Skype calls to a landline will cost you, yes. Skype has to pay for the infrastructure necessary to hook their phone network to POTS. You'd profit if your friend elsewhere in India *also* has a PC with Skype. PC-to-PC calls are free.
We had a glossy in the mail today from Valor Telecom that scored a point for good old POTS. If the power goes out long enough that the battery in your VOIP cable box goes out, how would you call emergency services if you needed them??
Personally, I'd use one of the three cellphones we have in the house, but not everyone has one.
To add to the humour, there was also a glossy from Cox Cable, offering to install cable real cheap. We ditched cable (TV & Internet) over a year ago and got DishTV & DSL.
Re:Wow, this is great news for criminals everywher
on
Cell Phone On A Chip
·
· Score: 1
Heh. I had this sudden vision of the whole "war on terror" thing being a conspiracy among phone manufacturers to sell more phones...:)
To wit, I just did a few back-of-the-napkin calculations to figure out just how far away two 600mW phones can be with usable signal. The best answer I got was:
Not very bloody far.
In a city, or other moderately built up area, you're gonna be within shouting distance anyway, so why even bother with a phone?
My phone does exactly that - just makes calls. It has the capability to download Java games and ringtones, send/receive text messages, etc, but I'm not using those capabilities. It was the cheapest (i.e. "free") option when I switched my account from AT&T to Cingular, and I really don't give a damn about the extras. On the face of it, the extras didn't cost anything - I imagine the phone is about to be obsoleted and Cingular has a ton of stock to shift.
If you have a smart enough log analyser, you could have it print out just the interesting bits - for example, once it has reason to believe an intruder has penetrated your outer defenses, it should probably start printing. That way, if the intruder reaches the point where he can disable logging, you already have an audit trail. Or maybe just dump the most recent 30 minutes of logs to paper when it becomes obvious that regular logging activities have ceased, on the assumption that the logger *might* yet be cracked.
The point being that it's easer to prove that a printed log is a true representation of the events, while an electronic log can be modified. That's assuming you trust law enforcement enough to do a proper job of investigating and prosecuting any intruder...
Of course, your logger could deliberately falsify the data it prints, but you can leave the cops and the intruder's attorney to figure that one out for themselves...:)
Here's another possibility - if you have a trustworthy friend nearby with internet access, you could arrange to have your logger dial out to another cheap old server you place on *his* network so that it can do DNS lookups and other tracking stuff using a network connection that probably hasn't been compromised by the intruder in your network.
I'm gonna stop there - I'm not *that* paranoid. Really.
Hmmm. You do know that in Windows you can just unplug the network cable and plug it back whenever you want, and things will Just Work -- no need to reach for "ifconfig eth0 up", right?
Funny, that's exactly how my Linux laptop works too - I can plug or unplug the network cable and, with no typing *or* mouse clicks at all, the network gets configured by ifplugd...
Given that the firewall is an old Acer Advantage, and that recompiling the kernel is a pain, doesn't that go at least part way towards implying there's a compiler on the firewall?? Any one in a position to insmod a rootkit would also be able to compile up any other tools they needed...
As soon as I can grab another cheap computer, I will configure the logs on the server to simply be sent to the internal server box, and stop using my desktop as a mail server on the side.
For the truely paranoid, simply sending the logs to another server isn't quite enough. You should consider making your log machine completely standalone, or at least with no connections to any part of your network that could be reached by breaching your firewalls. Send the logs over a serial link to the log machine. Better yet, log to paper - that's really hard for an intruder to modify...
BIOS password is irrelevant to anyone with physical access - they can simply steal your disk drive and bring it up as a secondary drive on another machine. Assuming they can operate a screwdriver while wearing bandages after the burn treatment...:)
I guess I assumed there was a phone socket in every room of the Bat Mansion, and Alfred simply plugged in the phone on a long lead... Or maybe there were sockets strategically placed in the hallways so that Alfred could plug in the phone nearby and use a long lead to get the rest of the way??
I also recall standalone touch-tone generators. Just a touchpad on remote-control-sized box with a speaker that you could hold up the the microphone of a rotary phone and dial the number. I honestly don't know if these were actual consumer devices or some sort of technician's/phreak's tool.
I actually have one of those. It was handed out as part of a bank package, so that customers with pulse-dial phones could access their bank account using the bank's touch-tone remote access. It was rumoured that the same kind of device could be used with a rotary payphone to make calls without having to pay for them.
So yes, it was an honest-to-goodness consumer device. There may also have been some truth to the "phreak" rumour, but I don't know anyone that tried it.
