I severely doubt your 2400 baud or even mindblowing 14.4kbps could handle 5 meg
A 14.4 Kbps modem can download 5 MB of data in about an hour, ignoring compression. (mp3 files can't be compressed much anyways.)
That is certainly well within the capabilities of a modem to download. I recall downloading the SLS Linux distribution at about 30 1.4 MB floppy images, and I think I only had a 9600 bps modem. It took a while, but I got it.
Even the solid type storage formats couldn't handle much more thna a meg. considered. hmph.
Solid type storage formats? I'm not sure what you mean by that.
10 years or so ago, I had a DAT drive at home, and one at work. So I used that to move stuff back and forth. It was expensive, but it held 2 GB on a single tape, far more than I'd ever need to move at once, and it was way better than trying to use floppies.
The threats on the internet these days are significantly different from what they were back then.
Not that different. It's only three years ago, after all.
Sure, there are certainly some differences, with certain types of threats becoming more common and other sorts of threats becoming less common, but I'm not really aware of any fundamentally new threats appearing during that period, at least not anything that the `old' defenses (as described by this paper) aren't effective against.
Probably the biggest change would be the general switch to massive DDoS attacks using an army of compromised machines, rather than an attack from a few machines. The concept certainly existed before 2002, but it's really become a problem since then. And ultimately, the `NSA-style' response is likely to be the same -- the important systems aren't on the Internet, so they're not vulnerable. (And if their internal network did have such a problem, they'd have much bigger problems than just a DoS attack.)
Ultimately, it's not a bad document, but you can find similar things without going to the NSA, and they've been available for a lot longer than three years.
In general, this is a pretty reasonable approach to securing your network. It's much more secure than it was when you started, but it's not locked down so tight that you can't get any work done on it.
Like the rest of the world, the computers at the NSA are probably locked down to varying degrees depending on their function and the type of data they contain.
This general sort of lockdown (as described in this document) might be appropriate for systems that don't contain confidential information and don't perform mission critical services, but I would imagine that `NSA-style' would really apply to the systems that contain confidential, top secret, etc. information, and the degree that these systems would be locked down would be much much more than is described in this document. And is probably still classified, though much of it could probably be figured out by anybody skilled in the area of computer security.
For starters, the `top secret' computers at the NSA probably don't have any network access at all, or if they do have some, it's to a small, secure network of similarly secured systems (and NOT to the Internet) and physical security is taken to the extremes (think movies like Mission Impossible.) Code probably isn't run on these systems that hasn't been gone over, line by line, by the NSA itself. This sort of scrutiny requires lots of time and money, so any software being run is probably relatively old. The hardware itself is probably checked similarly, so it's likely to not be state of the art itself, except for the security components used to protect it.
THAT would be `NSA-style'. And the only way you're likely to read the books on how that works are to 1) get the appropriate clearances from the government (Classified? Top Secret? I don't know), 2) get a job with the NSA, and 3) *need to know* what's in that book.
... only if your sudo rules allow invoking sh from sudo. This isn't so unreasonable if this user is permitted full root access anyways, but if the user is intended to only run a few things as root, then they should NOT have this access.
Really, disabling the root account entirely and instead letting users (well, administrators) use sudo doesn't really increase security that much. If you have root access to the box, you have root access to the box, be it via su, login or sudo. If you have the root password of the box because 1) it's your box, or 2) you're supposed to have it, the box is not `ownt'. It's yours, and legitimately so. (`pwned' and similar words suggest that it was taken somehow.)
What forcing people to use sudo does accomplish is 1) helping to remind them not to login as root and do things as root that don't have to be done as root, and 2) to log things better. (And I'm talking about the usefulness of logging what you do when you're not trying to hide it here. A cracker will just erase the logs if he can.)
On that one flight on 9/11, they were certain and were able to make the right decision
They weren't certain soon enough. Obviously the hijackers made their moves before the passengers learned what the consequences of their inaction was.
Had the passengers known that if these four men got into the cockpit they would all die, the four men would NOT have made it into the cockpit.
Now, everybody knows that if your plane is hijacked, you're probably going to die. Even if that's not true, everybody `knows' it anyways. Hijackings are going to be very different from now on...
