At the bottom of his article is mentioned a blurb about a company that manufactures software that uses 1 million bit encryption. Yup, it's snake oil, but the problem is that they're making money, They build an alternate reality where every cryptographic algorithm has been broken, and the only thing left is their own system. "The weakening of public crypto systems commenced in 1997. First it was the 40-bit key, a few months later the 48-bit key, followed by the 56-bit key, and later the 512 bit has been broken..." What are they talking about? Would you trust a cryptographer who didn't know the difference between symmetric and public-key cryptography? "Our technology... is the only unbreakable encryption commercially available." The company's founder quoted in a news article: "All other encryption methods have been compromised in the last five to six years." Maybe in their alternate reality, but not in the one we live in.
They've got pseudo-scientific gobbledygook galore, including paragraphs like this: "Stated simply, the content of the message is not sent with the encrypted data. Rather, the encrypted data consists of pointers to locations within a virtual matrix, a large (infinitely large in concept), continuously changing array of values." I just love stuff like this. It almost just barely makes sense. It's as if someone took a cryptography book, had it machine-translated from language to language to language, and then tried to write similar-sounding text. Some of the words and phrases are scientific, but the paragraph makes no sense.
THE WORST PART IS THE FOLLOWING:
According to a press release on their Web site, the U.S. Department of Labor recently gave them $4M. Various smaller companies are supposedly using this stuff. SC Magazine gave them a five-star rating, for goodness' sake! I am amazed at the sheer stubbornness that can be exhibited by a company that simply refuses to accept reality.
Unfortunately, I have executed a virus and now get quite a few emails trying to get me to run the program again because it uses search techniques to tell who my friends are and sends me a message from one of them with a wrong IP address. Fortunately, this virus wasn't written by a spamme (to my knowledge).
Unfortunately, informing individuals that their system has been compromised can be a very time consuming process. Does anyone have any suggestions.
This is a good idea in theory; however, I believe that distributed prime number factoring will happen. It would be possible for spammers to crack multiple hosts by viruses, etc in order to use the processor power. I personally receive way more virus email than spam. (I was a bit ignorant and ran a virus once OOPS!) Keep thinking, that was a good idea.
Offtopic???? some people don't understand the topic. THe object of the game is to SAVE alex's girfriend.
Same goes for that Barf comment. People need to understand the topic before they moderate or meta-moderate.
Too bad you posted anonymously. If you read this you will learn how to open the gate. It took me FOREVER to find out how to open the gate. The secret is that you have to start beating up all the bosses in order. After you get to the 1st warehouse and beat up the boss, go back to sherman's park, beat up the boss and then keep going forward. If you get confused, type "river city ransom" into google. (I'm amazed but some people have put up quite some sites. (any other advice may be obtained by replying to a message of mine.:)
I'm a little surprised that no one has mentioned that Microsoft has a history of knocking open source and the GPL They reported here
that GPL licensed software is a bad business model. Microsoft has also tried to muddy the waters of open source by propogating
shared source or sharing source code with government organizations in order to be able to determine security risks. It is my opinion that Microsoft is not interested in open source, especially GPL. I think they are trying to skew the issues as much as possible and change open source initiatives into their desired model. For these reasons and more, I am not at all surprised that there is a backlash of critisism.
yes, they did observe outages for the slammer worm. This is not in connection with it. If you read the article, it is mentioned that this is the TK worm.
And damage is always exaggerated. 5.5 million pounds (>7 million dollars) of damage caused by this worm? Who incurs these great damages. Why are they not reported to their stockholders? If the damages are made up, this is a blatent lie to stir sympathy.
I have a radical view. I have a theory that many of these hackers that have been "found" did not create the viruses that are purported by police officials.
1) many of these hackers that have been found are oversees. Some are in Indonesia, Canada and other countries found abroad.
2) there is very little coverage after they are arrested. I alomost wonder if it is found that there is no evidence against them, or very little. Perhaps they have committed crimes of an inferior nature than first purported.
