A few people at a place I used to work abused the High priority setting. I had a rule to change the priority on e-mails from them. I really don't care a lot for most people's High priority flags. Most likely it is high priority for those people only, not for me, and not for the company.
The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message. That's no different than when I receive.exe's or.pif's or.scr's. So I am looking forward to an update to Outlook which automatically blocks.doc attachments.
Since I worked for a French company at the time, the entire executive staff triggered the virus and the entire company got spammed by it.
I have to ask: why is it relevant that the company was French, and in what way do you think that the fact, that it was French, make the executive staff more likely to trigger the virus?
Note: English is my third language, and I may just not have understood that particular sentence correctly. Also, I am not French or from anywhere closely associated with France, so my question is not due to hurt sensibilities or anything like that.
The Multi-ICE JTAG debugger from ARM is parallel port only. I recently had a colleague who had to buy a port replicator for his laptop just to get a parallel port to use with the Multi-ICE.
Sun Tzu - The Art of War (here) and Machiavelli - The Prince (here) are examples of books which have some applicability in the workplace of today. Both have the full texts available from the wikipedia links above.
When I went to school I was taught that the magnetic poles swap places once every 23,000 years, so I guess the NP (or should it be SP - who knows?) is just getting ready to leave.
At a customer site, an employee recently installed a backup program which included SQL server 2000. It took 10 minutes for it to become infected with Code Red.
If nothing has changed since AL Digital released the it on bugtraq, then the most serious issues only affect phones that have previously been paired with the attacking Bluetooth device.
This means that you have to have given the attacker access to privileged services at one point in time, and then deleted him.
If you had not deleted him, he would obviously still have access.
But it is the missing deletion that is the problem.
You should not pair your device with any devices except your own. Your PDA requires to be paired with your Phone, Laptop, and access point, so it can dial up, synch, and have LAN access etc. But you don't have to pair it to send your business card to somebody else. There is no reason to pair with Joe Hackers device. So for most of the cases described by AL Digital it is just a bad implementation which does not affect the majority of users.
For the rest of the cases it is also a bad implementation by Nokia and "possibly other manufacturers", it is not a vulnerability in the protocol.
Too many movies these days just show all the highlights in the trailers - so you've seen everything worth watching before you even pay for admission...
Now, which other industry whose trade association has almost the same acronym as MPAA, comes to mind when talking about a few good minutes, and the last hour or so is crap?
In this case, I would say that the claim you are referring to is mostly meaningless, as it uses appr. 15 lines of text to say the exact same thing as the words I copied from the abstract.
But of course, that is how these patent documents are worded. I myself have witnessed how a 1-page document in clear text was "encrypted" to 15 pages of lawyer gibberish.
SCO has said that they are afraid that if the lines are known, the problem will be fixed and they won't be able to sue any more.
Where have you seen that? - Following that logic it would mean that if you stole somebodys stereo, and gave it back some point later, then you would not have done anything illegal.
In Denmark we have had an empty media tax for a few years now.
On December 22nd the Danish Parliament ratified a law to make it illegal to make backup copies of digital media (such as CDs) if the media has any copy protection. This means that putting a green marker to a copy protected CD is illegal. - And this has happened even though a different law states that everybody is entitled to make backup copies of CDs.
Government thinking, an oxymoron if I ever heard one.
The Danish TV station TV2 did a similar show about a year ago. Check out missionen.tv2.dk. However, this was not to go to the ISS, but to win a trip on a Space Cruiser. (the site is old, and it looks not very well maintained)
I believe it is also being done on the Norwegian TV2 (no relation between the two).
"secure communications bandwidth"
"getting kicked over to unencrypted channels."
Since we are talking about communication over the air, it is done at one frequency or another. How can one frequency/channel be more secure than any other? If they have filled up all bandwidth at one frequency with secured comms from Afghanistan, why don't they use another frequency for the Balkan stuff where they also encrypt the communications?
It makes absolutely no sense to talk about "secure communications bandwidth".
Correct. The best rate is 768/56k. And that is the *BEST* rate, if there are no other users etc. With a DigiAnswer PC card, the best you can hope for is 115k on a Bluetooth LAN connection (why you ask? probably because it does it via some kind of virtual serial connection). And seriously, would you want to download 5GB on 768k, much less 115?
In.dk Ericsson had a MI Lab in 2001 which was a converted trailer. The sides of the trailer were able to move outwards, so the inner measures of the exhibition room were probably 4 by 8 metres or so. The entrance was in the rear. The side walls had small tables carrying laptops showing different techonologies. The front wall of the exhibition room had a huge LCD screen for demos. Obviously there was also room for a display of mobile phones. It was equipped with 802.11 WLAN, Bluetooth, GSM and GPRS simulators and lots of other exciting stuff. External connectivity was provided by WLAN to the nearest building/place with ISDN connections, depending on where the demo was held.
Exactly. And if you do your own chip, you can do whatever you want, so you can skip the bigger part of the HCI (the abstraction layer) and interface between your profile/presentation layer and the Link Manager and L2CAP layers.
As you said, the only reason you would want to mess with RS-232 is if you had an existing product that you wanted to Bluetooth-enable very easily.
Also: There is no specified physical transport for HCI, but USB and RS-232 are suggestions only.
Slashdot Mirror
A few people at a place I used to work abused the High priority setting. I had a rule to change the priority on e-mails from them.
I really don't care a lot for most people's High priority flags. Most likely it is high priority for those people only, not for me, and not for the company.
