Well, reguardless if the act was illegal or not, she will be getting half of his stuff
Wife: I'll take the power supply and motherboard, you take the RAM, processor, and hard drive. I'll take the CD burner, you take the DVD drive. I'll take the AGP graphics card, you can have all the PCI cards and we'll split the IDE cables and fans 50/50.
I'm not sure what you're saying here. Which worm exploited this vulnerability? My point was that the worm sign in your logs are from worms that Windows 2003 isn't vulnerable to, not that Windows 2003 doesn't have vulnerabilties.
What? Just because someone doesn't have proof that a vulnerabilty doesn't have a worm going around on it doesn't mean it doesn't exist or can't be made. I would bet that most of the time, if a worm isn't "compatible" with Windows Server 2003, then it's probably that the writer doesn't care to or doesn't have access to it.
"Security by obscurity" is not security. Just because there is nothing currently going around compromising the vulnerabilities on your OS doesn't mean that your computer is secure. This goes for Linux as well, however most people who use Linux know how to secure their box, except for the people that think "oh, Linux is secure, let's use that instead because I hate that stupid Microsoft company".
And even before TTG was released, people figured out ways to hack the TiVo and download the video. So now you have the feature available to 100% of users, and maybe 1% will abuse it. Before, the feature was available to 0% of users, and STILL 1% abused it. Which scenario is better for TiVo?
Before they had it as a feature, because now the MPAA will be on their ass about it.
Put the GPS device in an electrically conductive safe (little circular pads on each side of the safe), along with the main CPU that makes the car run.
You run a wire through one side of the safe through the CPU to the other, then the car can't run without the safe. Therefore, the safe is kept on the car, and the only way to get the car to run is to open the safe and rewire the CPU to the rest of the car.
Re:So what's the big deal for the rest of us?
on
SHA-1 Broken
·
· Score: 1
Hehe, that's cute, "thousands or millions". I'm no cryptographer, either (so maybe one can chime in), but, err, there's a whole lot more than a million messages that have the same hash.
There are infinite collisions possible. Since the input can be anything, such as "avdd" repeated 10 billion times, it still needs a 32/50/whateverthehashuses character output.
Re:Broken, but not for everything...
on
SHA-1 Broken
·
· Score: 1
It's 1 in 1, SHA-1 is a fake algorithm, if you look at the source code it only contains one line:
Re:Broken, but not for everything...
on
SHA-1 Broken
·
· Score: 1
I just realized something about this idea (trigger happy mouse finger), for smaller hashes, you would know the maximum length for the original string.
Instead, for strings x with len(x)
For strings with len(x) > ~70-90, this would be almost pointless though, however, for passwords this could work quite nicely.
This idea adds another layer of calculation on to this, the extra characters involved, and the amount of extra characters would create a harder to break algorithm.
Having a "key" dynamic to each login attempt (say something like 'dd if=/dev/urandom bs=50 count=1' each time a user logs in, and replacing that in some file and the hash in/etc/shadow each time), each user account, and each processor even would also add another layer of security. That way, not only would each password have to be broken, but it would have to be broken FOR said computer, said user, and said login.
This would limit an attacker's brute force to a specific account on a computer and an ~1 day period of time.
Re:Broken, but not for everything...
on
SHA-1 Broken
·
· Score: 1
(unless the original message is shorter than the output of the hash and everyone who hashes it later absolutely knows the length of the original message).
This is what I'm thinking, we should have something that varies in length, but not to the identical ratio every time that other 2 way algorithms use.
What I'm saying is something like, len(hash(x))>len(x), but len(x) may possibly not be greater than len(x+y)...
If we use the data within that the hash is using to determine some random number, numbercreated+len(x) == len(hash(x)).
Using something like that might possibly create a more secure hash algorithm. Sure, it would require MORE data to store, but it would be safer to store than plaintext.
Re:Let me be the first to say...
on
SHA-1 Broken
·
· Score: 1
MD5(SHA-1(x)+x) is what he should have said, that would take a whole new level of brute forcing to break.
Wouldn't this be the first modenrn OS that doesn't let you play music out the box?
