You have to wonder if the civilian contractors they're using to hunt these people down have community mp3 servers at work. If so, what do they listen to? Wagner?
Spoofed IP addresses? Predictable TCP sequence numbers? Hey, 1998 is calling - they want their security advisory back.
Oh god, you can spoof a reset into a TCP window. Oh god, some network hardware vendors have large windows and non-pseudorandom TCP sequence number prediction.
This only becomes a vulnerability when you run an application over TCP that does something catastrophic when it loses a connection. In this case, that would be unsecured BGP (or, if 1998 is calling, unsecured telnet).
People get paid to write papers about this shit? I need a beer.
I just realized that the entire ATM protocol is going to break down; an IPv6 address is bigger than an entire ATM cell! You won't be able to address packets anymore using ATM!
Tie the ring to a rat, tie the rat to Gandalf. Then the ring corrupts the rat, not Gandalf. He could keep the rat on a rope. Then he flies the eagle over Mount Doom and drops it in. Hell if they rescued him from Saruman I'm sure they wouldn't mind giving him a lift; there's thousands of them.
24 hour coverage of DMCA, RIAA, MPAA and other tech rights issues - it would be cool to see news anchors talking about students being sued for holding down the shift key, keyboard manufacturers being sued for creating circumvention devices, and the rest of the fool's parade that is the entertainment industry these days. I think it would wake a lot of people up.
I live in a dense apartment block, and while I only own a PDA currently, it has 802.11, and I've used it to pick up over 17 (17!!) open access points within range of my apartment. Most of these people have extensive mp3 collections which look highly illegal (though since I don't own a computer and I've never talked to them, I don't know if they have the new Strokes album through iTunes or what...). One guy has like the complete works of Jimmi Hendrix; it's awesome.
Anyway. I could buy one of these things, hook it up to my stereo, and basically use all of my neighbor's music for free. This would be great for college campuses too!!!
And since it's wireless the RIAA can't do shit to stop me. Bwuahahaah! I don't know how to run Linux but it looks like with this I won't have to, and I can get all the free music I want. Awesome.
"Sdem rigged it all, and this is all a big multi-faceted Troll? Doesn't seem likely to me but you never know."
Um, I saw the entire archive of hacked screenshots on Fyodor's web site. I'm pretty sure that troll didn't hack into Fyodor's site and put them there: Fyodor actually knows something about security: if he was going to get hacked, it wouldn't have been by this clueless newbie.
I don't understand. I saw that hack archive you posted to your web site, insecure.org, in August. You had that whole "day in the life of a slashdot troll" with screenshots proving you'd broken in, even listing his real name and address. Now, at the time, I was rather proud of you, but... how did you post that hack archive to your web site if you didn't hack his box?
Nowhere in Fyodor's interview did he say "I didn't hack silly Slashdot trolls". I was lucky enough to see Fyodor's page when he posted those screenshots, and let me tell you it was FUNNY! I bet that troll will think twice before messing with Fyodor again LOLO!
I don't know anything about whether any of this is illegal or not, but I just wanted to say that I saw Fyodor's page on www.insecure.org where he hacked that guy, and it looked exactly like this. So, it really happened, though I don't know about it being illegal or maybe even trolling or whatever.
I think it was kind of funny to see what trolls really do in their "spare time". (-:
"How does the computer know who is reading the books?"
The computer is trusted hardware, the successor to the Palladium/TCPA combo. It uses its onboard biometrics scanner to pull an eyeball id off of anyone in front of the screen. Anyone who looks at the screen too long becomes a reader.
The computer is the successor to the systems distributed by this company.
The article makes it sound as if the agencies involved weren't using WEP (Wired "Equivalent" Privacy). The problem with WEP is that it isn't. Until we get the vendors to agree on something tough (512 bit AES??) we're going to keep having this problem.
The weird thing about wireless is that someone can archive all your traffic and chew on it for years. So, the concept of "wired equivalent privacy" would really require an encryption scheme which was invulnerable for an infinite amount of time into the future to be as good as wired security... which to me sounds doubtful.
