"Hack4life goes on to say that all future vulnerability reports will be released at 7 p.m. on Friday "to give hackers the maximum amount of time to actively exploit the vulnerability before sys-admins, CERT and vendors can act to patch the issue on Monday morning after their weekend off."
You tell me. Is this a good thing, or a bad thing?
Thriving? More like stagnating. There's not really much of a challenge. Just look at all the script kiddies going around these days. Maybe they mean "our software is so riddled with holes, real hackers need not apply".
hackern. [originally, someone who makes furniture with an axe]
Why would Microsoft even care about some crude pre-modern furniture makers? I am beginning to think there was more than one reason the advertisement got yanked.
News outlets have had the equivalent of a "FIRST POST" for as long as there has been competition in the media.. think of all the reporters trying to "break that big story".
The only difference is, they usually get commended for it.
The authors also agree with you. This isn't meant to be a cure-all, but rather just another layer added to the security process.
From the PDF:
The purpose of this paper is to try to enumerate and briefly describe all applications and technics deployed for defeating Nmap OS Fingerprint, but in any case, security by obscurity is not good approach; it can be a good security measure but please take into account that is more important to have a tight security environment (patches, firewalls, ids,...) than hiding your OS.
Why do you report impossible operating system/server combinations ?
Webservers that operate behind a caching system, load balancer, reverse proxy server or a firewall may sometimes report the operating system of the intermediate machine. Hence reports of 'Microsoft/IIS on Linux' may indicate that either the web server is behind a Linux server that is acting as a reverse proxy, or has configured the Akamai caching system such that the first request to the site goes to one of Akamai's servers [which run Linux], or as in the case of www.walmart.com has been configured to send a misleading signature.
What purpose will this serve, assuming that any terrorists who need a mobile phone will simply purchase one in another of the many countries that do provide anonymous mobiles?
Not that I support them for doing this, but how many countries would have any laws at all if they really considered that people could always find another country to do whatever activity they are outlawing?
I remember seeing a new SPARCstation that had a PCI celeron card that would let you run any x86 OS "inside" of Solaris without affecting Solaris' perfomance at all.. it's primarily being marketed towards x86 (windows) developers. Here's the link.
When you type in a webpage address, say, slashdot.org, your computer needs to have a way to find out that it needs to send a message to the IP address of the server. that way is DNS. most ISP's host several of their own DNS servers that keep track of which addresses have been recently resolved so that their customers can get faster resolution. if an address hasn't been recently resolved and is no longer/never was in the DNS cache, then it's time to hit up one of the 13 root servers with a request.
the typical cost of in-flight phone service is normally about $12/minute.. compare that to $25-$30 for internet service for an ENTIRE FLIGHT.. i'd hold off on a flight from NY to DC, but if i'm taking a 22 hour flight to Hong Kong, this would be very attractive to me.
I can't wait until the advertising trolls find out about this one.. remember eating at a nice restaurant, looking out the window at all the people walking by? Well now the restaurant owner can just get paid to show commercials instead! And if you don't look, well, that's like stealing.
If you read the article, Cringely seems to have a misconception about how Windows NT works.. he still thinks that Windows is just a binary layer running over a DOS shell, something that hasn't been true since Win9x. The command line in Windows 2K/XP is just an emulation of DOS. Anyway, let's be serious. We all know Microsoft isn't worried about the quality of their products, and certainly wouldn't backpedal the last few years of Unix/Linux bashing (no pun) and do something revolutionary like this.
Did anyone even go and look at the website's message boards?? Someone needs to tell them:
NEVER, NEVER LET USERS POST PICTURES!!
I mean, the pictures they put up make Goatse look like Pokemon
pictures. And yes, goatse is up there too so you can make comparisons. This idiot company gets what they deserve.
But what makes me wonder is that I am yet to hear of a SINGLE PERSON actually USING Lindows for purposes other that reviewing.
i think the question is "Who would admit to using Lindows?", but thats another point. Linux Counter reports that, out of 115,886 submitted values, there are 8 distros in use, none of which are Lindows, which must be in the "Others" department, which takes up 13.13% of the share. Those 8 (in order of usage): Red Hat, Mandrake, Debian, Slackware, SuSE, Conectiva, "diy", and Debian sid. Then again, would your average Lindows user even know or care about something like Linux Counter? -- While you're there, fill out a reg form.
i specifically went to radio shack begging them to give me one after the 2600 article came out on how to disable the tracking "feature" by cutting one little contact on an ic. then, after all that work, i realized that the cuecat was a piece of hot garbage.
obviously they're not going to find every single one.. that would be ridiculous. from the article:
Lord May said: "At that rate it's going to take us about 500 years just to complete the catalogue, leaving aside the fact that extinctions might help us by wiping a lot of them out, which is hardly a cheerful solution."
i think the point is to try to find as many as possible before it's too late, and the only goal you can set to do that is the impossible one.
they definitely aren't RJs, in fact they're much much smaller. i could see someone mistaking them for usb perhaps..the smaller port is used for connecting up to 4 GBAs together for games that support multi-player mode. the bigger one looks the same, and i've never seen it before, but from the pictures, i assume its for the rechargeable battery connection.
Slashdot Mirror
Just because you don't have it installed...
/usr/bin/gasp
radon28:~$ which gasp
radon28:~$ gasp --help
gasp: Gnu Assembler Macro Preprocessor
etc. etc. etc..
"Let's hope AMD doesn't try to copy this..."
They can't. Intel patented it.