No. Linux is also considered to be a modern OS and it often doesn't include MP3 playback out of the box. OGG, yes, MP", no... Licensing issues:-(
The only distros that don't have Mp3 playback support that I know of are RedHat and Fedora. RedHat isn't the only company that produces Linux, and actually, percentage wise, I believe it has the smallest market base (excluding RHEL for servers).
true for most torrent sites, however, loki was also a tracker so they probably also have logs of IPs d/ling the movie/tv eries/whatever itself.
Yes, and no...
If they made logs, all they would have is just a bit more than "xx.xx.xx.xx/xx downloaded x.torrent", they would have "xx.xx.xx.xx/xx asked who has peices from x.torrent". They still don't have any evidence that the person downloaded the file. This is (in the analogy that grandparent noted) like buying a gun and bullets, but no proof that the bullets were ever put in the gun, and actually fired.
But, octopuses excel at figuring out mazes, picking locks, escaping cages, and most importantly hiding evidence of this from their keepers.
I wonder if you put a camera in the room (tiny, computer controlled, from a very secure computer), will a couple of hours of video just disappear from your logs one day? If so, then I guess Microsoft needs to employ these guys to locate security vulnerabilities...
This isn't about providing a service to existing users, many of whom are, on average, probably a little more savvy than the average internet user. It's about getting new users who are used to using IE.
Exactly, I've been holding off on switching my parents secretly to Firefox for a long time now. Why? Because they use Yahoo! Toolbar for IE. It would be an obvious switch, and I don't want it to be that obvious for them. With this toolbar, however, I think I could secretly swap browsers without them even noticing.
They are very conservative, and they think I'm crazy when I mention that there are other products besides ones that Microsoft makes. They are completely oblivious to almost everything, and to a certain extent think if they stray away from their daily routine, they are breaking the law in some way (yeah, I know)...
They don't realize how much freedom actually exists in the world, and it's scary at times to think what it would be like to live like them.
Think about it, if you discreetly look at some porn pics during a business meeting, will you automatically unzip your pants and start jerking off or can you pretend you are listening to the presentation? You probably can.
Interesting point, but breasts rubbing against your face is a bit different than small pictures on a TV screen.
Oh wait this is Slashdot, forgot, nobody here knows the difference;)
On national TV? I don't know, same-sex (me bring straight) would make me more uncomfortable...
More uncomfortable? Of course... would you be uncomfortable with an opposite sex person on top of you? No.
I said more DISTRACTED, which nobody who responded to my post seemed to be able to read. You would be more distracted with some chick rubbing up against you (hell, you might not even hear the question), than with a guy rubbing up against you. If a guy is rubbing up against you, you want it to stop, so you'll pay attention. Other way around, you probably won't want it to stop, so you will purposefully lose the question.
This is, of course, assuming you are a straight guy, not woman... but this is Slashdot;)
My favorites are the ones from the "drivers/net/sunhme.c" file of the Linux Kernel:
/* Welcome to Sun Microsystems, can I take your order please? */.../* Would you like fries with that? */.../* Anything else? */.../* Fifty-two cents is your change, have a nice day. */
/* We have a special on GNU/Viking hardware bugs today. */.../* Will that be all? */.../* Don't forget your vik_1137125_wa. Have a nice day. */
/* foo on you */
/* Lettuce, tomato, buggy hardware (no extra charge)? */
/* We're consolidating our STB products, it's your lucky day. */.../* Come back next week when we are "Sun Microelectronics". */.../* Remember: "Different name, same old buggy as shit hardware." */
/* Only Sun can take such nice parts and fuck up the programming interface
* like this. Good job guys...
*/
Slashdot Mirror
Well, reguardless if the act was illegal or not, she will be getting half of his stuff
Wife: I'll take the power supply and motherboard, you take the RAM, processor, and hard drive. I'll take the CD burner, you take the DVD drive. I'll take the AGP graphics card, you can have all the PCI cards and we'll split the IDE cables and fans 50/50.
I'm not sure what you're saying here. Which worm exploited this vulnerability? My point was that the worm sign in your logs are from worms that Windows 2003 isn't vulnerable to, not that Windows 2003 doesn't have vulnerabilties.
