Nah, too easy. First, we agree on an acceptable definition of a dog, and define some of the characteristics of a dog. For example, dogs eat, and they defecate. So we leave a plate of food there, and observe to see if the food disappears. Then we wait to see if something appears several hours later -- of course, that might be invisible too, in which case we've just elevated the "setting fire and stamping on the paper bag on the porch after the doorbell rings" meme to a whole new level.
Sorry, you're right -- you have misunderstood. Any switched network will happily deliver packets to the wrong port if the MITM has used ARP cache poisoning, by feeding fake ARP information to the client and server -- the switch won't protect you from being sniffed unless it locks MAC addresses to IP addresses (which most switches don't do.)
As I see it, the only options are:
1) Eliminate ARP entirely, by locking ARP caches with fixed addresses of critical devices (an administrative nightmare); 2) Use an IDS to look for bogus ARP chatter, and respond very quickly to illegal injections.
Naturally, my company designs software to do the latter. We scan the CAM tables of all switches constantly, and correlate with the ARP caches on routers, and alert on any discrepancies. We sell only into high-end security accounts, including Banks.
The problem is not breaking SSL. The problem is that tools like ettercap and CAIN (for Windows) can perform a Man In the Middle attack, where they use ARP cache poisoning to interpose themselves between the SSL client and SSL server BEFORE the session is established. Then, when the client tries to connect to the server, the MITM will fetch the client information, and use it to establish its own session to the server -- then quickly fake a certificate which it feedback back to the client.
Admittedly, most browsers will detect this, and throw up a dialogue box -- but due to poor training or understanding of security, 99% of users will simply click away the warning to get their application, and will happily login and access information, while the MITM steals all packets without having to attack the encryption.
SSL and SSHv1 are both vulnerable to this type of attack. SSHv2 and IPSEC will resist it, and fail the connection, which is correct behaviour.
For those Slashdotters in Austria, here is a student newspaper wherein a lawyer describes (on page 9 of the PDF) a recent case he defended against the RIAA's equivalent in Austria.
The case was based on Kazaa -- the young woman was forced to pay up to 200 Euros per song for future downloads. So this type of craziness is not limited only to USA and Australia -- Central Europe is also under attack.
And don't forget that Janeway was happy to violate the prime directive when it was trumped by the Omega directive.
(The episode concerned the intervention in a pre-warp culture that was experimenting with Omega particles/atoms, which had the potential to severely damage subspace -- and 7 of 9 had her religious experience due to the "perfection" of the Omega atom.)
For a game which is challenging, but which requires slow and thoughtful mouse clicks (not fast twitch reflexes), I would try Myst Revelation. It has a very nice immersive environment, and some challenging puzzles to ponder. Time doesn't seem to be an issue with it.
Avoid Blizzard games. They are the digital equivalent of crack. Once you get hooked on your habit, you'll end up spending hundreds of hours online each month, and of course you'll keep paying for the privilege. I should know, I had several 90+ characters (including a 99 lvl 'zon) in Diablo II.
I finally wised up, went cold turkey, and got a life. Went to the gym, started lifting weights, cardio, and basically spending quality time with the people I love.
I predict that games like WoW will become even more immersive, especially when being used on 42 inch Plasma displays, with Dolby 5.1 surround sound... damn, I think I'm recidivising..... and as a result, will become even more addictive. In future, AlAnon and NarcAnon will be joined by MMRPGAnon.
Hi, my name is Hruk the 45 lvl Barbarian, and I'm a Gaming addict.
Don't forget that Frank Herbert (of "Dune" fame) also wrote of people who did the work of computers, the "mentats." In his case, this was a deliberate choice, due to the earlier problems with rogue AIs.
Just to clarify what appears to be confusion. OpenSSL provides the key exchange and authentication options within OpenVPN, but doesn't handle the tunneling. Instead, OpenVPN uses ESP, the same as IPSec. Basically, think of it as the IPSec payload, but without AH or IKE, running over UDP. While many SSL/TLS tunnels use TCP, this is not required with OpenVPN. See the OpenVPN security model for details.
By default, OpenVPN uses UDP, so the problem of TCP tunneling inside TCP doesn't need to happen (although in my experience is minimal except on heavily congested or small MTU links.) I think the parent post isn't referring to using OpenVPN with TCP (although this can be done). [Aside: TCP inside TCP isn't really a problem with packet counters, it's the sliding windows and retransmissions which causes problems.]
I've used many VPN solutions, starting with proprietary (Raptor with IPIP), through to MS PPtP and IPSec (FW-1), and have also sold solutions based on FreeS/WAN, but have found OpenVPN the most simple to use and configure.
