If the annual improvement in traffic when the illegal alien actvists shun work on May 1st is anything to go by, we'll have a better weekend to go to the beach (in improving weather) here in So-Cal.
She wasn't using the account for gov business, at least not based on what was posted on wikileaks, or according to the purported "Hacker". It was personal e-mail, in some cases about how she and others were being treated personally in the political arena, but not anything related to official government business.
As Officer Bar Brady says "Nothin to see here, move along now".
I had mine made from pure Platinum and pure Gold, which is pretty nerdy, actually hard to do, and pretty symbolic.
Pt and Au don't actually bond, so what the ring actually is is a ring of pure Gold, cast inside a channel in a ring of pure Platinum. The symbolism is as follows: The Platinum is a hard, industrial metal that supports the gold. protecting it from the dings and hits from below and the sides: symbolizing me, Soldier/Engineer. The Gold is shiny, beautiful, and soft: symbolizing my Wife, tall, blonde, you get the picture:-). Although, at a molecular level, the ring is, in fact two rings, it looks like one. To separate the two rings, you have to destroy both of them. Also, as the gold is soft, it shows a unique and distinctive set of marks that come from being worn, and thus no other ring, even one made exactly the same, will ever look exactly like it.
To make, you have to have a pure Paltinum ring cast first, with the channel that will be the Gold ring. Since Gold melts at a lower temperature than Pt, the Pt ring then becomes the inside of the cast for the gold. Once the ring cools, you clean it up, and etch the gold in aqua regia to create a shimmering petina.
Good luck! Marriage is a great journey, hard at times, but well worth it, and nothing like what you expect:-).
Bozon n: Particle that, in sufficient densities, causes spontaneous production of Bozos. Usually found densely clustered around Administratum. Believed to be part of the decay of the sub-atomic particle known as bureaucraton, especially when impacted by high velocity executrons with down spin.
You can set a set of bandwidth priorities in rules, which can be protocol and/or IP based, and when that rule is not in use, the bandwidth is available for other apps, but when it is, it gets its guaranteed bandwidth.
It's even got a topic in the Vonage Forum (which would have been the right place to ask this question).
For any given public key, as I understand it, there is only ONE private key. Regardless, if you get all the keys using the reverse keying example, you have a much smaller problem set to work on.
Seems to me the right thing to do is snapshot memory and find K on the infected machine.
As for tricking us into cracking a Root cert private key, they could be doing that, since the concept of "private" and "public" really don't exist in the algorithm. Data encrypted with one key can only be decrypted with the other. So, since the PUBLIC key of all the root servers is known (it's in the certificate), encrypting data using that key, and then trying to crack the key to decrypt it, would yield the private key if successful.
However, if they are doing that, they aren't getting any $, because until they have that private key, they can't give people their data back.
I agree with the OP. Follow the money, and find the criminals. If they're outside our jurisdiction, well, this looks to me like a good time for extraordinary rendition to make a point.
I mean seriously? Haven't they lost ALL credibility by now?
Even you ultra-libs have to laugh at that bespectacled tween in the ads who says she turns to the old grey litterbox liner to "find out what's happening on the web".
Last I checked, the leftmedia echo chamber had moved to the Huffington Post. (Who hired Hilary Rosen, she of the RIAA, so where does that leave us?)
The core market are old and dying. Even inventing the news hasn't resurrected circulation.
I've seen far more dangerous swerving by Moms in SUVs reaching back to their kids while gabbing to their friends on the phone or in the passenger seat than almost any soused crew leaving a bar.
At least, in most cases, the majority of other people on the road at the same time as the drunks are other boozers. I find myself having to dodge the Soccer Moms all day long.
