Or, to put it another way, the Space Elevator is a glorious technology that may one day be built by an advanced human civilization, and when it is, it will be a modern world wonder.. but that day is not today.. it's probably not even in the next 30 years.
And when you say "log in as Administrator" you mean switch to another terminal and do it right? You don't mean, "enter the admin password into a box that anyone can fake the style of". Oh, and administrators shouldn't be able to run anything that has been installed right? Cause as soon as you run a program that has been installed as administrator then it's game over. None of this is "easily fixed". That's the problem.
Yeah, see, this is why I really should get around to posting to whatever passes as a risks mailing list these days.
There's about a dozen ways to intercept su or sudo. They range in sophistication from adding an alias to the user's.bash_profile (or whatever shell they are using), to duplicating the effect of gksudo, to using the ptrace api to intercept exec syscalls and replace the command to execute. Some of this stuff is old school and doesn't need repeating.. I'm not aware of anyone who has published a ptrace based mechanism for jumping su or sudo.
Thing is, hacking is just so much more common than worms or viruses on the Linux platform.. and stuff like this is a last resort for hackers. Only if they don't have a local exploit that will give them root do they turn to stuff like this.
I tell ya, sometimes I feel like I should start doing "irresponsible security research" again. At least in the old days people understood the risks because people would yell from the rooftops what was possible (and prove that it was) instead of keeping it all secret so they can sell it to the russians, or, worse yet, the vendors.
it drives home the importance of keeping good anti-spyware and anti-virus software updated on both corporate systems as well as systems being used from home. Uhh, no. If the keylogging software is some off the shelf crap, sure, that might work, but if it is something the attacker has written specifically for this attack, forget it. We don't live in a world where software is assured. You can't ever say "my keystrokes are on a secure path". Although, two factor security things like RSA's Secureid can help.
So long as users can create "executables" then viruses will exist. Of course, the problem in Windows is that just about everything is executable. Was a time when if it didn't have.exe on the end then it wasn't an executable.. now you have scripts (which for some inexplicable reason can write to my harddrive) and brain dead things like Microsoft running an exe if you rename it to be a png (did they ever fix that?) and Microsoft hiding the extensions of files so you have no idea whether or not they are executable.
And yes, there are buffer overflows.. which makes just about any "data" possibly "code".
I can help you with that last one. You see, my uncle died recently and he was really rich, but I'm having some trouble getting the money out of the country..............
Ignoring it is exactly what you should have done. The fact that you all had a big cry about it and then fucked up your own economy has nothing to do with the attacks.. it has to do with your sense of invulnerability being shattered. Get over yourselves.
Gone through them about 5 times. They now have a complete set of my fingerprints. As for facial recognition, really? I just figured those photos were stored on file to show that the customs officer was doing his job.
It's really annoying how much of this research never gets turned into product.. or, worse yet, it gets embedded in some proprietary piece of shit hardware instead of being released as a reusable component. I'd love to add some good facial recognition to my pet robot, but I'm not buying your watt sucking camera.
People chasing you and assaulting you is a pretty big indicator of a social norm. I'm not defending the action, I'm merely pointing out that the norm exists and you violate it at your own peril.
Or, to put it another way, the Space Elevator is a glorious technology that may one day be built by an advanced human civilization, and when it is, it will be a modern world wonder.. but that day is not today.. it's probably not even in the next 30 years.
And when you say "log in as Administrator" you mean switch to another terminal and do it right? You don't mean, "enter the admin password into a box that anyone can fake the style of". Oh, and administrators shouldn't be able to run anything that has been installed right? Cause as soon as you run a program that has been installed as administrator then it's game over. None of this is "easily fixed". That's the problem.
Yeah, see, this is why I really should get around to posting to whatever passes as a risks mailing list these days.
.bash_profile (or whatever shell they are using), to duplicating the effect of gksudo, to using the ptrace api to intercept exec syscalls and replace the command to execute. Some of this stuff is old school and doesn't need repeating.. I'm not aware of anyone who has published a ptrace based mechanism for jumping su or sudo.
There's about a dozen ways to intercept su or sudo. They range in sophistication from adding an alias to the user's
Thing is, hacking is just so much more common than worms or viruses on the Linux platform.. and stuff like this is a last resort for hackers. Only if they don't have a local exploit that will give them root do they turn to stuff like this.
Yeah, cause jumping su or sudo is so hard.
I tell ya, sometimes I feel like I should start doing "irresponsible security research" again. At least in the old days people understood the risks because people would yell from the rooftops what was possible (and prove that it was) instead of keeping it all secret so they can sell it to the russians, or, worse yet, the vendors.
The virus scene is dead. No-one is writing viruses.
There are people who write worms and bot-net building trojans, but they have nothing to do with the virus scene.
So long as users can create "executables" then viruses will exist. Of course, the problem in Windows is that just about everything is executable. Was a time when if it didn't have .exe on the end then it wasn't an executable.. now you have scripts (which for some inexplicable reason can write to my harddrive) and brain dead things like Microsoft running an exe if you rename it to be a png (did they ever fix that?) and Microsoft hiding the extensions of files so you have no idea whether or not they are executable.
And yes, there are buffer overflows.. which makes just about any "data" possibly "code".
Sounds like a good idea.
Anything to stop me falling asleep playing Civilization.
How to sign a Firefox Extension by Frederic Mercille.
It's not hard (for anyone who can make an add-on).
I can help you with that last one. You see, my uncle died recently and he was really rich, but I'm having some trouble getting the money out of the country..............
Chuck Norris.
Dude must have a hell of time flying. He's a lethal weapon.
One roundhouse kick and the plane will fall out of the sky.
Not to mention the effect he has on the female cab crew.
Ignoring it is exactly what you should have done. The fact that you all had a big cry about it and then fucked up your own economy has nothing to do with the attacks.. it has to do with your sense of invulnerability being shattered. Get over yourselves.
No. You're wrong. Everyone knows that locks are impossible to get around.
yeah, but there's a world of difference between those two technologies.
Heh, the old "let's replace slave/cheap labor with robots!" idea.
Your confusion about the term "police state" is a clear indicator of your failure to study history.
heh, well there ya go.
Thanks for the info.
huh? I said commercialize.. that means, "give me something I can buy" not "give me something for free". wtf?
"for instance, the curves of the eye sockets, nose, and chin, which are where tissue and bone are most apparent and which don't change over time."
Again, it's IN THE SUMMARY.
"for instance, the curves of the eye sockets, nose, and chin, which are where tissue and bone are most apparent and which don't change over time."
Geez.
Gone through them about 5 times. They now have a complete set of my fingerprints. As for facial recognition, really? I just figured those photos were stored on file to show that the customs officer was doing his job.
I don't think any of these technologies are up to that level yet, but it's a nice idea.
And yes, the exact same technology could be used to horrific effect by a police state.
It's really annoying how much of this research never gets turned into product.. or, worse yet, it gets embedded in some proprietary piece of shit hardware instead of being released as a reusable component. I'd love to add some good facial recognition to my pet robot, but I'm not buying your watt sucking camera.
People chasing you and assaulting you is a pretty big indicator of a social norm. I'm not defending the action, I'm merely pointing out that the norm exists and you violate it at your own peril.
Canada and Japan, no shit eh.