Maybe a System Restore? Or call Dr. Watson? The new animals always recommend, w/o hesitation to scan your system with spybot search and destroy, even if it's a hardware problem. I resent Dr. Moreau letting all these tech chimeras out into the wild!
The editors ran a classic controversial topic to drive ad hits:evolution vs creation or designer "Karman Approved" ID tripe.
Isn't this the kind of thing Reader's Digest, People or Time magazine runs?
Slashdot is becoming the Studio 54 of the Internet.
For God, or Darwin's sake, mod the hell out of me as troll or off topic. It's a badge of pride. Don't trip on the way to the kool-aid cmdrtaco is ladling out.
I'd posted the DEP info above and this sp2 Controlling block storage devices on USB buses(which also got an off topic mod, probably the same modder)to counter the posts being made that attack M$ as not having addressed USB and driver security at all. MS bashing is always "on topic" here.
This feature provides the ability to set a registry key that will prevent write operations to USB block storage devices, such as memory sticks. When this registry key is enabled, the devices function only as read-only devices. You can implement this setting as part of a security strategy to prevent users from transporting data using these devices.
Who does this feature apply to?
Users who do not want data to be written from their computer to a USB storage device.
IT professionals who want to implement organization controls over the use of USB block storage devices
What settings are added or changed in Windows XP Service Pack 2
Setting name Location Default value Possible values
WriteProtect
HKEY_LOCAL_MACHINE\System\
CurrentControlSet\Control \StorageDevicePolicies
DWORD=0
0 - Disabled
1 - Enabled
From Microsoft.......
A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003
Article ID: 875352
SUMMARY
Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. In Microsoft Windows XP Service Pack 2 (SP2) and Microsoft Windows XP Tablet PC Edition 2005, DEP is enforced by hardware and by software.
The primary benefit of DEP is to help prevent code execution from data pages. Typically, code is not executed from the default heap and the stack. Hardware-enforced DEP detects code that is running from these locations and raises an exception when execution occurs. Software-enforced DEP can help prevent malicious code from taking advantage of exception-handling mechanisms in Windows.
The uneven skills of driver programmers have left a legion of holes in software that ships with Windows and Linux, security experts say.
Operating system vendors and hardware makers should commit more resources toward systematically auditing Windows and Linux device-driver code for flaws, security researchers say.
While buffer overflows, a type of memory flaw that can lead to serious vulnerabilities, are quickly being eradicated in critical applications, the flaws are still easily found in device drivers, said David Maynor, a research engineer for Internet Security Systems' X-Force vulnerability analysis group.
"If you look through the device driver code, there are a lot of problems," he said in a recent interview. "The state of the code's security is not strong." During a few hours on a recent plane flight, for example, Maynor found more than a dozen glitches in several Windows XP drivers.
Windows is not the only operating system at risk. A survey of the Linux 2.6.9 kernel code performed by automated-code-checking software maker Coverity found that, while the overall quality of the code had increased significantly, more than 50 per cent of flaws appeared in device drivers. Many of those flaws may not affect system security, but the ratio is generally indicative of the quality of the code, said Seth Hallem, CEO of Coverity.
"The people writing the device drivers are not generally the core programmers," he said. "It is not the operating-system implementers themselves - the Linux programmers or Windows developers - it is generally the vendors."
The warnings come as operating-system developers have placed security higher on their to-do lists. While the Windows and Linux operating systems have both undergone significant audits in the past several years, many device drivers - especially those created by third-party hardware providers - have seemingly escaped rigorous testing.
Microsoft acknowledged the threat but stated that the company's developers had already started checking drivers that have been shipped with Windows for flaws.
"Microsoft is aware of a scenario by which an attacker could attack an existing software vulnerability in a device driver (and) could compromise a user's system," the software giant said in a statement to SecurityFocus. "It's important to note that Microsoft's software development processes do cover instances where third party code included with the operating system may be reviewed before the code ships with Windows to help ensure that customers are not at risk from this type of threat."
