Yeah I am not in your league but I did colocate in a building with some fairly strong physical security. Access was to be arranged 24 hours in advance by email. The thing was the email was unsecured, nothing was cryptographically signed so when they got a request from me they had no real way to check that it was really from me.
To be honest I don't see what they have done wrong. Their actions are no different from normal retailing. You buy low at a bulk supplier and sell high to individuals.
Sellers could cut them out by raising their prices so that demand matches supply.
'They wrote a script that impersonated users trying to access Facebook, and downloaded hundreds of thousands of possible CAPTCHA challenges from reCAPTCHA. They identified the file ID of each CAPTCHA challenge and created a database of CAPTCHA "answers" to correspond to each ID.
So how did they generate the answers? Did they brute force them with a dictionary search? Or was there some other technique their hired programmers used, but which was not described in the article?
But it sounds like the attackers were able to make assumptions about the target information systems by using knowledge of standard IS practices. Avoiding those practices may introduce a handy layer of obscurity.
Insisting on crypto all the way to the clients may help as well.
the best practices corporate IT departments have been following for years are ineffective against the attacks
Well obviously. Antivirus protects against old, common vectors. But if a company ran (say) ubuntu or (more likely) macos an attacker could still craft an attack against them, as long as they had information on the systems being used.
My favorite is something like Outlook is trying to retrieve mail from server XXX. Clearly the developers had absolutely no faith in the retrieval process working.
Reverse of that once on a public holiday I set up an ADSL line for my sisters share house. The line didn't come up after I had configured the modem so I resolved to call the help desk on the next business day. So I call the help(less) desk from work and explain the situation so this guy and he says well I can see it working okay from my end. So I said well thats interesting because it wasn't working yesterday and nothing has changed since then. He said it must have just come good when you started your computer. I said: there is nobody in the house right now. I am calling from work. ISP guy said okay lets end the call now...
The ISP had to configure something but they weren't going to admit to it.
If you're curious, here's some info on the magnetic declination in Canada. Scroll down for images. Last time I checked there was a significant change in declination from one year to the next. Government of Canada
Wow. Thats enough to give me serious doubts about relying on a magnetic compass in the bush.
on the plus side their compasses should work again
Seeing that the north magnetic pole is in Canada I doubt compasses there work like the do elsewhere. Magnetic deviation over that country must be... significant.
wouldn't any long cord hanging around near Earth most likely end up getting hit?
A tether was tested from the Shuttle and it did break at some point but I thought the problem was heating. If you want to try the magnetic field trick your tether will have to carry a lot of current and heating in vacuum can be a problem.
I could believe that an EPROM or two might make their way to China's own space programme. I recall that the USSR once aborted a Soyuz launch on Chinese territory and had to rush to recover the vehicle.
Deploying a tether isn't going to be easy because cables in microgravity tend to twist back into the shape they had on the spool. If you put a big weight on the end and push it away hard enough gravity will eventually pull the tether straight but overall it might be cheaper on the mass budget to use a solid rocket motor.
If guidance on a dead vehicle is an issue you could build a simple drag brake using a big Mylar balloon. Something like the echo satellites. You need just enough gas inside to inflate an envelope. And when the gas escapes the envelope will make a pretty good drag brake anyway.
The squashed thing hasn't disturbed the ground at all. I wouldn't expect a crater but a few displaced rocks would be expected. Thats what happened on Mars when the rover backshells impacted anyway. So maybe somebody dragged it to the site where the pictures were taken. It certainly looks like it came down with a hell of a thump.
Also the sphere beside the squashed thing looks like it would have either been previously inside or attached to the larger object, or it would have rolled and bounced away. The picture looks somewhat staged for that reason.
But it depends on how much you take. Many people consume a bit of alcohol here and there without being really dependent on it. I have always avoided the stuff but now I have to take a prescribed selective depressant to keep seizures under control. Maybe the millions of voluntary consumers of alcohol and other drugs are self medicating. Maybe this is a requirement of our big brains which we evolved to need.
I think the tsunami was 20cm in New Zealand, 10cm on an island east of Tasmania and maybe a few cm on the east coast of the Australian mainland. So over here its not bad at all.
I wondered if the comparatively big wave on the coast of Chile was caused by a landslip under water.
Because of the distances involved there seems to have been plenty of time to send the word around to get people clear of the water. Beaches were closed in suburban Sydney because its the kind of place where people would sit in the water to feel the tsunami for themselves.
Yeah I am not in your league but I did colocate in a building with some fairly strong physical security. Access was to be arranged 24 hours in advance by email. The thing was the email was unsecured, nothing was cryptographically signed so when they got a request from me they had no real way to check that it was really from me.
Or, maybe, just maybe, in the interests of culture, fixed price ticketing is actually a good thing...
So then how do you distribute tickets, other than having a mad, random rush to sell them in the first few seconds they are on sale?
Belgium the sites were unreachable 2 days before the sale even started.
And what makes you think that was due to automation? Don't forget we ourselves have taken down a server or two in our times.
