Did you see the special movie finale? Crichton opened up a wormhole that threatened to tear apart the space-time fabric of the universe, and in so doing forced the Scarans and the Peacekeepers to the bargaining table; a treaty was signed, with the entire process being overseen by Scorpie; Chrichton lost his best friend in the final battle, became a father of a boy by Erin Sun, and named his newborn son after his fallen comrade.
</SPOILER ALERT>
So what would they do as a follow-up? Join forces with Jesus Christ to save Santa Claus from Saddam Hussein?
This is definitevely good as far as IT goes, but as a construction company only a fraction of our business is in the office (450 field people, 50 office, 3 IT), the rest is guys digging trenches and pouring concrete... For example, one of our great successes last year was not getting better servers and dramatically increase uptime and all kinds of good IT things, but was spending a couple of days writing a small Access app to import budgets from one system to another via ODBC so we can tell if we are losing money on the field or not.
It sounds like you've got 400 guys in the field [most of whom don't use IT], and about 50 guys [-n- gals] in management who do use IT. Your IT department is 3 people, i.e. you've got a working ratio of about 50 to 3, and you outsource development
Now consider the days that the three of you worked last year:
[3 employees] X [50 weeks per year] X [5 days per week] = 750 employee days per year
Of those, only "a couple of days writing a small Access app" were really fruitful; much of the rest may very well have been a waste of money.
So it's entirely possible that your company could get by on maybe one grunt [to push the extremely critical Microsoft updates on the first Tuesday of every month], and then maybe some fraction of a year's worth of a consultant to coordinate the outsourcing and to throw together the occasional Access app.
I.e. a bean counter might say that they should fire one employee outright, and fire you as well, but keep you on retainer as a "consultant" for 3 to 6 months a year. On paper, it might save them a good $150,000 per year.
Now of course, they may try a stunt like that, and discover that you guys were worth your weight in gold, but, as they say, experience comes from making mistakes...
On the other hand, they may try a stunt like that and discover that you really were dead weight after all.
Anyway, moral of the story is that you must never be afraid to ponder some ugly truths like these.
Martha Stewart was never charged with securities fraud or insider trading -- well, actually she was, but the charges were dropped quickly when the investigation didn't turn anything up. What sent Martha to prison for five months followed by five months of home confinement was lying to federal investigators.
Martha & Scooter Libby, BTW, both made the same mistake: When talking to investigators, they made the MISTAKE of assuming that they had done something illegal, when in fact they had not.
In Martha's case, she assumed that she was guilty of insider trading, when in fact she was not: She traded on information supplied by her stock brocker, WHICH IS NOT ILLEGAL. In Scooter Libby's case, he assumed that he had done something illegal by talking with the press, BUT IN FACT HE HAD DONE NOTHING ILLEGAL WHATSOEVER.
Slashdotters: If you ever find yourself being interrogated by a law enforcement officer [or a local/state/federal district attorney], begin the conversation by asking, "Why are we here? What crime do you believe has been committed? Would you please show me the specific statute that you believe has been violated?"
If the LEOs or DAs won't answer those questions, then THEY ARE ON A FISHING EXPEDITION and [assuming no one's life or health is in danger] you have absolutely no duty whatsoever to answer their questions.
But for the sake of goodness, do not open your mouth and start lying to them. Just tell them the conversation is over and get up and leave.
Look, money is a perfectly fine motivation for script kiddies and Nigerian scam artists and ex-KGB Russian/Ukrainian mafiosi.
But there's an outfit sitting behind a router in the PRC that has a different motivation; something along the lines of "Geopolitical World Dominance":
The Invasion of the Chinese Cyberspies
(And the Man Who Tried to Stop Them)
...The hackers he was stalking, part of a cyberespionage ring that federal investigators code-named Titan Rain, first caught Carpenter's eye a year earlier when he helped investigate a network break-in at Lockheed Martin in September 2003. A strikingly similar attack hit Sandia several months later, but it wasn't until Carpenter compared notes with a counterpart in Army cyberintelligence that he suspected the scope of the threat...
