the US Senate in May 1998. Privately the L0pht told NIPC that this could be done with a BGP TCP reset attack. L0pht said it could be mitigated by doing ingress/egress filtering but that ISPs were to lazy and cheap to do it.
In Aug 1998, RFC 2385 came out with protection of BGP with MD5 signatures. Using MD5 sigs will defeat this attack.
This is a well known issue with well known solutions. If the infrastructure is at risk it is because ISPs haven't been doing their job and following best practices.
There are plenty of RFID tags in the workplace. Many are made by HID: http://www.hidcorp.com/
Most readers are set to read when the tags are a few inches away but there is nothing stopping reading these at a much greater distance as used in fast lane toll booths.
I think it is a faulty assumption to say that closed source vendors are not publishing code because it would lower security. Closed source vendors were not publishing code long before security became an issue. They don't publish the source because they do not want others to replicate or interface with their technology easily.
Obscurity can help a systems security but it cannot be relied upon. Diffie knows this. This is why NSA does not publish the crypto algorithms that they use. They certainly don't rely on this obscurity however.
Running SSH on a non-standard port is obscurity. It does not replace keeping up to date on patches. It can however help keep your system from being compromized if a fast moving SSH worm were to take off. It will give a bit of time to get the patch in place.
Any piece of software will benefit from a dedicated security audit whether it is closed or open source. If we want software to be more secure we should be demanding that publishers audit the code before foisting it out on the world whether open or closed source. If all closed source vendors actually did this and fixed the problems there is no doubt in my mind that closed source software would be more secure. I am not holding my breath however.
Vulnwatch is an independant, non-corporate owned vulnerability disclosure list that has been in operation since summer, 2001. The list has over 4000 subscribers.
The list is moderated by Rain Forest Puppy, Steve Manzuik and me.
It is a disclosure only list. No discussions. Security bulletins from vendors are only approved if they add new information.
The idea is low noise and only fresh information. List information is available at www.vulnwatch.org.
Don't believe everything you read in The Register. Especially don't believe everything that Gweeds says that The Register prints. The L0pht testified to the senate at the request of Senator Thompson. We didn't even know who NIPC was. It was only formed a couple months before we testified.
We never believed in a criminal solution to government security problems. Our testimony recommended software vendors fixing their products not to increase the number of cybercops or to increase penalties.
If you find out that the homes in your neighborhood are getting broken into because there are no locks on the doors do you hire more cops or do you make sure people have locks. It is common sense.
So NIPC was formed before we testified and you are blaming us for it? Did you read our testimony? It was not FUD. It was actual vulnerabilities that we knew about. I hope you are not suggesting that we had published how to take down the internet in 30 minutes.
I got a rebate form rejected because I didn't fill in an office phone number. They sent me a letter telling me I didn't complete the form and I needed to fill in the office number. I called them at the support number listed on the rejection letter. A woman looked up my file and reiterated the reason I didn't qualify. I then told her I didn't have an office number. She said OK and that next time I should write in NONE. Well they sent the check after that.
Yet another reason to just move off of BIND to
djbdns. Why go to all this trouble to be a part of a secure remediation
organization when you can switch away from a product that obviously NEEDS
a remediation strategy? I would rather use technology that has been
written from scratch with security in mind and has a track record to show
for it.
I think organizations like this lull people into the perception that if we
can just remediate fast and secretly enough we are safe from the latent
vulnerabilities that exist in the critical technolgies we use. This is a
huge trend in the industry with all these secret groups: IT-ISAC,
Infragard, etc.
What happens when it isn't a company that acts responsibly that finds the
next BIND problem? What happens if it is a person or organization with
malicious intent and they post the details publically? How is the secure
remediation group going to help?
My post to bugtraq should explain our position. We are committed to full disclosure. We are choosing to publish on our web site. Remember we are not the vendor. We do this as a free service to the security community. Sounds like people waiting line a long line for free beer that the dispensers aren't doing an adequate job.
-weld
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit.
We are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. We have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. We need many was to mitigate vulnerabilities because there are many environments.
The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.
What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. We think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. We have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. We may even set up our own notification list if there is a demand for that.
We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. We pride ourselves in publishing our research on an academic level and always have. This will not change.
DMCA is just the US law that implements the WIPO Copyright Treaty which the US is a signatory to. All other countries that as signatories have laws banning the reverse engineering of content protection mechanisms. Here is the list from www.wipo.org:
Argentina, Austria, Belarus, Belgium, Bolivia, Burkina Faso, Canada, Chile, Colombia, Costa Rica, Croatia, Denmark, Ecuador, Estonia, Finland, France, Germany, Ghana, Greece, Hungary, Indonesia, Ireland, Israel, Italy, Kazakhstan, Kenya, Kyrgyzstan, Luxembourg, Mexico, Monaco, Mongolia, Namibia, Netherlands, Nigeria, Panama, Portugal, Republic of Moldova, Romania, Senegal, Slovakia, Slovenia, South Africa, Spain, Sweden, Switzerland, Togo, United Kingdom, United States of America, Uruguay, Venezuela, European Communities (51).