3) because there is little coverage and no support to these stories, it may be possible that these "reports" are a means of discouraging any teenagers from hacking. Of course, those who know what they are doing will still hack and not get caught. They will probably feel relieved when a scapegoat is found.
To end things, a script kiddie has never been heard of and incurs minimal damage. A cracker causes great damage but no one knows their name. The name of a hacker is widespread and causes no damage.
I'm going on a blind date in Ephraim, UT. It's a dinner dance. I don't have to worry about too much. I just need to pay some money, be nice and have a good time. I will be doing one of those date dances. I quite frankly am looking forward to it.
Now the next issue is how to keep a new person from using this same IP address. You could watch for MAC address changes and remove the iptables rules if the MAC changes.
That is one approach. Granted that this is a medical conference, I don't see anyone changing their network address or sniffing packets, but if their are somehow outsiders, you could sniff packets, change a MAC address and use the same IP address as the aforementioned authenticated user. Encryption is probably the way to go if you are genuinely concerned about access.
You could just access AIM through a box set up to connect w/ AIM and send it to you via telnet. An example is a box w/ Bonim.
It is self explainitory. I honestly don't believe that blocking ports and firewalls do too much, if you are determined, smart and want to break out.
along with technical issues, there is the dollar. I am honestly disgusted that there are many people who feel that the national debt does not affect them. The truth is it does. A substancial amount of your taxes goes to paying the INTEREST on the national debt. Politicians can't even balance the budget. All that interest is paid to rich investors who buy US bonds and other large entities. Honestly, I think that the space program should be limited to commercial endevors. (communication sattelites, GPS, etc.)
At the present, Anti matter is impractical. There are no known power plants that use anti-matter. It takes a significant amount of energy to create Anti-matter. It also requires precise magnets to contain the anti-matter so it doesn't cause a reaction. If you would like anymore info, google anti-matter, and don't bother clicking on the numerous Trek links.
Unfortunately I don't have access to the router, I do have access to the box behind the NAT, it's in my apartment. What is a pseudo-permanent SSH connection? The problem of paying for FTP space is easy, everyone almost gives it away in hopes that you will use it for webhosting.
as for my goal. I wish to easily control the computer at my apartment from anywhere on the internet.
I have a box that is behind NAT. I have contemplated a working solution that will allow you to Telnet to a box behind NAT
1st, get an account with a decent web space provider that lets you FTP.
2nd, when you want to executed a command on your NATed box, upload a file to this directory named something like COMMAND.RUN
3rd, set up a Cron job on your NATed computer to check to see if COMMAND.RUN exists on your Web provider account.Run this job at a given interval, i.e. every 5 or 10 seconds. If it does exist, read the file and pipe all lines of this file as input to a shell.
4th, pipe the output to a file and upload it calling it COMMAND.OUT
the one line of code to do pipes in and out looks like
bash >COMMAND.OUT <COMMAND.RUN
5th, delete COMMAND.RUN on local and remote servers, archive all commands, if you want.
I may or may not build this app, but if I do, I'll submit it to Slashdot,Freshmeat,etc.
If anybody has a simpler, faster and/or more secure way to use shell access to a NATed computer, please send tell me (I don't want any man in the middle who has an IP address broker TCP/IP connection crap as explained at Defcon and on slashdot here
~If you have never first posted, you don't read slashdot enough. If you have, you're a moron.
This is scary stuff. Potentially parents could track children using cars. Attendance at school could be affected by RFIDs. The big question is, has anyone or will anyone put rfids in items without our knowledge, i.e. wallets. Can I buy a RFID and scanner?
OK, so I lied. When you change the email, you need to reply using the new email address. The email changes within 72 hours. An email will be sent to the old email as well. In order to effectively pull this off, things may be a bit difficult, but still possible.
I read the.pdf and then checked AIM for email change vulnerability.
If someone is logged in, AIM lets you change that person's email address. It also gives you the old email. You can then change the user's email to your own, conveniently "forget the password" have AOL email it to you and then change the users email back so they never know you took their password. Sneaky!
