Yes, trackers can be slashdotted too. Some trackers went down smoking every week when naruto eps were released on them. Just couldn't handle the traffic with the early tracker code, but that was almost 2 years ago and I'd guess redhat has enough bandwidth to handle slashdotting.
> a PC could easily become a disposable item for the general public.
Attitude like that pretty much explains why our ice caps are melting and environment is dying. It takes lots of resources and energy to build a PC which strains the nature. Used PCs are toxic waste, even after being recycled properly. I hope we never see the day when normal PCs become a disposable items, such as yesterdays newspaper, atleast until the parts become 100% reusable, like old paper.
if you're really up no good..
on
The Evil in E-Mail
·
· Score: 4, Insightful
The emails you send would be encrypted instead plaintext. Real criminals aren't dumb, only the bad ones who get caught are.
No serious electronics engineer would build such thing from separate components today.
Special systems would most likely use some fpga and save several hours in building time, board space and expenses in mass production.
The fpga would take less power and have 10-100 times faster clock than those ttl chips.
And if you're dealing with $20 fpga vs. $200 in ttl chips which need to be wired by hand separately, the choice is quite obvious.
but waste of money
you could buy microcontroller and ethernet ready chipset for it for less than the cost of 200 ttls
and you'd get much better performance with that rig
I'm not completely familiar with the testing in US. but here drivers have right to decline the breathalizer test result if it's near the legal limit.
If driver denies it, the police will take him to hospital and take a blood test to find out the actual blood alcohol level. Of course it takes time to drive from the stopping place to hospital, but doctors can estimate the level since the time of breathalizer test is booked already and they can check the weight and height themselves to estimate alcohol burn rate more accurately.
Now if the blood alcohol level turns out to be lower than the legal limit after the blood test, driver walks with warning, otherwise he gets fined.
I'd consider the hackers around 80s rather good.. they werent script kiddies who downloaded something someone else wrote just to see if it worked, they developed some of the tools so new even the sysadmins at that time were surprised to see. Those programs are commonly used tools today, such as port scanners etc.
I highly doubt that any country had internet connections as considered today in 80es, but all they needed back then was one telephone line.
> This is a joke. If North Korea did try a "cyber attack" on America we could cut off their internet with a pair of scissors.
What good would it do to cut them off from the internet?
All you need is satellite phone and you're back online, continuing the attack from cover machines which they're sure to use, since no competent hacker would use his/her own connection to do the attack to begin with.
> The average cable modem user in America has more bandwidth than their entire country.
You said it yourself, guess twice where the attack is coming from. Is the average cable modem user capable to protect his/her computer against trained hackers?
> It's hard to afford computers and network access when 99.9% of your GDP goes to support your military
How is it hard, if you're hacker hired by the military? They supply the tools, you supply the means.
FTA: The first step requires the legitimate users to type the same secret, four-digit PIN into both devices.
Pin length isn't fixed in bluetooth.
It can be anything between 1 to 16 numbers.
Sure it's easy to crack if you use one or two digit length,
but with 8 digits or more, it will take much longer to crack using brute force.
Besides, bluetooth always requires authorization before allowing network/dialup access from the modem device, even if it's already paired with the client machine.
Annoying, but gives extra security step.
> What I'd _really_ like to see is the ability to make a phone go into vibrate-only mode
This is called location awareness, and it's included in 4G specifications. When you enter hospital, theatre etc. the phone will automatically switch to the defined mode of that area.
Volvo is already shipping cars with alcometer builtin to the ignition system,
if the driver has too high blood alcohol level, the ignition refuses to start the car.
I'm not sure if this system tests the blood level through skin, but it sounds bit similar to me.
That calculator counts only continuous power usage.
I punched in system that I measured to take ~500W when powering up, due spinning of drives, and that calculator recommended that I should use only 280W power for that system.
300W psu couldn't start that system, or if it even powered up, it would most likely burn while spinning up the drives.
Calculators like that are crap.
Just make a list of the components you're planning to use and search for their datasheets, they're available online almost without exception.
>> You must be out of touch. A heavily modded computer can easily use 600 watts.
>But they don't need to (and in fact, often don't - That 600W power supply might only ever draw 200W,
600w is alot for normal pc, but servers are another thing
for example, proliant 1500, which was 133 Pentium I, back from 1995 had 700w PSU on it that damn thing took 60w power when it was turned off!
Modern computers can easily draw that 300w when in use, although 200w is more likely, since most of them are coming with tft instead crt now.
But then again, you're probably geek like I am, and you don't have only one computer running.
I have 5 running at the moment, and I'm pretty sure I'm using that 600w all the time, easily.
