Here's a real one that defeated a modern multi-path network not so long ago, constructed with WAN paths over some antiquated link encryptors. it seems that there was an undocumented (at least to the end user) "drop all keys" bit sequence. Now being a link encryptor this was parsed for within the flowing data stream, now one day an unassuming jpeg file attached to an email just by absolute chance (the bit sequence didn't have a lot of entropy to it) contained this bit-sequence, - instant denial of service attack as each link dropped, network re-converged and the still extant tcp connection between mail servers resent the offending packet until the site in question had completely isolated itself from the network.
(that was a real doozer to figure out what had happened!)
Replying to myself, as I forgot my login details briefly.
Sky tv set top box crashed precisely at midnight (was sadly watching the newyears TV stuff. Had to switch over to the old fashioned arial to watch the london fireworks. Did this happen to anyone else (thinking unlikely to find many people willing to admit watching the newyear on tv!)
(personal excuse is having a young child!)
Its probably the different pots of money question.
on
Antique Voyager Technology
·
· Score: 2, Insightful
In (my experience of) public finances, an expenditure to re implement a protocol would be a capital expense, bring on "careful" scrutiny of the whole programme, and risk all these scientists jobs etc. (with no guarantee of getting the cash) and given that the question being answered is more than an entire career in the making (wall clock wise).........
A maintaince bill for existing equipment gets paid (almost) no questions asked.......
I've got a DVB-C card working with myth-tv it does the trick for _unencrypted_ content very nicely (on uk cable networks that appears to be BBC1 BBC2 ITV and C4 (but not 5) there is is a seedy underground of "softcam" support for decrypting the other stuff.... but I havent looked at that. (mythTV wont let the project go anywhere near that stuff)
Well, here in the uk we have a website called: http://www.theyworkforyou.com/ which allows you to track everything your member of parliment says, havent been subscribed for long, but I have to say it is a nice change from the mass media rhetoric.
Incase anyone read my previous comment you may wish to look at this:/etc/shadow file for 3 user accounts fred,jane,john all having password abc123 set.
fred:$1$IWCWzozx$MdJcLJ.RTg5tZXJlLHiH71:12827:0:99 999:7:::
jane:$1$P0EOTtBA$1LP2mfJw9IxX6OKlIuJ12/:12827:0:99 999:7:::
john:$1$7CAXAlzP$n.BEUaIRqAMbUhU6ShSqN/:12827:0:99 999:7:::
A dump of a similar set of 3 users from a windows XP box: (used utility pwdump2.exe)
fred:1006:78bccaee08c90e29aad3b435b51404ee:f9e37e8 3b83c47a93c2f09f66408631b:::
jane:1007:78bccaee08c90e29aad3b435b51404ee:f9e37e8 3b83c47a93c2f09f66408631b:::
john:1008:78bccaee08c90e29aad3b435b51404ee:f9e37e8 3b83c47a93c2f09f66408631b:::
note all 3 store 2 hashed passwords (the first being the weak LM variety) and MS only uses one hash.
Microsoft password hash tables are WEAK why??
2 reasons, firstly, they use one salt only for all password hashing
i.e. password FRED123 will hash to AAAFda3
EVERY time, where as with Linux there are (Dependent on algorithm used) there are 4096 different hashes that could result, now your precomputed table has to be 4096 times the size.
Secondly the microsoft hash table stores 2 versions of your password. 1 the normally hashed relativly safe version and 2 a truncated to 8 characters in 2 4 character block _UPPER_ _CASED_ LM hash for "backward compatability".
This second hash is not only easy to precompute, (reduced character set 4 character passwords, single salt) it gives a great stepping stone to the main password!
Hmm well how HIGH end do you want Linux to be?
256 and even 512 way penguin boxes are coming out of SGI.
http://www.sgi.com/newsroom/press_releases/2004/ju ne/altix.html
http://www.sgi.com/newsroom/press_releases/2004/ma rch/large_scale.html
Just checked my router: 1.715 fixes the superman (what is it now??) 1.714 appears to have changed super >superman (I can confirm the superman account worked:( 1.5?? had the "super" account vulnerability. again I did confirm that this firmware had this backdoor.
Netgear have now removed the 1.714/1.5?? firmwares from the site.
My home network has a wireless point that is provided by this very router, I checked, and the backdoor worked.:(
The updated firmware available on netgears site fixed this:)
I used to really like netgear stuff, now less so!
Thanks for bringing this to my attention slashdot!
One of the sites at my company swears by using tac mats at the entrance of their computer rooms, keeps dust way down, (a tac mat is a floor mat with layers of slightly sticky plastic that can be peeled off when the stickyness is gone.
Slashdot Mirror
Here's a real one that defeated a modern multi-path network not so long ago, constructed with WAN paths over some antiquated link encryptors. it seems that there was an undocumented (at least to the end user) "drop all keys" bit sequence. Now being a link encryptor this was parsed for within the flowing data stream, now one day an unassuming jpeg file attached to an email just by absolute chance (the bit sequence didn't have a lot of entropy to it) contained this bit-sequence, - instant denial of service attack as each link dropped, network re-converged and the still extant tcp connection between mail servers resent the offending packet until the site in question had completely isolated itself from the network. (that was a real doozer to figure out what had happened!)
