What a shitty article. I'm a teenager and have wired pleanty of houses around the neighborhood. You don't need to hire a damn contractor (electricians are usually really bad about pulling cable, as they're used to pulling phone cable and not data cable). If you have a drill, some bits, string, a few bolts, and a drywall saw you can do it all yourself. If you do more than a few jacks throughout the house go out and get a fish tape, a nice super long drill bit and some friends to help you on the weekend.
If I notice a serious problem with an ISP I first try their support number. If they're clueless idiots who keep reading from a script I'll jump right to their NOC contact. I called the noc of this company after I noticed their machines were attacking ours. The noc had them offline within minutes and called me back several times to keep me updated. Now don't go calling for every stupid thing that happens because they'll stop publishing the numbers. But if it's big, go ahead and do it.
Re:How easy would it be to steal info from these?
on
Contactless Credit Cards
·
· Score: 4, Informative
They do make contactless micro-processor smart cards. Schlumberger makes one, two, three, different versions.
From their site:
High-speed contactless operations are completed in less than 100 milliseconds and at distances of up to 10 cm from the reader. Security between different applications is ensured by two 48-bit diversified keys and specific access conditions per sector. Security is further reinforced by replay attack protection and a three-pass handshake, which manages the mutual authentication between the card and the reader. In addition, the Easyflex FastOS 2.0 fast anticollision algorithm allows more than one card to be processed by the reader at the same time.
Easyflex FastOS 2.0 communicates on the 13.56 MHz carrier frequency in compliance with the current ISO 14443-Type A standard and implements the standard Mifare protocol, allowing it to be used with the vast majority of contactless card systems.
It is very difficult to steal information from smart cards. I know of 1, maybe 2 ways to steal from smart cards that use contacts (one is to detect very small fluctuations in the voltage draw of the card as the crypto algorithms are doing their magic) and no ways to steal from contactless cards, given they are properly setup (and given Visa is backing it up, they probably are).
You can set files on the card (it has a tiny file system) such that they can only be written to. I have a Cryptoflex 8k card here that has my public and private keypair on it for PGP. The public key can be read off very easily but for the private key to be useful, the card will actually do the encryption for me. So I will insert my card into the reader, I will type what I want to encrypt in my email window and when I press send it will send all of the text over to the smart card where it is encrypted with my private key, which never leaves the card. Now ideally you would run your keyboard right into the smart card reader for sensitive operations (so the host operating system cannot be backdoored and the plain text version ever recovered).
The risks for these cards are very small. From what I can tell they'll probably be JavaCards (which basically will run a small java applet) that will only give up information about the card to verified readers (the card will store a certificate authority's public cert and verify the certificates of the readers) . This will stop the "stealing by walking behind someone with a reader" problem so many/.ers have complained about.
Hope this helps (I've done a crapload of work with smartcards recently for a Purdue IEEE project)
It's fairly easy and a part of all smartcards on the market today. Not only is the reader able to verify the card, but the card is able to verify the reader.
How I see it working would be, 1 central authority (CA like we know it for SSL certs) issuing certificates to all of the readers on the market (there still needs to be a way to expire the certs incase one gets stolen, put out of service). The cards will contain the corresponding certificate for the CA so it can properly validate any certificates the CA signs. When
download a set of drivers called "PortTalk", they work very well for allowing programs to access the parallel port under nt/2k/xp and they include quite a bit of sample code for doing it also.
Anyone that cares and needs to know about it was properly notified. There was a post to NANOG 3 days ago about it:
*****PLEASE NOTE***** This is an important Informational Message to the internet community:
November 5, 2002, the IP address for J.root-servers.net will change in the authoritative NS set for "dot". The change will be reflected in zone serial # 2002110501.
The new set of servers authoritative for "dot" will be: A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4 H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53 C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12 G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4 F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241 B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107 J.ROOT-SERVERS.NET. 5w6d16h IN A 192.58.128.30 K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129 L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12 M.ROOT-SERVERS.NET. 5w6d16h IN A 202.12.27.33 I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17 E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10 D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90
This WILL require a change to your root hints file. The new file will be available via anonymous ftp from rs.internic.net:/domain/named.root as well as ftp.internic.net:/doamin/named.root starting 11/5/02 1700UTC (12pm EST/9am PST).