"Hack4life goes on to say that all future vulnerability reports will be released at 7 p.m. on Friday "to give hackers the maximum amount of time to actively exploit the vulnerability before sys-admins, CERT and vendors can act to patch the issue on Monday morning after their weekend off."
You tell me. Is this a good thing, or a bad thing?
Thriving? More like stagnating. There's not really much of a challenge. Just look at all the script kiddies going around these days. Maybe they mean "our software is so riddled with holes, real hackers need not apply".
From the Jargon Dictionary link in the article:
hacker n. [originally, someone who makes furniture with an axe]
Why would Microsoft even care about some crude pre-modern furniture makers? I am beginning to think there was more than one reason the advertisement got yanked.
News outlets have had the equivalent of a "FIRST POST" for as long as there has been competition in the media..
think of all the reporters trying to "break that big story".
The only difference is, they usually get commended for it.
I bet he's not going to try to patent anything like crashing your helicopter in Texas.
now there are even more benefits to "wanda"ing around.
*ducks*
I may have to finish the project, couple it with Intel's compile and start BSD/Linux, sans GNU software.
Don't you mean INTEL/Linux?
The authors also agree with you. This isn't meant to be a cure-all, but rather just another layer added to the security process.
...) than hiding your OS.
From the PDF:
The purpose of this paper is to try to enumerate and briefly describe all applications and technics deployed for defeating Nmap OS Fingerprint, but in any case, security by obscurity is not good approach; it can be a good security measure but please take into account that is more important to have a tight security environment (patches, firewalls, ids,
From the Netcraft FAQ:
Why do you report impossible operating system/server combinations ?
Webservers that operate behind a caching system, load balancer, reverse proxy server or a firewall may sometimes report the operating system of the intermediate machine. Hence reports of 'Microsoft/IIS on Linux' may indicate that either the web server is behind a Linux server that is acting as a reverse proxy, or has configured the Akamai caching system such that the first request to the site goes to one of Akamai's servers [which run Linux], or as in the case of www.walmart.com has been configured to send a misleading signature.
What purpose will this serve, assuming that any terrorists who need a mobile phone will simply purchase one in another of the many countries that do provide anonymous mobiles?
Not that I support them for doing this, but how many countries would have any laws at all if they really considered that people could always find another country to do whatever activity they are outlawing?
I remember seeing a new SPARCstation that had a PCI celeron card that would let you run any x86 OS "inside" of Solaris without affecting Solaris' perfomance at all.. it's primarily being marketed towards x86 (windows) developers. Here's the link.
When you type in a webpage address, say, slashdot.org, your computer needs to have a way to find out that it needs to send a message to the IP address of the server. that way is DNS. most ISP's host several of their own DNS servers that keep track of which addresses have been recently resolved so that their customers can get faster resolution. if an address hasn't been recently resolved and is no longer/never was in the DNS cache, then it's time to hit up one of the 13 root servers with a request.
the typical cost of in-flight phone service is normally about $12/minute.. compare that to $25-$30 for internet service for an ENTIRE FLIGHT.. i'd hold off on a flight from NY to DC, but if i'm taking a 22 hour flight to Hong Kong, this would be very attractive to me.
do we mind them backing up our mp3s on high quality compact discs, available for retrieval at a music store near you?
ok i just tried this, touch Aaa, touch aaa, touch BBB.
-------
ls -l
aaa
Aaa
BBB
-------
which is nothing like any of yours.
I can't wait until the advertising trolls find out about this one.. remember eating at a nice restaurant, looking out the window at all the people walking by? Well now the restaurant owner can just get paid to show commercials instead! And if you don't look, well, that's like stealing.
If you read the article, Cringely seems to have a misconception about how Windows NT works.. he still thinks that Windows is just a binary layer running over a DOS shell, something that hasn't been true since Win9x. The command line in Windows 2K/XP is just an emulation of DOS. Anyway, let's be serious. We all know Microsoft isn't worried about the quality of their products, and certainly wouldn't backpedal the last few years of Unix/Linux bashing (no pun) and do something revolutionary like this.
NEVER, NEVER LET USERS POST PICTURES!!
I mean, the pictures they put up make Goatse look like Pokemon pictures. And yes, goatse is up there too so you can make comparisons. This idiot company gets what they deserve.
"It's clear to me these companies are profiting to the tune of millions and millions of dollars. They must be held accountable," Rosen said.
i think the question is "Who would admit to using Lindows?", but thats another point. Linux Counter reports that, out of 115,886 submitted values, there are 8 distros in use, none of which are Lindows, which must be in the "Others" department, which takes up 13.13% of the share. Those 8 (in order of usage): Red Hat, Mandrake, Debian, Slackware, SuSE, Conectiva, "diy", and Debian sid. Then again, would your average Lindows user even know or care about something like Linux Counter? -- While you're there, fill out a reg form.
i specifically went to radio shack begging them to give me one after the 2600 article came out on how to disable the tracking "feature" by cutting one little contact on an ic. then, after all that work, i realized that the cuecat was a piece of hot garbage.
Lord May said: "At that rate it's going to take us about 500 years just to complete the catalogue, leaving aside the fact that extinctions might help us by wiping a lot of them out, which is hardly a cheerful solution."
i think the point is to try to find as many as possible before it's too late, and the only goal you can set to do that is the impossible one.
they definitely aren't RJs, in fact they're much much smaller. i could see someone mistaking them for usb perhaps..the smaller port is used for connecting up to 4 GBAs together for games that support multi-player mode. the bigger one looks the same, and i've never seen it before, but from the pictures, i assume its for the rechargeable battery connection.