wtf? where is the windows.forms implementation under Linux? They are writing it from scratch because the previous version was using Wine and didnt work properly, so now they are doing it 'natively'.
Microsoft hasnt written a windows.forms implementation under Linux - they are not playing 'catch up', they are implementing something that doesnt yet exist.
The mono project allows programs written in.net to run under Linux, simple as that. It means eg. when Microsoft releases Office.NET, it can be run under Linux (depending on how pure the.net is). Good enough reason for mono?
That is the logging it is referring to Id imagine. And although quite useful, it could be much better.
For example, downloading a zip, opening it and running the contained.exe issues no warning. And thats how most exes are downloaded, but I guess its good to stop spyware from downloading and running through an exploit - as the OS will stop it natively rather than relying on the browser only for security.
Itd be good if it did prompt for things like zip files too, its handy knowing whether what youve downloaded has been AV scanned yet or whatever. And itd be good once more programs make use of this, eg p2p programs marking downloaded files. Perhaps theres a market for a program that monitors applications and marks all newly created.exes as 'dangerous'. Then you could just tack it on to any ftp/p2p/mozilla app.
That does not solve the problem. That is the number of connections, not number of incomplete connections, completely different. Please mod parent down.
Isnt it possible to use something like the winpcap library to get around all these restrictions? If so, it seems like an ok compromise, as only machines that you willfully install this driver on will have this functionality.
If not.. then damn you Steve Gibson for bitching until this got in. You have no bloody idea.
And the key point of the article was an attacker couldnt take advantage of it in an 'automated' way - it requires manual intervention.
"which will make it harder for malicious hackers or virus writers to use it in automated attacks, Weinstein said. "
The original poster said:
"This is completely and totally wrong."
But it is not. It does make it harder, because just using AIM wont get you 'own3d', you have to visit a malicious URL, regardless of how easily it may be to get people to visit such a URL.
And, ahem, how do you get to that launch page in the first place? magic?
Its not as if anyone can just post a meta-refresh onto the front page of google. A page/server would have to host that javascript/iframe/redirect/etc and you would have to convince someone to visit that in the first place.
Sure, you can use social engineering to get people to visit mysite.com/hack.htm or whatever, but thats exactly what the article is saying - you need to manually visit a malicious page in the first place.
A jam on a typewriter, as the heads must go forward hit the paper and then back, hitting two together could cause the hammers to jam.
This is not the case for computer keyboards, but they retain the same layout. It was designed to stop typewriters from jamming, this doesnt mean its the best layout as far as speedy typing is concerned. Although the alternating left and right hands for 90% of words supposudly is a fast scheme and both the qwerty and dvorak layouts are pretty reasonable at doing this.
How would it put them one step ahead when MS are already half way there and Linux hasnt got anything like it at all? They are behind, not anywhere near 'one step ahead'. If anything, it might put them on the same level.
exactly, simple supply and demand. Theres no such thing as a profitless business. A profitless business folds and the industry keeps shrinking until there there is just the right amount left that they are left making a profit.
If theres room for more companies, the industry grows, if not, it shrinks.
In any case, the providers arent exactly 'giving away' phones with 4 megapixel cameras and PDA functions. They cost a bundle, and I am sure they are making a tidy profit on those.
More likely, people buy phones with crappy 320x200 cameras, then fork out again to buy a 3mp camera. So they pay for a camera twice, and the industry gains. So.. stfu article writer!
Uhm.. actually to be pedantic, there would be no post at all because the connection would be lost and the post would be ignored.
Ignoring that, the 'STOP IRQ_LESS..' crap certainly wouldnt get sent over the wire. What you are seeing is what the server has recieved, not what the client sees. So a bunch of garbled mess, plus [CARRIER LOST] (if injected by the server when the connection has been lost) would in fact be what _we_ see, as in what the server has received from the client and put up for us to see.
if companies are really security concious, they'll check employees with coke packs
I think the very fact that they will have to is what people are complaining about. Is a company supposed to stay abreast of every competition that every company does and keep tabs on what to look for and monitor for it etc..
I dont think its particularly reasonable that a 'high-level' company has to change its security procedures everytime coke does a dodgy promotion. Sure, a coke can could contain a bomb or gps or whatever without the promotion, but without the promotion its a much safer bet that it wont, and security is all about risk & usability tradeoffs.