And I don't even use modified computers if by that gp meant those useless color cathode tubes inside cases etc.
resource sharing is good, until certain point is reached
if you're running 100 websites on shared server, and something blows up, suddenly those 100 sites are down
now if you were running 100 servers instead, and one of them blows, it'll affect only one site
solution for this problem would of couse be something like run 10 server cluster and if one blows, it won't take any sites down, but would degrade some performance in speed
but to comment on the article, companies like q, sun(with blades), and others using transmeta cpus tried to push low energy servers to the market
the market didn't want them, they wanted more bang for the buck, so they didn't make great profit with slim rack servers.
I've started to wonder why people should remove spyware in first place.
If the browser is vulnerable, the spyware will be back there after few days of browsing again.
Why not just write software that fakes the information that spyware progs gather and render them useless to manufacture in begin with?
lies, damn lies, statistics..
I've downloaded different versions and same version several times for my own use after several reinstalls.
I'm pretty sure all those downloads(+20 of them) count in on that 80 million.
They are in sweden, MPAA/RIAA cannot touch them, since they don't violate any swedish laws.
And they have their own lawyers to consult any possible borderline areas.
But this isn't going to last very long.
Sweden is changing their copyright law, though it's only proposed law now, and if it passes as it is, it might kick in as early as june or july.
The law focuses on taking down people making profit with illegal filesharing.
You can guess twice if they're paying for allthis from their own pockets. This page is pretty much the thing that makes piratebay illegal under the new law.
If they could pay the stuff from their own pocket without accepting any donations, the law couldn't touch them.
They're in trouble if they keep the tracker running and continue with the current way.
If you're buying new hardware and you're forced to buy OS with it, and only option is the MS one, you can save hundreds of dollars by selecting this crippled version instead.
Naturally it won't be any use, but since your company already has volume license to Win XP Pro, you can just replace the crippled versions with the proper one.
Even with the leaked source code, you'd have to be quite skilled progammer to find flaws which you could exploit in there. The strength(and flaws) of internet become from the versatile equipment used in creating it. Most operators have their own device setup they're familiar with. Not everything runs with cisco, though they would probably want it that way.(ca-ching)
The hardware in question isn't your average linux/bsd router, so you can't just whip up exploit with x86 compiler and push it in. Since the system isn't normal x86, you'd need to have similar equipment where to build and test the exploit before trying to use it out in open. And even with ebay, most cisco stuff is still out of reach for scriptkiddies and even some more skilled hackers.
Now, assuming you are skilled enough to find holes in code, and resourceful enough to scrap together a platform where you can build and test exploits, there's few steps still to take before you have anything worth getting worried about. You would need to find some remote hole in the code which would give you some degree of access to the system, and then another hole to actually execute your exploit on the system.
Any correctly configured router would have remote console access either disabled or in separate management network, so basically it's impossible to find remote hole against routers directly.
But let's assume you found one, and got the local exploit in: The local exploit would probably do something that would be hidden from the user/administrator on IOS interface. Something like hidden routing tables, which the hacker could use to forward traffic destined to certain addresses through or to his own machines without the real user even noticing anything odd. This would enable hiding his own traffic for hacking other places through that connection, or just to transfer lots of data(warez). It could also allow man-in-the-middle attacks for throughgoing connections.
More realistic scenario: The programmer might find some buffer overflow from the code and with the overflow, he can create exploit that crashes the router remotely. That would create DoS situation on systems connected to the router, which would last until it's rebooted. The DoS woudn't halt entire internet, because when one route goes down, routers find another path to transfer the data.
Rsync isn't really an option for updating windows since the patch usually changes few dlls to different ones.
Most people don't have broadband, but most people don't have fast computers either, it might take long time to compile the source distributed update.
And your average joe won't have compiler on their machine anyway. I'd remove compiler from linux workstations too. The normal user, who surfs and reads email on the machine, won't have any need to compile things.
If local patches were used, I wouldn't worry about gpl coders peeking the code. I'd worry about worms patching the source code and creating new holes through modifying patch sources.
he would've used usb thumb drive to boot that thing and store the encryption key there.
Another pitfall is that samba.. not secure..
again, if he'd install vpn server there that would create secured medium for accessing it, would be another story.
The saddest part probably is that he raped SGI 320 and put AMD in it!
just to have cool case for his desktop, seesh, he'd have much more geek respect, by keeping that SGI intact.
Not really.. depends what you are using to send it. If you use the old fashioned way with the trigger, then it's hard(unless you've trained and used to using it), but geeks should be able to hack their keyboard to echo pressed key as its morse code to the output.
Morse is probably faster to "write" since you don't have to click send separately, it already transmits the letters once you push the trigger, unless you are using somekind of buffering.
Slashdot Mirror
Yes, trackers can be slashdotted too.
Some trackers went down smoking every week when naruto eps were released on them.
Just couldn't handle the traffic with the early tracker code, but that was almost 2 years ago and I'd guess redhat has enough bandwidth to handle slashdotting.
