Well, really I was just addressing your question on persistence. IMHO, the real danger is being able to compromise VMMs loaded with Intel's Trusted Execution Technology. I have another comment lower down.
What I haven't seen noticed by anyone here, but actually discussed at length in the paper, is the danger to VMMs. This is specifically aimed at circumventing TXT (Trusted Execution Technology). Hell, the paper is called Attacking Intel's TXT. FTF Resarch Paper:
The sole purpose of Intel TXT technology is to
provide a trusted way for loading and executing
system software, e.g. Operating System kernel or
Virtualization Machine Monitor (VMM). This is
achieved by performing software measurements
and storing them in particular TPM registers. What
is extraordinary here is that TXT doesn't make any
assumptions about the state of the system before
loading the software, thus making it possible for a
user to ensure secure load of an OS or VMM, even
in a potentially compromised machine.
What they have found is way to poison this consistently and undetectably. Yes, you need Ring 0, but only for a short period of time to corrupt SMM with the custom shellcode. Now everything is completely undetectable. Plus, Ring 0 would not allow you to attack VMM that utilize TXT.
And this trick described in the paper must be redone every time the box boots.
Not necessarily. From reading the paper and slides, you *can* get shellcode to execute from BIOS (there's usually *empty* space available), or perhaps the flash on network cards or really anything that's flashable and initializes pre-boot. Just stuff some code there (I know I'm trivializing the effort needed, but trust me, someone *will* figure it out).
There's a comment earlier in this thread that talks about that possibility.
No they just charge you for the privillege of reading your own work on your own device.
Not true at all. I just spent the weekend converting all the e-books I had purchased on Baen's webscription site for the Kindle. Bean has a link in the download section of each book to "convert to Kindle format". You enter you kindle email and go. Now you can enter the email address @kindle.com and it will convert and use Whispernet to push it to the reader. That costs $0.10 per book. Or you can use the @free.kindle.com address. The conversion happens and a link is sent to download the e-book to your computer. It's then a simple drag and drop to the Kindle and you're good to go. That one costs nothing.
Incidentally, this option is available for the "Free Library" section at Baen which has a pretty extensive collection of their published authors.
Well, not a good one. Those are just cheapo models Datacolor, Pantone, and X-Rite make so Dad's family pictures will look "good enough" when printed. A pro-caliber color calibrator for serious graphic work will set you back $1500 for the low end. Even the portables for quickee on-the-fly calibration are going to run you at least $300.
I don't know where you live, but where I live (just outside of Chicago proper) a large chunk of school district funding comes from local property taxes, which is really a county tax. It's also supplemented by state Lottery sales. I don't know what portion of the income tax is used for education. It may be different in Chicago itself, but it was that way where I grew up as well (about 40 miles NW of Chi-town).
In fact, because a large amount comes from local property taxes, increases are are usually part of a referendum during local elections. As a result, most of the childless assholes reject any increase for education year after year. So, then music is cut, extracurricular activities are cut, art is cut, any sport other than football/basketball is cut, and so on until school resembles nothing so much as a junior version of a job to kids but with no pay. Then these assholes turn around bitch about the gradual decline of property values (which means even less flowing into the schools) because no one wants to move a family into an area serviced by an underfunded school district.
I myself am childless, but I always (well almost always, sometimes fiscal mismanagement needs to be discouraged) vote yes on education referendums. I had a fantastic education growing up filled with rich and diverse activities, and I would like to see the current generation have the same experiences and opportunities.
Yes, due to the economical crisis capital was removed and some speculative prices fell. However, do you seriously believe that energy prices will fall?
What? In the past six months I have seen gasoline prices plummet. Compared to this time last year my natural gas bill is much lower. My electric has stayed fairly consistent over the last 12 months.
I assure you, my usage has not changed in any significant way. As matter of fact I'm certain my natural gas usage is higher than last year due to the longer lasting cold spells we have experienced where I live.
Where are you that you have seen no impact to your energy prices? Of course you may have your state to thank for that, they may be mapped to a fixed rate or unregulated altogether. I know in IL, NG is mapped to market rates.
I could be wrong, but I think it's the responsibility of the Federal Courts to determine whether something is a matter of interstate commerce. A State Court can only rule on matters as they relate to the state constitution. Again, I could be (and probably am) wrong, but that was my take on it.
