In the USA, we have one oddball cell company called Cricket that offers unlimited local calls and a decent rate for long distance. The problem is that roaming isn't available from these guys at any price... stray outside of your home zone and the phone simply doesn't work. They only exist in spotty metro areas, nowhere close to coast-to-coast availabity.
They have specific routers and switches to cancel out garbage traffic.
The thing is, in order for such a filtering system to have any good traffic left to find, one must have more bandwidth upstream of the filter than the DDoSers have available to them. In short, one must have the ability to burst their connection to much much much more bandwidth than you need to handle your legit traffic, your incoming bandwidth must be your legit traffic plus the size of the DDoS you wish to be able to handle.
Translation: Keep any server you want to keep up at a major data center. They've got the bandwidth to spare, you have no hope of affording that much.
Re:I used to hate RealNetworks
on
Real's Reality
·
· Score: 3, Interesting
Every time I install RealOne, it decides to start a processor that takes my processor to 100%. Funny thing is, I rename the file so it can't start it... and nothing breaks.
Doctors might be able to turn away patients, but emergency rooms sure can't. So, in the end, somebody's going to have to try to treat these "blacklisted" people...
And people who go to the ER for something a PCP should be taking care of just drive up expenses and costs for everybody...
The reason why AT&T Wireless was so attractive to SBC/Cingular is because AT&T already started building out a GSM network and were already comitted to converting their customers too.
This is retirement point for the non-GSM AT&T networks in the areas where the customers are getting these notices. They have to get a new phone from somebody, because their old phone is about to become obsolete.
You own your phone, but in this case AT&T is telling these customers that if they don't trade in the phone, it won't work with AT&T anymore because the customer has a non-GSM phone, and AT&T is switching to GSM-only in their area.
Court records are public info, marriage certificates are public info, and many business transactions result in a public record. Really, your enitre life is published, it's just in so many disorganized places that it's hard for anybody to put it all together.
However, that's where technology comes in. Once all of those databases are converted from paper to bits, and then the tables are brought together and cross-linked, you can get a very scary pile of information just by having a name and address, or a social security number alone.
And really, the laws to regulate the use of such a database don't exist because, well, it hasn't really been fully done yet. But it seems like we keep getting closer and closer to the day where such a system will fully have the kinks knocked out and be availalbe to anybody who can pay for it...
What's more, the people who bought the stolen goods from EB were victims of a fraudulent transaction as well. Even if EB thought they owned the goods at that point, they still hadn't sat out the required 15-day holding period so that was an illegal transaction as well.
Pawn shop owners don't want to hear about possible stolen goods because that can only get them in trouble, they'd rather deal with a stolen good without knowing that it is stolen than do the right thing of turning it in.
There's no punishment for them if they don't realize that its stolen property... so they really want to follow a don't ask, don't tell policy.
Actually, a court is only supposed to resolve disuptes into who owns an item. Once a court certifies that this woman owns what she says she owns, it then falls back onto the police to do the strongarming.
The difference between a pawn shop and this type of operation is that the person who brings the item in doesn't have the option to buy their item back at any price less than the price it goes on sale to the general public.
However, beyond that, used property sellers do have to comply with many of the same regulations designed to make it harder to sell stolen property. It appears EB is not following at least one of them in this case.
But in this case, the police should already have enough proof. There's a confession from the thief, and a matching transaction that fits the description on EB's records too.
It seems like EB's operations in Florida are illegal because under state law they have to hold any used good they buy for 15 days specifically to allow for any such claim of theft to be made. EB clearly sold some of the goods before that time, so they're in trouble.
So, now, the only question is why it's a local TV station pointing this out instead of the local police? EB's used goods operation isn't complying with state law. That's the bigger problem...
I think the biggest problem with DDoS attacks is that users who are outwardly sending a DoS might just not care to realize that they're doing so. Afterall, it doesn't harm them. It drives somebody else out there insane, but there's no harm to them in losing the upbound bandwidth cycles they weren't going to use.
Maybe at this point capping a cable modem's upbound bandwidth, or at least charging more for the overage would make the user who uploads DoS packets that contribute to a DDoS have to pay for doing so...
Yeah, I know this is the RIAA's dream because it'd also cripple P2P uploaders, but they weren't up to any good anyway either. If you've really got something to share, get yourself a web server at some server farm somewhere...
I thought the script kiddies were the ones that didn't do any more cracking than search/download/copy-and-paste?
The script kiddies we're talking about are those who are copy-and-pasting 0day hacks. A hack that the White Hats don't know about yet, and even most black hats don't know about yet. The big mysterious question: Just how did these kids get into the web-of-trust it takes to have this tool before the "good guys" do?
Afterall, the first "good guy" who gets this tool will hand it over to the white hat experts who will start the work on the patch that makes the hack worthless. So, the web of trust on these things has to be tight... so again, how do the new script kiddies get in the club?
