Actually, Thorsten at http://honeyblog.org/archives/193-Survival-of-the-Fittest.html answers that. He states
"Yonah, if you read the blog posting things should be more clear: "For example, we can use low-interaction honeypot such as nepenthes or amun that emulate common network-based vulnerabilities and deploy them at different locations."
Thus we did not use native machines, but low-interaction honeypots that emulate different kinds of exploits. You can find more information about these tools at http://nepenthes.mwcollect.org and http://amunhoney.sf.net - hope this helps to understand the results a bit better."
No where on any of the pages is there any indication that these are windows exploits nor was a windows machine used in this study. According to https://sourceforge.net/projects/amunhoney/ Amun requires linux.
Although I've no doubt any unpatched OS has vulnerabities (hence the pathces), could KDawson please point us to the article discussing "Estimating the Time-To-Own of an Unpatched Windows PC" because this article (and none of the links) even mention windows.
You say "The fact that the time-to-pwn has not fallen over the past four years despite "security fixes" and security engines that inconvenience users and break applications is proof that the security methods employed by Microsoft are a failure."
Yet the article is about "the time to infection of an unpatched Windows machine" and by unpatched they mean pre-SP2. ie, software from the year 2000. The security fixes that you refer to are not included on the OS in this study.
And from the article "This older guide was written based on Windows XP pre SP2. One of its main feature was step by step instructions on how to enable the Windows XP firewall."
XP SP2 was released in August of 2004. Why are we talking about 4 year old software? Heck, Firefox 1.0 hadn't even been released yet. And Ubuntu's first release was in October 2004.
Why is an OS older than Ubuntu or Firefox being tested? And I mean 4 years older then Ubuntu - even with SP2 it would still be older then Ubuntu or Firefox.
And insurance for my Honda Scooter costs me $70 every 6 months. Insurance for my Taurus Wagon costs me $70 a month. This is for public liability and damage and does not cover my vehicle. Insurance doesn't cost me anything for my bicycle or for walking.
The 'rules' take into consideration that a bigger vehicle may cause more damage and accounts for that by forcing you to pay for that accountability with higher insurance rates. Or at least they do in my country.
So Bhutto's assasination should have been censored? Can't imagine how much American news stations profited from showing that. Heck, how many 100's of hours of television shows and or movies are dedicated to the Kennedy assisination. Profiting over video of an assisination or terrorist act is not illegal when Americans want it to be seen. - heck - imagine it illegal to watch the world trade center fall. How many news organizations in the US sold ads for that newsworthy event?
And weren't many of those 100% conviction complaints pushed through by complaints from Jewish Groups such as this one from the B'Nai Brith?
http://www.uruknet.de/?p=33030
When Mark Steyn writes for the Jewish World Review (http://www.jewishworldreview.com/0802/steyn1.asp) the B'Nai Brith doesn't seem to complain though.
You see, I'm not a big fan of hate crime laws, but when you fight for hate crime laws you can expect others to use those as well. I'd prefer to see less censorship, but people have been jailed in Canada for saying there was no Genocide.
Be careful what you ask for. The current system offers checks and balances.
This prevents me from suing, say Ford, when the Explorer tips over due to wheel or balance issues. Can you imagine how scary it would be (even if you are right) knowing that should you lose, your home is lost - you pretty much take the risk of bankruptcy to pay for the defendants lawyers.
Would you sue when your implants leaked? And what if I am rear-ended in a car accident and don't feel the settlement offered is enough. I sue for what my real losses are and am not awarded more. Did I just lose? The court agrees I get "some" money but not as much as I want. Who has lost? You pretty much prevent lawsuits from happening. Frivolous lawsuits already have potential penalties. You shouldn't be punished for a legitimate lawsuit.
The lawsuit in question in the article is clearly not legitimate. They sued the wrong person and should pay but to make fundamental changes to the legal system is not "a great idea".
I hereby give you the right to read and/or reply to this post.
By reading this post and/or replying to it you agree to the terms.
, um, no. I've changed my mine.
You are no longer allowed to read and/or reply to this post. If you have already read and/or replied to this post "it is in your best interest to remove the"..... memory..... "from your"..... brain..... "and"/or destroy all..... memories of it..... "in your possession".
The list includes quite a variety of formats including Word for Mac in 2001 and 2004. Those would be about 6 and 3 years old respectively. Doesn't this pretty much make Word for Mac 2004 virtually useless since you can't trust that the documents you sent to someone can be easily opened.
And on another note, the steps to fix this are as easy as running a simple patch - while the steps are given to change registry settings it is an easy procedure for anyone who wants to fix it. The problem is, again, how can I expect the person receiving my document will be able to find out how to read it?
