A company I worked for till they burst in 2000. We had Imacs in the colo racks. The board was great and it would have been a nice server but the form factor ed didn't lend it self well to being bolted in a rack. The plastic kept cracking and the dust went everywhere.
We had a so-called security expert put them on a bunch of my SUN systems at a job in 1999, Talked our PHB into buying into that. Took all of a week to get the jerk and his dumb idea out of our site. Once the power went out and the Junior who was on late shift couldn't start the systems. PCs are easy to get around and Suns are a evil to fix after that sort of nonsense.
Perhaps your missing the point here as well. Your context is wrong. The attacker has all your traffic from start to finish. To both sides the attack is coming from inside the transmission.
Your computer asks the Evil Access Point (EAP) to validate the cert, the attacker transmits that request directly to the bankofslashdot.com. A certified session is created. But not just with your computer. It's done thru the EAP, to the outside world that EAP is you. Your password, your data is all going into a file encrypted in a key the attacker now knows.
"When a web browser receives this, it should verify that the CN field of the leaf certificate matches the domain it just connected to, that it's signed by the intermediate CA, and that the intermediate CA is signed by a known CA certificate. Finally, the web browser should also check that all intermediate certificates have valid CA Basic Constraints."
The EVP never claims to be anything but a switch. The outside world sees that EAP has the origin for your session. A NAT'ed address. Any Key your computer provides is logged and thus useless.
Once the keys are exchanged the rest is trivial. If the attacker is online and watching your session he can block the logout and once you do he severs the connection to you you think you have logged out. bankofslashdot.com thinks your still logged in from the same IP.
"Of course an attacker can simply prevent you from ever making it to the real web site, say you are shopping at example.org, generally speaking the only part that would be SSL protected is the actual order submission, meaning an attacker can do a man in the middle attack and host a fake example.org web site. When you hit submit to place your order they would simply direct it to either a non secure site or their own secure site."
That the hard way, it's easier to just hijack your session.
If your doing a MitM attack, your routing certs from the whereever you say. Your fake DNS jives with the real DNS, meaning you route victums to x.x.x.x and they pass thru z.z.z.z Your not just fooling the user and his/her computer your fooling the cert.
Nothing prevents you from asking the original target for it's cert and replaying that answer to the victim. They start the conversation and you finish it as you wish. Just intercept their logoff and your can do what you wish and they think they logged out. Worse yet, the transaction is mixed with real and faked info and hard to tell apart.
So you paid your electric bill and gave $200,000 to Scammo the 419? All in the same transaction. Do you expect us to believe that it's wrong?
It's not exact but patents are pretty specific about bits of technology. However to get anywhere in hard science you need to publish. The techniques will be availible to the community. It is the primary benchmark for the research community.
Open source works in the context of tech, however medical knowledge isn't so tightly defined by copyrights. The project is publicly funded, and like a university it will be availible to the public at a smaller price then a private research company's.
In Shockwave Rider by John Brunner, there were Delphi Pools, were people would bet on events and collect money as a sort of Numbers game. While this is rather abstract for a few players. One can get away with wins on safe bets and inside info. Questions such as; Will Company A go bankrupt due to the recent scandal or Will Mr X get a prison sentance over the alleged killing.
As a way of predicting the future it's flawed, but as a indicator of public sentiment it works.
Under the theory that nobody knows everything but everybody (as a Mass) knows everything. Long term trends could be predicted based on watching the betting and what advances in Technology and Culture that society is ready for.
Q- Bet something like will State B let Gays marry. Q- Will Texas put less people to death Q- Will Space Aliens be welcomed if they land tommorrow.
Blernsball The Earthican past time featuring mandatory steroids.
I was worried for a minute, but
on
LokiTorrent vs. MPAA
·
· Score: 2, Interesting
most of what i was looking for isn't anything that they would care about. Now Microsoft might get mad about my looking for ISO of SUSE but it's not actionable.
Over all, what can **IA do about ultimately? I would fall on a free press defense. They don't hold the files, or even parts of the files. They 'Report' on where they are and that's sort of news.
These nifty little DIY projects are not to save money. Most IT people (meaning US on Slashdot) are both addicted to gadgets and generally have disposable cash. That's not the reason we are interested in them. We may do them and it's for the fun of it not the pricetag. If we wanted to save money we would be ranting on a Mother Jones website. After all it's News for NERDS!!!
Honestly, when did you last see a Pumpkin webserver for sale?
You may have encountered something called the slashdot effect, suddenly flooded the site may have just switched in an AD so as to ride the wave. When I went there I found this - Not to completely repost an article, here is a few paragraphs;
Extensive testing by PC Pro's labs has revealed that photographs produced by inkjet printers can be both far more expensive than those from traditional photo processors and fade far more quickly. But not if you choose the right combination of printer, ink and paper.
For a period of twelve months PC Pro's staff tracked how 150 colour photographs produced by inkjet printers from leading manufacturers survived being exposed to normal air and daylight.