BTW, WTF is it with the obsession with those two lower planes denizens? The first three DMs I ever played with were particularly pathological about Demogorgon and Orcus and getting in the middle of their disputes.
People want to be important, if Asmodeus gets involved with you (and treats you as important, or even an equal, which really ought to NEVER happen) you must be important.
Ultimately, I don't care how high your character's level is, or how awesome his saving throw is against magic, if you ever run into a god, you'd better be respectful (and not be casting magic missle against the darkness) or you'll find yourself splattered all across the room. If a mortal being like you can do it, the gods (and even the demigods, or even their high level minions) can do it, and have already done it...
But no. Lolth? I've got a +4 Sword, +6 against Lolths! Attack!
Seems to me that a good role player would be about playing a role, not trying to become some sort of God...
Well that's counterproductive. Many hijackings have ended without loss of innocent life.
Sure. But the people (victims) involved will never know with any certainty until after the fact if this is such a hijacking. They won't be thinking of the many hijacked planes that landed peacefully -- they'll think of the four hijacked planes that crashed on 9/11.
If they are aware of the hijacking, and they don't think the cause is completely lost (a row of hijackers with guns would be very demoralizing, for example), somebody's very likely to play the hero, and if that gets everybody killed, well, everybody's going to get killed.
And the hijackers are likely to know this. I don't think we'll see many more hijackers hijacking commercial passenger flights who are actually expecting the plane to land peacefully somewhere -- because they know it's likely not to. Anybody who hijacks a plane today had better be ready to either do it in such a way that 1) nobody knows it's been hijacked, or 2) they can take (and hold) the plane by force rather than just by intimidation.
The `keep quiet and you'll make it through the day' mentality is gone.
Confiscating nail clippers and the like is dumb. A clever person could easily smuggle a ceramic blade onboard.
Absolutely. And that's only one of many possible weapons that might make it through current airplane security.
They knew that the other flights had been deliberately crashed.
Yes, they knew that (sorry, I wasn't more specific.) Had they known that when the hijackers first showed themselves, the results would have likely been very different.
They were too late to save themselves because the takeover only lasted a few seconds.
I was under the impression it all lasted at least several minutes -- enough time to learn that other planes had been hijacked and crashed, call loved ones, and to formulate and implement a plan to take the plane back. Certainly, there's a three minute gap in the cockpit recorder tapes. According to
this site the final 5 to 7 minutes of radio received from the plane are "filled with violence and yelling in both Arabic and English", which would suggest that the hijacking lasted far longer than a few seconds.
What if it had been a Cuban flight and there was reason to believe that the plane would land safely? In that situation, a "vigilant" passenger might get everyone killed.
Then everybody's going to get killed. Nobody's going to get away with a hijacking nowadays unless they have enough force on the plane to subdue a large percentage of the passengers, or to at least keep them away or unaware of the hijacking. (For example, sneaking into the cockpit might work, as would being the pilot and hijacking the plane that way would too.) And yes, the cockpit doors are now locked.
"It may be that their defense was effective"
Even if they managed to disable the hijackers, they would have had to land the plane.
Well, the pilots were presumably still alive and on board, right? (Killing or incapacitating the pilots would probably go a long ways towards provoking a violent response from the passengers, which is what the hijackers did NOT want.)
The hijackers may have deliberately crashed the plane after/during the uprising, or maybe the passengers were unable to fly the plane, or maybe the plane was shot down by a military fighter, either during or after the attempt to retake the plane. We just don't know. Either way, the passengers did finally do the right thing, given the circumstances, and their actions may have (or may not have) have saved many lives on the ground.
The Intel Pentium D 840 cpu uses 130 watts. (The other cpus still use lots of power, but this one was tied for #1.)
Wow.
You know, it wasn't that long ago that the 60 mHz Pentium (1) was the chip that had massive power requirements. That behemoth used 13 whole watts of power!
At 130 watts and 1.4 volts, that's 93 amps. That's just plain crazy. All that heat in that itty bitty package...
Rubbish. There were vigilant passengers on the 9/11 flight that crashed in Pennsylvania. Although they muddled the hijackers' plans, it was hardly an effective defense.