Microsoft has also moved forward with development efforts to harden device drivers, according to sources familiar with the initiative. However, the company remained closed-lipped about the details of the effort.
Device driver flaws can be more dangerous than other application vulnerabilities because device drivers are, in most cases, part of the kernel itself and subverting the critical software gives an attacker direct access to the kernel. Moreover, drivers that have direct memory access (DMA) - such as USB drivers, CardBus drivers, graphics drivers and sound drivers - could be used to overwrite system memory and exploit the system.
Some security experts argue that such issues are a well-known problem, and one with which device-driver programmers should have already dealt. The problem has been known for a decade or more, said Crispin Cowan, director of software engineering for Novell, which distributes the SuSE Linux distribution. He acknowledged, however, that not everyone may have made auditing driver code a priority.
"If you can crash your kernel with an application that is
I just used Scholar this morning looking for an abstract from the American Society of Criminology's "CRIMINOLOGY & Public Policy" journal.
The original abstract:
"Trajectories of Crime at Places: A Longitudinal Study of Street Segments in the City of Seattle" Criminology & Public Policy, American Society of Criminology
Vol. 42 (2), May 2004, pp.283-322.
David Weisburd, Shawn Bushway, Cynthia Lum, Sue-Ming Yang
THE CRIMINAL CAREERS OF PLACES: A LONGITUDINAL STUDY http://scholar.google.com/url?sa=U&q=http://www.nc jrs.org/pdffiles1/nij/grants/207824.pdf David Weisburd, Ph.D. Principal Investigator University of Maryland, College Park & The Hebrew University, Jerusalem
Cynthia Lum, Ph.D. Project Director Northeastern University, Boston
Sue-Ming Yang, M.A. Research Assistant University of Maryland, College Park
July 31, 2004
National Institute of Justice, DOJ
A subsequent NIJ grant funded report based on the abstract I was looking for.
correction....
How many times do have to read these "shootouts" here that devolve into conversations, not about the two distributions and enterprise support and interoperability, BUT other distros that will never be seen in a production environment?
How many times do have to read these "shootouts" here that devolve into conversations, not about the two distributions and enterprise support and interoperability other distros that will never be seen in a production environment?
This article starts out like an examination of M$'s hiring practices and philosophy, then turns into a 12 step graduation...look what we've done, we're new and improved.
This article seems like the product of an HR brainstorming meeting at Redmond; part of a recruitment campaign.
It's a little too "cathartic" for me that Ledgard, an HR manager, would go on the crazy train about this problem, run off the res on her own, unless senior management hadn't blessed it in advanced.
Is it such a stretch to think that M$ would use blogging in a sophisticated recruitment/marketing strategy?
Lucas's next film location?
on
Lucas's New HQ
·
· Score: 1
Maybe Jorge will be filming his next blockbuster next door at the Public Health Service Hospital (1) (2)
I would think the risk of this "Save the China Bloggers" deal would be from Chinese spammers and hackers taking advantage of folks through this "program" that might not know how to securely configure their hosting accounts or servers. It almost seems like an ingenious scheme to get people to give up server access, however limited, bandwidth and disk space for mischief.
Could this be turned into a gigantic social engineering blitzkrieg?
if walborg is so concerned about this, they should have people provide their camera serial number, and if a suspicious image pops up, they can check the proprietary EXIF MakerNotes data for a corresponding serial number to that which was provided by the customer. Not all manufacturers use the Maker Notes to include serial numbers, as Maker Notes data isn't in the EXIF spec, but most of the big manufacturers do, and include a serial number field.
It's not hackproof, but most people won't be hacking their exif makernotes data, and if their is legal action concerning a copyrighted work, walborg can say they logged the serial numbers from the exif maker notes data.
