"Secondly MS probably doesn't have a smoother way to make managing the firewall any easier than anyone else out there."
Agreed, and I hate Micro$loth. You could be like Norton/Mcaffee/ZoneAlarm etc. and make it such that your firewall is too stupid to understand that your WAN IP addy might change and simply block all traffic when DHCP refreshes(it happens so often that now the first things I teach my techs is how to disable them to show the customer they ARE connected and running and need to deal with the firewall techs). Then the customer calls their broadband support tech who spends an hour fixing the problem that the programmers should have solved in the first place.
I've seen a real house made of straw. Seriously, and supposedly it's not the fire hazard you might guess since it's so tightly bound that fire burns the first couple inches of the bales really quickly since it's not so densely packed and then dies out since it didn't have time to build enough heat to burn the denser straw. I saw pics of the aftermath of a fire and it looked interesting. Dunno if it's true but it's cool if so. I can't imagine hanging pictures would be very effective though.
who in the bloody hell would mod the parent "Insightful"!?!?!? Funny, maybe. I think I have to agree about some newbs getting their mod points for the first time ever this week.
True. It would at least be effective against an attacker who relied solely on the password not changing however I just prefer reading logs(I speed read about 25k wpm, no joke, so this is just practice for me) and watching for suspicious patterns. If the attacker is a "cracker" who has no real knowledge of what they're doing but manages to snag a password that was written down(and quite possibly can do it repeatedly), they'll still manage to get access but they won't manage to prevent multiple logons, or late-night probes, or whatever from being logged. If they're a real attacker who knows what they're doing, knows about MITM attacks, etc. they'll leave other signs in the logs that, if one is familiar with the look of typical usage, will stick out like a sore thumb. And that brings up another point, laziness on the part of the sysadmins themselves. I mean how many times have we seen an admin who relies on their initial security measures like frequent password changes, password age, etc. and never bother reading logs to see if there is an issue they should be aware of. I'd rather think like an attacker than the typical admin for that reason alone.
Oh, I forgot to mention that if the cracker were smart and he saw the "please change" message he'd just cancel the login and let the man-in-the-middle login script he previously had setup do the passwd snagging for him. THAT would go totally unnoticed for the most part since it'd simply ask the real user to change the passwd upon login. BTW, yes, it is my nature to circumvent almost anything.
That would help at least but I wonder how often it really happens that admins set that option and how large X typically is. I mean it'd be trivial to write a script to change my passwd 25-25,000,000 times before changing it back to the original. But at least that's an option.
I don't think you understood fully. I meant the cracker changes the password and then IMMEDIATELY changes the password back to the original. I don't think I've run into an OS yet that ONLY allows you to change the password in a certain interval without admin privs but it would be a good idea in this situation.
I only have one question. What if the cracker is the one who gets the "it's time to change your password" message, they change it to something they know and then back again to the original? Think anyone's gonna notice? Depending on the host OS, it could be trivial to exploit a man in the middle attack to acquire the password from that user when they logon, just have a script that checks for a value on a webpage(or a million other things) that you control..if it finds it then it puts the user right back infront of a legit looking logon screen..they re-enter and it emails the result to one of a large list of email addy's you have setup. Better check those.*shrc's.
As always, this stuff is for educational purposes only. If you're thinking of doing it, it's probably for illegal purposes so don't blame me if you get caught.
I figured they did the mystery shopper thing, I was just wondering why they didn't use it instead of that idiotic program. That was asking for trouble.
I agree about allowing knives, guns, etc. onboard an airplane. We can bring knives and guns along with us when we travel by car, boat, bus(well to some degree...Greyhound ain't happy about it to be certain) but for some reason we have to disarm ourselves of anything that could be considered a weapon when we board an airplane. Next thing I expect is that they're gonna ask about my 31+ years of martial arts experience and they'll create some new policy requiring handcuffs.
I wonder if it'd be considered a violation of the un-Patriot Act to spread flyers around an airport telling people how to improvise weapons in the event of a hijacking. At least if the power were back in the MAJORITY's hands, I'd feel much safer.
Horrifying but probably true. I guess the idea of having "mystery shoppers" with "suspicious devices" passing through their checkpoints instead is a little too simplistic. This breakdown of grey matter and safety when we're supposed to be experiencing *enhanced* security is the main reason I don't fly.
I don't think it much matters. I tried Digg for a week or so and found most of the stories to be incredibly worthless, the discussion to be drole and flooded with either idiots or trolls, and the user interface to be counter-intuitive at best. So at this point, these "accusations" are just confirmation to me that it's not for anyone wanting open and honest discussion.
are walking... Some of the cops in my town got busted for posting inappropriate material, like discussing a high profile case. The link isn't the original story as they charge $2.95 to view anything older than 7 days(lame, I know) but it does have some interesting facts.