I believe that the people in that flight had heard that other planes had been hijacked, and that's why they finally rose up. But it was too late -- the hijackers were already in the cockpit, since the people had originally not resisted.
(Though to be fair, I'm not convinced that the plane wasn't shot down. It may be that their defense was effective, but that the US government made it a moot point. But we'll never know now...)
Things would be different now. The moment a few guys started waving around their box cutters and nail clippers and told people to go to the back of the airplane and nobody would be hurt, they'd be swarmed.
In order to hijack a plane by force like this now, your hijackers would need to either be 1) much better armed. Guns would help, or 2) be there in much greater numbers, large enough to successfully fight many of the passengers at once. (I'd assume that the hijackers would probably be better trained at hand to hand combat, and that many passengers would not fight even if their lives depended on it. So I doubt they'd need to outnumber the other passengers, but certainly 4 people wouldn't be enough anymore.)
Since the late 1960's, El Al has known the best methods of defending an aircraft against hijacking. Rule #1, lock the cockpit.
Can't argue with that. The Israelis have been living with terrorism for a long time now, and have become quite adept at dealing with it. (Of course, they tend to piss people off too, but we're getting to be good at that too.)
Looks like the flip side of the Tor project is that it allows anyone to launch network scans and exploits anonymously.
This is news?
Anything that lets you use a service anonymously will let you abuse a service anonymously.
Sure, the system may add limits (bandwidth used, total traffic, things it can connect to, etc.) to limit the damage that could be caused, but ultimately anything like this can be used for evil purposes.
Some examples? The
penet.fi
anonymous remailer was used to troll Usenet, harass people and even to say bad things about Scientology! (The horror!)
Another example? A
NAT router hides the internal IP address of the user, which tends to make them semi-anonymous. This is good, and this is bad. (I say semi-anonymous because most NAT devices keep logs, and if you need to determine who (ab)used something, the data is usually there.
If you are confused on how T-43 hours equals almost 3 days, perhaps you should read Countdown 101."
I had to read Countdown 101 a few times before I realized what I was missing. It's the... and holding periods that make up the difference. I guess when they start working on those things, the clock stops. Which seems very odd, but I guess they're just not sure how long they'll take.
To be helpful, I packed the whole folder, relevant logs, etc, and sent them - accompanied by a letter explaining what happened - to the fraud reporting email address of the bank that was the target of the attempt. That's what we all would do, right?
What seems quite likely is that these actions really had nothing to do with it.
When I get a phishing attempt, I generally report them to the institution being impersonated, especially if it's more convincing than normal. I imagine that some other people do the same. It's entirely possible that other users reported `your' phishing site, and the bank was already in the process of getting it shut down when they received your email.
... if they ever received your email. Lots of places don't really read their abuse@ addresses, or filter it so heavily that most everything gets filtered.
And if they did get your email, and it was received by the right people, they probably don't care. Your site cost them money, even if you claim that you weren't directly responsible, and they'll do what they can to stop it from happening again.
Ultimately, the right answer is to keep your system secured enough so this doesn't happen. Your email after the fact was the Right Thing [tm] to do, at least morally, but I'll bet if you had checked with your attorney, he'd have suggested not sending it at all. as it could be used as evidence if the bank decided to sue you.
It's not right, but it's the way things are... being a Good Guy [tm] just doesn't pay anymore.
As for your `Laptops May Threaten Male Fertility' article, if you read it carefully, you'll find that NOWHERE does it say anything about microwaves.
The story is about laptop heat, not microwaves. And sperm are best produced at about 94 degrees F (if memory serves me correctly), which is why the testicles are outside of the body -- so they can be cooler than body temperature.
Anything that raises the temperature of the testicles above that will reduce sperm production -- be it a laptop, living in Texas, wearing tight underwear or a having a cat in your lap. This is well known.
But as far as I know, the effect is temporary. Remove the laptop, move to Alaska, wear boxers, kick the cat off, and sperm production goes back up. But maybe somebody knows something I don't.
Assuming I'm right, just keep the laptop (and cat) out of your lap while you're trying to knock your wife up, and you'll be fine.