I thought that, in practice, since having an IQ under 70 meant you pretty much couldn't function, but there is no upper limit, the reality was that the distribution had a lot more under, but close to, 100 than above, but close to, it. IOW, that actually MORE than half of the population was 100 or under, because the outliers on the higher end were much further from 100 than the ones on the lower end (201 is theoretically possible, while -1 is not). I understand the theory, but it is my understanding that reality is somewhat different. I vaguely remember somewhere a discussion that a long-tailed Pareto distribution was a better model of the real distribution of results in actual IQ tests. Now I'm going to have to go reeducate myself.
I know that there has been work done that shows the least competent are usually blissfully unaware of their ineptitude, while the most competent tend to have low self confidence. Apparently genius IS knowing what you don't know (and maybe I just proved I'm a dolt).
I'm aware that 100 is defined to be the mean IQ, and just how dumb someone with an IQ of 100 is is absolutely scary. It is also true that there is a much greater distribution of those with scores between 80 and 100, than those from 100-120.
Your other point is reinforcing mine: that the reason the only thing on TV is pabulum tailored to our base instincts is that that is all the ad agencies measure.
As if the self selection of losers with nothing better to do than get free junk when the rest of us are working hadn't already skewed how we were being pitched in favor of the lower part of the distribution that ensures the average IQ is 100, now ads will be dictated by those so dumb they are willing to let their minds be hooked up to machines.
When will the ad agencies realize they are marketing to the outliers at the low end of the intellectual, and therefore the socioeconomic, spectrum? Or will Adwords and Overture actually get ALL the ad budget before they figure out no-one with any money cares what they put on TV?
ZWithaPGGB=Zaphod With A Pan Galactic Gargleblaster. Imagine a very soused two headed guy wandering around a bar having conversations with all and sundry.
Then they might actually have a more orderly boarding. No-one in their right mind, and especially those of us with work to do, wants to sit in those horrendous little seats with the nasty echoes of announcers in the background and the lack of power or network connections you have in the general boarding area. Except for Southwest, I rarely bother being in the boarding area anywhere near the departure time, because the flights just aren't on time. I hang out in the frequent flier lounge with a widget that tells me what the real boarding status is. Then I show up 10 minutes before departure, and usually still have to wait, even though I'm top-tier FF on every major airline.
The problem isn't mathematical, it's psychological. No-one believes the airlines, so no-one listens to what they say.
IMNSHO, Continental is currently the best major carrier, in terms of value. Internationally, United is still the best.
The way this happened is the result of a fundamental weakness in BGP. A more specific prefix will trump a less specific one, so anyone who has a valid peer can advertise a more specific route and hijack IP space. This is frequently used by Cybercriminals to squat on unused IP space in larger netblocks.
There have been proposals to addressthisissue for some time. Maybe, now that a major site has fallen victim, something will actually be done about it.
Of course, we could solve the problem the way it was when the Internet was first designed: only allow trusted entities to connect at all. IMNSHO, if the Islamic world don't want to be in the 21st century, that's their choice, but they can't have their cake and eat it too. Unless and until they agree to the basic principles of the Internet: freedom of association and speech, they shouldn't be allowed to connect at all.
This was discussed yesterday, but somehow the mods didn't control the discussion degenerating into a debate about circumcision.
They did a lot more than block it in Pakistan
on
Pakistan Blocks YouTube
·
· Score: 0, Troll
They announced a route out of AS 17557 sending all traffic from ANYWHERE on the Internet to a black-hole in Pakistan. The effect was to make YouTube unreachable from ANYWHERE until the route was filtered by the backbone providers. They claimed it was an "oops".
Am I the only one who is fed up with Islamic Medievalism? If they want to live in the stone age, let's send them there. It will also solve a good bit of the world's over-population problem.
I was conflating Passive SSL that is trivially done by site operators with the kind that, while not trivial, is not impossible or even that hard. Think MITM methods that force lower grade CBC encryption, without forging the site cert. An example whose implementation is left up to the reader: spoof the CLIENT HELLO to say it only supports 40bit. You are absolutely correct that the way to avoid this is client certs, but how many of those are out there?
