The system engineers did great. The kernel hackers left no module unturned.
However some intern who set up the root system left the root password as default.
Fortunately no one expected this serious of a machine to have that password so no one got it.
(Well not really, but I can only imagine that happening somewhere out there...)
You could just get mozilla to open the pages in another tab and let them sit there.
Then close them all out in a minute. That won't slow you down at all.
However, if you base it on their IP perhaps, or add in a timestamp (ie, on this date, at this time, you must do this sequence) then it would make port knocking a much more effective method of deceiving attackers.
A better way would be to have the sequence of knocking be a function of the hmac of the time stamp and shared secret. That would allow it to expire every second and base it off of something that is known only to user and server.
You can't base security off of someone not knowing how the port knock sequence is developed. Just make how the sequence is selected be the protection.
That would add another layer to even getting a chance to get access to the different services on the server.
I find it interesting that the sales of CD's are supposedly declining, but DVD's that have a lower cost at times aren't decreasing at all. And as we all know, you can download movies on p2p applications. *GASP*
Or how about making the ones who _do_ get infected pay an extra fee? After all, it's more fun to punish the people who cause damage than to reward those who don't.
Or they can kinda do what Comcast does with their cable internet/cable tv. Give a $10 credit for use of both. Just charge $15 extra each month and give it back for those who don't get a virus.
European bicycle racers have been wrapping their water bottles with a damp cloth covering to keep the water chilled for decades
Wow, they must have a ton of water to evaporate since my water only stays cool for about 2 hours before its all gone.
I haven't done this or even tried, just that sometimes to get things unencrypted all you really need to do is read the memory location where the piece is stored after decryption. Just write it out to a file adn viola, you have the unencrypted file.
If you want to get the master index from a backup server, you need manual intervention (root needs to indicate that the backup server can be trusted).
That isn't really needed. Once you have the public key from the main server, you could validate the signatures of any other item regardless of where the package was downloaded from. A peer-to-peer setup would be just fine, once you had the information about who the peers were and the public key to verify the validity of everything.
Here is what the devolopers should do. Each time they submit a file that they have made changes to in the cvs archive, then also hmac it and sign it with their private key. Then later on if the system was compromized you could go back and computer the hmac of the file to make sure it matches that which the programmer submitted it to be.
And then even if the system was compromised you wouldn't have to question which ones were changed or not since it can be checked just by confirming the hmacs.
The best design for security have perfect forward security. And a signed hmac would prove the validity of the file unless the signing key was compromised.
Knoppix mounts about 70% of you memory as a RAMdisk for configuration files it creates on the fly, however can it customize the/etc folder to you system?
And it is going to continue. Since there will be less people to call, each person left will get more calls and will thus want to be put on the list more.
I can just see the last lazy guy who didn't put the phone on the list. getting called by all the companies all the time everyday... until he too did the right thing www.donotcall.gov.
In the book "The cat who walks through walls" by Heimlin (sp) there is a point when the main charcter has to disturb someone in the middle of the night. The electric door requests for say $50 dollars for disturbing the individual. If the awoken individual agrees that it was a good reason to be woken up they give the money back. Otherwise they keep it.
That would be a great system for the telemarketers. Set up a charge of say $1 for the disturbing call and refund it to anyone who had a reasonable reason to call.
I think I would go out and post my number all over for them to call just to make the $1 each time they wanted to call.
With the states looking to squeeze every penny out of its inhabitants, It won't be free for long even if it started as such.
I worked as a waiter for the Olive Garden for about a year and a half. After 6 months a new program was put on the computers and when we logged out we were required to put in the ammount of money that we had gotten as tips. And that was reported to the IRS, of course.
I am sure that soon these Coffee servers would get the same treatment and soon have to pay taxes on any donations.
Now the real trick would be to use the bill of rights as the encoding string.
You see your Honor, I wasn't trying to download a stolen copyright of Yellow submarine encoded by the Bill of Rights, but rather I was downloading the Bill of Rights which just happened to be encoded with Yellow Submarine.
And if the Bill of rights isn't protect by the bill of rights, I don't know what is...
Slashdot Mirror
The system engineers did great. The kernel hackers left no module unturned. However some intern who set up the root system left the root password as default. Fortunately no one expected this serious of a machine to have that password so no one got it. (Well not really, but I can only imagine that happening somewhere out there...)
Yeah! Didn't you hear?
