So we have a few photographs and the conclusion that the ice loss is devastating--despite no investigation as to whether the photographs were taken during the same day of the year nor as to what the internal variability is. But still, the editors immediately jump to the ice loss is devastating....
Glaciers do not change much with the seasons. Ever heard of things moving "at glacier pace"? Normal movements are in inches. What we see on the photos are differences in miles. No way you can explain that by spring versus fall! This glacier did melt.
If you read the fine article, you will see that they acknowledge wake on lan and other similar work. They are addressing a practical problem in large networks. Classic implementations of Wake-on-Lan wake the computer when another computer sends it a packet. This looks fine in theory, "my computer wakes up when it has something to do," but it does not work well in practice, in a large network.
In any network of a certain size, there is a lot of noise, scans, keep alive traffic. That traffic causes packets to be received frequently, maybe a couple times per minutes. When a computer awakes, it takes some time to put it back to sleep, maybe a minute. Given enough background traffic, the computer never goes to sleep.
The solution is some form of filter, to only wake up the computer if the incoming data packet is "important." For that, you need a proxy. And the proxy needs a lot of tuning. If it does not wake up on "important" traffic, the users are pissed. If it wakes up too often for trivial pings, the energy bill increases. What they claim here is that after a year of trial, they have validated a particular tuning that works well. Seems interesting indeed.
The disorders that make people disfunctional clearly don't provide benefits. But then, why do the gene persist in the genome? Probably because some combinations of the genes, maybe a milder cause of the disorder, do provide benefits.
There is strong documentation that personalities with mild form of autism can be not only functional, but brilliant. In fact, that may be the very reason why autism is still so frequent in the population. If the genes of autisms had no benefit whatsoever, natural selection would drive the condition out of the gene pool.
If the condition does have benefits, then is treatment the right approach? The typical goal of treatment is to "reduce you to normal," presumably so you don't bother other people. But from the society point of view, that's very counterproductive. Society at large will benefit from more geniuses.It would probably benefit even more if we learned to accomodate them!
It's not just Flash. You will not find Microsoft's Silverlight support in Safari either -- and Silverlight does support touch on Windows Mobile. And you will not see Apple putting Google's Chrome on the IPhone. That's because Silverlight supports C#, and Chrome supports very efficient scripting, and either would allow web sites to deliver apps without paying due taxes to Apple.
Ah, multi-homing. There is an IETF working group busily trying to address that. They have been at work for some time, so I don't hold my breadth.
The least bad solution with the current standards is to give to each IPv6 multiple addresses, e.g. one with the Verizon prefix, one with the Sprint prefix, one with SAVVIS. Of course, that solution assumes that the exit routers are capable of choosing the exit route based on the source address picked by the host, which is a *big* assumption. I suppose that if there is enough demand, Cisco, Juniper et al will come up with such routers.
If that works, you get the equivalent of each host having multiple "virtual network cards", one for each provider. Of course, they do not in fact have multiple cards, just multiple addresses.
Failing that, the big organizations will pay their providers large sums and get a short prefix (/32, probably) that will be routed. The small folks will be left hanging.
IPv6 was designed to solve not just one problem, but two. Not just address exhaustion, but also routing table explosion.
Thought experiment: assume we start to carry all possible/48 prefixes in the BGP routing table. You end up with 2^48 entries in the tables. Guess what: if we tried that, even if routers did somehow manage to get enough memory, they would just choke under the weight of routing updates. So there is a limit to what can be absorbed.
The solution is aggregation. With proper aggregation, all Verizon customers appear in BGP under a small set of short prefixes, instead of millions of/48 prefixes. With fewer routing entries, BGP tables are smaller, routing more efficient, and the whole Internet more stable. This is exactly what IPv6 address allocations were designed to accumplish.
You got a unique/48 number from ARIN. That's fine, but that is just that, a number. It does not provide you with any particular right to spam the BGP routers with your entries.
Alain Williams wrote "It is quite simple: Microsoft said that it was unhackable, so as far as the idiot politicians were concerned it must be true." Well, I doubt that very much. Microsoft will say things like "more secure", but certainly not "unhackable". The source is much more likely the "idot politician".
Host names leak. Even for stations behind a firewall, they can be found in email headers, not to mention various unique ids, etc. For laptops that move around, that's even worse. They get copied in DHCP messages, etc.
How comfortable are you, if strangers can reverse engineer the structure of your network? What if they can identify the laptop by listening to broadcast queries at a public Wi-Fi point? The more information you place in a name, the more you expose.
The higher your paranoia level, the more you want to stick to random names.
The flesh of the wireless user, that is. Or their brains.
With the "personal" version of WPA or WPA2, the user enters a password or a passphrase, and the key is essentially a sophisticated hash of the password. As many have already pointed out, the article basically describes "automated password guessing". This is basically the same tool that we used in the old days to "recover" passwords from the hashes in the password file. Try a password, check if the hash match. Repeat with many plausible passwords. With more CPU, or with parallel processing in the GPU, they can make much more elaborate guesses than simply trying all the words in the dictionary, or adding numbers, or changing cases.
In these days and age, anything that relies on a password or a passphrase and exposes a hash should be viewed with suspicion. If the key was generated by a meat-based processor like your brain, then it can certainly be discovered in a "small" number of guesses, where small is millions or billions, i.e. small for the computer. In fact, if your brain can remember the key, it can probably be discovered.
