almost every first person shooter? huh? you mean counter-strike, right? I haven't played an FPS where you actually sit still to aim, but I'm talking from a Quake / slightly pro-quake background, here.
there are plenty of fast paced FPS games.
That's probably the stupidest comment ever. No, it doesn't. Why the hell wouldn't you actually LOOK before saying that? It's obvious you were working on some kind of weird assumption.
The 256MB version uses the same 256-bit GDDR3 at a higher clockspeed (980MHz effective vs 700MHz effective). How does it have worse "memory performance?" Do you know some secret, or something?
Wal-Mart closes on Christmas (and a few other days/half-das, now, I think).
P.S. Do you work for Wal-Mart? I was thinking the Supercenters were more like 500,000 sq ft.
Read those as PHP? I believe you're thinking of a different vulnerability entirely. That's called a remote inclusion vulnerability. I've done that by uploading a backdoor script disguised as an image file, but it's best to use Header("Location: ") instead of just having a malformed image.
Announce your networks? That'd require having one.
You don't even get those with residential service.
If you're lucky, you get a few "static IPs."
And dynamic DNS? That's nothing. What about reverse DNS? What DSL or cable modem providers give you that these days? There used to be a few of them, I know, but I don't think I know of any that do now.
You are wrong. The first 1.7GHz K7 released was an Athlon XP, and it was released in mid-late 2002.
I don't know what the hell a GeForce 4700Ti is, but I imagine you're talking about a GeForce 4, which was also released in 2002.
The GeForce 2 Ti and GeForce 3 were both released in 2001.
I also have an "outdated" system like yours, but it is not outdated at all. You are just confused.
I have an Athlon XP 3000+ (Barton, 400MHz, 512KiB L2), MSI K7N2-Delta FSR, 2x256MB PC3200 GeIL CL2, GeForce 4 Ti4200 64MB (original), and a 30GB Maxtor UDMA/66 7200RPM (generic crap).
Actually, before late last year / early this year, I was still running a Thunderbird 850 (now this is a processor that is actually from the 2000-2001 era). Didn't have the nForce2 board until a forced upgrade from a dead Epox 8K3A+ (busted capacitors).
I've since upgraded to a Seagate SATA drive (ST380021AS I believe) and ATi Radeon X1600 PRO.
The mere fact that these fairly modern technologies are supported by my mainboard alludes to the fact that it is not obsolete at all.
My Barton's FPU (and general) performance is on par with a friend's Winchester Athlon 64.
The fact of that matter is that you're saying that a system from 2002 is outdated. For an idiotic "gamer," it sure is. For people who know what the hell they're talking about (and know that little innovation has come since that time), it's not even remotely true.
My system is from 2003 and I hadn't planned on upgrading it even if I could, because I knew that the Athlon 64 was a bunch of stupid bullshit and that nVIDIA and ATi both were faggots trying to screw everyone over. Forced upgrades are really the only thing that have gotten me to change anything.
However, things are finally beginning to become interesting enough to induce the idea to entertain an upgrade, with dual core, 2MiB L2 per core, HyperThreading, HyperTransport, HyperWhateverTheHellEver, DDR2, and PCI Express.
But most of us who actually know what we're talking about (as opposed to those who call themselves "enthusiasts," "hardcore users," or "experts") haven't bothered to upgrade quite yet, because there is really no need.
So, for the record, you don't have anything near a six year old system. A six year old system is an Athlon Thunderbird 1.2GHz (the Thunderbird hadn't even come out until late '00, so you're cutting it really close) or a Coppermine PIII with 133MHz FSB-at the very best. The Coppermine-128 wasn't even out. If you had a low end PC back then, then you had a Mendocino Celeron
or a 800MHz Duron.
Uhh, I'm sure he knew that... thus the reason he replied in the thread the way he did??
Unfortunately, he got "modded down" for it.
Fortunately, most people probably don't give a shit about stupid Slashdot moderations.
Seven characters is not 'decent.'
