I think he was speaking about public WLAN's that don't require logins. For a wireless network that doesn't require user authentication, its more difficult for them to track someone down. You simply get in range of the WLAN, do your dirty work, be it cracking systems or transferring warez, and then get out of there. Pretty convenient, no? I don't know how long this thing is going to last, but I assure you people will be exploiting wireless technologies for a while due to the difficulty in tracing someone (sure you can triangulate their location, but then you have to go and find them).
The movies are a supplement to the books in this particular case.
Does all this computing power mean we've advanced?
It means our technology has advanced, yes. Is using technology for art and entertainment frivolous? I think not. We, as humans, are creative, and using technology to exhibit this creativity is in our nature.
Well, I've been observing piracy for a long time now, and my take on it is this: In the earlier days, piracy tended to be more private, more underground. There were private BBSes where you had to have referals to be able to get an account (after all, the sysop was risking his ass). Some people I know were also part of clubs that would get together and trade disks full of software. Computer software piracy was the most widespread. Console piracy was a bit of a niche, and you didn't see it everywhere, this was partly because Nintendo and Sega were very serious about going after console pirates.
Then piracy started moving over to the Internet. There were probably many private FTP's like the private BBSes, where people put up files on there own space at risk. But something else happened - there were pirate FTP sites placed in locations that were not connected to the person who set up the site. This was done by exploiting misconfigured FTP sites that for example had an incoming directory that could be wrote to and then read from (as well as FTP servers that were just cracked). Thus, the risk became smaller for maintaining pirate sites, and it became more public. You started seeing warez web sites that just linked to the warez.
With things like Hotline and ICQ (as well as IRC file trading), the innevitable happened - file sharing networks were born with the creation of Napster (and the others that followed). Piracy was no longer underground, it was public, out in the open. You can search for something, download it, and log the person's IP address while you're at it. Civil disobedience right out in the open.
And its very easy to get caught. You expose your IP address to everyone, including the ones who want to bust you. If people start getting busted left and right, do you think people are going to sit around sharing their files waitng around to get busted? No. Their going to go back underground. They'll have to use means which don't display their IP address for the world to see, or at least are well hidden and not in the public's eye. For music, people will go back to copying music among friends like its always been done.
Of course I'm thinking of more than music here. But in any case, piracy is a risk, it's always been. If you're going to do it, you have to be careful and take the necessary precautions. Don't do it out in the open. Otherwise, you will get busted.
Finally, in neither case, is the person downloading the file, mp3 or html, going to be committing a crime, because how the hell do they know if the file is illegal or not? We *might* be able to argue that they had a reasonable suspicion that the files were illegal copies, but the primary guilt is still with the person offering them up for download.
True enough. There are many times when I do a P2P search for "amateur" and just download every result and sort them out as I get them. I end up having to delete a lot of copyrighted non-amateur porn because people mislabel files all the time.
Things added to their distribution released under GPL or similar license (and if they want to contribute to GPLed code, they can do that too). I'm quite aware that they can just throw proprietary software on top of Linux. I was just stating what circumstance I would find Microsoft's involvement with Linux as a positive thing. Of course, I wasn't being serious, Microsoft GPLing something?!?
If Microsoft started making closed-source proprietary applications for Linux (e.g. Office), this wouldn't be so bad. But if they made a closed-source proprietary "Win2004 right on top of Linux" like you said -- yeah, that's something I would worry about as it could be damaging. Licensing and source code policy aside, I have to say I'd be interested in seeing how that would turn out.
About 5 seconds into install, when the closed-source firewall running on the closed-source OS catches the closed-source IRC client trying to create the reverse telnet connection.
No need for a telnet connection, a backdoored IRC client can simply operate its backdoor through IRC. (Granted in this particular case it does use an outbound TCP connection)
What they mean by "Businesses with Heavy Traffic Loads" is rich warez monkeys who need 600 kilobytes/second transfer rates to fill up their 1 terabyte RAID in slightly under 20 days.
1. Setup public wireless LAN 2. Crack systems from it (making sure to leave no evidence locally) 3. Claim someone else was using it and is responsible for cracking, and that you are innocent
A guy stealing a car is a theif. A guy uploading an MP3... well that's a little different, isn't it? What if the person on the other end downloading it owns the song? This is the type of case that could go on for quite a while
Or how about this:
1) Buy CD, do not open shrink wrap 2) Download mp3's of tracks on CD 3) Listen to mp3's
4) Decide that CD is not good, delete mp3's and return CD to the store or 4) Decide that CD is good, keep CD, keep mp3's. Optionally open shrink wrap.
