You're missing the point. They're after a feeling of power. Hell, I don't know many decent programmers who couldn't poison an ARP cache or at least try the most basic SQL injection techniques. The difference is: we build; they break. Where we get our kicks from having the power available if we wanted, they don't stop there and don't worry about the consequences. Geeks tend to be more self-controlled.
Snap! My mum did this too. Must remember to add it to techtales.com - it ranks with the one where she got me to reinstall AOL. I uninstall it, ask for the install disk and... "oh, don't worry", she says, "I'm going to download it".
Non-AOL users should note that the AOL software is apparently the one and only way of connecting to their systems...
And, with the apparent revisions to the page, it's quite hard to know what they originally said or how many went away with the wrong idea.
This is why not announcing revisions is bad.
Can't remember precisely what I wrote in the feedback form, but I did helpfully point him towards slashdot as a source of much discussion of his article. I hope he finds it as useful, informative and downright funny as I did whilst reading mincemeat being made of his "arguments". I would recommend that everyone fills in feedback - I think slashdotting their feedback team with rational argument would possibly make the point that Evans' views are neither accepted nor accurate.
Sheesh, writing like his is the reason hotheads create DoS viruses...
Normally I tune out any post with any swearword worse than "damn" in. But I strongly agree with this one.
There comes a point where national arrogance goes too far. Mr Arar was a citizen of a civilised country with no direct connections to terrorism, and he was passed on to a totally uncivilised country to be systematically tortured. I don't believe it reasonable that the US govt didn't know about this; if they honestly didn't then they should be kicked out for incompetence.
I'm hoping to go on an international student exchange to MIT next year (I'm a Cambridge student atm) and I personally would not be happy to be packed off to Saudi Arabia due to my writing subversive Slashdot posts. The US has committed what possibly counts as an act of war against a Canadian citizen. This is not acceptable. If America doesn't want its citizens shipped off to North Korea, it might want to stop playing fast and loose with people it has no jurisdiction over.
Worryingly, I was thinking roughly the same thing when I read this post... only problem is, what would happen if a new gravastar forms? I sense a whole new theory of matter coming on...
Someone tell this guy that proposing 4-dimensional theories is antisocial to the poor saps who automatically try to imagine how it'd work. I think I'm getting a migraine...
Not difficult to find that sort of info online and, frankly, the most important thing is having the nerve to try it. This is always the case with social engineering.
And that's what I'd class this issue as. The system itself is secure (apart from all the idiot/corrupt salesfolk). The only problem is that users have been convinced that the identity thief is a real ATM owner.
Seriously, they could stick a sign saying "atm" on the outside of a letterbox and people would use it:)
I guess that, as a society, we just have to make sure that it really isn't worth peoples' while to try this on. ATM fraud is unlikely to be that hard to track compared to other more ephemeral crimes, cos you've got a ruddy great device as evidence. The paper trail, if sufficient, should lead straight back to Randy Glass and his ilk.
And in this case the echo could start an avalanche. It's like giving out duplicates of someone's house key and claiming you haven't done anything wrong cos no-one's broken in yet. Especially now that this problem is in the public eye, there's a real risk of identity theft for these people.
And yet different ownership of critical information is, to use a very cliched example, what makes systems like RSA work. You don't want the world and his wife able to get at your bank account. Only in a perfect communist state could information be free - and then only because it's valueless. There would be nothing to protect.
I like the point on rights as priveleges by the way. Only addition I'd like to make is that this only works because power is outsourced to the government. Personally, I find the most appropriate model for this sort of issue is to consider the government as a very large company. Then we can see that "rights" just represent power that hasn't left the hands of the individual yet.
Our school's sysadmins were crap. No really. The secretarial server - with all the confidential student and teacher data - had the unicode bug and they refused to fix it, can't remember why. Eventually, a friend and I got bored of seeing all our personal details on show (unencrypted SIMS) and went round and fixed it in 2 minutes.
Our head of department once gave me a lecture over playing Flash games online cos they "could be virus-infected". If there's a way that this is possible, someone please tell me.
There was no defence against a simple promiscuous sniff, let alone ARP cache poisoning. This was a relief as, when the Head of IT "reconfigured" the email server to run on the wrong port, then left for a day's conference, one of my friends was able to reroute the school's mail via his laptop and send it on to the new port.
School IT staff are only in it cos they can't get jobs elsewhere...
Agreed on all counts. The GPL is the null copyright, the empty set of use restrictions. Correct me if I'm wrong, but it appears to only exist as a placeholder, to prevent someone else claiming the product.
Darl McBride is obviously not keen on the zero unless it appears in bulk on his paycheque.
Difference being that computer-related harrassment has comparatively little impact on those who aren't tech-savvy themselves. So nerds can only really bully other nerds this way. However, being punched in the face has the same effect whether you work out or not.