> a PC could easily become a disposable item for the general public.
Attitude like that pretty much explains why our ice caps are melting and environment is dying.
It takes lots of resources and energy to build a PC which strains the nature.
Used PCs are toxic waste, even after being recycled properly.
I hope we never see the day when normal PCs become a disposable items, such as yesterdays newspaper, atleast until the parts become 100% reusable, like old paper.
The emails you send would be encrypted instead plaintext.
Real criminals aren't dumb, only the bad ones who get caught are.
No serious electronics engineer would build such thing from separate components today.
Special systems would most likely use some fpga and save several hours in building time, board space and expenses in mass production.
The fpga would take less power and have 10-100 times faster clock than those ttl chips.
And if you're dealing with $20 fpga vs. $200 in ttl chips which need to be wired by hand separately, the choice is quite obvious.
but waste of money
you could buy microcontroller and ethernet ready chipset for it for less than the cost of 200 ttls
and you'd get much better performance with that rig
I'm not completely familiar with the testing in US. but here drivers have right to decline the breathalizer test result if it's near the legal limit.
If driver denies it, the police will take him to hospital and take a blood test to find out the actual blood alcohol level.
Of course it takes time to drive from the stopping place to hospital, but doctors can estimate the level since the time of breathalizer test is booked already and they can check the weight and height themselves to estimate alcohol burn rate more accurately.
Now if the blood alcohol level turns out to be lower than the legal limit after the blood test, driver walks with warning, otherwise he gets fined.
I'd consider the hackers around 80s rather good.. they werent script kiddies who downloaded something someone else wrote just to see if it worked, they developed some of the tools so new even the sysadmins at that time were surprised to see. Those programs are commonly used tools today, such as port scanners etc.
I highly doubt that any country had internet connections as considered today in 80es, but all they needed back then was one telephone line.
> This is a joke. If North Korea did try a "cyber attack" on America we could cut off their internet with a pair of scissors.
What good would it do to cut them off from the internet?
All you need is satellite phone and you're back online, continuing the attack from cover machines which they're sure to use, since no competent hacker would use his/her own connection to do the attack to begin with.
> The average cable modem user in America has more bandwidth than their entire country.
You said it yourself, guess twice where the attack is coming from. Is the average cable modem user capable to protect his/her computer against trained hackers?
> It's hard to afford computers and network access when 99.9% of your GDP goes to support your military
How is it hard, if you're hacker hired by the military? They supply the tools, you supply the means.
FTA: The first step requires the legitimate users to type the same secret, four-digit PIN into both devices.
Pin length isn't fixed in bluetooth.
It can be anything between 1 to 16 numbers.
Sure it's easy to crack if you use one or two digit length,
but with 8 digits or more, it will take much longer to crack using brute force.
Besides, bluetooth always requires authorization before allowing network/dialup access from the modem device, even if it's already paired with the client machine.
Annoying, but gives extra security step.
simple, they just use someone they both trust to handle the money
even shady businesses have semi-legitimate escrow services
> What I'd _really_ like to see is the ability to make a phone go into vibrate-only mode
This is called location awareness, and it's included in 4G specifications.
When you enter hospital, theatre etc. the phone will automatically switch to the defined mode of that area.
> 3600 Han Solo's = 1 LoC = 24 Volkswagon Bugs
well, I guess that answers how many Han Solo's you can fit in a Volkswagen Bug..
Volvo is already shipping cars with alcometer builtin to the ignition system,
if the driver has too high blood alcohol level, the ignition refuses to start the car.
I'm not sure if this system tests the blood level through skin, but it sounds bit similar to me.
That calculator counts only continuous power usage.
I punched in system that I measured to take ~500W when powering up, due spinning of drives, and that calculator recommended that I should use only 280W power for that system.
300W psu couldn't start that system, or if it even powered up, it would most likely burn while spinning up the drives.
Calculators like that are crap.
Just make a list of the components you're planning to use and search for their datasheets, they're available online almost without exception.
he didn't know the passwords to the web interface?
*cough*RTFM*cough*
>> You must be out of touch. A heavily modded computer can easily use 600 watts.
>But they don't need to (and in fact, often don't - That 600W power supply might only ever draw 200W,
600w is alot for normal pc, but servers are another thing
for example, proliant 1500, which was 133 Pentium I, back from 1995 had 700w PSU on it
that damn thing took 60w power when it was turned off!
Modern computers can easily draw that 300w when in use, although 200w is more likely, since most of them are coming with tft instead crt now.
But then again, you're probably geek like I am, and you don't have only one computer running.
I have 5 running at the moment, and I'm pretty sure I'm using that 600w all the time, easily.