2 o 3 spare hard disk, 1 GB ram, the hardware you need and the bugdet you have...
With the possible exception of hard disks, the part that is [overwhelmingly] the most likely to fail, and, several years down the road, among the most difficult to replace [because form factors will have moved on to new standards] is the power supply.
Always purchase several extra power supplies for any mission critical system.
Again, if that happens I don't think saving your pictures of the family trip to Disneyworld will be all that important.
Look, the pics of the trip to Disneyworld might not be all that big a deal.
But, as a slightly different example, my Dad has been working on a family genealogy for more than fifteen years now [started on an Apple IIe, moved to a NeXTStation, then to NT 4.0/Windows 2000 on a gray box], and at this point, he's in the general vicinity of 1000 pages of edited/proof-read text.
Now his little genealogical history of our family has absolutely no financial value whatsoever - I doubt he'd get any buyers if he offered a PDF version of it at $0.99 [the raw format is LaTeX], and yet every night a script [that I wrote] backs it up to three different harddrives within his house and then FTPs it to his account at the university.
Point being that if the Red Chinese were to attack us, detonate an EMP warhead in low orbit, and knock out continental electronics for two or three years, until we [the USofA] got back on our feet again, then I'd still like to have a copy of those files for my enjoyment in the brave new post-EMP world of the future.
And I imagine there are gazillions of other amateur writers [and their families] out there who feel the same way.
If that happens I don't think saving your pictures of the family trip to Disneyworld will be all that important.
Recall the evil "Neutron Bomb" program that was killed back in the Carter era: The tactical idea at that time was that the radiation from a Neutron Bomb would kill all the humans within a certain radius [especially Warsaw Pact tank crews], but that it would leave the physical infrastructure [buildings, bridges, dams, canals, etc] largely intact.
But the strategic idea of a low orbital nuclear detonation is to produce exactly the opposite effect: In theory, it would destroy all the electronic infrastructure of a society, but it would leave the human population largely unharmed [to the extent that we can survive anymore without an electronic infrastructure].
My guess [and certainly my hope] would be that at a place where security really matters, like NORAD, they've got multiple redundancy:
1) They're in a bunker beneath hundreds of yards of solid rock and steel-reinforced concrete,
2) They're behind lead shielding, and
3) They've got multiple Faraday cages to shield against multiple possible wavelengths of radiation.
BTW, IANAP, so I'm assuming that there isn't some weird quantum polarization thingamabob that would render multiple Faraday cages useless.
But out in the field, I think they use lead shielding.
I've known about this for years...that's why I store all my important data exclusively on punch cards.
You joke about this, but apparently, for a few hundred dollars, one can build an EMP weapon that will destroy all the electronics in a good sized building. And, what's possibly even more disturbing, there is a widespread belief that the detonation of just a single nuclear warhead at an altitude of a few hundred miles could take out most of the electronics in an entire nation [maybe even a continent].
That's one of the reasons that military grade electronics are so expensive [and so heavy]: Typically, they're shielded in lead.
*Fortunately no one has tested that belief in practice. Yet.
How many oracle db's are connected directly to the internet? Even within most company's their isnt a direct connection option to the db but only thru an application.
Here you begin to enter the realm of the professional cracker [apologies to chef], my little padawan novitiate.
The professional employs something like the WMF vulnerability to crack the client OS, and then uses the client application to crack the DB.
And when he's seen what he needs to see, the professional tidies up and removes any evidence of his intrusion.
In all seriousness, the PRC Red Army's "TITAN RAIN" operation is more than a little troubling in this regard:
The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them)
...The hackers he was stalking, part of a cyberespionage ring that federal investigators code-named Titan Rain, first caught Carpenter's eye a year earlier when he helped investigate a network break-in at Lockheed Martin in September 2003. A strikingly similar attack hit Sandia several months later, but it wasn't until Carpenter compared notes with a counterpart in Army cyberintelligence that he suspected the scope of the threat...