Kmitnic is the new automated hacking utility for KDE.
You could just get mozilla to open the pages in another tab and let them sit there. Then close them all out in a minute.
That won't slow you down at all.
And in an election year, the other real question is how can we blame this on Pres. Bush?
That would allow it to expire every second and base it off of something that is known only to user and server.
You can't base security off of someone not knowing how the port knock sequence is developed. Just make how the sequence is selected be the protection.
That would add another layer to even getting a chance to get access to the different services on the server.
I find it interesting that the sales of CD's are supposedly declining, but DVD's that have a lower cost at times aren't decreasing at all. And as we all know, you can download movies on p2p applications. *GASP*
Or how about making the ones who _do_ get infected pay an extra fee? After all, it's more fun to punish the people who cause damage than to reward those who don't.
Or they can kinda do what Comcast does with their cable internet/cable tv. Give a $10 credit for use of both.
Just charge $15 extra each month and give it back for those who don't get a virus.
European bicycle racers have been wrapping their water bottles with a damp cloth covering to keep the water chilled for decades Wow, they must have a ton of water to evaporate since my water only stays cool for about 2 hours before its all gone.
I haven't done this or even tried, just that sometimes to get things unencrypted all you really need to do is read the memory location where the piece is stored after decryption. Just write it out to a file adn viola, you have the unencrypted file.
I didn't realize that Apple is starting to release its switcher ads on /..
If you want to get the master index from a backup server, you need manual intervention (root needs to indicate that the backup server can be trusted).
That isn't really needed. Once you have the public key from the main server, you could validate the signatures of any other item regardless of where the package was downloaded from. A peer-to-peer setup would be just fine, once you had the information about who the peers were and the public key to verify the validity of everything.
So would that make it a beowulf cluster?
Here is what the devolopers should do.
Each time they submit a file that they have made changes to in the cvs archive, then also hmac it and sign it with their private key. Then later on if the system was compromized you could go back and computer the hmac of the file to make sure it matches that which the programmer submitted it to be.
And then even if the system was compromised you wouldn't have to question which ones were changed or not since it can be checked just by confirming the hmacs.
The best design for security have perfect forward security. And a signed hmac would prove the validity of the file unless the signing key was compromised.
I don't know. Invite me over for coffee and lets find out.
What about the steps: 13. ??? And 18. Profit!!!
Knoppix mounts about 70% of you memory as a RAMdisk for configuration files it creates on the fly, however can it customize the /etc folder to you system?
4 Mbit bioses have more than enough space for virus files that are typically smaller than 35K
Utah has a lot of open land that isn't at risk of being burned. Heck you don't even have to live close to the SCO execs. They don't like the desert..
And it is going to continue. Since there will be less people to call, each person left will get more calls and will thus want to be put on the list more.
I can just see the last lazy guy who didn't put the phone on the list. getting called by all the companies all the time everyday... until he too did the right thing www.donotcall.gov.
In the book "The cat who walks through walls" by Heimlin (sp) there is a point when the main charcter has to disturb someone in the middle of the night. The electric door requests for say $50 dollars for disturbing the individual. If the awoken individual agrees that it was a good reason to be woken up they give the money back. Otherwise they keep it.
That would be a great system for the telemarketers. Set up a charge of say $1 for the disturbing call and refund it to anyone who had a reasonable reason to call.
I think I would go out and post my number all over for them to call just to make the $1 each time they wanted to call.
...its the crash with the Ford Excursion that scares me...
I may be getting a little bias towards the car..
I read that as Ford Executioner
With the states looking to squeeze every penny out of its inhabitants, It won't be free for long even if it started as such. I worked as a waiter for the Olive Garden for about a year and a half. After 6 months a new program was put on the computers and when we logged out we were required to put in the ammount of money that we had gotten as tips. And that was reported to the IRS, of course. I am sure that soon these Coffee servers would get the same treatment and soon have to pay taxes on any donations.
Now the real trick would be to use the bill of rights as the encoding string. You see your Honor, I wasn't trying to download a stolen copyright of Yellow submarine encoded by the Bill of Rights, but rather I was downloading the Bill of Rights which just happened to be encoded with Yellow Submarine. And if the Bill of rights isn't protect by the bill of rights, I don't know what is...
And it looks like he got modded up. So that puts him on par or a bit ahead of some of the other readers.
Tha Cat has Karma. Is his name Felix?