I don't know how MySpace stores their passwords, but I can brute force a raw MD5 hash 7 chars a-zA-Z0-9 in less than five days on my single, three year old desktop. If they're using a salt, and, ideally, anything with better complexity than MD5, then that would be obscenely more difficult.
Of course, this is in the instance of an offline attack, but, funnily enough, the article writer didn't even seem to consider an offline attack.
However, no matter what the length of these passwords may be, they are largely based upon dictionary words, and that would make any cracking attempt (rainbow table, normal dictionary, hashed or not hashed) significantly easier.
While I use a weaker password for my MySpace account (because I hardly value it), for sites of any amount of importance, I use a minimum of 9 chars a-zA-Z0-9. Password complexity does not entail the use of odd characters; length is what makes a password threatening to an attacker - again, though, that also boils down to whether you're using a salt, and what the complexity of the hash function is.
Assuming you use a salted hash that's worth its.. salt.., such as brcypt, then a-zA-Z0-9 / 9 chars is a behemoth of a password (for most). Setting up a small cluster at my home, I could, theoretically (based on my MDCrack numbers), crack an 8 char a-zA-Z0-9 in just under half of a year. Nine characters makes this astronomically more difficult (okay, 62 times more--but it's astronomically significant in comparison to actual CPU hours spent).
It must be understood, though, that this level of password complexity is *probably not good enough* for your bank or anything of an insubordinate amount of significance to you. Consider that, scaling upward to 131072 based on the specifications of my own comparison desktop (and this isn't a very accurate assessment, but we'll assume that the margin of error is insignificant in the face of money thrown at the problem), BlueGene/L could crack my 9 char a-zA-Z0-9 password in less than four hours.
Given that supercomputers are increasing in capability at a pretty impressive rate, it could be said that passwords are probably just an outdated authentication mechanism, but, since password complexity can't keep up with computing power, then (if passwords are necessary) a hash function with variable complexity should be considered (see bcrypt, again).
This solves the part of the problem pertaining to offline attacks, and, while online attacks are usually impractical, it would be easier still to crack such a password online--with the assumption that the administrators of the web application are completely retarded (and, in the event of MySpace, I don't doubt that is probable).
But, again, there seems to be a very common misconception about how much 'length' translates into strength.
I'm sorry, but the 8 char rule is simply ancient. Nine characters won't suffice. I regularly use 15-20 character passwords, and, contrary to what most people say, I have absolutely no problems remembering them.
Maybe I just have a knack for remembering things like that (I've been using computers and the obscure passwords that seem to go along with them for ages), but I don't think it's much of a stretch to require an ordinary 'luser' to conjure up the memory capacity for such an astonishingly large password. Passphrases could even be considered as an alternative.
So, in the end, your MySpace account probably isn't that important, but, nevertheless, anyone who wants to get into it can.
You should consider larger passwords or pass phrases for your bank.
You should encourage (educate?) them to enact proper security measures, and dissuade them from using such asinine password policies as the ones most banks do (mine, for one).
My bank actually requires a minimum of 8 chars for the username, coupled with a minimum of 6 chars for the password, and a maximum of 8, or something similarly absurd.
That doesn't even make any sense. It's harder to crack my username than it is my password. I guess, then, it wouldn't hurt to consider mentally rev
I don't understand why tor gets so much flack. I've never had any problems with it at all. The speed is pretty damn fine - especially when compared to traditional open proxies.
Granted, I use it to spam stupid fucks on IRC and website forums with dickass "administrators," but I also just re-start tor and get a new route anytime it's too sluggish; after doing that, pages seem to load in 5-10 seconds. I don't think that's unreasonable.
It has also (somehow) eluded mention that browsing through anonymous services (like tor) has absoluetly NOTHING TO DO WITH COOKIES WHATSOEVER. I'm sure a lot of sites use IP addresses to "authenticate" sessions, but that doesn't mean that it [an IP address] has anything to do with either cookies or sessions.
