According to Balmer this isn't even one KLoC....and after all isn't that the definitative criteria for figuring code costs ??? Just less than a KLoC's worth of thoughts...
Makes sense if you look a PSU as an ISP... just the cost savings in the reduction of bandwidth purchased and by serving cached MP-3's locally is BIG money.
I'm just wondering why someone doesnt release a "Fizzer" - "Code-Red" type of worm that will actually FIX some of Redmond's holes..... seems kinda logical dont ya think ???
I too do "3D" but its only to connect to "Control systems"... also the Vid proggry i have to enable system users to do maintenance vids is kinda cool...http://www.lamack.org/
After reading this i thought of the guy that did the majority of the network code for Mechwarrior Mercs 2... I believe Dan Kegal is the guy....
interesting person.... and after taking apart the network code for that game i have the utmost admiration for him..i wish i could get his take on this discussion.....
Thank God i lived through those way cool times without having a Fed hammering on my door for my actions.... (and being arrested) although the Air Force did pay me a visit way back when...
Dude i have been to this country and i HIGHLY recommend some friggin running hot water in the hotels before net connectivity..... Possibly servering also a good steak that the waiters might not think was the local canine might also be a good idea.... (honest post)
I agree with your comments here. But wish to add one more observation.. it also seems that these companies peddling garbage have found a method of using our "laws" against us as a majority. Very sad state of affairs.
Sorry bout the double post but that link was'nt correct.
This one should work.
http://spaceflight.nasa.gov/shuttle/reference/shut ref/orbiter/comm/inst/silts.html
It seems that the top 24" of the vertical stabilizer also houses an infrared camera system that takes a snapshot of the shuttles thermal image as looking forward. Its (was) called the "SILTS" pod. Its data went to one of the OEX recorders. A link here Http://science.ksc.nasa.gov/shuttle/technology/sts -newsref/sts-inst.html#sts-silts
describes its operation. I'd be very interested in what the data from it indicates.
Very GOOD response. I visited the site he links to and found no such data, after a thorough reading to support his premise. Some people will always be paranoid, and lets not forget that Bush and his team might not be there after the next election.
I don't know about all the rest of you but I'm just a little sick of these " free advertising"
posts. I mean come on people who gives a shit about a new model phone.... unless of course it comes with a free number to view some live porn....
First assuming they can read and write..ENGLSIH.and type and understand what a computer is and what the internet is !Hello..!! lets take it further... great they don't know about sterilization and germs but they can use google to find all that!! Animal husbandry... hmmm lets see the water buffalo needs new teeth..lets go check out a site for the nearest buffalo orthidontist.. Contour plowing... hmmm the land is as flat as my wifes chest.. Lets see opportunites for gay people... dam i didnt know the guys down the road in the next hut are checking out Monster for new jobs.. Education... there is some potential there.. Information on repair music blah blah blha.... how many people in the world use English at all ????and last, let everybody there use the information provide by their new broadband connection to phone the world with all their newfound knowledge but wait no..phones... dam lets wait for the cels to arrive next week...
I got this post from the VulnWatch listserver this morning at 4:00 am.. don't ask why i was up that early but i almost fired off an email to this guy. Along with the post came 2 attachments. Proof of concept... his exploit?? I don't know as my mail server tagged them as it does all attachments. I'll look at them today and let you know what they are.
Article Content:
-----BEGIN PGP SIGNED MESSAGE-----
It seems the exploit was not included in the first vulnwatch e-mail. Here you go.
- - ----- Forwarded Message from gobbles@hushmail.com -----
___ ___ ___ ___ _ ___ ___ ___ ___ ___ _ _ ___ ___ _______
/ __|/ _ \| _ ) _ ) | | __/ __| / __| __/ __| | | | _ \_ _|_ _\ \ / /
| (_ | (_) | _ \ _ \ |__| _|\__ \ \__ \ _| (__| |_| |/| | | | \ V /
\___|\___/|___/___/____|___|___/ |___/___\___|\___/|_|_\___| |_| |_|
"Putting the honey in honeynet since '98."
Introduction:
Several months ago, GOBBLES Security was recruited by the RIAA (riaa.org)
to invent, create, and finally deploy the future of antipiracy tools. We
focused on creating virii/worm hybrids to infect and spread over p2p nets.