Why didn't he have to comply with it because he had Platinum status in American's frequent flyer program?
In case nobody else suggests it, here's my theory - AA may or may not have had good reason to ask for the information, but when this passenger stood up to them and demanded answers to difficult questions, they bailed out. His Platinum frequent flyer status gave them two things: 1) a useful excuse to back down gracefully; 2) the thought that a regular customer might go elsewhere. He'd already mentioned flying recently with USAirways, so he obviously didn't feel he *had* to go with AA. Then there's the network effect - telling his friends "nope, not using AA again, they wanted to know all your names and addresses..."
With luck, they'll try to fuck over Microsoft for "Windows File Share", which is obviously designed to allow file swapping. I'm hoping Microsoft will care enough to expend some of their $40Bn warchest to buy these clowns out of office...
Just out of curiousity, what does it cost to get the microcontroller programmed?? That's probably what would bite me. I did a bit of hardware control waaay back (Sinclair Spectrum w/Z80 cpu controlling a bunch of radio-control servos) but I don't have the equipment to work with microcontrollers. Not to mention wife, kids & tight budget...:)
It seems to me that the reduced cognitive function in heavy usage cellphone users is likely to be because they're thinking about a) the last call they took; or b) the call they're about to make. Couple that with the necessary derailment of any thought train when the rotten thing starts ringing, and you've got a portion of the population who couldn't run a maze any better than a three legged, blind rat...
If the guy's tests and subsequent claims really are BS, why not sue him for slander?? I'd think that damage to the company's reputation would be worth more than a copyright lawsuit. Or maybe they're worried that they can't actually win a slander suit due to actually having broken product??
Sure, but "fair use" fragment or not, there isn't really much reason to publish it. Is it even necessary to admit that he reverse engineered the product?? He could have simply listed the vulnerabilities and associated exploits without any details about how he found them.
Yes, but this id10t researcher is currently working at Harvard, which, if I recall correctly, *IS* in the US. The article isn't clear about whether the researcher was at Harvard a couple of years ago when this first started, but that's apparently where he is now. The article also isn't clear about why, if this all took place at Harvard, they'd be suing in France instead of the US...
Interesting. In the first paragraph they say the guy's test methodology was inconsistent, and that some of the weaknesses he pointed out don't even exist. And yet, they're suing him...
Also interesting is this statement about the product in question: ViGUARD's main advantage is that it does not need virus signatures to stop infections. I wonder if it merely protects a system against active infection and doesn't take any action against dormant viruses that are "just passing through"?? Without a signature database, you wouldn't know something was bad until it tried to attack your system...
If that defect were severe enough to kill someone and he did not publish his knowledge of the defect, then could he then be held criminally liable and be accused of negligent homocide?
I'd say no. After all, if he didn't publish his knowledge, how the heck would anyone know that he knew about it??
Slashdot Mirror
Skype calls to a landline will cost you, yes. Skype has to pay for the infrastructure necessary to hook their phone network to POTS. You'd profit if your friend elsewhere in India *also* has a PC with Skype. PC-to-PC calls are free.
Personally, I'd use one of the three cellphones we have in the house, but not everyone has one.
To add to the humour, there was also a glossy from Cox Cable, offering to install cable real cheap. We ditched cable (TV & Internet) over a year ago and got DishTV & DSL.
Heh. I had this sudden vision of the whole "war on terror" thing being a conspiracy among phone manufacturers to sell more phones... :)
In a city, or other moderately built up area, you're gonna be within shouting distance anyway, so why even bother with a phone?
My phone does exactly that - just makes calls. It has the capability to download Java games and ringtones, send/receive text messages, etc, but I'm not using those capabilities. It was the cheapest (i.e. "free") option when I switched my account from AT&T to Cingular, and I really don't give a damn about the extras. On the face of it, the extras didn't cost anything - I imagine the phone is about to be obsoleted and Cingular has a ton of stock to shift.
Yeah, but I bet Bill gets a much more meaningful tax deduction from his $750M than you would from your $1.50...
If you have a smart enough log analyser, you could have it print out just the interesting bits - for example, once it has reason to believe an intruder has penetrated your outer defenses, it should probably start printing. That way, if the intruder reaches the point where he can disable logging, you already have an audit trail. Or maybe just dump the most recent 30 minutes of logs to paper when it becomes obvious that regular logging activities have ceased, on the assumption that the logger *might* yet be cracked. The point being that it's easer to prove that a printed log is a true representation of the events, while an electronic log can be modified. That's assuming you trust law enforcement enough to do a proper job of investigating and prosecuting any intruder... Of course, your logger could deliberately falsify the data it prints, but you can leave the cops and the intruder's attorney to figure that one out for themselves... :)
Here's another possibility - if you have a trustworthy friend nearby with internet access, you could arrange to have your logger dial out to another cheap old server you place on *his* network so that it can do DNS lookups and other tracking stuff using a network connection that probably hasn't been compromised by the intruder in your network.