If I'd wanted at school, I could have run an entire harrassment campaign against those who bugged me very easily. It would have had no effect. These were people who, by year 10, hadn't yet found out what their username was.
And frankly, "cyberbullying" would be comparatively ineffective even against nerds. What one can break another can fix. And if all else fails there's always the "off" button. Life doesn't come with one of those, sadly.
Compared to physical violence and the existing social tortures that our darling children invent, this new "cyberbullying" has minimal effect. So quit inventing new labels for digital extensions of playground gossip and invest in some karate lessons. You'll be spending your time a lot more effectively.
I just applied for a/. account specifically to answer this post with a resounding DAMN YES. The British school system is locked rigid with a mixture of oversyllabising, avoidance of responsibility and just plain incompetence. Even the teachers with something to say get beaten down into echoes of the system.
I've just got out of the UK secondary school system and I've never been happier. No more stupid rules. No more getting shouted at cos I know all the stuff they're teaching and have thus fallen asleep.
Don't get me wrong, some of the teachers were nice, even if they didn't add much to the sum of my knowledge. But some were blatantly just there because they couldn't get jobs in the real world. Example: the admin server, with all the teachers' pay details and kids' reports on, had the Unicode DT bug. The IT dept actively ignored the pleas of a friend and mine to patch it. Eventually, we just went round to the admin dept and fixed it ourselves. This was the same IT department that doesn't let us play flash games cos of the risk of viruses.
There is life beyond A-levels though. I'm at Cambridge Uni now and loving every minute. The lecturers and supervisors don't just have a clue; they practically ARE the clue. Next year I am gonna be supervised by Dr Kelly, the guy who designed one of the key internet routing algorithms.
My advice: jump through the hoops and do it with style. Ignore all the stuff the teacher's spouting and just get on with the work. When you've finished a module, take the textbook for the next one out of the library and study that in lessons instead. Treat homework as a useful revision exercise for that stuff you learned months ago. Then, once you've applied to Cambridge or (heaven forfend) Oxford, I'll put in a good word for you:)
Slashdot Mirror
You're missing the point. They're after a feeling of power. Hell, I don't know many decent programmers who couldn't poison an ARP cache or at least try the most basic SQL injection techniques. The difference is: we build; they break. Where we get our kicks from having the power available if we wanted, they don't stop there and don't worry about the consequences. Geeks tend to be more self-controlled.
I never install RealPlayer. Anyone who puts that much malware in their program obviously doesn't have their heart in it.
Snap! My mum did this too. Must remember to add it to techtales.com - it ranks with the one where she got me to reinstall AOL. I uninstall it, ask for the install disk and... "oh, don't worry", she says, "I'm going to download it". Non-AOL users should note that the AOL software is apparently the one and only way of connecting to their systems...
Yes, the average informed /.er seems pretty sure that the SCO attack is a cover for the creation of a new swathe of open relays.
And, with the apparent revisions to the page, it's quite hard to know what they originally said or how many went away with the wrong idea. This is why not announcing revisions is bad.
Can't remember precisely what I wrote in the feedback form, but I did helpfully point him towards slashdot as a source of much discussion of his article. I hope he finds it as useful, informative and downright funny as I did whilst reading mincemeat being made of his "arguments". I would recommend that everyone fills in feedback - I think slashdotting their feedback team with rational argument would possibly make the point that Evans' views are neither accepted nor accurate. Sheesh, writing like his is the reason hotheads create DoS viruses...
Normally I tune out any post with any swearword worse than "damn" in. But I strongly agree with this one.
There comes a point where national arrogance goes too far. Mr Arar was a citizen of a civilised country with no direct connections to terrorism, and he was passed on to a totally uncivilised country to be systematically tortured. I don't believe it reasonable that the US govt didn't know about this; if they honestly didn't then they should be kicked out for incompetence.
I'm hoping to go on an international student exchange to MIT next year (I'm a Cambridge student atm) and I personally would not be happy to be packed off to Saudi Arabia due to my writing subversive Slashdot posts. The US has committed what possibly counts as an act of war against a Canadian citizen. This is not acceptable. If America doesn't want its citizens shipped off to North Korea, it might want to stop playing fast and loose with people it has no jurisdiction over.
Worryingly, I was thinking roughly the same thing when I read this post... only problem is, what would happen if a new gravastar forms? I sense a whole new theory of matter coming on...
Someone tell this guy that proposing 4-dimensional theories is antisocial to the poor saps who automatically try to imagine how it'd work. I think I'm getting a migraine...
...the students told on him. Personally, I've been through enough painfully boring lessons that I would never turn someone in for skipping the FUD.