Until we became RIAA contracters, the best they could do was to passively
monitor traffic. Our contributions to the RIAA have given them the power
to actively control the majority of hosts using these networks.
We focused our research on vulnerabilities in audio and video players.
The idea was to come up with holes in various programs, so that we could
spread malicious media through the p2p networks, and gain access to the
host when the media was viewed.
During our research, we auditted and developed our hydra for the following
media tools:
mplayer (www.mplayerhq.org)
WinAMP (www.winamp.com)
Windows Media Player (www.microsoft.com)
xine (xine.sourceforge.net)
mpg123 (www.mpg123.de)
xmms (www.xmms.org)
After developing robust exploits for each, we presented this first part of
our research to the RIAA. They were pleased, and approved us to continue
to phase two of the project -- development of the mechanism by which the
infection will spread.
It took us about a month to develop the complex hydra, and another month to
bring it up to the standards of excellence that the RIAA demanded of us. In
the end, we submitted them what is perhaps the most sophisticated tool for
compromising millions of computers in moments.
Our system works by first infecting a single host. It then fingerprints a
connecting host on the p2p network via passive traffic analysis, and
determines what the best possible method of infection for that host would
be. Then, the proper search results are sent back to the "victim" (not the
hard-working artists who p2p technology rapes, and the RIAA protects). The
user will then (hopefully) download the infected media file off the RIAA
server, and later play it on their own machine.
When the player is exploited, a few things happen. First, all p2p-serving
software on the machine is infected, which will allow it to infect other
hosts on the p2p network. Next, all media on the machine is cataloged, and
the full list is sent back to the RIAA headquarters (through specially
crafted requests over the p2p networks), where it is added to their records
and stored until a later time, when it can be used as evidence in criminal
proceedings against those criminals who think it's OK to break the law.
Our software worked better than even we hoped, and current reports indicate
that nearly 95% of all p2p-participating hosts are now infected with the
software that we developed for the RIAA.
Things to keep in mind:
1) If you participate in illegal file-sharing networks, your
computer now belongs to the RIAA.
2) Your BlackIce Defender(tm) firewall will not help you.
3) Snort, RealSecure, Dragon, NFR, and all that other crap
cannot detect this attack, or this type of attack.
4) Don't fuck with the RIAA again, scriptkids.
5) We have our own private version of this hydra actively
infecting p2p users, and building one giant ddosnet.
Due to our NDA with the RIAA, we are unable to give out any other details
concerning the technology that we developed for them, or the details on any
of the bugs that are exploited in our hydra.
However, as a demonstration of how this system works, we're providing the
academic security community with a single example exploit, for a mpg123 bug
that was found independantly of our work for the RIAA, and is not covered
under our agreement with the establishment.
Affected Software:
mpg123 (pre0.59s)
http://www.mpg123.de
Problem Type:
Local && Remote
Vendor Notification Status:
The professional staff of GOBBLES Security believe that by releasing our
advisories without vendor notification of any sort is cute and humorous, so
this is also the first time the vendor has been made aware of this problem.
We hope that you're as amused with our maturity as we are.;PpPppPpPpPPPpP
Exploit Available:
Yes, attached below.
Technical Description of Problem:
Read the source.
Credits:
Special thanks to stran9er@openwall.com for the ethnic-cleansing shellcode.
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wlwEARECABwFAj4jFUIVHGdvYmJsZXNAaHVzaG1haWwuY29tAA oJEBzRp5chmbAPJgsA
nAnM8UDSXkairnRtit9avLxELv+YAJ9PFrHNlLWQYu0hfdCD6K oJd+xALQ==
=c41P
-----END PGP SIGNATURE-----
I built one of these for my new wife about 15 years ago.... Even coded a cute little game (Trash-80 style) to try and keep her interested but alas... it ended up in the same place as my infra-red controlled robotic cat chaser and the computer controlled, heated doggy house..
Slashdot Mirror
According to Balmer this isn't even one KLoC....and after all isn't that the definitative criteria for figuring code costs ??? Just less than a KLoC's worth of thoughts...
Poof !!! and like magic its gone from the NullSoft site.....
Makes sense if you look a PSU as an ISP... just the cost savings in the reduction of bandwidth purchased and by serving cached MP-3's locally is BIG money.