This is normal were I live, eat, dine and drink. http://www.squirrelsystems.com/ have been doing this for at least the 12 years I have lived in BC. Just about EVERY mainstream bar or restaurant uses this or similar systems.
Basically, waiters and waitresses use mobile stations to order your food. The wait staff then head to the bar to pick up and deliver your order. To add wireless to this does nothing. I suppose I could take any 10 year old technology patent, add wireless to it and call it a new creation. Whether the wait staff commit the order or the patron him/herself should have no bearing on anything.
I am sure there must be more to the patent then the parent implies but if not I'm guessing this patent won't last long....
And electric vehicles are wonderfully silent. I'm not sure how often stealth would be helpful for a NY City cop but it's certainly likely to be an interesting side effect.
I didn't read all the details but it does imply XP as well as Vista...
To quote from the second page towards registration:
"Choose the program(s) you would like to join Automated feedback program (Windows Vista and Windows XP only)"
and further on in the uninstallation instructions.....
"Windows XP Instructions:
1. Click Start, click Control Panel, click Add or Remove Programs, and then click Change or Remove Programs.
2. Select Windows Feedback Panel, and then click Remove. "
Why is this post modded (at time of my reply) off-topic. This is exactly what the article says.
The Chimps are better at "reacting" then people are. That they do as well as humans when the numbers are flashed on the screen for a longer duration is more of a surprise. The more time that is allowed for memorizing, the better humans should do. This doesn't seem to be the case though. Nothing in the article says whether any tests where done, with say, 5 seconds of showing the numbers on the screen - which would really allow for actual thought and not just 'reaction'....
And what about any witnesses or such? Are these people being paid that much as well?
If ONLY lawyers were involved I'd say yeah, suck it up. I'm expecting that more people will be forced to leave home at 3am to get ready for this court case then the lawyers we mock.
If a secret service agent raped your sister and then the President declared his identity "classified" would it be okay for your sister to say who did it? She's be outing a CIA member and leaking information that was deemed classified?
Now, that was an extreme example. But it would be a situation that would leave one person wronged - your sister. Warrantless wiretaps left countless people wronged and in ways we will never know.
By your logic - the government can do whatever it wants whenever it wants and call it classified and if anyone talks about it they go to jail. That would be something that Saddaam would have done. Or Hitler.
You ask "Regardless of that, isn't getting users some exposure to linux, even if it is from someone attached to Microsoft, a good thing?"
I ask - Isn't getting a tyrant out of Iraq a good thing? The simple answer, is of course, yes. The real answer though isn't so simple. In hindsight we can all see this.
I really wonder whether or not this will be a good thing in the long run. The Novell - Microsoft deal may be impacting. If more and more vendors see this work and they all jump into bed with Microsoft where does that leave the small fry that isn't protected from the Microsoft patent threat? I wish I knew the answers.
I have mod points right now and small part of me wanted to Mod you down. I really do try not to mod people down because their opinions differ from mine though so here I am posting.
Small steps in the wrong direction aren't good steps. They actually get you further from your goal. While I am not certain that this is actually in the wrong direction - I do know that the Novell - Microsoft agreement is NOT THE RIGHT direction.
Losing does not justify making bad decisions.
Note as well that losing is your word. I did not realize that have a plethora of available software packages and alternatives meant losing. If you mean that the OS community is smaller then Microsoft then I'll agree. But when I want to run a LAMP server or toss Ubuntu on my new box I can do that.
I do have the freedom to choose. Agreements like the Novell - Microsoft agreement lead towards losing many of those freedoms.
Which means a lot. As someone who works for a company where log-ins are important I see huge issues with this. Any disgruntled employee who knows the password information of someone else can freely do incredible damage. While changes to any account (in our system) are trackable - those tracks lead to the person who logged in and made the changes.
What's to stop one of those 100,000 employees from doing something to their hated neighbour, mechanic, or whomever; while logged in as someone who gave out their password?
Slashdot Mirror
Mod my parent as a dupe. I should read further before posting. People below me have posted this already. And while you are at it, mod them up. :P
This is also shown in the "birthday paradox". If you have 23 random people in a room, the odds are 50/50 that a birthday will be shared.
http://en.wikipedia.org/wiki/Birthday_paradox
Actually, Thorsten at http://honeyblog.org/archives/193-Survival-of-the-Fittest.html answers that. He states
"Yonah, if you read the blog posting things should be more clear: "For example, we can use low-interaction honeypot such as nepenthes or amun that emulate common network-based vulnerabilities and deploy them at different locations."
Thus we did not use native machines, but low-interaction honeypots that emulate different kinds of exploits. You can find more information about these tools at http://nepenthes.mwcollect.org and http://amunhoney.sf.net - hope this helps to understand the results a bit better."
