Just curious, but if we're talking about key exchanges over an insecure medium, why can't we do a Diffie-Hellman key exchange, similar to what is used for IPSec tunnel negotiation? It seems like VoIP devices could establish tunnels to remote endpoints via GRE and/or IPSec and pass their H.xxx protocol data over that tunnel. Is this not technically possible, or is it possible, just not scalable/cost effective?
Very little land in the world can renew itself year after year. Farming by its very definition sucks up nutrients from the ground to be hauled off. Even organic farming is grossly destructive to the ground.
This is completely off-base at best and ridiculous at worst. As an organic gardener in a community of full-time, professional, organic farmers I can tell you that your idea that organic farming is grossly destructive is totally false. Organic farming, while composed of many different techniques gets its strength from the quality of soil. No organic farmer could maintain a sustainable crop without significant and more importantly, consistent soil quality.
Organic farming techniques utilize composting which efficiently recycles unusable (to humans) plant material to enrich the soil over time. Proper crop rotation with a heavy reliance on compost actually improves the soil over time rather than destroy it. And with the proper rain harvesting techniques, the really only major environmental impact organic farming has is that it just takes up land space that has to be cleared. Organic farmers also rely on beneficial insects who also will not thrive unless conditions (including soil quality) are optimal.
While I'm ambivalent on whether full time crop production for the use as consumer fuel is sustainable, I definitely contest your statements on the destruction of soil and environment through actual organic farming.
I regularly review these complaints at a University and note that the only information the complainers give is the time/date, filename, [KaZaA, usually] username, and IP address. Since most IP addresses are provided via DHCP, I think you would be hard pressed to prove that FERPA protects student IP addresses since they are not owned by the student and are certainly not unique to them. I don't think the complaints actually violate FERPA in any fashion, and place the onus on the University officials to do their dirty work.
Not necessarily. How many times have copies of music CDs been "leaked" before their official release date? This doesn't take into account that some artists (Smashing Pumpkins) release tracks periodically over the Internet which are destined to be on the file-trading track, but I can think of a number of full albums, movies, etc. that have been easily available for free before they hit the retail chains.
The key to dealing with filesharing on campuses is traffic limiting/shaping. While it's true that current generation P2P apps can dynamically assign ports (thereby bypassing firewalls, and port limiting efforts), network administrators CAN limit the amount of outgoing traffic coming from student residence halls. That way, students can still pull down files, but cannot share nearly as many out. Which frees up some bandwidth for legitimate use.
Adding SSL will only increase the bandwidth use and the time it takes to download files because of the encrypted payload. Each packet will have to be decrypted by the receiving host, which will take more overhead in distributing the files.
While most folks will not deny the fact that you performed some amazing feats and that you were pretty much able to do what you wanted, it seems as if most of your methodology is based on "social engineering". I realize that the information you need is there if you only ask the right people, but in retrospect, do you now feel that social engineering attacks are not as elegant as well-planned and completely electronic attacks?
Sounds like the Klez virus to me. You can probably track down the original IP address of the person who is unintentionally sending you the virus. Here's some more info:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html
Exactly, it's on all the time. But the 'sploit apparently only affects the user if someone is already on the system, or if they have the remote management on. Why would the typical home user need that on anyway? I think it's already off by default so I don't think that this will result in the DoS mentioned in the comments above. A little reactionary...
The newest versions of Office will only with with W2K SP3 and XP, so I don't think they will ever give away the software -- just force folks to upgrade or lose functionality
Hmmm, Yahoo "protects us from spam" with the Bulk Mail folder and the ability to block the sender, but changes our settings automatically to accept more spam. I'm switching to Hotmail...oh wait
"By piggybacking invisibly onto the Internet connection, it sends a critical piece of information to the tracking company: the laptop's Internet protocol (I.P.) address, the unique, multidigit number that identifies each computer on the Internet. Once the authorities are armed with that address, it's a piece of cake to subpoena the baddie's account records from the Internet service provider."
This is total crap. Is it never a piece of cake to subpoena a user's account from an (most major) ISPs. If an ISP isn't going to respond to a security complaint (Road Runner, @Home, ahem) then they probably won't even talk to you until you convince the police to contact them, which isn't too easy either.
Exactly. I love playing guitar (Wine Red Gibson LP Studio) and I love Star Wars, but I'd never buy or be seen playing a Star Wars guitar. I mean, the body is cool enough I guess, and Fernandes are decent I suppose, but the giant "STAR WARS" across the neck just ruins it. Is that a reminder for people who don't recognize Darth Vader or a Storm Trooper? Bad call...
This is such crap. It seems like there are two ways to get news from Microsoft:
1) A "leaked" employee memo with loads of incriminating stuff
2) An "e-mail from Bill Gates to employees" that is picked up by the AP. This is CYA at its best. Lipservice to the fact that they've fucked up royally on almost all fronts.
Exactly. This is also why televising criminal trials is problematic. In many case, jurors, attorneys, AND witnesses will play to the camera. People act very different when they know they are being watched, and particularly when they are on camera.
