Even worse, take the hashed PW, run it through the site, and if it DOESN'T return the password, you've already eliminated a large chunk of possibilities from your (next step) brute force attack.
Now, admittedly, it would still take ungodly long time to crack all the next possibilities, but it does save SOME time.
This also makes one wonder if the next generation of password cracking is to distribute the terrabytes of pre-digested passwords across multiple systems so that you have the "numbers only" database, the "upper and lower case letters" database, etc; let multiple crackers/hackers share their efforts in a similar way.
Or... err... maybe I shouldn't have suggested that in a public forum. 8D
Interesting idea...except you have to pay (as a broadcaster) for each and every "listener" you're reaching. It was some tax, or some such... it was a big hullabaloo months ago because it was shutting down Internet Radio "broadcasters." (I have no links, so... take it with a grain of salt).
Obviously you missed the tongue-n-cheek humor there.
But, let's address your concerns about "rights" and the "normal user."
When I think of a "normal user," I think of "Mom." Mom doesn't know how the internet works, really. She doesn't know about PHP, Java, Databases, TCP/IP or much anything else.
What Mom knows is that if she clicks on links or searches on google, she can find products and information she's interested in.
But, let's keep it strictly to products/services (as these would be websites where someone is likely to give financial data, like a credit card).
I can say that Mom's fall into one of two (albeit very broad) categories:
1) Scared to death to buy anything over the internet because they don't trust it.
or 2) What do I know or care... I can complete my lace placemat collection online and they'll even ship it to my house!
What isn't addressed in your little rant is where Mom is going to do background checks on sites she visits to see if they're "running secure, non-backdoored" software. She isn't going to search for such a list of sites. She isn't going to know to look for sites she's already visited to see if they're vulnerable for exploit. She's just going to "use her internet" and do (or not do) whatever she wants.
To me, that's the average, normal user.
NOW, you take that list you think is a good idea to print and put it on a website, I'll tell you who IS going to find it: those a-holes who ARE looking to exploit weaknesses. They're running their scanners... googling for sites that might be running XYZ software, etc. You think that makes the internet safer for the normal user? Or, does it just make it easier to exploit for the a-hole?
I suppose you're a fan of publishing exploits in server-side software before a patch is found, too.
I hope that PhD is in something useful for it isn't in "common sense." Go back to gradeschool and get a sense of humor.
Could anyone post a list of websites which might have downloaded and installed that backdoor so we could avoid posting any sensitive information there until we know for sure that the problem has already been resolved?
I go to the movies for fun and excitement and escape from the real world.
When's the last time you were at a movie?!? Didn't you notice all the product placement in them?
Or, perhaps you believe all "super spies" use full GUI interfaces on PowerBooks to hack government networks is pure fantasy... err... hmmm... maybe you have a point.;)
This has been around (in one form or another) since the beginnings of AV software.
I wish I could remember the exact virus (anyone?), but there were several that would specifically try to infect a machine and disable anti-virus software from various venders, thus rendering the machine vulnerable to other virus attacks.
If my memory of timeframe serves, this was a problem in Windows 3.1 and 95... so, we're talking "old news" about targeting AV firms (in a sense).
I seem to recall there being DDOS attacks against LiveUpdate and some other main AV company channels not so long ago (but, not too recently, either... more like a couple of years ago). But, I have no links, so take that with a grain of salt.
Still, AV companies getting threats from virus writers is hardly news. I mean, what would these writers expect AV companies to do... close shop and go away?
I, too, am disappointed that this has made it onto any news channels... why not broadcast that Al Qaeda has announced the imminent demise of America again? 8P
I'm no fan of Microsoft, but as a software developer who has worked with overloaded QA folk, it doesn't surprise me that bugs like this slip through the cracks.
I agree with your assessment of the "5 line patch/ass biting" part, but I wouldn't let something like this diminish your confidence in their product; this really is a normal BAU type of bug.
Now, if you'd rather their business practices and attempts to take open standards, close-source them, and try to use their monopolies to cram them down your throat to extend into further monopolies guide your judgement about their products, then I'd say you're on the right track.;)
that the native human language of the locale where each in the chain of nodes used for an attack creeps into the evidence/clues. I wonder what they are talking about?