So Barney Fife and Roscoe P. Coltrain if you're listening...some of us are watching.
The most used data destruction device by government agencies: sledgehammer.
Had a contract recycling computers for the state gov't and if any hard drives exist, I am required to smash them with a hammer though I've done 35+ passes with a secure erase and have found it to be very effective but SLOW comparatively..heh.
Either way, this definitely happens a LOT. Most people aren't security minded and will toss almost anything thinking that a simple "format c:" will do the trick...or that the person who buys it will do it for them.
There's really absolutely nothing extraordinary about this at all. At least here in the States, "shrinkwrap licensing" doesn't hold water in the higher courts and the only real way to keep someone from selling their software is by signed agreement.
SGI has for years sold software under a license where you physically sign an agreement to purchase, and the license forbids resale of the software without express permission of Silicon Graphics. The thing is, they have the attitude toward their media that most of us wish that the record/movie companies had toward CD/DVD's..if it gets damaged, lost, stolen, etc. then they replace it for free...usually overnight Fedex. But that was back in the day, I'm unsure if they still do this now.
Anyway, I'm glad to see someone do this with the corporate licenses; it's about damn time.
Good advice there about reloading. I guess it never occurred to whoever modded that the time span might only be a few seconds from the first post to mine.(I dunno, I ain't bothering to go through that again)
Actually depending on the circumstances, the employee may be the only one breaking any law. Since it's not known who told him or how, it could have been overheard in an elevator which would make him innocent of any wrongdoing. Theft of trade secrets involves KNOWINGLY spreading trade secrets and there are plenty of ways he might not have known.
From your link:
"In General.-- Whoever, intending or knowing that the offense will benefit any foreign government, foreign instrumentality, or foreign agent, knowingly--"[emphasis mine]
So was this guy supposed to call up Apple and say "Hey, I heard a rumor about this thing you're coming out with but no one else knows about it. Is it a trade secret????"
IANAL but last I heard trade secrets are only illegal to spread if you are under a non-disclosure agreement, otherwise it's just information I heard on the street. So if this guy wasn't under an NDA, he's in the clear for the most part. It won't stop the retarded corps from hassling him but it wouldn't be a big deal to get them off his back either.
of NOT buying products from BOTH companies...now it could be just one that I refuse to buy from. Rootkits and DRM advocacy = boycott for life.
I hope it happens cause I'd love to see both fail much in the way AOL/TimeWarner are right now. We were scared when it first was announced but now it looks like a huge mistake.
I hear some strange twisted Beavis and Butthead skit:
Bill: I'm going to have to install Windows on this naked PC of yours...
The Great Cornholio: are you thrrreatening me!!?!??!?!
Slashdot Mirror
Agreed, and I hate Micro$loth. You could be like Norton/Mcaffee/ZoneAlarm etc. and make it such that your firewall is too stupid to understand that your WAN IP addy might change and simply block all traffic when DHCP refreshes(it happens so often that now the first things I teach my techs is how to disable them to show the customer they ARE connected and running and need to deal with the firewall techs). Then the customer calls their broadband support tech who spends an hour fixing the problem that the programmers should have solved in the first place.
I've seen a real house made of straw. Seriously, and supposedly it's not the fire hazard you might guess since it's so tightly bound that fire burns the first couple inches of the bales really quickly since it's not so densely packed and then dies out since it didn't have time to build enough heat to burn the denser straw. I saw pics of the aftermath of a fire and it looked interesting. Dunno if it's true but it's cool if so. I can't imagine hanging pictures would be very effective though.
who in the bloody hell would mod the parent "Insightful"!?!?!? Funny, maybe. I think I have to agree about some newbs getting their mod points for the first time ever this week.
True. It would at least be effective against an attacker who relied solely on the password not changing however I just prefer reading logs(I speed read about 25k wpm, no joke, so this is just practice for me) and watching for suspicious patterns. If the attacker is a "cracker" who has no real knowledge of what they're doing but manages to snag a password that was written down(and quite possibly can do it repeatedly), they'll still manage to get access but they won't manage to prevent multiple logons, or late-night probes, or whatever from being logged. If they're a real attacker who knows what they're doing, knows about MITM attacks, etc. they'll leave other signs in the logs that, if one is familiar with the look of typical usage, will stick out like a sore thumb. And that brings up another point, laziness on the part of the sysadmins themselves. I mean how many times have we seen an admin who relies on their initial security measures like frequent password changes, password age, etc. and never bother reading logs to see if there is an issue they should be aware of. I'd rather think like an attacker than the typical admin for that reason alone.
