It most certainly is not free. The student's do pay for it. I know that at my university, my academic bill is roughly comprised of 1/2 tuition hours, and 1/2 fees. The list of fees is so outrageously long, that it takes a google-miner to find them itemized. So when you see a $600/semester "tech fee" on your statement, remember that _you_ are paying for that wireless.
Unless your school is amazingly brilliant at marketing itself to corporate bigwigs as a candidate for gifts. Those are the true freebies.;)
Maybe that explains why nothing ever changes in the bureaucracy that is our government: Everyone in IT is too scared to migrate off of the antequated and obfuscated LISP and COBOL which keeps everything running. When you work for the state, time and technology move along at _very_ different paces.
"You know, the time -- the average time -- to fix on an operating system other than Windows is typically ninety to a hundred days," said Gates. "Today we have that down to less than forty-eight hours."
Not trolling, but since when would this constitute 103 square miles? I read the headline and thought "Wow!" When looking for more information on the project, the most I can find regarding their actual coverage is as linked above.:/
Naughty submitter for asking the slashdotters to _stream media_ from his/her/its website. Everyone should do seattlewireless the favor and nab the ~900mb mpeg1 version of the show via bittorrent here.
The majority of users who go through the trouble to unblock it are going to run secure machines.
I dunno dude. I know plenty of rootable machines being run by half-asses half-assedly adminning half-assed machines in their half-assed time. No matter what software platform, if youre clueless and pay zero attention to your machine(s), you will most likely have the naughties come a knockin.
What I would love to see somebody come out with is a provider-side web configurable firewall.
While I am a student at utexas.edu, I must speak up about https://firewall.tamu.edu/. Apparently the resnet team in College Station filters the heck out of their residents' hosts, but allows them to open their boxes up interactively on the fly without having to call tech support. This is all based on what I have gleaned from the TAMU CIT online writeups, so of course dont quote me on it. While I do not have access, maybe some kind A&M soul will offer forth what is contained inside?:)
Hooray for BSD and Snort inline! Apparently TAMU also doing some really cool IDS work and dynamically switching ACOs to non-routable VLANs and providing fixes via a web interface for compromised hosts. I heard about RIT doing something similar with their homebrewed ActiveX-based development during last July/August during the big RPC craze. I wish more universitys would implement similar solutions.
Its dated. And last time this newbie tried to jigdo a new sarge DVD off templates from the.dk mirror, jigdo threw up after lying to me all weekend. Hooray for jigdo!
No wonder those jigdo templates are "unofficial".;)
Product: pizza_party URL: http://www.beigerecords.com/cory/pizza_party/ Ver sion: pizza_party 0.1.beta and earlier Risk: Multiple vulnerabilities (high)
Description:
pizza_party is a Perl based command line tool that provides a non-Web interface to Dominos Pizza's QuikOrder(TM) website pizza ordering service by using HTTP over the Internet.
It is third-party open-soruce software, developed by an individual and unsupported by Dominos Pizza.
Available at: http://www.beigerecords.com/cory/pizza_party/ downl oad/pizza_party -0.1.b.tar.gz
I believe it may now be in use internally at a large number of corporate organizations (primarily by hard-core coder types who are too focused on the task at hand to get up and go out to get a pizza -- or even to lift up the phone to order one), and installations can also be found on the public Internet.
The Problem:
pizza_party is very bad about protecting the username and password for the Dominos Pizza QuikOrder website. This may lead to a multitude of vulnerabilities, the most dangerous being that 'ps' can be used to observe the command line input parameters on the stack passed via the shell.
Also the non-SSL (unencrypted) web interface (http://www.dominos.quikorder.com) is used over the Internet, so anyone who can capture (sniff) the traffic could easily obtain the Dominos QuikOrder username and password from the standard base64- encoded POST to the website.
Either would allow for individuals other than the owner of the Dominos Pizza account to order arbitrary pizzas (with random toppings even) via the Dominos QuikOrder web server and have them delivered -- resulting in chaos, anarchy and confusion.
Additionally, there may be other issues resulting from the misuse of this package. It is impossible to tell what other uses might be made of the username/password pair stolen (it might be used by the use for all of their accounts on the Web f'instance).
Also note that as the order is sent unencrypted it may be possible for a MITM attack to tamper with the order (potentially adding anchovies, onions or other undesirables).
The Fixes:
1. pizza_party should use HTTP over SSL to order the pizza's from Dominos
'secure' QuikOrder website: https://www.dominos.quikorder.com/
Unfortunately there are some problems with the Web certificate for this site.