On his blog's left column, he mentions dissatisfaction with Google adsense, as he states below. I find it rather funny what he's seeing run on his site for ads:
The Great Google Ad Test. Below is the fabled Google Adsense which is supposed to match these little blurbs (below) with the site content. 90-percent of the time I've noticed that the ads are for OCD or some other form of disorder. If not that, then blogging. I can understand the blogging once in a while, but still! Considering the content on this web log, the Google evaluation bot seems to suck. It's ridiculous. I'd be interested in knowing if anyone can understand how it works and why OCD keeps cropping up. I'm sure mentioning it here isn't going to help, either.
I couldn't help thinking, while rtfa, that this sounds like the plot to a godzilla movie. In fact, didn't they make one about drilling into the earth and then awaken some hell beast that gozilla had to kill in tokyo harbor or something? Didn't he have to cape a geyser of lava with a hell beast? I had the "lumbering" godzilla theme playing in my head as I read the guardian story.
Slashdot Mirror
...but robots won't have to pay into SSI to help keep it solvent for the baby boomers. America's next big crop is old human beings.
The fastest growing profession in Science.
Maybe a System Restore? Or call Dr. Watson? The new animals always recommend, w/o hesitation to scan your system with spybot search and destroy, even if it's a hardware problem. I resent Dr. Moreau letting all these tech chimeras out into the wild!
I understand Ballmer himself might answer these days.
This reminds me of Public Information Research, Inc.'s namebase.org java diagrams.
Linus Torvalds
Click the java diagram link from the top of the static gif diagram.
This has been around since 2000?
Also I think in...2002, Touchgraph came out with this google browser, and they have a wiki browser
sourceforge project page - touchgraph
The editors ran a classic controversial topic to drive ad hits:evolution vs creation or designer "Karman Approved" ID tripe.
Isn't this the kind of thing Reader's Digest, People or Time magazine runs?
Slashdot is becoming the Studio 54 of the Internet.
For God, or Darwin's sake, mod the hell out of me as troll or off topic. It's a badge of pride. Don't trip on the way to the kool-aid cmdrtaco is ladling out.
I'd posted the DEP info above and this sp2 Controlling block storage devices on USB buses(which also got an off topic mod, probably the same modder)to counter the posts being made that attack M$ as not having addressed USB and driver security at all. MS bashing is always "on topic" here.
from Microsoft.......p pro/maintain/sp2otech.mspx#EDAA
Controlling block storage devices on USB buses What does controlling block storage devices on USB buses do?
http://www.microsoft.com/technet/prodtechnol/winx
This feature provides the ability to set a registry key that will prevent write operations to USB block storage devices, such as memory sticks. When this registry key is enabled, the devices function only as read-only devices. You can implement this setting as part of a security strategy to prevent users from transporting data using these devices. Who does this feature apply to? Users who do not want data to be written from their computer to a USB storage device. IT professionals who want to implement organization controls over the use of USB block storage devices
What settings are added or changed in Windows XP Service Pack 2 Setting name Location Default value Possible values WriteProtect HKEY_LOCAL_MACHINE\System\ CurrentControlSet\Control \StorageDevicePolicies DWORD=0 0 - Disabled 1 - Enabled
From Microsoft.......
A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003
Article ID: 875352
Last Review: May 10, 2005
http://support.microsoft.com/kb/875352
SUMMARY
Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. In Microsoft Windows XP Service Pack 2 (SP2) and Microsoft Windows XP Tablet PC Edition 2005, DEP is enforced by hardware and by software.
The primary benefit of DEP is to help prevent code execution from data pages. Typically, code is not executed from the default heap and the stack. Hardware-enforced DEP detects code that is running from these locations and raises an exception when execution occurs. Software-enforced DEP can help prevent malicious code from taking advantage of exception-handling mechanisms in Windows.
Original URL:
http://www.theregister.co.uk/2005/05/27/device_dri ver_flaws/ Device drivers filled with flaws
By Robert Lemos, SecurityFocus (tips at securityfocus.com)
Published Friday 27th May 2005 13:48 GMT
The uneven skills of driver programmers have left a legion of holes in software that ships with Windows and Linux, security experts say.
Operating system vendors and hardware makers should commit more resources toward systematically auditing Windows and Linux device-driver code for flaws, security researchers say.