If the heat alone is a threat, It would make sense that holding a 40-watt microwave emitter in your lap could cause even more serious problems down the road.
Yes, you have a 40 watt heater in your lap. But you do NOT have a 40 watt microwave emitter in your lap.
As for how to measure the amount of microwave radiation a laptop emits, that would require special equipment that you are not likely to have at home. But the FCC does put serious limits on the RF that it's allowed to emit. I'll bet the actual microwave RF emitted is under a watt. Probably less than 1/10th of a watt.
Now, if you have WiFi, that will emit about 250 mW of power when it's actively transmitting. Which is a small percentage of the time. But your WiFi card probably does emit more microwave radiation than the rest of the laptop combined...
As for microwaves causing infertility, that has yet to be really shown.
Of course, they plan to leave the exploding parts out of their next versions.
I see that you've made a funny, but don't you think that it might be a bit offensive?
Good job. It was somewhat funny *and* offensive, a rare combination in today's world.
I suspect it's also inaccurate, as anything that goes into space is likely to have parts (hopefully small ones) that are supposed to explode as a regular part of doing their job, and lots of parts that could explode if something goes wrong. Hopefully nothing will go wrong...)
Well, what sort of impact do libraries have on book sales? It's not like libraries are a new thing...
Of course, both are valid questions, and tricky to answer. I guess you could find a community with no library but a book store, and then add a library, and see how book store sales change.
In any event, the book publishing industry generally does not like libraries (and this is not a new thing), because they are seen to reduce sales. But they don't dare go after them directly, because there would be a large public backlash...
You could replace almost ANYTHING. I think they have set a VERY POOR precedent.
To be fair, the things you'd replace it with would be things that are illegal. DO BODILY HARM is not always illegal.
But if somebody were selling guns saying that this gun
shoots through schools or was just the thing for cop killing, then that would be a more appropriate thing to replace `copyright infrigement' with.
Yes, but we are talking about Linux kernel code quality
We are? I thought we (or you, anyways) were discussing how Linux uses stuff from OpenBSD, and not the other way around?
Questioning Linux is not the
same as questioning GNU.
Why are you even comparing Theo and Linus, anyways? Linus wrote a kernel from scratch, and he has almost nothing to do with anything outside of the kernel. He certainly didn't add OpenSSH to any Linux distributions -- other people did that. In the beginning the Linux kernel was a one man show, but it didn't stay that way long. It wasn't that long ago that a Linux install didn't come with ssh at all, and I had to go get it myself (and this was before ssh2, OpenSSH and even OpenBSD.)
Theo (and others) took an existing *nix clone, kernel and all, and forked it. The new version's primary goal was security, and Theo and others went over the code very carefully and made sure it was secure, and added some stuff of their own, like OpenSSH (which again, was based off of somebody else's work, and forked when the license became unbearable.)
Both Theo and Linus have done good things, but the things they've done are very different.
So, off the top of your head, how many other sshd implementations implement privilege separation?
Off the head, my answer would be, um, `zero'. And then I'd ask `um, relevance?' What does that have to do with Linux (distributions, I'd assume, because Linux is really just a kernel) using things produced by the OpenBSD team?
And priviledge seperation in a single daemon isn't the end-all-be-all of security anyways. It's purpose is to protect you from any undiscovered security holes in ssh. In theory there wouldn't be any, especailly because it was produced by Theo and team with security in mind, but even the experts make mistakes and miss things. It's a nice feature, but it's not why people use OpenSSH rather than the other alternatives.
How many commercial UNIX distributions bundle an alternate sshd?
Again, relevance? I do believe Solaris and Irix shipped (perhaps on an `extras disk' -- it's been a while) a version of ssh1 before OpenSSH even existed, though they're probably including OpenSSH now, because it's better maintained and has a better license.
And don't forget the tremendous debt that OpenBSD (and FreeBSD, NetBSD) owes to the GNU project.
The GNU project also produces gcc, which is used by all of the free *nixes to compile their code.
Theo can run his systems free of all code produced by Linus.
Linus, yes, perhaps. GNU/GPL, no. Well, he could remove his compiler entirely, but then it wouldn't be a very useful system. (And technically, some of the code in gcc ends up in the executables it creates...)
