I was about to write the same comment after reading the linked Cisco advisory. It's a serious issue, but they do offer free fixes for serious vulnerabilities like this. Please mod parent up.
The problem in this case is that there are workarounds allowing you to impersonate a DC. For example, someone could sniff your DNS requests and use ARP poisoning to redirect your requests for GPO files or login scripts to its own servers, and Windows would automatically downgrade its SMB security to connect to this fake DC. This could easily be done to a computer connecting in a remote network, even if its corporate trafic is in a VPN. Read up on this article from the guys who found the vulnerabiltiy:
One issue which Microsoft also did not mention is how AD-joined Windows systems by default leak a lot of info, and will send out DNS requests for domain resources from ANYWHERE. It doesn't matter that the servers aren't available from the Starbucks WiFi, Windows will still do DNS requests for "domain.local" and try to run "\\domain.local\NETLOGON\logon.bat".
One very important part of this latest vulnerability is that patching your systems is NOT ENOUGH. The patch is not so much a fix as an entirely new security functionality which must be configured properly.
It is required to configure a group policy to harden your systems. Any domain-joined system must have both the patch installed and a group policy setup to force the system to use secure authentication and validation mechanism on any sensitive share. Domain shares such as NETLOGON and SYSVOL are an obvious priority, but any share used for software deployment or script execution must be similarly listed.
Make sure you read the KB article and take the proper steps to secure your systems:
Euh locks on doors don't stop burglars. They stop kids from doing petty vandalism. Burglars can easily pick your door locks, or will simply break a window to enter.
Door locks are the equivalent of FTP server banner messages telling people "access is restricted to those authorized".
What prevents burglaries in civilized countries is the social contract, and the fact that most people have a common moral and ethical sense that tells them it's wrong. The idea that you're better off working for a decent salary and that you should respect the property of others so they'll respect you is a basic logic that holds true in many places (less so nowadays in some countries where the working poor are worse every day).
The reason it doesn't work on the Internet is because this contract falls apart because of distance and the anonymizing nature of the Internet. Not just the fact that bad guys can be pseudonymous, but because to them you're not a person, you're an IP address. It de-humanizes contact and makes it easier to justify bad behavior.
Add to it the fact that there may be a small portion of people in a city or neighborhood who are lacking enough in morality to do burglaries, but in the whole world there's a lot more of them. And although they can't all break into your house, they can all break into your computer...
You are a sexist troll. The fact that you got a +5 insightful on this post is disgusting.
The truth of the matter is that there is no significant difference, physiologically, between men and women, as far as the brain is concerned; and thus no difference psychologically. Almost every so-called "male" or "female" feature is a result of brain plasticity and is imparted culturally.
The way to get a girl interested in science is exactly the same way to get boys interested in science. Do not treat a woman differently from a man and you will get the same results.
No one with red blood in their veins buys a sports car and hands the keys to a chauffeur
This is such a ridiculous sentence, I couldn't get past it to read the rest. First of all, veinal blood is really dark, not red. But most telling is that the writer assumes people like cars, want to drive cars, and can drive cars. I don't like them, I don't drive, and I don't own one. If I was to ever buy one, I would have someone else drive me. So according to this un-enlightened individual, I don't exist.
We can't even make machines that can figure out if entropy is increasing or decreasing in a video recording (something most humans can do unsciously). But we'll have human-equivalent AI is in our grasp within 10 years. And the singularity is coming within 20.
Planning for such an event is like planning for winning the lottery: it is almost certain will win the lottery, and it's almost certain it won't be you.
Likewise, such catastrophic events happen to someone sometimes, but you don't have to worry about it happening to you. Really. Stop worrying so much.
If you live in a tornado-targeted area, you should prepare for a tornado to hit your house.
If you live in a flood area, prepare for a flood.
It's all about statistics and the Bernoulli equation: examine the chance of something happening and the effect it could have on your life, and prepare for the events that pose a significant danger.
I rewatched the whole series last year, and I got really annoyed at the episodes where magic is featured. There are quite a few, considering it's supposed to be a science-fiction show.
