These devices be plagued by them!
I wrote a report about Synology a while back that documented dozens of amateur, remotely exploitable bugs in their entire NAS line. I later audited their web application and found similar issues. Here's my report:
http://cryptocity.net/archive/synology_report.pdf
If anyone wants me to do a brief evaluation of any other NAS products, feel free to contact me.
Of course you had fun! You were on the Red team and you got to abuse groups of college students for a weekend!
At least for the region we were in, the competition is NOT about how to best defend a network in as short a time as possible. It was about blindly following arbitrary rules and being a system administrator.
I led a team that competed in one of the qualifiers and found the competition extremely wanting. It's more of an arcane system administration challenge rather than anything about security. Some responses to the competition are collected at my lab's blog here:
http://isisblogs.poly.edu/2008/02/29/pre-neccdc/ (see the comments)
import this into Azureus with File->Open->Location... for a trackerless torrent. Also works with BT 4.1.2 beta, although I have no idea how to use it. Remove a space in that magnet uri if slashdot mistakenly put one there.
The reason is simple. Microsoft, being the Good Guys, stopped responding to that query to stop the spread of the worm. The worm was dependent on Google to return vunerable servers via a search query. So Google has temporarily stopping responding to that search.
MSN wasn't targeted by the worm because real hackers all know Google is the best:-). However, in this case would MSN have reacted as fast as Google did? Should the coder have picked MSN to get a longer lasting worm?
It's important to realize that if fraud does turn up, Republicans will likely try to blame the programmer thereby isolating the incident from the Republican party. It IS NOT the fault of the programmer, as many people have stated above, this is a legitimate whitehat security exercise, BUT if this programmers code were misused it is the fault of the person who USED it and they HAVE TO be prosecuted for that, NOT the programmer.
We have to make sure the story stays that way all the way through to the end.
CA's aren't neccessary to the functioning of the system. DomainKey's are verified as belonging to the actual Domain Owner because only the Owner can publish to their DNS Records. There really is NO NEED for a CA.
Unless we can't trust registrar's/dns servers not to get hacked into, I personally can't see how having a CA would make this any better.
Actually... it would make it worse! Because now if someone hacks into your mail server, this guy has this practically irrevokable cert that says he's you, running around sending spam with it!
I don't think CA's will ever make it into DomainKeys
SUV's are starting to become a forgotten issue with all these things like Iraq overshadowing them, however it is still important to discuss them.
Do you see any issues with the popularity of these over-consuming luxury rides?
If no, what direction do you plan to take the laws governing these vehicles? If yes, what laws will you change and how will you change them to make SUV's safer and more efficient?
and also, what do you think of the newest models of hybrid gas-electric vehicles? Will you be supporting these in any way?
(possibly rephrase these questions to make answering in the negative easier, anyone can tell I'm asking them with a slant)
1. unplug network cable
2. install windows
3. install windows sp1 from a cd i burned
4. install autopatcher xp
5. reboot and plug in network cable
6. goats
Slashdot Mirror
These devices be plagued by them! I wrote a report about Synology a while back that documented dozens of amateur, remotely exploitable bugs in their entire NAS line. I later audited their web application and found similar issues. Here's my report: http://cryptocity.net/archive/synology_report.pdf If anyone wants me to do a brief evaluation of any other NAS products, feel free to contact me.
Of course you had fun! You were on the Red team and you got to abuse groups of college students for a weekend! At least for the region we were in, the competition is NOT about how to best defend a network in as short a time as possible. It was about blindly following arbitrary rules and being a system administrator.
I led a team that competed in one of the qualifiers and found the competition extremely wanting. It's more of an arcane system administration challenge rather than anything about security. Some responses to the competition are collected at my lab's blog here: http://isisblogs.poly.edu/2008/02/29/pre-neccdc/ (see the comments)
magnet:?xt=urn:btih:BW6W3QUP7CD23KZRGZG4BK7M4LX2WB K3
import this into Azureus with File->Open->Location... for a trackerless torrent. Also works with BT 4.1.2 beta, although I have no idea how to use it. Remove a space in that magnet uri if slashdot mistakenly put one there.
View the parent for the regular torrent.
http://play.aelitis.com/torrents/eclipse-SDK-3.1-w in32.zip.torrent
I didn't put it up, thank Nolar.
please mod down the parent, that is incorrect. the problem is NOT in PHP, it is in an old version of phpBB.
http://www.f-secure.com/v-descs/santy_a.shtml
The reason is simple. Microsoft, being the Good Guys, stopped responding to that query to stop the spread of the worm. The worm was dependent on Google to return vunerable servers via a search query. So Google has temporarily stopping responding to that search. MSN wasn't targeted by the worm because real hackers all know Google is the best :-). However, in this case would MSN have reacted as fast as Google did? Should the coder have picked MSN to get a longer lasting worm?
It's important to realize that if fraud does turn up, Republicans will likely try to blame the programmer thereby isolating the incident from the Republican party. It IS NOT the fault of the programmer, as many people have stated above, this is a legitimate whitehat security exercise, BUT if this programmers code were misused it is the fault of the person who USED it and they HAVE TO be prosecuted for that, NOT the programmer.
We have to make sure the story stays that way all the way through to the end.
CA's aren't neccessary to the functioning of the system. DomainKey's are verified as belonging to the actual Domain Owner because only the Owner can publish to their DNS Records. There really is NO NEED for a CA.
Unless we can't trust registrar's/dns servers not to get hacked into, I personally can't see how having a CA would make this any better.
Actually... it would make it worse! Because now if someone hacks into your mail server, this guy has this practically irrevokable cert that says he's you, running around sending spam with it!
I don't think CA's will ever make it into DomainKeys
forgot: also in the if yes section: how do you plan to make them less desirable to buy? as in no more tax breaks...
SUV's are starting to become a forgotten issue with all these things like Iraq overshadowing them, however it is still important to discuss them.
Do you see any issues with the popularity of these over-consuming luxury rides?
If no, what direction do you plan to take the laws governing these vehicles?
If yes, what laws will you change and how will you change them to make SUV's safer and more efficient?
and also, what do you think of the newest models of hybrid gas-electric vehicles? Will you be supporting these in any way?
(possibly rephrase these questions to make answering in the negative easier, anyone can tell I'm asking them with a slant)
you mean a game like this? ;-)
Bush Game
1. unplug network cable
2. install windows
3. install windows sp1 from a cd i burned
4. install autopatcher xp
5. reboot and plug in network cable
6. goats