I remember the (slightly larger) hack on Windows NT 3.51 to turn Workstation into Server. Not only did it remove the network restrictions, the system actually performed better.
Precious few government agencies need wireless access anyway, and those who do generally know how to handle it.
Those who don't, have no business incorporating a technology they don't understand. But, I suppose they have to spend their budget on something, even if it has nothing to do with making their job easier.
Thank you so very much. This part of near-light-speed motion has always eluded me. Thanks to your mental image, I am finally able to understand this. And I think I'll be able to explain it to others, as well.
(Although I'm sure it helps that I'm well past tipsy as I type this.)
Q: Since most crypto protocols on the internet, such as SSL or SSH, uses public-keys to build a secure channel, wouldn't a unexpected public disclosure create a chaos on the internet ? A: No. Chaos is hard to create, even on the Internet. Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.
[Emphasis mine.]
How is that an unexpected public disclosure? With that example, he alters the conditions of the experiment, just like opening Schroedinger's box.
If 5,000 people went to Amazon.com and bought something with the expectation that the connection was via SSL, and it turns out it wasn't, the smarter of those 5,000 people would be closing their credit card accounts and their Amazon.com accounts, and demanding restitution from Jeff Bezos for their compromised personal information. Amazon.com would fight them tooth and nail.
Now, tell me that isn't chaos.
With such a pronouncement "from on high" like that, my respect for Mr. Schneier took a serious hit.
I grant you every point you make. I was merely taking issue with the parent poster's assumption, that the attack is to get information. Sometimes, it's simply to take over the system for someone else's purposes.
I've heard of squeezing Linux into small devices, but a window manager on a space probe is a bit ridiculous, don't you think? TCP just isn't designed to handle that much lag time and network interference.
I do remember QUBE. Its days may be over, but I'd hardly call it a failure. It proved that broadband cable was possible, by carrying signals both ways, in a widely-deployed system. The knowledge gained from the "experiment" was tremendous.
Your link says "by 2010," but I got mine last year. $99 plus sales tax in California.
OK, so it's an old Toshiba Satellite, with a cramped hard drive and cramped RAM, but a more-than-minimal installation of Slackware plus a 100Base-T PCMCIA card (another $15, dongle included) and it's quite the portable NC. And at home, "X -query joseph" gives me a login on my much faster desktop, while I'm still sitting on my couch.
I'd say for $125, I've gotten my money's worth out of it.
The other way his analogy breaks down is the limited keyspace of a person's 5-letter name. "Frank" is one of 26^5, or 11,881,376, five-letter permutations, most of which are invalid in any language. Five bytes of random bits occupies 256^5, or 109,951,162,776 permutations. The actual keyspace of 5 bytes is almost 10,000 times larger than 5-letter names.
The possibility of identity theft is nothing to be careless about. However, Mozilla on Unix/Linux still has the advantage over IE on Windows, in that a normal user account is not able to take down the entire system without considerable effort on the part of the attacker. Desktop Windows pre-XP had no problem with anything a user did, up to and including deleting the C:\WINDOWS directory.
So the original assertion is still, at least partly true: The software underneath the apps is more secure.
Only if JavaScript is completely disabled, will this attack fail. JavaScript in the [HEAD] block executes as soon as the page loads. If this code is buried in that block, it will execute without any further intervention from the user.
Tell them to take a flying leap off a cliff. The EU is moving to destroy FLOSS with their innovation-stifling software patents. The only thing I'm willing to tell them about my use of FLOSS is, "You can't pirate what's given away for free."
Slashdot Mirror
As an earlier poster noted. :(
I remember the (slightly larger) hack on Windows NT 3.51 to turn Workstation into Server. Not only did it remove the network restrictions, the system actually performed better.
Someone stole his wife's sweater, and the tracker on his PC showed she was out of state, as she was walking in the door.
She was wearing a blouse under it, you Slashdot pervs!
I think you need to check your priorities. How do you think geeks all over the world just found out about the power failure?
From the Wikipedia page:
It appears helioshock can also be caused by mating with fagolas.
Why do I get the queasy feeling that some GNAA asshat defaced yet another Wikipedia page? Stupid pissers.
Go ahead, mod me Flamebait. I don't care. I'm tired of these jerks.