Another advantage of OpenVPN is it can tunnel at layer 2 or layer 3, i.e., you can use it to bridge or route. It will happily support host to host, host to LAN and LAN to LAN.
Its Windows client plays nice with Linux endpoints, and because it uses OpenSSL, it has very flexible keying and certificate handling options.
Its only downside is lack of interoperability with IPSec-based solutions -- but if that's a requirement, then look at OpenS/WAN.
Bottom line: if you need to build up a low cost, flexible VPN solution based only on software, with full source code available and full of features (like dynamic end-points) then OpenVPN is a great choice. It also avoids the hassle of NAT-T which IPSec has to use due to address translation.
I am no geologist, but I wonder too about the relationship here between Earth's magnetic field changes and the two recent high magnitude quakes. Yes I know that these quakes are linked to subduction zones of the major plates, but at the same time I am thinking about the rotation of earth's magnetic core. If there is a major flip of the field, can we assume it is purely associated with field changes, or might there be some physical turbulence at lower levels, which manifest as quakes.
How can we test this hypothesis? Simple. Do some comparitive measurements of magnetic field strength and direction at the two locations which experienced major quakes. I suspect there may be a correlation, and further predict major tremblors in the near future, linked to an acceleration of magentic field changes, especially ELF magnetic signals.
Just to explain for the language impaired. In the German language, "Wix" relates (although with a slightly different spelling) to the word for masturbation, therefore getting one's feet wet as a result of "wix" is seriously funny for German speakers, and not something to enjoy.
Here's what I get, both with perl Makefile.pl and perl CPAN:
[root@actrix Mail-SpamAssassin-3.0.0]# perl Makefile.PL What email address or URL should be used in the suspected-spam report text for users who want more information on your filter installation? (In particular, ISPs should change this to a local Postmaster contact) default text: [the administrator of that system] decoy@actrix.co.at
Check network rules during 'make test' (test scripts may fail due to network problems)? (y/n) [n]
Run SQL-based Auto-whitelist tests during 'make test' (additional information required) (y/n) [n]
Run Bayes SQL storage tests during 'make test' (additional information required)? (y/n) [n]
<b>Warning: I could not locate your pod2man program. Please make sure,
your pod2man program is in your PATH before you execute 'make' </b> Writing Makefile for Mail::SpamAssassin Makefile written by ExtUtils::MakeMaker 6.03 [root@actrix Mail-SpamAssassin-3.0.0]# echo $PATH /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bi n:/usr/local/sbin:/usr/bin/X11:/usr/X11R6/bin:/roo t/bin [root@actrix Mail-SpamAssassin-3.0.0]# <b>whereis pod2man pod2man:/usr/bin/pod2man/usr/share/man/man1/pod2man.1.gz</b> [root@actrix Mail-SpamAssassin-3.0.0]# pod2man -v </dev/null
.\" Automatically generated by Pod::Man v1.34, Pod::Parser v1.13
I'm shocked and surprised that no-one has even begun to consider the effects of fusion waste products, specifically Di-Hydrogen Monoxide. This substance has killed millions of people in the last hundred or so years, yet no one seems to DO anything about it.
According to the DHMO FAQ, this lethal substance is responsible for:
Death due to accidental inhalation of DHMO, even in small quantities.
Prolonged exposure to solid DHMO causes severe tissue damage.
Excessive ingestion produces a number of unpleasant though not typically life-threatening side-effects.
DHMO is a major component of acid rain.
Gaseous DHMO can cause severe burns.
Contributes to soil erosion.
Leads to corrosion and oxidation of many metals.
Contamination of electrical systems often causes short-circuits.
Exposure decreases effectiveness of automobile brakes.
Found in biopsies of pre-cancerous tumors and lesions.
Often associated with killer cyclones in the U.S. Midwest and elsewhere.
Thermal variations in DHMO are a suspected contributor to the El Nino weather effect.
Please do your part in warning your friends of this dangerous substance.
What a beautiful world anthology is. It comes from the Greek for a gathering of flowers, and in literature means a collection of works. Harry Fuecks, a very frequent contributor to the SitePoint community PHP forums, has gathered a bouquet of PHP best practices in a new book.
I'm somehow grateful you didn't use the word nosegay.
While it is true that there are six official languages in the UN Secretariat, I can tell you that German has a de facto status, due to the presence of the third-largest duty station in Vienna, Austria -- and as a result, many UN staffers work in German, especially when dealing with local infrastructure. I used to work for the UN in Vienna, and can confirm that official documents are translated usually from English into the other five official languages, but 99% of all interactions in New York and Vienna occur in English, with French being dominant in Geneva.
There is an existing Working Time Directive (not with the force of law, but which would be supported by laws enacted in each EU state) which restricts the hourly work to 48 hours. Only one country, the UK, has an opt-out option, which allows employers to ask their employees to work longer, if the latter agree. That opt-out is now the subject of some debate.
