The 1337 feed first on real machines, for real goods. By the time the 'sploit's get disclosed (the ones that do). It's just the script-kiddies feasting on the luser too lame to actually adminster the patch.
I occasionally portscan, just a few ports, I might say run
[nmap -P0 -O 204.*.*.* -p 21,25,80,139,443,445]
Just to get an idea of how many Boxes run various Os's look at few random website's etc. Nothing malicious, though some would say it's a bit rude. If it looks like a win box I might do some icmp/udp work to guess at the version w/ another script. Port Knocking looks like a good way for admins to opt-out of these "just curious" scans. If the ports seemed FILTERED (to a lesser degree even CLOSED), it just another case of move on to the next host. If it's a directed attack, that's a different story, but why even bother clogging application logs withr script kiddies and other errata traffic?
It reminds me of a quote a chess player made something to the effect of "I won't get out of bed for a player less than a Master". The _application_ logs are a lot more meaningful, if the traffic was all particularly intentful.
Well the issue is your _application_ logs get a lot shorter here. You won't show 50,000 entries in your apache access logs from the million and one script kiddies who found your box with a port scan and try to run some 7 year old NT 'sploit-- They won't ever make an actual HTTP request!!
Also this isn't exactly sec. through obsc. Anymore than an "obscure" password is; it just allows for a bit more flexibilty. Just as a pwd can deny access without proper auth this does the same-- a side effect is that you don't even have to inform the user that they were denied access.
They've made a great choice, the size and speed of Linux is definitely evident, as well as the time and money saved on liscensing and porting to new hardware as time marches on. Currently the DL-PPC will ship with 2.4.18, but I think others will agree that the added responsiveness of the 2.6's will really be appreciated in the PDA arena. Joseph "Redmond" Cheek, definitely did his homework here, this is a great match.
I'd personally be completely happy if they went with minimalist solutions to the various implementations. (ie gui, mail client, text editors, browser, etc). I guess this is a bit less feasible for business oreinted ends, but still... gnome? kde? Who tolerates the latency?!
I wonder if they've learnt to mask out the garbage files that they've flooded the network with, or if they're like "People love hearing Madonna curse at them... we should release a single". Or maybe they'll think people like getting random crap that is nothing like how it's labled and start shipping CD's in mis-labeled packaging. Or better yet they're probably just trying to get into the record books for most duplicates on slashdot.
I hipped up to the "put me on your do not call list" trick a long time ago, but recently I started getting woken up (I work late shift) by recordings...long ones! What's at the end???!? "leave your number if you would like to be called by a rep. at a later time concerning this offer". Great so I can either get called by another equally annonying call the next morning or I can request a call from a rep. at which time I will be added to their explicit "Call" list. Has anyone else experienced this?? How have you handled this?
Slashdot Mirror
That's funny in my .bashrc I actually do have an alias to show me what's playing at my local theatre quickly.
s e_id=3341"
alias amc="dillo http://www.movietickets.com/house_detail.asp\?hou
Really quick and easy, but useful. Just visit the site once for your "house_id".
(/. put the spaces in the url)
What no SCOX?
No:
delayed publication = delayed exploits
The 1337 feed first on real machines, for real goods. By the time the 'sploit's get disclosed (the ones that do). It's just the script-kiddies feasting on the luser too lame to actually adminster the patch.
See, the legal system is not the way to solve our problems.
we hunt down and "kill" other guild members with weapons such as cap guns and cardboard swords.
Which takes longer: pistol whipping someone to death with a cap gun or administering the lethal cardboard paper-cut?
If you're lucky enough to meet her, try to ignore the tangle of wires slinking from behind her face. Ignore?!? hell it turns me on!! Grrrrr.
In my day, we had to write our bootable Linux cd's by hand... with only a hex editor --in German.
Haven't you ever heard of the Man Bear Love Association you insensitive clod!
I occasionally portscan, just a few ports, I might say run [nmap -P0 -O 204.*.*.* -p 21,25,80,139,443,445] Just to get an idea of how many Boxes run various Os's look at few random website's etc. Nothing malicious, though some would say it's a bit rude. If it looks like a win box I might do some icmp/udp work to guess at the version w/ another script. Port Knocking looks like a good way for admins to opt-out of these "just curious" scans. If the ports seemed FILTERED (to a lesser degree even CLOSED), it just another case of move on to the next host. If it's a directed attack, that's a different story, but why even bother clogging application logs withr script kiddies and other errata traffic? It reminds me of a quote a chess player made something to the effect of "I won't get out of bed for a player less than a Master". The _application_ logs are a lot more meaningful, if the traffic was all particularly intentful.
Well the issue is your _application_ logs get a lot shorter here. You won't show 50,000 entries in your apache access logs from the million and one script kiddies who found your box with a port scan and try to run some 7 year old NT 'sploit-- They won't ever make an actual HTTP request!! Also this isn't exactly sec. through obsc. Anymore than an "obscure" password is; it just allows for a bit more flexibilty. Just as a pwd can deny access without proper auth this does the same-- a side effect is that you don't even have to inform the user that they were denied access.
I agree, add a spoofed hostname and you've got yourself a canned DOS attack!
Or you could just silently discard all packets though only forwarding the secret handshake once on to the requisite host.
They've made a great choice, the size and speed of Linux is definitely evident, as well as the time and money saved on liscensing and porting to new hardware as time marches on. Currently the DL-PPC will ship with 2.4.18, but I think others will agree that the added responsiveness of the 2.6's will really be appreciated in the PDA arena. Joseph "Redmond" Cheek, definitely did his homework here, this is a great match.
That be great for pr0^H^H^H, err reasearch. Yeah, reasearch.
And by that I'm sure he means they'll have all that fabulous crap when they actually obtain some "knowledgeable Networkers"
Slashdot has a crush on Groklaw. Cowboy Neal, Pamela Jones, it could work.
We get signal.h
...horrible!! You're just lucky I couldn't work a
:)~
main(){
screen_turn(on)
"make --ur time.c" in
I'd personally be completely happy if they went with minimalist solutions to the various implementations. (ie gui, mail client, text editors, browser, etc). I guess this is a bit less feasible for business oreinted ends, but still... gnome? kde? Who tolerates the latency?!
And there's still a lot of place on the CD which uses a compressed filesystem for bringing us the best of both worlds."
Maybe Slashdot is out of place on their servers.
Didn't like the BSD logo
There's no point to forcing a cash-only society. The future has already been written. It's just a matter of time before it comes to pass.
Judgement Day is inevitable
- T101, Rise for the Machines.
I wonder if they've learnt to mask out the garbage files that they've flooded the network with, or if they're like "People love hearing Madonna curse at them... we should release a single". Or maybe they'll think people like getting random crap that is nothing like how it's labled and start shipping CD's in mis-labeled packaging. Or better yet they're probably just trying to get into the record books for most duplicates on slashdot.
I'm sure there's a netbsd port for it.
I hipped up to the "put me on your do not call list" trick a long time ago, but recently I started getting woken up (I work late shift) by recordings...long ones! What's at the end???!? "leave your number if you would like to be called by a rep. at a later time concerning this offer". Great so I can either get called by another equally annonying call the next morning or I can request a call from a rep. at which time I will be added to their explicit "Call" list.
Has anyone else experienced this??
How have you handled this?
The projects so good that publishers just publish HOWTO's verbatim ocassionally, for print.