Not difficult to find that sort of info online and, frankly, the most important thing is having the nerve to try it. This is always the case with social engineering.
And that's what I'd class this issue as. The system itself is secure (apart from all the idiot/corrupt salesfolk). The only problem is that users have been convinced that the identity thief is a real ATM owner.
Seriously, they could stick a sign saying "atm" on the outside of a letterbox and people would use it :)
I guess that, as a society, we just have to make sure that it really isn't worth peoples' while to try this on. ATM fraud is unlikely to be that hard to track compared to other more ephemeral crimes, cos you've got a ruddy great device as evidence. The paper trail, if sufficient, should lead straight back to Randy Glass and his ilk.
Wow, thanks for the alert. Somehow I doubt my IT dept were this up to date...
I was thinking more of things like account passwords. It's an extreme example, but I don't know of anyone who advocates making these public domain.
And in this case the echo could start an avalanche. It's like giving out duplicates of someone's house key and claiming you haven't done anything wrong cos no-one's broken in yet. Especially now that this problem is in the public eye, there's a real risk of identity theft for these people.
And yet different ownership of critical information is, to use a very cliched example, what makes systems like RSA work. You don't want the world and his wife able to get at your bank account. Only in a perfect communist state could information be free - and then only because it's valueless. There would be nothing to protect.
I like the point on rights as priveleges by the way. Only addition I'd like to make is that this only works because power is outsourced to the government. Personally, I find the most appropriate model for this sort of issue is to consider the government as a very large company. Then we can see that "rights" just represent power that hasn't left the hands of the individual yet.
Now there's a depresing thought...
Our school's sysadmins were crap. No really. The secretarial server - with all the confidential student and teacher data - had the unicode bug and they refused to fix it, can't remember why. Eventually, a friend and I got bored of seeing all our personal details on show (unencrypted SIMS) and went round and fixed it in 2 minutes.
Our head of department once gave me a lecture over playing Flash games online cos they "could be virus-infected". If there's a way that this is possible, someone please tell me.
There was no defence against a simple promiscuous sniff, let alone ARP cache poisoning. This was a relief as, when the Head of IT "reconfigured" the email server to run on the wrong port, then left for a day's conference, one of my friends was able to reroute the school's mail via his laptop and send it on to the new port.
School IT staff are only in it cos they can't get jobs elsewhere...
Slashdot lets subscribers have first dibs on stories, but it seems you can get to them from the "old stories" link anyway...
Agreed on all counts. The GPL is the null copyright, the empty set of use restrictions. Correct me if I'm wrong, but it appears to only exist as a placeholder, to prevent someone else claiming the product.
Darl McBride is obviously not keen on the zero unless it appears in bulk on his paycheque.
If I'd wanted at school, I could have run an entire harrassment campaign against those who bugged me very easily. It would have had no effect. These were people who, by year 10, hadn't yet found out what their username was.
And frankly, "cyberbullying" would be comparatively ineffective even against nerds. What one can break another can fix. And if all else fails there's always the "off" button. Life doesn't come with one of those, sadly.
Compared to physical violence and the existing social tortures that our darling children invent, this new "cyberbullying" has minimal effect. So quit inventing new labels for digital extensions of playground gossip and invest in some karate lessons. You'll be spending your time a lot more effectively.
I just applied for a /. account specifically to answer this post with a resounding DAMN YES. The British school system is locked rigid with a mixture of oversyllabising, avoidance of responsibility and just plain incompetence. Even the teachers with something to say get beaten down into echoes of the system.
I've just got out of the UK secondary school system and I've never been happier. No more stupid rules. No more getting shouted at cos I know all the stuff they're teaching and have thus fallen asleep.
Don't get me wrong, some of the teachers were nice, even if they didn't add much to the sum of my knowledge. But some were blatantly just there because they couldn't get jobs in the real world. Example: the admin server, with all the teachers' pay details and kids' reports on, had the Unicode DT bug. The IT dept actively ignored the pleas of a friend and mine to patch it. Eventually, we just went round to the admin dept and fixed it ourselves. This was the same IT department that doesn't let us play flash games cos of the risk of viruses.
There is life beyond A-levels though. I'm at Cambridge Uni now and loving every minute. The lecturers and supervisors don't just have a clue; they practically ARE the clue. Next year I am gonna be supervised by Dr Kelly, the guy who designed one of the key internet routing algorithms.
My advice: jump through the hoops and do it with style. Ignore all the stuff the teacher's spouting and just get on with the work. When you've finished a module, take the textbook for the next one out of the library and study that in lessons instead. Treat homework as a useful revision exercise for that stuff you learned months ago. Then, once you've applied to Cambridge or (heaven forfend) Oxford, I'll put in a good word for you :)
No kidding, you sound like Cambridge material