Relying on Microsoft to build the foundation for all home digital entertainment is like relying on Ford to build the foundation for quality automobiles. (Psst. Hey geniuses. The Japanese already beat you to it.)
All right, I'll admit up front that this post is gonna get modded down to -infinity politically incorrect fascist flamebait in like no time flat, but here goes:
Ford builds transportation for men. These thingamabobs are called "trucks". Toyota and their brethren build transportation for women and queers. These thingamabobs are called "cars".
If it weren't for the idiotic government-imposed CAFE standards, Ford wouldn't even bother producing a car anymore [with the possible exception of the Crown Vic for the police car/taxi market].
And yes, I've spent considerable time in Toyota pickups [and cars], and to compare any Toyota with a Ford F-Series is like comparing a can of sardines with a magnum of champagne.
According to the Financial Times article highlighted at Drudge, Hyppönen said the vulnerability is supposed to hit "every Windows operating system since 1990".
So is there a patch for older versions of Windows?
Beh. ATM was a dog. It was supposed to be this voice/data/video panacea but all it ended up being was an incredibly inefficient way to pass data around.
And the world's greatest proponent of ATM came within a cat's whisker of being your intrepid CIC on 2001-09-11.
Not to diss the underlying interview [I'm always willing to hear about kernel stuff], but it's kinda odd that the MMS stream originates at a M$FT server:
[Slashcode tends to put hard breakline characters and other weird white space into web addresses, so you will probably have to paste that address into a word processor and clean it up].
I have patched all my clients by hand; the patch requires user interaction via two or three manual mouse clicks. [It also requires a reboot, BTW.]
Has anyone automated the thing so that it can be pushed to hundreds [or thousands] of clients via something like Novell Zenworks, Microsoft SMS Server, or IBM Tivoli?
I know that e.g. Zenworks has a "diff" mechanism that will isolate a "before/after" differential, but that's a lot of work, and frankly it's a little bit of a kludge [no offense to Novell].
I have seen in the past week our work increase 5 fold because of this exploit. What is normally a very slow time of the year for us has become very busy for us and it's making me nervous myself.
I know next to nothing about IM/RSS software, so I am just speculating here.
But suppose you had some IM/RSS client [MSN, AOL, Yahoo, whatever] that had an image rendering aspect to it. For example, suppose your IM/RSS client were capable of rendering the JPGs in an HTML message.
Then it seems to me that if you had such an IM/RSS client running on your desktop, and if someone knew your IM/RSS handle, then they could send you an IM/RSS message with very elementary instructions for downloading the evil file:
<img src="http://blackhats.com/evilfile.jpg">
and you'd be hosed without ever having clicked on any link. And if the worm were really smart, it could then install "thttpd" trivial http daemons to spread itself internally on any corporate network [via each person's IM/RSS "address book"].
If that's true, and if lots of employees left their computers running and logged into windows with such "automatic" IM/RSS clients running on the desktop, then Tuesday or Wednesday morning [or whenever people decide to come back from their New Year's vacation], there could be literally MILLIONS of infected machines.
So the question: Are there IM/RSS clients that can download files automatically?
I know next to nothing about Instant Messaging clients, but is it possible that an employee could have left his computer powered on, and logged into windows, and with an IM client running on his desktop, and could that IM client then download this worm automatically [without any manual user input, such as clicking on a link]?
I.e. might it be the case that when Admins return from New Years' vacation [Monday, or Tuesday, or whenever], there could be [quite literally] MILLIONS of infected desktops?
1) To understand wine, YOU MUST TASTE WINE. Wine is like swimming: All the reading & book learning in the world doesn't do any good unless you eventually take the plunge and get all wet. The best way to do this is to find a local retailer who hosts free [or nearly free] tastings, and go there as often as possible. [E.g. I'm about to head off to the Saturday afternoon free tasting at my favorite retailer, and to grab a bunch of bottles at their year-end closeout sale.]