It took a year and was actually quite intensive, not to mention competitive with the expense of a year of college. But it was focused, had no exterior requirements, and very, very informative, especially as far as learning the medical impact of everything a massage therapist does to a patient.
It's not a career for everybody; you need to develop a lot of physical strength, and it's hell on your hands for the first year or so till you build up some power. But once you've done it, it's a nice fringe benefit.
I still have my Linux Box, my CS degree, the whole nine yards - but I got a trade certification in massage therapy, and I got out of programming. The hours were way too long, and the pay cut from $55,000 a year to $52,000 per year isn't really a pay cut when you look at the hours I work at the hospital. And especially when you look at the amount of education required. Plus, these days I can actually look into the faces of people I've helped. It's so much more rewarding.
Course, I still read/. and I still program. But I can't imagine going up against the H1-B competition again - those guys were working 80 hour weeks for 35k a year... I just can't compete with that.
This is called the "Prisoner's Dillema". It's the reason people don't do a lot of small things, from vote to stop tailgating in traffic. It's because they think that no one will co-operate with them, and their action will be futile.
Don't give in to the prisoner's dillema. Always do the right thing, and others will follow.
Slashdot Mirror
I think I can speak for nearly all of us when I say the last thing we want is to see American soldiers die. That's kind of the whole point.
Consumers actually prefer an mp3 player that can hold about 1000 songs and doesn't consistently & horribly break in two months.
Hopefully Apple will take this to heart.
For pointing out that there's a huge overseas mp3 server illegally serving 12.8 gigs of mp3's in Iraq that Ashcroft should take down immediately - probably run by Evil Doers!
You have to wonder if the civilian contractors they're using to hunt these people down have community mp3 servers at work. If so, what do they listen to? Wagner?
I found an article detailing a huge music piracy server located overseas.
Spoofed IP addresses? Predictable TCP sequence numbers? Hey, 1998 is calling - they want their security advisory back.
Oh god, you can spoof a reset into a TCP window. Oh god, some network hardware vendors have large windows and non-pseudorandom TCP sequence number prediction.
This only becomes a vulnerability when you run an application over TCP that does something catastrophic when it loses a connection. In this case, that would be unsecured BGP (or, if 1998 is calling, unsecured telnet).
People get paid to write papers about this shit? I need a beer.
I just realized that the entire ATM protocol is going to break down; an IPv6 address is bigger than an entire ATM cell! You won't be able to address packets anymore using ATM!
The original poster never said anything about being replaced by foreign nationals. Why is Ciff making this assumption?
Tie the ring to a rat, tie the rat to Gandalf. Then the ring corrupts the rat, not Gandalf. He could keep the rat on a rope. Then he flies the eagle over Mount Doom and drops it in. Hell if they rescued him from Saruman I'm sure they wouldn't mind giving him a lift; there's thousands of them.
Basically the story is wildly flawed.
24 hour coverage of DMCA, RIAA, MPAA and other tech rights issues - it would be cool to see news anchors talking about students being sued for holding down the shift key, keyboard manufacturers being sued for creating circumvention devices, and the rest of the fool's parade that is the entertainment industry these days. I think it would wake a lot of people up.
I live in a dense apartment block, and while I only own a PDA currently, it has 802.11, and I've used it to pick up over 17 (17!!) open access points within range of my apartment. Most of these people have extensive mp3 collections which look highly illegal (though since I don't own a computer and I've never talked to them, I don't know if they have the new Strokes album through iTunes or what...). One guy has like the complete works of Jimmi Hendrix; it's awesome.
Anyway. I could buy one of these things, hook it up to my stereo, and basically use all of my neighbor's music for free. This would be great for college campuses too!!!
And since it's wireless the RIAA can't do shit to stop me. Bwuahahaah! I don't know how to run Linux but it looks like with this I won't have to, and I can get all the free music I want. Awesome.
"Sdem rigged it all, and this is all a big multi-faceted Troll? Doesn't seem likely to me but you never know."