To be honest I don't see what they have done wrong. Their actions are no different from normal retailing. You buy low at a bulk supplier and sell high to individuals.
Sellers could cut them out by raising their prices so that demand matches supply.
'They wrote a script that impersonated users trying to access Facebook, and downloaded hundreds of thousands of possible CAPTCHA challenges from reCAPTCHA. They identified the file ID of each CAPTCHA challenge and created a database of CAPTCHA "answers" to correspond to each ID.
So how did they generate the answers? Did they brute force them with a dictionary search? Or was there some other technique their hired programmers used, but which was not described in the article?
I can go home a few microseconds early today.
But it sounds like the attackers were able to make assumptions about the target information systems by using knowledge of standard IS practices. Avoiding those practices may introduce a handy layer of obscurity.
Insisting on crypto all the way to the clients may help as well.
the best practices corporate IT departments have been following for years are ineffective against the attacks
Well obviously. Antivirus protects against old, common vectors. But if a company ran (say) ubuntu or (more likely) macos an attacker could still craft an attack against them, as long as they had information on the systems being used.
No. The south magnetic pole is in Canada. That's why the north pole of a magnet needle will point in that direction.
Good point.
My favorite is something like Outlook is trying to retrieve mail from server XXX. Clearly the developers had absolutely no faith in the retrieval process working.
Reverse of that once on a public holiday I set up an ADSL line for my sisters share house. The line didn't come up after I had configured the modem so I resolved to call the help desk on the next business day. So I call the help(less) desk from work and explain the situation so this guy and he says well I can see it working okay from my end. So I said well thats interesting because it wasn't working yesterday and nothing has changed since then. He said it must have just come good when you started your computer. I said: there is nobody in the house right now. I am calling from work. ISP guy said okay lets end the call now...
The ISP had to configure something but they weren't going to admit to it.
It you have to use a compass in the bush, then maybe she needs to shave...
I'm more a protractor and set circle man myself.
Here in Australia magnetic declination is almost always 11 degrees and QNH changes every couple of days.
If you're curious, here's some info on the magnetic declination in Canada. Scroll down for images. Last time I checked there was a significant change in declination from one year to the next. Government of Canada
Wow. Thats enough to give me serious doubts about relying on a magnetic compass in the bush.
*woosh*
Thanks!
on the plus side their compasses should work again
Seeing that the north magnetic pole is in Canada I doubt compasses there work like the do elsewhere. Magnetic deviation over that country must be ... significant.
As the population expands, so too does our ability to deal with its demands.
But not to infinity, right?
I don't see how it can ever be pleasant to live so close to other people. I'm all for energy efficiency, but there has to be a better way.
Fewer People.
wouldn't any long cord hanging around near Earth most likely end up getting hit?
A tether was tested from the Shuttle and it did break at some point but I thought the problem was heating. If you want to try the magnetic field trick your tether will have to carry a lot of current and heating in vacuum can be a problem.
I could believe that an EPROM or two might make their way to China's own space programme. I recall that the USSR once aborted a Soyuz launch on Chinese territory and had to rush to recover the vehicle.
Deploying a tether isn't going to be easy because cables in microgravity tend to twist back into the shape they had on the spool. If you put a big weight on the end and push it away hard enough gravity will eventually pull the tether straight but overall it might be cheaper on the mass budget to use a solid rocket motor.
If guidance on a dead vehicle is an issue you could build a simple drag brake using a big Mylar balloon. Something like the echo satellites. You need just enough gas inside to inflate an envelope. And when the gas escapes the envelope will make a pretty good drag brake anyway.
It seems the UB post has been slashdotted.
The squashed thing hasn't disturbed the ground at all. I wouldn't expect a crater but a few displaced rocks would be expected. Thats what happened on Mars when the rover backshells impacted anyway. So maybe somebody dragged it to the site where the pictures were taken. It certainly looks like it came down with a hell of a thump.
Also the sphere beside the squashed thing looks like it would have either been previously inside or attached to the larger object, or it would have rolled and bounced away. The picture looks somewhat staged for that reason.
Definitely orbital or launcher debris though.
But it depends on how much you take. Many people consume a bit of alcohol here and there without being really dependent on it. I have always avoided the stuff but now I have to take a prescribed selective depressant to keep seizures under control. Maybe the millions of voluntary consumers of alcohol and other drugs are self medicating. Maybe this is a requirement of our big brains which we evolved to need.
I always avoided alcohol. Maybe I was wrong.
I think the tsunami was 20cm in New Zealand, 10cm on an island east of Tasmania and maybe a few cm on the east coast of the Australian mainland. So over here its not bad at all.
I wondered if the comparatively big wave on the coast of Chile was caused by a landslip under water.
Because of the distances involved there seems to have been plenty of time to send the word around to get people clear of the water. Beaches were closed in suburban Sydney because its the kind of place where people would sit in the water to feel the tsunami for themselves.
Thats good to hear. Thanks.