So if you live in one of these countries you cannot reverse engineer content protectionisms either.
Microsoft has a habit of backdating alot of its technical articles. It is hard to tell if this is because the article existed internally for a while before it was released (most likely), whether it was a mistake, or whether they are trying to be sneaky. I have seen security problems reported to them that cause a technical article to appear publically with a date weeks in the past.
The Microsoft Specification was only made available in a format which could only be viewed on a Windows OS since it was a WIN32.exe. Linux users who downloaded the file and wished to view it should be able to reverse engineer the format in order to get the "document" to be viewed on the platform they owned.
Reverse engineering to interoperate with other software is not illegal under the DMCA. Writing a program for Linux which took the Microsoft.exe and displayed it in ASCII text without the silly click button EULA should be perfectly legal even under DMCA.
I agree that l0phtcrack is just like a crowbar. Use it to commit a crime and it is a burglary tool. But then so is a floppy disk and laptop for that matter. However, there have been cases where employees have been fired merely for POSSESSION of l0phtcrack. Some companies have policies that forbid employees to posses "hacking tools". My question is where does good secure admining end and hacking tools begin? weld@l0pht.com
If you think we do what we do to prove how smart we are then you have clearly missed the point.
I am just happy that we have documented vulnerabilities in the infrastructure and let the people who run the infrastructure know. The public also has a right to know so we tell the press.
We did not go into details about taking down the net in 30 minutes because we don't all need another script kiddie attack. See we can't win. If we tell the world how to do it we are just bad guys enabling malicious hackers. If we don't tell the world we are just clueless boasters.
If anyone is seriously interested in this topic I suggest learning the BGP routing protocol paying close attention to the authentications mechanisms or lack thereof. Then study the network topology of the backbone provider interconnection points (the NAPs and MAEs). Then learn how to craft your own packets with a library like libnet. Then do some long nights of experimenting (on your own equipments of course).
If you don't want to do all that work yourself you are going to have to trust us.:-) Remember, things never work like they are supposed to. If they did there wouldn't be nearly so much hacking!
If eToys.com is REALLY interested in kids getting confused they should change their name. They did not do due dilligence when they picked their online retailer name. They picked a name 1 character away from a name that was already in use. The shareholders of eToys.com should suffer because their management team made a mistake. Why should an already established web site suffer for the blunders of a jonny com lately company onto the net. Makes me sick. -weld
Over the past 3 months there have only been 3 original articles on Antionline not written by JP himself. No articles in October or November at all. Where has the Antionline staff gone to? Are they defecting or just busy with more important things?
You are a complete ass. You should know that 411 is not an area code. Have you ever had a discussion whith Emmanuel? Where do you get the notion that he only has the vaguest idea of what hacking is? Puhleeeze.
The hacking community is more than just bit twiddlers and buffer overflow experts. That's neat but so is communicating the problems with current technology to the masses. Emmanuel has his best skills in this area. I don't see anyone else in the hacking community publishing a print journal (excpet maybe blacklisted 411) or holding a radio talk show. These are efforts to go beyond publishing on web sites and security mailing lists where it would be preaching to the choir.
You are an ass. Too many slashdot posters of are of the mindset. "What do I want to say sucks today?" It is really pathetic.
Like it or not print media still enjoys the highest protection of first amendments rights. 2600 Magazine pushes the limits when it comes to distributing information about how critical parts of the world we take for granted runs or is vulnerable.
It isn't the best magazine. It is not the bible. It is information for hackers written by hackers. It is certainly higher quality than most of the postings I have read here deriding it.
It is amazing the comments and speculation from people who have no idea about what is in the show except for a couple of sound bites.
Here is a link to the Press Release I put up on the L0pht web site which should give a better discription of the contents of the show.
L0pht was interviewed and we tried to describe what hacking really is. We specifically told MTV that it wasn't downloading a scanner someone else wrote, then looking up a sploit on rootshell and running a script.
I haven't seen the show so I don't know how much of what we said made it in. I will reserve my judgement of the show until I at least see it.
-weld
For a cool article in the NY Times about real hackers look here.