While buffer overflows, a type of memory flaw that can lead to serious vulnerabilities, are quickly being eradicated in critical applications, the flaws are still easily found in device drivers, said David Maynor, a research engineer for Internet Security Systems' X-Force vulnerability analysis group.
"If you look through the device driver code, there are a lot of problems," he said in a recent interview. "The state of the code's security is not strong." During a few hours on a recent plane flight, for example, Maynor found more than a dozen glitches in several Windows XP drivers.
Windows is not the only operating system at risk. A survey of the Linux 2.6.9 kernel code performed by automated-code-checking software maker Coverity found that, while the overall quality of the code had increased significantly, more than 50 per cent of flaws appeared in device drivers. Many of those flaws may not affect system security, but the ratio is generally indicative of the quality of the code, said Seth Hallem, CEO of Coverity.
"The people writing the device drivers are not generally the core programmers," he said. "It is not the operating-system implementers themselves - the Linux programmers or Windows developers - it is generally the vendors."
The warnings come as operating-system developers have placed security higher on their to-do lists. While the Windows and Linux operating systems have both undergone significant audits in the past several years, many device drivers - especially those created by third-party hardware providers - have seemingly escaped rigorous testing.
Microsoft acknowledged the threat but stated that the company's developers had already started checking drivers that have been shipped with Windows for flaws.
"Microsoft is aware of a scenario by which an attacker could attack an existing software vulnerability in a device driver (and) could compromise a user's system," the software giant said in a statement to SecurityFocus. "It's important to note that Microsoft's software development processes do cover instances where third party code included with the operating system may be reviewed before the code ships with Windows to help ensure that customers are not at risk from this type of threat."
Microsoft has also moved forward with development efforts to harden device drivers, according to sources familiar with the initiative. However, the company remained closed-lipped about the details of the effort.
Device driver flaws can be more dangerous than other application vulnerabilities because device drivers are, in most cases, part of the kernel itself and subverting the critical software gives an attacker direct access to the kernel. Moreover, drivers that have direct memory access (DMA) - such as USB drivers, CardBus drivers, graphics drivers and sound drivers - could be used to overwrite system memory and exploit the system.
Some security experts argue that such issues are a well-known problem, and one with which device-driver programmers should have already dealt. The problem has been known for a decade or more, said Crispin Cowan, director of software engineering for Novell, which distributes the SuSE Linux distribution. He acknowledged, however, that not everyone may have made auditing driver code a priority.
"If you can crash your kernel with an application that is
I just used Scholar this morning looking for an abstract from the American Society of Criminology's "CRIMINOLOGY & Public Policy" journal.
c jrs.org/pdffiles1/nij/grants/207824.pdf
The original abstract:
"Trajectories of Crime at Places: A Longitudinal Study of Street Segments in the City of Seattle"
Criminology & Public Policy, American Society of Criminology
Vol. 42 (2), May 2004, pp.283-322.
David Weisburd, Shawn Bushway, Cynthia Lum, Sue-Ming Yang
Yielded this from Google Scholar:
THE CRIMINAL CAREERS OF PLACES: A LONGITUDINAL STUDY
http://scholar.google.com/url?sa=U&q=http://www.n
David Weisburd, Ph.D. Principal Investigator University of Maryland, College Park & The Hebrew University, Jerusalem Cynthia Lum, Ph.D. Project Director Northeastern University, Boston Sue-Ming Yang, M.A. Research Assistant University of Maryland, College Park
July 31, 2004
National Institute of Justice, DOJ
A subsequent NIJ grant funded report based on the abstract I was looking for.
Overheard at the Triskelion Cafe , year 5406...
Bidder 1: 20,000 Quatloos that the Sun won't explode
Bidder 2: I'll match and raise you 10K Quatloos that he's one of those freaks that got his brains spooned into a Macintosh aquarium.
correction.... How many times do have to read these "shootouts" here that devolve into conversations, not about the two distributions and enterprise support and interoperability, BUT other distros that will never be seen in a production environment?