You're probably that jerk who sits three rows behind me and tosses m&m's at my head. Fsck you.
Actually, I'm the guy who's so paranoid that he's afraid to open his bag of chocalate covered peanuts for fear that the loud noise will disturb others or that the bag will violently rip open sending peanuts everywhere into the heads of others, so he gets the girl he came with to do it for him. Seriously, that happened when I went to see LotR. BTW You have m&m's tossed at your head all the time? You need to start standing up for yourself.
Why don't you try enjoying life through reason instead of wildly overstimulating your animal brain? You're no better than a dog at that rate.
Umm... ok. I've been sober since December. And that means no alcohol and no caffiene, either. During this time, I've visited other countries, I've had enormous amounts of sex, I've worked out 4-6 times a week, and I've solved some pretty daunting problems. I'm enjoying life through reason (though still being a dog with the constant sex and excercise).
But when the time comes I will use cannabis. Honestly, LotR is so amazing that it deserves the enhancement of cannabis to allow you to completely become part of Middle Earth. And I think there are many stoners among the Slashdot group who agree, and I thought they could learn from my experience in cooking. I don't get stoned for every movie, but for LotR I do! I mean the people of Middle Earth are stoner for Christ's sakes! "Pipe-weed"!!! To take a step further, in real life, Elijiah Wood and other cast members smoke pot (and eat shrooms). Its only appropriate.
Be prepared to bake your pot brownies (or other baked goods) again for this one. I ate a bunch of "christmas cookies" before seeing the Fellowship of the Ring and man was it a blast.
Here's some hints on baking: Simmer butter with ganja (and a little water) for at least 2 hours. After 2 hours or so gradually kick up the heat until you are sauteeing the weed and the water is boiled off. Use butter and weed mixture in your baking recipe of choice. Its better if you don't strain out the weed, you'll waste less. Start eating 2 hours before the movie starts to get it to kick in at the right time. You can eat again right before the movie or whenever. Your timing may very. If you eat it before a meal it'll kick in faster since your body will be in digestive mode.
Enjoy! This is a three hour movie and you'll be nicely toasted the entire time, even when you step out of the theatre. Meanwhile the stoners who only smoked up will be sobering up 1 hour into the movie.
Feel free to e-mail me with any questions: zootread at yahoo dot com
It depends on whether you already have a login somewhere. In which case you would simply be abusing the trust put in you by someone else.
Remote attacks make it irrelevant whether you have a login or not. I'm not an expert on modern attacks, but I'm sure some people around here can talk about these things. I can give you an old example: YP/NIS used to allow anyone to download the/etc/passwd file, you didn't need to have a login to exploit this. There are many others, but that was a common one I saw everywhere. And the simple fact is people abuse trust and also people run trojan horses they receive in e-mail.
Besides, it wouldn't matter even they had. Because if you cannot trust public computers, then you can also not trust SSH on public computers.
That's true. There are many situations where you don't need to worry, but many situations where you should worry and take precautions. Here is another example: You take your laptop to a public facility (e.g. wireless network) where you connect to the network. You are going through a firewall to get to the Internet. You remote access your home computer through the Internet. A cracker has setup a sniffer on the firewall. SSH makes it difficult for the cracker to sniff anything useful from your session.
I trust foreign systems as much as you used to trust that your hacks would not be discovered.
Actually I sometimes waited for my hacks to be discovered and then laughed at the little traps the sysadmins left behind (yet they often didn't find everything and often left their systems unpatched). It was all in good fun and I tried to help 'em along sometimes (such as scare away other crackers with messages that their phone line has been traced). There were some sysadmins who reacted quick, and I actually helped them realize they needed to patch their system. I wasn't that great of a cracker, but I learned much from the experience, and appreciate the knowledge even more now that I am on the other side. Good times.
I actually don't worry that much most of the time. But there are times when you really should take some precautions. To automatically assume that there is no possibility of a threat is foolish.
Seems to me format c: would do just fine for hacking a Windows box, if you managed to get the DOS prompt...
I don't consider wiping a systems drive hacking a box. That's not the kind of thing I'd want to do, its just totally malicious and attracts too much attention. What I like to do is maintain control of a machine, being able to monitor connections (e.g. to sniff login/passwords) and to use the machine for my own purposes such as allowing me get control of other machines. I couldn't even get telnet or ftp to work from this NT box I was using (so I couldn't run my own tools). With UNIX its is easy once you're in cause all the tools you need are already installed.
That was actually really funny, you should put it in your journal.
"Microsoft products are soooo insecure!" "I've spent the last two years being subjected to biased slashdot propaganda. I couldn't hack into a properly configured windows system if my life depended on it."