Both the new and old j.root-servers.net IP space will provide answers in parallel for the foreseeable future.
_________________________________________
John Crain Manager of Technical Operations ICANN/IANA
My cable installer tried dropping the cd in my linux box and wondered why it wasn't auto running. The he explained that you couldn't get online without their software. I proceeded to restart the network and grab an ip and up popped/.. That shut him up.
They're probably intrested in new and interesting graphics for their channel and most of their software probably runs on a system that uses Xwindows. By funding the development they not only get the drivers they need but also get to help out the community.
DJ Ari from Digitally Imported has a lot of good information on what it means to the larger of the (still) free stations. They also have some information on what you can do to help them out.
Ok, this pisses me off. Now that I've turned 18, what's the process for getting in touch with the people who can shoot this down? Where do I find out their info? What should I say?
Why would I cut the noise? Nothing like waking up to the sound of 3 80mm delta fans whirling away keeping my baby cool. If one dies, you'll instantly:)
Slashdot Mirror
What a shitty article. I'm a teenager and have wired pleanty of houses around the neighborhood. You don't need to hire a damn contractor (electricians are usually really bad about pulling cable, as they're used to pulling phone cable and not data cable). If you have a drill, some bits, string, a few bolts, and a drywall saw you can do it all yourself. If you do more than a few jacks throughout the house go out and get a fish tape, a nice super long drill bit and some friends to help you on the weekend.
Get a nice MOTU rackmount system and you can do a huge amount of inputs/outputs.
Any perl programmers looking to play around with this should checkout the Net::Amazon module.
If I notice a serious problem with an ISP I first try their support number. If they're clueless idiots who keep reading from a script I'll jump right to their NOC contact. I called the noc of this company after I noticed their machines were attacking ours. The noc had them offline within minutes and called me back several times to keep me updated. Now don't go calling for every stupid thing that happens because they'll stop publishing the numbers. But if it's big, go ahead and do it.
They do make contactless micro-processor smart cards. Schlumberger makes one, two, three, different versions.
From their site:
High-speed contactless operations are completed in less than 100 milliseconds and at distances of up to 10 cm from the reader. Security between different applications is ensured by two 48-bit diversified keys and specific access conditions per sector. Security is further reinforced by replay attack protection and a three-pass handshake, which manages the mutual authentication between the card and the reader. In addition, the Easyflex FastOS 2.0 fast anticollision algorithm allows more than one card to be processed by the reader at the same time.
Easyflex FastOS 2.0 communicates on the 13.56 MHz carrier frequency in compliance with the current ISO 14443-Type A standard and implements the standard Mifare protocol, allowing it to be used with the vast majority of contactless card systems.
It is very difficult to steal information from smart cards. I know of 1, maybe 2 ways to steal from smart cards that use contacts (one is to detect very small fluctuations in the voltage draw of the card as the crypto algorithms are doing their magic) and no ways to steal from contactless cards, given they are properly setup (and given Visa is backing it up, they probably are).
/.ers have complained about.
You can set files on the card (it has a tiny file system) such that they can only be written to. I have a Cryptoflex 8k card here that has my public and private keypair on it for PGP. The public key can be read off very easily but for the private key to be useful, the card will actually do the encryption for me. So I will insert my card into the reader, I will type what I want to encrypt in my email window and when I press send it will send all of the text over to the smart card where it is encrypted with my private key, which never leaves the card. Now ideally you would run your keyboard right into the smart card reader for sensitive operations (so the host operating system cannot be backdoored and the plain text version ever recovered).
The risks for these cards are very small. From what I can tell they'll probably be JavaCards (which basically will run a small java applet) that will only give up information about the card to verified readers (the card will store a certificate authority's public cert and verify the certificates of the readers) . This will stop the "stealing by walking behind someone with a reader" problem so many
Hope this helps (I've done a crapload of work with smartcards recently for a Purdue IEEE project)
It's fairly easy and a part of all smartcards on the market today. Not only is the reader able to verify the card, but the card is able to verify the reader.
