Universityies are setting these systems up all over. They don't require much administration. First, you present the user with instructions for each OS, and run a web-based AV scanner. Online AV scanners are available now, for free. Next, you require they run WindowsUpdate to make sure they're patched, and run a small script to make sure all the latest patches (or at least criticial patches) are installed. Then you open microsoft.com so WindowsUpdate can be run, and symantec (if viruses are found).
The system then dynamically allows the user past this protected vlan, and perhaps require them to go through the process once a month, or every few months.
In the meantime, if a PC becomes infected with something like blaster, it becomes blatantly obvious to the ISP, so have scripts setup that pop the uesr back to the protected vlan, and inform them of why that happened.
This is nothing but forcing moronic users to responsibly manage their PCs, to save the ISP and other users time and money.
Unless you break into each zombie manually, dezombify them, and add a readme.txt to the user's desktop, they'll never find out.
ISPs don't really roll this information back very often, because it just takes them too long, and there's too many.
It'd be nice if more ISPs were more responsible with this, though. Something like vlan'd users get port scanned/vuln. scanned upon connection, and once passed, they're allowed onto the big bad net. Of course then everyone on/. would complain of privacy concerns...
I learned of hydan from Ed as well. Terrific teacher, though the coursework for SANS Track 4 left a bit to be desired, as I'm a somewhat-experienced pen-tester already. Still, very thorough.
IIRC, the same way you used Hydan to inject the signature, you can remove the signature. At worst, you can extract the signature (at this point, it becomes a password or keyword...) to verify the integrity of the file. Very interesting program!
I will check the md5, which is listed on at least ten separate websites, and a number of comments here on slashdot. I will also check the digital signature provided my Microsoft. MS is limiting connections, but I've got 40MB in the last five minutes from the torrent, and uploaded 50MB. Pretty good rates, if you ask me.
Hey, at least my example fit the situation, and wasn't a random Microsoft Sucks tagline. Granted, I (as several have pointed out) continued the mis-statement of another, calling a patent a mark (or whatever I did...I am way too lazy to look at my post and the gripes following it.)
Well, as it stands, according to the author, if everyone from/. that just downloaded and tried the Tor client used it for P2P file transfer, the existing servers would buckle.
Read the page for a few seconds; the author gives several legitimate reasons to use this. In addition, the author is paid by the FBI (or some other US three-letter-agency) to write Tor. Ultimately, if enough folks use it, it'll provide sufficient anonymity. Right now (or prior to/.ing), if you see these IPs, you know it's a fed, because they're the only ones using the system right now.
Oh, and Tor is either "Tor Onion Routing" or "The Onion Router" (if I recall correctly.) I checked the site quick, too, and the slides from DEFCON and BlackHat are on his site.
Tor achieves low latency because tunnels are created during connection setup, and that same tunnel is utilized for the life of the connection.
I believe the encryption is layered on from the start, and peeling occurs at each transfer, not peel/crypt/peel/crypt/etc.
I was surprised to see no one posted this earlier; the author of Tor gave a very good presentation at DEFCON last week, and I'll have to get out my CD with his presentation on it, but it's different from Freenet in a few ways. For one, apparently Freenet isn't totally free.
As a side-note, the author is still working on a method to accept/sign-up/recruit primary [trusted] nodes.
Actually, the short form gets you $50, deposited to your PayPal account, or $49 by form of a check. I didn't see details, but I assume the long form would be based upon proveable losses.
Are there any lawyers on/.? If not, why don't we just post in every YRO story that "No one here is a lawyer." Think of how many "IANAL's" we'd save ourselves.
Look into whether they have special pay rates for if you're "called in" to work after-hours, or after you've left. An old employer had to pay us double-time if we were gone for more than a half-hour before being called back on a weekday, or if called in at all on a weekend or vacation day (in addition to getting the vacation hours back).
In that situation, go ahead and provide your cell phone. Just don't respond until you've been gone for a half-hour, then hop on in and bill that time from when you hang up the cell phone to when you pull back in the driveway. If asked, just respond "well, I don't have Internet access at home anymore, so I had to come in to deal with the issue."