Unless Linus wants to go back to telnet (or use an alternate, less tested sshd), he has no such option.
Perhaps we should talk about the history of ssh a bit here...
ssh did not start with OpenSSH. ssh started as ssh, and it was good. But then they changed the license, and people did not like that, so they took the last release that was under the old license, and released it as OpenSSH. They then added ssh2 support and generally maintained it in parallel, and now OpenSSH is more used than the original ssh -- but the original ssh is still around. Perhaps Theo did contribute some code to the original ssh (it was open source, after all), but it still wasn't OpenSSH until rather late in the game.
As for using an `alternate, less tested sshd', are you sure you don't work for Microsoft's FUD department or something?
...BSD guys are a lot like Linux guys, except they have kissed girls.
Well, they thought that was a girl that they paid $20 to kiss, but after googling for her name, they found some pictures of her on the `Transexuals are Friends, not Food!' web site, and noticed that she had a rather prominent Adam's Apple, so they're not quite so sure anymore...
Is the OpenSSH version in OBSD any different than the same in most Linux distros?
Cute that you picked OpenSSH as an example...
I don't know about the specific versions, but I do know that OpenSSH comes from the OpenBSD camp. Theo is one of the people that works/has worked on it.
They do seem to have two versions of it -- one for OpenBSD and one for `other', so the versions may very well be different.
Well, technically I am still portscanning. The side effect is that I'm DoS'ing him. Alas, he won't know that. All he'll see is a bunch of port scans in his firewall logs.
At that point, I'd say you're DoSing him, and any port scanning would be the side effect. After all, the Insane option doesn't give the packets long enough to come back and probably does discard them once they come back, because they took too long. Also, if you're overloading his connection, some packets will be lost, making some ports look like they were filtered, even if they aren't. That, and you're probably not even looking at which ports nmap reports open any more, if any.
Once you use the `insane' option to port scan somebody over the Internet, and you do it over and over and over, it's pretty obvious you're doing a DoS attack and not just port scanning.
As for what it looks like, some of the most effective DoS tools (or at least the most difficult to filter at the ISP level) just flood a host with packets from random IPs, to and from random ports. Take out the random IPs part, and tell nmap to go in random order, and that could look just like a port scan. And most people don't know how to tell the difference.
There is point if all I want to do is cause him grief.
Then you're DoSing him. A single portscan, even of all 65536 ports, on a cable modem host, will not cause signifigant grief unless either 1) you're doing it repeatedly, or 2) the target sees his logs and freaks out, causing his own grief. And if you're doing it repeatedly, you're probably more interested in the grief than the ports he has open.
A portscan of all 65536 ports will require about 2.5 MB of data to be sent (40 bytes/packet, 65536 packets), and less is likely to be returned. Most cable modems can handle that in a few seconds.
If I portscan my mate with the Insane settings in Nmap he goes down for the count. I can flood him with enough traffic to saturate his 512k link for a couple of minutes.
The only options I see useful in nmap for actually doing a DoS attack designed to suck up all of somebody's bandwidth are the `-D decoy1 [,decoy2][,ME],...' and the --data_length options.
I found the `Insane' setting -- it's not really about flooding a host, it's about assuming that the latency is almost zero, so a scan will happen quickly.
If I didn't like my mate I could easily take him off the net by asking nmap to scan his IP address repeatedly with the insane options.
Then you're not really port scanning him anymore -- your DoS'ing him. A port scan is about finding out which ports he has open -- but there's little point in doing it more than once per port, unless you think his system will respond randomly or something.
nmap is not meant as a DoS tool, but I guess if you abuse it appropriately, it'll throw lots of trash packets at a host. But there's much better tools out there for that.
Slashdot Mirror
That is certainly well within the capabilities of a modem to download. I recall downloading the SLS Linux distribution at about 30 1.4 MB floppy images, and I think I only had a 9600 bps modem. It took a while, but I got it.
Solid type storage formats? I'm not sure what you mean by that.10 years or so ago, I had a DAT drive at home, and one at work. So I used that to move stuff back and forth. It was expensive, but it held 2 GB on a single tape, far more than I'd ever need to move at once, and it was way better than trying to use floppies.
