This is just boilerplate and not worth worrying about; when I used Bastille to harden my Red Hat 6.2 box I let it install a pretty much identical motd. People do it because there is a slight possibility that the warning could make it easier to litigate if you could ever actually prove an attempt to crack your box.
Using RSA authentication doesn't help, since you have to enter a password to access the key stored on B. This password will be sent one character at a time from A to B. This multihop ssh-ing is a common practice
Anyone at A who stores their key on B is asking for trouble, ssh clients are perfectly capable of making the trip back to A to use your key for authenticating the connection between B and C. (or C and D, or D and E, etc.)
This "turn computer" proved useful 50 years later, when Edward Teller asked me, in hindsight, to investigate whether a humane high-altitude "demonstration" detonation of an atomic bomb over Tokyo Bay would have been feasible. The higher the detonation altitude, the less time the B-29 would have for turning away from the impending shock wave.
OK this sounds scientifically correct - but what was the actual answer to Mr. Teller's question?
Why all these stories of folks with Windows workstations who didn't even know they were running IIS and were surprised to be told they had code red etc. etc.
NT4 requires you get a copy of the "Option Pack" CD before you can install IIS. W2K Pro needs you to re-insert the CD after you installed the OS and click on yes-I-want-IIS. Both pretty hard to do by mistake.
Sometimes I chat, VC, swap config files, patches, jokes, trivia, URLs, etc. with the bloke who lives across the road from me. It's only a 45-second short walk to go see him but sometimes it's late or raining or we're busy. There's no super-duper gnutellas napsters freenets or mojos, we just interact using Netmeeting or pscp or something. This is what _I_ call p2p.... will someone tell me there's something wrong here? (Maybe if I shout across to him that should be illegal too.) Supposing I e-mail him instead, now we have at least one server - I don't think this makes it better or worse. BTW we don't even live in the USA and it's scary having all those people there always trying to dream up Internet Laws to stop us doing stuff.
...says at least one of these points will be at someone's nuclear missile bunker, or secret submarine pen, or in the middle of the Pentagon, or something (Now try photographing that)
In some countries (like the UK where I am) it is not at all automatic that an employer owns the IPR in work produced by an employee during contracted hours. A few years back many employers here were obliged to issue amendments to contracts in favour of employees, removing the "we own you, your work, and your mother" clauses.
Which is mostly a Good Thing to me, although unfortunately it has led to complications such as companies discovering they didn't actually own the copyright to the content on their own websites...
How come we are all so busy explaining how SDMI or anyone else has no chance in the universe of ever getting a watermark system to work.
When we're wearing our other hats (you know the ones with the "Yes Sir I Can Keep Evil Gubmint Snoopers Out Of My E-Mail" logo) aren't we all completely sure that hiding stego messages inside pictures is a really great idea? Isn't it the same thing?
No they will use your new American "digital signature" law. As far as I can determine this does not actually refer to digital signatures as we understand them (X.509 or PGP certificates) but rather "click here, OK you just legally signed this."
So look out for some sort of simple gizmo, or maybe it'll get incorporated into a point-of-sale credit card PIN system or whatever. ("For your protection" of course.)
I would like to know why Amazon needs all this password stuff anyway. If I go into a physical bookshop and buy a book using my credit card they don't get me into convolutions about password assignment, future mailings opt-out, or whatever. I just pay, walk out onto the street with my book, and that's it.
Of course without the password system the "1-click-purchase" thing would not work next time (if there was a next time.) However I don't actually care about that I just want my book.
Britain and the US are collaborating to fund an ex-USSR biological warfare station to wipe out opium poppies (news story here.)
Supposedly they have developed a genetically engineered fungus that kills the plants; of course what everyone wants to know is "so when you release it can it mutate into a MIR-eating monster?".... looks like maybe it already did.
You can do this, I use my Nokia 9110 phone all the time for telnet and vnc into our systems at work. Also has an SSL-capable browser, IMAP4 and POP3 clients, ftp,.wav recorder, etc.
Precisely - we chose Interbase at work because of the transaction capability (and stored procedures.) But there are plenty of packages which I would really like to use except they only support MySQL.
The downside of using Interbase is that so far we haven't implemented anything to which the features mentioned above are remotely important, plus it's much harder to use; for example loading a csv file into your DB is simple with MySQL but just try that with Interbase...
Attack Microsoft if you want to, maybe you have a point and maybe not. But I think at least they deserve people to look at their whole record not just how they seemed to be at the end of the 20th century.