I don't understand your prejudice that anyone looking to NOT spend their time configuring and bargain shopping should stick to Windows and/or is stupid. Personally i have other things to do with my time. Like reading/.
Or perhaps babysitting your OS? Linux requires a hell of a lot more effort to install and admin than the 10 minutes it takes to put a system together. Most people prepared to put in the effort required to run Linux would also put in the effort to build their own system. Most shops will put the parts together for you, at least mine did which gives you the ability to have your choice of parts, but still not to have to spend (a small) amount of time putting it together.
Well I would imagine any Linux user worth his salt wouldnt be buying OEM machine from Dell with Windows pre-installed, most likely they would build their own. If that is the only type of machine they can manage to find, then perhaps they should stick to the Windows alreeady installed.
If I had to choose between Linux and Windows to be pre-installed, I would certainly choose Linux everytime, even if I was putting Windows on the machine. But if I intended to put Linux on, there is no way Id be paying for a License, and would build a machine from scratch or ask for a discount for no OS etc.
I dont think you need '24 hour access to Walmart' to buy a computer without Windows - you just need ten minutes to order one from any random computer shop and go pick it up. There cant be that many people stupid enough to pay for a license they arent going to use.
Not when they have the choice of buying a machine with no OS or Linux pre-installed. Why pay for a license youre not going to use? Whereas a machine with Linux on adds no extra license costs on top, so people don't care whether or not it has it on if they intend to wipe it.
In fact, in the case where a OS is required to be on the machine, they are more likely to choose Linux because it reduces the cost of the total system.
But then, I thought this was the point of the parent poster, and was supposed to be obvious.
They use the same term, reverse firewall, but they talk about firewalling each individual machine inside a lan. Basically, they suggest a firewall on each machine to protect the internal network from attacks that originate inside it. Completely different use of the term.
And thats known as a 'personal firewall'. Many existing products do this already and are widely used.
Zonealarm and KAV anti-hacker are two off the top of my head. I even use the KAV one, it is very good, and can help prevent apps that 'call home' from doing so etc. And any exploits that work by contacting a remote host via tftp etc are able to be blocked. (a better fix is to patch the exploit of course, but thats not always possible with 0 day exploits etc).
But what if a few people want to reserve a range for doing their own 'universe simulation project' which requires mapping random particles to IP addresses. Even if they dont use them all, there may be a number of people that need to reserve ridiculous size ranges, or want to map the addresses in strange ways. For example they may require 48bits for mapping MAC addresses, 56bits for mapping DES keys, or a huge amount for mapping hashes etc
bullcrap. 'accidental' visits or 'malware' visits fluctuate depending on the misleading spam campaigns and trojaned activex downloaders run by the sites.
Whereas 'deliberate' attempts would remain fairly constant as users go from site to site and new users come in, and old ones go out.
Not to mention the resolution makes even 'larger', at least with respect to amount fo information displayed. Unless you have a high def TV. Most consoles only display graphics at 640x480 or something (not too sure, but its much lower than ther typical 19" monitor res).
That, and the distance you sit from the screen, input devices (the use of a mouse), the ability to 'mod' games because theyre on your hd, downloadable trainers etc mean Id much rather use my PC than a console.
are you sure all those bounced messages arent from mail worms forging from addresses? Probably about 80% of my mail is from 'mailer daemon - your message was infected' or 'we tried to deliver but failed' type messages, from domains Ive never sent mail.
Aside from those, I get virtually no spam, or at least it gets filtered quite reliably.
But if for some reason you really need to have this centralised database for identies, just let people upload their certificates to your server for people to lookup. As these are public anyway, people would rather submit that than mail a bunch of personal information to you.
Of course, the problem here is the only 'unique' thing in the certificate is the name, which their can be many duplicates.
The solution of course is still to be a CA, but issue certificates with a property which gaurantee uniqueness to an individual - ie do it in exactly the same way as you suggest, but issue certificates as well as database lookups.
Slashdot Mirror
graphics yet all the preview articles seem to start out their previews the same way
A bit like your first post? Where you started out by saying 'this is only an update, not counter strike 2'...
wtf? where is the windows.forms implementation under Linux? They are writing it from scratch because the previous version was using Wine and didnt work properly, so now they are doing it 'natively'.
.net to run under Linux, simple as that. It means eg. when Microsoft releases Office.NET, it can be run under Linux (depending on how pure the .net is). Good enough reason for mono?
