Of course not, otherwise I wouldn't be talking about it publicly - I'd be busy patenting it or something else equally evil:)
But, seriously, I wasn't suggesting that I had a solution only that IP-based solutions are known to ultimately be futile. You have no knowledge of the data source at all. This is one of the larger problems with security on the internet in general and isn't limited to spam - authenticated authorization. I'm not suggesting that, with email, you need to care who each individual is. I'm only suggesting that until there are globally useable objects (as IP's are) that can tokenize an individual's credentials (not their ID), the spam fight will always be one that's lost, because that's the real data you're interested in shaping/controling/filtering/authorizing - not the IP and not the message content.
So that's why I hate to see so many people dedicating cycles to IP filtering. If you really want to help -fix the problem- (not just hide it to varying degrees of ineffectiveness), spend your time working on the credentials token problem (IMHO).
The idea of identifying/tracking/blocking content/activity/people at the IP level was always a hack at best and has long since become a complete haphazard solution. Black Lists are a bad idea that's gone on to far. Instead of putting all of that energy into building, maintaining, and implementing those lists on networks, spend some time fixing it at an app protocol or content (auth) level. Yeah, initially a lot of legit mail won't get through - but that's true of black lists as well.
I know there are a lot of reasons people still do this at an IP level, but why engage in a never ending battle using methods that you -know ahead of time- will -never- solve the problem?
And, when they lose it this way, they won't be able to get it back. Yeah, but no one else will get it either. Fail Closed vs Fail Open.
Those going after government data have better ways to approach it than stealing laptops. This is true, but why open yourself up to dumb mistakes as well as targeted attacks? If you can just grab unencrypted data, why bother using something more complex to get it? Limit exposure.
Besides, public opinion and CNN are huge drivers for the government, whether Slashdot (the plural) realizes it or not. If someone loses an unencrypted laptop and it makes the news, the media and people bemoan the lack of security...whether the losses are a real actual threat or not. If the data is encrypted, the government can at least focus on real threats instead of having to contend with (and be distracted by) uninformed public outcries as well.
It's a per-model question
on
Plasma or LCD?
·
· Score: 1
I've seen such wide variances in the qualities and properties of both LCD and Plasma TV's that I'd suggest you really just go out and look at the TV's in your price range, look for models that look good in your environment, and go with one of those - Plasma or LCD or CRT or whatever. That's all that really matters.
You can't just group "plasma" and "lcd" together for quality purposes...both have crap, both can shine.
People complain about plasma burn-in, but it hasn't happened to me yet (I'm on my second 50+" plasma - I sold the first to get a smaller form factor, it was still working fine - with a total of 5 years of usage between them so far). I suspect that dead-pixels probably happen about as often on LCD's as burn-in happens on Plasma's (and have about an equiv. annoyance factor, at least to me).
Who knows if they knew it when designing the website...but checking what kind of browsers people use from the road should probably have been thought of as part of the design process.
In any case, here's the mobile device list where Opera can be or (more to the point) is by default installed:
http://www.opera.com/products/mobile/products/?gro up=manufacturer
Also, Nintendo Wii's have Opera installed by default (or will)
You are correct. If you do nothing, youre guilty. Absolutely. I don't know about you, but I tend to live up to my ideals and take concrete action where possible that I know has had concrete effects in the past.
And honestly, I haven't once in this thread tried to rationalize away a thing. I'm being very pragmatic in that I realize that no matter what I (under the flag of country) do, the motivations and reasons for attacking the U.S. don't go away. I can only affect how easy or hard it is for others to rally people to their side.
Read: I don't diagree about the fact that our actions have impact, just about whether or not they have causal nature here. I don't believe they do, just an enabling one.
I don't hold the government(s) involved responsible. They're just machines. I hold parents responsible. They raise ignorant, self-centered children who are supposed to grow up to guide the government-machines but instead abdicate their responsibilities and assume their lives are as comfortable as they are through some sort of natural law instead of through the hard work of rational, educated minds. (yeah, I know that sentence was running on...)