How many times do have to read these "shootouts" here that devolve into conversations, not about the two distributions and enterprise support and interoperability other distros that will never be seen in a production environment?
This article starts out like an examination of M$'s hiring practices and philosophy, then turns into a 12 step graduation...look what we've done, we're new and improved.
This article seems like the product of an HR brainstorming meeting at Redmond; part of a recruitment campaign.
It's a little too "cathartic" for me that Ledgard, an HR manager, would go on the crazy train about this problem, run off the res on her own, unless senior management hadn't blessed it in advanced.
Is it such a stretch to think that M$ would use blogging in a sophisticated recruitment/marketing strategy?
Maybe Jorge will be filming his next blockbuster next door at the Public Health Service Hospital (1) (2)
This post might get annihilated, but I'm wondering if, as they did with Wikipedia, GNAA launched an assault on the LA Times wiki.
/. and share the postmortem for everyone to see.
Too bad LA Times admins won't come over here to
I would think the risk of this "Save the China Bloggers" deal would be from Chinese spammers and hackers taking advantage of folks through this "program" that might not know how to securely configure their hosting accounts or servers. It almost seems like an ingenious scheme to get people to give up server access, however limited, bandwidth and disk space for mischief.
Could this be turned into a gigantic social engineering blitzkrieg?
if walborg is so concerned about this, they should have people provide their camera serial number, and if a suspicious image pops up, they can check the proprietary EXIF MakerNotes data for a corresponding serial number to that which was provided by the customer. Not all manufacturers use the Maker Notes to include serial numbers, as Maker Notes data isn't in the EXIF spec, but most of the big manufacturers do, and include a serial number field. It's not hackproof, but most people won't be hacking their exif makernotes data, and if their is legal action concerning a copyrighted work, walborg can say they logged the serial numbers from the exif maker notes data.
I heard Dvorak on the episode 8 twitcast basically bragging he "called" this x86 switch a couple of years back.
he's completely extatic about it, and discuss the x86 switch as a done deal.
He's also going off on his blog.
I'm still not sold, and the debunk arguments by Gruber seems reasonable.
you actually wasted a mod on this post.
welcome, ayin-zayin-aleph-zayin-lamed, I see YOU.......... Vayedaber Adonay el-Moshe acharey mot shney beney Aharon bekorvatam lifney-Adonay vayamutu. Vayomer Adonay el-Moshe daber el-Aharon achicha ve'al-yavo vechol-et el-hakodesh mibeyt laparochet el-peney hakaporet asher al-ha'aron velo yamut ki be'anan era'eh al-hakaporet. Bezot yavo Aharon el-hakodesh befar ben-bakar lechatat ve'ayil le'olah. Ketonet-bad kodesh yilbash umichnesey-vad yiheyu al-besaro uve'avnet bad yachgor uvemitsnefet bad yitsnof bigdey-kodesh hem verachats bamayim et-besaro ulevesham. Ume'et adat beney Yisra'el yikach shney se'irey izim lechatat ve'ayil echad le'olah. Vehikriv Aharon et-par hachatat asher-lo vechiper ba'ado uve'ad beyto. Velakach et-sheney hase'irim vehe'emid otam lifney Adonay petach Ohel Mo'ed. Venatan Aharon al-shney hase'irim goralot goral echad l'Adonay vegoral echad la-Azazel. Vehikriv