2) Wine is a helluva lotta fun to drink, but never forget that ALCOHOL IS POISON. Drinking wine [or any form of alcohol] can take a terrible [frankly catastrophic] toll on your health, both physical, and mental. So be careful.
No, *you* are a fool - or at least ignorant of the scheme the OP is talking about.
At the risk of sounding like [God forbid] a Marxist, if you can't see what the business owners and their paid lackeys in the legislatures have done here, then you are a fool.
They [the business owners and the politicians] have written the tax laws so that they can fool you into believing that the laptop you purchased is for your own benefit.
It is NOT for your benefit. It is for the benefit of the business owners, so that instead of demanding from you a 5 X 8 = 40 hour work week, they can now [at least theoretically] hold you accountable for a 7 X 24 = 168 hour work week.
Would you feel the same way if the tax credit were for a pager that could be used to wake you up in the middle of the night, or, better yet, a second phone line to your home, replete with a bright red telephone, labelled "HOTLINE", strategically located on the nightstand immediately opposite the pillow on your bed?
You know, the older I get, the more I'm coming to the conclusion that, if given the opportunity, the vast, overwhelming majority of humans will gladly, of their own free will, chose slavery over freedom.
PS: And I am getting damned tired of having these sorts of comments modded down as flamebait. You people need to wake up and smell the coffee.
PPS: Now that I've glanced back over your comment [and no, I wouldn't dream of wasting the time required to read it in its entirety], it's pretty clear that you hail from the general vicinity of Great Britain, which means that you're almost certainly part of the problem, and attempting any sort of civil discourse with you is an utter and complete waste of my time.
The film actually made me curious enough to want to discuss the wine biz (looking for a slashdot for wine), but the only decent wine geek discussions I found were on the wine spectator's [winespectator.com] web site.
Far and away the leading mainstream bulletin board is hosted by Robert Parker himself [and administered by Mark Squires]:
The anti-Parker site is a little obscure. Be forewarned that you will need to know a LOT about wine before you will understand what they're talking about. Also be forewarned that the site is dominated by unreconstructed marxists, who can be pretty nasty people when given the opportunity. I won't hot-link to it, because the folks there claim to enjoy their privacy:
As a very broad generalization, Harrington's site tends to be a little closer to Parker/Squires, whereas Garr's tends to be a little closer to Enemy Vessel. Unfortunately, both of them make what I believe to be the strategic mistake of splitting up their general wine discussions and their tasting notes into two different fora, so they require much more work to navigate. [Also, Garr's new software package at Netscape is just hideous. For instance, to find the fora, you have to scroll all the way down to the bottom of the page, where the links are in a tiny column on the far left.]
My question, what will happen to the Robert Parker's and the Wine Spectators and every other player in the global wine industry once a 100 point wine can be bought at WalMart for $2. On npr.org, there is an article covering a recent tasting where a wine, nicknamed 2 Buck Chuck, won the top prize. From the article: When it comes to wine, some consumers still equate quality with price. But at the 28th Annual International Eastern Wine Competition, a $1.99 bottle of California Wine, the 2002 Charles Shaw Shiraz, beat out 2,300 wines to win a prestigious double gold medal. Hear NPR's Steve Inkseep.
That sort of thing is utterly irrelevant to serious wine geekdom.
You'd be amazed how quickly you can teach yourself to analyze things like aromatics, fruit, texture, and the like. You'd also be amazed at the sensitivity of the human nose and the human tongue. At the level of a serious wine geek [like Parker], you're easily capable of detecting chemicals in the range of single digit parts per BILLION [e.g. 3 parts per billion, 2 parts billion, etc], and some folks out at the far end of the bell curve might be able to go another order of magnitude lower than that.
It turns out that wine chemistry is a fantastically complex subject, and given what I know of non-linear dynamics, my gut instinct is that we won't have computer programs producing high-end luxury cuvees any time in the near future.