How I see it working would be, 1 central authority (CA like we know it for SSL certs) issuing certificates to all of the readers on the market (there still needs to be a way to expire the certs incase one gets stolen, put out of service). The cards will contain the corresponding certificate for the CA so it can properly validate any certificates the CA signs. When
You can read up on what the execs are up to here:
http://biz.yahoo.com/t/s/scox.html
I am not a lawyer
Your milage may vary
Or you could just use jabber
++ for Donnie Darko. It's like $10 at best buy right now, there's no reason not to own it.
They're the same. MDK likes to post it as "rc3" but then rename it at the last minute so the mirrors have time to get it out there.
[me@gatekeeper Mandrake9.1]$ mv MandrakeLinux-9.1-rc3-CD1.i586.iso Mandrake91-cd1-inst.i586.iso
[me@gatekeeper Mandrake9.1]$ mv MandrakeLinux-9.1-rc3-CD2.i586.iso Mandrake91-cd2-ext.i586.iso
[me@gatekeeper Mandrake9.1]$ mv MandrakeLinux-9.1-rc3-CD3.i586.iso Mandrake91-cd3-i18n.i586.iso
[me@gatekeeper Mandrake9.1]$ md5sum --check md5sums.91
Mandrake91-cd1-inst.i586.iso: OK
Mandrake91-cd2-ext.i586.iso: OK
Mandrake91-cd3-i18n.i586.iso: OK
Anyone on I2 can get them from here:
http://mandrake.dsi.internet2.edu/
I'm currently grabbing all 3 ISO's at 350k/sec.
download a set of drivers called "PortTalk", they work very well for allowing programs to access the parallel port under nt/2k/xp and they include quite a bit of sample code for doing it also.
Just jam the gps signal.
r g/ show.php?p=60&a=13
http://www.phrack-dont-give-a-shit-about-dmca.o
Anyone that cares and needs to know about it was properly notified. There was a post to NANOG 3 days ago about it:
*****PLEASE NOTE*****
This is an important Informational Message to the internet community:
November 5, 2002, the IP address for J.root-servers.net will
change in the authoritative NS set for "dot". The change will
be reflected in zone serial # 2002110501.
The new set of servers authoritative for "dot" will be:
A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4
H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53
C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12
G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4
F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241
B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107
J.ROOT-SERVERS.NET. 5w6d16h IN A 192.58.128.30
K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129
L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12
M.ROOT-SERVERS.NET. 5w6d16h IN A 202.12.27.33
I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17
E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10
D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90
This WILL require a change to your root hints file. The new
file will be available via anonymous ftp from
rs.internic.net:/domain/named.root as well as
ftp.internic.net:/doamin/named.root starting 11/5/02 1700UTC (12pm
EST/9am PST).
Both the new and old j.root-servers.net IP space will provide
answers in parallel for the foreseeable future.
_________________________________________
John Crain
Manager of Technical Operations
ICANN/IANA
crain@icann.org
1AF4 F638 4B2D 3EF2 F9BA 99E4 8D85 69A7
My cable installer tried dropping the cd in my linux box and wondered why it wasn't auto running. The he explained that you couldn't get online without their software. I proceeded to restart the network and grab an ip and up popped /.. That shut him up.
They're probably intrested in new and interesting graphics for their channel and most of their software probably runs on a system that uses Xwindows. By funding the development they not only get the drivers they need but also get to help out the community.
Sweet, I'm attending purdue in the fall (Computer Engineering). Gonna have to get me the hookup :)
That wasn't me posting.
Very nice way to send someone to goatse.cx. I must applaud your efforts.
I should also point out this link:
http://www.saveinternetradio.org/
DJ Ari from Digitally Imported has a lot of good information on what it means to the larger of the (still) free stations. They also have some information on what you can do to help them out.
http://www.di.fm/sos.php
Ok, this pisses me off. Now that I've turned 18, what's the process for getting in touch with the people who can shoot this down? Where do I find out their info? What should I say?
Why would I cut the noise? Nothing like waking up to the sound of 3 80mm delta fans whirling away keeping my baby cool. If one dies, you'll instantly :)