That's true. If I'm going to hack a system, I'm going to hack *NIX, because its what I know. I wouldn't know what to do if I even got into a Windows system. Though I once remotely got to the "C:\>" prompt on an NT box. I ended up accidentally crashing the box by running a command that wouldn't display over telnet.
Yes. But the hard part is getting into a position where you can even start to sniff.
Umm.. do you really think this is true? How much do you really trust the systems you're going through? I'll give you a real obvious example: if you're using a computer at work or at a lab at school, how hard do you think these systems are to compromise? If you didn't say "very easy" you overestimate the abilities of the people administrating these systems. I used to crack systems, and believe me, there were some very incompetant sysadmins out there (and still are these days). After the trivial matter of getting root, it was then a trivial matter of sniffing login/passwords and gaining access to even more systems. On a nice active system, I'd get dozens of new accounts every day.
As someone who used to go around cracking *NIX systems, and sniffing out login/passwords with ridiculous ease back in the early to mid 90s, I can say yes SSH is a very good thing. It was good to see sysadmins shut down their telnet daemons for good and require that people download and use a SSH client to connect to systems.
What you smoking.. Wanna share? Cannabis sativa. Sure I'll share. Bring some papers or a pipe and we'll spark one up.
Management and a Sales Department are necessary, have you ever tried to get a geek to explain what they built in English?
Its true that for a typical business you need all these extra people. But I think what he was trying to say is that when your only purpose is to code some good software, all you need is a few good coders working together to turn out something of quality.
I hear a lot of people call it sequel, but I just can't draw myself to do it. I just say the letters S-Q-L. Sure that's an extra syllable, but it just sounds better. Saying "sequel" just seems silly somehow.
Wow, and you just admitted to being a pothead on a page that will end up in Google's cache forever. Great idea.
Oh no, everyone will know the one and only "zootread" is a pothead. What will I ever do? I've ruined the reputation of my web alias. There's only one thing I can do now... cough hack cough.. damn, that's some good stuff. now what were we talking about?
Slashdot Mirror
I think he was speaking about public WLAN's that don't require logins. For a wireless network that doesn't require user authentication, its more difficult for them to track someone down. You simply get in range of the WLAN, do your dirty work, be it cracking systems or transferring warez, and then get out of there. Pretty convenient, no? I don't know how long this thing is going to last, but I assure you people will be exploiting wireless technologies for a while due to the difficulty in tracing someone (sure you can triangulate their location, but then you have to go and find them).
The movies are a supplement to the books in this particular case.
Does all this computing power mean we've advanced?
It means our technology has advanced, yes. Is using technology for art and entertainment frivolous? I think not. We, as humans, are creative, and using technology to exhibit this creativity is in our nature.
The music for *my* band is free for download, and you won't find it in a store. Granted, I don't know if we're a "cool new band."
I think they're making the right decision here. Losing in the Supreme Court would not be good.
Well, I've been observing piracy for a long time now, and my take on it is this: In the earlier days, piracy tended to be more private, more underground. There were private BBSes where you had to have referals to be able to get an account (after all, the sysop was risking his ass). Some people I know were also part of clubs that would get together and trade disks full of software. Computer software piracy was the most widespread. Console piracy was a bit of a niche, and you didn't see it everywhere, this was partly because Nintendo and Sega were very serious about going after console pirates.
Then piracy started moving over to the Internet. There were probably many private FTP's like the private BBSes, where people put up files on there own space at risk. But something else happened - there were pirate FTP sites placed in locations that were not connected to the person who set up the site. This was done by exploiting misconfigured FTP sites that for example had an incoming directory that could be wrote to and then read from (as well as FTP servers that were just cracked). Thus, the risk became smaller for maintaining pirate sites, and it became more public. You started seeing warez web sites that just linked to the warez.
With things like Hotline and ICQ (as well as IRC file trading), the innevitable happened - file sharing networks were born with the creation of Napster (and the others that followed). Piracy was no longer underground, it was public, out in the open. You can search for something, download it, and log the person's IP address while you're at it. Civil disobedience right out in the open.
And its very easy to get caught. You expose your IP address to everyone, including the ones who want to bust you. If people start getting busted left and right, do you think people are going to sit around sharing their files waitng around to get busted? No. Their going to go back underground. They'll have to use means which don't display their IP address for the world to see, or at least are well hidden and not in the public's eye. For music, people will go back to copying music among friends like its always been done.
Of course I'm thinking of more than music here. But in any case, piracy is a risk, it's always been. If you're going to do it, you have to be careful and take the necessary precautions. Don't do it out in the open. Otherwise, you will get busted.