The piece you reference was cotemporaneous with the original paper, which was indeed published over two years ago. This latest piece is an update published in the June 2004 edition of The Walrus, which has just been slashdotted up the wazoo. Anyone grab a mirror?
Anyway, if you are able to read the article, you'll find a lot more in-depth analysis of the original paper, plus comparisons with other gaming systems and economic activity -- including extortion, prostitution, outsourcing (the Black Snow gang in Mexico) and even the disproportionate dominance of male gender characters.
Slashdot Mirror
Nah, too easy. First, we agree on an acceptable definition of a dog, and define some of the characteristics of a dog. For example, dogs eat, and they defecate. So we leave a plate of food there, and observe to see if the food disappears. Then we wait to see if something appears several hours later -- of course, that might be invisible too, in which case we've just elevated the "setting fire and stamping on the paper bag on the porch after the doorbell rings" meme to a whole new level.
Sorry, you're right -- you have misunderstood. Any switched network will happily deliver packets to the wrong port if the MITM has used ARP cache poisoning, by feeding fake ARP information to the client and server -- the switch won't protect you from being sniffed unless it locks MAC addresses to IP addresses (which most switches don't do.)
As I see it, the only options are:
1) Eliminate ARP entirely, by locking ARP caches with fixed addresses of critical devices (an administrative nightmare);
2) Use an IDS to look for bogus ARP chatter, and respond very quickly to illegal injections.
Naturally, my company designs software to do the latter. We scan the CAM tables of all switches constantly, and correlate with the ARP caches on routers, and alert on any discrepancies. We sell only into high-end security accounts, including Banks.
The problem is not breaking SSL. The problem is that tools like ettercap and CAIN (for Windows) can perform a Man In the Middle attack, where they use ARP cache poisoning to interpose themselves between the SSL client and SSL server BEFORE the session is established. Then, when the client tries to connect to the server, the MITM will fetch the client information, and use it to establish its own session to the server -- then quickly fake a certificate which it feedback back to the client.
Admittedly, most browsers will detect this, and throw up a dialogue box -- but due to poor training or understanding of security, 99% of users will simply click away the warning to get their application, and will happily login and access information, while the MITM steals all packets without having to attack the encryption.
SSL and SSHv1 are both vulnerable to this type of attack. SSHv2 and IPSEC will resist it, and fail the connection, which is correct behaviour.
Great idea -- so why not code a patch and submit it to the Slashcode CVS?
For those Slashdotters in Austria, here is a student newspaper wherein a lawyer describes (on page 9 of the PDF) a recent case he defended against the RIAA's equivalent in Austria.
The case was based on Kazaa -- the young woman was forced to pay up to 200 Euros per song for future downloads. So this type of craziness is not limited only to USA and Australia -- Central Europe is also under attack.
And don't forget that Janeway was happy to violate the prime directive when it was trumped by the Omega directive.
(The episode concerned the intervention in a pre-warp culture that was experimenting with Omega particles/atoms, which had the potential to severely damage subspace -- and 7 of 9 had her religious experience due to the "perfection" of the Omega atom.)
For a game which is challenging, but which requires slow and thoughtful mouse clicks (not fast twitch reflexes), I would try Myst Revelation. It has a very nice immersive environment, and some challenging puzzles to ponder. Time doesn't seem to be an issue with it.
A word from the wise(guy):
Avoid Blizzard games. They are the digital equivalent of crack. Once you get hooked on your habit, you'll end up spending hundreds of hours online each month, and of course you'll keep paying for the privilege. I should know, I had several 90+ characters (including a 99 lvl 'zon) in Diablo II.
I finally wised up, went cold turkey, and got a life. Went to the gym, started lifting weights, cardio, and basically spending quality time with the people I love.
I predict that games like WoW will become even more immersive, especially when being used on 42 inch Plasma displays, with Dolby 5.1 surround sound... damn, I think I'm recidivising..... and as a result, will become even more addictive. In future, AlAnon and NarcAnon will be joined by MMRPGAnon.
Hi, my name is Hruk the 45 lvl Barbarian, and I'm a Gaming addict.
The head of government of the UK (which includes England) is Liz Windsor, or Queen Elizabeth II to the plebs. Tony bLiar is Prime Minister.
Don't forget that Frank Herbert (of "Dune" fame) also wrote of people who did the work of computers, the "mentats." In his case, this was a deliberate choice, due to the earlier problems with rogue AIs.
Damn, there's never a moderation option for +1 Troll when you need it. Great work, Mosel!
