If you push all this content on to a TLD someone would have to run a filter on port 80 to find the.xxx traffic. This leads to all port 80 traffic being inspected. If you really care about protecting privacy you don't want all port 80 traffic inspected.
This proposal seems to allow those who develop the content to determine if it accessible via this new port.
This proposal cuts those who would filter traffic over port 80 out of the solution.
Given all the press about the lack of adequate security mesaures on many U.S. government networks maybe Microsoft executives were seeking a more accepting audince for their latest efforts?
Right at the start of the release notes for Firefox 1.0.1 it says "Prior to installing Firefox 1.0.1, please ensure that the directory you've chosen to install into is clean and doesn't contain any previous Firefox installations.". Lots of folks (like me) who download and run the Windows installer have found that Firefox shows up multiple times under installed programs. The only way to clear out previous versions is to uninstall all versions and manually delete files and clear the install directory.
This is imporatnt to coprorate folks who may be using an asset or build tracking system to track adoption of software products. You get bad data if a PC shows that it has multiple versions of any program installed.
The referenced article says that Visa and other credit card companies are looking at this technology to make it easier for card holders to use the cards for small purchases. If enough legit small purchases are made these credit card companies will make more money but will that reduce their overall exposure to fraud? Will these additional funds that run through my credit card make the card cheaper (lower or no annual fees and lower monthly interest rates)? It will be interesting to see how no fee and low interest rate Visa and MasterCard offerers adopt this.
Duh? So where does the data used to feed the hash come from? You potentially get a piece of the original message.
You said: "The attack has nothing to do with trying to discover contents based on the hash, it has to do with generating intentional collisions."
A collision is defined as a string that produces the same hash. The contents of the original message would produce that same hash. A collision can result in disclosing the data used to generate the hash.
You should play Sim City. If you did you would learn that there are things that municipalities do in order to create a community and a justification as to why taxes should even be collected. Like providing roadways and establishing a law enforcement capability. The point here is that WiFi might fit into this category and attract people and businesses to reside in a municipality.
Wow! 2^69 instead on 2^80. The reality is that use of SHA-1 STILL places a significant cyptographic barrier in front of an attacker trying to discover the contents of hashed payload. I'd argue that using any form of cryptography (save null) presents a barrier that the average hacker won't even attempt to overcome.
This was a great story about innovation. He are 5 projects where some bright folks got off their butts and solved different problems in order to improve an everyday item.
Sure, Belkin makes an external battery for an iPod. But it's not in an Altoids tin. That's cool.
And just about everybody who uses a computer uses a mouse at some point; and here this dude puts a little cyrogenic spin on it. Hey, does anyone know where I can find a Lego sized Bill Gates?
When IT folks consider adding different applications to their "standard builds" the different platforms that support the application are often considered. Pushing Mozilla.org products out to different operating systems should help spread the product and get it into the hands of corporate users.
While I can't assess this article's accuracy; the writer does a good job of explaining exactly why each of the products are "worst". I found the pointer to the magazine product reviews helpful to find something better. And it was funny too.
Competition is a great thing when there are decent competitors offering similar products. Given what you've written here I think you've heard a lot of things but not gotten very much right.
You said "...but IOS supports only a small handful of routing protocols and is woefully lacking on QoS support...". Name a router OS that supports more routing protocols than IOS? There isn't one. There is no Linux OS that supports all the routing protocols of even a basic Cisco router. Can you point at a single QOS mechanism that IOS doesn't support for classifying and routing at layer 3?
You are totally lost by suggesting that there is the potential of a Linux play here. The type of routers that we're talking about here are in the Internet service provider core. They need to be specialized hardware and software devices.
The problem is that seemingly everytime this area of discussion comes up somebody brings up Linux as an alternative. It's not useful there. Linux is as useful in the ISP core as a crescent wrench is useful for driving nails.
If you don't like the way PR works and you thought the previous version better; why not just roll back? Can't you locate the previous install file on one of those big servers in Redmond?
The problem here is that many folks who administer security think they know better than everyone else.
In order for security to work there has to be policy that defines what is being secured; how it is secured; and who is responsible for security. That policy doesn't have to define penalties but should define what a security violation is.
Authority is something that is shared. It is shared between the people who are responsible for what is being secured and those who secure it. If you are an administrator who can change a configuration you have some authority.
Penalties are something that need to be determined based on the circumstances. The guy who ribs a bank and throws the note he gave to the cashier on the ground on the way out usually isn't charged with littering. That charge is not levied in context of the situation (that when caught more serious charges will be levied).
Slashdot Mirror
Isn't it great when a PR person's babble gets slashdotted by some "Anonymous Coward". Slashdot is the new voice of The Man.