At my workplace we can salary sacrifice laptops but not desktops. This means you pay for the system out of your pre-tax income, which can make a good laptop cheaper than an equivalent desktop system.
You're spending your own hard-earned money so that the owners of your company will become wealthier?
Please tell me that you have a substantial shareholder position in this enterprise.
If not, then repeat the following 500 times a day: "I am not a slave, I am not a slave, I am not a slave."
Slashdot Mirror
I wish they would bring back Farscape.
For what purpose?
<SPOILER ALERT>
Did you see the special movie finale? Crichton opened up a wormhole that threatened to tear apart the space-time fabric of the universe, and in so doing forced the Scarans and the Peacekeepers to the bargaining table; a treaty was signed, with the entire process being overseen by Scorpie; Chrichton lost his best friend in the final battle, became a father of a boy by Erin Sun, and named his newborn son after his fallen comrade.
</SPOILER ALERT>
So what would they do as a follow-up? Join forces with Jesus Christ to save Santa Claus from Saddam Hussein?
This is definitevely good as far as IT goes, but as a construction company only a fraction of our business is in the office (450 field people, 50 office, 3 IT), the rest is guys digging trenches and pouring concrete... For example, one of our great successes last year was not getting better servers and dramatically increase uptime and all kinds of good IT things, but was spending a couple of days writing a small Access app to import budgets from one system to another via ODBC so we can tell if we are losing money on the field or not.
It sounds like you've got 400 guys in the field [most of whom don't use IT], and about 50 guys [-n- gals] in management who do use IT. Your IT department is 3 people, i.e. you've got a working ratio of about 50 to 3, and you outsource development
Now consider the days that the three of you worked last year:
Of those, only "a couple of days writing a small Access app" were really fruitful; much of the rest may very well have been a waste of money.So it's entirely possible that your company could get by on maybe one grunt [to push the extremely critical Microsoft updates on the first Tuesday of every month], and then maybe some fraction of a year's worth of a consultant to coordinate the outsourcing and to throw together the occasional Access app.
I.e. a bean counter might say that they should fire one employee outright, and fire you as well, but keep you on retainer as a "consultant" for 3 to 6 months a year. On paper, it might save them a good $150,000 per year.
Now of course, they may try a stunt like that, and discover that you guys were worth your weight in gold, but, as they say, experience comes from making mistakes...
On the other hand, they may try a stunt like that and discover that you really were dead weight after all.
Anyway, moral of the story is that you must never be afraid to ponder some ugly truths like these.
Martha Stewart was never charged with securities fraud or insider trading -- well, actually she was, but the charges were dropped quickly when the investigation didn't turn anything up. What sent Martha to prison for five months followed by five months of home confinement was lying to federal investigators.
Martha & Scooter Libby, BTW, both made the same mistake: When talking to investigators, they made the MISTAKE of assuming that they had done something illegal, when in fact they had not.
In Martha's case, she assumed that she was guilty of insider trading, when in fact she was not: She traded on information supplied by her stock brocker, WHICH IS NOT ILLEGAL. In Scooter Libby's case, he assumed that he had done something illegal by talking with the press, BUT IN FACT HE HAD DONE NOTHING ILLEGAL WHATSOEVER.
Slashdotters: If you ever find yourself being interrogated by a law enforcement officer [or a local/state/federal district attorney], begin the conversation by asking, "Why are we here? What crime do you believe has been committed? Would you please show me the specific statute that you believe has been violated?"
If the LEOs or DAs won't answer those questions, then THEY ARE ON A FISHING EXPEDITION and [assuming no one's life or health is in danger] you have absolutely no duty whatsoever to answer their questions.
But for the sake of goodness, do not open your mouth and start lying to them. Just tell them the conversation is over and get up and leave.
Don't forget your Core Competencies.
And skillsets.
Gotta have skillsets.
[Or is it skills-sets? Thinking about dronespeak can give you a headache...]
money
Look, money is a perfectly fine motivation for script kiddies and Nigerian scam artists and ex-KGB Russian/Ukrainian mafiosi.