I'm just wondering why someone doesnt release a "Fizzer" - "Code-Red" type of worm that will actually FIX some of Redmond's holes..... seems kinda logical dont ya think ???
Dam, maybe i'll get to read this when i get my tps reports done.... now where is my stapler ???
I once offered my services to Armadillo as an Inertial platform coder of such ... no reply....
but i wish the best of luck to you....
I too do "3D" but its only to connect to "Control systems" ... also the Vid proggry i have to enable system users to do maintenance vids is kinda cool...http://www.lamack.org/
Agreed !!! after doing 2 "garage" startups i find nobody really gives a shit !!!!
After reading this i thought of the guy that did the majority of the network code for Mechwarrior Mercs 2... I believe Dan Kegal is the guy.... interesting person .... and after taking apart the network code for that game i have the utmost admiration for him..i wish i could get his take on this discussion.....
Thank God i lived through those way cool times without having a Fed hammering on my door for my actions.... (and being arrested) although the Air Force did pay me a visit way back when...
Dude i have been to this country and i HIGHLY recommend some friggin running hot water in the hotels before net connectivity..... Possibly servering also a good steak that the waiters might not think was the local canine might also be a good idea.... (honest post)
I agree with your comments here. But wish to add one more observation.. it also seems that these companies peddling garbage have found a method of using our "laws" against us as a majority. Very sad state of affairs.
I read the original post with enthusiasm... but alas it seemed like a simple troll to me...
bastage
It's toast....
Sorry bout the double post but that link was'nt correct. This one should work. http://spaceflight.nasa.gov/shuttle/reference/shut ref/orbiter/comm/inst/silts.html
It seems that the top 24" of the vertical stabilizer also houses an infrared camera system that takes a snapshot of the shuttles thermal image as looking forward. Its (was) called the "SILTS" pod. Its data went to one of the OEX recorders. A link here Http://science.ksc.nasa.gov/shuttle/technology/sts -newsref/sts-inst.html#sts-silts
describes its operation. I'd be very interested in what the data from it indicates.
Very GOOD response. I visited the site he links to and found no such data, after a thorough reading to support his premise. Some people will always be paranoid, and lets not forget that Bush and his team might not be there after the next election.
I don't know about all the rest of you but I'm just a little sick of these " free advertising" posts. I mean come on people who gives a shit about a new model phone.... unless of course it comes with a free number to view some live porn....
Balmer did the KLOC thingy ... i know i was there and heard him say it ...
First assuming they can read and write..ENGLSIH .and type and understand what a computer is and what the internet is !Hello ..!! lets take it further... great they don't know about sterilization and germs but they can use google to find all that!! Animal husbandry ... hmmm lets see the water buffalo needs new teeth ..lets go check out a site for the nearest buffalo orthidontist.. Contour plowing... hmmm the land is as flat as my wifes chest.. Lets see opportunites for gay people... dam i didnt know the guys down the road in the next hut are checking out Monster for new jobs.. Education... there is some potential there .. Information on repair music blah blah blha.... how many people in the world use English at all ????and last, let everybody there use the information provide by their new broadband connection to phone the world with all their newfound knowledge but wait no ..phones... dam lets wait for the cels to arrive next week...
Hmmm, i don't know how to get the thought of a Space 1999 type of scenario just filled with Chinese actors out of my mind.
I got this post from the VulnWatch listserver this morning at 4:00 am.. don't ask why i was up that early but i almost fired off an email to this guy. Along with the post came 2 attachments. Proof of concept... his exploit?? I don't know as my mail server tagged them as it does all attachments. I'll look at them today and let you know what they are.
Article Content: -----BEGIN PGP SIGNED MESSAGE----- It seems the exploit was not included in the first vulnwatch e-mail. Here you go. - - ----- Forwarded Message from gobbles@hushmail.com ----- ___ ___ ___ ___ _ ___ ___ ___ ___ ___ _ _ ___ ___ _______ / __|/ _ \| _ ) _ ) | | __/ __| / __| __/ __| | | | _ \_ _|_ _\ \ / / | (_ | (_) | _ \ _ \ |__| _|\__ \ \__ \ _| (__| |_| | /| | | | \ V /
\___|\___/|___/___/____|___|___/ |___/___\___|\___/|_|_\___| |_| |_|
"Putting the honey in honeynet since '98."