You mean like when someone defaces a webpage with "Roight! USA eats chunder! AUSSIES RUL3!!1!one!1!" they can figure out that the perp is (obviously) Canadian?
the startup wear-and-tear on the hard drives and even electrical components is greatly reduced by leaving a system on all the time.
Well, there are two schools of thought on this one. I shutdown my windows box after every use. Why? Because I only power it on every couple of days.
I think the decision to power off or not depends on usage. If you're hitting the computer several times a day, then it doesn't make sense to power it off. But, if there are longer stretches (I know, not likely with the/. crowd), then it could make sense to power it off.
At work, I only power my machine off at the end of the week.
Precisely... the uses of "Apple" by both parties appears (to me) very different.
IANAL, so here's a question (I don't know the answer): Even in the music industry, don't they differentiate between production and distribution?
I mean, can one company be "Apple Music productions" and a different one be "Apply Music distributions" and legally use the name and not be confused as the functions of either company are very different?
Last time I checked, Jobs wasn't in the business of producing any kind of music. At best, you might liken the iPod (and iTunes, etc) to a distribution business.
Perhaps this is the angle the "music" Apple company is trying to argue on...?
You mean it doesn't matter how cheap you can make something, if someone doesn't have a job to purchase it they WON'T?!?
DEAR GOD! What will we do about an economy now?!?
The outsourcing of high-paying jobs (heck, even low-paying jobs) does nothing but "appear" to help the economy in the short term because people still have savings to purchase goods at "reduced prices." But once that money dries up, it doesn't matter if that laptop is $4000 or $40 because people will be spending their money on catfood to survive.
Ugh... really... we need to move AWAY from a consumer-driven economy.
One of the reasons I don't have a TiVo yet is that I'm trying to avoid the "pack rat trap."
Seriously, the only advantage I can see to having a TiVo with this much record time is to do "Video on Demand" if it isn't available in your area on the cheap.
If this is where TiVo is headed, then why not push for the pay-for-play schemes, let the cable companies manage content storage, and watch what you want when you want?
I agree with everything except the negative sentiments towards your old job (even if talking with a new company).
ALWAYS present leaving a job on good terms, if you can.
You might not think about it now, but do you really want a future employer to even have to decide if you left because your old boss was a jerk or you were the jerk?!?
Bad jobs happen... people have bad worker/employer fits all the time.
You want your future employers to see that you were able to handle a bad situation gracefully; it'll add to your credit.
(Although not in the parent of this reply, but from the original poster): "you're not going to use them as a reference" suggests you'd rather have a multi-year gap in your employment history than show you were gainfully employed? Bad move.
Perhaps the FBI is hoping that WHEN someone places a bomb in a locker, they'll be more easily able to identify the perp because their finger print will still be stored in the system...?
If that's the case, then it is no better than in the movie "Demolition Man" where the head cop figures they'll catch Wesley Snipes by waiting for him to kill someone so they'll know "where he is."
Well, the answer (for you guys) could be to combine a type of tracking on the shoes and pressure sensors on the bottom of the feet/inside the shoes with a set of motors driving the ball underneath.
Figure the shift in pressure on the bottom of the foot would be a good indicator of how intensely someone is shifting weight and the tracker on the feet would indicate direction and speed of movement.
I'm sure that (this being your field, and me just being some "Joe" software engineer posting on/.) you've already thought about it. 8)
Still, I think foot pressure combined with foot movement could be a reasonable measure of what direction someone is intending to move and have the motors (one "x" axis, one "y" axis) move the surface accordingly. At least, that'd be my $.02 on it. 8)
Slashdot Mirror
Even worse, take the hashed PW, run it through the site, and if it DOESN'T return the password, you've already eliminated a large chunk of possibilities from your (next step) brute force attack.
Now, admittedly, it would still take ungodly long time to crack all the next possibilities, but it does save SOME time.
This also makes one wonder if the next generation of password cracking is to distribute the terrabytes of pre-digested passwords across multiple systems so that you have the "numbers only" database, the "upper and lower case letters" database, etc; let multiple crackers/hackers share their efforts in a similar way.
Or... err... maybe I shouldn't have suggested that in a public forum. 8D
FINALLY, I can stop using my old P75 as a very efficient doorstop, install this distro and crunch one SETI packet every 2 years!
