So what? There have been Wireless-N products out now for quite a long time. Who gives a flippin' **** about the official approval of the format? It's not like the manufacturers will go back and update the firmware on the older devices. They'll just put out new products, brand them as "Official Wireless-N", and drop support for older equipment which may or not work as well.
One of the requirements to have a pre-n modem branded as 'pre-n' since 2007 is that the firmware would be upgradable to the official N standard when drafted. If anything, this will allow a vendor to release the final firmware upgrade for older devices branded on or around 2007, and get on with life.
We should see at least one more update for older devices.
Who the fuck though it would be a good idea to automatically execute the content of a message you have no control over whatsoever?
I would guess that this has more to do with the push features of the phone, including the new 'remote wipe' or 'find my phone' features if you happen to be using MobileMe. I would venture to guess the same functionality was provided to developers of any push application to execute commands for an applicable application.
I would venture to guess that the reason for this would be that SMS messages do not have any code signing, and in order to implement would have pushed out the deadline for Push based responses even further. Apple screwed the pooch by taking the path of least resistance, and gambled that this vulnerability wouldn't have been found for a good time (maybe iPhone OS 4.0).
You know, I wish most hiring managers were like you say you are. First off, You have to ask yourself why books like this make so much money... it's because frankly, at least in my experience, education and experience means diddly.
I don't want to toot anysort of horn, but there are plenty of jobs out there (IT and otherwise) that don't go to the most qualified, but oftentimes to the person who 'knows someone' or can otherwise BS theirselves into a position. I myself have plenty of education, certifications, and what I feel like a great amount of experience with Windows, Linux, networking, and even a bit of Perl/C++ programming... I'm not saying that I'm better than 'the best', but I'm quite sure that I could beat out plenty of people in their current job roles. I'm personable and have wonderful references... However, when I go out and try to find SysAdmin jobs... I continually get statements like "You would be perfect for this job, but ".
Books like this help job applicants like myself at least attempt to say the right things to the HR dept. who oftentimes doesn't know the proper placement of the "any" key.
That being said... I'm employed now, but references are avaliable upon request... I'm always looking for a new challenge.
I can't see why it wouldn't except in certain exceptions.
Imagaine doing some heavy-duty download/upload (i.e. BitTorrent) and saturating your link with TCP requests and actual data.
My experience with this scenario is the line will quickly start spotting out, similar to a digital cell phone in a bad area, and I could not see a modem handshake holding through that.
Other scenario is the quality of the connection. Currently my VOIP connection is set to run at ~96Kb/sec, however if Joe Shmoe has a bad broadband line (768/386 or less), the quality will need to be less, and you'll use a higher compression ratio, and a lot of the high and low tones that humans may not care too much about, but modems are very particular with, may be dropped and/or misintrepreted.
There have been good reports, but again it's going to dependant on your bandwidth + what you're doing at the time.
But twenty years ago... how much bandwidth was avaliable to the general public?
I'll be glad to stick a PII 350 running a barebones *NIX webserver with Java any day, but only if my pipe is any less than a OC-1.
Let's just think about how many people would be required to flood such a link.....
I'll be generous here, and say that most people using broadband have about a 2Mbps connection. A normal sized webpage usually runs about 30-75kb (including advertising and thumbnails).
The page is probably cached in RAM, so I'm ignoring hard drive bottlenecks. Even at 75kbs, a 2Mbps connection can pull that page in about 3.5 seconds. Thanks to the checks and balances of TCP, an ACK packet must be resent back to the server. (This is not a knock, just a comment). Going back to the example: An OC-1 connection is quickly flooded by 26 people connecting at the same time. I'm pretty sure this happens! 3.5 seconds later... everybody has their webpage.
Now in the real world, anywhere between 3k and 5k connect to a slashdot page at any given time. Granted, not all 5k connect at the same time, but I would venture to say that about 300 people connect in the same 3 second window. That right there is about 600Mbps downspeed. Keep that flood going, and you'll be lucky if the first 50 people get their ACK packets back to the server to keep feeding them data.
