Basically, Trent, (ie, Verisign, Thawte or others) signs a certificate for Bob indicating his domain. Alice sends Bob a request for the certificate, Bob sends Alice the certificate. Alice verifies that the certificate is properly signed. Alice then uses that certificate to encrypt all communication with Bob.
Yes, I glossed over LOTS of details, like what the certificate is, but that's the portion of the algo that stops man in the middle attacks.
The only way to perpetrate a man in the middle attack is to get Trent's keys, so you can sign your own certificate as Bob, or to get Bob's key, or to compromise Alice's or Bob's machine.
"Why won't this work?" is a good way of learning all of the practical details of a system. "Why can't you put a wheel inside of a wheel inside of a wheel, and have them spin relative to the wheel just outside, and thus break the speed of light?" is a good one. Answer that, and you've just learned something. (Assuming just physics 101 knowledge.)
Well, this program is still under development. I'll be putting it on sourceforge, as soon as I figure out how to deliver mail portably across win32 & *nix without resorting to unnecessary bloat.
While it is interesting that the IPs are open proxies. (I had wondered why they changed so quickly and often, and bounced around so much.) You're wrong. Mailbombing wouldn't affect the open proxies. Mailbombing would affect the mail dropboxes they use to pick up replies from the open mail servers.
The path of a typical successful test: [Client]->[Open Proxy]->[Open Relay]->[Their Mailserver]->[Client]
Mail bombing would affect the mailbox on their mailserver, (which is most likely an innocent, but lazy ISP's mailserver, but I didn't research). Filling their mailbox would mean that none of their successful tests would get through, and If I got lucky, I could really mess things up for them through creative poisoning.
Alas, my hat is not black. That route is denied to me, poetic as it may be.
I run a program that just listen on port 25, pretending to be an open relay, and logs all relay tests to a file. I get scanned by testers using the following two email hosts constantly. The 21cn.com one has been using the same exact address for months now. Almost makes me want to mailbomb them.
Mar 27 08:07:18 [210.222.196.141:27910] ehlo ll-nidaf2xx5kn9 Rset Mail from:<china9988@21cn.com> RCPT to:<china9988@21cn.com> Data From: china9988@21cn.com Subject: 68.22.196.106 To: china9988@21cn.com Date: Thu, 27 Mar 2003 23:20:51 +0900 X-Priority: 3 X-Library: Indy 8.0.25 t_Smtp.LocalIP . Quit
My first thought was also that it was some kind of consequence of war. Although I thought of the fact that Manhattan Project era scientists were unsure whether a detoned nuke would stop, or continue in a chain reaction that would engulf the world, turning it into a second, smaller sun.
According to the constitution, if you commit a crime, you have the right to face your accuser. OTOH, you give up lots of your rights when you sign to get your driver's license. (Yes, there's more to it than just that.)
Last I heard, GPS is not approved for navigational use by the FAA. Meaning, you can use it, but you need to have alternate systems, and can't rely on it.
Civilian planes will still use navigational radio beacons. This is one of the first things they teach you when you go for a private pilot's license. (First step for a non-military commercial pilot's license. Military licensing is probably similar.)
Forgive my ignorance, but since when is hate speech illegal in the USA? (I know it's illegal in our great northern neighbor.)
Libel and slander are illegal; copyright & trademark violations are illegal (where things are slanted a bit too much in corporate favour). But, hurting people's feelings is perfectly legal, as long as what you say is fact or opinion, and not a lie. And economic and reputational damage is legal, again, given that you aren't telling lies. (I can say that Eddie Murphy picked up a prostitute, as long as he actually did so, regardless of the damage it will do to his reputation.)
By application of the United States Drug Enforcement Administration, the website you are attempting to visit has been restrained by the United States District Court for the Western District of Pennsylvania pursuant to Title 21, United States Code, Section 853(e)(1)(A).
In playing with the Nigerian fraudsters, I found that unless you reply within less than an hour of first receiving the email, chances are that the account was cancelled. BUT, if you reply *right away*, you can get through to a real person, (and then take them on a wild goose chase as they try to call you at the white house, and then at FBI headquarters...)
I'm gonna get marked redundant just for the subject, aren't I?
Anyway, contributing to an old project is a great way to increase your coding skills, play with coding a game, and NOT have to deal with all of the stupid stuff, because it has already been done by someone else. Take Crossfire (http://crossfire.real-time.com/) as an example. You have a stable multiplayer online RPG that's been around since '92 or even longer. It runs on many un*x variants, and has some win32 stuff too, although no fully supported win32 client. If you're interested in monster AI, go ahead, code that. Everything else works perfectly fine. If you're interested in writing a new client, go right ahead. You can even take the networking code from the current clients, and write only the GUI. Hell, there have even been three Perl based 'bots that I know of. Network code, but no GUI.