Sure, there are certainly some differences, with certain types of threats becoming more common and other sorts of threats becoming less common, but I'm not really aware of any fundamentally new threats appearing during that period, at least not anything that the `old' defenses (as described by this paper) aren't effective against.
Probably the biggest change would be the general switch to massive DDoS attacks using an army of compromised machines, rather than an attack from a few machines. The concept certainly existed before 2002, but it's really become a problem since then. And ultimately, the `NSA-style' response is likely to be the same -- the important systems aren't on the Internet, so they're not vulnerable. (And if their internal network did have such a problem, they'd have much bigger problems than just a DoS attack.)
Ultimately, it's not a bad document, but you can find similar things without going to the NSA, and they've been available for a lot longer than three years.
Somehow I doubt it.
In general, this is a pretty reasonable approach to securing your network. It's much more secure than it was when you started, but it's not locked down so tight that you can't get any work done on it.
Like the rest of the world, the computers at the NSA are probably locked down to varying degrees depending on their function and the type of data they contain.
This general sort of lockdown (as described in this document) might be appropriate for systems that don't contain confidential information and don't perform mission critical services, but I would imagine that `NSA-style' would really apply to the systems that contain confidential, top secret, etc. information, and the degree that these systems would be locked down would be much much more than is described in this document. And is probably still classified, though much of it could probably be figured out by anybody skilled in the area of computer security.
For starters, the `top secret' computers at the NSA probably don't have any network access at all, or if they do have some, it's to a small, secure network of similarly secured systems (and NOT to the Internet) and physical security is taken to the extremes (think movies like Mission Impossible.) Code probably isn't run on these systems that hasn't been gone over, line by line, by the NSA itself. This sort of scrutiny requires lots of time and money, so any software being run is probably relatively old. The hardware itself is probably checked similarly, so it's likely to not be state of the art itself, except for the security components used to protect it.
THAT would be `NSA-style'. And the only way you're likely to read the books on how that works are to 1) get the appropriate clearances from the government (Classified? Top Secret? I don't know), 2) get a job with the NSA, and 3) *need to know* what's in that book.
Really, disabling the root account entirely and instead letting users (well, administrators) use sudo doesn't really increase security that much. If you have root access to the box, you have root access to the box, be it via su, login or sudo. If you have the root password of the box because 1) it's your box, or 2) you're supposed to have it, the box is not `ownt'. It's yours, and legitimately so. (`pwned' and similar words suggest that it was taken somehow.)
What forcing people to use sudo does accomplish is 1) helping to remind them not to login as root and do things as root that don't have to be done as root, and 2) to log things better. (And I'm talking about the usefulness of logging what you do when you're not trying to hide it here. A cracker will just erase the logs if he can.)
Had the passengers known that if these four men got into the cockpit they would all die, the four men would NOT have made it into the cockpit.
Now, everybody knows that if your plane is hijacked, you're probably going to die. Even if that's not true, everybody `knows' it anyways. Hijackings are going to be very different from now on ...
Ultimately, I don't care how high your character's level is, or how awesome his saving throw is against magic, if you ever run into a god, you'd better be respectful (and not be casting magic missle against the darkness) or you'll find yourself splattered all across the room. If a mortal being like you can do it, the gods (and even the demigods, or even their high level minions) can do it, and have already done it ...
But no. Lolth? I've got a +4 Sword, +6 against Lolths! Attack!
Seems to me that a good role player would be about playing a role, not trying to become some sort of God ...
If they are aware of the hijacking, and they don't think the cause is completely lost (a row of hijackers with guns would be very demoralizing, for example), somebody's very likely to play the hero, and if that gets everybody killed, well, everybody's going to get killed.
And the hijackers are likely to know this. I don't think we'll see many more hijackers hijacking commercial passenger flights who are actually expecting the plane to land peacefully somewhere -- because they know it's likely not to. Anybody who hijacks a plane today had better be ready to either do it in such a way that 1) nobody knows it's been hijacked, or 2) they can take (and hold) the plane by force rather than just by intimidation.
The `keep quiet and you'll make it through the day' mentality is gone.
