"How the hell is anything that is US/Russia aerospace research oriented still worth classifying 50 years after the fact?"
You never know, such as demonstrated in the FOIA denial of information as follows:
James Madison Project v. NARA, No. 98-2737 (D.D.C. Mar. 5, 2002) (appeal pending) -- protecting eighty-five-year-old records pertaining to the "composition and detection of 'secret inks' including German secret ink that may have been used during World War I"; giving deference to CIA classification authority's determination that some of the intelligence "methods described . . . are still used by the CIA, . . . that third parties inimical to the interest of the United States may not know which of the formulas are still considered reliable by the CIA and approved for use by its agents," and that "some of the formulas included in these documents serve as building blocks of future covert communications methods."
I know it seems dumb, but these agencies actually take this crap seriously.
I can see the military applications for use of this technology as radar. However, what is to stop a more advanced country with electronic warfare capabilities from jamming the frequncies this type of equipment uses?
I have been a Cox broadband service customer for aproximatly two years six months. During the time I have been a customer I have not experienced many problems besides an occasional network outage in my local area.
Recently I recieved an e-mail message from Cox concerning their new bandwidth usage policy which is addressed in their FAQ.
"What Are the Current Cox High Speed Internet Residential Bandwidth Limitations?
The Cox High Speed Internet acceptable use policy allows each user a maximum of 2GB per day and/or 30GB of downloads per month. Uploads are limited to 1GB per day and/or 7.5GB per month. This is an extremely high limit - for example 2GB of content is equivalent to about 60,000 pictures, 2000 minutes of MP3 music or 3 to 4 full-length movies."
I don't know about other service providers, but for a SOHO network running five workstations with two or three users surfing at any given point, even downloading music, this policy doesn't seem to unreasonable.
Well, I wouldn't say that the USAF has the best training programs or the best jobs, but some locations can be more interesting than others. Don't expect a whole bunch of lies from this end, but don't take my point of view as the point of view of the USAF or federal government either.
I am currenly an Active Duty Comminications Computer Systems Operator for the USAF. Our job is quite simple, the operation of computers, computer networks, and most things associated with them. This is a broad field, meaning you could be operating an ancient obscure PDP-11 doing ancient database work, manning a help desk for 12 hours a day, working computer and network security through various agencies, or even act as a plain old systems administrator. I have heard of jobs to include Sun Cluster Administration and things like that, but these jobs are rare and people are handpicked for them.
Our training is at a very basic minimum, covering Windows, Unix, TCP/IP, Networking Fundamentals, and proprietary military information that really isn't important unless you attend the technical school. This course is approximately 14 weeks long and requires very little effort to pass unless you have no previous knowledge of computers except how to turn one on. Most of it is regurgitation of information. Some like myself found the training a good overview of computing in general.
I will warn people however that the military is not for everyone. You will deal with hard headed ignorant people on a daily basis who make absurd requests. This could be any job except for it is in the military with military rules and laws. If you can conform and want a steady paycheck, maybe this is for you. If you would be interested in this career field talk to a USAF recruiter.
The career field is known as Communications Computer Systems Operator. There are other career fields in IT as well such as Programming, Technical Control (Communications Equipment and Routers, VOIP, etc.). More information about these career fields can be found at a USAF recruiting office.
I have been doing this for four years and can honestly say that I will not be reenlisting because I have other goals beyond the USAF. Some might like this lifestyle and others may not like it at all. It really depends on the person.
What is an Anomaly based IDS and how does it differ from Signature based systems?
Signature based systems rely on static analysis of event.
Anomaly systems rely on creating a baseline of normal activity then flag any deviations.
How anomaly based systems work.
A baseline is normally gathered during a tuning phase. Gather all traffic, analyze it, store it.
Data mining process that does statistical analysis of data.
Theory behind them.
If its traffic that hasn't been seen before, its bad.
Attacks cause things the system has not seen before.
How to tear the Castle Down.
1.) More noise, less accuracy.
Single outside point to multiple inside machines.
Properly crafted packets will cause inside machines to appear as attackers.
2.) Covert channels.
Hiding the data in plain site.
How useful is this?
3.) Flooding.
Several outside sources to a single inside source.
Not very effective, but useful for quick and dirty.
Flaws in the System
Attacks against the system itself.
Attacks against what feeds the system.
Summary:
It is very easy to use anomalies to sort good traffic from bad. But with everything, this sort of system can be used against itself as a distraction. Its very flaw is its design. Using software such as this to detect worms is a great idea. However, it won't work once someone writes code that dodges this type of detection, ie something that pretends to be normal traffic.