Interesting that you would use the word "collective" next to "shit", and in reference to a Communist government.
Precious few government agencies need wireless access anyway, and those who do generally know how to handle it.
Those who don't, have no business incorporating a technology they don't understand. But, I suppose they have to spend their budget on something, even if it has nothing to do with making their job easier.
Two simple questions:
1. Are these machines using non-Microsoft IP addresses for their 'net access?
2. If not, how long until the worm authors take that into account?
If it was too dumb to use swap space, I'd say it sounds rather fitting.
Thank you so very much. This part of near-light-speed motion has always eluded me. Thanks to your mental image, I am finally able to understand this. And I think I'll be able to explain it to others, as well.
(Although I'm sure it helps that I'm well past tipsy as I type this.)
Q: Since most crypto protocols on the internet, such as SSL or SSH, uses public-keys to build a secure channel, wouldn't a unexpected public disclosure create a chaos on the internet ? A: No. Chaos is hard to create, even on the Internet. Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.
[Emphasis mine.]
How is that an unexpected public disclosure? With that example, he alters the conditions of the experiment, just like opening Schroedinger's box.
If 5,000 people went to Amazon.com and bought something with the expectation that the connection was via SSL, and it turns out it wasn't, the smarter of those 5,000 people would be closing their credit card accounts and their Amazon.com accounts, and demanding restitution from Jeff Bezos for their compromised personal information. Amazon.com would fight them tooth and nail.
Now, tell me that isn't chaos.
With such a pronouncement "from on high" like that, my respect for Mr. Schneier took a serious hit.
Whatever sources get posted here are sure to dry up very quickly.
This is one of those ways that the free market doesn't work.
Tell him to put it in writing. It's the easiest and surest way to call him on his irrationality.
Then consult a lawyer, if you haven't already.
Is it time to re-institute the boycott?
I grant you every point you make. I was merely taking issue with the parent poster's assumption, that the attack is to get information. Sometimes, it's simply to take over the system for someone else's purposes.
I don't care about your information. I just want to install a z0mb13 backdoor so I can DDoS someone else.
Next question?
Being a fat geek may not increase your risk of death after all.
Last I knew, the human race had a 100% mortality rate. Being "pleasantly plump" might exempt some of us from death?
I've heard of squeezing Linux into small devices, but a window manager on a space probe is a bit ridiculous, don't you think? TCP just isn't designed to handle that much lag time and network interference.
I do remember QUBE. Its days may be over, but I'd hardly call it a failure. It proved that broadband cable was possible, by carrying signals both ways, in a widely-deployed system. The knowledge gained from the "experiment" was tremendous.
Your link says "by 2010," but I got mine last year. $99 plus sales tax in California.
OK, so it's an old Toshiba Satellite, with a cramped hard drive and cramped RAM, but a more-than-minimal installation of Slackware plus a 100Base-T PCMCIA card (another $15, dongle included) and it's quite the portable NC. And at home, "X -query joseph" gives me a login on my much faster desktop, while I'm still sitting on my couch.
I'd say for $125, I've gotten my money's worth out of it.
JavaScript in a callback function (i.e. "onmouseover" event) does not execute until invoked by a user event. RTFA for an example.
The other way his analogy breaks down is the limited keyspace of a person's 5-letter name. "Frank" is one of 26^5, or 11,881,376, five-letter permutations, most of which are invalid in any language. Five bytes of random bits occupies 256^5, or 109,951,162,776 permutations. The actual keyspace of 5 bytes is almost 10,000 times larger than 5-letter names.
The possibility of identity theft is nothing to be careless about. However, Mozilla on Unix/Linux still has the advantage over IE on Windows, in that a normal user account is not able to take down the entire system without considerable effort on the part of the attacker. Desktop Windows pre-XP had no problem with anything a user did, up to and including deleting the C:\WINDOWS directory.
So the original assertion is still, at least partly true: The software underneath the apps is more secure.
Only if JavaScript is completely disabled, will this attack fail. JavaScript in the [HEAD] block executes as soon as the page loads. If this code is buried in that block, it will execute without any further intervention from the user.
Tell them to take a flying leap off a cliff. The EU is moving to destroy FLOSS with their innovation-stifling software patents. The only thing I'm willing to tell them about my use of FLOSS is, "You can't pirate what's given away for free."