Case in point: A friend of mine bought a VAIO, which never really worked. After the third repair attempt he got it back with a hole in the case, requiring a nasty letter from his lawyer until they finally reimbursed him. That was after accusing him of breaking it himself.
Sorry but I have to...
Piro: "I see the RAID controller got 'the screwdriver'."
But worst of all, I hate how the word "terrorism" is getting warped into whatever stupid, self-serving thing the people using it want it to mean. Where is the terror in "advertising terrorism?" People are not in danger of losing their lives to the Pepsi logo! Gah!
As best as I can tell, the phrase was used by the poster. None of the linked articles contain the phrase, and a google search for "advertising terrorism" doesn't turn anything interesting up. There are enough cats abusing the word terrorism to get attention and further their own agendas, and imo we shouldn't stoop to that level.
These guys are fucktards. If they're lucky, they won't be labeled terrorists and shipped off to federal-pound-me-in-the-ass prison. The current political climate is not one where you can do a pen test without VP or CIO approval and not expect to get the book thrown at you. If you're going to be a whistelblower, the way to do it is via an anonymous letter to the IT dept, then work your way up if they don't fix the problem.
Last I checked/. was not about software piracy, please take your warezing rear elsewhere or by a legit copy with a legit key.
This is an ethical dilemma for some: which is worse, software piracy or unpatched pirated xp boxes? Myself, I think Microsoft owes it to us paying customers and everyone else on the internet to make their patches available to all copies of windows, legit or otherwise. It's not that software pirates deserve oatched machines, it's just that the rest of the Internet would just as soon not put up with the flood of traffic from unpatched machines.
So does Firefox, you can set up keywords to do that for any of your bookmarks.
I personally like how Firefox combines URL aliases and quick searches, rather than having separate menus for both. I'm migrating my surfing habits from avant browser (frontend for IE) to FF right now, and I think the only thing I miss is the ability to set a quick search or a url alias from a tab's context menu. Working on that though.
Name an instance of IIS being automatically exploited. I'll cite you two Apache holes in return.
Name a remotely exploitable apache vulnerability that led to root access and went unpatched for six months. Show me a doctored study where apache claims it's more secure becase of the short time it takes for them to release patches. Show me the voodoo math where apache claims that a vulnerability is not a threat until it's publically disclosed.
No, you didn't ignore it, but you obscured it, deliberately or not. Your explanation is also weak since unless you actually did research to determine the political affiliation of the other two justices you would never know from your post. They could be apolitical, independents, or even Democrats appointed by a Republican president. You obscured the information in the original post, and then evaded when called on it.
I did research the current justices' party affiliations and mniating presidents to make sure my facts were straight before posting. I'm not obligated to post every bit of it however; if someone wants to see if I'm talking out of my ass or not they're capable of doing the same research. But if I read you right here, I obfuscated the facts because there could be a justice who was nominated by a president of the opposite party, or does not belong to either party. Guess what? There isn't one serving today. You may now consider the facts de-obfuscated.
You might want to check into the expansion of police powers under the Clinton administration following the Oklahoma City bombing. (Wasn't President Clinton a Democrat?) The laws that President Clinton signed had a much more significant impact than this decision.
You raise a decent point. Both parties have put crappy legislation into effect as a knee-jerk reaction to terrorist acts. But there's also a huge difference between laws passed by two branches and laws interpreted by the third. The Supreme Court are the folks whose sole job it is to provide non-b0rked interpretations of the law and the constitution. Or are you telling me that "You have to identify yourself, but you don't have to show your ID" is a sensible interpretation?
Wow, current stats for the parent post are 30% Funny, 40% Flamebait, and 30% Troll. I'm guessing either I pissed someone off or some mods are completely devoid of humor today. GO ahead guys, I've got karma to burn...
So you're telling me you think that post is genuine, and not someone trolling? OR are you subscribing to antigroupthink and posting against it without a second thought?
Speaking as one who just got an Xbox, it'll pretty much suck to have to upgrade and lose the backwards compatibility. I'm wondering if this is something deliberate to keep us from modding the old Xboxes and turning them into linux servers when the new hotness comes out.
OK no prob. Someone could get around the small payload test pretty easily, you're right, but if they did then the worm would spread that much slower. Since the kiddies are looking for maximum number of zombieboxen in minimum amount of time, I'm thinking it will be a while before they try that. And if they do, AV dats should be available before it spreads to far. Cheers!