Sure. The US has and will continue to make momentously bad policy decisions and execute policy in a manner that ranges from incompetent to criminal. My only contentions are that:
1. We are no different than any other country, our stupid decisions just have more impact.
2. The victims of our bad policies are not the ones coordinating and fanning the flames. Rather, there are entrepreneurs out there with agenda's of personal power-gain using those disenfranchised by our actions to better their own positions. In other words, they behave in exactly the same manner as our own politicians do.
Our big-bully behavior hasn't caused this, it's just providing a nurturing environment for the propaganda of people who want more power...whether those people are in the U.S. government or are "terrorist leaders".
None. How many other small countries would, given the opportunity? Every single one. Size just makes someone the most obvious and most useful target. There are no innocent countries or large groups of people, just those without opportunity.
Providing the name of the tool in the parent post would help: MEGA (silly sounding, yeh?) Still, it's exceedingly useful (if a lot of work to stand up initially)
I'm busy creating a model for as-is IT systems, policies, procedures, configuration standards, actual settings where appropriate, etc. into an enterprise architecture tool. The toollets me relate the disparate information types, find gaps, plan change, etc. It's also a central repository for any and all IT documentation (as you described) and allows multiple people to update their bits of it as needed.
It's kind of cool!
Why do people keep saying this?
1. How many other sole-standing-world-power in the history of mankind were not subject to similar attacks? I cant think of any off the top of my head...
2. Being this size, weight, and place in the world, the U.S. is a convenient tool (both via backscatter effects from being attacked and for propaganda reasons). We were attacked because an angry, crying, tantrum throwing America raises the visibility, power, and standing of others in the world, not because there was some horrible injustices we've committed that the rest of the world hasn't and we just need to be made to stop.
At most, America's actions foster resentment among some, but those people are the suicide bombers and bullet-catchers...not the leaders and instigators.
Long Tail: Ionno...one of our main uses for iTMS is to find current nontop40 music easily...we try out one song, if we like it, we go buy the album somewhere else. That assumes it's even available somewhere else...we've gotten more than one album and quite a few songs where iTMS was far and away the easiest place to get them.
We all know that popularity isn't about realistic rational evaluation..it's about what that friendship can do for YOU and YOUR image. This is perfect self-marketing when your only "popular" feature is your spare cash.
Why wouldn't you do it? You spend a little up front for a few fake friends...then all the cool people see that you're popular and want to be your friend too!
We weren't talking about flow based monitoring at all. We were talking about snort and signature based network IDS directly, and by originating implication, "finding rooted boxes" and botnets. Ive used Cisco, Dragon, ISS, Sourcefire, Snort, Intrushield, and others in more than a couple of environments. The vendor is immaterial, it's the base technology in question that is the problem. Signature based network IDS's are a waste of time and energy. There are more efficient and better equipped ways of accomplishing the same thing.
As far as flow data goes, yes, you can see on a large scale that bad stuff is happening. Chances are, though, that most of the time youve already figured that out from other indicators that are better placed than on the network.
the other problem, and this is (and it's a big one) is that the attacks are moving so far up the stack and are so much less about massive waves of activity that flow data is simply become completely generic...like watching US highways from space without looking for specific cars...yes, if there is a pile-up you might see it. But...so what? You sstill have to go down to groundlevel to find out why...and you wouldve found out about the pile-up without viewing it from space.
As far as the darkspace goes, no one had yet (VzB, Im looking at you) done the right thing and used data compared from globally distributed HOST sensors grouped into profiled system classes to compare against dark IP space...they haven't even compared dark space to endpoint network sensors. To just look at dark space without tying it back to the endpoints is just to be able to say "Yes, theres more traffic there --->". Without that additional data, anything more is pure speculation...which ends up costing money and effort to verify. In the effort and money gone through to verify, the endpoints may have well dont it themselves and skipped the ISP's data altogether. This is because to make the ISP data useful, the endpoints have to still go through the effort and cost that they thought they were saving by using the ISP for this information anyway.
As far as worm activity goes, that is more efficiently mitigated at a managed host level and can do things the network level mitigations CAN do and things network level mitigations CANT do. To do those things at both is duplication of cost and effort.
