Not to mention the fact the creating the protection involves fudging the CRC protection which makes your CD less resistant to scratches and production errors.
Has anyone seen a decent piece of software that can find WAP's on your network by scanning from the wired part of your network?
What I want is something that scans for known MAC ID's or something to identifiy wireless access points without having to fly all over the country to do it.
There are plenty of wireless based scanners but they involve travel.
It helps that they're also highly targeted, you don't see ads for bridal dresses in a video game magazine.
Having said that you could achieve one effect by advertising bridal underwear in a computer game magazine. Perhaps not sales producing but it would be popular.
OK. I wish you the best of luck. It sounds like you are at least doing something about the problem.
I am challenging the feeling I get from your post that what you are doing is the technical silver bullet to protect against threats like this. I've seen NO REAL silver bullets with malicious software.
I'm sure you could imagine exactly what a malicious piece of code (with the purpose of SMTP spamming) would have to do to get around your controls. I'm even betting it would not be THAT hard to actually write. I would take this further to say that it could be made generic enough to compromise other organisations corporations systems as well.
I strongly doubt the measures described fix many of the other threats we will no doubt get exposed to. (But that is off topic and you doubtless have other control measures not described)
They are strong mitigants however and would probably do your company well. In a smallish environment (I'm making a big assumption) you can probably exert that level of control over your systems and run a fairly tight ship with some fairly innovative controls. As your environment grows people like yourself move on, admins change and the threats migrate to other platforms etc some of these point solutions get lost in the mix.
My experience is with system and security admin in a growing organisation (now 10 000 staff. 1000 work in IT). We run similarly paranoid systems, in different ways, but I do not suffer the delusion that we are in any way safe from any number of threats. We have remained reasonably unscathed over the years due to some good planning and luck however the reality is you don't know where the next threat comes from or what it will target. Nimda was a classic example of that.
Mitigants like Outlook bans, paranoid MTA's and stateful firewalling aside, you MUST, in doing business, open your networks to threats. These can and will be exploited. There are no silver bullets. There is only a growing technology arms race and hopefully vigilant people.
The only way I can think that you can get away without opening some REALLY basic ports eg HTTP, HTTPS and SMTP is if you are using some sort of local proxy to do the work and quite frankly malicious software can quite easily exploit these as well.
Yes it's true a good stateful outbound firewall helps you against some things eg IRC robots if you don't use IRC but you HAVE to open something or I can show you a brick which does the same job as your firewall.
When you open something you open it for better or for worse. Quite frankly I would be interested to know how you send an outbound email message if you don't allow an SMTP connection to something. Web clients only?
Yeah, how dare we liberate Iraq and give millions of Muslins the right to assemble religiously at holy sites in Iraq--a right they haven't had decades. Bad, bad, BAD U.S.A.
Please come and help me America!
My government won't let us have a bill of rights or guns. Can you come and bomb the fuck out of our country and destroy our power and water supplies so we can get these fundamental rights which I'm sure Mr Bush would agree we deserve?
I live in Australia. I look forward to your friendly bombing.
Your argument against the parent post is correct. However your example is clearly not the same as the technology that the parent refers to.
I would also put it forward that the parent had no idea what he was talking about though.
When trying to encrypt media in things like DVD's, satelite feeds etc etc etc you need to encrypt the data so that the bad guys can't interrupt it and you need to decrypt it so the legitamate users can read it.
I think this is what the parent post sorta meant. (I don't believe that really)
RSA encryption is not the same thing. If someone gave someone to you encrypted with RSA encryption and also gave you the decryption key it would be cracked. Not the encryption itself but the decryption key can then be compromised. This is the reason that most people today believe it is impossible to safely protect media from copying but still allow it's use.
The Intel thing is different again as I assume (having not RTFA) that the protection would be embedded on the chip. You would need a pretty steady hand to modify something on a CPU at the scale it is fabricated I would guess.:-P
Also, the protection is not trying to protect someone copying data so encryption technologies are not the trick. It is trying to stop you using more CPU cycles per second. I think this could probably be done in a way that is not accessible (price wise) to the average consumer. Let's face it the only reason overclocking is popular at all is because it is free. If it cost much more money you would just buy faster CPU's on day one.
Slashdot Mirror
Are they using the correct SI form of the prefix Mega, the now outdated binary form of the prefix Mega which has been replaced by the prefix Mebi?
I wish this stuff would catch on. It's useful.
And these boring fart mods modded the root parent to a -1 Troll.
Where's the fun in making funny posts that lose their context?
Gator is everywhere.
It is all around us even now in this very room. You can see it when you look out your window or when you turn on your television.
You can feel it when you go to work, when you go to church, when you pay your taxes.
It is the world that has been pulled over your eyes to blind you from the truth.
The kids a legend. I want to see him with nunchaku!
I'm Australian.
I wanna bite too!
We could bundle up all of Australia's Internet access technology and put it in a museum today.
When American's come over they can point and laugh.
People don't like Karma whoring. Post it anonymously next time. A true selfless act. BTW. Don't blame me. I didn't do it.
Hell yeah. Just think what Jack Bauer can do in just 24 hours. And he's not 1337!
Not to mention the fact the creating the protection involves fudging the CRC protection which makes your CD less resistant to scratches and production errors.