2. pizza_party should prompt the command line user for the username and
password and read them from/dev/tty rather than accept them as params
on the command line.
3. pizza_party should also overwrite the store of the username and password
(or encrypt them) when they are in memory or an attacker could steal them
from RAM, or a swapfile on disk.
- H. Morrow Long, CISSP, CISM
University Information Security Officer
Director -- Information Security Office
Yale University, ITS
I go to utexas.edu. I can vouch for the administrative craziness that all too often plagues this school.:)
This is the same place where the suits did everything they could to keep the FOIA and other legal mechanisms from revealing information about the post-9/11 surveillance system. UT even went after our state attorney general over this. A friend of mine said it best: "Never sue someone when they have a law school.";)
The whole reference to UTWatch in the article creeped me out. UTWatch is a student-run organization which follows up on what the regents and other suits do. Like Ralph Nader in the 70s, its a mere watchdog organization checking if proposed policies will adversely affect the student body at large. Recently they have been very vocal speaking out concerning tuitition deregulation and the involvement of UT managing the Los Alamos laboratories. Not simply fact checkers, UTWatch does getinvolved when it smells something fishy.
I applaud what Mark Miller did. There is all sorts of cool things under the ground here at UT. Under ENS and RLM you can find a retired tokamak! More than just he are interested in whats buried. Simply put, what UT did (assuming it did something to spur this) simply lacked honor.;)
Tsk tsk. In Victoria, TX, we had Coke pay us $1M to whore their sugar products in our high schools exclusively. _THEN_ we popped for the cool mil for the fake grass for our jocks.
Slashdot Mirror
YMBNH ...
YMBNH ...
I guess when you closely read your parent, you will find that the author has a two digit UID. High school? Pfft. :)
It most certainly is not free. The student's do pay for it. I know that at my university, my academic bill is roughly comprised of 1/2 tuition hours, and 1/2 fees. The list of fees is so outrageously long, that it takes a google-miner to find them itemized. So when you see a $600/semester "tech fee" on your statement, remember that _you_ are paying for that wireless.
;)
Unless your school is amazingly brilliant at marketing itself to corporate bigwigs as a candidate for gifts. Those are the true freebies.
My $0.02.
Apple? Games? Oh yeah
Funny you mention that, as SMS is listed in the 50+ futzed applications. This includes SMS2003.
:)
Oops.
Shes no Killcreek. :)
Maybe that explains why nothing ever changes in the bureaucracy that is our government: Everyone in IT is too scared to migrate off of the antequated and obfuscated LISP and COBOL which keeps everything running. When you work for the state, time and technology move along at _very_ different paces.
No worse than "Built on NT technology"
:)
WINDOWS NT = Windows New Technology
-acronymfinder.com
"You know, the time -- the average time -- to fix on an operating system other than Windows is typically ninety to a hundred days," said Gates. "Today we have that down to less than forty-eight hours."
:|
I dont know whether to laugh or cry.
Interesting how it appears the malcode injected itself into *.rtf and *.txt files as per the google URL of parent. Can I get a "wtf"? :|
Not trolling, but since when would this constitute 103 square miles? I read the headline and thought "Wow!" When looking for more information on the project, the most I can find regarding their actual coverage is as linked above. :/
Oh well. C'est la vie.
Naughty submitter for asking the slashdotters to _stream media_ from his/her/its website. Everyone should do seattlewireless the favor and nab the ~900mb mpeg1 version of the show via bittorrent here.
The majority of users who go through the trouble to unblock it are going to run secure machines.
I dunno dude. I know plenty of rootable machines being run by half-asses half-assedly adminning half-assed machines in their half-assed time. No matter what software platform, if youre clueless and pay zero attention to your machine(s), you will most likely have the naughties come a knockin.
What I would love to see somebody come out with is a provider-side web configurable firewall.
:)
While I am a student at utexas.edu, I must speak up about https://firewall.tamu.edu/. Apparently the resnet team in College Station filters the heck out of their residents' hosts, but allows them to open their boxes up interactively on the fly without having to call tech support. This is all based on what I have gleaned from the TAMU CIT online writeups, so of course dont quote me on it. While I do not have access, maybe some kind A&M soul will offer forth what is contained inside?
Hooray for BSD and Snort inline! Apparently TAMU also doing some really cool IDS work and dynamically switching ACOs to non-routable VLANs and providing fixes via a web interface for compromised hosts. I heard about RIT doing something similar with their homebrewed ActiveX-based development during last July/August during the big RPC craze. I wish more universitys would implement similar solutions.
