Re:PHP security all relies on the coder
on
Hardened PHP
·
· Score: 1
Once the attacker had gained access via user nobody, they ran one of several trivial Linux local root exploits to get root. Don't kid yourself, Linux ain't all that secure.
There was heated debate on a LUG mailing list a few weeks ago where a couple of people were essentially taking the piss out of some users who were diligently updating their kernels to fix local root vulnerabilities. They argued that if you are the only user on the machine how is anyone going to break in?
You can see the obvious point that I'm making - security should be layered.
Something like this probably - I made it up on the fly - haven't tested it (yes I know it's cack and that you could probably do it in 2 lines of perl:)
The time to brute force the password is a combination of many factors not just the strength (length and composition) of the password. The amount of resources avaible to compute the hashes and the complexity of the algorithm used to create the hashes have a large effect on how long it will take to compute a match.
In this age it is becoming possible to precompute the hashes and then look them up, in that case the "strength" of the password becomes less important.
"Was this done _just_ because it could have been done?"
Reading around it seems that the idea is to prove that the encryption method is good rather than just theoretically sound. Probably makes it easier to sell stuff based on ECC if you can show how hard it is to crack.
Some people still loves their Sun boxes, I think it reminds them of the good times:) The younger geeks I know are all wandering around with their iPods wishing they could afford to buy a nice G5 desktop machine.
Like you say owning a Sun box does not seem to as 1337 as it was - how important is that though? I'm sure Sun didn't make too much money off of people buying their kit for home use but lots of geeks get a say in what gets bought at work - how much will it effect them if the next generation of geek doesn't think Sun is cool (tm)?
The problem is how do you know how much 'filler' is on the album. Hearing songs at clubs and on the radio does not let know about the rest of the material. Currently I think there are 3 ways:
Listen to a copy your friend has
Skim through it at a record shop (if they will let you)
Download it
I personally don't have money to burn (and like to make up my own mind) but I do like to own CDs because they sound better on my equipment than MP3s do. I wish there was a way to not get duped into buying something which wasn't up to scratch without 'being shadey' or having to wait for someone else to make the leap of faith.
Who cares about the badger, what about the mushrooms and the SNNNAAAKKE!
More viruses for Linux?
on
Linux in Canada
·
· Score: 5, Insightful
Even if this is teh case I think the bigger problem will be when we have more Joe Blogs users who surf the internet as root. I see a lot of n00bs doing it and we always try and talk them round.
Even with the distro installers creating a normal acount its still worryinglt common. Run as root and you are more likely to be pwned in a nasty way.
At the end of me placement as part of my undergrad degree I was asked to train up my replacement. I didn't want to work there anymore and I knew they would end up replacing most of the work I had done for them if the new dude didn't catch on quickly.
So I worked like a bitch in my last few weeks to get the new guy ready. Means that all my hard work was not flushed down the pan.
Slashdot Mirror
Once the attacker had gained access via user nobody, they ran one of several trivial Linux local root exploits to get root. Don't kid yourself, Linux ain't all that secure.
There was heated debate on a LUG mailing list a few weeks ago where a couple of people were essentially taking the piss out of some users who were diligently updating their kernels to fix local root vulnerabilities. They argued that if you are the only user on the machine how is anyone going to break in?
You can see the obvious point that I'm making - security should be layered.
IIRC Metallica were cool with people trading amateur recordings of their live shows.
"good luck dictionary attacking a good password"
The time to brute force the password is a combination of many factors not just the strength (length and composition) of the password. The amount of resources avaible to compute the hashes and the complexity of the algorithm used to create the hashes have a large effect on how long it will take to compute a match.
In this age it is becoming possible to precompute the hashes and then look them up, in that case the "strength" of the password becomes less important.
Vision-Guided Flight for MAVs
Looks like these little blighters can be tricky to fly, they are using a computer to track the horizon to help keep them level.
"Even copying 500mb files can take intolerably long when you want it done 4 minutes ago."
I get about 11.5mb a second on my home network (Fast Ethernet) so this transfer would take ~48 seconds.
"Was this done _just_ because it could have been done?"
Reading around it seems that the idea is to prove that the encryption method is good rather than just theoretically sound. Probably makes it easier to sell stuff based on ECC if you can show how hard it is to crack.
Some people still loves their Sun boxes, I think it reminds them of the good times :) The younger geeks I know are all wandering around with their iPods wishing they could afford to buy a nice G5 desktop machine.
Like you say owning a Sun box does not seem to as 1337 as it was - how important is that though? I'm sure Sun didn't make too much money off of people buying their kit for home use but lots of geeks get a say in what gets bought at work - how much will it effect them if the next generation of geek doesn't think Sun is cool (tm)?
They have to get to 328,000 feet, seems like they are looking pretty good.
- Listen to a copy your friend has
- Skim through it at a record shop (if they will let you)
- Download it
I personally don't have money to burn (and like to make up my own mind) but I do like to own CDs because they sound better on my equipment than MP3s do. I wish there was a way to not get duped into buying something which wasn't up to scratch without 'being shadey' or having to wait for someone else to make the leap of faith.You mean write a patch for the President? Aren't you already using Mr Bush 2.0 or something :)
Being able to read the code can stop this from happening.
"A dead badger?"
Who cares about the badger, what about the mushrooms and the SNNNAAAKKE!
Even if this is teh case I think the bigger problem will be when we have more Joe Blogs users who surf the internet as root. I see a lot of n00bs doing it and we always try and talk them round.
Even with the distro installers creating a normal acount its still worryinglt common. Run as root and you are more likely to be pwned in a nasty way.
One of my friends works as a carer in an old peopels home, she reckons this thing could be really helpful (since they are massively understaffed).
At the end of me placement as part of my undergrad degree I was asked to train up my replacement. I didn't want to work there anymore and I knew they would end up replacing most of the work I had done for them if the new dude didn't catch on quickly.
So I worked like a bitch in my last few weeks to get the new guy ready. Means that all my hard work was not flushed down the pan.