And I don't even use modified computers if by that gp meant those useless color cathode tubes inside cases etc.
resource sharing is good, until certain point is reached
if you're running 100 websites on shared server, and something blows up, suddenly those 100 sites are down
now if you were running 100 servers instead, and one of them blows, it'll affect only one site
solution for this problem would of couse be something like run 10 server cluster and if one blows, it won't take any sites down, but would degrade some performance in speed
but to comment on the article, companies like q, sun(with blades), and others using transmeta cpus tried to push low energy servers to the market
the market didn't want them, they wanted more bang for the buck, so they didn't make great profit with slim rack servers.
I've started to wonder why people should remove spyware in first place.
If the browser is vulnerable, the spyware will be back there after few days of browsing again.
Why not just write software that fakes the information that spyware progs gather and render them useless to manufacture in begin with?
lies, damn lies, statistics..
I've downloaded different versions and same version several times for my own use after several reinstalls.
I'm pretty sure all those downloads(+20 of them) count in on that 80 million.
simple answer, the law itself
They are in sweden, MPAA/RIAA cannot touch them, since they don't violate any swedish laws.
And they have their own lawyers to consult any possible borderline areas.
But this isn't going to last very long.
Sweden is changing their copyright law, though it's only proposed law now, and if it passes as it is, it might kick in as early as june or july.
The law focuses on taking down people making profit with illegal filesharing.
You can guess twice if they're paying for all this from their own pockets.
This page is pretty much the thing that makes piratebay illegal under the new law. If they could pay the stuff from their own pocket without accepting any donations, the law couldn't touch them.
They're in trouble if they keep the tracker running and continue with the current way.
If you're buying new hardware and you're forced to buy OS with it, and only option is the MS one, you can save hundreds of dollars by selecting this crippled version instead.
Naturally it won't be any use, but since your company already has volume license to Win XP Pro, you can just replace the crippled versions with the proper one.
They didn't use holes in cisco routers to break into their network.
They used stolen passwords gathered from other hacked machines by using trojaned sshd's.
Says so in TFA.
Even with the leaked source code, you'd have to be quite skilled progammer to find flaws which you could exploit in there.
The strength(and flaws) of internet become from the versatile equipment used in creating it. Most operators have their own device setup they're familiar with.
Not everything runs with cisco, though they would probably want it that way.(ca-ching)
The hardware in question isn't your average linux/bsd router, so you can't just whip up exploit with x86 compiler and push it in.
Since the system isn't normal x86, you'd need to have similar equipment where to build and test the exploit before trying to use it out in open.
And even with ebay, most cisco stuff is still out of reach for scriptkiddies and even some more skilled hackers.
Now, assuming you are skilled enough to find holes in code, and resourceful enough to scrap together a platform where you can build and test exploits,
there's few steps still to take before you have anything worth getting worried about.
You would need to find some remote hole in the code which would give you some degree of access to the system, and then another hole to actually execute your exploit on the system.
Any correctly configured router would have remote console access either disabled or in separate management network, so basically it's impossible to find remote hole against routers directly.
But let's assume you found one, and got the local exploit in:
The local exploit would probably do something that would be hidden from the user/administrator on IOS interface.
Something like hidden routing tables, which the hacker could use to forward traffic destined to certain addresses through or to his own machines without the real user even noticing anything odd.
This would enable hiding his own traffic for hacking other places through that connection, or just to transfer lots of data(warez).
It could also allow man-in-the-middle attacks for throughgoing connections.
More realistic scenario:
The programmer might find some buffer overflow from the code and with the overflow, he can create exploit that crashes the router remotely.
That would create DoS situation on systems connected to the router, which would last until it's rebooted.
The DoS woudn't halt entire internet, because when one route goes down, routers find another path to transfer the data.
Rsync isn't really an option for updating windows since the patch usually changes few dlls to different ones.
Most people don't have broadband, but most people don't have fast computers either, it might take long time to compile the source distributed update.
And your average joe won't have compiler on their machine anyway.
I'd remove compiler from linux workstations too. The normal user, who surfs and reads email on the machine, won't have any need to compile things.
If local patches were used, I wouldn't worry about gpl coders peeking the code. I'd worry about worms patching the source code and creating new holes through modifying patch sources.
he would've used usb thumb drive to boot that thing and store the encryption key there.
Another pitfall is that samba.. not secure.. again, if he'd install vpn server there that would create secured medium for accessing it, would be another story.
The saddest part probably is that he raped SGI 320 and put AMD in it! just to have cool case for his desktop, seesh, he'd have much more geek respect, by keeping that SGI intact.
Not really.. depends what you are using to send it.
If you use the old fashioned way with the trigger, then it's hard(unless you've trained and used to using it), but geeks should be able to hack their keyboard to echo pressed key as its morse code to the output.
Morse is probably faster to "write" since you don't have to click send separately, it already transmits the letters once you push the trigger, unless you are using somekind of buffering.