Earlier this year, USA Today reported that Bin Laden was using stegnography to disguise his communications.
In other new, Osama bin Laden has unilaterally agreed to stop sending encrypted messages, in advance of forthcoming legislation U.S. legislation restricting cryptography. When approached for a quote, bin Laden quipped, "I no longer wish to be secretive in my communications, from here on, I vow to only Exchange pictures of beautiful American women with my friends in the United States.
AMD clawed its way up on the merits of its products and zero OEM arrangements. In some ways, not having OEM arrangements is good, since computer manufacturers bully their suppliers down to razor thin margins. NVidia's increasing support for AMD should push things along in the end-user/gaming market, and the new multi-processor chipsets are helping AMD crack a market they've hardly touched - the server market.
The plants they are closing are their oldest plants, and coincide with a reduction in output that has been seen throughout the sector. It is even possible that it was becoming increasing difficult to find current products that these fabs were capable of producing.
This isn't the end of AMD, it just means they won't be posting earnings of 50 cents a share each quarter for a while. Intel's feeling the same crunch, and AMD's still got some decent cash reserves.
Is there a single [sic] IdeaLab! company that is worth the paper its stock certificates are written on? Overpriced domain names resold from the Tuvalo Islands (.tv)? Selling tickets to events with a $7 surcharge (TicketMaster.com)? NetZero? Cooking.com? It sounds to me like money send to this company will end up going to the class-action lawyers that bring the shareholder lawsuit when this company goes down in flames.
For example, if you have Office licenses for ALL yoru PCs (many companies do) but realize that your coders don't really NEED Office - its just for browsing stuff sent from mgmt - you may start looking into alternatives, either StarOffice or even simple doc readers and then cut your licensing WAY back - this who fiasco will either vastly increase IT costs for companies (and thus costs to us the consumers) or will blow up in Microsofts face as companies finally throw up their hands and tell MS to GTH.
Alternately, Microsoft will sue the creators of the document readers, contending that they are a means of circumventing encryption. M$ will then promptly begin selling Office reader licenses for $150 a pop and raise full featured Office prices even higher.
MS has shown time and again they don't mind screwing people into upgrading. If you search on their web site long enough to find their advice on how to read an Office 2k document under Office 97, they tell you that no enhancement to your Office is needed - simply ask the sender to convert it to Office97 format and re-send it.
In other words - upgrade, or else we will force you to hassle your clients/co-workers and make you look unpofessional.
The fact here is that the lawmakers who are bringing this up don't understand what they're talking about. If they did, they'd realize that by providing a backdoor, you make cracking the backdoor the goal, not cracking the encryption head on. If they think they can keep our data secure by keeping the backdoor algorithm to themselves, they're mistaken (De-CSS).
The truth is, the people this legislation is targeted at will resort to other methods or ignore the law outright. Steganography looks just like standard data except to the sender and receiver. Meanwhile, the rest of us get our mail read. I'm going to get really pissed the first time someone gets prosecuted for sending an email to a friend saying "I downloaded off of Gnutella the other day." THAT is a search without probable cause, but they're already searching, so they might as well use what they find, right?
If you're of the opinion that Microsoft or any of their products suck, why would you use FrontPage in the first place?
And especially, if you're going to use any Microsoft product, why would you use FrontPage? Do you LIKE your HTML source full of   and <font> tags for every single line of code?
Look at the other "polls" that Americans participate in with their hard-earned money:
In the music world, Britney Spears and 'N Sync are two of the top selling acts these days.
In the movie world, people pumped over $100 million dollars to see Jurassic Park 3.
The most broadly used internet service is AOL.
It should be quite obvious that Americans' answers to "polls" are a combination of whatever garbage and FUD has been fed to them by the media and whatever they've seen advertised the most.
Elias Levy, or Aleph1 is the bugtraq moderator one of the most important security mailing list of the world.
UnderLinux : In a general focus what is more secure Gnu/Linux or OpenBSD ? Or other OS ?
Aleph1 : That is a pointless question without some context. For example, certainly the OpenBSD folks have done an incredible job creating a secure and stable operating system - an effort that should be emulated by others - but the application you are looking to run many not be supported under it. The most secure OS depends on your requirements.