Oh, I forgot to mention that if the cracker were smart and he saw the "please change" message he'd just cancel the login and let the man-in-the-middle login script he previously had setup do the passwd snagging for him. THAT would go totally unnoticed for the most part since it'd simply ask the real user to change the passwd upon login. BTW, yes, it is my nature to circumvent almost anything.
That would help at least but I wonder how often it really happens that admins set that option and how large X typically is. I mean it'd be trivial to write a script to change my passwd 25-25,000,000 times before changing it back to the original. But at least that's an option.
I don't think you understood fully. I meant the cracker changes the password and then IMMEDIATELY changes the password back to the original. I don't think I've run into an OS yet that ONLY allows you to change the password in a certain interval without admin privs but it would be a good idea in this situation.
As always, this stuff is for educational purposes only. If you're thinking of doing it, it's probably for illegal purposes so don't blame me if you get caught.
I figured they did the mystery shopper thing, I was just wondering why they didn't use it instead of that idiotic program. That was asking for trouble. I agree about allowing knives, guns, etc. onboard an airplane. We can bring knives and guns along with us when we travel by car, boat, bus(well to some degree...Greyhound ain't happy about it to be certain) but for some reason we have to disarm ourselves of anything that could be considered a weapon when we board an airplane. Next thing I expect is that they're gonna ask about my 31+ years of martial arts experience and they'll create some new policy requiring handcuffs. I wonder if it'd be considered a violation of the un-Patriot Act to spread flyers around an airport telling people how to improvise weapons in the event of a hijacking. At least if the power were back in the MAJORITY's hands, I'd feel much safer.
Horrifying but probably true. I guess the idea of having "mystery shoppers" with "suspicious devices" passing through their checkpoints instead is a little too simplistic. This breakdown of grey matter and safety when we're supposed to be experiencing *enhanced* security is the main reason I don't fly.
I don't think it much matters. I tried Digg for a week or so and found most of the stories to be incredibly worthless, the discussion to be drole and flooded with either idiots or trolls, and the user interface to be counter-intuitive at best. So at this point, these "accusations" are just confirmation to me that it's not for anyone wanting open and honest discussion.
So Barney Fife and Roscoe P. Coltrain if you're listening...some of us are watching.
Nice strawman. If you did a bit of research, you'd know that strategy had absolutely nothing to do with their current financial situation.
Had a contract recycling computers for the state gov't and if any hard drives exist, I am required to smash them with a hammer though I've done 35+ passes with a secure erase and have found it to be very effective but SLOW comparatively..heh.
Either way, this definitely happens a LOT. Most people aren't security minded and will toss almost anything thinking that a simple "format c:" will do the trick...or that the person who buys it will do it for them.
makes some good points especially the one I noticed immediately: gigabit ethernet..for homes?!?!!?
SGI has for years sold software under a license where you physically sign an agreement to purchase, and the license forbids resale of the software without express permission of Silicon Graphics. The thing is, they have the attitude toward their media that most of us wish that the record/movie companies had toward CD/DVD's..if it gets damaged, lost, stolen, etc. then they replace it for free...usually overnight Fedex. But that was back in the day, I'm unsure if they still do this now.
Anyway, I'm glad to see someone do this with the corporate licenses; it's about damn time.
Good advice there about reloading. I guess it never occurred to whoever modded that the time span might only be a few seconds from the first post to mine.(I dunno, I ain't bothering to go through that again)
Actually depending on the circumstances, the employee may be the only one breaking any law. Since it's not known who told him or how, it could have been overheard in an elevator which would make him innocent of any wrongdoing. Theft of trade secrets involves KNOWINGLY spreading trade secrets and there are plenty of ways he might not have known.
From your link:
"In General.-- Whoever, intending or knowing that the offense will benefit any foreign government, foreign instrumentality, or foreign agent, knowingly--"[emphasis mine]
IANAL but last I heard trade secrets are only illegal to spread if you are under a non-disclosure agreement, otherwise it's just information I heard on the street. So if this guy wasn't under an NDA, he's in the clear for the most part. It won't stop the retarded corps from hassling him but it wouldn't be a big deal to get them off his back either.
someone modded this as "redundant"!?!? So everyone else making jokes are "funny" but this one was redundant?!?!? *rolls eyes*
the BROWN ring...ba-dum-dum. Hadda be done
I hope it happens cause I'd love to see both fail much in the way AOL/TimeWarner are right now. We were scared when it first was announced but now it looks like a huge mistake.
I hear some strange twisted Beavis and Butthead skit: Bill: I'm going to have to install Windows on this naked PC of yours... The Great Cornholio: are you thrrreatening me!!?!??!?!
Nice computer you got there....it'd be a shame if something....'appened to it..