Is TCP poorly designed. Largely, no. Possible solutions: UDP! Someone come up with a UDP standard for page viewing. Is this going to happen in the real world? No... probably not. I would hate to see some website improperly read because a packet didn't reach the destination and so there are holes in the transmission. How about smaller webpages? Five years ago... pages were not nearly as graphic heavy as they are now. Is it required? No. Will it go away. No.
Simple answer: Slashdot should have a rotation script that displays the link on a series of user accounts after a time period. Why not? They do it with paid users... why not just implement it into a time script. Would this take more processing power from Slashdot... you bet it would, but how much more? Think about how many websites might actually be able to be read by users...
Wait... do Slashdot users actually RFA?
Slashdot is a central hub for DDoS attacks. Forget Zombie networks.... post that page on Slashdot... and it's going down.
Unless you are doing some POSTROUTING with your firewall, an ISP could determine how many computers you had behind your firewall easily by examining packets and analyzing the TTL flag. This flag is different depending on a whole plethora of circumstances your computer/network is under.
Oh yeah!? My 10 OC'ed Athlon 64 2800+ Beowulf Cluster running at 2.4ghz each, for a total of a billion bogomips can compile a full stage 1 Gentoo install in under two days!
The sad thing is that end the end, whatever the outcome, the consumer will still lose.
View one of two scenarios.
1) CSIRO wins, raises prices on chips to compensate for court costs. The big companies raise prices to compensate thier loss. Bottom line: Increased prices for wireless communications.
2) Big American companies win. CSIRO releases all rights on patents, companies no longer pay licensing fee, and pocket the $$. The nature of capitolism says to suck out as much income from a techology before innovating. Bottom line: Feeding the big companies who continue to bully other companies until an even bigger monopoly exists, while stifiling the advancement.
Rest assured, either way, the consumer loses. How is this a vote of confidence for these companies? Furthermore, if scenario 2 becomes reality, the companies that are rallying together to break this up will soon be squabbling over this or that... and the smaller players will be eaten by the bigger ones.
Either way.... this is a lose-lose situation.
Re:Isn't this technically illegal?
on
Hack IIS6 Contest
·
· Score: 1
How can it be illegal? In this case, Roger Grimes doesn't own the webserver, but in fact it's run and operated by Windows IT Pro Magazine,
Using 0 day old cached answer (or, you can get fresh results). Hiding E-mail address (you can get results with the E-mail address).
Registrant:
Penton IT Media Group
221 E. 29th Street
Loveland, CO 80538
US
Domain name: HACKIIS6.COM
Administrative Contact:
Phelps, Chad *******@windowsitpro.com
221 E. 29th Street
Loveland, CO 80538
US
+01.9702032960 Fax: =01.9706672321
Technical Contact:
Phelps, Chad *******@windowsitpro.com
221 E. 29th Street
Loveland, CO 80538
US
+01.9702032960 Fax: =01.9706672321
Registration Service Provider:
WSM Domains retail - 24/7 Support 1-800-455-1795, *************@wsmdomains.com
781-478-1673
509-479-0275 (fax) https://www.wsmdomains.com/help/support.html
Register your domain today! www.wsmdomains.com
Full DNS management - Free URL forwarding
Registrar of Record: TUCOWS, INC.
Record last updated on 13-Apr-2005.
Record expires on 20-Jan-2007.
Record created on 20-Jan-2005.
I think that by stating this, it's okay. A verbal contract of sorts. If you feel uneasy about it, then snapshot the webpage before you start hacking! I bet it'll hold up in court, especially since Windows IT Pro has been hyping it for quite a bit now.
Re:But is it the default config...
on
Hack IIS6 Contest
·
· Score: 1
No, it's not a default install. I think the goal here is to say by following Microsoft's Set Guidelines to secure IIS, then it should be unhackable, short of some 0day that I don't see any major hacker unveiling for this.