Last, but by no means least, if I am the site operator, I can passively sniff SSL without needing to do any MITM, because I have the cert and private key. This is how IDS can sniff SSL traffic.
There's a reason why, in parts of the world like Israel, that are paranoid about security, a client-side cert and DH PFS are required for on-line banking.
Let's face it, at least in the US, most banks aren't remotely serious about web data security. Their "efforts" are just window dressing. The ease of identity theft shows the big lie that they "care". They don't even seem to care that the credit reporting agencies databases are wildly inaccurate.
If what you're insisting is that I need to have the private key of the site with the SSL cert in order to not generate a site alert, that's true. However, that isn't as hard, especially for law enforcement or a large ISP, to get as you might think. Also, most users just click through those notifications or turn them off, since legit sites very often have the wrong FQDN for the actual end delivery host.
All of the above is irrelevant in the context of the current discussion, however, because the payload is irrelevant in the clamping decision. It's long-lived, high sustained utilization, connections between pairs of IP addresses that are getting messed with. That affects, as my original post said, a lot more than P2P, and the proposed protocol extension will not address it.
MIM is mind-bogglingly easy to do on most encrypted streams, if you see all of both sides of the connection, and doesn't cost that much at all. For SSL, there are FOSS packages that, when combined with a Tarari/LSI logic board can do wire spec in the T-3 range on a bog-standard quad core 1U. I've designed and built passive SSL inspection tools, first hardware accelerated, and then software plug-in for IDS, that work just fine for hundreds of connections a second. You can buy them from many ITM and security companies today.
Slashdot Mirror
If the annual improvement in traffic when the illegal alien actvists shun work on May 1st is anything to go by, we'll have a better weekend to go to the beach (in improving weather) here in So-Cal.
Seems Sony in Thailand uses a shared hosting setup. More details @ ThreatSTOP's Blog
She wasn't using the account for gov business, at least not based on what was posted on wikileaks, or according to the purported "Hacker". It was personal e-mail, in some cases about how she and others were being treated personally in the political arena, but not anything related to official government business.
As Officer Bar Brady says "Nothin to see here, move along now".
I had mine made from pure Platinum and pure Gold, which is pretty nerdy, actually hard to do, and pretty symbolic.
:-). Although, at a molecular level, the ring is, in fact two rings, it looks like one. To separate the two rings, you have to destroy both of them. Also, as the gold is soft, it shows a unique and distinctive set of marks that come from being worn, and thus no other ring, even one made exactly the same, will ever look exactly like it.
:-).
Pt and Au don't actually bond, so what the ring actually is is a ring of pure Gold, cast inside a channel in a ring of pure Platinum. The symbolism is as follows: The Platinum is a hard, industrial metal that supports the gold. protecting it from the dings and hits from below and the sides: symbolizing me, Soldier/Engineer. The Gold is shiny, beautiful, and soft: symbolizing my Wife, tall, blonde, you get the picture
To make, you have to have a pure Paltinum ring cast first, with the channel that will be the Gold ring. Since Gold melts at a lower temperature than Pt, the Pt ring then becomes the inside of the cast for the gold. Once the ring cools, you clean it up, and etch the gold in aqua regia to create a shimmering petina.
Good luck! Marriage is a great journey, hard at times, but well worth it, and nothing like what you expect
So, is it a duality, or a singularity?
More fun with "on" endings.
Bozon n: Particle that, in sufficient densities, causes spontaneous production of Bozos. Usually found densely clustered around Administratum. Believed to be part of the decay of the sub-atomic particle known as bureaucraton, especially when impacted by high velocity executrons with down spin.
I can see it now: "I am Idi Amin Dada. Before I died I secreted money that is needed for my descendants. If you help me, you can keep $20M."
You can set a set of bandwidth priorities in rules, which can be protocol and/or IP based, and when that rule is not in use, the bandwidth is available for other apps, but when it is, it gets its guaranteed bandwidth.
It's even got a topic in the Vonage Forum (which would have been the right place to ask this question).