During the 70's and 80's I worked for "computer" companies with management so dumb that if it had been left to them everyone would today still be using wooden calculators. Microsoft beat those companies because they were smarter and also(gasp) even cared slightly about what end users actually wanted. Believe me, without Microsoft (OK, and others) breaking up the cosy mainframe world of ten or fifteen years back we would not have the present luxury of the commodity computer market to put cheap iron at our fingertips.
I remember DOS 4.10, OS/2 v1, Windows 1 and 2, and plenty of other products into which Microsoft put money and effort for no obvious reward. When they finally got it right you can't blame them for exploiting that to the hilt and beyond.
Although since now by anyone's reckoning they've had their ROI they could certainly move over and let Open Source see how it likes sitting in the driving seat:-)
- why do people go to college - what should they do when they are there - how do we measure if they're doing it right
I've been saving for years to finance my kids college fees, it's starting to look as though they can stay home and use their net connection instead. (I shall blow their college money on a sports car with a long red bonnet/hood.)
I'm running ZoneAlarm personal firewall from www.zonelabs.com and if I attempt to make a search I get an error like this:
ZoneAlarm has blocked an incoming request to your computer. This could indicate that an unauthorized party is trying to gain access to it, or obtain information about your network.
Information Received: Name Packet sent from 204.71.176.40 (TCP Port 5900) to -.-.-.- (TCP Port 46944) was blocked Status Dropped Source IP Address 204.71.176.40 Destination IP Address -.-.-.- Source Port 5900 Destination Port 46944 Link Layer Protocol 1 Network Layer Protocol 1 Transport Layer Protocol 2 Count 1 Status Code 100002 Lock Level 0 Security Information 0,1,0,2 Operating System Windows NT-5.0.2195--SP (flames, save 'em) Product ZoneAlarm ProductVersion 2.0.26 Language 0809 State Find Code 13
I've been a (boot-camp) CNE for ten years or so, and more recently am a self-taught MCSE : the company I work for also has its own relatively minor certification system. This has given me a lot of opportunity to observe vendor certification programs from both sides of the fence and overall I have to agree they are not all they're supposed to be.
Really I think vendors see them as marketing opportunities, especially if you can convince your dealer channel that they have to have some number of certified folk on staff before they can resell your product. Plus IMO the markup on education materials can be very attractive. Then again, the qualifications are portable so if it helps someone get a better job who am I to complain.
I guess we've all seen the fully-certified people who don't know anything, but there are also plenty that are pretty smart. My personal opinion is that it's down to individuals in the end, just like any other way of measuring knowledge and experience.
I have to say that one good thing about studying for certification is that it forces you to explore the boring parts of an OS as well as whatever you personally find more interesting... this has saved my bacon on numerous occasions. And self-teach is definitely the best method, running thin ethernet around my house for hands-on practice taught me a lot about enterprise stuff in miniature; I'm fairly sure I would have missed this in a classroom situation.
I visited the BankGate site and my browser reported that their root was untrusted and would I like to trust it? How should I know??!? I said "no thanks" so the transaction failed.
I visited the GlobalSign site and my browser reported that their root was untrusted and would I like to trust it? How should I know??!? I said "no thanks" so the transaction failed.
This is how it works in the real world with unskilled users, it's a major deployment problem (just ask anyone who has ever tried to implement self-signed certs in an intranet.) This is why only the companies with their roots in the browsers are going anywhere, at present this means Thawte and Verisign - period. I know I said Win2K or SP6 would change that but not for the foreseeable future...
Oh yeah and I visited the BT TrustWise site and my browser reported that their root was... well, Verisign's root actually! They are just a reseller.
There are good reasons why Thawte or Verisign can charge more money for a certificate than you can charge. Firstly and most importantly their root certificates are shipped in both major browsers' trusted root stores. Secondly these companies can justifiably claim to be secure to the max.
I believe having their root certificate in the browser is _the_ number one factor and this is due to change very soon - Windows 2000 and NT4 SP6 both introduce a large number of new trusted players into IE, for example Baltimore, Belgacom, Cable and Wireless, Deutsche telekom, Swisskey, etc.
So maybe Thawte are grabbing the cash and getting out at what they think might be the top of the market... I've always considered Thawte to be a pretty smart company.
And there really is a need for a Slashdot CA, people do not want to pay $200 to get a code-signing certificate just for some.jar file they are distributing for free anyway.
Slashdot Mirror
This is just boilerplate and not worth worrying about; when I used Bastille to harden my Red Hat 6.2 box I let it install a pretty much identical motd. People do it because there is a slight possibility that the warning could make it easier to litigate if you could ever actually prove an attempt to crack your box.