Even with OpenBSD's success the UNIX security model is very simplistic. You can certainly write secure applications - see qmail and postfix for examples - but they require a lot of effort. Linux is interesting because the are so many groups exploring alternative security models: privileges, acls, subdomain, SELinux, etc.
UnderLinux Team.
NT had potential. It has an interesting security model, but the legacy code, insecure defaults, complexity, and lack of security savvy by application programmers used to the Windows and DOS world have left it with a rather bad track record.
You must also take into account how well the people administrating the system knows the technology. You can have the most secure OS but if its misconfigured it will be useless. Conversely, a good admin is capable to hardening a sloppy OS.
UnderLinux: One time surfing on the web I see this phrase : "Wanna defeat hackers..think like a hacker.. work like a security expert". What you think about this ?
Aleph1 : A cliche, but a valid one. When creating defensive security technologies you must test them by attempting to defeat them before others do. Therefore you do not only require a defensive mindset but also an offensive one. Not only that but you must be better and more through than the ones you are defensing from. As a defender you must find and fix all possible avenues of attack. As an attacker you must only find and exploit one.
UnderLinux: Can you tell us something about the book Hackers Exposed ?
Aleph1 : I believe you mean Hacking Exposed. Its a good book. I recommend it. It does a good job at describing the methodology of penetrations. Its a technical book that shows you how to use the tools available for the job. Sadly this means that is likely to become outdated after a while. Luckily the publisher seems to be doing a good job at keeping it up to date. A second edition is out. Nonetheless, the basic techniques it teaches are independent of specific technologies.
UnderLinux : Nowadays what kind of documents and programs cause you more expectative and interest ?
Aleph1:Those that make it difficult for people to shoot themselves in the foot. Security today is to fragile. Take for example buffer overflows. While we can place great efforts into teaching people how to avoid buffer overflows in languages such as C it is likely they will introduce them into their programs anyway. It makes more sense from a security perspective to replace the language with one that makes buffer overflows difficult.
Similarly I am interested in areas that help you encapsulate knowledge about computer security and help users do the right thing instead of letting them guess what is the right thing. For example, configuring a firewall correctly can be quite complicated and the are many nuances. We need to make it easier for folks to configure securely.
UnderLinux: Do you think that problems like spoofing and DDoS will be defeat in the next 10 years ? Can you preview any solution for this problems ?
Aleph1:I believe we'll find and deploy ways to mitigate them but not to do away with them. Denials of service and inherent in any finite system. The Internet architecture has made them even easier by its lack of authentication and resource allocation. In the future we'll have mechanism that make detecting and tracking network based denials of service easier. It's likely that some areas of the Internet will support resource allocation which will minimize some of the DoS effects.
UnderLinux : What suggestions you can give to whom that wanna be a security expert ?
Aleph1:Do a broad survey of the security landscape. They are many areas of interest out there. After you've gained a general understanding of the security world select an area you'd like to specialize in. Repeat ad infinitum. Bonus point of standing back after a while and trying to find ways to fit all the pieces together into a coherent and interoperable whole.
I submitted an "Ask Slashdot" the other day on this very topic, suggesting that in this war, the battle need not even be fought by the military. If the script kiddies can be coerced to use their "skillz" against a common enemy, the possibilities are boundless.
What could this "different kind of war" be:
Shut down the power grid in Kabul immediately before the first bombing.
Interception of secure terrorist communications
Turn their own military technology against them
How can the random hacker help:
Exploit hotmail security holes to monitor for terrorist activity
Execute DoS attacks against Afghani web sites
Target virii at the.af domain space
My favorite - transfer $4 million from Usama bin Laden's bank account to the American Red Cross
While some of his work has perceptual errors, these are few. The rest of it is pure gold.
Perceptual errors are in the eye of the beholder. My perception is that businesses will generally embrace open source software that meets their needs, but we'll be hard pressed to ever see widespread, corporate sponsored, open source development. Companies will use it when it's free, but development costs money, and they're not going to spend their money on something on of their competitors could pick up and use.
Isn't Bluetooth the loser in the wireless wars? I though 802.11(?) was the one that looks like it'll succeed.
Different technologies, different uses....
Bluetooth is low power, lightweight, and suitable for embedding in almost any device (if you ignore the technical problems it has had).
802.11b is more robust and high speed, but has higher power requirements. For many applications, wi-fi is overkill - like using a firewire port for a mouse.