The site preferences are tied to your user account. they aren't applied unless you are logged in to the site.
The RSS feed for Slashdot is an anonymous connection. Any preferences tied to your user account wouldn't be applied to the feed in your RSS reader. I thought something like that would be rather obvious.
Star Wars (and Harry Potter) is simply a re-telling of themes found in mythic legends around the world using archetypes common to them all. Why do you think Lucas used Joseph Campbell as a sounding board for the original Star Wars series?
SSL connections are only valid as long as the user pays attention messages regarding a mismatch between the site and certificate and does not continue with the connection. Other SSL connections you cannot trust are self-signed certificates --it bypasses the whole authentication portion of SSL and only supplies an encrypted link-- and certificates signed by a CA that is not in your chain.
If all you need is an encrypted end-to-end connection over SSL (say for a management front-end), the self-signed is fine. But if you're using it for a connection to serve a population of users, you're better off getting it signed by a valid CA. I know I won't use any 3rd party sites that have self-signed certificates, or a certificate with an IP address for the CN instead of the actual hostname. I've found I haven't really been missing out on anything and I'm not left wondering. It should be noted due to my profession (Info Sec) I'm a little more paranoid than most.
I have a 900 (the one with the 900MHz Intel Mobile) and use it mostly for pentesting. I got it because it was a) cheap ($299) and b) has an atheros chipset (for monitor mode and packet injection). I usually spend most of my time on it in Backtrack on a 4GB SDHC --1.5GB for Backtrack proper, 2.5GB for results and persistent config changes. However, I carry the thing around with me to quickly check my IMAP accounts or do a little browsing and I found Ubuntu-EEE. It's 8.04.1 with the array.org changes and the Ubuntu netbook remix on the desktop. I haven't run into any problems with it.
What Sprint has done is to withdraw from the peering agreement, dropping Cogent like a hot potato like so many of Cogent's other peers in the past. Cogent is probably being a net.buttmunch and refusing to successfully negotiate a transit contract, while shamelessly playing the victim card.
I'm guessing that Sprint (and in the past AOL and Level3) don't really consider Cogent a so-called Tier 1 network. Usually you see peering agreements between Tier 1 networks since the traffic between the two usually average 1:1, so it makes sense for one or both to negotiate a peering agreement.
I'd really like to know what the traffic levels are (in both directions). I bet that would shed a *ton* of light on why Sprint shut Cogent down. If it's close to 1:1, then Sprint is probably trying something shady. *However*, if Cogent's traffic to and through Sprint is greater than the reverse on a consistent basis, then Cogent is really trying to get something for nothing. In that case I wouldn't blame Sprint for trying to get out of the peering and have Cogent set up a transit connection.
I think a small municipality, or even a decent sized city for that matter, would most likely get a transit connection instead of peering (as in purchase an upstream connections). Except for the largest of urban areas (such as a New York or Chicago), I doubt any city or county would be considered a Tier 1 provider and be attractive to any other Tier 1 for a peering agreement.
Did you try following the link that helpfully included in the post? It looks like it has all the info you require.
EWF Overview
Provides an overview of Enhanced Write Filter. This overview describes the EWF architecture and the components that are required to support EWF. It also defines common EWF terminology.
EWF Modes
Describes the different modes of EWF, and how to implement each type.
EWF Design Considerations
Describes the considerations you should make before configuring and deploying an EWF-protected run-time image./blockquote
Most of us "muppets" are happy to block 139 and its cousins at the firewall and be done with it. It's a LAN service. Assuming your network is secure from the outside, you can have your cake and eat it to.
Well, that's only the *direct* vector of exploitation from external. There's quite a few indirect There's already a trojan in the wild trying to leverage this issue. And users are users. As in "muppets" may not be to far off. I work in a very large environment and we are setting a 3 day deadline for testing and deployment. In fact I just got off the phone with IBM and EDS (manage some of our regions) and MS regarding this issue.
Additionally, having a soft chewy internal network is a big problem as well. You cannot discount deliberate attacks from the inside. Or idiots clicking links and opening attachments. Yeah, external links and attachments should be under control, but really this issue is really too serious. Any machine within an MS domain could exploit the server.sys RPC issue on any other machine sans authentication.
Really, your best bet is to test this quickly and deploy.
