What about the webserver being accessible from http://216.250.128.20/ during the whole "attack" but not from http://www.sco.com ? Isn't this characteristic of a DNS transition fumble ?
So far the simplest explanation (thus the most probable according to Ockham) is that the webserver just had its IP address changed from 216.250.128.12 to 216.250.128.20 and SCO admins messed up or forgot (on purpose ?) the DNS update. And the website at http://216.250.128.20/ was very responsive during the whole "attack", which makes me doubt their ever was a saturation of bandwidth.
Why would SCO have two seperate load-balancers, with one being entirely _unused_ in the first place ? If the attack was targeted at one IP, why didn't they pull the back-up online (assuming it is a back-up) ?
Any way I look at it, it's still glaring of incompetence...
But if the website traffic is load-balanced across those multiple servers, wouldn't the server at 216.250.128.20 have been hit by the very same attack ? From the traceroute and DNS queries, it seemed to me that they had just changed their webserver's IP from 216.250.128.12 to 216.250.128.20, and messed up the DNS update and transition.
But this is actually a much worse security hole, in a sense, because there is no Software Update coming down the pike that fixes it - Apple has, so far, taken the position that this is a feature, not a bug.
There is no need for a patch, you can protect your computer by unchecking a box in Directory access. How many Windows vulnerabilities can be turned off that simply ?
Considering that most laymen always call Operating Systems "Windows" (as in: What Windows is running on your Mac ?) I'd say it can be argued that Windows is not only a common word, but it has also gone the way of Scotch adhesive tape: it has become a generic term.
Or perhaps making it so it costs them the same anyway. Like, diverting a given part of their taxes if they choose artists to benefit from it. Maybe it sounds socialist, but I think it would effectively prevent most abuses.
As a previous poster mentioned, authorship is essential, one must be given credit for his/her works, and maybe there's another way to give incentive to creation of intellectual work, based off this principle, compatible with full public disclosure.
I entirely second that. Replace it with anything else that would serve as a decent incentive for intellectual works creation, and end the madness.
One suggestion: set a percentage of VTA go to fund artists' retributions based on vouchers that are returned with tax surveys. No limit to copying so the works get distributed widely, and the more people appreciate these works the more money its author(s) get in return. And the label companies can still try to make money selling records.
Lance, let me tell you. It's not wrong for you to feel this way.... it's pathetic. Have you felt so diminished as a person this past summer, as wave after wave of virii pummeled your Windows box, that you now revel in the misfortune of others?
Don't worry, it's OK. Since no one had their Mac exploited by the "vulnerability" it's fine if he feels good about it.
The article is just a flamebait. The author blows an innocuous "exploit" which really is a feature (trusting local DHCP-provided authentication servers) out of proportion to bash on Macs. He does not even understand the alledged security breach:
"A series of seemingly innocuous default settings can cause an affected Mac OS X machine to trust a malicious machine on a network for user, group, and volume mounting settings."
So an attacker who can gain access to your network -- over a wired connection or wirelessly -- can trick an affected system into trusting a rogue machine, and when the compromised machine reboots, take it over and even attack other systems on the network.
The truth is that the Mac OS is just as vulnerable as Microsoft Windows. Overall, maybe OS X is better than Windows, but that's not the point. Panther, for example, is a great OS, but it's also complex, and complexity leaves room for gaps -- some small, some not.
Hmm, nice try, but to gain access you need local access to the network, not remote. Plus the target must have LDAP or Netinfo on with DHCP. And it has to reboot (uptimes for my Macs are $current_date - $date_of_last_security_update). Besides, it is corrected in the 5/12/2003 security update for Panther.
If the car industry was run the same way the record industry is run in the US, there'd be a Car Industry Association of America monopolizing all the sales of cars. Used cars and foreign cars sales would be illegal, and GM and Ford would enforce speed limits - by shooting in your tires.
It's funny that you compare the RIAA with Government departments. I think the RIAA has been a fully qualified Governmental insititution for a long time now. Think about it: they can lobby laws into existance, they have political and juridical influence, and above all they have had growing enforcement powers.
But of course, being an association of sane, properly-american capitalist corporations, it ain't restricted the same way as official Government depts. *Cough* What do you call a government-endorsed monopoly already ?
It all depends on whether Domain Keys gets the public key of the domain from a server or if it uses a local set of public keys and white list of certified domains set up by the admin. I wish for the latter.
Seriously. This solution needs the cooperation of most. It is the exact solution I have been longing for, and to be successful when it is released it needs every significant domain to follow suit. Your ISP won't use Domain Keys ? Rant to them till they do ! They still won't ? Set up your own MX and sign in to the certified network. Have your friends and relatives get aboard too.
As soon as the certified network is considered a valid alternative to the current spam-ridden, scam-infested open email exchange system people will switch boards in a blink... provided it is easy enough to get a certificate.