I don't know whether to be glad that Tolkien is finally being given proper attention in the mainstream or concerned about the wave of commercialism that is about to engulf his work.
It's going to be disturbing when kids start getting nine-fingered Frodo action figures in their happy meals...
Traffic in cities would also drown out most of the noise, he suggests.
Right. And I would suggest he's wrong. Traffic might still be the prevailing noise, but I sincerely doubt that the sound signals are such that the sum of the sounds will be the same as the traffic by itself. It may not be overtly noticable, but this would increase the baseline noise in the city.
As someone else called it, this is a racket: most every Slashdot review does this.
I'm not saying it's a racket - they have every right to get some cash for the massive amounts of time/cash/bandwidth they put into letting us use this site for free. I just found it amusing,
Read between the links...
on
XML in a Nutshell
·
· Score: 2, Informative
Take information you want to store and sandwich it between <{name}> and </{name}> where {name} describes the information in between. Mimic the structure of the data, and sprinkle in <{name} otherData="{neatStuff}"> every once in a while. Congratulations, that's XML.
Online donations that work
on
More WTC News
·
· Score: 2, Informative
Amazon.com has an online donations page set up so you can give up to $100 from the comfort of your desk (using the patented one-click method if you like). Unlike the Red Cross site, which is severely overloaded, Amazon's page is quite quick. Donations through Amazon alone are already at nearly $2.4 million, and you can refresh the page to watch them climb.
And here comes Carnivore...
on
More WTC News
·
· Score: 5, Insightful
(No Mega Man yet, but after the last couple of Mega Mans, are you sure you want it?)
And how about Super Smash Brothers (which will have Pit from Kid Icarus and the Ice Climbers!) and Crazy Taxi and SSX Tricky for those of you who missed them on the PS2/Dreamcast.
Great original titles plus the killer app titles from other consoles should make for quite a success.
"Kiddy" or not, gameplay and unique franchises count, and in the current platform market, Nintendo's got my vote (to sit next to my PS2).
Slashdot Mirror
Earlier this year, USA Today reported that Bin Laden was using stegnography to disguise his communications.
In other new, Osama bin Laden has unilaterally agreed to stop sending encrypted messages, in advance of forthcoming legislation U.S. legislation restricting cryptography. When approached for a quote, bin Laden quipped, "I no longer wish to be secretive in my communications, from here on, I vow to only Exchange pictures of beautiful American women with my friends in the United States.
AMD clawed its way up on the merits of its products and zero OEM arrangements. In some ways, not having OEM arrangements is good, since computer manufacturers bully their suppliers down to razor thin margins. NVidia's increasing support for AMD should push things along in the end-user/gaming market, and the new multi-processor chipsets are helping AMD crack a market they've hardly touched - the server market.
The plants they are closing are their oldest plants, and coincide with a reduction in output that has been seen throughout the sector. It is even possible that it was becoming increasing difficult to find current products that these fabs were capable of producing.
This isn't the end of AMD, it just means they won't be posting earnings of 50 cents a share each quarter for a while. Intel's feeling the same crunch, and AMD's still got some decent cash reserves.
Is there a single [sic] IdeaLab! company that is worth the paper its stock certificates are written on? Overpriced domain names resold from the Tuvalo Islands (.tv)? Selling tickets to events with a $7 surcharge (TicketMaster.com)? NetZero? Cooking.com? It sounds to me like money send to this company will end up going to the class-action lawyers that bring the shareholder lawsuit when this company goes down in flames.
For example, if you have Office licenses for ALL yoru PCs (many companies do) but realize that your coders don't really NEED Office - its just for browsing stuff sent from mgmt - you may start looking into alternatives, either StarOffice or even simple doc readers and then cut your licensing WAY back - this who fiasco will either vastly increase IT costs for companies (and thus costs to us the consumers) or will blow up in Microsofts face as companies finally throw up their hands and tell MS to GTH.
Alternately, Microsoft will sue the creators of the document readers, contending that they are a means of circumventing encryption. M$ will then promptly begin selling Office reader licenses for $150 a pop and raise full featured Office prices even higher.
MS has shown time and again they don't mind screwing people into upgrading. If you search on their web site long enough to find their advice on how to read an Office 2k document under Office 97, they tell you that no enhancement to your Office is needed - simply ask the sender to convert it to Office97 format and re-send it.
