I use SSL/TLS encryption on my SMTP traffic using STARTTLS. The reason is a long story but it has to do with my work in infosec. So I run my own mail server with STARTTLS configured. After having the same problem with their anal spam blocks I too had to set up a special mail route for anything to gmail to go via my ISPs mail relay.
They don't always get e-mail right either. There was a guy with the e-mail address "j at ie" back when there was an MX record for the ".ie" TLD. Just try entering that into Outlook and see if it can recognise a valid RFC-2822 e-mail address [hint: no].
Now that I think of it I believe that I too would like an e-mail address that people with Outlook could not send e-mail to;-)
A few years ago thieves stole several kilometers of rope from newly layed pipes alongside a road near where I lived. The ropes were to be used to pull cables through the pipes using openings every 100 meters. The company was on the point of digging up the roadside to relay the pipes when a local farmer explained that he had a trained ferret that he used for such work on his farm.
The ferret pulled string through the pipes and that was used to pull rope which then was used to pull the cables through. I have heard that the same trick was used in the 1800's for telegraph cables.
I'm typing this on a T400 and I'm glad to hear that they have fixed the escape key. On my kbd it's above the F1 key and I am tired of seeing the Firefox help page!
I am trying to deploy a new PKI root certificate to around 100,000 desktops. For IE I deployed it via Active Directory. For the Firefox, Thunderbird and Unix desktops I had to write a complex package using the Mozilla 'certutil' tool. The result was dozens of helpdesk calls due to corrupt 'cert8.db'.
If he needs Split Tunneling to access local resources or do web surfing outside the VPN then he can use a reliable external DNS like 4.2.2.2 instead of his (small) ISP DNS.
I remember submitting some patches to them many years ago when I got Minix working in less that one megabyte of RAM (at the time Minix worked at 1Mb and up) and thinking that it would be nice if it were GPL and if I had the time... As I recall some guy in Finland did have the time
I was at DEC when we brought out the first VAX and some areas were enforced "metal free". You shouldn't wear a metal wristwatch strap when working near a 5V power bus that gives 300 AMPS !
it's not your Grandpa's Internet anymore
on
Jurassic Web
·
· Score: 1
Back in 1996 we were saying that the Internet had been a much better place way back before 1993:-)
That is actually one of the schemes that I use. I have a keyword that I use to generate the password for all websites; I concatenate the keyword and the site's domain name and use an hash of that and allow Firefox to store it. That way I get a different pwd for each site yet I can regenerate it if I need to.
Rob, you may have just hit on the only reason that IPv6 will take off. Imagine a separate/. instance
on an IPv6 net that was unreachable from IPv4;-) Either that or move back to nntp now that the "eternal September" is finally being ended by censorship.
You can get a valid cert from some vendors if you control the e-mail addresses of the domain. If you can poison the DNS cache used by a cert vendor, publish a fake MX record for the victim domain and intercept e-mail to webmaster@example.com
My son was bored with my attempts to show him how cool kernel hacking is and I began to despair. Some weeks later he came to me and asked if it would be possible to set up an 'auto-typer' to help in an online game that involves repeated typing of the same phrases. He was willing to get involved in putting the script together because he saw a use for it. He even agrees that our approach was better than just downloading one that does almost what he wanted.
That was the start of the IP Internet. The 'Matrix' (as John Quarterman called it then) has already been coming together for a decade as a loosely coupled set of independent networks using different protocols internally. I remember using DecNet in 1980 to chat and e-mail between Ireland and California. I was also on several interconnected BBS (think FidoNet, and later CompuServe) and AMPRNet in '82 (only 1200 baud but we built our own infrastructure and did not need an ISP:-) IP made things much easier when we started using the same protocol on all the nets.
I would provide it in a PGPdisk or TrueCrypt encrypted volume and instruct them that it is not to be copied out of that volume to an unencrypted medium. They can make as many copies of the encrypted volume as they like but never extract the data to an unencrypted file. Deliver by hand/courier and get it signed for. Send key by different channel (eg. encrypted e-mail).
If the consultant wishes to use Excel or similar office tools then they can work off the encrypted volume.
If they wish to import it into a database then they must show that the database software supports encrypted tables and prevents unauthorized dumps of data. They should provide details of which data leakage prevention tools they use (McAfee HDLP etc.)
Put in some fake data (different for each consultant) that would trace the leak source and, if possible, trigger some kind of alarm if used.
120V into a modem would just make the opto-isolator pop like pop-corn but it probably would not damage the rest of the electronics (I have worked on modem design).