But there's an outfit sitting behind a router in the PRC that has a different motivation; something along the lines of "Geopolitical World Dominance":
It's kinda like the board game "Risk", only this is the real McCoy.2 o 3 spare hard disk, 1 GB ram, the hardware you need and the bugdet you have...
With the possible exception of hard disks, the part that is [overwhelmingly] the most likely to fail, and, several years down the road, among the most difficult to replace [because form factors will have moved on to new standards] is the power supply.
Always purchase several extra power supplies for any mission critical system.
Again, if that happens I don't think saving your pictures of the family trip to Disneyworld will be all that important.
Look, the pics of the trip to Disneyworld might not be all that big a deal.
But, as a slightly different example, my Dad has been working on a family genealogy for more than fifteen years now [started on an Apple IIe, moved to a NeXTStation, then to NT 4.0/Windows 2000 on a gray box], and at this point, he's in the general vicinity of 1000 pages of edited/proof-read text.
Now his little genealogical history of our family has absolutely no financial value whatsoever - I doubt he'd get any buyers if he offered a PDF version of it at $0.99 [the raw format is LaTeX], and yet every night a script [that I wrote] backs it up to three different harddrives within his house and then FTPs it to his account at the university.
Point being that if the Red Chinese were to attack us, detonate an EMP warhead in low orbit, and knock out continental electronics for two or three years, until we [the USofA] got back on our feet again, then I'd still like to have a copy of those files for my enjoyment in the brave new post-EMP world of the future.
And I imagine there are gazillions of other amateur writers [and their families] out there who feel the same way.
If that happens I don't think saving your pictures of the family trip to Disneyworld will be all that important.
Recall the evil "Neutron Bomb" program that was killed back in the Carter era: The tactical idea at that time was that the radiation from a Neutron Bomb would kill all the humans within a certain radius [especially Warsaw Pact tank crews], but that it would leave the physical infrastructure [buildings, bridges, dams, canals, etc] largely intact.
But the strategic idea of a low orbital nuclear detonation is to produce exactly the opposite effect: In theory, it would destroy all the electronic infrastructure of a society, but it would leave the human population largely unharmed [to the extent that we can survive anymore without an electronic infrastructure].
What about a faraday cage?
My guess [and certainly my hope] would be that at a place where security really matters, like NORAD, they've got multiple redundancy:
BTW, IANAP, so I'm assuming that there isn't some weird quantum polarization thingamabob that would render multiple Faraday cages useless.But out in the field, I think they use lead shielding.
I've known about this for years...that's why I store all my important data exclusively on punch cards.
You joke about this, but apparently, for a few hundred dollars, one can build an EMP weapon that will destroy all the electronics in a good sized building. And, what's possibly even more disturbing, there is a widespread belief that the detonation of just a single nuclear warhead at an altitude of a few hundred miles could take out most of the electronics in an entire nation [maybe even a continent].
That's one of the reasons that military grade electronics are so expensive [and so heavy]: Typically, they're shielded in lead.
*Fortunately no one has tested that belief in practice. Yet.
How many oracle db's are connected directly to the internet? Even within most company's their isnt a direct connection option to the db but only thru an application.
Here you begin to enter the realm of the professional cracker [apologies to chef], my little padawan novitiate.
The professional employs something like the WMF vulnerability to crack the client OS, and then uses the client application to crack the DB.
And when he's seen what he needs to see, the professional tidies up and removes any evidence of his intrusion.
In all seriousness, the PRC Red Army's "TITAN RAIN" operation is more than a little troubling in this regard:
We can expect to see information storage standardized in the lifetime of any presently young college student.
Dude, today's college students stand a good chance of living until almost 2100.
Which, ironically enough, is probably about how long it will take to see a pipe dream like "information storage standardization" come to fruition.