Using RSA authentication doesn't help, since you have to enter a password to access the key stored on B. This password will be sent one character at a time from A to B. This multihop ssh-ing is a common practice
Anyone at A who stores their key on B is asking for trouble, ssh clients are perfectly capable of making the trip back to A to use your key for authenticating the connection between B and C. (or C and D, or D and E, etc.)
This "turn computer" proved useful 50 years later, when Edward Teller asked me, in hindsight, to investigate whether a humane high-altitude "demonstration" detonation of an atomic bomb over Tokyo Bay would have been feasible. The higher the detonation altitude, the less time the B-29 would have for turning away from the impending shock wave.
OK this sounds scientifically correct - but what was the actual answer to Mr. Teller's question?
Why all these stories of folks with Windows workstations who didn't even know they were running IIS and were surprised to be told they had code red etc. etc.
NT4 requires you get a copy of the "Option Pack" CD before you can install IIS. W2K Pro needs you to re-insert the CD after you installed the OS and click on yes-I-want-IIS. Both pretty hard to do by mistake.
Sometimes I chat, VC, swap config files, patches, jokes, trivia, URLs, etc. with the bloke who lives across the road from me. It's only a 45-second short walk to go see him but sometimes it's late or raining or we're busy. There's no super-duper gnutellas napsters freenets or mojos, we just interact using Netmeeting or pscp or something. This is what _I_ call p2p.... will someone tell me there's something wrong here? (Maybe if I shout across to him that should be illegal too.) Supposing I e-mail him instead, now we have at least one server - I don't think this makes it better or worse. BTW we don't even live in the USA and it's scary having all those people there always trying to dream up Internet Laws to stop us doing stuff.
So how come registering a .co.uk costs so much more than registering a .com?
...says at least one of these points will be at someone's nuclear missile bunker, or secret submarine pen, or in the middle of the Pentagon, or something (Now try photographing that)
In some countries (like the UK where I am) it is not at all automatic that an employer owns the IPR in work produced by an employee during contracted hours. A few years back many employers here were obliged to issue amendments to contracts in favour of employees, removing the "we own you, your work, and your mother" clauses.
Which is mostly a Good Thing to me, although unfortunately it has led to complications such as companies discovering they didn't actually own the copyright to the content on their own websites...
What's funny about this? I got a blank (black) screen.
How come we are all so busy explaining how SDMI or anyone else has no chance in the universe of ever getting a watermark system to work.
When we're wearing our other hats (you know the ones with the "Yes Sir I Can Keep Evil Gubmint Snoopers Out Of My E-Mail" logo) aren't we all completely sure that hiding stego messages inside pictures is a really great idea? Isn't it the same thing?
No they will use your new American "digital signature" law. As far as I can determine this does not actually refer to digital signatures as we understand them (X.509 or PGP certificates) but rather "click here, OK you just legally signed this."
So look out for some sort of simple gizmo, or maybe it'll get incorporated into a point-of-sale credit card PIN system or whatever. ("For your protection" of course.)
I would like to know why Amazon needs all this password stuff anyway. If I go into a physical bookshop and buy a book using my credit card they don't get me into convolutions about password assignment, future mailings opt-out, or whatever. I just pay, walk out onto the street with my book, and that's it.
Of course without the password system the "1-click-purchase" thing would not work next time (if there was a next time.) However I don't actually care about that I just want my book.
Britain and the US are collaborating to fund an ex-USSR biological warfare station to wipe out opium poppies (news story here.)
Supposedly they have developed a genetically engineered fungus that kills the plants; of course what everyone wants to know is "so when you release it can it mutate into a MIR-eating monster?".... looks like maybe it already did.
It's bugging me... why are there so many letter a's missing from the Chapter 3 published on Amazon?
For example "Camilla P rker Bowles", and "ny" instead of "any".
You can do this, I use my Nokia 9110 phone all the time for telnet and vnc into our systems at work. Also has an SSL-capable browser, IMAP4 and POP3 clients, ftp, .wav recorder, etc.
Precisely - we chose Interbase at work because of the transaction capability (and stored procedures.) But there are plenty of packages which I would really like to use except they only support MySQL.
The downside of using Interbase is that so far we haven't implemented anything to which the features mentioned above are remotely important, plus it's much harder to use; for example loading a csv file into your DB is simple with MySQL but just try that with Interbase...
It's *his* fault he's called kdgarris?
Without question here's the best way to protect against these kind of macro viiri if you're an Outlook user, it works for us:
& pid=47&aid=56
How Active is Active Content in Email?
http://ntbugtraq.ntadvice.com/default.asp?sid=1
Attack Microsoft if you want to, maybe you have a point and maybe not. But I think at least they deserve people to look at their whole record not just how they seemed to be at the end of the 20th century.