Water boils at lower temps at higher alts, making ramenboiling quicker.
But since it boils at a lower temp, wouldn't it then take longer to actually *cook* something? I'm anything but a competent cook (a salad with baked chicken is a stretch for me...), but my understanding was if you lower the temperature you needed to extend the time for cooking.
Using the famous Pull-Numbers-Out-Of-My-Ass technique: if water boils at 95C at altitude and 100C at sea level, wouldn't it follow that it would take longer to cook something in boiling water at altitude?
Slashdot Mirror
Well, really I was just addressing your question on persistence. IMHO, the real danger is being able to compromise VMMs loaded with Intel's Trusted Execution Technology. I have another comment lower down.
What they have found is way to poison this consistently and undetectably. Yes, you need Ring 0, but only for a short period of time to corrupt SMM with the custom shellcode. Now everything is completely undetectable. Plus, Ring 0 would not allow you to attack VMM that utilize TXT.
Not necessarily. From reading the paper and slides, you *can* get shellcode to execute from BIOS (there's usually *empty* space available), or perhaps the flash on network cards or really anything that's flashable and initializes pre-boot. Just stuff some code there (I know I'm trivializing the effort needed, but trust me, someone *will* figure it out).
There's a comment earlier in this thread that talks about that possibility.
Not true at all. I just spent the weekend converting all the e-books I had purchased on Baen's webscription site for the Kindle. Bean has a link in the download section of each book to "convert to Kindle format". You enter you kindle email and go. Now you can enter the email address @kindle.com and it will convert and use Whispernet to push it to the reader. That costs $0.10 per book. Or you can use the @free.kindle.com address. The conversion happens and a link is sent to download the e-book to your computer. It's then a simple drag and drop to the Kindle and you're good to go. That one costs nothing.
Incidentally, this option is available for the "Free Library" section at Baen which has a pretty extensive collection of their published authors.
Well, not a good one. Those are just cheapo models Datacolor, Pantone, and X-Rite make so Dad's family pictures will look "good enough" when printed. A pro-caliber color calibrator for serious graphic work will set you back $1500 for the low end. Even the portables for quickee on-the-fly calibration are going to run you at least $300.
Do you mean we should load up the plane with a bunch of those deer whistles?
I remember those commercials, but I think you just caused a great many slashdotters to scratch their heads over your seeming non sequitur :)
I don't know where you live, but where I live (just outside of Chicago proper) a large chunk of school district funding comes from local property taxes, which is really a county tax. It's also supplemented by state Lottery sales. I don't know what portion of the income tax is used for education. It may be different in Chicago itself, but it was that way where I grew up as well (about 40 miles NW of Chi-town).
In fact, because a large amount comes from local property taxes, increases are are usually part of a referendum during local elections. As a result, most of the childless assholes reject any increase for education year after year. So, then music is cut, extracurricular activities are cut, art is cut, any sport other than football/basketball is cut, and so on until school resembles nothing so much as a junior version of a job to kids but with no pay. Then these assholes turn around bitch about the gradual decline of property values (which means even less flowing into the schools) because no one wants to move a family into an area serviced by an underfunded school district.
I myself am childless, but I always (well almost always, sometimes fiscal mismanagement needs to be discouraged) vote yes on education referendums. I had a fantastic education growing up filled with rich and diverse activities, and I would like to see the current generation have the same experiences and opportunities.
What? In the past six months I have seen gasoline prices plummet. Compared to this time last year my natural gas bill is much lower. My electric has stayed fairly consistent over the last 12 months.
I assure you, my usage has not changed in any significant way. As matter of fact I'm certain my natural gas usage is higher than last year due to the longer lasting cold spells we have experienced where I live.
Where are you that you have seen no impact to your energy prices? Of course you may have your state to thank for that, they may be mapped to a fixed rate or unregulated altogether. I know in IL, NG is mapped to market rates.
I could be wrong, but I think it's the responsibility of the Federal Courts to determine whether something is a matter of interstate commerce. A State Court can only rule on matters as they relate to the state constitution. Again, I could be (and probably am) wrong, but that was my take on it.
The site preferences are tied to your user account. they aren't applied unless you are logged in to the site. The RSS feed for Slashdot is an anonymous connection. Any preferences tied to your user account wouldn't be applied to the feed in your RSS reader. I thought something like that would be rather obvious.