No where on any of the pages is there any indication that these are windows exploits nor was a windows machine used in this study. According to https://sourceforge.net/projects/amunhoney/ Amun requires linux.
Although I've no doubt any unpatched OS has vulnerabities (hence the pathces), could KDawson please point us to the article discussing "Estimating the Time-To-Own of an Unpatched Windows PC" because this article (and none of the links) even mention windows.
You say "The fact that the time-to-pwn has not fallen over the past four years despite "security fixes" and security engines that inconvenience users and break applications is proof that the security methods employed by Microsoft are a failure."
Yet the article is about "the time to infection of an unpatched Windows machine" and by unpatched they mean pre-SP2. ie, software from the year 2000. The security fixes that you refer to are not included on the OS in this study.
Absolutely. SP2 firewall is enabled by default.
And from the article "This older guide was written based on Windows XP pre SP2. One of its main feature
was step by step instructions on how to enable the Windows XP firewall."
XP SP2 was released in August of 2004. Why are we talking about 4 year old software? Heck, Firefox 1.0 hadn't even been released yet. And Ubuntu's first release was in October 2004.
Why is an OS older than Ubuntu or Firefox being tested? And I mean 4 years older then Ubuntu - even with SP2 it would still be older then Ubuntu or Firefox.
And insurance for my Honda Scooter costs me $70 every 6 months. Insurance for my Taurus Wagon costs me $70 a month. This is for public liability and damage and does not cover my vehicle. Insurance doesn't cost me anything for my bicycle or for walking.
The 'rules' take into consideration that a bigger vehicle may cause more damage and accounts for that by forcing you to pay for that accountability with higher insurance rates. Or at least they do in my country.
So Bhutto's assasination should have been censored? Can't imagine how much American news stations profited from showing that. Heck, how many 100's of hours of television shows and or movies are dedicated to the Kennedy assisination. Profiting over video of an assisination or terrorist act is not illegal when Americans want it to be seen. - heck - imagine it illegal to watch the world trade center fall. How many news organizations in the US sold ads for that newsworthy event?
And weren't many of those 100% conviction complaints pushed through by complaints from Jewish Groups such as this one from the B'Nai Brith?
http://www.uruknet.de/?p=33030
When Mark Steyn writes for the Jewish World Review (http://www.jewishworldreview.com/0802/steyn1.asp) the B'Nai Brith doesn't seem to complain though.
You see, I'm not a big fan of hate crime laws, but when you fight for hate crime laws you can expect others to use those as well. I'd prefer to see less censorship, but people have been jailed in Canada for saying there was no Genocide.
IANAVAL, so don't take me too seriously, but I think you are wrong when you say "we're all very adept lawyers here.....
Be careful what you ask for. The current system offers checks and balances.
This prevents me from suing, say Ford, when the Explorer tips over due to wheel or balance issues. Can you imagine how scary it would be (even if you are right) knowing that should you lose, your home is lost - you pretty much take the risk of bankruptcy to pay for the defendants lawyers.
Would you sue when your implants leaked? And what if I am rear-ended in a car accident and don't feel the settlement offered is enough. I sue for what my real losses are and am not awarded more. Did I just lose? The court agrees I get "some" money but not as much as I want. Who has lost? You pretty much prevent lawsuits from happening. Frivolous lawsuits already have potential penalties. You shouldn't be punished for a legitimate lawsuit.
The lawsuit in question in the article is clearly not legitimate. They sued the wrong person and should pay but to make fundamental changes to the legal system is not "a great idea".
I hereby give you the right to read and/or reply to this post.
..... memory ..... "from your" ..... brain ..... "and"/or destroy all ..... memories of it ..... "in your possession".
By reading this post and/or replying to it you agree to the terms.
, um, no. I've changed my mine.
You are no longer allowed to read and/or reply to this post. If you have already read and/or replied to this post "it is in your best interest to remove the"
The list includes quite a variety of formats including Word for Mac in 2001 and 2004. Those would be about 6 and 3 years old respectively. Doesn't this pretty much make Word for Mac 2004 virtually useless since you can't trust that the documents you sent to someone can be easily opened.
And on another note, the steps to fix this are as easy as running a simple patch - while the steps are given to change registry settings it is an easy procedure for anyone who wants to fix it. The problem is, again, how can I expect the person receiving my document will be able to find out how to read it?
This is normal were I live, eat, dine and drink. http://www.squirrelsystems.com/ have been doing this for at least the 12 years I have lived in BC. Just about EVERY mainstream bar or restaurant uses this or similar systems.
Basically, waiters and waitresses use mobile stations to order your food. The wait staff then head to the bar to pick up and deliver your order. To add wireless to this does nothing. I suppose I could take any 10 year old technology patent, add wireless to it and call it a new creation. Whether the wait staff commit the order or the patron him/herself should have no bearing on anything.