:-)
During the 70's and 80's I worked for "computer" companies with management so dumb that if it had been left to them everyone would today still be using wooden calculators. Microsoft beat those companies because they were smarter and also(gasp) even cared slightly about what end users actually wanted. Believe me, without Microsoft (OK, and others) breaking up the cosy mainframe world of ten or fifteen years back we would not have the present luxury of the commodity computer market to put cheap iron at our fingertips.
I remember DOS 4.10, OS/2 v1, Windows 1 and 2, and plenty of other products into which Microsoft put money and effort for no obvious reward. When they finally got it right you can't blame them for exploiting that to the hilt and beyond.
Although since now by anyone's reckoning they've had their ROI they could certainly move over and let Open Source see how it likes sitting in the driving seat
That is so cool, it challenges our entire view of
- why do people go to college
- what should they do when they are there
- how do we measure if they're doing it right
I've been saving for years to finance my kids college fees, it's starting to look as though they can stay home and use their net connection instead. (I shall blow their college money on a sports car with a long red bonnet/hood.)
I'm running ZoneAlarm personal firewall from www.zonelabs.com and if I attempt to make a search I get an error like this:
ZoneAlarm has blocked an incoming request to your computer. This could indicate that an unauthorized party is trying to gain access to it, or obtain information about your network.
Information Received:
Name Packet sent from 204.71.176.40 (TCP Port 5900) to -.-.-.-
(TCP Port 46944) was blocked
Status Dropped
Source IP Address 204.71.176.40
Destination IP Address -.-.-.-
Source Port 5900
Destination Port 46944
Link Layer Protocol 1
Network Layer Protocol 1
Transport Layer Protocol 2
Count 1
Status Code 100002
Lock Level 0
Security Information 0,1,0,2
Operating System Windows NT-5.0.2195--SP (flames, save 'em)
Product ZoneAlarm
ProductVersion 2.0.26
Language 0809
State Find Code 13
I've been a (boot-camp) CNE for ten years or so, and more recently am a self-taught MCSE : the company I work for also has its own relatively minor certification system. This has given me a lot of opportunity to observe vendor certification programs from both sides of the fence and overall I have to agree they are not all they're supposed to be.
Really I think vendors see them as marketing opportunities, especially if you can convince your dealer channel that they have to have some number of certified folk on staff before they can resell your product. Plus IMO the markup on education materials can be very attractive. Then again, the qualifications are portable so if it helps someone get a better job who am I to complain.
I guess we've all seen the fully-certified people who don't know anything, but there are also plenty that are pretty smart. My personal opinion is that it's down to individuals in the end, just like any other way of measuring knowledge and experience.
I have to say that one good thing about studying for certification is that it forces you to explore the boring parts of an OS as well as whatever you personally find more interesting... this has saved my bacon on numerous occasions. And self-teach is definitely the best method, running thin ethernet around my house for hands-on practice taught me a lot about enterprise stuff in miniature; I'm fairly sure I would have missed this in a classroom situation.
I visited the BankGate site and my browser reported that their root was untrusted and would I like to trust it? How should I know??!? I said "no thanks" so the transaction failed.
... well, Verisign's root actually! They are just a reseller.
I visited the GlobalSign site and my browser reported that their root was untrusted and would I like to trust it? How should I know??!? I said "no thanks" so the transaction failed.
This is how it works in the real world with unskilled users, it's a major deployment problem (just ask anyone who has ever tried to implement self-signed certs in an intranet.) This is why only the companies with their roots in the browsers are going anywhere, at present this means Thawte and Verisign - period. I know I said Win2K or SP6 would change that but not for the foreseeable future...
Oh yeah and I visited the BT TrustWise site and my browser reported that their root was
There are good reasons why Thawte or Verisign can charge more money for a certificate than you can charge. Firstly and most importantly their root certificates are shipped in both major browsers' trusted root stores. Secondly these companies can justifiably claim to be secure to the max.
.jar file they are distributing for free anyway.
I believe having their root certificate in the browser is _the_ number one factor and this is due to change very soon - Windows 2000 and NT4 SP6 both introduce a large number of new trusted players into IE, for example Baltimore, Belgacom, Cable and Wireless, Deutsche telekom, Swisskey, etc.
So maybe Thawte are grabbing the cash and getting out at what they think might be the top of the market... I've always considered Thawte to be a pretty smart company.
And there really is a need for a Slashdot CA, people do not want to pay $200 to get a code-signing certificate just for some
They do here! (UK) See www.pobox.co.uk How about that, an ISP which actively solicits anonymous users.