Holy crap, that rocked just reading it. Please tell me that's a real song that I can buy.
And if you'd think about it for second, you'd realize why.
Whoops, my bad. Lucas used Campbell's work to help create the first three. He didn't actually meet him until after Jedi was done.
Still the main point stands.
Star Wars (and Harry Potter) is simply a re-telling of themes found in mythic legends around the world using archetypes common to them all. Why do you think Lucas used Joseph Campbell as a sounding board for the original Star Wars series?
Thanks for the link and info. I don't know where I first heard it, but I'm pretty sure it was not attributed correctly.
SSL connections are only valid as long as the user pays attention messages regarding a mismatch between the site and certificate and does not continue with the connection. Other SSL connections you cannot trust are self-signed certificates --it bypasses the whole authentication portion of SSL and only supplies an encrypted link-- and certificates signed by a CA that is not in your chain.
If all you need is an encrypted end-to-end connection over SSL (say for a management front-end), the self-signed is fine. But if you're using it for a connection to serve a population of users, you're better off getting it signed by a valid CA. I know I won't use any 3rd party sites that have self-signed certificates, or a certificate with an IP address for the CN instead of the actual hostname. I've found I haven't really been missing out on anything and I'm not left wondering. It should be noted due to my profession (Info Sec) I'm a little more paranoid than most.
Well, English doesn't steal from foreign languages as much as it mugs them in back alleys, rifling through their pockets for loose grammar.
(yes, I stole that from somewhere, but for the life of me I can't remember who or where)
I have a 900 (the one with the 900MHz Intel Mobile) and use it mostly for pentesting. I got it because it was a) cheap ($299) and b) has an atheros chipset (for monitor mode and packet injection). I usually spend most of my time on it in Backtrack on a 4GB SDHC --1.5GB for Backtrack proper, 2.5GB for results and persistent config changes. However, I carry the thing around with me to quickly check my IMAP accounts or do a little browsing and I found Ubuntu-EEE. It's 8.04.1 with the array.org changes and the Ubuntu netbook remix on the desktop. I haven't run into any problems with it.
Another great resource is the EEEuser Wiki.
I'm guessing that Sprint (and in the past AOL and Level3) don't really consider Cogent a so-called Tier 1 network. Usually you see peering agreements between Tier 1 networks since the traffic between the two usually average 1:1, so it makes sense for one or both to negotiate a peering agreement.
I'd really like to know what the traffic levels are (in both directions). I bet that would shed a *ton* of light on why Sprint shut Cogent down. If it's close to 1:1, then Sprint is probably trying something shady. *However*, if Cogent's traffic to and through Sprint is greater than the reverse on a consistent basis, then Cogent is really trying to get something for nothing. In that case I wouldn't blame Sprint for trying to get out of the peering and have Cogent set up a transit connection.
I think a small municipality, or even a decent sized city for that matter, would most likely get a transit connection instead of peering (as in purchase an upstream connections). Except for the largest of urban areas (such as a New York or Chicago), I doubt any city or county would be considered a Tier 1 provider and be attractive to any other Tier 1 for a peering agreement.
Well, that's only the *direct* vector of exploitation from external. There's quite a few indirect There's already a trojan in the wild trying to leverage this issue. And users are users. As in "muppets" may not be to far off. I work in a very large environment and we are setting a 3 day deadline for testing and deployment. In fact I just got off the phone with IBM and EDS (manage some of our regions) and MS regarding this issue.
Additionally, having a soft chewy internal network is a big problem as well. You cannot discount deliberate attacks from the inside. Or idiots clicking links and opening attachments. Yeah, external links and attachments should be under control, but really this issue is really too serious. Any machine within an MS domain could exploit the server.sys RPC issue on any other machine sans authentication.
Really, your best bet is to test this quickly and deploy.
If it's anti-pirate day, wouldn't that mean today is really Stalk Like a Ninja :)
But since it boils at a lower temp, wouldn't it then take longer to actually *cook* something? I'm anything but a competent cook (a salad with baked chicken is a stretch for me...), but my understanding was if you lower the temperature you needed to extend the time for cooking.
Using the famous Pull-Numbers-Out-Of-My-Ass technique: if water boils at 95C at altitude and 100C at sea level, wouldn't it follow that it would take longer to cook something in boiling water at altitude?