Am I the only one on Slashdot who isn't completely fucking incompetent? You're both fucking retards. One of you barely has any idea what an IP address, webserver, or javascript is (both of you?), and the other has absolutely no idea what the hell Class C means. I really don't give a shit if you're stupid, but why the fuck are you posting?
I'm reading it in lynx. I would be using elinks, but I just installed it and haven't bothered to figure out how to refresh the [cached] slashdot page (yet).
with a grammatical error in its title?
Okay, it is possible that "Myth and Star Trek" was meant, but, most likely, 'TV, Myth, and Star Trek' was the intention.
It's an important distinction (in this case).
It does, indeed, depend upon the application. However, for password hashing, I would recommend bcrypt.
OpenBSD implements this in its passwording scheme, and, on the Linux front, there's Openwall GNU/*/Linux.
Solar Designer also has what might be needed for application implementation here:
http://www.openwall.com/crypt/
What? Did you just copy from the fucking Wikipedia article or something?
That no matter what type of infrastructure you have, in many cases the limiting factor is your Upstream connection to the level 2 or 1 ISP.
I know it's REALLY hard to understand... But ISPs have MASSIVE amounts of transfer speed. Just trust me.
Ok, the cable companies generally have less than the Bells (OBVIOUSLY), but they both have an INCONCEIVABLE AMOUNT OF 'BANDWIDTH.'
We aren't talking about a single OC-3, or half of the time, even an OC-12.
Theoretically Docsis 1.0 cable modems can do 38 Mb/s downstream and 10Mb/s upstream and have been around for YEARS. I don't know of a single cable operator that sells those rates to their residential customers.
It isn't theoretical. They CAN do that, easily, and they do. The reason that they don't sell you a 38Mbps connection is, maybe, because the HFC channel you're on is shared with the rest of your area????!?!?
Sure, in some heavily populated areas the shared coax along the road is satuated. In many others like mine we don't have this problem either because the cable company laid fiber to the pedestal at the bottom of the driveway or the density of cable modem users isn't there.
Hahah. When I first read this, I thought you were touching upon the point that I made immediately above, and somehow, asinine as it may be, managed to dismiss it. However, now that I've read it, I realize you were making an even more asinine assertion.
You're not going to saturate coax that easily. They've ran 10Gbps over coax, and probably much more.
The saturation point is at the cable channel that you're receiving your signal on. It is shared among many users, even in more sparsely populated areas (well, I guess).
There's really no need to justify the extra expenditure, minimal as it actually is. They already have fiber rolled out to particular areas. Every cable network that I know of in the US is "HFC" - hybrid fiber/coax.
The 6MHz wide channel that's feeding your cable modem can already support 38Mbps down and 10Mbps up.
Upgrading to fiber is just a matter of dragging the fiber from the street one block down to your doorstep.
I think they'd rather just play it out and squeeze out (I used out twice) every bit of change they can.
Remember when cablemodems (sic) were first rolled out? About one megabit speed
I don't know about you, but mine was 10Mbps.
Fiber. Downtown San Francisco has some of that Verizon fiber available in limited areas, and the access download speeds get into the 60-100mbit range. Let me say that again, since I'm sure a lot of people are going to say "he said WHAT?"
Most non-stupid people don't get confused by statements of not-so-mindboggling proportions.
100Mbps to residential users might have been news in 1998, and I'm not just talking about Sweden, Japan, or South Korea.
Hell, I know people in the US who had VDSL around 1999.
Cable companies have something to worry about. Definately (sic).
According to the Beetle's specs of 12 cu ft luggage capacity and 27 cu ft cargo capacity, the number of thumb drives (at 4 sq in) comes out to 16,800 (approximately). This reduces the transfer speed (not "bandwidth"), over an eight hour drive (over five hundred miles, here in the US), to about 2.5GB/s. That's not particularly fast, but it can certainly be accounted for by the density of the thumb drive. As mentioned, a hard drive would result in a much better transfer speed.
And before I get a-fucking-head of myself and just come off as an ASSHAT, please read the damn Wikipedia link for yourself.