'The results were astonishing, ranging from no fading at all, to one photo where every colour except cyan had vanished, and even that was cracking and flaking off the page,' said Nick....
has anyone else here seen a book by maybe Dean Ing, that had a plot vehicle about using gliders as a cheap and effective means of retransmission. They would drift up on thermals during the day and drift down slowly at night. With a GPS and a low power computer they would stay in the same area at about 65K, well above air traffic. These could stay aloft for years.
Dr. Weird: [as an answering machine message] Gentlemen! You have reached Dr. Weird's residence. Now speak at the tone!
Telemarketer: Hello, Dr. Wire... Wired... We... Weird.
Dr. Weird: Steve, send the phone spiders.
Telemarketer: This is Jay Edwards with, uh, Chauna Construction Company. With Spring here, we thought you might be interested in a new deck. AHH! Spiders! Get 'em off! Get 'em off!
Dr. Weird: No, I guess we're not interested. Ah hahaha!
I worked with them back in 96, Hal Computers. First Ultrasparc to market. Even beat Sun Micro, but they never took it anywhere. They sucked the tech out of the company and then tried to corner the Asian UNIX market. They may make it work but they won't bother to do so here.
Now don't get me wrong, I liked them. But their focus isn't the West. They are strong on their base and may be angling to just snap it up. Time will tell.
Wish it would work, but then I plan my movie visits to be in no earlier then 5 minutes after the stated start time. However switching to DVD and On Demand only hurts the Theaters. So your target is off, the theaters are only slightly functional, popcorn prices not withstanding. DVD and OD are far more profitable to the studios, especially at $20-35 a pop retail. The markup is still great for the studios.
However I do support IFC and company. Meaning the non-mainstream media. They have more plot, less action and better quality movies. If you so eagar to vote with your dollars, go see an Indy film. which you should anyway.
Slashdot Mirror
Like those case badges that read Evil Inside
Props to STEPHANUS GIBBS, SARNIA INSULÆ, don't slam him, here is a google search.
A company I worked for till they burst in 2000. We had Imacs in the colo racks. The board was great and it would have been a nice server but the form factor ed didn't lend it self well to being bolted in a rack. The plastic kept cracking and the dust went everywhere.
We had a so-called security expert put them on a bunch of my SUN systems at a job in 1999, Talked our PHB into buying into that. Took all of a week to get the jerk and his dumb idea out of our site. Once the power went out and the Junior who was on late shift couldn't start the systems. PCs are easy to get around and Suns are a evil to fix after that sort of nonsense.
Perhaps your missing the point here as well. Your context is wrong. The attacker has all your traffic from start to finish. To both sides the attack is coming from inside the transmission.
0 01 1108-sslssh-followup.html
Your computer asks the Evil Access Point (EAP) to validate the cert, the attacker transmits that request directly to the bankofslashdot.com. A certified session is created. But not just with your computer. It's done thru the EAP, to the outside world that EAP is you. Your password, your data is all going into a file encrypted in a key the attacker now knows.
"When a web browser receives this, it should verify that the CN field of the leaf certificate matches the domain it just connected to, that it's signed by the intermediate CA, and that the intermediate CA is signed by a known CA certificate. Finally, the web browser should also check that all intermediate certificates have valid CA Basic Constraints."
The EVP never claims to be anything but a switch.
The outside world sees that EAP has the origin for your session. A NAT'ed address. Any Key your computer provides is logged and thus useless.
Once the keys are exchanged the rest is trivial. If the attacker is online and watching your session he can block the logout and once you do he severs the connection to you you think you have logged out. bankofslashdot.com thinks your still logged in from the same IP.
http://www.seifried.org/security/cryptography/2
"Of course an attacker can simply prevent you from ever making it to the real web site, say you are shopping at example.org, generally speaking the only part that would be SSL protected is the actual order submission, meaning an attacker can do a man in the middle attack and host a fake example.org web site. When you hit submit to place your order they would simply direct it to either a non secure site or their own secure site."
That the hard way, it's easier to just hijack your session.
Oh and the elves will help him.
If your doing a MitM attack, your routing certs from the whereever you say. Your fake DNS jives with the real DNS, meaning you route victums to x.x.x.x and they pass thru z.z.z.z Your not just fooling the user and his/her computer your fooling the cert.
Nothing prevents you from asking the original target for it's cert and replaying that answer to the victim. They start the conversation and you finish it as you wish. Just intercept their logoff and your can do what you wish and they think they logged out. Worse yet, the transaction is mixed with real and faked info and hard to tell apart.
So you paid your electric bill and gave $200,000 to Scammo the 419? All in the same transaction. Do you expect us to believe that it's wrong?
But it comes up a little short.
don't believe me?
"the official home page for much-lauded author Harlan Ellison." - harlanellison.com/home.htm
Bidding starts at 20,000 quatloos on the newcomer.