In other words - upgrade, or else we will force you to hassle your clients/co-workers and make you look unpofessional.
Remember:
If you outlaw crypto, only outlaws will have crypto.
The fact here is that the lawmakers who are bringing this up don't understand what they're talking about. If they did, they'd realize that by providing a backdoor, you make cracking the backdoor the goal, not cracking the encryption head on. If they think they can keep our data secure by keeping the backdoor algorithm to themselves, they're mistaken (De-CSS).
The truth is, the people this legislation is targeted at will resort to other methods or ignore the law outright. Steganography looks just like standard data except to the sender and receiver. Meanwhile, the rest of us get our mail read. I'm going to get really pissed the first time someone gets prosecuted for sending an email to a friend saying "I downloaded off of Gnutella the other day." THAT is a search without probable cause, but they're already searching, so they might as well use what they find, right?
Uh oh... they might have their license revoked by Microsoft. That error message looks a bit disparaging.
If you're of the opinion that Microsoft or any of their products suck, why would you use FrontPage in the first place?
And especially, if you're going to use any Microsoft product, why would you use FrontPage? Do you LIKE your HTML source full of   and <font> tags for every single line of code?
Look at the other "polls" that Americans participate in with their hard-earned money:
In the music world, Britney Spears and 'N Sync are two of the top selling acts these days.
In the movie world, people pumped over $100 million dollars to see Jurassic Park 3.
The most broadly used internet service is AOL.
It should be quite obvious that Americans' answers to "polls" are a combination of whatever garbage and FUD has been fed to them by the media and whatever they've seen advertised the most.
Elias Levy, or Aleph1 is the bugtraq moderator one of the most important security mailing list of the world.
UnderLinux : In a general focus what is more secure Gnu/Linux or OpenBSD ? Or other OS ?
Aleph1 : That is a pointless question without some context. For example, certainly the OpenBSD folks have done an incredible job creating a secure and stable operating system - an effort that should be emulated by others - but the application you are looking to run many not be supported under it. The most secure OS depends on your requirements.
Even with OpenBSD's success the UNIX security model is very simplistic. You can certainly write secure applications - see qmail and postfix for examples - but they require a lot of effort. Linux is interesting because the are so many groups exploring alternative security models: privileges, acls, subdomain, SELinux, etc.
UnderLinux Team.
NT had potential. It has an interesting security model, but the legacy code, insecure defaults, complexity, and lack of security savvy by application programmers used to the Windows and DOS world have left it with a rather bad track record.
You must also take into account how well the people administrating the system knows the technology. You can have the most secure OS but if its misconfigured it will be useless. Conversely, a good admin is capable to hardening a sloppy OS.
UnderLinux: One time surfing on the web I see this phrase : "Wanna defeat hackers..think like a hacker.. work like a security expert". What you think about this ?
Aleph1 : A cliche, but a valid one. When creating defensive security technologies you must test them by attempting to defeat them before others do. Therefore you do not only require a defensive mindset but also an offensive one. Not only that but you must be better and more through than the ones you are defensing from. As a defender you must find and fix all possible avenues of attack. As an attacker you must only find and exploit one.
UnderLinux: Can you tell us something about the book Hackers Exposed ?
Aleph1 : I believe you mean Hacking Exposed. Its a good book. I recommend it. It does a good job at describing the methodology of penetrations. Its a technical book that shows you how to use the tools available for the job. Sadly this means that is likely to become outdated after a while. Luckily the publisher seems to be doing a good job at keeping it up to date. A second edition is out. Nonetheless, the basic techniques it teaches are independent of specific technologies.
UnderLinux : Nowadays what kind of documents and programs cause you more expectative and interest ?
Aleph1:Those that make it difficult for people to shoot themselves in the foot. Security today is to fragile. Take for example buffer overflows. While we can place great efforts into teaching people how to avoid buffer overflows in languages such as C it is likely they will introduce them into their programs anyway. It makes more sense from a security perspective to replace the language with one that makes buffer overflows difficult.
Similarly I am interested in areas that help you encapsulate knowledge about computer security and help users do the right thing instead of letting them guess what is the right thing. For example, configuring a firewall correctly can be quite complicated and the are many nuances. We need to make it easier for folks to configure securely.
