I guess it depends if you're writing the hot path in an operating system kernel/driver or if you're writing an application for the desktop. Details of the hardware make a lot of sense on one and not on the other.
So, learning how to fix cars would be antiproductive
You are correct and a lot of people miss this fact, thinking they are saving themselves money by doing their own mechanic work,.... There's an indirect benefit to understanding new concepts.
What we can't know is how much something will be worth to us over a lifetime, value is personalized. A poor person stands to gain a lot more learning about their car so they don't get screwed at the auto shop, a rich person shouldn't care about what their car repair costs and would make much more from understanding investments. There is no reason not to learn everything you can, just don't try to manage things you can't.
No-one cares what websites you visit. It will not affect your life in any meaningful way.
If no-one cares where is there a billion dollar tracking industry, and Google spends a lot of effort tracking everything.
It will not affect your life in any meaningful way, unless you don't get along with your government, get divorced, are a public figure, may become involved in politics, etc, etc, etc.
Just because no one gives a shit about your masturbation habits in your moms basement, doesn't mean there aren't plenty of people that other groups would love to track.
It's up to the customer(s) to get together and test the different phone services that are doing this and make a detailed case to the FCC and FTC. If a irrefutable case can be made, one of the above organizations will fine the telco in question, hopefully for a large enough amount the telco decides it's not worth it.
Anyway, if you think this is happening complain to the FCC.
There is a very large percent of our population that would love to be able to spy on everything that everybody does around them. Yes, it is disturbing, but no, it is not rare. See great wall of china to see this occurring at a country wide scale.
It seems to be more of a case that a surveillance program reported back when it no longer should have, and that when it did it showed that a crime was talking place. In theory, the guy should have made a case then with the proper channels (it's very likely that he would have been given permission, since it's a child porn case). Likely, he was worried that something his kid had done on his computer might have been involved and he wanted to 'destroy' the evidence. Instead he found the principal was committing crimes.
1.) The student is free to install software on the laptop. If they graduate the laptop becomes the students. 2.) The FBI agent took the laptop to the shop to be clean up, aka, due diligence. He thought the software was gone. 3.) See 1 and 2. 4.) See 1 and 2. 5.) See 2. The agents expectations are that he would never hear from the software again. In most cases he would not have, either the shop or the school would have correctly re-imaged it this would not have occurred.
It was only because the principal 'stole' the laptop (it was returned because the student moved), instead of turning it over the tech department, that this situation occurred. The FBI agent 'expected' to never hear from the computer again. When he did, and it was apparent that it was being used in a crime, he was obligated to investigate. There are questions like, did the first report he received show evidence of a crime?, if so then I totally understand the judges position. This would have been dumb luck from a series of coincidences.
Also, the computer was remanded to a public school and not a private individual. It could be assumed that when the computer started communicating again that it was doing so from the public school system or in its employ. We already know that public school have (suffer from) a lower bar of privacy, aka, your lockers and bags can be searched without a warrant. The school laptop already had a lower expectation of 4th amendment rights, even if this case was by accident.
Some recovery partitions do not fully wipe the computer. They move your data to a subfolder like Windows.old, etc. In a recovery like this, it wouldn't seem surprising that a piece of software that the article was about was able to survive.
This right here. Most people don't want to spend the cash on a full wipe and reinstall on a computer. DBAN takes a long time, and most techs don't want the computer grinding away taking up a bench slot for so long. That said, most of the shops, and customers, I contract for will do a full wipe if the customer says they have financial data, health records, or other critical information.
Cool, tell me how to run unsigned code on my PS3 without having obsolete firmware or a hardware flasher.
(Hint: the hacks that "completely" cracked the PS3 didn't.)
Without the DMCA, it just would have gone even faster and been even more hilariously one sided.
We might be able to tell you how to run unsigned code on your PS3, but the people/group that had the knowledge to do it said 'Fuck this, I don't want to sit in jail'.
I'm not sure if this antenna does what you need, but http://www.l-com.com/item.aspx?id=41160 , 800 MHz - 2.5 GHz 11dBi Log Periodic Broadband Yagi Antenna $60. If you have the 700MHz LTE that may not work.