I have to ask: why is it relevant that the company was French, and in what way do you think that the fact, that it was French, make the executive staff more likely to trigger the virus?
Note: English is my third language, and I may just not have understood that particular sentence correctly. Also, I am not French or from anywhere closely associated with France, so my question is not due to hurt sensibilities or anything like that.
Not doing any embedded development, I presume?
The Multi-ICE JTAG debugger from ARM is parallel port only. I recently had a colleague who had to buy a port replicator for his laptop just to get a parallel port to use with the Multi-ICE.
Sun Tzu - The Art of War (here) and Machiavelli - The Prince (here) are examples of books which have some applicability in the workplace of today.
Both have the full texts available from the wikipedia links above.
The Mythical Man-Month by Frederik Brooks (clicky) has some very good insights which still hold true (the book was originally published in 1975).
When I went to school I was taught that the magnetic poles swap places once every 23,000 years, so I guess the NP (or should it be SP - who knows?) is just getting ready to leave.
nice going with the prior art thing
The article doesn't mention range at all. Its not hard if the range is 10 cm (4" for you imperialists out there).
At a customer site, an employee recently installed a backup program which included SQL server 2000. It took 10 minutes for it to become infected with Code Red.
If nothing has changed since AL Digital released the it on bugtraq, then the most serious issues only affect phones that have previously been paired with the attacking Bluetooth device.
This means that you have to have given the attacker access to privileged services at one point in time, and then deleted him.
If you had not deleted him, he would obviously still have access.
But it is the missing deletion that is the problem.
You should not pair your device with any devices except your own. Your PDA requires to be paired with your Phone, Laptop, and access point, so it can dial up, synch, and have LAN access etc. But you don't have to pair it to send your business card to somebody else. There is no reason to pair with Joe Hackers device. So for most of the cases described by AL Digital it is just a bad implementation which does not affect the majority of users.
For the rest of the cases it is also a bad implementation by Nokia and "possibly other manufacturers", it is not a vulnerability in the protocol.
Too many movies these days just show all the highlights in the trailers - so you've seen everything worth watching before you even pay for admission...
Now, which other industry whose trade association has almost the same acronym as MPAA, comes to mind when talking about a few good minutes, and the last hour or so is crap?
In this case, I would say that the claim you are referring to is mostly meaningless, as it uses appr. 15 lines of text to say the exact same thing as the words I copied from the abstract.
But of course, that is how these patent documents are worded. I myself have witnessed how a 1-page document in clear text was "encrypted" to 15 pages of lawyer gibberish.
The actual patent text is at uspto.gov.
It seems that IE is not the only browser that would be susceptible to a lawsuit.
From the abstract: ...(allowing a browser) to access and execute an embedded program object
SCO has said that they are afraid that if the lines are known, the problem will be fixed and they won't be able to sue any more.
Where have you seen that?
- Following that logic it would mean that if you stole somebodys stereo, and gave it back some point later, then you would not have done anything illegal.
... NOT.
In Denmark we have had an empty media tax for a few years now.
On December 22nd the Danish Parliament ratified a law to make it illegal to make backup copies of digital media (such as CDs) if the media has any copy protection. This means that putting a green marker to a copy protected CD is illegal. - And this has happened even though a different law states that everybody is entitled to make backup copies of CDs.
Government thinking, an oxymoron if I ever heard one.
I do believe that the protocol you run on top of Bluetooth is responsible for data encryption.
But I believe Bluetooth does have better authentication - including encrypted exchange of pairing and link keys - than WLAN.
The Danish TV station TV2 did a similar show about a year ago. Check out missionen.tv2.dk. However, this was not to go to the ISS, but to win a trip on a Space Cruiser. (the site is old, and it looks not very well maintained)
I believe it is also being done on the Norwegian TV2 (no relation between the two).
If the server only listens using ssl on port 443, is it also vulnerable. The worm description only describes port 80.
And what if everything on the https://server/ is password-protected using http basic authentication, is that vulnerable?
It makes absolutely no sense to talk about "secure communications bandwidth".
Correct. The best rate is 768/56k. And that is the *BEST* rate, if there are no other users etc.
With a DigiAnswer PC card, the best you can hope for is 115k on a Bluetooth LAN connection (why you ask? probably because it does it via some kind of virtual serial connection).
And seriously, would you want to download 5GB on 768k, much less 115?
oggenc? - Have a look at www.vorbis.com they have all the info you need for ripping, playing, encoding etc. into and out of the ogg format.
In .dk Ericsson had a MI Lab in 2001 which was a converted trailer.
The sides of the trailer were able to move outwards, so the inner measures of the exhibition room were probably 4 by 8 metres or so. The entrance was in the rear. The side walls had small tables carrying laptops showing different techonologies. The front wall of the exhibition room had a huge LCD screen for demos.
Obviously there was also room for a display of mobile phones.
It was equipped with 802.11 WLAN, Bluetooth, GSM and GPRS simulators and lots of other exciting stuff.
External connectivity was provided by WLAN to the nearest building/place with ISDN connections, depending on where the demo was held.
Exactly. And if you do your own chip, you can do whatever you want, so you can skip the bigger part of the HCI (the abstraction layer) and interface between your profile/presentation layer and the Link Manager and L2CAP layers.
As you said, the only reason you would want to mess with RS-232 is if you had an existing product that you wanted to Bluetooth-enable very easily.
Also: There is no specified physical transport for HCI, but USB and RS-232 are suggestions only.
So where is the bluetooth connectivity on this one?