Has anyone seen a decent piece of software that can find WAP's on your network by scanning from the wired part of your network?
What I want is something that scans for known MAC ID's or something to identifiy wireless access points without having to fly all over the country to do it.
There are plenty of wireless based scanners but they involve travel.
Any hints?
No I/O?
:-)
Sounds like a lump of wood to me.
Wireless is I/O.
It helps that they're also highly targeted, you don't see ads for bridal dresses in a video game magazine.
Having said that you could achieve one effect by advertising bridal underwear in a computer game magazine. Perhaps not sales producing but it would be popular.
AND Standardise your builds with a repeatable build process to reduce human errors.
Write a document which specifies all security settings in your standard and DMZ builds.
OK. I wish you the best of luck. It sounds like you are at least doing something about the problem.
:-)
I am challenging the feeling I get from your post that what you are doing is the technical silver bullet to protect against threats like this. I've seen NO REAL silver bullets with malicious software.
I'm sure you could imagine exactly what a malicious piece of code (with the purpose of SMTP spamming) would have to do to get around your controls. I'm even betting it would not be THAT hard to actually write. I would take this further to say that it could be made generic enough to compromise other organisations corporations systems as well.
I strongly doubt the measures described fix many of the other threats we will no doubt get exposed to. (But that is off topic and you doubtless have other control measures not described)
They are strong mitigants however and would probably do your company well. In a smallish environment (I'm making a big assumption) you can probably exert that level of control over your systems and run a fairly tight ship with some fairly innovative controls. As your environment grows people like yourself move on, admins change and the threats migrate to other platforms etc some of these point solutions get lost in the mix.
My experience is with system and security admin in a growing organisation (now 10 000 staff. 1000 work in IT). We run similarly paranoid systems, in different ways, but I do not suffer the delusion that we are in any way safe from any number of threats. We have remained reasonably unscathed over the years due to some good planning and luck however the reality is you don't know where the next threat comes from or what it will target. Nimda was a classic example of that.
Mitigants like Outlook bans, paranoid MTA's and stateful firewalling aside, you MUST, in doing business, open your networks to threats. These can and will be exploited. There are no silver bullets. There is only a growing technology arms race and hopefully vigilant people.
I wish you luck and a bit of fun.
The only way I can think that you can get away without opening some REALLY basic ports eg HTTP, HTTPS and SMTP is if you are using some sort of local proxy to do the work and quite frankly malicious software can quite easily exploit these as well.
Yes it's true a good stateful outbound firewall helps you against some things eg IRC robots if you don't use IRC but you HAVE to open something or I can show you a brick which does the same job as your firewall.
When you open something you open it for better or for worse. Quite frankly I would be interested to know how you send an outbound email message if you don't allow an SMTP connection to something. Web clients only?
Like he cares. Search for that on Google.
The third hit shows he really doesn't give a shit about spam OR what people think about him quite frankly.
In as much as they are both not reasons to invade a country. Yes.
Yeah, how dare we liberate Iraq and give millions of Muslins the right to assemble religiously at holy sites in Iraq--a right they haven't had decades. Bad, bad, BAD U.S.A.
Please come and help me America!
My government won't let us have a bill of rights or guns. Can you come and bomb the fuck out of our country and destroy our power and water supplies so we can get these fundamental rights which I'm sure Mr Bush would agree we deserve?
I live in Australia. I look forward to your friendly bombing.
What's wrong?
Is Quicktime for almost every damn trailer coming out of Hollywood too hard for you sweetie?
Especially when syllables like -IX aren't allowed any more.
Yeah. Feels like friggin' groundhog day here in Oz. Will it ever end?
There should be a rule against April Fools jokes that aren't clever.
This is just another example of Microsoft displaying it's new philosophy of "Trustworthy Computing".
Ever since they announced their Trustworthy Computing initiative they have been going out of their way to build the publics trust in them...
Oh wait...
Yep, you better give it to me.
Your argument against the parent post is correct. However your example is clearly not the same as the technology that the parent refers to.
:-P
I would also put it forward that the parent had no idea what he was talking about though.
When trying to encrypt media in things like DVD's, satelite feeds etc etc etc you need to encrypt the data so that the bad guys can't interrupt it and you need to decrypt it so the legitamate users can read it.
I think this is what the parent post sorta meant. (I don't believe that really)
RSA encryption is not the same thing. If someone gave someone to you encrypted with RSA encryption and also gave you the decryption key it would be cracked. Not the encryption itself but the decryption key can then be compromised. This is the reason that most people today believe it is impossible to safely protect media from copying but still allow it's use.
The Intel thing is different again as I assume (having not RTFA) that the protection would be embedded on the chip. You would need a pretty steady hand to modify something on a CPU at the scale it is fabricated I would guess.
Also, the protection is not trying to protect someone copying data so encryption technologies are not the trick. It is trying to stop you using more CPU cycles per second. I think this could probably be done in a way that is not accessible (price wise) to the average consumer. Let's face it the only reason overclocking is popular at all is because it is free. If it cost much more money you would just buy faster CPU's on day one.
Since when has Trustworthy Computing had anything to do with IIS5?
Wait till 2003 comes out to slam them on this one. You'll get your chance.
Try this case:
. htm
http://www.aopen.com/products/housing/A340-series
Seems to handle 1 AGP and 4 PCI. Looks good too.