Finally, in neither case, is the person downloading the file, mp3 or html, going to be committing a crime, because how the hell do they know if the file is illegal or not? We *might* be able to argue that they had a reasonable suspicion that the files were illegal copies, but the primary guilt is still with the person offering them up for download.
True enough. There are many times when I do a P2P search for "amateur" and just download every result and sort them out as I get them. I end up having to delete a lot of copyrighted non-amateur porn because people mislabel files all the time.
Things added to their distribution released under GPL or similar license (and if they want to contribute to GPLed code, they can do that too). I'm quite aware that they can just throw proprietary software on top of Linux. I was just stating what circumstance I would find Microsoft's involvement with Linux as a positive thing. Of course, I wasn't being serious, Microsoft GPLing something?!?
If Microsoft started making closed-source proprietary applications for Linux (e.g. Office), this wouldn't be so bad. But if they made a closed-source proprietary "Win2004 right on top of Linux" like you said -- yeah, that's something I would worry about as it could be damaging. Licensing and source code policy aside, I have to say I'd be interested in seeing how that would turn out.
"Microsoft Linux" would be fine, as long as everything they add is licensed under the GPL.
Maybe the NSA will buy it and then open source it, then include it with their SE Linux.
About 5 seconds into install, when the closed-source firewall running on the closed-source OS catches the closed-source IRC client trying to create the reverse telnet connection.
No need for a telnet connection, a backdoored IRC client can simply operate its backdoor through IRC. (Granted in this particular case it does use an outbound TCP
connection)
What they mean by "Businesses with Heavy Traffic Loads" is rich warez monkeys who need 600 kilobytes/second transfer rates to fill up their 1 terabyte RAID in slightly under 20 days.
Damn, that sucks. I've said it before, and I'll say it again. COX lives up to their name. Fortunately I'm no longer a customer.
1. Setup public wireless LAN
2. Crack systems from it (making sure to leave no evidence locally)
3. Claim someone else was using it and is responsible for cracking, and that you are innocent
Unfortunately, I think firewalls are generally setup to block the IP address, rather than the domain name. Though I could be wrong.
A guy stealing a car is a theif. A guy uploading an MP3 ... well that's a little different, isn't it? What if the person on the other end downloading it owns the song? This is the type of case that could go on for quite a while
Or how about this:
1) Buy CD, do not open shrink wrap
2) Download mp3's of tracks on CD
3) Listen to mp3's
4) Decide that CD is not good, delete mp3's and return CD to the store
or
4) Decide that CD is good, keep CD, keep mp3's. Optionally open shrink wrap.
You're probably that jerk who sits three rows behind me and tosses m&m's at my head. Fsck you.
Actually, I'm the guy who's so paranoid that he's afraid to open his bag of chocalate covered peanuts for fear that the loud noise will disturb others or that the bag will violently rip open sending peanuts everywhere into the heads of others, so he gets the girl he came with to do it for him. Seriously, that happened when I went to see LotR. BTW You have m&m's tossed at your head all the time? You need to start standing up for yourself.
Why don't you try enjoying life through reason instead of wildly overstimulating your animal brain? You're no better than a dog at that rate.
Umm... ok. I've been sober since December. And that means no alcohol and no caffiene, either. During this time, I've visited other countries, I've had enormous amounts of sex, I've worked out 4-6 times a week, and I've solved some pretty daunting problems. I'm enjoying life through reason (though still being a dog with the constant sex and excercise).
But when the time comes I will use cannabis. Honestly, LotR is so amazing that it deserves the enhancement of cannabis to allow you to completely become part of Middle Earth. And I think there are many stoners among the Slashdot group who agree, and I thought they could learn from my experience in cooking. I don't get stoned for every movie, but for LotR I do! I mean the people of Middle Earth are stoner for Christ's sakes! "Pipe-weed"!!! To take a step further, in real life, Elijiah Wood and other cast members smoke pot (and eat shrooms). Its only appropriate.
Be prepared to bake your pot brownies (or other baked goods) again for this one. I ate a bunch of "christmas cookies" before seeing the Fellowship of the Ring and man was it a blast.
Here's some hints on baking:
Simmer butter with ganja (and a little water) for at least 2 hours. After 2 hours or so gradually kick up the heat until you are sauteeing the weed and the water is boiled off. Use butter and weed mixture in your baking recipe of choice. Its better if you don't strain out the weed, you'll waste less. Start eating 2 hours before the movie starts to get it to kick in at the right time. You can eat again right before the movie or whenever. Your timing may very. If you eat it before a meal it'll kick in faster since your body will be in digestive mode.