Yes, and ignore the fact that two justices who ruled for Mr Hiibel were appointed by Republican presidents.
I didn't ignore the fact. Assuming that someone reading that post knows that there are 9 supreme court justices (not exactly a well-kept secret) then a little bit of math should help one conclude that the other two justices ruling in favor of Hiibel were Republicans.
Maybe this shows that Republican presidents appointed fair and balanced judges.
Or maybe it shows that over 70% of the republicans on the supreme court want to see the country become a police state.
That could be, but this post gets a very high TrollAssassin score from me. It's not that everyone should be an expert in everything, far from it. It's just that this post fits the troll profile a little too well. Let's do some analysis shall we?
First, we must keep in mind the motivation of the troll. The troll's mecca is getting people in a dicussion to waste their time by posting an insincere dumb statement/question that is sure to elicit heavy response. Let's break the message down:
I run a Win2K DNS server on base for our primary.
Right off the bat here are three things likely to set slashdotters off. #1, he's using a windows box. #2, he's using it for a military installation. #3, he's telling us about it. The first sentence alone is enough to condemn this post to trollhood.
With IPsec policy and Router ACLs the box is very stable and robust.
First off, this is not the language of someone who works in IT operations. Second, one wold hope that a server on a military installation is protected by more than a weak host-based firewall and some router ACL's. And again, these are not things that someone in a military IT group should be posting about.
I am kind of wondering why people have such problems with DNS. I am sure A linux DNS box would work superb too but I dont know. Anyone clue me in?
Here's the incriminating evidence. With a line like this, the only way this post could be more of a troll is if it guarded a bridge and demanded a toll of those who crossed it. Note the feigned cluelessness, wondering "why people have such problems with DNS". Dude, you can't work for a year in IT and not run into DNS problems somewhere along the line. Then there's the schmoozing: not even the most evangelical linux zealouts would use the word "superb" in this context. And note the final plea for dialogue: "Can anybody clue me in?" This is someone fishing for replies/controversy, and maybe even a little karma. Everyone who replies to this post (including myself, though I'm replying for my own enjoyment as well) has a great big fish hook in his/her mouth; we got caught, hook line and sinker.
Merits? The guy is proposing a system for conducting conference calls through firewalls by hijacking DNS servers, and you can use the term "merits"?
What you're overlooking is, if Dan could have these ideas, so could someone else. By sharing his ideas publically, he's giving whitehats and blackhats a level playing field.
Consider also, many common auditing tools were once considered blackhat programs. For example, If Mr. Kaminsky had written scanrand in the late 90's / early 2000's, back when port scanning was considered an invasive hacking activity by most, it would have gotten the same treatment. Personally, I think we should thank him for sharing his ideas instead of using them against us.
I'd discuss the paper, but it's in a format I can't view.
Since you apparently lack the bare minimum of resourcefulness necessary to read the file, I'm sure it's our loss that you can't participate in the conversation.
After taking a look at Paketto back when he wrote it up, and now taking a look at his work here, I think I've figured out his MO:
1. Surround self with RFC's for core internet protocols. 2. Ingest large quantities of something very hallucinogenic, yet not very legal. 3. Give the RFC's the Fruit Fucker 2000 "rode hard and put back wet" treatment. 4. Put together a group of proof-of-concept tools that make intelligent people who have worked in networking for years say "Shit, just when I thought I knew this stuff!" Oh, and profit.
If your mail server is running a Linux OS, or if you have the ability to deploy client side rules across your network, I can hook you up. I do this server side, but you could also do it client side. Blocking all.zip files is guaranteed to make you an unpopular guy. I'm guessing your primary reason for blocking them is the Netsky, Bagel, and Mydoom virii. Even if you run antivirus software on your mail server (which hopefully you are) these buggers get new strains out before the AV vendors can get dats/sigs out. After two zero day infections (the first mydoom and netsky.p are the two I got burned on) I said fsck this and put together a system of blocking all.zip attachments below a certain size.
Think about it, a legitimate zip file is going to be either one big ass file or several small files. To the best of my knowedge, the largest mass mailing virus/worm (the definition gets fuzzy here) that used.zips as a means of ifection had a payload of 60 KB. So I picked a comfortable size and instructed our help desk that any tickets involving lost email with zip attachments should be sent my way. I did that 3 or 4 months ago and haven't heard a complaint yet.
