Let's say you tell the automotive manufacturer about it, and he claims that your research was flawed and there was no problem,
You take the population of vehicles in the field (A) and multiply it by the probable rate of failure (B), then multiply the result by the average cost of an out-of-court settlement (C).
A times B times C equals X. This is what it will cost if we don't initiate a recall.
If X is greater than the cost of a recall, we recall the cars and no one gets hurt.
If X is less than the cost of a recall, then we don't recall.
If you discovered this exploit then so can someone else.
why do you think ~el8, PHC, AcidBitches, and other anti-sec groups want to outlaw exploit code? once we go to a vendor-only or non-disclosure system, blackhats will rule the roost. if exploits are outlawed...
i recall that at least 4 types of radio transmissions are illegal to intercept: cell phone calls, point-to-point microwave links... and i forget the other two.
Maybe I'm missing something, but this doesn't seem like anything new. Google for HackerDefender, I'm sure you'll find some relevant links.
Hoglund's kit from '99, Slanret from 2000, etc. kernel-mode kits are quite old. and there are several tools to aid in detection: PatchFinder, VICE, Klister, Rootkit Detector (3w design), and so on. http://home.arcor.de/scheinsicherheit/rootkits.htm
The last time I connected a fresh Windows XP RTM box to the internet, it was infected with MS Blaster in 6 minutes.
just activate ICF, personal firewall, or hardware firewall. alternatively disable the suspect services e.g. DCOM, LSASS, etc.
Blaster and Sasser both used buffer overflows and required no user intervention (other than negligence) to spread. how can MS prevent future worm outbreaks?
If it's Linare and Wal*Mart then what's this about??
i've seen XP, Mandrake, SuSE, Linare, and Linspire available on Northgate, Balance, and Microtel hardware. Walmart being the biggest retailer doesn't have to be loyal to one vendor. (Rubbermaid being a good example of how they can make or break a company.)
Well, if an unmade bed and a pile of oranges... are art
Heilman C's sex exhibition, Piss Christ, urinal, nude models in Guggenheim... list goes on and on. Tom Wolfe and others maintain that some comtemporary (esp postmodern) art is directed towards the art clique. it's art in that it communicates with the viewer, but it may not be intended for the masses. frankly, i get more out of computer art than much older stuff like Kandinsky and Mondriaan.
some would say a work is art if it communicates with just one viewer. in that vein, Computer Generated Art is no less of an art form than neoplasticism (Mondriaan), contemporary art, postmodern art, minimalism, abstract expressionism, etc. this is why you'll find Computer Generated stuff alongside the other schools in several galleries.
Slashdot Mirror
and Joshu said MU!
With SuSE 10.0, you get your choice of 5 different rootkits.
Posted by timothy
on Wednesday August 10, @12:51AM
from the dept. of redundancy dept.
for a while, i used the Ion3 window manager and GNU screen. having a set of full screen windows aided concentration.
http://www.ntcompatible.com/Win2k_command_line_opt ions_to_disable_memory_check_t23403.html
windows XP on a 20 megahertz Pentium with 32 megabytes of RAM. http://www.winhistory.de/more/386/xpmini_eng.htm
look over SE linux code.
what about a Beowulf cluster of these?
Let's say you tell the automotive manufacturer about it, and he claims that your research was flawed and there was no problem,
You take the population of vehicles in the field (A) and multiply it by the probable rate of failure (B), then multiply the result by the average cost of an out-of-court settlement (C).
A times B times C equals X. This is what it will cost if we don't initiate a recall.
If X is greater than the cost of a recall, we recall the cars and no one gets hurt.
If X is less than the cost of a recall, then we don't recall.
If you discovered this exploit then so can someone else.
...
why do you think ~el8, PHC, AcidBitches, and other anti-sec groups want to outlaw exploit code? once we go to a vendor-only or non-disclosure system, blackhats will rule the roost. if exploits are outlawed
I note this because running and distro straight off the liveCD is very very slow.
Damn Small has a "to ram" option which speeds things up considerably. but DSL is very small ISO.
the only thing worse than being talked about is not being talked about.
i'm going to release an OpenBSD remote root
most primality tests are probabilistic in nature. will the final test determine for a fact that it is a prime?
i recall that at least 4 types of radio transmissions are illegal to intercept: cell phone calls, point-to-point microwave links ... and i forget the other two.
Maybe I'm missing something, but this doesn't seem like anything new. Google for HackerDefender, I'm sure you'll find some relevant links.
m
Hoglund's kit from '99, Slanret from 2000, etc. kernel-mode kits are quite old. and there are several tools to aid in detection: PatchFinder, VICE, Klister, Rootkit Detector (3w design), and so on. http://home.arcor.de/scheinsicherheit/rootkits.ht
The last time I connected a fresh Windows XP RTM box to the internet, it was infected with MS Blaster in 6 minutes. just activate ICF, personal firewall, or hardware firewall. alternatively disable the suspect services e.g. DCOM, LSASS, etc.
i for one welcome our new kernel-mode overlords!
Blaster and Sasser both used buffer overflows and required no user intervention (other than negligence) to spread. how can MS prevent future worm outbreaks?
what can be done to give power to user-level accounts and services, while keeping potentially malicious code out of ring zero?
This is hardly the first electronic music. That honour goes to some American chaps in the late 1890's
the triode wasn't invented until 1906. the Teleharmonium was electroacoustic, not electronic.
If it's Linare and Wal*Mart then what's this about??
i've seen XP, Mandrake, SuSE, Linare, and Linspire available on Northgate, Balance, and Microtel hardware. Walmart being the biggest retailer doesn't have to be loyal to one vendor. (Rubbermaid being a good example of how they can make or break a company.)
so easy to abuse, no wonder it's number one!
Well, if an unmade bed and a pile of oranges ... are art
... list goes on and on. Tom Wolfe and others maintain that some comtemporary (esp postmodern) art is directed towards the art clique. it's art in that it communicates with the viewer, but it may not be intended for the masses. frankly, i get more out of computer art than much older stuff like Kandinsky and Mondriaan.
Heilman C's sex exhibition, Piss Christ, urinal, nude models in Guggenheim
some would say a work is art if it communicates with just one viewer. in that vein, Computer Generated Art is no less of an art form than neoplasticism (Mondriaan), contemporary art, postmodern art, minimalism, abstract expressionism, etc. this is why you'll find Computer Generated stuff alongside the other schools in several galleries.