Here is a cute little excerpt:
Terminology
The term cross-site scripting is not a very accurate description of this class of vulnerability. In the words of XSS pioneer Marc Slemko:
This issue isn't just about scripting, and there isn't necessarily anything cross-site about it. So why the name? It was coined earlier on when the problem was less understood, and it stuck. Believe me, we have had more important things to do than think of a better name.
The acronym CSS was often used in the early days to refer to cross-site scripting vulnerabilities, but this quickly became confusing in technical circles because both Cascading Style Sheets and the Content-scrambling system shared the same acronym. Perhaps the first use of the abbreviation XSS was by Steve Champeon in his Webmonkey article "XSS, Trust, and Barney".
I wonder if you were even around in the early Webmonkey days. It wasn't THAT long ago, now.
Okay, I still look like an asshat. But, god damn, I can't have half-informed people attempting to slight me.
What do you think the "Scripting" in "Cross Site Scripting" refers to? It refers to client-side javascript.
No, it refers to the name being a MISNOMER. Please read dictionary.com.
Please read some Bugtraq, or at least this FAQ or the Wikipedia article. (The Wikipedia article is the easiest read. In particular, the section on types of XSS problems is edifying.) Your example is a straightforward input validation bug in the browser, and it doesn't involve any scripting at all, cross-site or not, and therefore is not an XSS anything. It's just a malicious input that exploits a browser bug.
I've been reading (and contributing) to Bugtraq since 1999 (including the use of many XSS vulnerabilities).
No, it doesn't require any scripting at all, but I consider it an XSS bug, because it's cross-origin. I'm sorry that XSS originated as something as simple as unsanitized output which could be exploited by inserting arbitrary HTML entities, but that doesn't mean that it can't evolve to include other things.
And if Wikipedia disagrees with me, then Wikipedia is wrong. You don't know who I am, so you don't have to take my opinion with anything more than a grain of salt, but I definitely know what I'm talking about. It'd be like one of those things where top scientists disagreed about the definition of string theories, or something (except you probably aren't a top anything. well, see, I can make assumptions too).
In stark contrast with an XSS flaw, your example is not the site's fault, and there's very little that realsite.com can do about it.
Yes, exactly. Because XSS does not necessarily have anything to do with the web application.
Okay, maybe it would be more appropriate to refer to it as XS? to appease the interests of stupid internet zealots.
But the idea originated under the nomenclature that is XSS, and I happen to group cross-origin bugs in the category.
I mean.. maybe you've never heard of Cross Site Tracing?
A smart site that uses a whitelist approach to user-posted URLs might refuse to let a user post such a link, but it's squarely the browser's fault for mishandling a faulty input, not the site's fault for having the link. The smart site refusing to post funky links is merely doing a service to all the stupid programmers out there. Faulty inputs happen all the time in the real world -- typos, human errors, the occasional corrupt file -- and any browser that doesn't say "Whoa! What the heck am I supposed to do with that?" is a buggy browser.
(Sadly, when it comes to malformed HTML, the "buggy" adjective applies to AFAIK all browsers today, including the lowly Lynx. Google for "HTML fuzz" if you're curious. Some hold up better than others, though, and IE is by far the worst of the lot. What's worse, when it comes to malformed URLs, IE itself has historically been a disaster, with about 2-3 times the URL bugs as the Mozilla codebase, and scarily almost all non-browser software that registers third-party URL handlers either (a) can be exploited today, or else (b) has been exploited in the past and survived a brutal trial by fire. I'm thinking of AIM in particular for the latter.)
Tacking on myriad anecdotal rants to the end of your post might give you some form of credibility in the eyes of the typical Slashdot reader or moderator, but it doesn't me. It seems you're under the assumption that you're some sort of guru who's above me. Well, it'd be the opposite, if anything. And, no, I am not getting defensive. It is just rather amusing how many mis-informed posts I see here in tech related categories on Slashdot, which proceed with belittling descriptions of basic ideas, like yours has.