UnderLinux: Do you think that problems like spoofing and DDoS will be defeat in the next 10 years ? Can you preview any solution for this problems ?
Aleph1:I believe we'll find and deploy ways to mitigate them but not to do away with them. Denials of service and inherent in any finite system. The Internet architecture has made them even easier by its lack of authentication and resource allocation. In the future we'll have mechanism that make detecting and tracking network based denials of service easier. It's likely that some areas of the Internet will support resource allocation which will minimize some of the DoS effects.
UnderLinux : What suggestions you can give to whom that wanna be a security expert ?
Aleph1:Do a broad survey of the security landscape. They are many areas of interest out there. After you've gained a general understanding of the security world select an area you'd like to specialize in. Repeat ad infinitum. Bonus point of standing back after a while and trying to find ways to fit all the pieces together into a coherent and interoperable whole.
You could always color coordinate with purple ketchup.
What could this "different kind of war" be:
Shut down the power grid in Kabul immediately before the first bombing.
Interception of secure terrorist communications
Turn their own military technology against them
How can the random hacker help:
Exploit hotmail security holes to monitor for terrorist activity
Execute DoS attacks against Afghani web sites
Target virii at the .af domain space
My favorite - transfer $4 million from Usama bin Laden's bank account to the American Red Cross
More info from F-secure about the virus
While some of his work has perceptual errors, these are few. The rest of it is pure gold.
Perceptual errors are in the eye of the beholder. My perception is that businesses will generally embrace open source software that meets their needs, but we'll be hard pressed to ever see widespread, corporate sponsored, open source development. Companies will use it when it's free, but development costs money, and they're not going to spend their money on something on of their competitors could pick up and use.
Then again, this could be my perceptual error....
Isn't Bluetooth the loser in the wireless wars? I though 802.11(?) was the one that looks like it'll succeed.
Different technologies, different uses....
Bluetooth is low power, lightweight, and suitable for embedding in almost any device (if you ignore the technical problems it has had).
802.11b is more robust and high speed, but has higher power requirements. For many applications, wi-fi is overkill - like using a firewire port for a mouse.
It's going to be disturbing when kids start getting nine-fingered Frodo action figures in their happy meals...
You know this proposal's gone the moment GreenPeace realizes what happens to pigeons when they get near this thing...
Traffic in cities would also drown out most of the noise, he suggests.
Right. And I would suggest he's wrong. Traffic might still be the prevailing noise, but I sincerely doubt that the sound signals are such that the sum of the sounds will be the same as the traffic by itself. It may not be overtly noticable, but this would increase the baseline noise in the city.
The Code Red virus saves a rainforest when idiots opening attachments trigger the massive forwarding of an environmentalist email petition?
I'm not saying it's a racket - they have every right to get some cash for the massive amounts of time/cash/bandwidth they put into letting us use this site for free. I just found it amusing,
You can purchase this book at Fatbrain.
a sp ?theisbn=0596000588&from=MJF138
The link:
http://www1.fatbrain.com/asp/bookinfo/bookinfo.
Not a bad idea - using a slashdot posting to drive sales through a referral link. I'll be back later - I'm off to find some books to review...
Take information you want to store and sandwich it between <{name}> and </{name}> where {name} describes the information in between. Mimic the structure of the data, and sprinkle in <{name} otherData="{neatStuff}"> every once in a while. Congratulations, that's XML.
Amazon.com has an online donations page set up so you can give up to $100 from the comfort of your desk (using the patented one-click method if you like). Unlike the Red Cross site, which is severely overloaded, Amazon's page is quite quick. Donations through Amazon alone are already at nearly $2.4 million, and you can refresh the page to watch them climb.
Apparently ISP's are allowing the installation of Carnivore. They say it's only for a few days, but we'll see how long that claim holds up...
Okay.
Metroid
Zelda (in motion)
(No Mega Man yet, but after the last couple of Mega Mans, are you sure you want it?)
And how about Super Smash Brothers (which will have Pit from Kid Icarus and the Ice Climbers!) and Crazy Taxi and SSX Tricky for those of you who missed them on the PS2/Dreamcast.
Great original titles plus the killer app titles from other consoles should make for quite a success.
"Kiddy" or not, gameplay and unique franchises count, and in the current platform market, Nintendo's got my vote (to sit next to my PS2).