Slashdot Mirror
At the bottom of his article is mentioned a blurb about a company that manufactures software that uses 1 million bit encryption. Yup, it's snake oil, but the problem is that they're making money,
They build an alternate reality where every cryptographic algorithm has been broken, and the only thing left is their own system. "The weakening of public crypto systems commenced in 1997. First it was the 40-bit key, a few months later the 48-bit key, followed by the 56-bit key, and later the 512 bit has been broken..." What are they talking about? Would you trust a cryptographer who didn't know the difference between symmetric and public-key cryptography? "Our technology... is the only unbreakable encryption commercially available." The company's founder quoted in a news article: "All other encryption methods have been compromised in the last five to six years." Maybe in their alternate reality, but not in the one we live in.
They've got pseudo-scientific gobbledygook galore, including paragraphs like this: "Stated simply, the content of the message is not sent with the encrypted data. Rather, the encrypted data consists of pointers to locations within a virtual matrix, a large (infinitely large in concept), continuously changing array of values." I just love stuff like this. It almost just barely makes sense. It's as if someone took a cryptography book, had it machine-translated from language to language to language, and then tried to write similar-sounding text. Some of the words and phrases are scientific, but the paragraph makes no sense.
THE WORST PART IS THE FOLLOWING:
According to a press release on their Web site, the U.S. Department of Labor recently gave them $4M. Various smaller companies are supposedly using this stuff. SC Magazine gave them a five-star rating, for goodness' sake! I am amazed at the sheer stubbornness that can be exhibited by a company that simply refuses to accept reality.
Unfortunately, I have executed a virus and now get quite a few emails trying to get me to run the program again because it uses search techniques to tell who my friends are and sends me a message from one of them with a wrong IP address. Fortunately, this virus wasn't written by a spamme (to my knowledge).
Unfortunately, informing individuals that their system has been compromised can be a very time consuming process. Does anyone have any suggestions.
This is a good idea in theory; however, I believe that distributed prime number factoring will happen. It would be possible for spammers to crack multiple hosts by viruses, etc in order to use the processor power. I personally receive way more virus email than spam. (I was a bit ignorant and ran a virus once OOPS!) Keep thinking, that was a good idea.
Offtopic???? some people don't understand the topic. THe object of the game is to SAVE alex's girfriend. Same goes for that Barf comment. People need to understand the topic before they moderate or meta-moderate.
Too bad you posted anonymously. If you read this you will learn how to open the gate. It took me FOREVER to find out how to open the gate. The secret is that you have to start beating up all the bosses in order. After you get to the 1st warehouse and beat up the boss, go back to sherman's park, beat up the boss and then keep going forward. If you get confused, type "river city ransom" into google. (I'm amazed but some people have put up quite some sites. (any other advice may be obtained by replying to a message of mine. :)
River City Ransom was the BEST. You are going double dragon style to rescue Alex's girlfriend. It rocks. It's real fun too!
I'm a little surprised that no one has mentioned that Microsoft has a history of knocking open source and the GPL They reported here that GPL licensed software is a bad business model. Microsoft has also tried to muddy the waters of open source by propogating shared source or sharing source code with government organizations in order to be able to determine security risks. It is my opinion that Microsoft is not interested in open source, especially GPL. I think they are trying to skew the issues as much as possible and change open source initiatives into their desired model. For these reasons and more, I am not at all surprised that there is a backlash of critisism.
are testing are testing
t-t-today junior
yes, they did observe outages for the slammer worm. This is not in connection with it. If you read the article, it is mentioned that this is the TK worm.
And damage is always exaggerated. 5.5 million pounds (>7 million dollars) of damage caused by this worm? Who incurs these great damages. Why are they not reported to their stockholders? If the damages are made up, this is a blatent lie to stir sympathy.
I have a radical view. I have a theory that many of these hackers that have been "found" did not create the viruses that are purported by police officials.
1) many of these hackers that have been found are oversees. Some are in Indonesia, Canada and other countries found abroad.
2) there is very little coverage after they are arrested. I alomost wonder if it is found that there is no evidence against them, or very little. Perhaps they have committed crimes of an inferior nature than first purported.