What do you want? A congratulations? You know what Lynx and fuzzing (a relatively new security buzzword) is. So do I.
Slashdot Mirror
almost every first person shooter? huh? you mean counter-strike, right? I haven't played an FPS where you actually sit still to aim, but I'm talking from a Quake / slightly pro-quake background, here. there are plenty of fast paced FPS games.
That's probably the stupidest comment ever. No, it doesn't. Why the hell wouldn't you actually LOOK before saying that? It's obvious you were working on some kind of weird assumption.
The 256MB version uses the same 256-bit GDDR3 at a higher clockspeed (980MHz effective vs 700MHz effective). How does it have worse "memory performance?" Do you know some secret, or something?
I don't think I could reccomend anything, but I may be able to recommend something. OLOZLOERLROLlollERBLADEZES nice troll
Wal-Mart closes on Christmas (and a few other days/half-das, now, I think). P.S. Do you work for Wal-Mart? I was thinking the Supercenters were more like 500,000 sq ft.
or very close to a certain disparaging term; not that I care, but some people do.
Read those as PHP? I believe you're thinking of a different vulnerability entirely. That's called a remote inclusion vulnerability. I've done that by uploading a backdoor script disguised as an image file, but it's best to use Header("Location: ") instead of just having a malformed image.
It's not like this is rocket surgery or anything.
512 Megabits isn't much.
Announce your networks? That'd require having one. You don't even get those with residential service. If you're lucky, you get a few "static IPs." And dynamic DNS? That's nothing. What about reverse DNS? What DSL or cable modem providers give you that these days? There used to be a few of them, I know, but I don't think I know of any that do now.
You are wrong. The first 1.7GHz K7 released was an Athlon XP, and it was released in mid-late 2002. I don't know what the hell a GeForce 4700Ti is, but I imagine you're talking about a GeForce 4, which was also released in 2002. The GeForce 2 Ti and GeForce 3 were both released in 2001. I also have an "outdated" system like yours, but it is not outdated at all. You are just confused. I have an Athlon XP 3000+ (Barton, 400MHz, 512KiB L2), MSI K7N2-Delta FSR, 2x256MB PC3200 GeIL CL2, GeForce 4 Ti4200 64MB (original), and a 30GB Maxtor UDMA/66 7200RPM (generic crap). Actually, before late last year / early this year, I was still running a Thunderbird 850 (now this is a processor that is actually from the 2000-2001 era). Didn't have the nForce2 board until a forced upgrade from a dead Epox 8K3A+ (busted capacitors). I've since upgraded to a Seagate SATA drive (ST380021AS I believe) and ATi Radeon X1600 PRO. The mere fact that these fairly modern technologies are supported by my mainboard alludes to the fact that it is not obsolete at all. My Barton's FPU (and general) performance is on par with a friend's Winchester Athlon 64. The fact of that matter is that you're saying that a system from 2002 is outdated. For an idiotic "gamer," it sure is. For people who know what the hell they're talking about (and know that little innovation has come since that time), it's not even remotely true. My system is from 2003 and I hadn't planned on upgrading it even if I could, because I knew that the Athlon 64 was a bunch of stupid bullshit and that nVIDIA and ATi both were faggots trying to screw everyone over. Forced upgrades are really the only thing that have gotten me to change anything. However, things are finally beginning to become interesting enough to induce the idea to entertain an upgrade, with dual core, 2MiB L2 per core, HyperThreading, HyperTransport, HyperWhateverTheHellEver, DDR2, and PCI Express. But most of us who actually know what we're talking about (as opposed to those who call themselves "enthusiasts," "hardcore users," or "experts") haven't bothered to upgrade quite yet, because there is really no need. So, for the record, you don't have anything near a six year old system. A six year old system is an Athlon Thunderbird 1.2GHz (the Thunderbird hadn't even come out until late '00, so you're cutting it really close) or a Coppermine PIII with 133MHz FSB-at the very best. The Coppermine-128 wasn't even out. If you had a low end PC back then, then you had a Mendocino Celeron or a 800MHz Duron.