For any given public key, as I understand it, there is only ONE private key. Regardless, if you get all the keys using the reverse keying example, you have a much smaller problem set to work on.
Seems to me the right thing to do is snapshot memory and find K on the infected machine.
As for tricking us into cracking a Root cert private key, they could be doing that, since the concept of "private" and "public" really don't exist in the algorithm. Data encrypted with one key can only be decrypted with the other. So, since the PUBLIC key of all the root servers is known (it's in the certificate), encrypting data using that key, and then trying to crack the key to decrypt it, would yield the private key if successful.
However, if they are doing that, they aren't getting any $, because until they have that private key, they can't give people their data back.
I agree with the OP. Follow the money, and find the criminals. If they're outside our jurisdiction, well, this looks to me like a good time for extraordinary rendition to make a point.
I mean seriously? Haven't they lost ALL credibility by now?
Even you ultra-libs have to laugh at that bespectacled tween in the ads who says she turns to the old grey litterbox liner to "find out what's happening on the web".
Last I checked, the leftmedia echo chamber had moved to the Huffington Post. (Who hired Hilary Rosen, she of the RIAA, so where does that leave us?)
The core market are old and dying. Even inventing the news hasn't resurrected circulation.
I've seen far more dangerous swerving by Moms in SUVs reaching back to their kids while gabbing to their friends on the phone or in the passenger seat than almost any soused crew leaving a bar.
At least, in most cases, the majority of other people on the road at the same time as the drunks are other boozers. I find myself having to dodge the Soccer Moms all day long.
I thought that, in practice, since having an IQ under 70 meant you pretty much couldn't function, but there is no upper limit, the reality was that the distribution had a lot more under, but close to, 100 than above, but close to, it. IOW, that actually MORE than half of the population was 100 or under, because the outliers on the higher end were much further from 100 than the ones on the lower end (201 is theoretically possible, while -1 is not). I understand the theory, but it is my understanding that reality is somewhat different. I vaguely remember somewhere a discussion that a long-tailed Pareto distribution was a better model of the real distribution of results in actual IQ tests. Now I'm going to have to go reeducate myself.
I know that there has been work done that shows the least competent are usually blissfully unaware of their ineptitude, while the most competent tend to have low self confidence. Apparently genius IS knowing what you don't know (and maybe I just proved I'm a dolt).
I'm aware that 100 is defined to be the mean IQ, and just how dumb someone with an IQ of 100 is is absolutely scary. It is also true that there is a much greater distribution of those with scores between 80 and 100, than those from 100-120.
Your other point is reinforcing mine: that the reason the only thing on TV is pabulum tailored to our base instincts is that that is all the ad agencies measure.
As if the self selection of losers with nothing better to do than get free junk when the rest of us are working hadn't already skewed how we were being pitched in favor of the lower part of the distribution that ensures the average IQ is 100, now ads will be dictated by those so dumb they are willing to let their minds be hooked up to machines.
When will the ad agencies realize they are marketing to the outliers at the low end of the intellectual, and therefore the socioeconomic, spectrum? Or will Adwords and Overture actually get ALL the ad budget before they figure out no-one with any money cares what they put on TV?
Hey, that's Eccentrica Gallumbits!!!
ZWithaPGGB=Zaphod With A Pan Galactic Gargleblaster. Imagine a very soused two headed guy wandering around a bar having conversations with all and sundry.
In my evaluation, I was including route system, for where I live. UAL goes everywhere I need to, with reasonable fares and convenient routing.
Then they might actually have a more orderly boarding. No-one in their right mind, and especially those of us with work to do, wants to sit in those horrendous little seats with the nasty echoes of announcers in the background and the lack of power or network connections you have in the general boarding area. Except for Southwest, I rarely bother being in the boarding area anywhere near the departure time, because the flights just aren't on time. I hang out in the frequent flier lounge with a widget that tells me what the real boarding status is. Then I show up 10 minutes before departure, and usually still have to wait, even though I'm top-tier FF on every major airline.