The person who wrote this article is a flamming asshole. One, I have a real problem with people who believe no one should get sympathy because that person hasn't heard it from a specific group of people. How the hell does this prick know whether or not I care if cab-drivers and steel workers lose their jobs to employees in other countries? The fact is "asshole" that I grew up with steel and I surely do give a flying fuck about it. Just because my chosen interest and choice of employment disturb you doesn't make your misconception of me my problem. Nor does it give you the right to say shut up and take it.
In other words, if assholes could fly, this would be the airport, and you would have the biggest plane you meatheaded sack of shit.
Let me start out by saying that from either point of view, the "Cracker" or "Law Enforcement/Prosecution", no standard sentencing is going to be fair. But any punishment handed down by a court needs to be realistic. Punishment should fit the crime as best as possible.
Life imprisonment for defacing "www.yourmomma.com" with the possible death penalty is a way bit stiff for a fourteen year old using Dad's old K6-2, a copy of Red Hat he bought with his allowance last week from COMPUSA, and a 14.4 modem for dialup, and some "zero-day sploit" is ridiculous. Banning Junior from using a computer connected to the Internet except for school work with supervision, community service, probation until his 18th birthday and maybe even a year in a correctional facility, and a stiff fine for the parents (i.e. $50,000). That sounds a bit more reasonable.
Now some asshole war driving Wi-Fi getting some operational information about some military operation in a foreign country and then selling the information to no good Joe-Terrorist who then kills some American's for his so-called Jihad to rid the East of Western Capitalist Infidels.....lets just say life imprisoned or the death penalty will never replace the people who died for this guy's stupid belief system/religion.
So there it is folks, anyway you look at it, no sentencing standard is ever going to agree with everyone's platter, and in some cases it may never be enough for the actual crime.
Thats my ten cents.
Slashdot Mirror
"How the hell is anything that is US/Russia aerospace research oriented still worth classifying 50 years after the fact?"
You never know, such as demonstrated in the FOIA denial of information as follows:
James Madison Project v. NARA, No. 98-2737 (D.D.C. Mar. 5, 2002) (appeal pending) -- protecting eighty-five-year-old records pertaining to the "composition and detection of 'secret inks' including German secret ink that may have been used during World War I"; giving deference to CIA classification authority's determination that some of the intelligence "methods described . . . are still used by the CIA, . . . that third parties inimical to the interest of the United States may not know which of the formulas are still considered reliable by the CIA and approved for use by its agents," and that "some of the formulas included in these documents serve as building blocks of future covert communications methods."
I know it seems dumb, but these agencies actually take this crap seriously.
I can see the military applications for use of this technology as radar. However, what is to stop a more advanced country with electronic warfare capabilities from jamming the frequncies this type of equipment uses?
I have been a Cox broadband service customer for aproximatly two years six months. During the time I have been a customer I have not experienced many problems besides an occasional network outage in my local area.
Recently I recieved an e-mail message from Cox concerning their new bandwidth usage policy which is addressed in their FAQ.
"What Are the Current Cox High Speed Internet Residential Bandwidth Limitations? The Cox High Speed Internet acceptable use policy allows each user a maximum of 2GB per day and/or 30GB of downloads per month. Uploads are limited to 1GB per day and/or 7.5GB per month. This is an extremely high limit - for example 2GB of content is equivalent to about 60,000 pictures, 2000 minutes of MP3 music or 3 to 4 full-length movies."
I don't know about other service providers, but for a SOHO network running five workstations with two or three users surfing at any given point, even downloading music, this policy doesn't seem to unreasonable.
http://www.msfreepc.com/flash_main This is absolutely the most histerical thing I have seen in a while.
Well, I wouldn't say that the USAF has the best training programs or the best jobs, but some locations can be more interesting than others. Don't expect a whole bunch of lies from this end, but don't take my point of view as the point of view of the USAF or federal government either.
I am currenly an Active Duty Comminications Computer Systems Operator for the USAF. Our job is quite simple, the operation of computers, computer networks, and most things associated with them. This is a broad field, meaning you could be operating an ancient obscure PDP-11 doing ancient database work, manning a help desk for 12 hours a day, working computer and network security through various agencies, or even act as a plain old systems administrator. I have heard of jobs to include Sun Cluster Administration and things like that, but these jobs are rare and people are handpicked for them.