This Dilbert came to mind...... http://dilbert.com/fast/2011-09-16/
Replying to myself, as I forgot my login details briefly. Sky tv set top box crashed precisely at midnight (was sadly watching the newyears TV stuff. Had to switch over to the old fashioned arial to watch the london fireworks. Did this happen to anyone else (thinking unlikely to find many people willing to admit watching the newyear on tv!) (personal excuse is having a young child!)
In (my experience of) public finances, an expenditure to re implement a protocol would be a capital expense, bring on "careful" scrutiny of the whole programme, and risk all these scientists jobs etc. (with no guarantee of getting the cash) and given that the question being answered is more than an entire career in the making (wall clock wise)......... A maintaince bill for existing equipment gets paid (almost) no questions asked.......
Slight adjustment to your formula: ProfitA = $MEDIA_INCOME - DRM R&D - DRM content - lawsuits - alienated customers - recalls (i.e. rootkit) - piracy loss ProfitB = $MEDIA_INCOME - piracy loss Kinda makes it clearer :-)
So, is that the Empires finest or those deadly Bangkok Chickboys? *confused*
I've got a DVB-C card working with myth-tv it does the trick for _unencrypted_ content very nicely (on uk cable networks that appears to be BBC1 BBC2 ITV and C4 (but not 5) there is is a seedy underground of "softcam" support for decrypting the other stuff.... but I havent looked at that. (mythTV wont let the project go anywhere near that stuff)
How about a freedom of information request to release the details/specification of the API?
Can I ask what it is you are doing that needs 15-25 racks of servers at a time??
No No No, Left is Right and Right is Wrong!
Well, here in the uk we have a website called: http://www.theyworkforyou.com/ which allows you to track everything your member of parliment says, havent been subscribed for long, but I have to say it is a nice change from the mass media rhetoric.
you can use samba 3 to join an active directory in full native mode (no schema extensions, no mixed mode) we have completed this on Solaris and Linux.
Incase anyone read my previous comment you may wish to look at this: /etc/shadow file for 3 user accounts fred,jane,john all having password abc123 set.
fred:$1$IWCWzozx$MdJcLJ.RTg5tZXJlLHiH71:12827:0:99 999:7:::
jane:$1$P0EOTtBA$1LP2mfJw9IxX6OKlIuJ12/:12827:0:99 999:7:::
john:$1$7CAXAlzP$n.BEUaIRqAMbUhU6ShSqN/:12827:0:99 999:7:::
A dump of a similar set of 3 users from a windows XP box: (used utility pwdump2.exe)
fred:1006:78bccaee08c90e29aad3b435b51404ee:f9e37e8 3b83c47a93c2f09f66408631b:::
jane:1007:78bccaee08c90e29aad3b435b51404ee:f9e37e8 3b83c47a93c2f09f66408631b:::
john:1008:78bccaee08c90e29aad3b435b51404ee:f9e37e8 3b83c47a93c2f09f66408631b:::
note all 3 store 2 hashed passwords (the first being the weak LM variety) and MS only uses one hash.
Microsoft password hash tables are WEAK why?? 2 reasons, firstly, they use one salt only for all password hashing i.e. password FRED123 will hash to AAAFda3 EVERY time, where as with Linux there are (Dependent on algorithm used) there are 4096 different hashes that could result, now your precomputed table has to be 4096 times the size. Secondly the microsoft hash table stores 2 versions of your password. 1 the normally hashed relativly safe version and 2 a truncated to 8 characters in 2 4 character block _UPPER_ _CASED_ LM hash for "backward compatability". This second hash is not only easy to precompute, (reduced character set 4 character passwords, single salt) it gives a great stepping stone to the main password!
"if you build deliberately crippled tooks" I will charge you with halfling cruelty!
Hmm well how HIGH end do you want Linux to be? 256 and even 512 way penguin boxes are coming out of SGI. http://www.sgi.com/newsroom/press_releases/2004/ju ne/altix.html
http://www.sgi.com/newsroom/press_releases/2004/ma rch/large_scale.html
Just checked my router: :(
1.715 fixes the superman (what is it now??)
1.714 appears to have changed super >superman (I can confirm the superman account worked
1.5?? had the "super" account vulnerability. again I did confirm that this firmware had this backdoor.
Netgear have now removed the 1.714/1.5?? firmwares from the site.
I only hope that they have actually fixed this!!
My home network has a wireless point that is provided by this very router, I checked, and the backdoor worked. :(
The updated firmware available on netgears site fixed this :)
I used to really like netgear stuff, now less so!
Thanks for bringing this to my attention slashdot!
One of the sites at my company swears by using tac mats at the entrance of their computer rooms, keeps dust way down, (a tac mat is a floor mat with layers of slightly sticky plastic that can be peeled off when the stickyness is gone.