The most likely result would be to add "intent to do bodily harm" to the charge sheet, or worse if the telephone company technician was following the wires when someone opened the box:-(
Slashdot Mirror
I use SSL/TLS encryption on my SMTP traffic using STARTTLS. The reason is a long story but it has to do with my work in infosec. So I run my own mail server with STARTTLS configured. After having the same problem with their anal spam blocks I too had to set up a special mail route for anything to gmail to go via my ISPs mail relay.
Now that I think of it I believe that I too would like an e-mail address that people with Outlook could not send e-mail to ;-)
The ferret pulled string through the pipes and that was used to pull rope which then was used to pull the cables through. I have heard that the same trick was used in the 1800's for telegraph cables.
and for next week's assignment have him carry around a ghettoblaster ;-)
I'm typing this on a T400 and I'm glad to hear that they have fixed the escape key. On my kbd it's above the F1 key and I am tired of seeing the Firefox help page!
I am trying to deploy a new PKI root certificate to around 100,000 desktops. For IE I deployed it via Active Directory. For the Firefox, Thunderbird and Unix desktops I had to write a complex package using the Mozilla 'certutil' tool. The result was dozens of helpdesk calls due to corrupt 'cert8.db'.
Workaround: change the keyboard layout to slow down the typist
http://en.wikipedia.org/wiki/Qwerty
If he needs Split Tunneling to access local resources or do web surfing outside the VPN then he can use a reliable external DNS like 4.2.2.2 instead of his (small) ISP DNS.
I remember submitting some patches to them many years ago when I got Minix working in less that one megabyte of RAM (at the time Minix worked at 1Mb and up) and thinking that it would be nice if it were GPL and if I had the time...
As I recall some guy in Finland did have the time
I was at DEC when we brought out the first VAX and some areas were enforced "metal free". You shouldn't wear a metal wristwatch strap when working near a 5V power bus that gives 300 AMPS !
http://en.wikipedia.org/wiki/Eternal_September
uucp://duke!decvax!gwkl10a!kevin
no, it just has to be Cuba Libre !
I have always wondered if the server versions of Windows do not have this I/O limitation but I have been too lazy to do a proper comparison.
Slashdot people often said that a Windows computer is only secure when encased in a steel box and sunk beneath the sea. So, why complain now?
citation required!
You need a "micro-etched nickel alloy disc three inches (7.62 cm) across with 2,000 year life expectancy".
That is what these guys are using: http://en.wikipedia.org/wiki/Rosetta_Project
Previously discussed: http://science.slashdot.org/article.pl?sid=08/08/25/0312229
That is actually one of the schemes that I use. I have a keyword that I use to generate the password for all websites; I concatenate the keyword and the site's domain name and use an hash of that and allow Firefox to store it. That way I get a different pwd for each site yet I can regenerate it if I need to.
the 80's called and want their password scheme back
Rob, you may have just hit on the only reason that IPv6 will take off. Imagine a separate /. instance
on an IPv6 net that was unreachable from IPv4 ;-)
Either that or move back to nntp now that the "eternal September" is finally being ended by censorship.
You can get a valid cert from some vendors if you control the e-mail addresses of the domain. If you can poison the DNS cache used by a cert vendor, publish a fake MX record for the victim domain and intercept e-mail to webmaster@example.com
"11.5 % =>What DNS issue?"
http://isc.sans.org/poll.html?results=Y
My son was bored with my attempts to show him how cool kernel hacking is and I began to despair. Some weeks later he came to me and asked if it would be possible to set up an 'auto-typer' to help in an online game that involves repeated typing of the same phrases. He was willing to get involved in putting the script together because he saw a use for it. He even agrees that our approach was better than just downloading one that does almost what he wanted.
That was the start of the IP Internet. The 'Matrix' (as John Quarterman called it then) has already been coming together for a decade as a loosely coupled set of independent networks using different protocols internally. I remember using DecNet in 1980 to chat and e-mail between Ireland and California. I was also on several interconnected BBS (think FidoNet, and later CompuServe) and AMPRNet in '82 (only 1200 baud but we built our own infrastructure and did not need an ISP :-)
IP made things much easier when we started using the same protocol on all the nets.
If the consultant wishes to use Excel or similar office tools then they can work off the encrypted volume.
If they wish to import it into a database then they must show that the database software supports encrypted tables and prevents unauthorized dumps of data. They should provide details of which data leakage prevention tools they use (McAfee HDLP etc.)
Put in some fake data (different for each consultant) that would trace the leak source and, if possible, trigger some kind of alarm if used.
The most likely result would be to add "intent to do bodily harm" to the charge sheet, or worse if the telephone company technician was following the wires when someone opened the box :-(