As far as "known signatures for malware" for NIDS go, if you have known signatures you probably also have "known signatures" for AV...so why spend money and time on both? You have to put the sigs on the endpoints regardless, so why not spend the money you would have spent on NIDS on making the endpoint security better? You lose no functionality, but youve saved time and money.
Meh, but doing it the right way would sell less toys...
Yeah...that's all well and good as long as the traffic isn't encrypted (it probably will be)..or it it's not, you know what to look for to write sigs for (you probably won't)...or you know which domains people in your network shouldnt be going to and youre watching dns logs (you probably won't).
With all of the custom and targeted attack vectors, the fact that so many attacks have moved up the stack to layer 7 and above (humans), Network IDS's have passed their due date.
The only thing that can really help is to engineer your host systems, create well defined policies, and install local host system monitoring software (HIDS, etc.), and secure those logs from tampering. Network security monitoring at this point is really a lot like airport security: It gives people a warm and fuzzy, but it doesn't accomplish much and the effort is better spent elsewhere.
Good Omens really is a classic, but you're right..most of the others are "just" "good reads".
However, check out his recent "Anansi Boys" - I really enjoyed that and feels a lot less forced than American Gods (which I enjoyed more on the second reading, btw)
Then we have a pretty good justification for open source here:)
I'm also glad to see this posted on Slashdot. I mean, how do people think all of this code is normally hosted for malware to use? It's not like people who do this pay for it to be hosted or do it from home. It's also done in numbers that make picking off individual boxes far too slow to be efficient.
Vulnerabilities like this need more exposure.
I wasn't at all criticizing the work of anyone working on cPanel - merely suggesting that considering its wide use, someone should figure out how to better audit the code or offer the team resources to help out in some way.
People have been exploiting CPanel bugs to compromise shared hosting for the purposes of hosting clientside (IE) exploit code for ages - this isn't new. The first time I know of for a fact was 2 or more years ago. For as many large providers as use CPanel, the code really needs to be more closely audited...
No, they wouldnt have cared because theyre short sighted. However, if they had treated them well, theyd be a) more stable and b) more likely to make money over time. Im not talking about doing things to be nice. Happy, healthy, trained workers are faster...and better. You spend less on the QA end...
Slashdot Mirror
Of course not, otherwise I wouldn't be talking about it publicly - I'd be busy patenting it or something else equally evil :)
But, seriously, I wasn't suggesting that I had a solution only that IP-based solutions are known to ultimately be futile. You have no knowledge of the data source at all. This is one of the larger problems with security on the internet in general and isn't limited to spam - authenticated authorization. I'm not suggesting that, with email, you need to care who each individual is. I'm only suggesting that until there are globally useable objects (as IP's are) that can tokenize an individual's credentials (not their ID), the spam fight will always be one that's lost, because that's the real data you're interested in shaping/controling/filtering/authorizing - not the IP and not the message content.
So that's why I hate to see so many people dedicating cycles to IP filtering. If you really want to help -fix the problem- (not just hide it to varying degrees of ineffectiveness), spend your time working on the credentials token problem (IMHO).
The idea of identifying/tracking/blocking content/activity/people at the IP level was always a hack at best and has long since become a complete haphazard solution. Black Lists are a bad idea that's gone on to far. Instead of putting all of that energy into building, maintaining, and implementing those lists on networks, spend some time fixing it at an app protocol or content (auth) level. Yeah, initially a lot of legit mail won't get through - but that's true of black lists as well. I know there are a lot of reasons people still do this at an IP level, but why engage in a never ending battle using methods that you -know ahead of time- will -never- solve the problem?
I've seen such wide variances in the qualities and properties of both LCD and Plasma TV's that I'd suggest you really just go out and look at the TV's in your price range, look for models that look good in your environment, and go with one of those - Plasma or LCD or CRT or whatever. That's all that really matters. You can't just group "plasma" and "lcd" together for quality purposes...both have crap, both can shine. People complain about plasma burn-in, but it hasn't happened to me yet (I'm on my second 50+" plasma - I sold the first to get a smaller form factor, it was still working fine - with a total of 5 years of usage between them so far). I suspect that dead-pixels probably happen about as often on LCD's as burn-in happens on Plasma's (and have about an equiv. annoyance factor, at least to me).