Slashdot Mirror
Just curious, but if we're talking about key exchanges over an insecure medium, why can't we do a Diffie-Hellman key exchange, similar to what is used for IPSec tunnel negotiation? It seems like VoIP devices could establish tunnels to remote endpoints via GRE and/or IPSec and pass their H.xxx protocol data over that tunnel. Is this not technically possible, or is it possible, just not scalable/cost effective?
This is completely off-base at best and ridiculous at worst. As an organic gardener in a community of full-time, professional, organic farmers I can tell you that your idea that organic farming is grossly destructive is totally false. Organic farming, while composed of many different techniques gets its strength from the quality of soil. No organic farmer could maintain a sustainable crop without significant and more importantly, consistent soil quality.
Organic farming techniques utilize composting which efficiently recycles unusable (to humans) plant material to enrich the soil over time. Proper crop rotation with a heavy reliance on compost actually improves the soil over time rather than destroy it. And with the proper rain harvesting techniques, the really only major environmental impact organic farming has is that it just takes up land space that has to be cleared. Organic farmers also rely on beneficial insects who also will not thrive unless conditions (including soil quality) are optimal.
While I'm ambivalent on whether full time crop production for the use as consumer fuel is sustainable, I definitely contest your statements on the destruction of soil and environment through actual organic farming.
I regularly review these complaints at a University and note that the only information the complainers give is the time/date, filename, [KaZaA, usually] username, and IP address. Since most IP addresses are provided via DHCP, I think you would be hard pressed to prove that FERPA protects student IP addresses since they are not owned by the student and are certainly not unique to them. I don't think the complaints actually violate FERPA in any fashion, and place the onus on the University officials to do their dirty work.
Not necessarily. How many times have copies of music CDs been "leaked" before their official release date? This doesn't take into account that some artists (Smashing Pumpkins) release tracks periodically over the Internet which are destined to be on the file-trading track, but I can think of a number of full albums, movies, etc. that have been easily available for free before they hit the retail chains.
The key to dealing with filesharing on campuses is traffic limiting/shaping. While it's true that current generation P2P apps can dynamically assign ports (thereby bypassing firewalls, and port limiting efforts), network administrators CAN limit the amount of outgoing traffic coming from student residence halls. That way, students can still pull down files, but cannot share nearly as many out. Which frees up some bandwidth for legitimate use. Adding SSL will only increase the bandwidth use and the time it takes to download files because of the encrypted payload. Each packet will have to be decrypted by the receiving host, which will take more overhead in distributing the files.
While most folks will not deny the fact that you performed some amazing feats and that you were pretty much able to do what you wanted, it seems as if most of your methodology is based on "social engineering". I realize that the information you need is there if you only ask the right people, but in retrospect, do you now feel that social engineering attacks are not as elegant as well-planned and completely electronic attacks?
Sounds like the Klez virus to me. You can probably track down the original IP address of the person who is unintentionally sending you the virus. Here's some more info: http://securityresponse.symantec.com/avcenter/venc /data/w32.klez.removal.tool.html
Exactly, it's on all the time. But the 'sploit apparently only affects the user if someone is already on the system, or if they have the remote management on. Why would the typical home user need that on anyway? I think it's already off by default so I don't think that this will result in the DoS mentioned in the comments above. A little reactionary...
The newest versions of Office will only with with W2K SP3 and XP, so I don't think they will ever give away the software -- just force folks to upgrade or lose functionality
I believe that's Mozilla, v. Mothra.
Great, 30+ devices sharing a cable/DSL connection. I can't wait to get the clockspeeds on that.
Hmmm, Yahoo "protects us from spam" with the Bulk Mail folder and the ability to block the sender, but changes our settings automatically to accept more spam. I'm switching to Hotmail...oh wait
The article mentions the following:
"By piggybacking invisibly onto the Internet connection, it sends a critical piece of information to the tracking company: the laptop's Internet protocol (I.P.) address, the unique, multidigit number that identifies each computer on the Internet. Once the authorities are armed with that address, it's a piece of cake to subpoena the baddie's account records from the Internet service provider."
This is total crap. Is it never a piece of cake to subpoena a user's account from an (most major) ISPs. If an ISP isn't going to respond to a security complaint (Road Runner, @Home, ahem) then they probably won't even talk to you until you convince the police to contact them, which isn't too easy either.
Exactly. I love playing guitar (Wine Red Gibson LP Studio) and I love Star Wars, but I'd never buy or be seen playing a Star Wars guitar. I mean, the body is cool enough I guess, and Fernandes are decent I suppose, but the giant "STAR WARS" across the neck just ruins it. Is that a reminder for people who don't recognize Darth Vader or a Storm Trooper? Bad call...
This is such crap. It seems like there are two ways to get news from Microsoft: 1) A "leaked" employee memo with loads of incriminating stuff 2) An "e-mail from Bill Gates to employees" that is picked up by the AP. This is CYA at its best. Lipservice to the fact that they've fucked up royally on almost all fronts.
When signing up for a North Carolina driver's license you can opt-out of the state selling your personal information.
Exactly. This is also why televising criminal trials is problematic. In many case, jurors, attorneys, AND witnesses will play to the camera. People act very different when they know they are being watched, and particularly when they are on camera.
Could this be the first time?