If you have a linux mail server in your environment, I can post the script I run if you want, just lemme know. Sorry for the long post, but I was in the same situation you're in not too long ago and I know it sucks ass. Since I put that script on our external servers, that plus blocking the usual suspect attachment types has made it so that email-borne virii are an afterthought. We still update the AV signatures on our mail servers as well, but the content filters are what really pull the weight. Lemme know if you (or anyone else) want me to post that script. I wrote it for use on a postfix server, but it could probably be adapted for something else.
For those of you keeping track, all 5 supreme court justicies who ruled against Mr. Hiibel (ie, in favor of the state law requiring citizens to identify themselves) were Republicans, nominated by Republican presidents. Both of the Democrats on the Supreme Court were among the minority who ruled in favor of Mr. Hiibel. Election time's coming soon kids!
I have always been under the impression that I could not be compelled to answer an officer's questions without my lawyer present. Why should asking for my name be any different? Can I get in trouble for providing an alias?
No, that is just not correct. The court held that police, based on reasonable suspicion that a person is involved in criminal activity can compel him to identify themself.
And of course we can always trust the police to only hara-- er, I mean, request the identification of, someone if there is reasonable suspicion.
This ruling doesn't change the fact that police just can't ask to for your name for no reason at all.
If law enforcement could be trusted to always do the Right Thing (TM) then there would be no laws or Constitution limiting the things they can do; there'd be no need. Here's some allegorical evidence, for what it's worth. A couple years ago a man in the area (SW Florida) called 911 because his neighbor across the street was beating his wife. He then walked down the street to meet the police when they arrived; he didn't want his neighbor knowing who it was that called the cops. The officer on the scene saw the caller walking down the sidewalk and questioned him. The caller, frantically trying to get the cop to go down the street to rescue the woman, was handcuffed and put in the back of the cruiser while the pig called for backup, which arrived over an hour later. So because law enforcement can always be trusted to make good judgement calls, a woman had the shit beaten out of her for an hour while a cop sat on his ass a block down the road. Yah, I feel really good about trusting a police officer's interpretation of suspicious behavior.
For added hilarity, the majority of the SC who ruled against Mr. Hiibel also indicated that you don't necessarily have to provide identification documents, just your name:
In upholding his conviction and the mandatory identity-disclosure law, the majority justices also said the law only requires that a suspect disclose his or her name, rather than requiring production of a driver's license or other document.
Myself, I expect the DHS' terrorist databases to look like Christmas trees when they pull the files on Mike Hunt, Heywood Jablowme, Amanda Hugginkiss, and Servuss M'Bawlz.
Yup, the dreaded.etc trojans. Nasty little buggers.
Actually, I've found that mail fitering works better when the burden is placed on the sender of the email. I use a notification email that explains why the mail was blocked, and instructs the sender to reply to that email if it's legitimate, and that reply goes straight to me, where I can retrieve the mail and send it on. If on the other hand a notification goes to the user, then the next time there's a zero day netsky, bagel, or mydoom worm out there I'll be fielding 6 metric shitloads of mail from users who "just want to see what it is".
Slashdot Mirror
Piro: "I see the RAID controller got 'the screwdriver'."
Largo: "It was not l33t. It deserved d34th."
In my experience, anyone who categorizes himself as a luser by definition is not one.
These guys are fucktards. If they're lucky, they won't be labeled terrorists and shipped off to federal-pound-me-in-the-ass prison. The current political climate is not one where you can do a pen test without VP or CIO approval and not expect to get the book thrown at you. If you're going to be a whistelblower, the way to do it is via an anonymous letter to the IT dept, then work your way up if they don't fix the problem.
Wow, current stats for the parent post are 30% Funny, 40% Flamebait, and 30% Troll. I'm guessing either I pissed someone off or some mods are completely devoid of humor today. GO ahead guys, I've got karma to burn...
So you're telling me you think that post is genuine, and not someone trolling? OR are you subscribing to antigroupthink and posting against it without a second thought?
Speaking as one who just got an Xbox, it'll pretty much suck to have to upgrade and lose the backwards compatibility. I'm wondering if this is something deliberate to keep us from modding the old Xboxes and turning them into linux servers when the new hotness comes out.
OK no prob. Someone could get around the small payload test pretty easily, you're right, but if they did then the worm would spread that much slower. Since the kiddies are looking for maximum number of zombieboxen in minimum amount of time, I'm thinking it will be a while before they try that. And if they do, AV dats should be available before it spreads to far. Cheers!