Just to clarify what appears to be confusion. OpenSSL provides the key exchange and authentication options within OpenVPN, but doesn't handle the tunneling. Instead, OpenVPN uses ESP, the same as IPSec. Basically, think of it as the IPSec payload, but without AH or IKE, running over UDP. While many SSL/TLS tunnels use TCP, this is not required with OpenVPN. See the OpenVPN security model for details.
By default, OpenVPN uses UDP, so the problem of TCP tunneling inside TCP doesn't need to happen (although in my experience is minimal except on heavily congested or small MTU links.) I think the parent post isn't referring to using OpenVPN with TCP (although this can be done). [Aside: TCP inside TCP isn't really a problem with packet counters, it's the sliding windows and retransmissions which causes problems.]
I've used many VPN solutions, starting with proprietary (Raptor with IPIP), through to MS PPtP and IPSec (FW-1), and have also sold solutions based on FreeS/WAN, but have found OpenVPN the most simple to use and configure.
Another advantage of OpenVPN is it can tunnel at layer 2 or layer 3, i.e., you can use it to bridge or route. It will happily support host to host, host to LAN and LAN to LAN.
Its Windows client plays nice with Linux endpoints, and because it uses OpenSSL, it has very flexible keying and certificate handling options.
Its only downside is lack of interoperability with IPSec-based solutions -- but if that's a requirement, then look at OpenS/WAN.
Bottom line: if you need to build up a low cost, flexible VPN solution based only on software, with full source code available and full of features (like dynamic end-points) then OpenVPN is a great choice. It also avoids the hassle of NAT-T which IPSec has to use due to address translation.
I am no geologist, but I wonder too about the relationship here between Earth's magnetic field changes and the two recent high magnitude quakes. Yes I know that these quakes are linked to subduction zones of the major plates, but at the same time I am thinking about the rotation of earth's magnetic core. If there is a major flip of the field, can we assume it is purely associated with field changes, or might there be some physical turbulence at lower levels, which manifest as quakes.
How can we test this hypothesis? Simple. Do some comparitive measurements of magnetic field strength and direction at the two locations which experienced major quakes. I suspect there may be a correlation, and further predict major tremblors in the near future, linked to an acceleration of magentic field changes, especially ELF magnetic signals.
> My friends love using quantifiers on values that can'be given a number:
> "I have hundreds of luck. HUNDREDS!"
I'm sorry, that's only three funny.
Just to explain for the language impaired. In the German language, "Wix" relates (although with a slightly different spelling) to the word for masturbation, therefore getting one's feet wet as a result of "wix" is seriously funny for German speakers, and not something to enjoy.
Here's why:
1) Palladium will prevent wide-spread piracy of existing software, such as Photoshop, MS Office and Quickbooks.
2) Users will want to get software which does this, so they will turn in desperation to Gimp, OpenOffice.org and GNUCash.
3) Local open-source advocates will earn $$$ from supporting these applications.
4) Profit! (for everyone but the convicted monopolists.)
I wish Snort had intrusion prevention capability. = wink wink=
You mean like the Snort Inline capability which has now been included in the 2.3 version?
According to the DHMO FAQ, this lethal substance is responsible for:
Please do your part in warning your friends of this dangerous substance.
What a beautiful world anthology is. It comes from the Greek for a gathering of flowers, and in literature means a collection of works. Harry Fuecks, a very frequent contributor to the SitePoint community PHP forums, has gathered a bouquet of PHP best practices in a new book.
I'm somehow grateful you didn't use the word nosegay.
While it is true that there are six official languages in the UN Secretariat, I can tell you that German has a de facto status, due to the presence of the third-largest duty station in Vienna, Austria -- and as a result, many UN staffers work in German, especially when dealing with local infrastructure. I used to work for the UN in Vienna, and can confirm that official documents are translated usually from English into the other five official languages, but 99% of all interactions in New York and Vienna occur in English, with French being dominant in Geneva.
Bzzzt! Wrong, sorry, next contestant.
There is an existing Working Time Directive (not with the force of law, but which would be supported by laws enacted in each EU state) which restricts the hourly work to 48 hours. Only one country, the UK, has an opt-out option, which allows employers to ask their employees to work longer, if the latter agree. That opt-out is now the subject of some debate.
For more information, check this link.
And for even more fun, check out the Web site of the good Dr. C., where he offers tools to monitor eBay for auctions of gaming items.
The piece you reference was cotemporaneous with the original paper, which was indeed published over two years ago. This latest piece is an update published in the June 2004 edition of The Walrus, which has just been slashdotted up the wazoo. Anyone grab a mirror?
Anyway, if you are able to read the article, you'll find a lot more in-depth analysis of the original paper, plus comparisons with other gaming systems and economic activity -- including extortion, prostitution, outsourcing (the Black Snow gang in Mexico) and even the disproportionate dominance of male gender characters.