The point is, if you contribute to an existing project, you can skip straight to the part you enjoy the most, and you're much more likely to finish.
"They've grown to encompass full recursive descent parsing, so you can use the same syntax to parse source code or complex file formats as you would use to pull apart fields from a string."
Does this mean that I will be able to parse stuff out like HTML tags, and nested parenthesis?
Or even catching VBScript strings, with the "" inside a string representing a single ", so I'll be ale to parse out something like
"""this is a ""test"""""
which currently is incredibly annoying to parse, especially if all you want to do is catch the comments at the end of the line.
Opt-out does not work! These solutions are going to be just as effective as states that outlawed spam entirely in stopping spam, and are going to be just another source of validated addresses, thus ensuring more spam for those on the lists.
I wrote something that does this (win32 only) way back when. Here it is, complete with source code. It doesn't do much anymore, as the security holes exploited by the worms have by and large been patched, without removing the worm.
Back in the good old days, low level format actually did something. It rewrote the tracks and sectors on the platters. Nowadays, with high data density and whatnot, it's much more difficult to write the tracks and sectors, and special machinery is used to do so. The standard head isn't able to get enough accuracy.
Slashdot Mirror
Yup, you're right.
--
Randolpho's Slashdot Moderation Plan:
1. Whore me some karma
2. ???
3. Moderate!
FYI, step 2 should be "smoke crack".
I thought that was what 1.0 meant.
SSL is secured against man in the middle attacks.
Basically, Trent, (ie, Verisign, Thawte or others) signs a certificate for Bob indicating his domain. Alice sends Bob a request for the certificate, Bob sends Alice the certificate. Alice verifies that the certificate is properly signed. Alice then uses that certificate to encrypt all communication with Bob.
Yes, I glossed over LOTS of details, like what the certificate is, but that's the portion of the algo that stops man in the middle attacks.
The only way to perpetrate a man in the middle attack is to get Trent's keys, so you can sign your own certificate as Bob, or to get Bob's key, or to compromise Alice's or Bob's machine.
"Why won't this work?" is a good way of learning all of the practical details of a system. "Why can't you put a wheel inside of a wheel inside of a wheel, and have them spin relative to the wheel just outside, and thus break the speed of light?" is a good one. Answer that, and you've just learned something. (Assuming just physics 101 knowledge.)
Well, this program is still under development. I'll be putting it on sourceforge, as soon as I figure out how to deliver mail portably across win32 & *nix without resorting to unnecessary bloat.
While it is interesting that the IPs are open proxies. (I had wondered why they changed so quickly and often, and bounced around so much.) You're wrong. Mailbombing wouldn't affect the open proxies. Mailbombing would affect the mail dropboxes they use to pick up replies from the open mail servers.
The path of a typical successful test:
[Client]->[Open Proxy]->[Open Relay]->[Their Mailserver]->[Client]
Mail bombing would affect the mailbox on their mailserver, (which is most likely an innocent, but lazy ISP's mailserver, but I didn't research). Filling their mailbox would mean that none of their successful tests would get through, and If I got lucky, I could really mess things up for them through creative poisoning.
Alas, my hat is not black. That route is denied to me, poetic as it may be.
I run a program that just listen on port 25, pretending to be an open relay, and logs all relay tests to a file. I get scanned by testers using the following two email hosts constantly. The 21cn.com one has been using the same exact address for months now. Almost makes me want to mailbomb them.
n : 6, 0, 0, 4: quoted-printable/ P>
Mar 27 08:07:18 [210.222.196.141:27910]
ehlo ll-nidaf2xx5kn9
Rset
Mail from:<china9988@21cn.com>
RCPT to:<china9988@21cn.com>
Data
From: china9988@21cn.com
Subject: 68.22.196.106
To: china9988@21cn.com
Date: Thu, 27 Mar 2003 23:20:51 +0900
X-Priority: 3
X-Library: Indy 8.0.25
t_Smtp.LocalIP
.
