Yes, the Black component can't be called 'B' because of Blue. It gets the 'K' because in printing it's often called the Key colour. (and the added bonus of having that letter in its name)
Sounds like the silly admins didn't check the "User must change password at next login". Of course, you don't just use it for new users, any time you take an angry call from a user, just tick the "must change password" box. You'll feel better already, and your victim won't figure it out because they won't have to change it until tomorrow morning.
Imagine a man sitting at a terminal. Breaking 128-bit SSL. With a gun to his head. Getting a blowjob.
No, TV is not reality, and they bend and break things to be more appealing to the audience. You think *real* crime scene investigators and doctors/nurses don't get the same thing?
Recently, watching a (terrible) movie with Sylvester Stallone, I eyerolled when he told a paramedic "this man needs an I.V." - as if he'd be healed by any random substance being shoved into his veins by way of a needle.
This. Password rotation is dumb dumb dumb dumb dumb. At least half of my users would have mentioned the annoyance of changing passwords, many tell me the exact process they use to circumvent it while doing so. But my hands are tied, because twice a year the auditors come in, and if I don't have a password rotation policy he'll tell my boss, who'll then tell me to implement it. I've tried to reason with him, but passing the audit was more important. Beancounters in charge of IT FTW.
Just FYI, the iPod Touch is pretty much an iPhone minus the Phone, GPS and Compass*, and can run most of the same apps without any monthly cellular cost.
*I've probably left a couple of inconsequential things out, it doesn't matter.
First you tell me not to make unverified claims (presumably referring to "undefined behaviour"), and then go on to itemise three ways a switch might deal with an ARP overload, even identifying that a Linksys switch, in your experience, will behave differently than others, in a completely undesirable manner in fact. Fuck me dead.
Secondly: No I would not be surprised at how many A+ asshats have daisy-chained these fuckers all around the floor. I've yanked them out by the dozen and forbidden them from use without at least arranging their deployment with me - otherwise the appearance of multiple MACs on a user port would trigger my port security.
I know that some switches will flood unknown unicasts if their CAMs get full. But you've shown yourself that you can't rely on how cheap nasty switches are going to perform even with some such as ARP flooding which would otherwise seem predictable and defined. You don't know how the code in these horrible, demonic little pieces of shit has been written, and that's why I'm saying: Don't ARP flood a cheap switch and expect it'll flood all unicasts as a result. Even if you are successful and get flooded unicasts, perhaps you'll have no control over the switches downstream toward the router, which might not take kindly to your pointless spewing of fake MACs to the network. I can say for sure if you tried that on one of my ordinary user ports, you'd be shut out immediately the switch saw a second ARP entry for a port that should normally have only one.
But then, if you had a port on my switch, and needed to monitor frames in either direction between to arbitrary other ports you'd get just that - a properly configured SPAN port that's going to do exactly what we expect, and no silly messing around with ARP spoofing just to confuse matters at the packet sniffing end.
But in this case bridging is exactly what you want to do, as the network topology between the potentially infected host and its router is unchanged. If you route instead, you'll probably also need to NAT also, which could confuse the issue, possibly allowing the bot to determine the topology has changed and prompt its defense mechanism (which is probably to shut down).
Sure, the majority of bots probably wouldn't notice (I routed through my Linux box to detect a bot before I knew how to bridge through it instead, and sure enough, hundreds of outbounds to port 25), but I believe 'best practice' would be sniff as transparently as possible. That's either with
a Hub (hard to find now, thank fuck)
something that behaves like one, such as a SPAN (ciscospeak, sorry) port, software ethernet switch (Linux or similar bridging).
the (presumably uncompromised) router being able to run packetsniffer software.
All those spouting on about using ARP table attacks to confuse the switch into being a hub shut the hell up. If you want to do this seriously, get yourself a cheap Cisco 2950 or something that supports 802.1q, monitor ports (SPAN in ciscospeak). I tried to make something similar out of a PowerMac G4 full of gigabit cards for my lab, but found Linux bridging and STP to be rather buggy. In particular, found an edge case where ports would not block when the Linux host:
Was the STP root, and
Had a bridging loop occuring between two of ITS ports.
I had a look at linux/net/stp.c, and was quickly reminded why I'm a network admin, network admin, network admin and not a developer, developer, developer:)
Hardly a reliable or controlled test, relying on undefined behaviour of your 'switch'. In the process of confusing your ARP tables, you'll more likely prevent frames from reaching the correct destination: the router. You've either got a monitor port, or you haven't. You can't 'make' one by confusing the hell out of a cheap switch.
Years, years ago the printing industry used a lot of isopropanol, and there have been incidents of printers failing a sobriety test due to their 'professional exposure'. I'm not sure if it's completely a thing of the past now, I'm not aware of any offset printing processes still using it - another problem with it was staff stealing it to make cannabis resin.
Probably at score 0 when you read - you should read at -1 since moderation is hopelessly broken. Many good posts are hidden down there, but at the very least a lot of context is as well.
Slashdot Mirror
Yes, the Black component can't be called 'B' because of Blue. It gets the 'K' because in printing it's often called the Key colour. (and the added bonus of having that letter in its name)
Uhh, Nissan Stagea? That's pretty fahhkin' ugly, I reckon the Cubes are cute!