Absolutely. And that's only one of many possible weapons that might make it through current airplane security.The hijackers may have deliberately crashed the plane after/during the uprising, or maybe the passengers were unable to fly the plane, or maybe the plane was shot down by a military fighter, either during or after the attempt to retake the plane. We just don't know. Either way, the passengers did finally do the right thing, given the circumstances, and their actions may have (or may not have) have saved many lives on the ground.
Wow.
You know, it wasn't that long ago that the 60 mHz Pentium (1) was the chip that had massive power requirements. That behemoth used 13 whole watts of power!
At 130 watts and 1.4 volts, that's 93 amps. That's just plain crazy. All that heat in that itty bitty package ...
(Though to be fair, I'm not convinced that the plane wasn't shot down. It may be that their defense was effective, but that the US government made it a moot point. But we'll never know now ...)
Things would be different now. The moment a few guys started waving around their box cutters and nail clippers and told people to go to the back of the airplane and nobody would be hurt, they'd be swarmed.
In order to hijack a plane by force like this now, your hijackers would need to either be 1) much better armed. Guns would help, or 2) be there in much greater numbers, large enough to successfully fight many of the passengers at once. (I'd assume that the hijackers would probably be better trained at hand to hand combat, and that many passengers would not fight even if their lives depended on it. So I doubt they'd need to outnumber the other passengers, but certainly 4 people wouldn't be enough anymore.)
Can't argue with that. The Israelis have been living with terrorism for a long time now, and have become quite adept at dealing with it. (Of course, they tend to piss people off too, but we're getting to be good at that too.)Anything that lets you use a service anonymously will let you abuse a service anonymously.
Sure, the system may add limits (bandwidth used, total traffic, things it can connect to, etc.) to limit the damage that could be caused, but ultimately anything like this can be used for evil purposes.
Some examples? The penet.fi anonymous remailer was used to troll Usenet, harass people and even to say bad things about Scientology! (The horror!)
Another example? A NAT router hides the internal IP address of the user, which tends to make them semi-anonymous. This is good, and this is bad. (I say semi-anonymous because most NAT devices keep logs, and if you need to determine who (ab)used something, the data is usually there.
There's lots more examples.
When I get a phishing attempt, I generally report them to the institution being impersonated, especially if it's more convincing than normal. I imagine that some other people do the same. It's entirely possible that other users reported `your' phishing site, and the bank was already in the process of getting it shut down when they received your email.
And if they did get your email, and it was received by the right people, they probably don't care. Your site cost them money, even if you claim that you weren't directly responsible, and they'll do what they can to stop it from happening again.
Ultimately, the right answer is to keep your system secured enough so this doesn't happen. Your email after the fact was the Right Thing [tm] to do, at least morally, but I'll bet if you had checked with your attorney, he'd have suggested not sending it at all. as it could be used as evidence if the bank decided to sue you.
It's not right, but it's the way things are ... being a Good Guy [tm] just doesn't pay anymore.
The story is about laptop heat, not microwaves. And sperm are best produced at about 94 degrees F (if memory serves me correctly), which is why the testicles are outside of the body -- so they can be cooler than body temperature.
Anything that raises the temperature of the testicles above that will reduce sperm production -- be it a laptop, living in Texas, wearing tight underwear or a having a cat in your lap. This is well known.
But as far as I know, the effect is temporary. Remove the laptop, move to Alaska, wear boxers, kick the cat off, and sperm production goes back up. But maybe somebody knows something I don't.
Assuming I'm right, just keep the laptop (and cat) out of your lap while you're trying to knock your wife up, and you'll be fine.
As for how to measure the amount of microwave radiation a laptop emits, that would require special equipment that you are not likely to have at home. But the FCC does put serious limits on the RF that it's allowed to emit. I'll bet the actual microwave RF emitted is under a watt. Probably less than 1/10th of a watt.
Now, if you have WiFi, that will emit about 250 mW of power when it's actively transmitting. Which is a small percentage of the time. But your WiFi card probably does emit more microwave radiation than the rest of the laptop combined ...
As for microwaves causing infertility, that has yet to be really shown.
Good job. It was somewhat funny *and* offensive, a rare combination in today's world.