Well I'm a Network&Telecommunications Engineer, and their plan makes a lot of sense and looks solid to me.
This is basically SSL tagging for emails. Have a mail server and domain, have your own private key, sign every of your email and they'll be distributed across the certified network. Abuse the system and your key is revoked/refused by the rest of the network. Don't have a key and domain, or forge the header to abuse your ISP's mail service ? No cookie for you.
There's simply no other way to deal with an offensive crackpot. You cannot reason them. You cannot make them change their mind. Hopefully you can make the go away.
Copyright Law takes its origin in the will to protect the revenues of authors / musicians / other artists, so that they have an incentive to create. Right ?
Originally it protected the real authors from the misappropriation by others and ill-profiting from their works. Right ? This particular intent was first turned into a travesty when the middle-men started buying these rights from the authors to enforce it themselves. It even agravated when they launched the infamous "Work for hire" type contracts, where the author is totally deprived of authorship.
Now it goes even further: they are expanding the travestied concept (based on an unnatural compromise between public domain and a need for incentives to create, originally) of copyright to leverage more and more control and extort more money from each side of the industry ?
And, pray-tell, what will happen when the Associated Agents rule almighty on culture and distribution of information, and collect the Tax on Everything Digital ? All this in the name of a parody of an already flimsy concept of "copyright". Sheesh.
Seems to me they don't understand much about the whole thing, really. We keep hering about global warming, yet the winters here have been colder and colder. And that's not counting the surge of floods lately in Europe.
Personally, I think the governments of the world are scared to death of people getting out of their reach. Governments, like any entity, don't like to lose their source of wealth and power and they absolutely hate competition.
Ever tried to "opt-out" of the tax/public services system ? You cannot, you're tossed in jail. Ever tried to do away from the government's money monopoly ? Same result. Many people tried to create their own countries, so far only one managed to do it (Major Bates with the Sealand Principality). All the others were destroyed / annexed by nearby sovereign nations.
Before space travel and space settling become cheap enough that individuals can afford it, there'll be governmental backlashes, attempts to regulate and control it all. Bureaucracy will strangle everything out of fear.
Slashdot Mirror
What about the webserver being accessible from http://216.250.128.20/ during the whole "attack" but not from http://www.sco.com ? Isn't this characteristic of a DNS transition fumble ?
So far the simplest explanation (thus the most probable according to Ockham) is that the webserver just had its IP address changed from 216.250.128.12 to 216.250.128.20 and SCO admins messed up or forgot (on purpose ?) the DNS update. And the website at http://216.250.128.20/ was very responsive during the whole "attack", which makes me doubt their ever was a saturation of bandwidth.
Why would SCO have two seperate load-balancers, with one being entirely _unused_ in the first place ? If the attack was targeted at one IP, why didn't they pull the back-up online (assuming it is a back-up) ?
Any way I look at it, it's still glaring of incompetence...
But if the website traffic is load-balanced across those multiple servers, wouldn't the server at 216.250.128.20 have been hit by the very same attack ? From the traceroute and DNS queries, it seemed to me that they had just changed their webserver's IP from 216.250.128.12 to 216.250.128.20, and messed up the DNS update and transition.
Then please kindly explain why the website was still available at http://216.250.128.20/ ?
But this is actually a much worse security hole, in a sense, because there is no Software Update coming down the pike that fixes it - Apple has, so far, taken the position that this is a feature, not a bug.
There is no need for a patch, you can protect your computer by unchecking a box in Directory access. How many Windows vulnerabilities can be turned off that simply ?
Considering that most laymen always call Operating Systems "Windows" (as in: What Windows is running on your Mac ?) I'd say it can be argued that Windows is not only a common word, but it has also gone the way of Scotch adhesive tape: it has become a generic term.
Or perhaps making it so it costs them the same anyway. Like, diverting a given part of their taxes if they choose artists to benefit from it. Maybe it sounds socialist, but I think it would effectively prevent most abuses.
As a previous poster mentioned, authorship is essential, one must be given credit for his/her works, and maybe there's another way to give incentive to creation of intellectual work, based off this principle, compatible with full public disclosure.
I entirely second that. Replace it with anything else that would serve as a decent incentive for intellectual works creation, and end the madness.
One suggestion: set a percentage of VTA go to fund artists' retributions based on vouchers that are returned with tax surveys. No limit to copying so the works get distributed widely, and the more people appreciate these works the more money its author(s) get in return. And the label companies can still try to make money selling records.
I just installed Panther on my 'book. LDAP was off by default.
Lance, let me tell you. It's not wrong for you to feel this way .... it's pathetic. Have you felt so diminished as a person this past summer, as wave after wave of virii pummeled your Windows box, that you now revel in the misfortune of others?
