How many companies hire security guards, buy alarm systems, and put decent locks on the doors?
Usually it's reactive rather than proactive. "Our office was robbed, let's throw some money at it and hope the problem goes away." Or it is done by mandate: HIPPA, PCI, various military security standards, etc.
Sorry to be a nit-picker, but the original mouse had 3 buttons, and was invented 50ish years ago. The one button mouse concept was an Apple idea, and that was 35ish years ago.
They didn't buy it. They created it through the reseller process. OpenSRS, for example, requires that all IPs that have access to the domain registration process are registered beforehand. That would have stopped this attack cold. Comodo didn't even have so much as a "wow, that's funny, this/24 has never logged in before, and is registered to a country I don't have any resellers in." Also, a lot of people seem to believe that automated systems should blacklist high profile targets from being automatically granted certificates.
It's not the web host, it's the.ly TLD DNS servers that are having issues. If I had a.ly domain, I would probably be increasing my TTL records to whatever I thought I could get away with. I remember it being something like 2 weeks, before people start ignoring your TTL and using a "sane" default.
; > DiG 9.3.2 > @localhost bit.ly A +trace
; (2 servers found);; global options: printcmd
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET. [snip]
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.;; Received 500 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
ly. 172800 IN NS dns1.lttnet.net.
ly. 172800 IN NS dns.lttnet.net.
ly. 172800 IN NS ns-ly.ripe.net.
ly. 172800 IN NS auth02.ns.uu.net.
ly. 172800 IN NS phloem.uoregon.edu.;; Received 263 bytes from 192.33.4.12#53(C.ROOT-SERVERS.NET) in 24 ms
and a second time:
; > DiG 9.3.2 > @localhost bit.ly A +trace
; (2 servers found);; global options: printcmd [snip]
ly. 172800 IN NS phloem.uoregon.edu.
ly. 172800 IN NS ns-ly.ripe.net.
ly. 172800 IN NS dns.lttnet.net.
ly. 172800 IN NS dns1.lttnet.net.
ly. 172800 IN NS auth02.ns.uu.net.;; Received 263 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 180 ms
bit.ly. 172800 IN NS ns3.p26.dynect.net.
bit.ly. 172800 IN NS ns2.p26.dynect.net.
bit.ly. 172800 IN NS ns4.p26.dynect.net.
bit.ly. 172800 IN NS ns1.p26.dynect.net.;; Received 110 bytes from 128.223.32.35#53(phloem.uoregon.edu) in 193 ms
bit.ly. 3600 IN A 168.143.172.53
bit.ly. 86400 IN NS ns2.p26.dynect.net.
bit.ly. 86400 IN NS ns3.p26.dynect.net.
bit.ly. 86400 IN NS ns1.p26.dynect.net.
bit.ly. 86400 IN NS ns4.p26.dynect.net.;; Received 126 bytes from 208.78.71.26#53(ns3.p26.dynect.net) in 13 ms
I know a guy who had his ex try to run him down with her car, with the kids in the car. She even told the kids, "I hope you said goodbye to daddy, because this is the last time you will ever see him." The police showed up, and were treating him like a criminal, acting as if he had started the whole incident. That is, until the female cop asked to speak to his daughter, and he gave his permission, and the female cop asked the daughter what happened.
"Mommy tried to kill daddy"
After which, the crazy ex was taken to the police station, locked up, her own parents refused to bail her out because they thought she was crazy, and then all charges were dropped for no readily apparent reason.
Yes, a site I'm working on right now is https only for the entire site instead of just the login page. However, in order to embed an https map in a page, you must pay Google $10k, or pay Microsoft or someone else a similar amount. All I wanted to do was put a login form on every page and feel safe that it won't be modified in-transit.
For many years, Youtube had a similar issue, but it's finally resolved.
I'd assume that the NYT has its own servers, therefore the NYT's ISP only provides bandwidth, and it is nearly impossible to log every connection at the upstream level. By nearly impossible, I mean that it would take a lot of disk space, and would be prohibitively expensive. Further Tor would definitely provide anonymity, as that is what it is designed for.
It is a button. It's just not there by default. I have another person using my computer sometimes, and I've taught her to "push that button when the snake pops instead of whatever you want to see".
The person who cracked has stated that he was motivated by the removal of Other OS (see other comments). This is a textbook example of causation.
If you model it mathematically, a = Attack-effort put in by piracy oriented individuals b = Attack-effort put in by homebrew oriented individuals c = total effort required to crack this particular console
Xbox360 = (a*(2 years) + b*(2 years) ) = c1 Note: a and b and irrevocably confounded
PS3 = (a*(5 years) + b*(1 year)) = c2
If you assume that c for the Xbox 360 and for the PS3 are equal, the resulting math easily shows that homebrew developers are 5 times more active in cracking the console than pirates. Of course, this is overly simplified, c is no doubt different for the two consoles, but a more rigorous approach could probably come up with a mathematically sound value for c, and considering most consoles are cracked within 1-2 years, I'd say the 360's c is on the high end.