Quit
Mar 27 19:23:10 [210.222.196.133:58885]
HELO hanmail.net
MAIL FROM:<jkdsa@hanmail.net>
RCPT TO:<mg0108@hanmail.net>
DATA
Message-ID: <20820-2200335282014339@hanmail.net>
X-EM-Versio
X-EM-Registration: #0010630410721500AB30
Reply-To: rolliey@hotmail.com
From: "good" <jkdsa@hanmail.net>
To: mg0108@hanmail.net
Subject: 68.22.196.106
Date: Fri, 28 Mar 2003 11:00:14 +0900
MIME-Version: 1.0
Content-Type: text/html; charset=KS_C_5601-1987
Content-Transfer-Encoding
<HTML>
<HEAD>
<META NAME=3D"GENERATOR" Content=3D"Microsoft DHTML Editing Control">
<TITLE></TITLE>
</HEAD>
<BODY>
<P><
</BODY>
</HTML>
.
QUIT
My first thought was also that it was some kind of consequence of war. Although I thought of the fact that Manhattan Project era scientists were unsure whether a detoned nuke would stop, or continue in a chain reaction that would engulf the world, turning it into a second, smaller sun.
According to the constitution, if you commit a crime, you have the right to face your accuser. OTOH, you give up lots of your rights when you sign to get your driver's license. (Yes, there's more to it than just that.)
Last I heard, GPS is not approved for navigational use by the FAA. Meaning, you can use it, but you need to have alternate systems, and can't rely on it.
Civilian planes will still use navigational radio beacons. This is one of the first things they teach you when you go for a private pilot's license. (First step for a non-military commercial pilot's license. Military licensing is probably similar.)
Forgive my ignorance, but since when is hate speech illegal in the USA? (I know it's illegal in our great northern neighbor.)
Libel and slander are illegal; copyright & trademark violations are illegal (where things are slanted a bit too much in corporate favour). But, hurting people's feelings is perfectly legal, as long as what you say is fact or opinion, and not a lie. And economic and reputational damage is legal, again, given that you aren't telling lies. (I can say that Eddie Murphy picked up a prostitute, as long as he actually did so, regardless of the damage it will do to his reputation.)
Simple. Send 1.5 million Linux binaries to Microsoft to sign, and measure the response times.
Nukes can be used to divert large asteroids that are on a collision course with the Earth!
It exists. http://www.wired.com/news/print/0,1294,53799,00.ht ml Wired had an article about it a while ago, and so did Slashdot. Here's the download: http://www.hacktivismo.com/news/modules.php?name=C ontent&pa=showpage&pid=19
If anyone is curious, after a bit of googling, I found http://www.omnilounge.com/.
By application of the United States Drug Enforcement Administration, the website you are attempting to visit has been restrained by the United States District Court for the Western District of Pennsylvania pursuant to Title 21, United States Code, Section 853(e)(1)(A).
In playing with the Nigerian fraudsters, I found that unless you reply within less than an hour of first receiving the email, chances are that the account was cancelled. BUT, if you reply *right away*, you can get through to a real person, (and then take them on a wild goose chase as they try to call you at the white house, and then at FBI headquarters...)
I'm gonna get marked redundant just for the subject, aren't I?
Anyway, contributing to an old project is a great way to increase your coding skills, play with coding a game, and NOT have to deal with all of the stupid stuff, because it has already been done by someone else. Take Crossfire (http://crossfire.real-time.com/) as an example. You have a stable multiplayer online RPG that's been around since '92 or even longer. It runs on many un*x variants, and has some win32 stuff too, although no fully supported win32 client. If you're interested in monster AI, go ahead, code that. Everything else works perfectly fine. If you're interested in writing a new client, go right ahead. You can even take the networking code from the current clients, and write only the GUI. Hell, there have even been three Perl based 'bots that I know of. Network code, but no GUI.
The point is, if you contribute to an existing project, you can skip straight to the part you enjoy the most, and you're much more likely to finish.
Does this mean that I will be able to parse stuff out like HTML tags, and nested parenthesis?
Or even catching VBScript strings, with the "" inside a string representing a single ", so I'll be ale to parse out something like which currently is incredibly annoying to parse, especially if all you want to do is catch the comments at the end of the line.
Opt-out does not work! These solutions are going to be just as effective as states that outlawed spam entirely in stopping spam, and are going to be just another source of validated addresses, thus ensuring more spam for those on the lists.
-Philip
I wrote something that does this (win32 only) way back when. Here it is, complete with source code. It doesn't do much anymore, as the security holes exploited by the worms have by and large been patched, without removing the worm.
heh,
I started coding at age 6 on the TI-99/4A too.
No, nothing else all that interesting to say except "me too".
Back in the good old days, low level format actually did something. It rewrote the tracks and sectors on the platters. Nowadays, with high data density and whatnot, it's much more difficult to write the tracks and sectors, and special machinery is used to do so. The standard head isn't able to get enough accuracy.
You can patent algorithems. Many people are less than pleased with this, but it can be done.
CLIPPY!