There are a limited number of salts though, so all one would have to do [heh] is precompute the table for each salt; then a uesr selects the salt that was used in creating the hash, and voila. Of course, this means adding...62 different sets of tables, I think. A salt is one character, upper-case, lower-case, or digit, if I'm not mistaken. Not necessarilly trivial, but not impossible.
Re:How does this differ from other efforts?
on
Linux in Iraq
·
· Score: 1
Quote AC:Perhaps you'd just like to go back to the way things were? You seem like a tyrant yourself, maybe we should just put you in charge there and you can abuse the Iraqi people as much as you please. Then Jesus's America will come along again to take you out, because that's the reason we went there in the first place.
Finally, someone gets it! I am now the ruler of Iraq!
Think about it this way: if we didn't take out Saddam we wouldn't be able to get all of their oil to fuel the American machine. If you don't like it, go live in a cave without your pretty new car, because the industrial revolution has taken place and we need oil dammit! We deserve it too since we're doing so much work selling our brand of Democrazy and Jesus. Heretic!!
Yeah, get in the cave!
Re:How does this differ from other efforts?
on
Linux in Iraq
·
· Score: 1
Quote Mz6: However, what's done is done. What I think should happen now is start to bring in firms that actually want to compete for business over there. Let them compete to put their workers and equipment over there to help them rebuild.
No, the work in Iraq is not done. Far from done. And no, we should not make other Western/foreign corporations "compete" for the contracts, because, as is mentioned by someone else, corners will be cut very severely, though probably only as much as the corners are cut now, rather than more or less so.
Instead, we should give the work to Iraqis, who need the economic stimulation much more than any American corporation. Oh? They don't have the knowledge? Bullshit, they're a very well educated nation. They don't have the equipment? Of course not, we blew it all up so Iraq couldn't rebuild. So replace that; let new construction equipment be our foreign aid.
Re:How does this differ from other efforts?
on
Linux in Iraq
·
· Score: 0
So we're controlling the rebuilding of Iraq to rebuild *western* economy out. Just fucking brilliant. Let's hear it for the good ol' U-S-of-A.
(I'm not so ignorant to not see this as part of the reasoning prior to reading Mz6's comment, but it makes me sick every time I think about it.)
Re:How does this differ from other efforts?
on
Linux in Iraq
·
· Score: 1
How about we assist Iraqis trained in construction, etc. in doing the rebulding themselves, get their "free market" rolling, putting some wealth into the hands of the regular Iraqi, rather than to American corporations, big or small, who will go home at the end of the day, taking that money with them.
I don't believe for one second there aren't enough Iraqis who know how to build a street to rebuild their nation. If nothing else, maybe our foreign aid should be setting them up with the construction equipment we or Saddam destroyed in the last thirteen years of fighting and bombing.
Slashdot Mirror
The system then dynamically allows the user past this protected vlan, and perhaps require them to go through the process once a month, or every few months.
In the meantime, if a PC becomes infected with something like blaster, it becomes blatantly obvious to the ISP, so have scripts setup that pop the uesr back to the protected vlan, and inform them of why that happened.
This is nothing but forcing moronic users to responsibly manage their PCs, to save the ISP and other users time and money.
ISPs don't really roll this information back very often, because it just takes them too long, and there's too many.
It'd be nice if more ISPs were more responsible with this, though. Something like vlan'd users get port scanned/vuln. scanned upon connection, and once passed, they're allowed onto the big bad net. Of course then everyone on /. would complain of privacy concerns...
I learned of hydan from Ed as well. Terrific teacher, though the coursework for SANS Track 4 left a bit to be desired, as I'm a somewhat-experienced pen-tester already. Still, very thorough.
IIRC, the same way you used Hydan to inject the signature, you can remove the signature. At worst, you can extract the signature (at this point, it becomes a password or keyword...) to verify the integrity of the file. Very interesting program!
It seems http;//anything.* will take you to www.microsoft.com.
It's spelled Colombia.
I will check the md5, which is listed on at least ten separate websites, and a number of comments here on slashdot. I will also check the digital signature provided my Microsoft. MS is limiting connections, but I've got 40MB in the last five minutes from the torrent, and uploaded 50MB. Pretty good rates, if you ask me.