What? Just because someone doesn't have proof that a vulnerabilty doesn't have a worm going around on it doesn't mean it doesn't exist or can't be made. I would bet that most of the time, if a worm isn't "compatible" with Windows Server 2003, then it's probably that the writer doesn't care to or doesn't have access to it.
"Security by obscurity" is not security. Just because there is nothing currently going around compromising the vulnerabilities on your OS doesn't mean that your computer is secure. This goes for Linux as well, however most people who use Linux know how to secure their box, except for the people that think "oh, Linux is secure, let's use that instead because I hate that stupid Microsoft company".
They probably AREN'T getting that money is the point.
And even before TTG was released, people figured out ways to hack the TiVo and download the video. So now you have the feature available to 100% of users, and maybe 1% will abuse it. Before, the feature was available to 0% of users, and STILL 1% abused it. Which scenario is better for TiVo?
Before they had it as a feature, because now the MPAA will be on their ass about it.
Put the GPS device in an electrically conductive safe (little circular pads on each side of the safe), along with the main CPU that makes the car run.
You run a wire through one side of the safe through the CPU to the other, then the car can't run without the safe. Therefore, the safe is kept on the car, and the only way to get the car to run is to open the safe and rewire the CPU to the rest of the car.
Hehe, that's cute, "thousands or millions". I'm no cryptographer, either (so maybe one can chime in), but, err, there's a whole lot more than a million messages that have the same hash.
There are infinite collisions possible. Since the input can be anything, such as "avdd" repeated 10 billion times, it still needs a 32/50/whateverthehashuses character output.
It's 1 in 1, SHA-1 is a fake algorithm, if you look at the source code it only contains one line:
) ; }
void main(){ printf("0e3b4b06a6c6924bf2f62055bd78240815ee6c8a"
I just realized something about this idea (trigger happy mouse finger), for smaller hashes, you would know the maximum length for the original string.
/etc/shadow each time), each user account, and each processor even would also add another layer of security. That way, not only would each password have to be broken, but it would have to be broken FOR said computer, said user, and said login.
Instead, for strings x with len(x)
For strings with len(x) > ~70-90, this would be almost pointless though, however, for passwords this could work quite nicely.
This idea adds another layer of calculation on to this, the extra characters involved, and the amount of extra characters would create a harder to break algorithm.
Having a "key" dynamic to each login attempt (say something like 'dd if=/dev/urandom bs=50 count=1' each time a user logs in, and replacing that in some file and the hash in
This would limit an attacker's brute force to a specific account on a computer and an ~1 day period of time.
(unless the original message is shorter than the output of the hash and everyone who hashes it later absolutely knows the length of the original message).
This is what I'm thinking, we should have something that varies in length, but not to the identical ratio every time that other 2 way algorithms use.
What I'm saying is something like, len(hash(x))>len(x), but len(x) may possibly not be greater than len(x+y)...
If we use the data within that the hash is using to determine some random number, numbercreated+len(x) == len(hash(x)).
For example:
aaa - 2349184910xcjzxkvjvaioweiru
bbb - 9xzfjka
ccc - asd99
ddddddd - a201flxkckblxlcbkxclbks
ffffffff - akskdkk2k1lm
Using something like that might possibly create a more secure hash algorithm. Sure, it would require MORE data to store, but it would be safer to store than plaintext.
MD5(SHA-1(x)+x) is what he should have said, that would take a whole new level of brute forcing to break.
I'm not so sure, most of the geek community (well, a good chunk of it at least) uses IRC for their stuff, such as Linux distros.
The downside to this method is the bigger the network, the easier it is to have a rat/mole/whatever.
Wouldn't this be the first modenrn OS that doesn't let you play music out the box?
:-(
No. Linux is also considered to be a modern OS and it often doesn't include MP3 playback out of the box. OGG, yes, MP", no... Licensing issues
The only distros that don't have Mp3 playback support that I know of are RedHat and Fedora. RedHat isn't the only company that produces Linux, and actually, percentage wise, I believe it has the smallest market base (excluding RHEL for servers).
Your answer reeks of apathy.
My whole life reeks of apathy.
2 hours a week * 4 weeks a month * 6 months a year = 48 hours
That's two whole days I could have spent programming OSS, don't be mad when the next release of one of my apps is 2 days late!