Slashdot Mirror
This is a good point that most people don't realize. In a low light situation you should zooming your lens to the focal length that has the widest aperature. Typically this is zooming out to 1X or more. With more light coming into the camera you will get a faster shutter speed and less camera shake. Camera shake is what blurs low light pictures and absolutely trashes resolution. Also with a wider aperature the camera will use a lower ISO resulting in less noise.
So next time you are taking a low light picture, like an aligator in the shade and too far away for flash, try 1X zoom and crop later. You end up with more resolution in the final picture.
-weld
In Aug 1998, RFC 2385 came out with protection of BGP with MD5 signatures. Using MD5 sigs will defeat this attack.
This is a well known issue with well known solutions. If the infrastructure is at risk it is because ISPs haven't been doing their job and following best practices.
-weld
Vulnerabilities in security products, especially those making outrageous claims, need to be exposed.
excerpt from NAI ePolicy Orchestrator Format String Vulnerability
"When deploying new security products within the enterprise, organizations should understand the risks that new security solutions may introduce."
-weld
There are plenty of RFID tags in the workplace. Many are made by HID: http://www.hidcorp.com/
Most readers are set to read when the tags are a few inches away but there is nothing stopping reading these at a much greater distance as used in fast lane toll booths.
-weld
Obscurity can help a systems security but it cannot be relied upon. Diffie knows this. This is why NSA does not publish the crypto algorithms that they use. They certainly don't rely on this obscurity however.
Running SSH on a non-standard port is obscurity. It does not replace keeping up to date on patches. It can however help keep your system from being compromized if a fast moving SSH worm were to take off. It will give a bit of time to get the patch in place.
Any piece of software will benefit from a dedicated security audit whether it is closed or open source. If we want software to be more secure we should be demanding that publishers audit the code before foisting it out on the world whether open or closed source. If all closed source vendors actually did this and fixed the problems there is no doubt in my mind that closed source software would be more secure. I am not holding my breath however.
-weld
The list is moderated by Rain Forest Puppy, Steve Manzuik and me.
It is a disclosure only list. No discussions. Security bulletins from vendors are only approved if they add new information.
The idea is low noise and only fresh information. List information is available at www.vulnwatch.org.
-weld
We never believed in a criminal solution to government security problems. Our testimony recommended software vendors fixing their products not to increase the number of cybercops or to increase penalties.
If you find out that the homes in your neighborhood are getting broken into because there are no locks on the doors do you hire more cops or do you make sure people have locks. It is common sense.
So NIPC was formed before we testified and you are blaming us for it? Did you read our testimony? It was not FUD. It was actual vulnerabilities that we knew about. I hope you are not suggesting that we had published how to take down the internet in 30 minutes.
-weld
What use is doing anything once you take away honor and adventure? They are part of the whole.
I got a rebate form rejected because I didn't fill in an office phone number. They sent me a letter telling me I didn't complete the form and I needed to fill in the office number. I called them at the support number listed on the rejection letter. A woman looked up my file and reiterated the reason I didn't qualify. I then told her I didn't have an office number. She said OK and that next time I should write in NONE. Well they sent the check after that.
-weld
Yet another reason to just move off of BIND to
djbdns. Why go to all this trouble to be a part of a secure remediation
organization when you can switch away from a product that obviously NEEDS
a remediation strategy? I would rather use technology that has been
written from scratch with security in mind and has a track record to show
for it.
I think organizations like this lull people into the perception that if we
can just remediate fast and secretly enough we are safe from the latent
vulnerabilities that exist in the critical technolgies we use. This is a
huge trend in the industry with all these secret groups: IT-ISAC,
Infragard, etc.
What happens when it isn't a company that acts responsibly that finds the
next BIND problem? What happens if it is a person or organization with
malicious intent and they post the details publically? How is the secure
remediation group going to help?
-weld
My post to bugtraq should explain our position. We are committed to full disclosure. We are choosing to publish on our web site. Remember we are not the vendor. We do this as a free service to the security community. Sounds like people waiting line a long line for free beer that the dispensers aren't doing an adequate job.
v 1q e2RtlSn7gAoOzg
-weld
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit.
We are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. We have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. We need many was to mitigate vulnerabilities because there are many environments.
The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.
What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. We think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. We have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. We may even set up our own notification list if there is a demand for that.