I've been using l-com since early 2000 when they were still Hyperlink Technologies and can attest to the quality of their products. We had many of their antenna up for 8 years, only switching them to another model of their product in the 5GHz range so we could get higher speeds with newer radios. They have survived being outside in Texas weather without a glitch.
If you are doing an outside install of any antenna, use lightning protection. I have seen too many places stick a fixed wireless antenna outside, only to have it hit by lightning and have it come back thru the network port.
From reading a quick description on how the virus works... This school seems to have no fucking clue what AD/GPO/LUA means. It sounds like the notebooks can either copy files to each other over the network or students can copy.exe's to the network servers. Fail 1. It also sounds like the students are running without least user authorization, aka, they can get admin access to their computers easy, or they already have it. Fail 2, maybe. It could have been a teacher who got it and was allowed to write stuff to places that was dangerous and because of poor AD layout allowed it to get everywhere. Fail 2 again, maybe. Of course maybe the teachers or students didn't start spreading it and some dipshit admin got it in the first place and managed to get it in a directory that the GPO launches a startup script. Major Fail 2 if this happened. Other then the last one, I still don't understand how it would have launched and ran unless the students could run as admin, this virus needs to write to the Windows directory. Honestly there are so many more possible fails here, I'll give up even trying to list them.
The district has 25,000 computers, if even 10% of them is infected with this, it's not very easy to fix just due to the size of the job. At worst taking 25,000 hard drives out of laptops is an insane job. Better to have a linux or maybe a PE cd of some sort that boots and auto tackles the infection. Or, really, backup all the kids non-exe files and nuke from orbit with a fresh install image.
I'm pretty sure in the days that MS bought Excel, businesses though thought easy to use spreadsheets on inexpensive hardware was pretty damn cool, and they ate it up with their dollars. They understood the market pretty well and dominated it.
Microsoft did not understand the music player office and zune was flushed like a turd. I don't think they get touch so much either, every MS W8 touch thing I've messed with I've been highly annoyed at.
No, it means he probably knows 'how' to file a detailed bug report. Most people can't, hell, I'm not sure how many techs can even do it right. It also means he probably tests all kinds of things before submitting a report.
Filing a bug report that says 'When I do $a, $b happens' it totally different from.
'When I do $a, $b happens in configurations $w, $x, $y, but not $z when using components $1, $2, and $3.'
A bug report with a detailed test case, and possible solutions (in the open source case) goes a long way.
I wonder if it's on a MyISAM or InnoDB table type, or if he has cheesy drive that is lying about write barriers, or if he's using a kernel that doesn't treat barriers correctly. You do lose a lot of write performance making mysql act safely.
All the six drives ive had started going bad by returning corrupted data (no errors shown on SMART, just bluescreens). Never buy lifetime warrantied products from eithe of those companies. Patriot refused my lifetime warrantied drive by claiming it was damaged in the mail and OCZ just flat out refused claiming the drives werent currently manufactured (although under warranty).
Anytime a manufacture tries to dick with me about a warranty I name toss the above, along with FTC, Postmaster General, and the State Attorney General. Sorry, you can't advertize a warranty then say it doesn't exist. The Patriot one is a little harder to deal with, regular HDD manufactures look for any reason in shipping to void your warranty, so make sure you follow their packing directions. When the manufactures do try and mess with me, I make sure there newegg and amazon product lists get the message. Of course, when I get treated well, I make sure everyone knows about it too.
I have IPv6 at home, but had to disable it: a bug in NetworkManager caused it to misbehave when it encountered a IPv6 DHCP on wifi. Long story short, I had a kernel panic every 30 minutes (+/- 10 min). Windows 7 via wifi? No problem. Linux via ethernet cable? No problem. Will have to check if it was patched since I last tried it.
That sounds like neither a bug in networkmanager nor with DHCPv6. Neither of those would cause a kernel panic. That's a bad wireless network card driver. Network manager did have issues with DHCPv6, but it's more on the lines of not setting the routing correctly
Oh, I'd add more then a few IPv6 end points to the net if the cable company would provide IPv6 to the business fibre service here. For now we stack services on ip addresses via NAT. Fun to scan an IP and see Windows and Linux services living at the same address.