This server is running Windows Server 2003, Service Pack1, with all current publicly released patches and hotfixes installed (we ran Windows Update and MBSA just like you would do). We installed IIS 6.0, and then we followed Microsoft's basic recommendations (http://www.microsoft.com/technet/security/prodtec h/IIS.mspx). I added a few tweaks here and there to put my personal mark on the site, but nothing extraordinary.
We want this contest to test Microsoft software, and so the only third-party software we used is the host's router/firewall, which would be normal in most environments.
I have been discussing this topic with a couple collegues, and the last time we recalled the SANS security level raised to Yellow was right before each major worm release... i.e.: Blaster, Sasser Worm, etc...
Another thought would be to disable DNS Forwarding services. I understand the purpose of DNS is to distribute the service and pull resources off of the root servers, but if DNS servers are getting spoofed packets after querying the root DNS servers, then I think there is an even bigger problem that needs to be addressed.
Slashdot Mirror
So what? There have been Wireless-N products out now for quite a long time. Who gives a flippin' **** about the official approval of the format? It's not like the manufacturers will go back and update the firmware on the older devices. They'll just put out new products, brand them as "Official Wireless-N", and drop support for older equipment which may or not work as well.
One of the requirements to have a pre-n modem branded as 'pre-n' since 2007 is that the firmware would be upgradable to the official N standard when drafted. If anything, this will allow a vendor to release the final firmware upgrade for older devices branded on or around 2007, and get on with life.
We should see at least one more update for older devices.
Who the fuck though it would be a good idea to automatically execute the content of a message you have no control over whatsoever?
I would guess that this has more to do with the push features of the phone, including the new 'remote wipe' or 'find my phone' features if you happen to be using MobileMe. I would venture to guess the same functionality was provided to developers of any push application to execute commands for an applicable application.
I would venture to guess that the reason for this would be that SMS messages do not have any code signing, and in order to implement would have pushed out the deadline for Push based responses even further. Apple screwed the pooch by taking the path of least resistance, and gambled that this vulnerability wouldn't have been found for a good time (maybe iPhone OS 4.0).
Pure speculation on my part, but my $0.02.
You know, I wish most hiring managers were like you say you are. First off, You have to ask yourself why books like this make so much money... it's because frankly, at least in my experience, education and experience means diddly.
I don't want to toot anysort of horn, but there are plenty of jobs out there (IT and otherwise) that don't go to the most qualified, but oftentimes to the person who 'knows someone' or can otherwise BS theirselves into a position. I myself have plenty of education, certifications, and what I feel like a great amount of experience with Windows, Linux, networking, and even a bit of Perl/C++ programming... I'm not saying that I'm better than 'the best', but I'm quite sure that I could beat out plenty of people in their current job roles. I'm personable and have wonderful references... However, when I go out and try to find SysAdmin jobs... I continually get statements like "You would be perfect for this job, but ".
Books like this help job applicants like myself at least attempt to say the right things to the HR dept. who oftentimes doesn't know the proper placement of the "any" key.
That being said... I'm employed now, but references are avaliable upon request... I'm always looking for a new challenge.
I can't see why it wouldn't except in certain exceptions.
Imagaine doing some heavy-duty download/upload (i.e. BitTorrent) and saturating your link with TCP requests and actual data.
My experience with this scenario is the line will quickly start spotting out, similar to a digital cell phone in a bad area, and I could not see a modem handshake holding through that.
Other scenario is the quality of the connection. Currently my VOIP connection is set to run at ~96Kb/sec, however if Joe Shmoe has a bad broadband line (768/386 or less), the quality will need to be less, and you'll use a higher compression ratio, and a lot of the high and low tones that humans may not care too much about, but modems are very particular with, may be dropped and/or misintrepreted.
There have been good reports, but again it's going to dependant on your bandwidth + what you're doing at the time.
I would believe it...
P2P technology is all the rage right now, and if this takes off, then even with a 30m radius, you should be able to piggyback transmissions.
With this train of thought: Big metros will love this... open plains in Kansas won't...
But isn't this how most technology works out?
I agree with the above statement,
But twenty years ago... how much bandwidth was avaliable to the general public?