Uhh, I'm sure he knew that... thus the reason he replied in the thread the way he did?? Unfortunately, he got "modded down" for it. Fortunately, most people probably don't give a shit about stupid Slashdot moderations.
Seven characters is not 'decent.' I don't know how MySpace stores their passwords, but I can brute force a raw MD5 hash 7 chars a-zA-Z0-9 in less than five days on my single, three year old desktop. If they're using a salt, and, ideally, anything with better complexity than MD5, then that would be obscenely more difficult. Of course, this is in the instance of an offline attack, but, funnily enough, the article writer didn't even seem to consider an offline attack. However, no matter what the length of these passwords may be, they are largely based upon dictionary words, and that would make any cracking attempt (rainbow table, normal dictionary, hashed or not hashed) significantly easier. While I use a weaker password for my MySpace account (because I hardly value it), for sites of any amount of importance, I use a minimum of 9 chars a-zA-Z0-9. Password complexity does not entail the use of odd characters; length is what makes a password threatening to an attacker - again, though, that also boils down to whether you're using a salt, and what the complexity of the hash function is. Assuming you use a salted hash that's worth its.. salt.., such as brcypt, then a-zA-Z0-9 / 9 chars is a behemoth of a password (for most). Setting up a small cluster at my home, I could, theoretically (based on my MDCrack numbers), crack an 8 char a-zA-Z0-9 in just under half of a year. Nine characters makes this astronomically more difficult (okay, 62 times more--but it's astronomically significant in comparison to actual CPU hours spent). It must be understood, though, that this level of password complexity is *probably not good enough* for your bank or anything of an insubordinate amount of significance to you. Consider that, scaling upward to 131072 based on the specifications of my own comparison desktop (and this isn't a very accurate assessment, but we'll assume that the margin of error is insignificant in the face of money thrown at the problem), BlueGene/L could crack my 9 char a-zA-Z0-9 password in less than four hours. Given that supercomputers are increasing in capability at a pretty impressive rate, it could be said that passwords are probably just an outdated authentication mechanism, but, since password complexity can't keep up with computing power, then (if passwords are necessary) a hash function with variable complexity should be considered (see bcrypt, again). This solves the part of the problem pertaining to offline attacks, and, while online attacks are usually impractical, it would be easier still to crack such a password online--with the assumption that the administrators of the web application are completely retarded (and, in the event of MySpace, I don't doubt that is probable). But, again, there seems to be a very common misconception about how much 'length' translates into strength. I'm sorry, but the 8 char rule is simply ancient. Nine characters won't suffice. I regularly use 15-20 character passwords, and, contrary to what most people say, I have absolutely no problems remembering them. Maybe I just have a knack for remembering things like that (I've been using computers and the obscure passwords that seem to go along with them for ages), but I don't think it's much of a stretch to require an ordinary 'luser' to conjure up the memory capacity for such an astonishingly large password. Passphrases could even be considered as an alternative. So, in the end, your MySpace account probably isn't that important, but, nevertheless, anyone who wants to get into it can. You should consider larger passwords or pass phrases for your bank. You should encourage (educate?) them to enact proper security measures, and dissuade them from using such asinine password policies as the ones most banks do (mine, for one). My bank actually requires a minimum of 8 chars for the username, coupled with a minimum of 6 chars for the password, and a maximum of 8, or something similarly absurd. That doesn't even make any sense. It's harder to crack my username than it is my password. I guess, then, it wouldn't hurt to consider mentally rev
I don't understand why tor gets so much flack. I've never had any problems with it at all. The speed is pretty damn fine - especially when compared to traditional open proxies. Granted, I use it to spam stupid fucks on IRC and website forums with dickass "administrators," but I also just re-start tor and get a new route anytime it's too sluggish; after doing that, pages seem to load in 5-10 seconds. I don't think that's unreasonable.
It has also (somehow) eluded mention that browsing through anonymous services (like tor) has absoluetly NOTHING TO DO WITH COOKIES WHATSOEVER.