Hey, at least my example fit the situation, and wasn't a random Microsoft Sucks tagline. Granted, I (as several have pointed out) continued the mis-statement of another, calling a patent a mark (or whatever I did...I am way too lazy to look at my post and the gripes following it.)
Well, sort of one word. I never did, nor will I ever, purchase an X-10 camera due to the popups that seemingly started the popup/popunder craze.
The sad days where I still ran Windows/IE unprotected. Man did I learn how to remove a lot of different spyware/adware.
Well, as it stands, according to the author, if everyone from /. that just downloaded and tried the Tor client used it for P2P file transfer, the existing servers would buckle.
Read the page for a few seconds; the author gives several legitimate reasons to use this. In addition, the author is paid by the FBI (or some other US three-letter-agency) to write Tor. Ultimately, if enough folks use it, it'll provide sufficient anonymity. Right now (or prior to /.ing), if you see these IPs, you know it's a fed, because they're the only ones using the system right now.
Oh, and Tor is either "Tor Onion Routing" or "The Onion Router" (if I recall correctly.) I checked the site quick, too, and the slides from DEFCON and BlackHat are on his site.
I believe the encryption is layered on from the start, and peeling occurs at each transfer, not peel/crypt/peel/crypt/etc.
I was surprised to see no one posted this earlier; the author of Tor gave a very good presentation at DEFCON last week, and I'll have to get out my CD with his presentation on it, but it's different from Freenet in a few ways. For one, apparently Freenet isn't totally free.
As a side-note, the author is still working on a method to accept/sign-up/recruit primary [trusted] nodes.
You can bet your ass M$ has "microsoft.com" patented. And probably "Mike Rowe Soft" too, after that kid had his fifteen minutes of fame.
You're right. They've probably been using it for years already.
From what I took away from Dan's talk (and no further reading yet) that is the case.
Actually, the short form gets you $50, deposited to your PayPal account, or $49 by form of a check. I didn't see details, but I assume the long form would be based upon proveable losses.
Quote: IANAL.
/.? If not, why don't we just post in every YRO story that "No one here is a lawyer." Think of how many "IANAL's" we'd save ourselves.
Quote: IANAL either.
Are there any lawyers on
Join your local LUG and get a discount on VMWare.
In that situation, go ahead and provide your cell phone. Just don't respond until you've been gone for a half-hour, then hop on in and bill that time from when you hang up the cell phone to when you pull back in the driveway. If asked, just respond "well, I don't have Internet access at home anymore, so I had to come in to deal with the issue."
There are a limited number of salts though, so all one would have to do [heh] is precompute the table for each salt; then a uesr selects the salt that was used in creating the hash, and voila. Of course, this means adding...62 different sets of tables, I think. A salt is one character, upper-case, lower-case, or digit, if I'm not mistaken. Not necessarilly trivial, but not impossible.
Finally, someone gets it! I am now the ruler of Iraq!
Think about it this way: if we didn't take out Saddam we wouldn't be able to get all of their oil to fuel the American machine. If you don't like it, go live in a cave without your pretty new car, because the industrial revolution has taken place and we need oil dammit! We deserve it too since we're doing so much work selling our brand of Democrazy and Jesus. Heretic!!
Yeah, get in the cave!
No, the work in Iraq is not done. Far from done. And no, we should not make other Western/foreign corporations "compete" for the contracts, because, as is mentioned by someone else, corners will be cut very severely, though probably only as much as the corners are cut now, rather than more or less so.
Instead, we should give the work to Iraqis, who need the economic stimulation much more than any American corporation. Oh? They don't have the knowledge? Bullshit, they're a very well educated nation. They don't have the equipment? Of course not, we blew it all up so Iraq couldn't rebuild. So replace that; let new construction equipment be our foreign aid.
(I'm not so ignorant to not see this as part of the reasoning prior to reading Mz6's comment, but it makes me sick every time I think about it.)
I don't believe for one second there aren't enough Iraqis who know how to build a street to rebuild their nation. If nothing else, maybe our foreign aid should be setting them up with the construction equipment we or Saddam destroyed in the last thirteen years of fighting and bombing.