Not to be a nervous-nellie, but isn't adding more networking/protocols to the desktop just asking for more hacking problems?
Interesting idea...except you have to pay (as a broadcaster) for each and every "listener" you're reaching. It was some tax, or some such... it was a big hullabaloo months ago because it was shutting down Internet Radio "broadcasters." (I have no links, so... take it with a grain of salt).
Methinks *that* would be the barrier.
I agree with you completely.
But, I think everyone is interested in trying to implement change without it costing thousands of people their honor and reputation first.
Because, honestly, it doesn't always matter if you were innocent or guilty, just being accused is often enough to ruin you.
Although dated, it is similar to the case of Dr. Mudd.
Obviously you missed the tongue-n-cheek humor there.
But, let's address your concerns about "rights" and the "normal user."
When I think of a "normal user," I think of "Mom." Mom doesn't know how the internet works, really. She doesn't know about PHP, Java, Databases, TCP/IP or much anything else.
What Mom knows is that if she clicks on links or searches on google, she can find products and information she's interested in.
But, let's keep it strictly to products/services (as these would be websites where someone is likely to give financial data, like a credit card).
I can say that Mom's fall into one of two (albeit very broad) categories:
1) Scared to death to buy anything over the internet because they don't trust it.
or
2) What do I know or care... I can complete my lace placemat collection online and they'll even ship it to my house!
What isn't addressed in your little rant is where Mom is going to do background checks on sites she visits to see if they're "running secure, non-backdoored" software. She isn't going to search for such a list of sites. She isn't going to know to look for sites she's already visited to see if they're vulnerable for exploit. She's just going to "use her internet" and do (or not do) whatever she wants.
To me, that's the average, normal user.
NOW, you take that list you think is a good idea to print and put it on a website, I'll tell you who IS going to find it: those a-holes who ARE looking to exploit weaknesses. They're running their scanners... googling for sites that might be running XYZ software, etc. You think that makes the internet safer for the normal user? Or, does it just make it easier to exploit for the a-hole?
I suppose you're a fan of publishing exploits in server-side software before a patch is found, too.
I hope that PhD is in something useful for it isn't in "common sense." Go back to gradeschool and get a sense of humor.
Could anyone post a list of websites which might have downloaded and installed that backdoor so we could avoid posting any sensitive information there until we know for sure that the problem has already been resolved?
Yes... so we can avoid them...;)
I go to the movies for fun and excitement and escape from the real world.
;)
When's the last time you were at a movie?!? Didn't you notice all the product placement in them?
Or, perhaps you believe all "super spies" use full GUI interfaces on PowerBooks to hack government networks is pure fantasy... err... hmmm... maybe you have a point.
This has been around (in one form or another) since the beginnings of AV software.
I wish I could remember the exact virus (anyone?), but there were several that would specifically try to infect a machine and disable anti-virus software from various venders, thus rendering the machine vulnerable to other virus attacks.
If my memory of timeframe serves, this was a problem in Windows 3.1 and 95... so, we're talking "old news" about targeting AV firms (in a sense).
I seem to recall there being DDOS attacks against LiveUpdate and some other main AV company channels not so long ago (but, not too recently, either... more like a couple of years ago). But, I have no links, so take that with a grain of salt.
Still, AV companies getting threats from virus writers is hardly news. I mean, what would these writers expect AV companies to do... close shop and go away?
I, too, am disappointed that this has made it onto any news channels... why not broadcast that Al Qaeda has announced the imminent demise of America again? 8P
With that many acronyms in the summary, this MUST be really cool technology I should rush out and buy!!!
;)
So, uh... what does it do?
I'm no fan of Microsoft, but as a software developer who has worked with overloaded QA folk, it doesn't surprise me that bugs like this slip through the cracks.
;)
I agree with your assessment of the "5 line patch/ass biting" part, but I wouldn't let something like this diminish your confidence in their product; this really is a normal BAU type of bug.
Now, if you'd rather their business practices and attempts to take open standards, close-source them, and try to use their monopolies to cram them down your throat to extend into further monopolies guide your judgement about their products, then I'd say you're on the right track.
that the native human language of the locale where each in the chain of nodes used for an attack creeps into the evidence/clues. I wonder what they are talking about?
