Which makes it no worse than any other hack, virus or worm. You can already take complete control over the computer without resorting to microcode. I think that what this would get down to is detectability. It is also above most script k1ddi3z to reverse engineer signed (most likely) black-box microcode in the first place, let alone make it do anything that would be useful to an OS. Most likely, I would think that one could come up with a series of instructions in a very particular order, that when run, would crash the system. If you had a reliable way to make the OS trigger this condition, especially remotely, you could have a lot of fun.
That could be hard to detect, considering that there is nothing in the OS to blame, just some microcode that a lot of people would o overlook.
Defining character classes and allowing at least a certain number of them. Examples would be uppercase, lowercase, symbols, digits. You can also restrict order, can't end with a digit, et cetera. Dictionary lookups at creation can also help.
1. Online dictionary attacks are highly detectable. I'd prefer not to use any platform that would easily allow for an offline dictionary attack (i.e. kerberos 4, kerberos 5 w/o pre-auth, unix passwd file w/o separate shadow, plain ldap). Even with a dictionary that favors this kind of behavior, it will still take a LONG time if you requre 8 char passwords. 2. Not if they use it often. 3. At least it isn't posted on the internet. That should be against the security policy.
How could I check the security of my users' passwords without a dictionary cracker? 1) Set a strong password strength policy. 2) Set a 6 maximum age for all passwords. 3) Set sooner expirations in a phased roll-out to rotate passwords. 4) Enjoy.
Now we know why it takes so long for patches to come out, they need to deploy cluster upon cluster of SQL servers every time they do so that they can handle the volume of phone-home data they get.
You are either kidding, or a troll. I'm going to assume that you are kidding.
I can tell the difference with either the stock buds that came with my iRiver (low-low grade Sennheisers) or the ones that came with my iAudio. I do understand that the fact that I normally spend more money on headphones than the mp3 player itself tags me as an audio-snob, but this is a joke. My girlfriend has a pair of E2Cs, which she can easily tell the difference betweek 192k VBR mp3 and lossless.
Either they are using really shitty headphones, are not experts, or are lying.
Yeah... but the same argument was made about spam when it was getting started. I bet it's a lot harder to stop than that. SPAM works well through e-mail, and basically nothing else.
Domains are not free. Domains and hosting have many more "paper" trails than e-mail (which has none). There are a limited number of typos and other mistakes, which are the real source of profit. We don't have to make this impossible, or eliminate it completely. We just need to make unprofitable.
Domain parkers can't resport to a lot of the dirty techniques that SPAMers do.
Assuming that: a) parked domains with advertisements/portals are detectable b) list of these sites could be easily kept up to date c) something that I haven't though of could be used to quickly determine if a domain was parked
Then it would be a trivial plugin to rewrite common typos, and avoid these sites entirely. We can push the advertising somewhere else!
Slashdot Mirror
Thanks. Maybe /. editors will understand common hardware hacking terminology someday. We can only hope.
That could be hard to detect, considering that there is nothing in the OS to blame, just some microcode that a lot of people would o overlook.
http://www.emperorlinux.com/ ?
Ubuntu 7.04, works great.
Defining character classes and allowing at least a certain number of them. Examples would be uppercase, lowercase, symbols, digits. You can also restrict order, can't end with a digit, et cetera. Dictionary lookups at creation can also help.
First off, don't make it too strong of a policy.
1. Online dictionary attacks are highly detectable. I'd prefer not to use any platform that would easily allow for an offline dictionary attack (i.e. kerberos 4, kerberos 5 w/o pre-auth, unix passwd file w/o separate shadow, plain ldap). Even with a dictionary that favors this kind of behavior, it will still take a LONG time if you requre 8 char passwords.
2. Not if they use it often.
3. At least it isn't posted on the internet. That should be against the security policy.
2) Set a 6 maximum age for all passwords.
3) Set sooner expirations in a phased roll-out to rotate passwords.
4) Enjoy.
It works, and it scales.
fucking lollorz
BonziCometWeatherCursorBuddyBug is perfectly secure. It does exactly what the author intended. :-)
My password is t0b|3rOn3 ... someone hook me up.
Err, I thought that it was to reduce build-up and naturally spread more evenly, the whole magic cross thing.
The point is that the processor CAP is grooved to allow you to spread it normally. Little to no change in how you apply.
Now we know why it takes so long for patches to come out, they need to deploy cluster upon cluster of SQL servers every time they do so that they can handle the volume of phone-home data they get.
That's a great idea.
Now the virus has to change the DNS servers the system uses in order to redirect important domain names.
Can we start rejecting 'scoops' that sound like a radio/TV demolition durby or monster-truck madness advertisement?
1) Sources.
2) What kind of headphones are they using?
You are either kidding, or a troll. I'm going to assume that you are kidding.
I can tell the difference with either the stock buds that came with my iRiver (low-low grade Sennheisers) or the ones that came with my iAudio. I do understand that the fact that I normally spend more money on headphones than the mp3 player itself tags me as an audio-snob, but this is a joke. My girlfriend has a pair of E2Cs, which she can easily tell the difference betweek 192k VBR mp3 and lossless.
Either they are using really shitty headphones, are not experts, or are lying.
Mod me up people, am I right?
I bet it's a lot harder to stop than that. SPAM works well through e-mail, and basically nothing else.
Domains are not free. Domains and hosting have many more "paper" trails than e-mail (which has none). There are a limited number of typos and other mistakes, which are the real source of profit. We don't have to make this impossible, or eliminate it completely. We just need to make unprofitable.
Domain parkers can't resport to a lot of the dirty techniques that SPAMers do.
Assuming that:
a) parked domains with advertisements/portals are detectable
b) list of these sites could be easily kept up to date
c) something that I haven't though of could be used to quickly determine if a domain was parked
Then it would be a trivial plugin to rewrite common typos, and avoid these sites entirely. We can push the advertising somewhere else!
GE licenses their brand-name to Thomson. Thomson makes RCA products, so this is basically just an RCA VCR.
http://en.wikipedia.org/wiki/Thomson_SA
I'm ignorant, how does the RIAA make money. Do they get a cut of albums, or do artits/labels pay them dues?
I think that it would be strange for them to get an actual cut, but that's just me.
I think that you mean software that isn't free/libre/open-source...
Can we please put the 'itsatrap' tag to good use folks?
Dude, this was on a Mac... no games. duh