Microsoft hasnt written a windows.forms implementation under Linux - they are not playing 'catch up', they are implementing something that doesnt yet exist.
The mono project allows programs written in
That is the logging it is referring to Id imagine. And although quite useful, it could be much better.
.exe issues no warning. And thats how most exes are downloaded, but I guess its good to stop spyware from downloading and running through an exploit - as the OS will stop it natively rather than relying on the browser only for security.
.exes as 'dangerous'. Then you could just tack it on to any ftp/p2p/mozilla app.
For example, downloading a zip, opening it and running the contained
Itd be good if it did prompt for things like zip files too, its handy knowing whether what youve downloaded has been AV scanned yet or whatever. And itd be good once more programs make use of this, eg p2p programs marking downloaded files. Perhaps theres a market for a program that monitors applications and marks all newly created
That does not solve the problem. That is the number of connections, not number of incomplete connections, completely different. Please mod parent down.
Isnt it possible to use something like the winpcap library to get around all these restrictions? If so, it seems like an ok compromise, as only machines that you willfully install this driver on will have this functionality.
If not.. then damn you Steve Gibson for bitching until this got in. You have no bloody idea.
And the key point of the article was an attacker couldnt take advantage of it in an 'automated' way - it requires manual intervention.
"which will make it harder for malicious hackers or virus writers to use it in automated attacks, Weinstein said. "
The original poster said:
"This is completely and totally wrong."
But it is not. It does make it harder, because just using AIM wont get you 'own3d', you have to visit a malicious URL, regardless of how easily it may be to get people to visit such a URL.
and...?
You said so yourself, after a search in google you "would have to click on the URL to trigger the vulnerability..." exactly as the article says.
The point is, just chatting on AIM is not going to have some worm that exploits this thing rip through your system and the entire AOL network.
And, ahem, how do you get to that launch page in the first place? magic?
Its not as if anyone can just post a meta-refresh onto the front page of google. A page/server would have to host that javascript/iframe/redirect/etc and you would have to convince someone to visit that in the first place.
Sure, you can use social engineering to get people to visit mysite.com/hack.htm or whatever, but thats exactly what the article is saying - you need to manually visit a malicious page in the first place.
A jam on a typewriter, as the heads must go forward hit the paper and then back, hitting two together could cause the hammers to jam.
This is not the case for computer keyboards, but they retain the same layout. It was designed to stop typewriters from jamming, this doesnt mean its the best layout as far as speedy typing is concerned. Although the alternating left and right hands for 90% of words supposudly is a fast scheme and both the qwerty and dvorak layouts are pretty reasonable at doing this.
How would it put them one step ahead when MS are already half way there and Linux hasnt got anything like it at all? They are behind, not anywhere near 'one step ahead'. If anything, it might put them on the same level.
The game: http://www.homestarrunner.com/awexome.html
exactly, simple supply and demand. Theres no such thing as a profitless business. A profitless business folds and the industry keeps shrinking until there there is just the right amount left that they are left making a profit.
If theres room for more companies, the industry grows, if not, it shrinks.
In any case, the providers arent exactly 'giving away' phones with 4 megapixel cameras and PDA functions. They cost a bundle, and I am sure they are making a tidy profit on those.
More likely, people buy phones with crappy 320x200 cameras, then fork out again to buy a 3mp camera. So they pay for a camera twice, and the industry gains. So.. stfu article writer!
Uhm.. actually to be pedantic, there would be no post at all because the connection would be lost and the post would be ignored.
Ignoring that, the 'STOP IRQ_LESS..' crap certainly wouldnt get sent over the wire. What you are seeing is what the server has recieved, not what the client sees. So a bunch of garbled mess, plus [CARRIER LOST] (if injected by the server when the connection has been lost) would in fact be what _we_ see, as in what the server has received from the client and put up for us to see.
So, the bzzter has been bzzted.
try fastmail.fm.. free with imap. a one time fee of $20 will give you permanent access to the 'good stuff' forever, rather than an annual fee.
if companies are really security concious, they'll check employees with coke packs
I think the very fact that they will have to is what people are complaining about. Is a company supposed to stay abreast of every competition that every company does and keep tabs on what to look for and monitor for it etc..
