Please tell me what I'm doing wrong: - SSH keys where possible - Mandatory randomly generated passwords for the accounts that can't use SSH keys - Only HTTP, DNS and SSH are exposed via the hardware load balancer - Software is updated every 6 - 12 months, or when a specific threat is discovered.
Oh no! I've got SSH on port 22. I'm going to get hacked now!!!!
Erm they do only run one application. It has different modules but I'd be surprised if it isn't a single executable.
DOS has shit hardware support. QNX is similar but actively maintained and can handle the graphics and input aspects so Ford doesn't have to write a TCP/IP and touch screen driver from scratch. It is very cheap and light however.
Windows (embedded or not) is quite bloaty and expensive for running one app.
QNX had a demo awhile back. A full GUI OS with web browser that fit and booted from a 1.44mb floppy disk. Windows 3.11 needed 13 floppies if I remember correctly. That is some perspective for you.
If you expose easily exploited stuff, you deserve to get owned.
They try stuff like username 'admin' password '123456'. If that is a issue for your server you are an idiot. If you say use SSH keys then you don't have to give the script kiddies and automated attacks a second thought - they will *never* get in.
Erm you do know that SSH broadcasts it's presence as soon as you connect right?
Try "telnet server.com 22" and you'll see how nice and obvious it is that you've found a SSH server. You'll get a nice banner like "SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1"
The moment the port scan finds it, they know it is SSH.
It gives the *illusion* of security, which makes people slack. E.g. My SSH password is 123456 but don't worry its ok! I changed the SSH port to 1234 so I'm safe.
I avoid smoke and mirrors security as much as possible.
APNIC does give them out reasonably freely. I just got a/24 last month.
Mind you a/28 wouldn't be coming from APNIC, that would be from your host which can still be difficult but not nearly as much as from APNIC./28 is also a relatively small amount.
On the assumption you never used any parameters. E.g. sure children() can be done in 1 line without jQuery, but children("input[type=input]") most certainly cannot. That specific example is a pain in the butt without jQuery.
Why should a legal wiretap be hidden from the court? Anyone who does illegal things and talks about them over the phone is a moron.
The identity of the informants or undercover agents don't need to be revealed and they usually aren't. The court just needs to know it was legal. The DEA is talking about breaking the law, then trying to cover it up. They aren't trying to protect anyone except their backsides.
Getting cocaine to rub over the bills to enhance their authenticity requires hanging out in some dodgy neighbourhoods. That is what stops me from doing it.:P
Slashdot Mirror
Yes I do as a matter of fact.
Please tell me what I'm doing wrong:
- SSH keys where possible
- Mandatory randomly generated passwords for the accounts that can't use SSH keys
- Only HTTP, DNS and SSH are exposed via the hardware load balancer
- Software is updated every 6 - 12 months, or when a specific threat is discovered.
Oh no! I've got SSH on port 22. I'm going to get hacked now!!!!
Erm they do only run one application. It has different modules but I'd be surprised if it isn't a single executable.
DOS has shit hardware support. QNX is similar but actively maintained and can handle the graphics and input aspects so Ford doesn't have to write a TCP/IP and touch screen driver from scratch. It is very cheap and light however.
Windows (embedded or not) is quite bloaty and expensive for running one app.
QNX had a demo awhile back. A full GUI OS with web browser that fit and booted from a 1.44mb floppy disk.
Windows 3.11 needed 13 floppies if I remember correctly. That is some perspective for you.
If you expose easily exploited stuff, you deserve to get owned.
They try stuff like username 'admin' password '123456'. If that is a issue for your server you are an idiot.
If you say use SSH keys then you don't have to give the script kiddies and automated attacks a second thought - they will *never* get in.
Erm you do know that SSH broadcasts it's presence as soon as you connect right?
Try "telnet server.com 22" and you'll see how nice and obvious it is that you've found a SSH server.
You'll get a nice banner like "SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1"
The moment the port scan finds it, they know it is SSH.
I disagree. It is like changing the SSH port.
It gives the *illusion* of security, which makes people slack.
E.g. My SSH password is 123456 but don't worry its ok! I changed the SSH port to 1234 so I'm safe.
I avoid smoke and mirrors security as much as possible.
Right so just pass scanning electron microscopes out to everyone? That will make it really dead easy for anyone to spot counterfeits right?
Did it also say that someone would be friendly enough to sit there reading your messages and looking at your pictures of your own kids naked?
...from the cloud!
Yeah. What exactly is 'crypto' about this 'currency'? It is just a prepaid balance.
My uni had a pub on it's grounds. I assumed it was fairly normal.
Oh its really quite simple.....once you've learned basic English.
Keep at it. I'm sure you'll get there eventually.
Yep DD-WRT is on my RT-AC66U. Works brilliantly.
APNIC does give them out reasonably freely. I just got a /24 last month.
Mind you a /28 wouldn't be coming from APNIC, that would be from your host which can still be difficult but not nearly as much as from APNIC. /28 is also a relatively small amount.
2 words: Charge time.
Batteries are nowhere near as good as hydrocarbons on that front.
2 minutes vs 8 hours.
But conspiracy would apply to regular links too wouldn't it?
Nope. That is what makes this system interesting. I needs to be deliberately unstable.
The spring makes it flop around in all directions from just the slightest movements by the operator.
I am. Over the American education system though, not the images.
Metric really isn't that hard.
And "#my_div input[type=hidden],#otherdiv input[type=submit]" is for all intents and purposes impossible (in a reasonable timeframe) in plain js.
Oh sure I'd never use jQuery for just one or two things.
But the context here is a HTML 5 app with AJAX. The ajax functions alone are worth it and I doubt he included jQuery just for that.
On the assumption you never used any parameters. E.g. sure children() can be done in 1 line without jQuery, but children("input[type=input]") most certainly cannot.
That specific example is a pain in the butt without jQuery.
Oh man so many of those examples are ridiculous.
Look you don't need jQuery! You just type 20 lines of code and it does the same thing as jQuery's 1 line of code.
See? jQuery isn't needed at all.
Why should a legal wiretap be hidden from the court? Anyone who does illegal things and talks about them over the phone is a moron.
The identity of the informants or undercover agents don't need to be revealed and they usually aren't. The court just needs to know it was legal.
The DEA is talking about breaking the law, then trying to cover it up. They aren't trying to protect anyone except their backsides.
Yeah as if Getup will actually get anything done.
Not true!
Getting cocaine to rub over the bills to enhance their authenticity requires hanging out in some dodgy neighbourhoods. :P
That is what stops me from doing it.
Decibels are a logarithmic scale, not linear. 154 decibels are over twice as powerful as 150 decibels.