Further along these lines, if you preface it with "I wanted to let you know, this is some of the material that Wikileaks handles. I wanted to bring to your attention the important journalism that they do." or something along those lines, you are actually sending content rather than ddosing, and it may give you some more legal protection, but IANAL.
I have to agree with ameline. Microsoft Security Essentials is superior to the popular AV products. I think this is not due to superior Microsoft Engineering, but rather, it's a statement of how badly the popular AV products suck. The suckitude of Norton and Mcafee is so amazing, in comparison Microsoft's offering seems amazing. Avast is somewhere between the two points. I think it also helps that the Microsoft marketing department didn't get there hands all over it (yet).
I hear Symantec corporate edition isn't bad, which is probably for the same reason. They don't need to scare the end-user into keeping their subscription up to date. "Look at me! I'm working!"
As a master captain, you will also need to get a TWIC card from the TSA. From what I hear, it's a completely unimplemented program, except for the handing out ID cards part.
Etiquette dictates that all national flags displayed be level with each other, and that state flags not be higher than national flags. Putting two national flags on the same flagpole would make one national flag lower than another. The corporate flag on the bottom follows the same logic, as the corporation is (theoretically) subordinate to the state.
Although it is common sense really. Putting one flag above another on the same flagpole would indicate that the lower nation is subordinate, and people get offended by that kind of thing.
According to our files, you're Facebook friends with someone who has a credit score of 500, and who declared medical bankruptcy. Sorry, we have to deny your request for a mortgage.
Slashdot Mirror
Pffft. TI99/4a
How many companies hire security guards, buy alarm systems, and put decent locks on the doors?
Usually it's reactive rather than proactive. "Our office was robbed, let's throw some money at it and hope the problem goes away." Or it is done by mandate: HIPPA, PCI, various military security standards, etc.
If pure speed is the sole criterion with tuning effort having zero consideration, wouldn't masterful Assembly or opcode be the fastest?
I highlighted the bits everyone seemed to be missing.
Sorry to be a nit-picker, but the original mouse had 3 buttons, and was invented 50ish years ago. The one button mouse concept was an Apple idea, and that was 35ish years ago.
To be fair, I trust Microsoft a little bit more than Paypal/Ebay. Although that isn't saying very much.
Resistance is Futile
1999 Darwin Award Nominee
Unconfirmed by Darwin
http://www.darwinawards.com/darwin/darwin1999-50.html
Yeah, that about sums it up for me.
They didn't buy it. They created it through the reseller process. OpenSRS, for example, requires that all IPs that have access to the domain registration process are registered beforehand. That would have stopped this attack cold. Comodo didn't even have so much as a "wow, that's funny, this /24 has never logged in before, and is registered to a country I don't have any resellers in." Also, a lot of people seem to believe that automated systems should blacklist high profile targets from being automatically granted certificates.
It's not the web host, it's the .ly TLD DNS servers that are having issues. If I had a .ly domain, I would probably be increasing my TTL records to whatever I thought I could get away with. I remember it being something like 2 weeks, before people start ignoring your TTL and using a "sane" default.
http://www.kloth.net/services/dig.php
dig: couldn't get address for 'dns1.lttnet.net': failure
; > DiG 9.3.2 > @localhost bit.ly A +trace ;; global options: printcmd ;; Received 500 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
; (2 servers found)
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
[snip]
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
ly. 172800 IN NS dns1.lttnet.net. ;; Received 263 bytes from 192.33.4.12#53(C.ROOT-SERVERS.NET) in 24 ms
ly. 172800 IN NS dns.lttnet.net.
ly. 172800 IN NS ns-ly.ripe.net.
ly. 172800 IN NS auth02.ns.uu.net.
ly. 172800 IN NS phloem.uoregon.edu.
and a second time:
; > DiG 9.3.2 > @localhost bit.ly A +trace ;; global options: printcmd
; (2 servers found)
[snip]
ly. 172800 IN NS phloem.uoregon.edu. ;; Received 263 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 180 ms
ly. 172800 IN NS ns-ly.ripe.net.
ly. 172800 IN NS dns.lttnet.net.
ly. 172800 IN NS dns1.lttnet.net.
ly. 172800 IN NS auth02.ns.uu.net.
bit.ly. 172800 IN NS ns3.p26.dynect.net. ;; Received 110 bytes from 128.223.32.35#53(phloem.uoregon.edu) in 193 ms
bit.ly. 172800 IN NS ns2.p26.dynect.net.
bit.ly. 172800 IN NS ns4.p26.dynect.net.
bit.ly. 172800 IN NS ns1.p26.dynect.net.
bit.ly. 3600 IN A 168.143.172.53 ;; Received 126 bytes from 208.78.71.26#53(ns3.p26.dynect.net) in 13 ms
bit.ly. 86400 IN NS ns2.p26.dynect.net.
bit.ly. 86400 IN NS ns3.p26.dynect.net.
bit.ly. 86400 IN NS ns1.p26.dynect.net.
bit.ly. 86400 IN NS ns4.p26.dynect.net.