It's a culture that we should try to understand, because if we can find a way to take away their motivations, we'll have less hassles to do with on our networks.
What a 0day really boils down to is a mistake that a programmer made that never got corrected and therefore got distributed, but this mistake has yet to be documented in any way. White hats announce what they've discovered in the form of a patch, or at worst a security alert to the public. Black hats announce what they've discovered in the form of a malware attack.
Really... we'd like to know what motivates black hats, because we'd like to find a way to get them to play on the white team.
From an admin's perspective, a DDoS is the scariest attack of all. There's nothing you can do to prevent it, and nothing you can do to stop it.
An admin whose network is being DDoSed really doesn't have much hope of doing anything. Their inbound communication line to the outside world is being flooded with so much garbage information, the signals that they want to get over that line are simply drowned out. Incoming connections can't get a turn going down the pipe, so they time out. He's powerless, everything in his shop is nice and secure, but can't function without geting any useful requests. That poor admin can call his ISP... but there's really not much the ISP can do from their side of the line.
The real problem in a DDoS attack is not that the final victim's security has gone wrong, but the security of other computers elsewhere on the Internet have been compromised, and they've been turned into zombies contributing to the DDoS flood. The DDoS will not subside until nearly all those machines are all patched, but that's not something the victim's people can do. They have to wait for the Anti-Virus providers and software providers to knock down the flamethrowers that are all being shot in the same direction.
Any time you're relying on third parties who don't work for you to save your business, you're really up a creek and are throwing yourself on the mercy of the tech world. Hopefully they'll save you in time, because there's really not much you can do from your own datacenter.
This is in part why the This Old House Classics that run on commerical channels are only from the post-1989 seasons after Vila left the show, the first 10 seasons are something WGBH would rather forget.
Vila was not hired because he knew about construction. He was hired because he looked credible, and could speak well to the camera. He was the host of the show, and that's it.
The problem is, one of the co-defendants is BVWebTies LLC. That's his company, he's the "BV" in that name.
So, whether he made the decision or not, he's responsible because he owns at least a good chunk of the company that the decision maker was acting on behalf of.
In the USA, we have one oddball cell company called Cricket that offers unlimited local calls and a decent rate for long distance. The problem is that roaming isn't available from these guys at any price... stray outside of your home zone and the phone simply doesn't work. They only exist in spotty metro areas, nowhere close to coast-to-coast availabity.
This won't satisfy most /. readers. The CAN$40 a monthly fee only covers 20 GB down and 5 GB up. Extra GBs cost CAN$10 each.
They have specific routers and switches to cancel out garbage traffic.
The thing is, in order for such a filtering system to have any good traffic left to find, one must have more bandwidth upstream of the filter than the DDoSers have available to them. In short, one must have the ability to burst their connection to much much much more bandwidth than you need to handle your legit traffic, your incoming bandwidth must be your legit traffic plus the size of the DDoS you wish to be able to handle.
Translation: Keep any server you want to keep up at a major data center. They've got the bandwidth to spare, you have no hope of affording that much.
Every time I install RealOne, it decides to start a processor that takes my processor to 100%. Funny thing is, I rename the file so it can't start it... and nothing breaks.
Doctors might be able to turn away patients, but emergency rooms sure can't. So, in the end, somebody's going to have to try to treat these "blacklisted" people...
And people who go to the ER for something a PCP should be taking care of just drive up expenses and costs for everybody...
The reason why AT&T Wireless was so attractive to SBC/Cingular is because AT&T already started building out a GSM network and were already comitted to converting their customers too.
This is retirement point for the non-GSM AT&T networks in the areas where the customers are getting these notices. They have to get a new phone from somebody, because their old phone is about to become obsolete.
You own your phone, but in this case AT&T is telling these customers that if they don't trade in the phone, it won't work with AT&T anymore because the customer has a non-GSM phone, and AT&T is switching to GSM-only in their area.
Court records are public info, marriage certificates are public info, and many business transactions result in a public record. Really, your enitre life is published, it's just in so many disorganized places that it's hard for anybody to put it all together.
However, that's where technology comes in. Once all of those databases are converted from paper to bits, and then the tables are brought together and cross-linked, you can get a very scary pile of information just by having a name and address, or a social security number alone.
And really, the laws to regulate the use of such a database don't exist because, well, it hasn't really been fully done yet. But it seems like we keep getting closer and closer to the day where such a system will fully have the kinks knocked out and be availalbe to anybody who can pay for it...
What's more, the people who bought the stolen goods from EB were victims of a fraudulent transaction as well. Even if EB thought they owned the goods at that point, they still hadn't sat out the required 15-day holding period so that was an illegal transaction as well.
Pawn shop owners don't want to hear about possible stolen goods because that can only get them in trouble, they'd rather deal with a stolen good without knowing that it is stolen than do the right thing of turning it in.