I'm gonna stop there - I'm not *that* paranoid. Really.
Funny, that's exactly how my Linux laptop works too - I can plug or unplug the network cable and, with no typing *or* mouse clicks at all, the network gets configured by ifplugd...
Given that the firewall is an old Acer Advantage , and that recompiling the kernel is a pain, doesn't that go at least part way towards implying there's a compiler on the firewall?? Any one in a position to insmod a rootkit would also be able to compile up any other tools they needed...
For the truely paranoid, simply sending the logs to another server isn't quite enough. You should consider making your log machine completely standalone, or at least with no connections to any part of your network that could be reached by breaching your firewalls. Send the logs over a serial link to the log machine. Better yet, log to paper - that's really hard for an intruder to modify...
BIOS password is irrelevant to anyone with physical access - they can simply steal your disk drive and bring it up as a secondary drive on another machine. Assuming they can operate a screwdriver while wearing bandages after the burn treatment... :)
I guess I assumed there was a phone socket in every room of the Bat Mansion, and Alfred simply plugged in the phone on a long lead... Or maybe there were sockets strategically placed in the hallways so that Alfred could plug in the phone nearby and use a long lead to get the rest of the way??
I actually have one of those. It was handed out as part of a bank package, so that customers with pulse-dial phones could access their bank account using the bank's touch-tone remote access. It was rumoured that the same kind of device could be used with a rotary payphone to make calls without having to pay for them.
So yes, it was an honest-to-goodness consumer device. There may also have been some truth to the "phreak" rumour, but I don't know anyone that tried it.
In case nobody else suggests it, here's my theory - AA may or may not have had good reason to ask for the information, but when this passenger stood up to them and demanded answers to difficult questions, they bailed out. His Platinum frequent flyer status gave them two things: 1) a useful excuse to back down gracefully; 2) the thought that a regular customer might go elsewhere. He'd already mentioned flying recently with USAirways, so he obviously didn't feel he *had* to go with AA. Then there's the network effect - telling his friends "nope, not using AA again, they wanted to know all your names and addresses..."
With luck, they'll try to fuck over Microsoft for "Windows File Share", which is obviously designed to allow file swapping. I'm hoping Microsoft will care enough to expend some of their $40Bn warchest to buy these clowns out of office...
Just out of curiousity, what does it cost to get the microcontroller programmed?? That's probably what would bite me. I did a bit of hardware control waaay back (Sinclair Spectrum w/Z80 cpu controlling a bunch of radio-control servos) but I don't have the equipment to work with microcontrollers. Not to mention wife, kids & tight budget... :)
And I can't help thinking that at the rate blood gets pumped around the body, the extra warmth will be dissipated fairly quickly...
It seems to me that the reduced cognitive function in heavy usage cellphone users is likely to be because they're thinking about a) the last call they took; or b) the call they're about to make. Couple that with the necessary derailment of any thought train when the rotten thing starts ringing, and you've got a portion of the population who couldn't run a maze any better than a three legged, blind rat...
There's a phone book for cell phone users?? Cool!! Where can I get one??
If the guy's tests and subsequent claims really are BS, why not sue him for slander?? I'd think that damage to the company's reputation would be worth more than a copyright lawsuit. Or maybe they're worried that they can't actually win a slander suit due to actually having broken product??
I wonder is this is yet another twist of the knife in SCO's guts?? Does SCO claim to own anything in the list??
Sure, but "fair use" fragment or not, there isn't really much reason to publish it. Is it even necessary to admit that he reverse engineered the product?? He could have simply listed the vulnerabilities and associated exploits without any details about how he found them.
Yes, but this id10t researcher is currently working at Harvard, which, if I recall correctly, *IS* in the US. The article isn't clear about whether the researcher was at Harvard a couple of years ago when this first started, but that's apparently where he is now. The article also isn't clear about why, if this all took place at Harvard, they'd be suing in France instead of the US...
Also interesting is this statement about the product in question: ViGUARD's main advantage is that it does not need virus signatures to stop infections. I wonder if it merely protects a system against active infection and doesn't take any action against dormant viruses that are "just passing through"?? Without a signature database, you wouldn't know something was bad until it tried to attack your system...
I'd say no. After all, if he didn't publish his knowledge, how the heck would anyone know that he knew about it??