It depends on how the locks are sold, If they cost 10x as much as a regular lock and advertized to protect against this kind of attack, then yes the lock selling company might have an issue. If I sell you a zipgun proof lock and it's not, it become an issue of product misrepresentation.
Also, up till recently, most people thought of these lock devices as secure, or at least the level of attack that would have to occur would be difficult and rare. Now it's less noticeable to hack these locks then a regular door.
As long as you realize that air-gapping is a weak form of security in itself, air-gapping is ok. One break in the gap and it folds. Too many wireless devices out there these days to ever be sure that your system is really isolated. If your plant network isn't monitored for aberrant traffic patterns and firewalled from internal threats, you'll never know if your air-gap is working.
These days you have to design your system in such a manner as to have expected that your 'private' network has become connected to your public network. What used to be a techs laptop, is now a techs laptop with a 3G/4G card. You can have a network connection open to the world where you never expected it. Things also get connected by accident, someone plugs the internet switch in to the private network, then later some hacker notices it. Holes in the firewall, or other compromised computers relaying a tcp tunnel via authorized traffic ports. Oh, and the most major one, convenience without thinking about security.
When the light turns on, the roaches scurry. SCADA has been ignored by infosec up till now. Many of these systems are old, or are new systems not designed any different then they were in the 80's or 90's. It's not hard to find low hanging fruit when you're the first person picking it. Give 'the system' a few years and it won't be any different then Linux and Windows bug hunting now.... once you convince everyone to upgrade, that is.
Slashdot Mirror
I guess it depends if you're writing the hot path in an operating system kernel/driver or if you're writing an application for the desktop. Details of the hardware make a lot of sense on one and not on the other.
So, learning how to fix cars would be antiproductive
You are correct and a lot of people miss this fact, thinking they are saving themselves money by doing their own mechanic work, .... There's an indirect benefit to understanding new concepts.
What we can't know is how much something will be worth to us over a lifetime, value is personalized. A poor person stands to gain a lot more learning about their car so they don't get screwed at the auto shop, a rich person shouldn't care about what their car repair costs and would make much more from understanding investments. There is no reason not to learn everything you can, just don't try to manage things you can't.
No-one cares what websites you visit. It will not affect your life in any meaningful way.
If no-one cares where is there a billion dollar tracking industry, and Google spends a lot of effort tracking everything.
It will not affect your life in any meaningful way, unless you don't get along with your government, get divorced, are a public figure, may become involved in politics, etc, etc, etc.
Just because no one gives a shit about your masturbation habits in your moms basement, doesn't mean there aren't plenty of people that other groups would love to track.
It's up to the customer(s) to get together and test the different phone services that are doing this and make a detailed case to the FCC and FTC. If a irrefutable case can be made, one of the above organizations will fine the telco in question, hopefully for a large enough amount the telco decides it's not worth it.
Anyway, if you think this is happening complain to the FCC.
There is a very large percent of our population that would love to be able to spy on everything that everybody does around them. Yes, it is disturbing, but no, it is not rare. See great wall of china to see this occurring at a country wide scale.
It seems to be more of a case that a surveillance program reported back when it no longer should have, and that when it did it showed that a crime was talking place. In theory, the guy should have made a case then with the proper channels (it's very likely that he would have been given permission, since it's a child porn case). Likely, he was worried that something his kid had done on his computer might have been involved and he wanted to 'destroy' the evidence. Instead he found the principal was committing crimes.
1.) The student is free to install software on the laptop. If they graduate the laptop becomes the students.
2.) The FBI agent took the laptop to the shop to be clean up, aka, due diligence. He thought the software was gone.
3.) See 1 and 2.
4.) See 1 and 2.
5.) See 2. The agents expectations are that he would never hear from the software again. In most cases he would not have, either the shop or the school would have correctly re-imaged it this would not have occurred.