I dont think its particularly reasonable that a 'high-level' company has to change its security procedures everytime coke does a dodgy promotion. Sure, a coke can could contain a bomb or gps or whatever without the promotion, but without the promotion its a much safer bet that it wont, and security is all about risk & usability tradeoffs.
I don't understand your prejudice that anyone looking to NOT spend their time configuring and bargain shopping should stick to Windows and/or is stupid. Personally i have other things to do with my time. Like reading /.
Or perhaps babysitting your OS? Linux requires a hell of a lot more effort to install and admin than the 10 minutes it takes to put a system together. Most people prepared to put in the effort required to run Linux would also put in the effort to build their own system. Most shops will put the parts together for you, at least mine did which gives you the ability to have your choice of parts, but still not to have to spend (a small) amount of time putting it together.
Well I would imagine any Linux user worth his salt wouldnt be buying OEM machine from Dell with Windows pre-installed, most likely they would build their own. If that is the only type of machine they can manage to find, then perhaps they should stick to the Windows alreeady installed.
If I had to choose between Linux and Windows to be pre-installed, I would certainly choose Linux everytime, even if I was putting Windows on the machine. But if I intended to put Linux on, there is no way Id be paying for a License, and would build a machine from scratch or ask for a discount for no OS etc.
I dont think you need '24 hour access to Walmart' to buy a computer without Windows - you just need ten minutes to order one from any random computer shop and go pick it up. There cant be that many people stupid enough to pay for a license they arent going to use.
Not when they have the choice of buying a machine with no OS or Linux pre-installed. Why pay for a license youre not going to use? Whereas a machine with Linux on adds no extra license costs on top, so people don't care whether or not it has it on if they intend to wipe it.
In fact, in the case where a OS is required to be on the machine, they are more likely to choose Linux because it reduces the cost of the total system.
But then, I thought this was the point of the parent poster, and was supposed to be obvious.
I already have one, its a set of speakers on my desktop. Everytime a cellphone gets a call/text i get a:
dicky-dick-dicky-dick-dicky-diiiiiick
Also useful for knowing when Im about to get a call and can start looking for my phone well in advance before it starts ringing.
They use the same term, reverse firewall, but they talk about firewalling each individual machine inside a lan. Basically, they suggest a firewall on each machine to protect the internal network from attacks that originate inside it. Completely different use of the term.
And thats known as a 'personal firewall'. Many existing products do this already and are widely used. Zonealarm and KAV anti-hacker are two off the top of my head. I even use the KAV one, it is very good, and can help prevent apps that 'call home' from doing so etc. And any exploits that work by contacting a remote host via tftp etc are able to be blocked. (a better fix is to patch the exploit of course, but thats not always possible with 0 day exploits etc).
But what if a few people want to reserve a range for doing their own 'universe simulation project' which requires mapping random particles to IP addresses. Even if they dont use them all, there may be a number of people that need to reserve ridiculous size ranges, or want to map the addresses in strange ways. For example they may require 48bits for mapping MAC addresses, 56bits for mapping DES keys, or a huge amount for mapping hashes etc
bullcrap. 'accidental' visits or 'malware' visits fluctuate depending on the misleading spam campaigns and trojaned activex downloaders run by the sites.
Whereas 'deliberate' attempts would remain fairly constant as users go from site to site and new users come in, and old ones go out.
Not to mention the resolution makes even 'larger', at least with respect to amount fo information displayed. Unless you have a high def TV. Most consoles only display graphics at 640x480 or something (not too sure, but its much lower than ther typical 19" monitor res).
That, and the distance you sit from the screen, input devices (the use of a mouse), the ability to 'mod' games because theyre on your hd, downloadable trainers etc mean Id much rather use my PC than a console.
are you sure all those bounced messages arent from mail worms forging from addresses? Probably about 80% of my mail is from 'mailer daemon - your message was infected' or 'we tried to deliver but failed' type messages, from domains Ive never sent mail.
Aside from those, I get virtually no spam, or at least it gets filtered quite reliably.
And I just have a regular yahoo account.
But if for some reason you really need to have this centralised database for identies, just let people upload their certificates to your server for people to lookup. As these are public anyway, people would rather submit that than mail a bunch of personal information to you.
Of course, the problem here is the only 'unique' thing in the certificate is the name, which their can be many duplicates.
The solution of course is still to be a CA, but issue certificates with a property which gaurantee uniqueness to an individual - ie do it in exactly the same way as you suggest, but issue certificates as well as database lookups.