Um, I saw the entire archive of hacked screenshots on Fyodor's web site. I'm pretty sure that troll didn't hack into Fyodor's site and put them there: Fyodor actually knows something about security: if he was going to get hacked, it wouldn't have been by this clueless newbie.
I don't understand. I saw that hack archive you posted to your web site, insecure.org, in August. You had that whole "day in the life of a slashdot troll" with screenshots proving you'd broken in, even listing his real name and address. Now, at the time, I was rather proud of you, but... how did you post that hack archive to your web site if you didn't hack his box?
I'm confused!
I saw that troll get hacked, and did the FBI come and bust Fyodor? Hell no! I bet the FBI uses his tool, for crying out loud!
Fyodor, keep on hackin bud (but don't hack me, ok?).
-Hanna
Nowhere in Fyodor's interview did he say "I didn't hack silly Slashdot trolls". I was lucky enough to see Fyodor's page when he posted those screenshots, and let me tell you it was FUNNY! I bet that troll will think twice before messing with Fyodor again LOLO!
I don't know anything about whether any of this is illegal or not, but I just wanted to say that I saw Fyodor's page on www.insecure.org where he hacked that guy, and it looked exactly like this. So, it really happened, though I don't know about it being illegal or maybe even trolling or whatever.
I think it was kind of funny to see what trolls really do in their "spare time". (-:
-Hanna
"How does the computer know who is reading the books?"
The computer is trusted hardware, the successor to the Palladium/TCPA combo. It uses its onboard biometrics scanner to pull an eyeball id off of anyone in front of the screen. Anyone who looks at the screen too long becomes a reader.
The computer is the successor to the systems distributed by this company.
Holy cybernetic guacamole! Does anyone need anymore evidence that RMS went off the deep end years ago?
Yes, it is madness. You should tell that to the people who implemented the technology that Stallman predicted and are working with Universities to force it on students.
I need no more evidence that Stallman is mad; what's amazing is that the mad world he envisioned has come to pass.
The article makes it sound as if the agencies involved weren't using WEP (Wired "Equivalent" Privacy). The problem with WEP is that it isn't. Until we get the vendors to agree on something tough (512 bit AES??) we're going to keep having this problem.
The weird thing about wireless is that someone can archive all your traffic and chew on it for years. So, the concept of "wired equivalent privacy" would really require an encryption scheme which was invulnerable for an infinite amount of time into the future to be as good as wired security... which to me sounds doubtful.
WEP should be renamed.
It took a year and was actually quite intensive, not to mention competitive with the expense of a year of college. But it was focused, had no exterior requirements, and very, very informative, especially as far as learning the medical impact of everything a massage therapist does to a patient.
It's not a career for everybody; you need to develop a lot of physical strength, and it's hell on your hands for the first year or so till you build up some power. But once you've done it, it's a nice fringe benefit.
I still have my Linux Box, my CS degree, the whole nine yards - but I got a trade certification in massage therapy, and I got out of programming. The hours were way too long, and the pay cut from $55,000 a year to $52,000 per year isn't really a pay cut when you look at the hours I work at the hospital. And especially when you look at the amount of education required. Plus, these days I can actually look into the faces of people I've helped. It's so much more rewarding.
/. and I still program. But I can't imagine going up against the H1-B competition again - those guys were working 80 hour weeks for 35k a year... I just can't compete with that.
Course, I still read
Personally I want a robot to spray paint patriotic literature all over my neighborhood.
Almost none of the major bloggers are unemployed tech-types
So you're saying "Movable Type::Blogging as AOL::Internet"?
Dear God.
There goes the neighborhood.
That is correct, I did not make that argument. This did not, however, prevent you from refuting it.
Have a nice day.
As they say, "the plural of anecdote is not data".
This is called the "Prisoner's Dillema". It's the reason people don't do a lot of small things, from vote to stop tailgating in traffic. It's because they think that no one will co-operate with them, and their action will be futile.
Don't give in to the prisoner's dillema. Always do the right thing, and others will follow.