I suspect it's also inaccurate, as anything that goes into space is likely to have parts (hopefully small ones) that are supposed to explode as a regular part of doing their job, and lots of parts that could explode if something goes wrong. Hopefully nothing will go wrong ...)
Of course, both are valid questions, and tricky to answer. I guess you could find a community with no library but a book store, and then add a library, and see how book store sales change.
In any event, the book publishing industry generally does not like libraries (and this is not a new thing), because they are seen to reduce sales. But they don't dare go after them directly, because there would be a large public backlash ...
But if somebody were selling guns saying that this gun shoots through schools or was just the thing for cop killing, then that would be a more appropriate thing to replace `copyright infrigement' with.
Theo (and others) took an existing *nix clone, kernel and all, and forked it. The new version's primary goal was security, and Theo and others went over the code very carefully and made sure it was secure, and added some stuff of their own, like OpenSSH (which again, was based off of somebody else's work, and forked when the license became unbearable.)
Both Theo and Linus have done good things, but the things they've done are very different.
Off the head, my answer would be, um, `zero'. And then I'd ask `um, relevance?' What does that have to do with Linux (distributions, I'd assume, because Linux is really just a kernel) using things produced by the OpenBSD team?And priviledge seperation in a single daemon isn't the end-all-be-all of security anyways. It's purpose is to protect you from any undiscovered security holes in ssh. In theory there wouldn't be any, especailly because it was produced by Theo and team with security in mind, but even the experts make mistakes and miss things. It's a nice feature, but it's not why people use OpenSSH rather than the other alternatives.
Again, relevance? I do believe Solaris and Irix shipped (perhaps on an `extras disk' -- it's been a while) a version of ssh1 before OpenSSH even existed, though they're probably including OpenSSH now, because it's better maintained and has a better license.The GNU project also produces gcc, which is used by all of the free *nixes to compile their code.
Linus, yes, perhaps. GNU/GPL, no. Well, he could remove his compiler entirely, but then it wouldn't be a very useful system. (And technically, some of the code in gcc ends up in the executables it createsssh did not start with OpenSSH. ssh started as ssh, and it was good. But then they changed the license, and people did not like that, so they took the last release that was under the old license, and released it as OpenSSH. They then added ssh2 support and generally maintained it in parallel, and now OpenSSH is more used than the original ssh -- but the original ssh is still around. Perhaps Theo did contribute some code to the original ssh (it was open source, after all), but it still wasn't OpenSSH until rather late in the game.
As for using an `alternate, less tested sshd', are you sure you don't work for Microsoft's FUD department or something?
I don't know about the specific versions, but I do know that OpenSSH comes from the OpenBSD camp. Theo is one of the people that works/has worked on it.
They do seem to have two versions of it -- one for OpenBSD and one for `other', so the versions may very well be different.
Once you use the `insane' option to port scan somebody over the Internet, and you do it over and over and over, it's pretty obvious you're doing a DoS attack and not just port scanning.
As for what it looks like, some of the most effective DoS tools (or at least the most difficult to filter at the ISP level) just flood a host with packets from random IPs, to and from random ports. Take out the random IPs part, and tell nmap to go in random order, and that could look just like a port scan. And most people don't know how to tell the difference.
Then you're DoSing him. A single portscan, even of all 65536 ports, on a cable modem host, will not cause signifigant grief unless either 1) you're doing it repeatedly, or 2) the target sees his logs and freaks out, causing his own grief. And if you're doing it repeatedly, you're probably more interested in the grief than the ports he has open.A portscan of all 65536 ports will require about 2.5 MB of data to be sent (40 bytes/packet, 65536 packets), and less is likely to be returned. Most cable modems can handle that in a few seconds.
I found the `Insane' setting -- it's not really about flooding a host, it's about assuming that the latency is almost zero, so a scan will happen quickly.
Then you're not really port scanning him anymore -- your DoS'ing him. A port scan is about finding out which ports he has open -- but there's little point in doing it more than once per port, unless you think his system will respond randomly or something.nmap is not meant as a DoS tool, but I guess if you abuse it appropriately, it'll throw lots of trash packets at a host. But there's much better tools out there for that.