The problem isn't mathematical, it's psychological. No-one believes the airlines, so no-one listens to what they say.
IMNSHO, Continental is currently the best major carrier, in terms of value. Internationally, United is still the best.
Go read the thread on NANOG. Or read the timeline here: http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml
The way this happened is the result of a fundamental weakness in BGP. A more specific prefix will trump a less specific one, so anyone who has a valid peer can advertise a more specific route and hijack IP space. This is frequently used by Cybercriminals to squat on unused IP space in larger netblocks.
There have been proposals to address this issue for some time. Maybe, now that a major site has fallen victim, something will actually be done about it.
Of course, we could solve the problem the way it was when the Internet was first designed: only allow trusted entities to connect at all. IMNSHO, if the Islamic world don't want to be in the 21st century, that's their choice, but they can't have their cake and eat it too. Unless and until they agree to the basic principles of the Internet: freedom of association and speech, they shouldn't be allowed to connect at all.
This was discussed yesterday, but somehow the mods didn't control the discussion degenerating into a debate about circumcision.
They announced a route out of AS 17557 sending all traffic from ANYWHERE on the Internet to a black-hole in Pakistan. The effect was to make YouTube unreachable from ANYWHERE until the route was filtered by the backbone providers. They claimed it was an "oops".
Am I the only one who is fed up with Islamic Medievalism? If they want to live in the stone age, let's send them there. It will also solve a good bit of the world's over-population problem.
I was conflating Passive SSL that is trivially done by site operators with the kind that, while not trivial, is not impossible or even that hard. Think MITM methods that force lower grade CBC encryption, without forging the site cert. An example whose implementation is left up to the reader: spoof the CLIENT HELLO to say it only supports 40bit. You are absolutely correct that the way to avoid this is client certs, but how many of those are out there?
Last, but by no means least, if I am the site operator, I can passively sniff SSL without needing to do any MITM, because I have the cert and private key. This is how IDS can sniff SSL traffic.
There's a reason why, in parts of the world like Israel, that are paranoid about security, a client-side cert and DH PFS are required for on-line banking.
Let's face it, at least in the US, most banks aren't remotely serious about web data security. Their "efforts" are just window dressing. The ease of identity theft shows the big lie that they "care". They don't even seem to care that the credit reporting agencies databases are wildly inaccurate.
If what you're insisting is that I need to have the private key of the site with the SSL cert in order to not generate a site alert, that's true. However, that isn't as hard, especially for law enforcement or a large ISP, to get as you might think. Also, most users just click through those notifications or turn them off, since legit sites very often have the wrong FQDN for the actual end delivery host.
All of the above is irrelevant in the context of the current discussion, however, because the payload is irrelevant in the clamping decision. It's long-lived, high sustained utilization, connections between pairs of IP addresses that are getting messed with. That affects, as my original post said, a lot more than P2P, and the proposed protocol extension will not address it.
I don't need to spoof, I just need to SEE all the traffic. If I see the RSA exchange, I get the block cipher.
If I control ALL your traffic, I can operate as a full proxy for any of it. Your client will see a certificate that it sees as valid, because I can spoof ALL the lookups. The only way around this is using PFS. Don't take my word for it, Google, and learn. EG: http://archives.neohapsis.com/archives/sf/ids/2007-q1/0081.html http://www.mail-archive.com/wireshark-dev@wireshark.org/msg08722.html
MIM is mind-bogglingly easy to do on most encrypted streams, if you see all of both sides of the connection, and doesn't cost that much at all. For SSL, there are FOSS packages that, when combined with a Tarari/LSI logic board can do wire spec in the T-3 range on a bog-standard quad core 1U. I've designed and built passive SSL inspection tools, first hardware accelerated, and then software plug-in for IDS, that work just fine for hundreds of connections a second. You can buy them from many ITM and security companies today.