It was only because the principal 'stole' the laptop (it was returned because the student moved), instead of turning it over the tech department, that this situation occurred. The FBI agent 'expected' to never hear from the computer again. When he did, and it was apparent that it was being used in a crime, he was obligated to investigate. There are questions like, did the first report he received show evidence of a crime?, if so then I totally understand the judges position. This would have been dumb luck from a series of coincidences.
Also, the computer was remanded to a public school and not a private individual. It could be assumed that when the computer started communicating again that it was doing so from the public school system or in its employ. We already know that public school have (suffer from) a lower bar of privacy, aka, your lockers and bags can be searched without a warrant. The school laptop already had a lower expectation of 4th amendment rights, even if this case was by accident.
Some recovery partitions do not fully wipe the computer. They move your data to a subfolder like Windows.old, etc. In a recovery like this, it wouldn't seem surprising that a piece of software that the article was about was able to survive.
This right here. Most people don't want to spend the cash on a full wipe and reinstall on a computer. DBAN takes a long time, and most techs don't want the computer grinding away taking up a bench slot for so long. That said, most of the shops, and customers, I contract for will do a full wipe if the customer says they have financial data, health records, or other critical information.
Cool, tell me how to run unsigned code on my PS3 without having obsolete firmware or a hardware flasher.
(Hint: the hacks that "completely" cracked the PS3 didn't.)
Without the DMCA, it just would have gone even faster and been even more hilariously one sided.
We might be able to tell you how to run unsigned code on your PS3, but the people/group that had the knowledge to do it said 'Fuck this, I don't want to sit in jail'.
No, the reason Vista bombed was because Nvidia and ATI couldn't write a stable video card driver!
You forgot the part ', because Microsoft changed up the Vista game very late in the product cycle.'
I'm not sure if this antenna does what you need, but http://www.l-com.com/item.aspx?id=41160 , 800 MHz - 2.5 GHz 11dBi Log Periodic Broadband Yagi Antenna $60. If you have the 700MHz LTE that may not work.
I've been using l-com since early 2000 when they were still Hyperlink Technologies and can attest to the quality of their products. We had many of their antenna up for 8 years, only switching them to another model of their product in the 5GHz range so we could get higher speeds with newer radios. They have survived being outside in Texas weather without a glitch.
If you are doing an outside install of any antenna, use lightning protection. I have seen too many places stick a fixed wireless antenna outside, only to have it hit by lightning and have it come back thru the network port.
From reading a quick description on how the virus works... This school seems to have no fucking clue what AD/GPO/LUA means. It sounds like the notebooks can either copy files to each other over the network or students can copy .exe's to the network servers. Fail 1. It also sounds like the students are running without least user authorization, aka, they can get admin access to their computers easy, or they already have it. Fail 2, maybe. It could have been a teacher who got it and was allowed to write stuff to places that was dangerous and because of poor AD layout allowed it to get everywhere. Fail 2 again, maybe. Of course maybe the teachers or students didn't start spreading it and some dipshit admin got it in the first place and managed to get it in a directory that the GPO launches a startup script. Major Fail 2 if this happened. Other then the last one, I still don't understand how it would have launched and ran unless the students could run as admin, this virus needs to write to the Windows directory. Honestly there are so many more possible fails here, I'll give up even trying to list them.
The district has 25,000 computers, if even 10% of them is infected with this, it's not very easy to fix just due to the size of the job. At worst taking 25,000 hard drives out of laptops is an insane job. Better to have a linux or maybe a PE cd of some sort that boots and auto tackles the infection. Or, really, backup all the kids non-exe files and nuke from orbit with a fresh install image.
I'm pretty sure in the days that MS bought Excel, businesses though thought easy to use spreadsheets on inexpensive hardware was pretty damn cool, and they ate it up with their dollars. They understood the market pretty well and dominated it.
Microsoft did not understand the music player office and zune was flushed like a turd.
I don't think they get touch so much either, every MS W8 touch thing I've messed with I've been highly annoyed at.
No, it means he probably knows 'how' to file a detailed bug report. Most people can't, hell, I'm not sure how many techs can even do it right. It also means he probably tests all kinds of things before submitting a report.