You mean like when someone defaces a webpage with "Roight! USA eats chunder! AUSSIES RUL3!!1!one!1!" they can figure out that the perp is (obviously) Canadian?
the startup wear-and-tear on the hard drives and even electrical components is greatly reduced by leaving a system on all the time.
/. crowd), then it could make sense to power it off.
Well, there are two schools of thought on this one. I shutdown my windows box after every use. Why? Because I only power it on every couple of days.
I think the decision to power off or not depends on usage. If you're hitting the computer several times a day, then it doesn't make sense to power it off. But, if there are longer stretches (I know, not likely with the
At work, I only power my machine off at the end of the week.
Precisely... the uses of "Apple" by both parties appears (to me) very different.
IANAL, so here's a question (I don't know the answer):
Even in the music industry, don't they differentiate between production and distribution?
I mean, can one company be "Apple Music productions" and a different one be "Apply Music distributions" and legally use the name and not be confused as the functions of either company are very different?
Last time I checked, Jobs wasn't in the business of producing any kind of music. At best, you might liken the iPod (and iTunes, etc) to a distribution business.
Perhaps this is the angle the "music" Apple company is trying to argue on...?
You mean it doesn't matter how cheap you can make something, if someone doesn't have a job to purchase it they WON'T?!?
DEAR GOD! What will we do about an economy now?!?
The outsourcing of high-paying jobs (heck, even low-paying jobs) does nothing but "appear" to help the economy in the short term because people still have savings to purchase goods at "reduced prices." But once that money dries up, it doesn't matter if that laptop is $4000 or $40 because people will be spending their money on catfood to survive.
Ugh... really... we need to move AWAY from a consumer-driven economy.
Fun... now I have another thing to recharge/worry-about-battery life and lose!
I completely agree.
One of the reasons I don't have a TiVo yet is that I'm trying to avoid the "pack rat trap."
Seriously, the only advantage I can see to having a TiVo with this much record time is to do "Video on Demand" if it isn't available in your area on the cheap.
If this is where TiVo is headed, then why not push for the pay-for-play schemes, let the cable companies manage content storage, and watch what you want when you want?
I agree with everything except the negative sentiments towards your old job (even if talking with a new company).
ALWAYS present leaving a job on good terms, if you can.
You might not think about it now, but do you really want a future employer to even have to decide if you left because your old boss was a jerk or you were the jerk?!?
Bad jobs happen... people have bad worker/employer fits all the time.
You want your future employers to see that you were able to handle a bad situation gracefully; it'll add to your credit.
(Although not in the parent of this reply, but from the original poster): "you're not going to use them as a reference" suggests you'd rather have a multi-year gap in your employment history than show you were gainfully employed? Bad move.
Welcome to "Skynet." 8)
To steal/paraphrase from SatireWire:
"In other news, lung cancer to change its name to 'Spam' to capitalize on the brand recognition and instant hatred it inspires."
"Virtual Girlfriend" has been a flash-based game for a (relatively) long time.
So... what... the draw is that it is on a cell-phone? I want my "it only makes calls" phone back!
One would think that Microsoft would *avoid* repeating the Windows ME debacle.
;)
Nope, they embraced it.
Viva Microsoft XP-ME!
Because using fingerprints as keys to a locker overly complicates a system that has little use outside of this very thing.
So, given your point, perhaps you should ask yourself why put such a complicated/error-prone system in place JUST to replace a key/lock system?
Perhaps the FBI is hoping that WHEN someone places a bomb in a locker, they'll be more easily able to identify the perp because their finger print will still be stored in the system...?
If that's the case, then it is no better than in the movie "Demolition Man" where the head cop figures they'll catch Wesley Snipes by waiting for him to kill someone so they'll know "where he is."
Well, the answer (for you guys) could be to combine a type of tracking on the shoes and pressure sensors on the bottom of the feet/inside the shoes with a set of motors driving the ball underneath.
/.) you've already thought about it. 8)
Figure the shift in pressure on the bottom of the foot would be a good indicator of how intensely someone is shifting weight and the tracker on the feet would indicate direction and speed of movement.
I'm sure that (this being your field, and me just being some "Joe" software engineer posting on
Still, I think foot pressure combined with foot movement could be a reasonable measure of what direction someone is intending to move and have the motors (one "x" axis, one "y" axis) move the surface accordingly. At least, that'd be my $.02 on it. 8)