It's not exact but patents are pretty specific about bits of technology. However to get anywhere in hard science you need to publish. The techniques will be availible to the community. It is the primary benchmark for the research community.
Open source works in the context of tech, however medical knowledge isn't so tightly defined by copyrights. The project is publicly funded, and like a university it will be availible to the public at a smaller price then a private research company's.
Thank the gods for user settings.
A public Nuisance is what ever the cop said it is before they were arrested. Likely it will be tossed once a judge hears it.
(So how many times have you failed that bar exam?)
In Shockwave Rider by John Brunner, there were Delphi Pools, were people would bet on events and collect money as a sort of Numbers game. While this is rather abstract for a few players. One can get away with wins on safe bets and inside info. Questions such as; Will Company A go bankrupt due to the recent scandal or Will Mr X get a prison sentance over the alleged killing.
As a way of predicting the future it's flawed, but as a indicator of public sentiment it works.
Under the theory that nobody knows everything but everybody (as a Mass) knows everything. Long term trends could be predicted based on watching the betting and what advances in Technology and Culture that society is ready for.
Q- Bet something like will State B let Gays marry.
Q- Will Texas put less people to death
Q- Will Space Aliens be welcomed if they land tommorrow.
etc etc
It would beat polling and be profitable.
Simple delete everything on your system and install Solaris 10 for X86.
It's so user-unfriendly that nobodys made spyware for it. It's a heck of a lot more reliable then Linux.
Can't wait till I can catch a game on ESPN.
Blernsball The Earthican past time featuring mandatory steroids.
Over all, what can **IA do about ultimately? I would fall on a free press defense. They don't hold the files, or even parts of the files. They 'Report' on where they are and that's sort of news.
These nifty little DIY projects are not to save money. Most IT people (meaning US on Slashdot) are both addicted to gadgets and generally have disposable cash. That's not the reason we are interested in them. We may do them and it's for the fun of it not the pricetag. If we wanted to save money we would be ranting on a Mother Jones website.
After all it's News for NERDS!!!
Honestly, when did you last see a Pumpkin webserver for sale?
Not even then. Better get born dopey.
Wow, a crime that has it's own punishment attached.
Just wait till somebody used it to get High Resolution pics of Dead bodies from high orbit. What an amazing world we are about to live in.
High Resolution pics of Dead bodies from high orbit. What an amazing world we are about to live in.
You may have encountered something called the slashdot effect, suddenly flooded the site may have just switched in an AD so as to ride the wave. When I went there I found this - Not to completely repost an article, here is a few paragraphs;
Extensive testing by PC Pro's labs has revealed that photographs produced by inkjet printers can be both far more expensive than those from traditional photo processors and fade far more quickly. But not if you choose the right combination of printer, ink and paper.
For a period of twelve months PC Pro's staff tracked how 150 colour photographs produced by inkjet printers from leading manufacturers survived being exposed to normal air and daylight.
'The results were astonishing, ranging from no fading at all, to one photo where every colour except cyan had vanished, and even that was cracking and flaking off the page,' said Nick....
has anyone else here seen a book by maybe Dean Ing, that had a plot vehicle about using gliders as a cheap and effective means of retransmission. They would drift up on thermals during the day and drift down slowly at night. With a GPS and a low power computer they would stay in the same area at about 65K, well above air traffic. These could stay aloft for years.
Dr. Weird: [as an answering machine message] Gentlemen! You have reached Dr. Weird's residence. Now speak at the tone!
Telemarketer: Hello, Dr. Wire... Wired... We... Weird.
Dr. Weird: Steve, send the phone spiders.
Telemarketer: This is Jay Edwards with, uh, Chauna Construction Company. With Spring here, we thought you might be interested in a new deck. AHH! Spiders! Get 'em off! Get 'em off!
Dr. Weird: No, I guess we're not interested. Ah hahaha!
Oh wait, that was mentioned in a movie wasn't it. Oh!!! Curse you Quentin Tarantino!
I worked with them back in 96, Hal Computers. First Ultrasparc to market. Even beat Sun Micro, but they never took it anywhere. They sucked the tech out of the company and then tried to corner the Asian UNIX market. They may make it work but they won't bother to do so here.
Now don't get me wrong, I liked them. But their focus isn't the West. They are strong on their base and may be angling to just snap it up. Time will tell.
Wish it would work, but then I plan my movie visits to be in no earlier then 5 minutes after the stated start time. However switching to DVD and On Demand only hurts the Theaters. So your target is off, the theaters are only slightly functional, popcorn prices not withstanding. DVD and OD are far more profitable to the studios, especially at $20-35 a pop retail. The markup is still great for the studios.
However I do support IFC and company. Meaning the non-mainstream media. They have more plot, less action and better quality movies. If you so eagar to vote with your dollars, go see an Indy film. which you should anyway.
And I would tend to agree. Myst had a wider customer base and you didn't have to have the sound on so your boss wouldn't know you were playing.