First, we must keep in mind the motivation of the troll. The troll's mecca is getting people in a dicussion to waste their time by posting an insincere dumb statement/question that is sure to elicit heavy response. Let's break the message down: Right off the bat here are three things likely to set slashdotters off. #1, he's using a windows box. #2, he's using it for a military installation. #3, he's telling us about it. The first sentence alone is enough to condemn this post to trollhood. First off, this is not the language of someone who works in IT operations. Second, one wold hope that a server on a military installation is protected by more than a weak host-based firewall and some router ACL's. And again, these are not things that someone in a military IT group should be posting about. Here's the incriminating evidence. With a line like this, the only way this post could be more of a troll is if it guarded a bridge and demanded a toll of those who crossed it. Note the feigned cluelessness, wondering "why people have such problems with DNS". Dude, you can't work for a year in IT and not run into DNS problems somewhere along the line. Then there's the schmoozing: not even the most evangelical linux zealouts would use the word "superb" in this context. And note the final plea for dialogue: "Can anybody clue me in?" This is someone fishing for replies/controversy, and maybe even a little karma. Everyone who replies to this post (including myself, though I'm replying for my own enjoyment as well) has a great big fish hook in his/her mouth; we got caught, hook line and sinker.
Consider also, many common auditing tools were once considered blackhat programs. For example, If Mr. Kaminsky had written scanrand in the late 90's / early 2000's, back when port scanning was considered an invasive hacking activity by most, it would have gotten the same treatment. Personally, I think we should thank him for sharing his ideas instead of using them against us.
If you haven't checked it out already, Linux Server Hacks also has some fun things you can do with SSH tunnelling, backups over SSH, and X over SSH.
After taking a look at Paketto back when he wrote it up, and now taking a look at his work here, I think I've figured out his MO:
1. Surround self with RFC's for core internet protocols.
2. Ingest large quantities of something very hallucinogenic, yet not very legal.
3. Give the RFC's the Fruit Fucker 2000 "rode hard and put back wet" treatment.
4. Put together a group of proof-of-concept tools that make intelligent people who have worked in networking for years say "Shit, just when I thought I knew this stuff!" Oh, and profit.
If your mail server is running a Linux OS, or if you have the ability to deploy client side rules across your network, I can hook you up. I do this server side, but you could also do it client side. Blocking all .zip files is guaranteed to make you an unpopular guy. I'm guessing your primary reason for blocking them is the Netsky, Bagel, and Mydoom virii. Even if you run antivirus software on your mail server (which hopefully you are) these buggers get new strains out before the AV vendors can get dats/sigs out. After two zero day infections (the first mydoom and netsky.p are the two I got burned on) I said fsck this and put together a system of blocking all .zip attachments below a certain size.
.zips as a means of ifection had a payload of 60 KB. So I picked a comfortable size and instructed our help desk that any tickets involving lost email with zip attachments should be sent my way. I did that 3 or 4 months ago and haven't heard a complaint yet.
Think about it, a legitimate zip file is going to be either one big ass file or several small files. To the best of my knowedge, the largest mass mailing virus/worm (the definition gets fuzzy here) that used
If you have a linux mail server in your environment, I can post the script I run if you want, just lemme know. Sorry for the long post, but I was in the same situation you're in not too long ago and I know it sucks ass. Since I put that script on our external servers, that plus blocking the usual suspect attachment types has made it so that email-borne virii are an afterthought. We still update the AV signatures on our mail servers as well, but the content filters are what really pull the weight. Lemme know if you (or anyone else) want me to post that script. I wrote it for use on a postfix server, but it could probably be adapted for something else.
For those of you keeping track, all 5 supreme court justicies who ruled against Mr. Hiibel (ie, in favor of the state law requiring citizens to identify themselves) were Republicans, nominated by Republican presidents. Both of the Democrats on the Supreme Court were among the minority who ruled in favor of Mr. Hiibel. Election time's coming soon kids!
Yup, the dreaded .etc trojans. Nasty little buggers.
Actually, I've found that mail fitering works better when the burden is placed on the sender of the email. I use a notification email that explains why the mail was blocked, and instructs the sender to reply to that email if it's legitimate, and that reply goes straight to me, where I can retrieve the mail and send it on. If on the other hand a notification goes to the user, then the next time there's a zero day netsky, bagel, or mydoom worm out there I'll be fielding 6 metric shitloads of mail from users who "just want to see what it is".