See: Rubber Hose Cryptanalysis.
GP meant comments on the videos, where a maximum of 50 IQ applies to posting.
Unusably Slow Bus more like it. That's why Firewire is still around.
Sounds like the silly admins didn't check the "User must change password at next login". Of course, you don't just use it for new users, any time you take an angry call from a user, just tick the "must change password" box. You'll feel better already, and your victim won't figure it out because they won't have to change it until tomorrow morning.
Imagine a man sitting at a terminal. Breaking 128-bit SSL. With a gun to his head. Getting a blowjob. No, TV is not reality, and they bend and break things to be more appealing to the audience. You think *real* crime scene investigators and doctors/nurses don't get the same thing? Recently, watching a (terrible) movie with Sylvester Stallone, I eyerolled when he told a paramedic "this man needs an I.V." - as if he'd be healed by any random substance being shoved into his veins by way of a needle.
This.
Password rotation is dumb dumb dumb dumb dumb. At least half of my users would have mentioned the annoyance of changing passwords, many tell me the exact process they use to circumvent it while doing so.
But my hands are tied, because twice a year the auditors come in, and if I don't have a password rotation policy he'll tell my boss, who'll then tell me to implement it. I've tried to reason with him, but passing the audit was more important. Beancounters in charge of IT FTW.
Are you kidding? My first Rule 34 pic ever saved is of a cute girl nude except for hundreds of yellow post-its
... inconsequential things such as the Camera. [red face] but you know I mean.
*I've probably left a couple of inconsequential things out, it doesn't matter.
First you tell me not to make unverified claims (presumably referring to "undefined behaviour"), and then go on to itemise three ways a switch might deal with an ARP overload, even identifying that a Linksys switch, in your experience, will behave differently than others, in a completely undesirable manner in fact. Fuck me dead.
Secondly: No I would not be surprised at how many A+ asshats have daisy-chained these fuckers all around the floor. I've yanked them out by the dozen and forbidden them from use without at least arranging their deployment with me - otherwise the appearance of multiple MACs on a user port would trigger my port security.
I know that some switches will flood unknown unicasts if their CAMs get full. But you've shown yourself that you can't rely on how cheap nasty switches are going to perform even with some such as ARP flooding which would otherwise seem predictable and defined. You don't know how the code in these horrible, demonic little pieces of shit has been written, and that's why I'm saying: Don't ARP flood a cheap switch and expect it'll flood all unicasts as a result. Even if you are successful and get flooded unicasts, perhaps you'll have no control over the switches downstream toward the router, which might not take kindly to your pointless spewing of fake MACs to the network. I can say for sure if you tried that on one of my ordinary user ports, you'd be shut out immediately the switch saw a second ARP entry for a port that should normally have only one.
But then, if you had a port on my switch, and needed to monitor frames in either direction between to arbitrary other ports you'd get just that - a properly configured SPAN port that's going to do exactly what we expect, and no silly messing around with ARP spoofing just to confuse matters at the packet sniffing end.
... and now imagine I chose 'Plain text'
c:\>netstat -b
Your computer is fine.
c:\>
Sweet!
c:\>netstat -b Your computer is fine. c:\> Phew, all good here!
Sure, the majority of bots probably wouldn't notice (I routed through my Linux box to detect a bot before I knew how to bridge through it instead, and sure enough, hundreds of outbounds to port 25), but I believe 'best practice' would be sniff as transparently as possible. That's either with
All those spouting on about using ARP table attacks to confuse the switch into being a hub shut the hell up. If you want to do this seriously, get yourself a cheap Cisco 2950 or something that supports 802.1q, monitor ports (SPAN in ciscospeak). I tried to make something similar out of a PowerMac G4 full of gigabit cards for my lab, but found Linux bridging and STP to be rather buggy. In particular, found an edge case where ports would not block when the Linux host:
I had a look at linux/net/stp.c, and was quickly reminded why I'm a network admin, network admin, network admin and not a developer, developer, developer :)
Hardly a reliable or controlled test, relying on undefined behaviour of your 'switch'. In the process of confusing your ARP tables, you'll more likely prevent frames from reaching the correct destination: the router. You've either got a monitor port, or you haven't. You can't 'make' one by confusing the hell out of a cheap switch.
Then you'll need a switch supporting 802.1q in order to allow a device with a single port to 'sit between' two other devices.
Oh wait...iPhone...LIS visible from outside without dismantling.
Well, sounds like your opponents were being pretty damn competitive to me!
Your pills. Have them.
You must be fun at parties!
Years, years ago the printing industry used a lot of isopropanol, and there have been incidents of printers failing a sobriety test due to their 'professional exposure'. I'm not sure if it's completely a thing of the past now, I'm not aware of any offset printing processes still using it - another problem with it was staff stealing it to make cannabis resin.
For goodness' sake stop using localhost to blackhole things!
Probably at score 0 when you read - you should read at -1 since moderation is hopelessly broken. Many good posts are hidden down there, but at the very least a lot of context is as well.