Enjoy! This is a three hour movie and you'll be nicely toasted the entire time, even when you step out of the theatre. Meanwhile the stoners who only smoked up will be sobering up 1 hour into the movie.
Feel free to e-mail me with any questions: zootread at yahoo dot com
It depends on whether you already have a login somewhere. In which case you would simply be abusing the trust put in you by someone else.
/etc/passwd file, you didn't need to have a login to exploit this. There are many others, but that was a common one I saw everywhere. And the simple fact is people abuse trust and also people run trojan horses they receive in e-mail.
Remote attacks make it irrelevant whether you have a login or not. I'm not an expert on modern attacks, but I'm sure some people around here can talk about these things. I can give you an old example: YP/NIS used to allow anyone to download the
Besides, it wouldn't matter even they had. Because if you cannot trust public computers, then you can also not trust SSH on public computers.
That's true. There are many situations where you don't need to worry, but many situations where you should worry and take precautions. Here is another example: You take your laptop to a public facility (e.g. wireless network) where you connect to the network. You are going through a firewall to get to the Internet. You remote access your home computer through the Internet. A cracker has setup a sniffer on the firewall. SSH makes it difficult for the cracker to sniff anything useful from your session.
I trust foreign systems as much as you used to trust that your hacks would not be discovered.
Actually I sometimes waited for my hacks to be discovered and then laughed at the little traps the sysadmins left behind (yet they often didn't find everything and often left their systems unpatched). It was all in good fun and I tried to help 'em along sometimes (such as scare away other crackers with messages that their phone line has been traced). There were some sysadmins who reacted quick, and I actually helped them realize they needed to patch their system. I wasn't that great of a cracker, but I learned much from the experience, and appreciate the knowledge even more now that I am on the other side. Good times.
I actually don't worry that much most of the time. But there are times when you really should take some precautions. To automatically assume that there is no possibility of a threat is foolish.
Seems to me format c: would do just fine for hacking a Windows box, if you managed to get the DOS prompt...
I don't consider wiping a systems drive hacking a box. That's not the kind of thing I'd want to do, its just totally malicious and attracts too much attention. What I like to do is maintain control of a machine, being able to monitor connections (e.g. to sniff login/passwords) and to use the machine for my own purposes such as allowing me get control of other machines. I couldn't even get telnet or ftp to work from this NT box I was using (so I couldn't run my own tools). With UNIX its is easy once you're in cause all the tools you need are already installed.
That was actually really funny, you should put it in your journal.
"Microsoft products are soooo insecure!"
"I've spent the last two years being subjected to biased slashdot propaganda. I couldn't hack into a properly configured windows system if my life depended on it."
That's true. If I'm going to hack a system, I'm going to hack *NIX, because its what I know. I wouldn't know what to do if I even got into a Windows system. Though I once remotely got to the "C:\>" prompt on an NT box. I ended up accidentally crashing the box by running a command that wouldn't display over telnet.
Yes. But the hard part is getting into a position where you can even start to sniff.
Umm.. do you really think this is true? How much do you really trust the systems you're going through? I'll give you a real obvious example: if you're using a computer at work or at a lab at school, how hard do you think these systems are to compromise? If you didn't say "very easy" you overestimate the abilities of the people administrating these systems. I used to crack systems, and believe me, there were some very incompetant sysadmins out there (and still are these days). After the trivial matter of getting root, it was then a trivial matter of sniffing login/passwords and gaining access to even more systems. On a nice active system, I'd get dozens of new accounts every day.
As someone who used to go around cracking *NIX systems, and sniffing out login/passwords with ridiculous ease back in the early to mid 90s, I can say yes SSH is a very good thing. It was good to see sysadmins shut down their telnet daemons for good and require that people download and use a SSH client to connect to systems.
What you smoking.. Wanna share?
Cannabis sativa. Sure I'll share. Bring some papers or a pipe and we'll spark one up.
Management and a Sales Department are necessary, have you ever tried to get a geek to explain what they built in English?
Its true that for a typical business you need all these extra people. But I think what he was trying to say is that when your only purpose is to code some good software, all you need is a few good coders working together to turn out something of quality.
I hear a lot of people call it sequel, but I just can't draw myself to do it. I just say the letters S-Q-L. Sure that's an extra syllable, but it just sounds better. Saying "sequel" just seems silly somehow.
Wow, and you just admitted to being a pothead on a page that will end up in Google's cache forever. Great idea.
Oh no, everyone will know the one and only "zootread" is a pothead. What will I ever do? I've ruined the reputation of my web alias. There's only one thing I can do now... cough hack cough.. damn, that's some good stuff. now what were we talking about?