That's about every episode where Troi uses her magic powers, incidentally. I especially hate when she can sense an alien being's emotions at a distance of A FEW LIGHT-YEARS.
What is likely to be the accuracy of this system? Even a 99% accurate system would be fairly useless. Say you get 1 rager per day out of 100 000 drivers. Over 100 days (about 3 months), it will properly flag 99 people and miss one. But during the same period would flag 1000 people per day who aren't raging or dangerous.
It's the same every time someone says they can "detect" a rare event out of a completely random sample, whether it is mass screening for rare diseases or conditions, terrorists or road rage. Unless your screening method is extraordinarily accurate, the sheer number of individuals examined by the system will cause a significant number of false positives.
Well, remember that max level will soon be 100, so those people will still need to play some 10 levels. And they've announced that before queuing for heroic dungeons or LFR, you will have to earn a silver medal in the training grounds to demonstrate that you can actually do the job you are intending to fulfill.
Most leveling is done solo nowadays in WoW. You will participate in dungeons with other random people, but you'll likely never see those people again in your entire life, so you don't really care. Even while leveling, most players you meet will be from other realms.
Most of the socializing happens at max level, when you play in the high-level zones, organize groups for challenge dungeons or raids, and with your guild, most of which happens at max level.
In fact, it would appear the two aren't independent.
There has been research showing that the same genes are present and active in both geniuses and schizophrenics. There does appear to be some relationship between the two "conditions".
Indeed, what's new in recent research is that "men and women are the same", and that most psychological differences aren't caused by genes and hormones, but cultural differences.
Slashdot Mirror
I was about to write the same comment after reading the linked Cisco advisory. It's a serious issue, but they do offer free fixes for serious vulnerabilities like this. Please mod parent up.
The problem in this case is that there are workarounds allowing you to impersonate a DC. For example, someone could sniff your DNS requests and use ARP poisoning to redirect your requests for GPO files or login scripts to its own servers, and Windows would automatically downgrade its SMB security to connect to this fake DC. This could easily be done to a computer connecting in a remote network, even if its corporate trafic is in a VPN. Read up on this article from the guys who found the vulnerabiltiy:
https://www.jasadvisors.com/ab...
One issue which Microsoft also did not mention is how AD-joined Windows systems by default leak a lot of info, and will send out DNS requests for domain resources from ANYWHERE. It doesn't matter that the servers aren't available from the Starbucks WiFi, Windows will still do DNS requests for "domain.local" and try to run "\\domain.local\NETLOGON\logon.bat".
One very important part of this latest vulnerability is that patching your systems is NOT ENOUGH. The patch is not so much a fix as an entirely new security functionality which must be configured properly.
It is required to configure a group policy to harden your systems. Any domain-joined system must have both the patch installed and a group policy setup to force the system to use secure authentication and validation mechanism on any sensitive share. Domain shares such as NETLOGON and SYSVOL are an obvious priority, but any share used for software deployment or script execution must be similarly listed.
Make sure you read the KB article and take the proper steps to secure your systems:
https://support.microsoft.com/...
Euh locks on doors don't stop burglars. They stop kids from doing petty vandalism. Burglars can easily pick your door locks, or will simply break a window to enter.
Door locks are the equivalent of FTP server banner messages telling people "access is restricted to those authorized".
What prevents burglaries in civilized countries is the social contract, and the fact that most people have a common moral and ethical sense that tells them it's wrong. The idea that you're better off working for a decent salary and that you should respect the property of others so they'll respect you is a basic logic that holds true in many places (less so nowadays in some countries where the working poor are worse every day).
The reason it doesn't work on the Internet is because this contract falls apart because of distance and the anonymizing nature of the Internet. Not just the fact that bad guys can be pseudonymous, but because to them you're not a person, you're an IP address. It de-humanizes contact and makes it easier to justify bad behavior.
Add to it the fact that there may be a small portion of people in a city or neighborhood who are lacking enough in morality to do burglaries, but in the whole world there's a lot more of them. And although they can't all break into your house, they can all break into your computer...
You are a sexist troll. The fact that you got a +5 insightful on this post is disgusting.