3) because there is little coverage and no support to these stories, it may be possible that these "reports" are a means of discouraging any teenagers from hacking. Of course, those who know what they are doing will still hack and not get caught. They will probably feel relieved when a scapegoat is found.
To end things, a script kiddie has never been heard of and incurs minimal damage. A cracker causes great damage but no one knows their name. The name of a hacker is widespread and causes no damage.
I'm going on a blind date in Ephraim, UT. It's a dinner dance. I don't have to worry about too much. I just need to pay some money, be nice and have a good time. I will be doing one of those date dances. I quite frankly am looking forward to it.
Now the next issue is how to keep a new person from using this same IP address. You could watch for MAC address changes and remove the iptables rules if the MAC changes. That is one approach. Granted that this is a medical conference, I don't see anyone changing their network address or sniffing packets, but if their are somehow outsiders, you could sniff packets, change a MAC address and use the same IP address as the aforementioned authenticated user. Encryption is probably the way to go if you are genuinely concerned about access.
You could just access AIM through a box set up to connect w/ AIM and send it to you via telnet. An example is a box w/ Bonim. It is self explainitory. I honestly don't believe that blocking ports and firewalls do too much, if you are determined, smart and want to break out.
along with technical issues, there is the dollar. I am honestly disgusted that there are many people who feel that the national debt does not affect them. The truth is it does. A substancial amount of your taxes goes to paying the INTEREST on the national debt. Politicians can't even balance the budget. All that interest is paid to rich investors who buy US bonds and other large entities. Honestly, I think that the space program should be limited to commercial endevors. (communication sattelites, GPS, etc.)
At the present, Anti matter is impractical. There are no known power plants that use anti-matter. It takes a significant amount of energy to create Anti-matter. It also requires precise magnets to contain the anti-matter so it doesn't cause a reaction. If you would like anymore info, google anti-matter, and don't bother clicking on the numerous Trek links.
Unfortunately I don't have access to the router, I do have access to the box behind the NAT, it's in my apartment. What is a pseudo-permanent SSH connection? The problem of paying for FTP space is easy, everyone almost gives it away in hopes that you will use it for webhosting.
as for my goal. I wish to easily control the computer at my apartment from anywhere on the internet.
Along the topic of stupid tricks,
I have a box that is behind NAT. I have contemplated a working solution that will allow you to Telnet to a box behind NAT
1st, get an account with a decent web space provider that lets you FTP.
2nd, when you want to executed a command on your NATed box, upload a file to this directory named something like COMMAND.RUN
3rd, set up a Cron job on your NATed computer to check to see if COMMAND.RUN exists on your Web provider account.Run this job at a given interval, i.e. every 5 or 10 seconds. If it does exist, read the file and pipe all lines of this file as input to a shell.
4th, pipe the output to a file and upload it calling it COMMAND.OUT
the one line of code to do pipes in and out looks like
5th, delete COMMAND.RUN on local and remote servers, archive all commands, if you want.
I may or may not build this app, but if I do, I'll submit it to Slashdot,Freshmeat,etc. If anybody has a simpler, faster and/or more secure way to use shell access to a NATed computer, please send tell me (I don't want any man in the middle who has an IP address broker TCP/IP connection crap as explained at Defcon and on slashdot here
~If you have never first posted, you don't read slashdot enough. If you have, you're a moron.
I know this is flaimbait, but any security breach could be a serious problem, social engineering or not.
This is scary stuff. Potentially parents could track children using cars. Attendance at school could be affected by RFIDs. The big question is, has anyone or will anyone put rfids in items without our knowledge, i.e. wallets. Can I buy a RFID and scanner?
OK, so I lied. When you change the email, you need to reply using the new email address. The email changes within 72 hours. An email will be sent to the old email as well. In order to effectively pull this off, things may be a bit difficult, but still possible.
I read the .pdf and then checked AIM for email change vulnerability.
If someone is logged in, AIM lets you change that person's email address. It also gives you the old email. You can then change the user's email to your own, conveniently "forget the password" have AOL email it to you and then change the users email back so they never know you took their password. Sneaky!