I am sure there must be more to the patent then the parent implies but if not I'm guessing this patent won't last long....
And electric vehicles are wonderfully silent. I'm not sure how often stealth would be helpful for a NY City cop but it's certainly likely to be an interesting side effect.
I didn't read all the details but it does imply XP as well as Vista...
To quote from the second page towards registration:
"Choose the program(s) you would like to join
Automated feedback program (Windows Vista and Windows XP only)"
and further on in the uninstallation instructions.....
"Windows XP Instructions:
1. Click Start, click Control Panel, click Add or Remove Programs, and then click Change or Remove Programs.
2. Select Windows Feedback Panel, and then click Remove.
"
Why is this post modded (at time of my reply) off-topic. This is exactly what the article says.
The Chimps are better at "reacting" then people are. That they do as well as humans when the numbers are flashed on the screen for a longer duration is more of a surprise. The more time that is allowed for memorizing, the better humans should do. This doesn't seem to be the case though. Nothing in the article says whether any tests where done, with say, 5 seconds of showing the numbers on the screen - which would really allow for actual thought and not just 'reaction'....
According to this Groklaw article there were 10,000+ comments.
http://www.groklaw.net/article.php?story=20070910110639612
Where does that leave the 6,500 missing comments?
Actually, it comes with Linux.
It also comes with instructions on how to install XP as well as a disk containing all the needed XP drivers.
Wouldn't it be nice if all PC's were like this? Support for more than one OS.
At 8" x 6" x 1.5" and 2 pounds this is truly a device that is easily portable as well.
Latency doesn't seem to be that important to me neither.
I'd like to think that if my computer is say, 100ms off clock time that I won't be much affected.
I can't think of one instance where being off by even a half a minute or so that I would be affected.
Does anyone actually know the answer posed by the OP?
And what about any witnesses or such? Are these people being paid that much as well?
If ONLY lawyers were involved I'd say yeah, suck it up. I'm expecting that more people will be forced to leave home at 3am to get ready for this court case then the lawyers we mock.
Don't worry. You have nothing to fear.
i ent=firefox-a&rls=org.mozilla:en-US:official&hs=KN c&start=0&sa=N/
:P
Cnet, phonescoop, slashdot, angelfire, ebay, livejournal, boston.com, viewscore, silverscreeninfo, aolmobile, chicagotribune, sympatico-msn.ca,
And I only looked at the first 3 pages!
http://www.google.ca/search?q=wamerocity&hl=en&cl
And yes, I know. I'm there too.
If a secret service agent raped your sister and then the President declared his identity "classified" would it be okay for your sister to say who did it? She's be outing a CIA member and leaking information that was deemed classified?
Now, that was an extreme example. But it would be a situation that would leave one person wronged - your sister. Warrantless wiretaps left countless people wronged and in ways we will never know.
By your logic - the government can do whatever it wants whenever it wants and call it classified and if anyone talks about it they go to jail. That would be something that Saddaam would have done. Or Hitler.
You ask "Regardless of that, isn't getting users some exposure to linux, even if it is from someone attached to Microsoft, a good thing?"
I ask - Isn't getting a tyrant out of Iraq a good thing? The simple answer, is of course, yes. The real answer though isn't so simple. In hindsight we can all see this.
I really wonder whether or not this will be a good thing in the long run. The Novell - Microsoft deal may be impacting. If more and more vendors see this work and they all jump into bed with Microsoft where does that leave the small fry that isn't protected from the Microsoft patent threat? I wish I knew the answers.
I have mod points right now and small part of me wanted to Mod you down. I really do try not to mod people down because their opinions differ from mine though so here I am posting.
Small steps in the wrong direction aren't good steps. They actually get you further from your goal.
While I am not certain that this is actually in the wrong direction - I do know that the Novell - Microsoft agreement is NOT THE RIGHT direction.
Losing does not justify making bad decisions.
Note as well that losing is your word. I did not realize that have a plethora of available software packages and alternatives meant losing. If you mean that the OS community is smaller then Microsoft then I'll agree. But when I want to run a LAMP server or toss Ubuntu on my new box I can do that.
I do have the freedom to choose. Agreements like the Novell - Microsoft agreement lead towards losing many of those freedoms.
Which means a lot. As someone who works for a company where log-ins are important I see huge issues with this. Any disgruntled employee who knows the password information of someone else can freely do incredible damage. While changes to any account (in our system) are trackable - those tracks lead to the person who logged in and made the changes.
What's to stop one of those 100,000 employees from doing something to their hated neighbour, mechanic, or whomever; while logged in as someone who gave out their password?