Who knows if they knew it when designing the website...but checking what kind of browsers people use from the road should probably have been thought of as part of the design process. In any case, here's the mobile device list where Opera can be or (more to the point) is by default installed: http://www.opera.com/products/mobile/products/?gro up=manufacturer
Also, Nintendo Wii's have Opera installed by default (or will)
"Mac uses at least Safari, Linux uses at least Firefox."...and a large number of portable devices use Opera.
You are correct. If you do nothing, youre guilty. Absolutely. I don't know about you, but I tend to live up to my ideals and take concrete action where possible that I know has had concrete effects in the past. And honestly, I haven't once in this thread tried to rationalize away a thing. I'm being very pragmatic in that I realize that no matter what I (under the flag of country) do, the motivations and reasons for attacking the U.S. don't go away. I can only affect how easy or hard it is for others to rally people to their side. Read: I don't diagree about the fact that our actions have impact, just about whether or not they have causal nature here. I don't believe they do, just an enabling one.
I don't hold the government(s) involved responsible. They're just machines. I hold parents responsible. They raise ignorant, self-centered children who are supposed to grow up to guide the government-machines but instead abdicate their responsibilities and assume their lives are as comfortable as they are through some sort of natural law instead of through the hard work of rational, educated minds. (yeah, I know that sentence was running on...)
Sure. The US has and will continue to make momentously bad policy decisions and execute policy in a manner that ranges from incompetent to criminal. My only contentions are that: 1. We are no different than any other country, our stupid decisions just have more impact. 2. The victims of our bad policies are not the ones coordinating and fanning the flames. Rather, there are entrepreneurs out there with agenda's of personal power-gain using those disenfranchised by our actions to better their own positions. In other words, they behave in exactly the same manner as our own politicians do. Our big-bully behavior hasn't caused this, it's just providing a nurturing environment for the propaganda of people who want more power...whether those people are in the U.S. government or are "terrorist leaders".
None. How many other small countries would, given the opportunity? Every single one. Size just makes someone the most obvious and most useful target. There are no innocent countries or large groups of people, just those without opportunity.
Providing the name of the tool in the parent post would help: MEGA (silly sounding, yeh?) Still, it's exceedingly useful (if a lot of work to stand up initially)
Poor documentation only helps job security when it hides how truely haphazard your code/environment/IT system implementations actually are
I'm busy creating a model for as-is IT systems, policies, procedures, configuration standards, actual settings where appropriate, etc. into an enterprise architecture tool. The toollets me relate the disparate information types, find gaps, plan change, etc. It's also a central repository for any and all IT documentation (as you described) and allows multiple people to update their bits of it as needed. It's kind of cool!
Why do people keep saying this? 1. How many other sole-standing-world-power in the history of mankind were not subject to similar attacks? I cant think of any off the top of my head... 2. Being this size, weight, and place in the world, the U.S. is a convenient tool (both via backscatter effects from being attacked and for propaganda reasons). We were attacked because an angry, crying, tantrum throwing America raises the visibility, power, and standing of others in the world, not because there was some horrible injustices we've committed that the rest of the world hasn't and we just need to be made to stop. At most, America's actions foster resentment among some, but those people are the suicide bombers and bullet-catchers...not the leaders and instigators.
Long Tail: Ionno...one of our main uses for iTMS is to find current nontop40 music easily...we try out one song, if we like it, we go buy the album somewhere else. That assumes it's even available somewhere else...we've gotten more than one album and quite a few songs where iTMS was far and away the easiest place to get them.
We all know that popularity isn't about realistic rational evaluation..it's about what that friendship can do for YOU and YOUR image. This is perfect self-marketing when your only "popular" feature is your spare cash. Why wouldn't you do it? You spend a little up front for a few fake friends...then all the cool people see that you're popular and want to be your friend too!