If you push all this content on to a TLD someone would have to run a filter on port 80 to find the .xxx traffic. This leads to all port 80 traffic being inspected. If you really care about protecting privacy you don't want all port 80 traffic inspected.
This proposal seems to allow those who develop the content to determine if it accessible via this new port.
This proposal cuts those who would filter traffic over port 80 out of the solution.
Given all the press about the lack of adequate security mesaures on many U.S. government networks maybe Microsoft executives were seeking a more accepting audince for their latest efforts?
Right at the start of the release notes for Firefox 1.0.1 it says "Prior to installing Firefox 1.0.1, please ensure that the directory you've chosen to install into is clean and doesn't contain any previous Firefox installations.". Lots of folks (like me) who download and run the Windows installer have found that Firefox shows up multiple times under installed programs. The only way to clear out previous versions is to uninstall all versions and manually delete files and clear the install directory.
This is imporatnt to coprorate folks who may be using an asset or build tracking system to track adoption of software products. You get bad data if a PC shows that it has multiple versions of any program installed.
The referenced article says that Visa and other credit card companies are looking at this technology to make it easier for card holders to use the cards for small purchases. If enough legit small purchases are made these credit card companies will make more money but will that reduce their overall exposure to fraud? Will these additional funds that run through my credit card make the card cheaper (lower or no annual fees and lower monthly interest rates)? It will be interesting to see how no fee and low interest rate Visa and MasterCard offerers adopt this.
Duh? So where does the data used to feed the hash come from? You potentially get a piece of the original message. You said: "The attack has nothing to do with trying to discover contents based on the hash, it has to do with generating intentional collisions." A collision is defined as a string that produces the same hash. The contents of the original message would produce that same hash. A collision can result in disclosing the data used to generate the hash.
You should play Sim City. If you did you would learn that there are things that municipalities do in order to create a community and a justification as to why taxes should even be collected. Like providing roadways and establishing a law enforcement capability. The point here is that WiFi might fit into this category and attract people and businesses to reside in a municipality.
Wow! 2^69 instead on 2^80. The reality is that use of SHA-1 STILL places a significant cyptographic barrier in front of an attacker trying to discover the contents of hashed payload. I'd argue that using any form of cryptography (save null) presents a barrier that the average hacker won't even attempt to overcome.
Not.
This was a great story about innovation. He are 5 projects where some bright folks got off their butts and solved different problems in order to improve an everyday item.
Sure, Belkin makes an external battery for an iPod. But it's not in an Altoids tin. That's cool.
And just about everybody who uses a computer uses a mouse at some point; and here this dude puts a little cyrogenic spin on it. Hey, does anyone know where I can find a Lego sized Bill Gates?
Why couldn't you get this past TSA? Have batteries been declared hazardous recently?
This is a great hack!
When IT folks consider adding different applications to their "standard builds" the different platforms that support the application are often considered. Pushing Mozilla.org products out to different operating systems should help spread the product and get it into the hands of corporate users.
While I can't assess this article's accuracy; the writer does a good job of explaining exactly why each of the products are "worst". I found the pointer to the magazine product reviews helpful to find something better. And it was funny too.
Wow! A review of a terrabit router. Where is the promised overview of the battle? Did you get the link wrong?
Competition is a great thing when there are decent competitors offering similar products. Given what you've written here I think you've heard a lot of things but not gotten very much right.
You said "...but IOS supports only a small handful of routing protocols and is woefully lacking on QoS support...". Name a router OS that supports more routing protocols than IOS? There isn't one. There is no Linux OS that supports all the routing protocols of even a basic Cisco router. Can you point at a single QOS mechanism that IOS doesn't support for classifying and routing at layer 3?
You are totally lost by suggesting that there is the potential of a Linux play here. The type of routers that we're talking about here are in the Internet service provider core. They need to be specialized hardware and software devices.
The problem is that seemingly everytime this area of discussion comes up somebody brings up Linux as an alternative. It's not useful there. Linux is as useful in the ISP core as a crescent wrench is useful for driving nails.
If you don't like the way PR works and you thought the previous version better; why not just roll back? Can't you locate the previous install file on one of those big servers in Redmond?
The problem here is that many folks who administer security think they know better than everyone else.
In order for security to work there has to be policy that defines what is being secured; how it is secured; and who is responsible for security. That policy doesn't have to define penalties but should define what a security violation is.
Authority is something that is shared. It is shared between the people who are responsible for what is being secured and those who secure it. If you are an administrator who can change a configuration you have some authority.
Penalties are something that need to be determined based on the circumstances. The guy who ribs a bank and throws the note he gave to the cashier on the ground on the way out usually isn't charged with littering. That charge is not levied in context of the situation (that when caught more serious charges will be levied).