I know a guy who had his ex try to run him down with her car, with the kids in the car. She even told the kids, "I hope you said goodbye to daddy, because this is the last time you will ever see him." The police showed up, and were treating him like a criminal, acting as if he had started the whole incident. That is, until the female cop asked to speak to his daughter, and he gave his permission, and the female cop asked the daughter what happened.
"Mommy tried to kill daddy"
After which, the crazy ex was taken to the police station, locked up, her own parents refused to bail her out because they thought she was crazy, and then all charges were dropped for no readily apparent reason.
This happened in Chicago btw.
Yes, a site I'm working on right now is https only for the entire site instead of just the login page. However, in order to embed an https map in a page, you must pay Google $10k, or pay Microsoft or someone else a similar amount. All I wanted to do was put a login form on every page and feel safe that it won't be modified in-transit.
For many years, Youtube had a similar issue, but it's finally resolved.
I'd assume that the NYT has its own servers, therefore the NYT's ISP only provides bandwidth, and it is nearly impossible to log every connection at the upstream level. By nearly impossible, I mean that it would take a lot of disk space, and would be prohibitively expensive. Further Tor would definitely provide anonymity, as that is what it is designed for.
It is a button. It's just not there by default. I have another person using my computer sometimes, and I've taught her to "push that button when the snake pops instead of whatever you want to see".
The person who cracked has stated that he was motivated by the removal of Other OS (see other comments). This is a textbook example of causation.
If you model it mathematically,
a = Attack-effort put in by piracy oriented individuals
b = Attack-effort put in by homebrew oriented individuals
c = total effort required to crack this particular console
Xbox360 = (a*(2 years) + b*(2 years) ) = c1
Note: a and b and irrevocably confounded
PS3 = (a*(5 years) + b*(1 year)) = c2
If you assume that c for the Xbox 360 and for the PS3 are equal, the resulting math easily shows that homebrew developers are 5 times more active in cracking the console than pirates. Of course, this is overly simplified, c is no doubt different for the two consoles, but a more rigorous approach could probably come up with a mathematically sound value for c, and considering most consoles are cracked within 1-2 years, I'd say the 360's c is on the high end.
The utility of Moore's Law is not that "hardware is always getting faster", but rather, it is a good rule of thumb for the specific rate of change.
You can also throw in "transistor count != speed", but that's been beaten to death already.
So, what you are saying is, cholesterol is a good thing?
What would you change about SMTP that would have an effect on spam? (And why can it not be done as an extension for SMTP?)
Further along these lines, if you preface it with "I wanted to let you know, this is some of the material that Wikileaks handles. I wanted to bring to your attention the important journalism that they do." or something along those lines, you are actually sending content rather than ddosing, and it may give you some more legal protection, but IANAL.
I have to agree with ameline. Microsoft Security Essentials is superior to the popular AV products. I think this is not due to superior Microsoft Engineering, but rather, it's a statement of how badly the popular AV products suck. The suckitude of Norton and Mcafee is so amazing, in comparison Microsoft's offering seems amazing. Avast is somewhere between the two points. I think it also helps that the Microsoft marketing department didn't get there hands all over it (yet).
I hear Symantec corporate edition isn't bad, which is probably for the same reason. They don't need to scare the end-user into keeping their subscription up to date. "Look at me! I'm working!"
As a master captain, you will also need to get a TWIC card from the TSA. From what I hear, it's a completely unimplemented program, except for the handing out ID cards part.
Yes, and yes. That is why all AV software sucks.
What do you suggest as an alternative? Remember, people have grown to expect real-time protection.
Etiquette dictates that all national flags displayed be level with each other, and that state flags not be higher than national flags. Putting two national flags on the same flagpole would make one national flag lower than another. The corporate flag on the bottom follows the same logic, as the corporation is (theoretically) subordinate to the state.
Although it is common sense really. Putting one flag above another on the same flagpole would indicate that the lower nation is subordinate, and people get offended by that kind of thing.
H1B bait? If no citizens are able to fulfill the requirements legitimately, they can get a foreigner who lied.
Isn't this the whole purpose of title insurance? The buyer's title insurance company would pay the buyer back, and the original owner keeps the house?
According to our files, you're Facebook friends with someone who has a credit score of 500, and who declared medical bankruptcy. Sorry, we have to deny your request for a mortgage.