(please pardon the very large number of typo's there, this keyboard is NOT what Im used to typing on)
We weren't talking about flow based monitoring at all. We were talking about snort and signature based network IDS directly, and by originating implication, "finding rooted boxes" and botnets. Ive used Cisco, Dragon, ISS, Sourcefire, Snort, Intrushield, and others in more than a couple of environments. The vendor is immaterial, it's the base technology in question that is the problem. Signature based network IDS's are a waste of time and energy. There are more efficient and better equipped ways of accomplishing the same thing.
As far as flow data goes, yes, you can see on a large scale that bad stuff is happening. Chances are, though, that most of the time youve already figured that out from other indicators that are better placed than on the network.
the other problem, and this is (and it's a big one) is that the attacks are moving so far up the stack and are so much less about massive waves of activity that flow data is simply become completely generic...like watching US highways from space without looking for specific cars...yes, if there is a pile-up you might see it. But...so what? You sstill have to go down to groundlevel to find out why...and you wouldve found out about the pile-up without viewing it from space.
As far as the darkspace goes, no one had yet (VzB, Im looking at you) done the right thing and used data compared from globally distributed HOST sensors grouped into profiled system classes to compare against dark IP space...they haven't even compared dark space to endpoint network sensors. To just look at dark space without tying it back to the endpoints is just to be able to say "Yes, theres more traffic there --->". Without that additional data, anything more is pure speculation...which ends up costing money and effort to verify. In the effort and money gone through to verify, the endpoints may have well dont it themselves and skipped the ISP's data altogether. This is because to make the ISP data useful, the endpoints have to still go through the effort and cost that they thought they were saving by using the ISP for this information anyway.
As far as worm activity goes, that is more efficiently mitigated at a managed host level and can do things the network level mitigations CAN do and things network level mitigations CANT do. To do those things at both is duplication of cost and effort.
As far as "known signatures for malware" for NIDS go, if you have known signatures you probably also have "known signatures" for AV...so why spend money and time on both? You have to put the sigs on the endpoints regardless, so why not spend the money you would have spent on NIDS on making the endpoint security better? You lose no functionality, but youve saved time and money.
Meh, but doing it the right way would sell less toys...
Yeah...that's all well and good as long as the traffic isn't encrypted (it probably will be)..or it it's not, you know what to look for to write sigs for (you probably won't)...or you know which domains people in your network shouldnt be going to and youre watching dns logs (you probably won't). With all of the custom and targeted attack vectors, the fact that so many attacks have moved up the stack to layer 7 and above (humans), Network IDS's have passed their due date. The only thing that can really help is to engineer your host systems, create well defined policies, and install local host system monitoring software (HIDS, etc.), and secure those logs from tampering. Network security monitoring at this point is really a lot like airport security: It gives people a warm and fuzzy, but it doesn't accomplish much and the effort is better spent elsewhere.
Good Omens really is a classic, but you're right..most of the others are "just" "good reads".
However, check out his recent "Anansi Boys" - I really enjoyed that and feels a lot less forced than American Gods (which I enjoyed more on the second reading, btw)
Then we have a pretty good justification for open source here :)
I'm also glad to see this posted on Slashdot. I mean, how do people think all of this code is normally hosted for malware to use? It's not like people who do this pay for it to be hosted or do it from home. It's also done in numbers that make picking off individual boxes far too slow to be efficient.
Vulnerabilities like this need more exposure.
I wasn't at all criticizing the work of anyone working on cPanel - merely suggesting that considering its wide use, someone should figure out how to better audit the code or offer the team resources to help out in some way.
People have been exploiting CPanel bugs to compromise shared hosting for the purposes of hosting clientside (IE) exploit code for ages - this isn't new. The first time I know of for a fact was 2 or more years ago. For as many large providers as use CPanel, the code really needs to be more closely audited...
No, they wouldnt have cared because theyre short sighted. However, if they had treated them well, theyd be a) more stable and b) more likely to make money over time. Im not talking about doing things to be nice. Happy, healthy, trained workers are faster...and better. You spend less on the QA end...