I'll be glad to stick a PII 350 running a barebones *NIX webserver with Java any day, but only if my pipe is any less than a OC-1.
Let's just think about how many people would be required to flood such a link.....
I'll be generous here, and say that most people using broadband have about a 2Mbps connection. A normal sized webpage usually runs about 30-75kb (including advertising and thumbnails).
The page is probably cached in RAM, so I'm ignoring hard drive bottlenecks. Even at 75kbs, a 2Mbps connection can pull that page in about 3.5 seconds. Thanks to the checks and balances of TCP, an ACK packet must be resent back to the server. (This is not a knock, just a comment). Going back to the example: An OC-1 connection is quickly flooded by 26 people connecting at the same time. I'm pretty sure this happens! 3.5 seconds later... everybody has their webpage.
Now in the real world, anywhere between 3k and 5k connect to a slashdot page at any given time. Granted, not all 5k connect at the same time, but I would venture to say that about 300 people connect in the same 3 second window. That right there is about 600Mbps downspeed. Keep that flood going, and you'll be lucky if the first 50 people get their ACK packets back to the server to keep feeding them data.
Is TCP poorly designed. Largely, no. Possible solutions: UDP! Someone come up with a UDP standard for page viewing. Is this going to happen in the real world? No... probably not. I would hate to see some website improperly read because a packet didn't reach the destination and so there are holes in the transmission. How about smaller webpages? Five years ago... pages were not nearly as graphic heavy as they are now. Is it required? No. Will it go away. No.
Simple answer: Slashdot should have a rotation script that displays the link on a series of user accounts after a time period. Why not? They do it with paid users... why not just implement it into a time script. Would this take more processing power from Slashdot... you bet it would, but how much more? Think about how many websites might actually be able to be read by users...
Wait... do Slashdot users actually RFA?
Slashdot is a central hub for DDoS attacks. Forget Zombie networks.... post that page on Slashdot... and it's going down.
Just food for thought.
Unless you are doing some POSTROUTING with your firewall, an ISP could determine how many computers you had behind your firewall easily by examining packets and analyzing the TTL flag. This flag is different depending on a whole plethora of circumstances your computer/network is under.
Oh yeah!? My 10 OC'ed Athlon 64 2800+ Beowulf Cluster running at 2.4ghz each, for a total of a billion bogomips can compile a full stage 1 Gentoo install in under two days!
Beat that!!!
The sad thing is that end the end, whatever the outcome, the consumer will still lose.
View one of two scenarios.
1) CSIRO wins, raises prices on chips to compensate for court costs. The big companies raise prices to compensate thier loss. Bottom line: Increased prices for wireless communications.
2) Big American companies win. CSIRO releases all rights on patents, companies no longer pay licensing fee, and pocket the $$. The nature of capitolism says to suck out as much income from a techology before innovating. Bottom line: Feeding the big companies who continue to bully other companies until an even bigger monopoly exists, while stifiling the advancement.
Rest assured, either way, the consumer loses. How is this a vote of confidence for these companies?
Furthermore, if scenario 2 becomes reality, the companies that are rallying together to break this up will soon be squabbling over this or that... and the smaller players will be eaten by the bigger ones.
Either way.... this is a lose-lose situation.
I think that by stating this, it's okay. A verbal contract of sorts. If you feel uneasy about it, then snapshot the webpage before you start hacking! I bet it'll hold up in court, especially since Windows IT Pro has been hyping it for quite a bit now.
Check out Boba Fett's Weblog!
http://bfett.blogspot.com/
I have been discussing this topic with a couple collegues, and the last time we recalled the SANS security level raised to Yellow was right before each major worm release... i.e.: Blaster, Sasser Worm, etc...
http://isc.sans.org/infocon.php
Just food for thought.
Another thought would be to disable DNS Forwarding services. I understand the purpose of DNS is to distribute the service and pull resources off of the root servers, but if DNS servers are getting spoofed packets after querying the root DNS servers, then I think there is an even bigger problem that needs to be addressed.