There's no punishment for them if they don't realize that its stolen property... so they really want to follow a don't ask, don't tell policy.
Actually, a court is only supposed to resolve disuptes into who owns an item. Once a court certifies that this woman owns what she says she owns, it then falls back onto the police to do the strongarming.
The difference between a pawn shop and this type of operation is that the person who brings the item in doesn't have the option to buy their item back at any price less than the price it goes on sale to the general public.
However, beyond that, used property sellers do have to comply with many of the same regulations designed to make it harder to sell stolen property. It appears EB is not following at least one of them in this case.
Yep... the $200 or so profit they made in this transaction is defintely not worth being broadcast on a local TV news "Hall of Shame" segment.
But in this case, the police should already have enough proof. There's a confession from the thief, and a matching transaction that fits the description on EB's records too.
The police already should have known where to go to find here stolen goods, they just have to read the thief's own confession...
It seems like EB's operations in Florida are illegal because under state law they have to hold any used good they buy for 15 days specifically to allow for any such claim of theft to be made. EB clearly sold some of the goods before that time, so they're in trouble.
So, now, the only question is why it's a local TV station pointing this out instead of the local police? EB's used goods operation isn't complying with state law. That's the bigger problem...
Ever get slashdotted? Nope, although I think my site could survive it. :)
I think the biggest problem with DDoS attacks is that users who are outwardly sending a DoS might just not care to realize that they're doing so. Afterall, it doesn't harm them. It drives somebody else out there insane, but there's no harm to them in losing the upbound bandwidth cycles they weren't going to use.
Maybe at this point capping a cable modem's upbound bandwidth, or at least charging more for the overage would make the user who uploads DoS packets that contribute to a DDoS have to pay for doing so...
Yeah, I know this is the RIAA's dream because it'd also cripple P2P uploaders, but they weren't up to any good anyway either. If you've really got something to share, get yourself a web server at some server farm somewhere...
Those using Cisco products aren't the bigest problem. It's those using cheaper products that don't even offer this feature at all.
I thought the script kiddies were the ones that didn't do any more cracking than search/download/copy-and-paste?
The script kiddies we're talking about are those who are copy-and-pasting 0day hacks. A hack that the White Hats don't know about yet, and even most black hats don't know about yet. The big mysterious question: Just how did these kids get into the web-of-trust it takes to have this tool before the "good guys" do?
Afterall, the first "good guy" who gets this tool will hand it over to the white hat experts who will start the work on the patch that makes the hack worthless. So, the web of trust on these things has to be tight... so again, how do the new script kiddies get in the club?
It's a culture that we should try to understand, because if we can find a way to take away their motivations, we'll have less hassles to do with on our networks.
What a 0day really boils down to is a mistake that a programmer made that never got corrected and therefore got distributed, but this mistake has yet to be documented in any way. White hats announce what they've discovered in the form of a patch, or at worst a security alert to the public. Black hats announce what they've discovered in the form of a malware attack.
Really... we'd like to know what motivates black hats, because we'd like to find a way to get them to play on the white team.
From an admin's perspective, a DDoS is the scariest attack of all. There's nothing you can do to prevent it, and nothing you can do to stop it.
An admin whose network is being DDoSed really doesn't have much hope of doing anything. Their inbound communication line to the outside world is being flooded with so much garbage information, the signals that they want to get over that line are simply drowned out. Incoming connections can't get a turn going down the pipe, so they time out. He's powerless, everything in his shop is nice and secure, but can't function without geting any useful requests. That poor admin can call his ISP... but there's really not much the ISP can do from their side of the line.
The real problem in a DDoS attack is not that the final victim's security has gone wrong, but the security of other computers elsewhere on the Internet have been compromised, and they've been turned into zombies contributing to the DDoS flood. The DDoS will not subside until nearly all those machines are all patched, but that's not something the victim's people can do. They have to wait for the Anti-Virus providers and software providers to knock down the flamethrowers that are all being shot in the same direction.
Any time you're relying on third parties who don't work for you to save your business, you're really up a creek and are throwing yourself on the mercy of the tech world. Hopefully they'll save you in time, because there's really not much you can do from your own datacenter.
This is in part why the This Old House Classics that run on commerical channels are only from the post-1989 seasons after Vila left the show, the first 10 seasons are something WGBH would rather forget.
Vila was not hired because he knew about construction. He was hired because he looked credible, and could speak well to the camera. He was the host of the show, and that's it.
Of course, the casino is keeping track of the behavior of its wheels too. Any wheel that starts to favor a number too much is sure to be retired.
The problem is, one of the co-defendants is BVWebTies LLC. That's his company, he's the "BV" in that name.
So, whether he made the decision or not, he's responsible because he owns at least a good chunk of the company that the decision maker was acting on behalf of.