Relying on Microsoft to build the foundation for all home digital entertainment is like relying on Ford to build the foundation for quality automobiles. (Psst. Hey geniuses. The Japanese already beat you to it.)
All right, I'll admit up front that this post is gonna get modded down to -infinity politically incorrect fascist flamebait in like no time flat, but here goes:
Ford builds transportation for men. These thingamabobs are called "trucks". Toyota and their brethren build transportation for women and queers. These thingamabobs are called "cars".
If it weren't for the idiotic government-imposed CAFE standards, Ford wouldn't even bother producing a car anymore [with the possible exception of the Crown Vic for the police car/taxi market].
And yes, I've spent considerable time in Toyota pickups [and cars], and to compare any Toyota with a Ford F-Series is like comparing a can of sardines with a magnum of champagne.
I'm only getting hits on 2000, XP, and 2003: According to the Financial Times article highlighted at Drudge, Hyppönen said the vulnerability is supposed to hit "every Windows operating system since 1990".
So is there a patch for older versions of Windows?
Beh. ATM was a dog. It was supposed to be this voice/data/video panacea but all it ended up being was an incredibly inefficient way to pass data around.
And the world's greatest proponent of ATM came within a cat's whisker of being your intrepid CIC on 2001-09-11.
I assumed that "Channel 9" was something like the Discovery Channel.
My bad.
Not to diss the underlying interview [I'm always willing to hear about kernel stuff], but it's kinda odd that the MMS stream originates at a M$FT server: [Slashcode tends to put hard breakline characters and other weird white space into web addresses, so you will probably have to paste that address into a word processor and clean it up].
I have patched all my clients by hand; the patch requires user interaction via two or three manual mouse clicks. [It also requires a reboot, BTW.]
Has anyone automated the thing so that it can be pushed to hundreds [or thousands] of clients via something like Novell Zenworks, Microsoft SMS Server, or IBM Tivoli?
I know that e.g. Zenworks has a "diff" mechanism that will isolate a "before/after" differential, but that's a lot of work, and frankly it's a little bit of a kludge [no offense to Novell].
I've noticed numerous TGP porn sites have been trying to get me to open a WMF file (Not that I uh.... would know about this first hand or anything
In this particular instance, I think I'd choose first hand knowledge over second hand knowledge.
I have seen in the past week our work increase 5 fold because of this exploit. What is normally a very slow time of the year for us has become very busy for us and it's making me nervous myself.
I know next to nothing about IM/RSS software, so I am just speculating here.
But suppose you had some IM/RSS client [MSN, AOL, Yahoo, whatever] that had an image rendering aspect to it. For example, suppose your IM/RSS client were capable of rendering the JPGs in an HTML message.
Then it seems to me that if you had such an IM/RSS client running on your desktop, and if someone knew your IM/RSS handle, then they could send you an IM/RSS message with very elementary instructions for downloading the evil file:
and you'd be hosed without ever having clicked on any link. And if the worm were really smart, it could then install "thttpd" trivial http daemons to spread itself internally on any corporate network [via each person's IM/RSS "address book"].If that's true, and if lots of employees left their computers running and logged into windows with such "automatic" IM/RSS clients running on the desktop, then Tuesday or Wednesday morning [or whenever people decide to come back from their New Year's vacation], there could be literally MILLIONS of infected machines.
So the question: Are there IM/RSS clients that can download files automatically?
I know next to nothing about Instant Messaging clients, but is it possible that an employee could have left his computer powered on, and logged into windows, and with an IM client running on his desktop, and could that IM client then download this worm automatically [without any manual user input, such as clicking on a link]?
I.e. might it be the case that when Admins return from New Years' vacation [Monday, or Tuesday, or whenever], there could be [quite literally] MILLIONS of infected desktops?
A few other thoughts:
No, *you* are a fool - or at least ignorant of the scheme the OP is talking about.
At the risk of sounding like [God forbid] a Marxist, if you can't see what the business owners and their paid lackeys in the legislatures have done here, then you are a fool.