Don't worry, it's OK. Since no one had their Mac exploited by the "vulnerability" it's fine if he feels good about it.
Not that we actually care...
The article is just a flamebait. The author blows an innocuous "exploit" which really is a feature (trusting local DHCP-provided authentication servers) out of proportion to bash on Macs. He does not even understand the alledged security breach:
"A series of seemingly innocuous default settings can cause an affected Mac OS X machine to trust a malicious machine on a network for user, group, and volume mounting settings."
So an attacker who can gain access to your network -- over a wired connection or wirelessly -- can trick an affected system into trusting a rogue machine, and when the compromised machine reboots, take it over and even attack other systems on the network.
The truth is that the Mac OS is just as vulnerable as Microsoft Windows. Overall, maybe OS X is better than Windows, but that's not the point. Panther, for example, is a great OS, but it's also complex, and complexity leaves room for gaps -- some small, some not.
Hmm, nice try, but to gain access you need local access to the network, not remote. Plus the target must have LDAP or Netinfo on with DHCP. And it has to reboot (uptimes for my Macs are $current_date - $date_of_last_security_update). Besides, it is corrected in the 5/12/2003 security update for Panther.
If the car industry was run the same way the record industry is run in the US, there'd be a Car Industry Association of America monopolizing all the sales of cars. Used cars and foreign cars sales would be illegal, and GM and Ford would enforce speed limits - by shooting in your tires.
It's funny that you compare the RIAA with Government departments. I think the RIAA has been a fully qualified Governmental insititution for a long time now. Think about it: they can lobby laws into existance, they have political and juridical influence, and above all they have had growing enforcement powers.
But of course, being an association of sane, properly-american capitalist corporations, it ain't restricted the same way as official Government depts. *Cough* What do you call a government-endorsed monopoly already ?
I think Apple owns the trademark for "Next" in the OS market.
This system does not ties your email with your identity, but with a domain name.
It all depends on whether Domain Keys gets the public key of the domain from a server or if it uses a local set of public keys and white list of certified domains set up by the admin. I wish for the latter.
Seriously. This solution needs the cooperation of most. It is the exact solution I have been longing for, and to be successful when it is released it needs every significant domain to follow suit. Your ISP won't use Domain Keys ? Rant to them till they do ! They still won't ? Set up your own MX and sign in to the certified network. Have your friends and relatives get aboard too.
As soon as the certified network is considered a valid alternative to the current spam-ridden, scam-infested open email exchange system people will switch boards in a blink... provided it is easy enough to get a certificate.
CNN link for your enjoyment. GoogleNews is your friend.
Well I'm a Network&Telecommunications Engineer, and their plan makes a lot of sense and looks solid to me.
This is basically SSL tagging for emails. Have a mail server and domain, have your own private key, sign every of your email and they'll be distributed across the certified network. Abuse the system and your key is revoked/refused by the rest of the network. Don't have a key and domain, or forge the header to abuse your ISP's mail service ? No cookie for you.
There's simply no other way to deal with an offensive crackpot. You cannot reason them. You cannot make them change their mind. Hopefully you can make the go away.
Copyright Law takes its origin in the will to protect the revenues of authors / musicians / other artists, so that they have an incentive to create. Right ?
Originally it protected the real authors from the misappropriation by others and ill-profiting from their works. Right ? This particular intent was first turned into a travesty when the middle-men started buying these rights from the authors to enforce it themselves. It even agravated when they launched the infamous "Work for hire" type contracts, where the author is totally deprived of authorship.
Now it goes even further: they are expanding the travestied concept (based on an unnatural compromise between public domain and a need for incentives to create, originally) of copyright to leverage more and more control and extort more money from each side of the industry ?
And, pray-tell, what will happen when the Associated Agents rule almighty on culture and distribution of information, and collect the Tax on Everything Digital ? All this in the name of a parody of an already flimsy concept of "copyright". Sheesh.
Researchers don't know why this is.
Seems to me they don't understand much about the whole thing, really. We keep hering about global warming, yet the winters here have been colder and colder. And that's not counting the surge of floods lately in Europe.
Can they enforce their patents in Europe ? What will be the consequence for Euro-based device manufacturers ?
Personally, I think the governments of the world are scared to death of people getting out of their reach. Governments, like any entity, don't like to lose their source of wealth and power and they absolutely hate competition.
Ever tried to "opt-out" of the tax/public services system ? You cannot, you're tossed in jail. Ever tried to do away from the government's money monopoly ? Same result. Many people tried to create their own countries, so far only one managed to do it (Major Bates with the Sealand Principality). All the others were destroyed / annexed by nearby sovereign nations.
Before space travel and space settling become cheap enough that individuals can afford it, there'll be governmental backlashes, attempts to regulate and control it all. Bureaucracy will strangle everything out of fear.