Introduction:
Several months ago, GOBBLES Security was recruited by the RIAA (riaa.org)
to invent, create, and finally deploy the future of antipiracy tools. We
focused on creating virii/worm hybrids to infect and spread over p2p nets.
Until we became RIAA contracters, the best they could do was to passively
monitor traffic. Our contributions to the RIAA have given them the power
to actively control the majority of hosts using these networks.
We focused our research on vulnerabilities in audio and video players.
The idea was to come up with holes in various programs, so that we could
spread malicious media through the p2p networks, and gain access to the
host when the media was viewed.
During our research, we auditted and developed our hydra for the following
media tools:
mplayer (www.mplayerhq.org)
WinAMP (www.winamp.com)
Windows Media Player (www.microsoft.com)
xine (xine.sourceforge.net)
mpg123 (www.mpg123.de)
xmms (www.xmms.org)
After developing robust exploits for each, we presented this first part of
our research to the RIAA. They were pleased, and approved us to continue
to phase two of the project -- development of the mechanism by which the
infection will spread.
It took us about a month to develop the complex hydra, and another month to
bring it up to the standards of excellence that the RIAA demanded of us. In
the end, we submitted them what is perhaps the most sophisticated tool for
compromising millions of computers in moments.
Our system works by first infecting a single host. It then fingerprints a
connecting host on the p2p network via passive traffic analysis, and
determines what the best possible method of infection for that host would
be. Then, the proper search results are sent back to the "victim" (not the
hard-working artists who p2p technology rapes, and the RIAA protects). The
user will then (hopefully) download the infected media file off the RIAA
server, and later play it on their own machine.
When the player is exploited, a few things happen. First, all p2p-serving
software on the machine is infected, which will allow it to infect other
hosts on the p2p network. Next, all media on the machine is cataloged, and
the full list is sent back to the RIAA headquarters (through specially
crafted requests over the p2p networks), where it is added to their records
and stored until a later time, when it can be used as evidence in criminal
proceedings against those criminals who think it's OK to break the law.
Our software worked better than even we hoped, and current reports indicate
that nearly 95% of all p2p-participating hosts are now infected with the
software that we developed for the RIAA.
Things to keep in mind:
1) If you participate in illegal file-sharing networks, your
computer now belongs to the RIAA.
2) Your BlackIce Defender(tm) firewall will not help you.
3) Snort, RealSecure, Dragon, NFR, and all that other crap
cannot detect this attack, or this type of attack.
4) Don't fuck with the RIAA again, scriptkids.
5) We have our own private version of this hydra actively
infecting p2p users, and building one giant ddosnet.
Due to our NDA with the RIAA, we are unable to give out any other details
concerning the technology that we developed for them, or the details on any
of the bugs that are exploited in our hydra.
However, as a demonstration of how this system works, we're providing the
academic security community with a single example exploit, for a mpg123 bug
that was found independantly of our work for the RIAA, and is not covered
under our agreement with the establishment.
Affected Software:
mpg123 (pre0.59s)
http://www.mpg123.de
Problem Type:
Local && Remote
Vendor Notification Status:
The professional staff of GOBBLES Security believe that by releasing our
advisories without vendor notification of any sort is cute and humorous, so
this is also the first time the vendor has been made aware of this problem.
We hope that you're as amused with our maturity as we are. ;PpPppPpPpPPPpP
Exploit Available:
Yes, attached below.
Technical Description of Problem:
Read the source.
Credits:
Special thanks to stran9er@openwall.com for the ethnic-cleansing shellcode.
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wlwEARECABwFAj4jFUIVHGdvYmJsZXNAaHVzaG1haWwuY29tAA oJEBzRp5chmbAPJgsA
nAnM8UDSXkairnRtit9avLxELv+YAJ9PFrHNlLWQYu0hfdCD6K oJd+xALQ==
=c41P
-----END PGP SIGNATURE-----
I built one of these for my new wife about 15 years ago.... Even coded a cute little game (Trash-80 style) to try and keep her interested but alas... it ended up in the same place as my infra-red controlled robotic cat chaser and the computer controlled, heated doggy house..