They [the business owners and the politicians] have written the tax laws so that they can fool you into believing that the laptop you purchased is for your own benefit.
It is NOT for your benefit. It is for the benefit of the business owners, so that instead of demanding from you a 5 X 8 = 40 hour work week, they can now [at least theoretically] hold you accountable for a 7 X 24 = 168 hour work week.
Would you feel the same way if the tax credit were for a pager that could be used to wake you up in the middle of the night, or, better yet, a second phone line to your home, replete with a bright red telephone, labelled "HOTLINE", strategically located on the nightstand immediately opposite the pillow on your bed?
You know, the older I get, the more I'm coming to the conclusion that, if given the opportunity, the vast, overwhelming majority of humans will gladly, of their own free will, chose slavery over freedom.
PS: And I am getting damned tired of having these sorts of comments modded down as flamebait. You people need to wake up and smell the coffee.
PPS: Now that I've glanced back over your comment [and no, I wouldn't dream of wasting the time required to read it in its entirety], it's pretty clear that you hail from the general vicinity of Great Britain, which means that you're almost certainly part of the problem, and attempting any sort of civil discourse with you is an utter and complete waste of my time.
The film actually made me curious enough to want to discuss the wine biz (looking for a slashdot for wine), but the only decent wine geek discussions I found were on the wine spectator's [winespectator.com] web site.
Far and away the leading mainstream bulletin board is hosted by Robert Parker himself [and administered by Mark Squires]:
The anti-Parker site is a little obscure. Be forewarned that you will need to know a LOT about wine before you will understand what they're talking about. Also be forewarned that the site is dominated by unreconstructed marxists, who can be pretty nasty people when given the opportunity. I won't hot-link to it, because the folks there claim to enjoy their privacy: Two other sites you might enjoy are Brad Harrington's West Coast Wine Net, and Robin Garr's Wine Lovers' Page: As a very broad generalization, Harrington's site tends to be a little closer to Parker/Squires, whereas Garr's tends to be a little closer to Enemy Vessel. Unfortunately, both of them make what I believe to be the strategic mistake of splitting up their general wine discussions and their tasting notes into two different fora, so they require much more work to navigate. [Also, Garr's new software package at Netscape is just hideous. For instance, to find the fora, you have to scroll all the way down to the bottom of the page, where the links are in a tiny column on the far left.]My question, what will happen to the Robert Parker's and the Wine Spectators and every other player in the global wine industry once a 100 point wine can be bought at WalMart for $2. On npr.org, there is an article covering a recent tasting where a wine, nicknamed 2 Buck Chuck, won the top prize. From the article: When it comes to wine, some consumers still equate quality with price. But at the 28th Annual International Eastern Wine Competition, a $1.99 bottle of California Wine, the 2002 Charles Shaw Shiraz, beat out 2,300 wines to win a prestigious double gold medal. Hear NPR's Steve Inkseep.
That sort of thing is utterly irrelevant to serious wine geekdom.
You'd be amazed how quickly you can teach yourself to analyze things like aromatics, fruit, texture, and the like. You'd also be amazed at the sensitivity of the human nose and the human tongue. At the level of a serious wine geek [like Parker], you're easily capable of detecting chemicals in the range of single digit parts per BILLION [e.g. 3 parts per billion, 2 parts billion, etc], and some folks out at the far end of the bell curve might be able to go another order of magnitude lower than that.
It turns out that wine chemistry is a fantastically complex subject, and given what I know of non-linear dynamics, my gut instinct is that we won't have computer programs producing high-end luxury cuvees any time in the near future.
At my workplace we can salary sacrifice laptops but not desktops. This means you pay for the system out of your pre-tax income, which can make a good laptop cheaper than an equivalent desktop system.
You're spending your own hard-earned money so that the owners of your company will become wealthier?
Please tell me that you have a substantial shareholder position in this enterprise.
If not, then repeat the following 500 times a day: "I am not a slave, I am not a slave, I am not a slave."