You can selectively breed humans to be stronger, or whatever. You cannot selectively breed humans to grow 10 arms and be green.
I have not seen a 10 armed green human created by GM as of yet, please link me if I am wrong.
Sticking spider genes in people so they piss cobwebs is not natural and only attainable by GM.
This is why the MPAA has such a controlling market right now, everyone believes what they see in the movies.
No, Spider-Man isn't real, he's a comic book and an action movie. Also, it comes out of his wrist thingies, not his penis.
When you have a humongous lawn, and it takes 2 hours to mow it, it isn't that fun.
the servers of that site will fall under the weight of the 80% of slashdotters who get that URL correct.
80% of the Slashdotters that view the article, you mean.
So that knocks it down to 1%? No, that's too high.
We did not have to report it though, because it did not have anything to do with "intelligence".
That goes for 100% of the information controlled by the US government, as well. These guys just wanted to look cool and report it anyway.
true for most torrent sites, however, loki was also a tracker so they probably also have logs of IPs d/ling the movie/tv eries/whatever itself.
Yes, and no...
If they made logs, all they would have is just a bit more than "xx.xx.xx.xx/xx downloaded x.torrent", they would have "xx.xx.xx.xx/xx asked who has peices from x.torrent". They still don't have any evidence that the person downloaded the file. This is (in the analogy that grandparent noted) like buying a gun and bullets, but no proof that the bullets were ever put in the gun, and actually fired.
But, octopuses excel at figuring out mazes, picking locks, escaping cages, and most importantly hiding evidence of this from their keepers.
I wonder if you put a camera in the room (tiny, computer controlled, from a very secure computer), will a couple of hours of video just disappear from your logs one day? If so, then I guess Microsoft needs to employ these guys to locate security vulnerabilities...
This isn't about providing a service to existing users, many of whom are, on average, probably a little more savvy than the average internet user. It's about getting new users who are used to using IE.
Exactly, I've been holding off on switching my parents secretly to Firefox for a long time now. Why? Because they use Yahoo! Toolbar for IE. It would be an obvious switch, and I don't want it to be that obvious for them. With this toolbar, however, I think I could secretly swap browsers without them even noticing.
They are very conservative, and they think I'm crazy when I mention that there are other products besides ones that Microsoft makes. They are completely oblivious to almost everything, and to a certain extent think if they stray away from their daily routine, they are breaking the law in some way (yeah, I know)...
They don't realize how much freedom actually exists in the world, and it's scary at times to think what it would be like to live like them.
Think about it, if you discreetly look at some porn pics during a business meeting, will you automatically unzip your pants and start jerking off or can you pretend you are listening to the presentation? You probably can.
;)
Interesting point, but breasts rubbing against your face is a bit different than small pictures on a TV screen.
Oh wait this is Slashdot, forgot, nobody here knows the difference
On national TV? I don't know, same-sex (me bring straight) would make me more uncomfortable...
;)
More uncomfortable? Of course... would you be uncomfortable with an opposite sex person on top of you? No.
I said more DISTRACTED, which nobody who responded to my post seemed to be able to read. You would be more distracted with some chick rubbing up against you (hell, you might not even hear the question), than with a guy rubbing up against you. If a guy is rubbing up against you, you want it to stop, so you'll pay attention. Other way around, you probably won't want it to stop, so you will purposefully lose the question.
This is, of course, assuming you are a straight guy, not woman... but this is Slashdot
My favorites are the ones from the "drivers/net/sunhme.c" file of the Linux Kernel:
/* Welcome to Sun Microsystems, can I take your order please? */ ... /* Would you like fries with that? */ ... /* Anything else? */ ... /* Fifty-two cents is your change, have a nice day. */
/* We have a special on GNU/Viking hardware bugs today. */ ... /* Will that be all? */ ... /* Don't forget your vik_1137125_wa. Have a nice day. */
/* foo on you */
/* Lettuce, tomato, buggy hardware (no extra charge)? */
/* We're consolidating our STB products, it's your lucky day. */ ... /* Come back next week when we are "Sun Microelectronics". */ ... /* Remember: "Different name, same old buggy as shit hardware." */
/* Only Sun can take such nice parts and fuck up the programming interface
* like this. Good job guys...
*/