Our training is at a very basic minimum, covering Windows, Unix, TCP/IP, Networking Fundamentals, and proprietary military information that really isn't important unless you attend the technical school. This course is approximately 14 weeks long and requires very little effort to pass unless you have no previous knowledge of computers except how to turn one on. Most of it is regurgitation of information. Some like myself found the training a good overview of computing in general.
I will warn people however that the military is not for everyone. You will deal with hard headed ignorant people on a daily basis who make absurd requests. This could be any job except for it is in the military with military rules and laws. If you can conform and want a steady paycheck, maybe this is for you. If you would be interested in this career field talk to a USAF recruiter.
The career field is known as Communications Computer Systems Operator. There are other career fields in IT as well such as Programming, Technical Control (Communications Equipment and Routers, VOIP, etc.). More information about these career fields can be found at a USAF recruiting office.
I have been doing this for four years and can honestly say that I will not be reenlisting because I have other goals beyond the USAF. Some might like this lifestyle and others may not like it at all. It really depends on the person.
I think the message is relatively muted by the time it gets to the general public. Media, etc. So you are full of shit.
They should do that in the US.
I agree. I am pretty sure that in some locales you need a permit to organize a protest. Seems pretty ridiculous if you ask me.
Wow. If only 400 Protestors was what it would take to stop stupid laws in the U.S. then I would protest a hell of a lot more.
Then it would magicaly be an ISDN connection eh?
What is an Anomaly based IDS and how does it differ from Signature based systems?
Signature based systems rely on static analysis of event.
Anomaly systems rely on creating a baseline of normal activity then flag any deviations.
How anomaly based systems work.
A baseline is normally gathered during a tuning phase. Gather all traffic, analyze it, store it.
Data mining process that does statistical analysis of data.
Theory behind them.
If its traffic that hasn't been seen before, its bad.
Attacks cause things the system has not seen before.
How to tear the Castle Down.
1.) More noise, less accuracy.
Single outside point to multiple inside machines.
Properly crafted packets will cause inside machines to appear as attackers.
2.) Covert channels.
Hiding the data in plain site.
How useful is this?
3.) Flooding.
Several outside sources to a single inside source. Not very effective, but useful for quick and dirty.
Flaws in the System
Attacks against the system itself.
Attacks against what feeds the system.
Summary:
It is very easy to use anomalies to sort good traffic from bad. But with everything, this sort of system can be used against itself as a distraction. Its very flaw is its design. Using software such as this to detect worms is a great idea. However, it won't work once someone writes code that dodges this type of detection, ie something that pretends to be normal traffic.
The person who wrote this article is a flamming asshole. One, I have a real problem with people who believe no one should get sympathy because that person hasn't heard it from a specific group of people. How the hell does this prick know whether or not I care if cab-drivers and steel workers lose their jobs to employees in other countries? The fact is "asshole" that I grew up with steel and I surely do give a flying fuck about it. Just because my chosen interest and choice of employment disturb you doesn't make your misconception of me my problem. Nor does it give you the right to say shut up and take it. In other words, if assholes could fly, this would be the airport, and you would have the biggest plane you meatheaded sack of shit.
Let me start out by saying that from either point of view, the "Cracker" or "Law Enforcement/Prosecution", no standard sentencing is going to be fair. But any punishment handed down by a court needs to be realistic. Punishment should fit the crime as best as possible. Life imprisonment for defacing "www.yourmomma.com" with the possible death penalty is a way bit stiff for a fourteen year old using Dad's old K6-2, a copy of Red Hat he bought with his allowance last week from COMPUSA, and a 14.4 modem for dialup, and some "zero-day sploit" is ridiculous. Banning Junior from using a computer connected to the Internet except for school work with supervision, community service, probation until his 18th birthday and maybe even a year in a correctional facility, and a stiff fine for the parents (i.e. $50,000). That sounds a bit more reasonable. Now some asshole war driving Wi-Fi getting some operational information about some military operation in a foreign country and then selling the information to no good Joe-Terrorist who then kills some American's for his so-called Jihad to rid the East of Western Capitalist Infidels.....lets just say life imprisoned or the death penalty will never replace the people who died for this guy's stupid belief system/religion. So there it is folks, anyway you look at it, no sentencing standard is ever going to agree with everyone's platter, and in some cases it may never be enough for the actual crime. Thats my ten cents.
Hey this little project looks like a cool undertaking, I think I'll build one for myself. Snarf.