We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. We pride ourselves in publishing our research on an academic level and always have. This will not change.
weld
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
iQA/AwUBOjfpbaKvhX2AQSGyEQL27gCeKYX8tX++ormy4c/
C9aiKSrI694BEHvkh8uRE+mn
=MyCw
-----END PGP SIGNATURE-----
DMCA is just the US law that implements the WIPO Copyright Treaty which the US is a signatory to. All other countries that as signatories have laws banning the reverse engineering of content protection mechanisms. Here is the list from www.wipo.org:
Argentina, Austria, Belarus, Belgium, Bolivia, Burkina Faso, Canada, Chile, Colombia, Costa Rica, Croatia, Denmark, Ecuador, Estonia, Finland, France, Germany, Ghana, Greece, Hungary, Indonesia, Ireland, Israel, Italy, Kazakhstan, Kenya, Kyrgyzstan, Luxembourg, Mexico, Monaco, Mongolia, Namibia, Netherlands, Nigeria, Panama, Portugal, Republic of Moldova, Romania, Senegal, Slovakia, Slovenia, South Africa, Spain, Sweden, Switzerland, Togo, United Kingdom, United States of America, Uruguay, Venezuela, European Communities (51).
So if you live in one of these countries you cannot reverse engineer content protectionisms either.
-weld
Who said our arguments ever needed enhancing. :-)
-weld
there is a faq at www.crq.com/faq.html You can also order a free one from their site if you give them your address. -weld
Microsoft has a habit of backdating alot of its technical articles. It is hard to tell if this is because the article existed internally for a while before it was released (most likely), whether it was a mistake, or whether they are trying to be sneaky. I have seen security problems reported to them that cause a technical article to appear publically with a date weeks in the past.
-weld
The Microsoft Specification was only made available in a format which could only be viewed on a Windows OS since it was a WIN32
Reverse engineering to interoperate with other software is not illegal under the DMCA. Writing a program for Linux which took the Microsoft
-weld
I agree that l0phtcrack is just like a crowbar. Use it to commit a crime and it is a burglary tool. But then so is a floppy disk and laptop for that matter. However, there have been cases where employees have been fired merely for POSSESSION of l0phtcrack. Some companies have policies that forbid employees to posses "hacking tools". My question is where does good secure admining end and hacking tools begin? weld@l0pht.com
It is worth noting that the Bush site is the only major canditate running his site on NT. It is also the only site that got defaced. weld@l0pht.com
I am just happy that we have documented vulnerabilities in the infrastructure and let the people who run the infrastructure know. The public also has a right to know so we tell the press.
weld@l0pht.com
If anyone is seriously interested in this topic I suggest learning the BGP routing protocol paying close attention to the authentications mechanisms or lack thereof. Then study the network topology of the backbone provider interconnection points (the NAPs and MAEs). Then learn how to craft your own packets with a library like libnet. Then do some long nights of experimenting (on your own equipments of course).
If you don't want to do all that work yourself you are going to have to trust us. :-) Remember, things never work like they are supposed to. If they did there wouldn't be nearly so much hacking!
weld@l0pht.com
If eToys.com is REALLY interested in kids getting confused they should change their name. They did not do due dilligence when they picked their online retailer name. They picked a name 1 character away from a name that was already in use. The shareholders of eToys.com should suffer because their management team made a mistake. Why should an already established web site suffer for the blunders of a jonny com lately company onto the net. Makes me sick. -weld
Over the past 3 months there have only been 3 original articles on Antionline not written by JP himself. No articles in October or November at all. Where has the Antionline staff gone to? Are they defecting or just busy with more important things?
-weld
You are a complete ass. You should know that 411 is not an area code. Have you ever had a discussion whith Emmanuel? Where do you get the notion that he only has the vaguest idea of what hacking is? Puhleeeze.
The hacking community is more than just bit twiddlers and buffer overflow experts. That's neat but so is communicating the problems with current technology to the masses. Emmanuel has his best skills in this area. I don't see anyone else in the hacking community publishing a print journal (excpet maybe blacklisted 411) or holding a radio talk show. These are efforts to go beyond publishing on web sites and security mailing lists where it would be preaching to the choir.
-weld
You are an ass. Too many slashdot posters of are of the mindset. "What do I want to say sucks today?" It is really pathetic.
Like it or not print media still enjoys the highest protection of first amendments rights. 2600 Magazine pushes the limits when it comes to distributing information about how critical parts of the world we take for granted runs or is vulnerable.
It isn't the best magazine. It is not the bible. It is information for hackers written by hackers. It is certainly higher quality than most of the postings I have read here deriding it.
-weld
It is amazing the comments and speculation from people who have no idea about what is in the show except for a couple of sound bites.
Here is a link to the Press Release I put up on the L0pht web site which should give a better discription of the contents of the show.
L0pht was interviewed and we tried to describe what hacking really is. We specifically told MTV that it wasn't downloading a scanner someone else wrote, then looking up a sploit on rootshell and running a script.
I haven't seen the show so I don't know how much of what we said made it in. I will reserve my judgement of the show until I at least see it.
-weld
For a cool article in the NY Times about real hackers look here.