Filing a bug report that says 'When I do $a, $b happens' it totally different from.
'When I do $a, $b happens in configurations $w, $x, $y, but not $z when using components $1, $2, and $3.'
A bug report with a detailed test case, and possible solutions (in the open source case) goes a long way.
http://www.patriotmemory.com/company/news/newsp.jsp?source=217
I'm going to assume he was talking about a USB stick 'drive'.
I wonder if it's on a MyISAM or InnoDB table type, or if he has cheesy drive that is lying about write barriers, or if he's using a kernel that doesn't treat barriers correctly. You do lose a lot of write performance making mysql act safely.
All the six drives ive had started going bad by returning corrupted data (no errors shown on SMART, just bluescreens).
Never buy lifetime warrantied products from eithe of those companies. Patriot refused my lifetime warrantied drive by claiming it was damaged in the mail and OCZ just flat out refused claiming the drives werent currently manufactured (although under warranty).
https://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty_Act
Anytime a manufacture tries to dick with me about a warranty I name toss the above, along with FTC, Postmaster General, and the State Attorney General. Sorry, you can't advertize a warranty then say it doesn't exist. The Patriot one is a little harder to deal with, regular HDD manufactures look for any reason in shipping to void your warranty, so make sure you follow their packing directions. When the manufactures do try and mess with me, I make sure there newegg and amazon product lists get the message. Of course, when I get treated well, I make sure everyone knows about it too.
I have IPv6 at home, but had to disable it: a bug in NetworkManager caused it to misbehave when it encountered a IPv6 DHCP on wifi. Long story short, I had a kernel panic every 30 minutes (+/- 10 min). Windows 7 via wifi? No problem. Linux via ethernet cable? No problem. Will have to check if it was patched since I last tried it.
That sounds like neither a bug in networkmanager nor with DHCPv6. Neither of those would cause a kernel panic. That's a bad wireless network card driver. Network manager did have issues with DHCPv6, but it's more on the lines of not setting the routing correctly
Oh, I'd add more then a few IPv6 end points to the net if the cable company would provide IPv6 to the business fibre service here. For now we stack services on ip addresses via NAT. Fun to scan an IP and see Windows and Linux services living at the same address.
IPv6 Capable operating systems: check. .........
IPv6 Capable router: check.
IPv6 Capable cable modem: check.
IPv6 Capable internet service:
Maybe one of these years the cable company will get this figured out, sigh.
It depends on how the locks are sold, If they cost 10x as much as a regular lock and advertized to protect against this kind of attack, then yes the lock selling company might have an issue. If I sell you a zipgun proof lock and it's not, it become an issue of product misrepresentation.
Also, up till recently, most people thought of these lock devices as secure, or at least the level of attack that would have to occur would be difficult and rare. Now it's less noticeable to hack these locks then a regular door.
As long as you realize that air-gapping is a weak form of security in itself, air-gapping is ok. One break in the gap and it folds. Too many wireless devices out there these days to ever be sure that your system is really isolated. If your plant network isn't monitored for aberrant traffic patterns and firewalled from internal threats, you'll never know if your air-gap is working.
These days you have to design your system in such a manner as to have expected that your 'private' network has become connected to your public network. What used to be a techs laptop, is now a techs laptop with a 3G/4G card. You can have a network connection open to the world where you never expected it. Things also get connected by accident, someone plugs the internet switch in to the private network, then later some hacker notices it. Holes in the firewall, or other compromised computers relaying a tcp tunnel via authorized traffic ports. Oh, and the most major one, convenience without thinking about security.
Ah, you're the reason they keep adding more cores to processors.
Why write software correctly when we burn power and increase our security footprint like crazy.
When the light turns on, the roaches scurry. SCADA has been ignored by infosec up till now. Many of these systems are old, or are new systems not designed any different then they were in the 80's or 90's. It's not hard to find low hanging fruit when you're the first person picking it. Give 'the system' a few years and it won't be any different then Linux and Windows bug hunting now.... once you convince everyone to upgrade, that is.