Aharon et-hasa'ir asher alah alav hagoral l'Adonay ve'asahu chatat. Vehasa'ir asher alah alav hagoral la-Azazel ya'omad-chay lifney Adonay lechaper alav leshalach oto la-Azazel hamidbarah. Vehikriv Aharon et-par hachatat asher-lo vechiper ba'ado uve'ad beyto veshachat et-par hachatat asher-lo. Velakach melo-hamachtah gachaley-esh me'al hamizbe'ach milifney Adonay umelo chofnav ktoret samim dakah vehevi mibeyt laparochet. Venatan et-haketoret al-ha'esh lifney Adonay vechisah anan haktoret et-hakaporet asher al-ha'edut velo yamut. Velakach midam hapar vehizah ve'etsba'o al-peney hakaporet kedmah velifney hakaporet yazeh sheva-pe'amim min-hadam be'etsba'o. Veshachat et-se'ir hachatat asher la'am vehevi et-damo el-mibeyt laparochet ve'asah et-damo ka'asher asah ledam hapar vehizah oto al-hakaporet velifney hakaporet. Vechiper al-hakodesh mitum'ot beney Yisra'el umipish'eyhem lechol-chatotam vechen ya'aseh le'Ohel Mo'ed hashochen itam betoch tum'otam. Vechol-adam lo-yihyeh be'Ohel Mo'ed bevo'o lechaper bakodesh ad-tseto vechiper ba'ado uve'ad beyto uve'ad kol-kehal Yisra'el. Veyatsa el-hamizbe'ach asher lifney-Adonay vechiper alav velakach midam hapar umidam hasa'ir venatan al-karnot hamizbe'ach saviv. Vehizah alav min-hadam be'etsba'o sheva pe'amim vetiharo vekidsho mitum'ot beney Yisra'el. Vechilah mikaper et-hakodesh ve'et-Ohel Mo'ed ve'et-hamizbe'ach vehikriv et-hasa'ir hechay. Vesamach Aharon et-shtey yadav al-rosh hasa'ir hachay vehitvadah alav et-kol-avonot beney Yisra'el ve'et-kol-pish'eyhem lechol-chatotam venatan otam al-rosh hasa'ir veshilach beyad-ish iti hamidbarah. Venasa hasa'ir alav et-kol-avonotam el-erets gezerah veshilach et-hasa'ir bamidbar. Uva Aharon el-Ohel Mo'ed ufashat et-bigdey habad asher lavash bevo'o el-hakodesh vehinicham sham. Verachats et-besaro vamayim bemakom kadosh velavash et-begadav veyatsa ve'asah et-olato ve'et-olat ha'am vechiper ba'ado uve'ad ha'am. Ve'et chelev hachatat yaktir hamizbechah. Vehameshale'ach et-hasa'ir la-Azazel yechabes begadav verachats et-besaro bamayim ve'acharey-chen yavo el-hamachaneh. Ve'et par hachatat ve'et se'ir hachatat asher huva et-damam lechaper bakodesh yotsi el-michuts lamachaneh vesarfu va'esh et-orotam ve'et-besaram ve'et-pirsham. Vehashoref otam yechabes begadav verachats et-besaro bamayim ve'acharey-chen yavo el-hamachaneh. Vehayetah lachem lechukat olam bachodesh hashvi'i be'asor lachodesh te'anu et-nafshoteychem vechol-melachah lo ta'asu ha'ezrach vehager hagar betochechem. Ki-vayom hazeh yechaper aleychem letaher etchem mikol chatoteychem lifney Adonay titharu. Shabat Shabaton hi lachem ve'initem et-nafshoteychem chukat olam. Vechiper hakohen asher-yimshach oto va'asher yemale et-yado lechahen tachat aviv velavash et-bigdey habad bigdey hakodesh. Vechiper et-mikdash hakodesh ve'et-Ohel Mo'ed ve'et-hamizbe'ach yechaper ve'al hakohanim ve'al-kol-am hakahal yechaper. Vehayetah-zot lachem lechukat olam lechaper al-beney Yisra'el mikol-chatotam achat bashanah vaya'as ka'asher tsivah Adonay et-Moshe. and so shall I, ayin-zayin-aleph-zayin-lamed
absolutely. This whole article is total BS.
I couldn't help thinking, while rtfa, that this sounds like the plot to a godzilla movie. In fact, didn't they make one about drilling into the earth and then awaken some hell beast that gozilla had to kill in tokyo harbor or something? Didn't he have to cape a geyser of lava with a hell beast? I had the "lumbering" godzilla theme playing in my head as I read the guardian story.