I'm sure a lot of sites use IP addresses to "authenticate" sessions, but that doesn't mean that it [an IP address] has anything to do with either cookies or sessions.
Am I the only one on Slashdot who isn't completely fucking incompetent? You're both fucking retards.
One of you barely has any idea what an IP address, webserver, or javascript is (both of you?), and the other has absolutely no idea what the hell Class C means. I really don't give a shit if you're stupid, but why the fuck are you posting?
I'm reading it in lynx. I would be using elinks, but I just installed it and haven't bothered to figure out how to refresh the [cached] slashdot page (yet).
with a grammatical error in its title? Okay, it is possible that "Myth and Star Trek" was meant, but, most likely, 'TV, Myth, and Star Trek' was the intention. It's an important distinction (in this case).
It does, indeed, depend upon the application. However, for password hashing, I would recommend bcrypt. OpenBSD implements this in its passwording scheme, and, on the Linux front, there's Openwall GNU/*/Linux. Solar Designer also has what might be needed for application implementation here: http://www.openwall.com/crypt/
I've even done it with +++ATH0\r\nATDT! ping -p 2b2b2b415448300d
There's really no need to justify the extra expenditure, minimal as it actually is. They already have fiber rolled out to particular areas. Every cable network that I know of in the US is "HFC" - hybrid fiber/coax. The 6MHz wide channel that's feeding your cable modem can already support 38Mbps down and 10Mbps up. Upgrading to fiber is just a matter of dragging the fiber from the street one block down to your doorstep. I think they'd rather just play it out and squeeze out (I used out twice) every bit of change they can.
According to the Beetle's specs of 12 cu ft luggage capacity and 27 cu ft cargo capacity, the number of thumb drives (at 4 sq in) comes out to 16,800 (approximately). This reduces the transfer speed (not "bandwidth"), over an eight hour drive (over five hundred miles, here in the US), to about 2.5GB/s. That's not particularly fast, but it can certainly be accounted for by the density of the thumb drive. As mentioned, a hard drive would result in a much better transfer speed.
And before I get a-fucking-head of myself and just come off as an ASSHAT, please read the damn Wikipedia link for yourself .
I wonder if you were even around in the early Webmonkey days. It wasn't THAT long ago, now. Okay, I still look like an asshat. But, god damn, I can't have half-informed people attempting to slight me.Here is a cute little excerpt:
No, it refers to the name being a MISNOMER. Please read dictionary.com.
I've been reading (and contributing) to Bugtraq since 1999 (including the use of many XSS vulnerabilities).
No, it doesn't require any scripting at all, but I consider it an XSS bug, because it's cross-origin. I'm sorry that XSS originated as something as simple as unsanitized output which could be exploited by inserting arbitrary HTML entities, but that doesn't mean that it can't evolve to include other things. And if Wikipedia disagrees with me, then Wikipedia is wrong. You don't know who I am, so you don't have to take my opinion with anything more than a grain of salt, but I definitely know what I'm talking about. It'd be like one of those things where top scientists disagreed about the definition of string theories, or something (except you probably aren't a top anything. well, see, I can make assumptions too).
Yes, exactly. Because XSS does not necessarily have anything to do with the web application. Okay, maybe it would be more appropriate to refer to it as XS? to appease the interests of stupid internet zealots. But the idea originated under the nomenclature that is XSS, and I happen to group cross-origin bugs in the category. I mean .. maybe you've never heard of Cross Site Tracing?
Tacking on myriad anecdotal rants to the end of your post might give you some form of credibility in the eyes of the typical Slashdot reader or moderator, but it doesn't me. It seems you're under the assumption that you're some sort of guru who's above me. Well, it'd be the opposite, if anything. And, no, I am not getting defensive. It is just rather amusing how many mis-informed posts I see here in tech related categories on Slashdot, which proceed with belittling descriptions of basic ideas, like yours has. What do you want? A congratulations? You know what Lynx and fuzzing (a relatively new security buzzword) is. So do I.