The truth of the matter is that there is no significant difference, physiologically, between men and women, as far as the brain is concerned; and thus no difference psychologically. Almost every so-called "male" or "female" feature is a result of brain plasticity and is imparted culturally.
The way to get a girl interested in science is exactly the same way to get boys interested in science. Do not treat a woman differently from a man and you will get the same results.
Except for the fact that it's complete pseudo-scientific bunk, promoted by the likes of frauds like Von Daniken:
https://en.wikipedia.org/wiki/...
This is such a ridiculous sentence, I couldn't get past it to read the rest. First of all, veinal blood is really dark, not red. But most telling is that the writer assumes people like cars, want to drive cars, and can drive cars. I don't like them, I don't drive, and I don't own one. If I was to ever buy one, I would have someone else drive me. So according to this un-enlightened individual, I don't exist.
As a Canadian, the good news is that the NSA doesn't spy on us.
The bad news is that the Canadian Security Intelligence Service (CSIS) spies on us and shares everything with the NSA anyway.
We can't even make machines that can figure out if entropy is increasing or decreasing in a video recording (something most humans can do unsciously). But we'll have human-equivalent AI is in our grasp within 10 years. And the singularity is coming within 20.
Sure.
They signed an agreement:
http://spacecollege.org/isee3/...
That's a nice Internet you got there. Would be a shame if anything happened to it.
Planning for such an event is like planning for winning the lottery: it is almost certain will win the lottery, and it's almost certain it won't be you.
Likewise, such catastrophic events happen to someone sometimes, but you don't have to worry about it happening to you. Really. Stop worrying so much.
If you live in a tornado-targeted area, you should prepare for a tornado to hit your house.
If you live in a flood area, prepare for a flood.
It's all about statistics and the Bernoulli equation: examine the chance of something happening and the effect it could have on your life, and prepare for the events that pose a significant danger.
I rewatched the whole series last year, and I got really annoyed at the episodes where magic is featured. There are quite a few, considering it's supposed to be a science-fiction show.
That's about every episode where Troi uses her magic powers, incidentally. I especially hate when she can sense an alien being's emotions at a distance of A FEW LIGHT-YEARS.
That was FF12.
Still even then it wasn't as bad as FF13.
The Kalevala
What is likely to be the accuracy of this system? Even a 99% accurate system would be fairly useless. Say you get 1 rager per day out of 100 000 drivers. Over 100 days (about 3 months), it will properly flag 99 people and miss one. But during the same period would flag 1000 people per day who aren't raging or dangerous.
It's the same every time someone says they can "detect" a rare event out of a completely random sample, whether it is mass screening for rare diseases or conditions, terrorists or road rage. Unless your screening method is extraordinarily accurate, the sheer number of individuals examined by the system will cause a significant number of false positives.
It's not a real conspiracy theory if you can't bring the Knights Templar into it in some way.
Could Bitcoin exist without the Internet?
Would the Internet exist without the Government funding research projects?
Could the Government fund research projects without tax revenue?
Ergo, Bitcoin couldn't exist without taxation.
Well, remember that max level will soon be 100, so those people will still need to play some 10 levels. And they've announced that before queuing for heroic dungeons or LFR, you will have to earn a silver medal in the training grounds to demonstrate that you can actually do the job you are intending to fulfill.
It's just a shame, because Mists of Pandaria was the best expansion since Burning Crusade, in my opinion.
You may have missed the fact that Warcraft is filled with jokes and RL references.
Most leveling is done solo nowadays in WoW. You will participate in dungeons with other random people, but you'll likely never see those people again in your entire life, so you don't really care. Even while leveling, most players you meet will be from other realms.
Most of the socializing happens at max level, when you play in the high-level zones, organize groups for challenge dungeons or raids, and with your guild, most of which happens at max level.
In fact, it would appear the two aren't independent.
There has been research showing that the same genes are present and active in both geniuses and schizophrenics. There does appear to be some relationship between the two "conditions".
Indeed, what's new in recent research is that "men and women are the same", and that most psychological differences aren't caused by genes and hormones, but cultural differences.
I seriously believe everyone should read "The Brothers Karamazov", that you cannot be a complete human being without reading it.
I also recommend waiting till you're in your twenties before doing so.