Its dated. And last time this newbie tried to jigdo a new sarge DVD off templates from the .dk mirror, jigdo threw up after lying to me all weekend. Hooray for jigdo!
;)
No wonder those jigdo templates are "unofficial".
We prefer to call them "tenured faculty" and not "crap".
Intentions aside, here is hoping this doesnt turn out like W32/Welchia. ;)
YMBNH. This isnt kuro5hin.
/.
May sound mean, but seriously... this is what seperates k5 from
I misread thespot for thespark and thought, "YES, Stinky Meat Project is back! Wooo!"
:)
Oops.
This came to me at 3:17pm CST ...
r sion: pizza_party 0.1.beta and earlier
/ downl oad/pizza_party -0.1.b.tar.gz
/dev/tty rather than accept them as params
Product: pizza_party
URL: http://www.beigerecords.com/cory/pizza_party/
Ve
Risk: Multiple vulnerabilities (high)
Description:
pizza_party is a Perl based command line tool that provides a non-Web interface to
Dominos Pizza's QuikOrder(TM) website pizza ordering service by using HTTP over
the Internet.
It is third-party open-soruce software, developed by an individual and unsupported by
Dominos Pizza.
Available at:
http://www.beigerecords.com/cory/pizza_party
I believe it may now be in use internally at a large number of corporate organizations
(primarily by hard-core coder types who are too focused on the task at hand to get up
and go out to get a pizza -- or even to lift up the phone to order one), and installations
can also be found on the public Internet.
The Problem:
pizza_party is very bad about protecting the username and password for
the Dominos Pizza QuikOrder website. This may lead to a multitude of
vulnerabilities, the most dangerous being that 'ps' can be used to observe
the command line input parameters on the stack passed via the shell.
Also the non-SSL (unencrypted) web interface (http://www.dominos.quikorder.com)
is used over the Internet, so anyone who can capture (sniff) the traffic could easily
obtain the Dominos QuikOrder username and password from the standard base64-
encoded POST to the website.
Either would allow for individuals other than the owner of the Dominos Pizza
account to order arbitrary pizzas (with random toppings even) via the Dominos
QuikOrder web server and have them delivered -- resulting in chaos, anarchy
and confusion.
Additionally, there may be other issues resulting from the misuse of this package.
It is impossible to tell what other uses might be made of the username/password
pair stolen (it might be used by the use for all of their accounts on the Web f'instance).
Also note that as the order is sent unencrypted it may be possible for a MITM attack
to tamper with the order (potentially adding anchovies, onions or other undesirables).
The Fixes:
1. pizza_party should use HTTP over SSL to order the pizza's from Dominos
'secure' QuikOrder website: https://www.dominos.quikorder.com/
Unfortunately there are some problems with the Web certificate for this site.
2. pizza_party should prompt the command line user for the username and
password and read them from
on the command line.
3. pizza_party should also overwrite the store of the username and password
(or encrypt them) when they are in memory or an attacker could steal them
from RAM, or a swapfile on disk.
- H. Morrow Long, CISSP, CISM
University Information Security Officer
Director -- Information Security Office
Yale University, ITS
Correction. Jenna attended, but is gone now. AFAIK, she was here a whole year (00-01 IIRC).
I go to utexas.edu. I can vouch for the administrative craziness that all too often plagues this school. :)
;)
;)
This is the same place where the suits did everything they could to keep the FOIA and other legal mechanisms from revealing information about the post-9/11 surveillance system. UT even went after our state attorney general over this. A friend of mine said it best: "Never sue someone when they have a law school."
The whole reference to UTWatch in the article creeped me out. UTWatch is a student-run organization which follows up on what the regents and other suits do. Like Ralph Nader in the 70s, its a mere watchdog organization checking if proposed policies will adversely affect the student body at large. Recently they have been very vocal speaking out concerning tuitition deregulation and the involvement of UT managing the Los Alamos laboratories. Not simply fact checkers, UTWatch does get involved when it smells something fishy.
I applaud what Mark Miller did. There is all sorts of cool things under the ground here at UT. Under ENS and RLM you can find a retired tokamak! More than just he are interested in whats buried. Simply put, what UT did (assuming it did something to spur this) simply lacked honor.
Tsk tsk. In Victoria, TX, we had Coke pay us $1M to whore their sugar products in our high schools exclusively. _THEN_ we popped for the cool mil for the fake grass for our jocks.