This does not just apply to wireless. Pretty much anything based on passwords or passphrases should be considered insecure.
-- Louarnkoz
Actually, the progress from B to G and then N correspond to specific improvements in the radio. B uses "direct sequence" modulation; G (and A) use OFDM, which is more efficient and allows for greater throughput; N uses MIMO, which roughly multiplies the bandwidth of the channel by adding antennas and radios, in the same band.
Actually, all versions of Windows since XP/SP2 (August 2004) come with the built-in firewall turned on by default. To get the "owned in 4 minutes" statistic, you need to either install an old unpatched version of XP or XP/SP1, or deliberately turn off the firewall. Which explain maybe why TFA is so light on details...
Price does not just reflect the cost of the components. It also includes the expected cost of supporting the users and teh channel, e.g. answering support calls, writing manuals, or putting up better versions of various drivers. Linux may be free, but XP is not very expensive when companies like ASUS buy it in large volumes. If it cost ASUS less to support XP than to support Linux, then the XP laptop could end up retailing for less than te Linux version.
Yes, it is a company fishing for work. They are trying to sell "protocol fuzzers" for wireless devices. They demonstrate that you can send "artistically malformed" packets to Bluetooth or Wi-Fi devices, trigger a fault in the protocol implementation, and cause the device to crash. Possibly, you can get code to run on the device.
This has nothing to do with the classic issue of "wireless security", such as the relative strength of WEP versus WPA or WPA2. Some attack works by sending control frames, i.e. the cleartext packets that are used to establish the wireless connection in the first place, without any security being applied. Other attacks allow a station to abuse its connection privileges -- instead of merely consuming a wireless service, it can take over the whole device.
The same technique was demonstrated by Cache & Maynor with Wi-Fi in the summer of 2006. The lessons were quickly learned on the "client" side of the Wi-Fi networks. For example, the validation tools for Windows wireless drivers now include tests against fuzzing attacks. The technique is well known, and the tool advertsied in the article is just one of many available solutions.
However, the article points to an interesting area, the quality of implementation in "appliances" such as Wi-Fi access points. PC and Mac drivers may be well tested now, but who knows what software is run in the average access point? Also, it is much easier to download a new driver for a PC or a Mac than to update the firmware in an access point. So, we may expect to see some interesting exploits against various appliances...
Actually, that would not be a record, and yes, other standards beat that. For example, the draft 802.11n standard received over 5,000 comments during the ratification process by the IEEE 802.11 working group. Yet there was basic consensus on the specification in the industry, and there are already interoperable implementations certified by the WI-Fi alliance. (I am in fact using 802.11n right now, with a D-Link router and an HP/Centrino laptop...)
-- Louarnkoz
Vista does not activate file sharing and discovery unless you say so.
You are supposed to declare the network as a "home" network, where these things are permitted, by opposition to a public network like a Starbucks coffee shop, where you probably don't want file sharing turned on. Then, you are supposed to actually enable file sharing, etc. All that is done from the "network and sharing center", available by clicking on the "network" icon in the tray panel.
Actually, Teredo was specifically designed so that the Microsoft servers DO NOT SEE any of the data exchanged by the hosts. They only see the initial exchange of packets requested to set-up a tunnel through the NAT.
I took a quick look at the list of drivers on the site, and it looks like a collection of x86 drivers designed for XP. What about 64 bit drivers?
-- Louarnkoz
This looks very much like a publicity stunt, not "sane malware economics". Suppose that you actually know of a bug in Vista and of the corresponding exploit. Do you think that "just now" is the right time to go to market?
Think again. Vista has not yet been put on the market. Right now, it is available to bulk purchases by enterprises, but there is no indication that these enterprises are engaging in massive upgrades. It is also available for download by MSDN subscribers. All in all, there are probably a million or 2 copies out there, most of which are used in secure settings.
PC will start shipping with Vista January 30, 2007. The industry ships maybe 200 millions PC per year. Assume 50% of them will shipwith Vista, that's 8 millions Vista shipment per month. These will be your classic "malware target" PC, complete with clueless users and broadband connections. So, by the end of February, the target market for the supposed "0-day exploit" will be at least 4 times larger than it is now.
So, why sell a Vista exploit now? The probable result will be to tip Microsoft, and get them to release some patch before January 30. The net result in term of infected PC would be near zero. If you are a malware peddler, why would you form $50,000 for a dud?
I think this 'exploit" smells very much of a publicity stunt.
The two hackers laughed off the comment. "It is a double-edged sword, but what we're doing is really for the greater good of the Internet, we're setting up communication networks for black hats," Wbeelsoi said.
Yeah, right. What they are really saying is, why give away a bug for $500 when we can sell it for much more on the black market?
In fact, the public advertisement of a "zero day exploit" makes a lot of sense if you want to establish yourself as a seller of other undisclosed exploits. Publishing the exploit is a gambit. You will loose the exploit as soon as it gets fixed, but you get your name in the trade press, on Slashdot, etc. Doing so, you establish credibility as a merchant of malware. You can set up shop, and advertise 30 other previously undisclosed bugs. Now, the botnet herders, spammers and other DDOS extortionists know were to buy a new exploit if they need one.
OK, we know about free speech vs. free as beer. But there is another model,"free as peanuts in a bar". You enter a bar, order a beer, and are served free peanuts with it. You enjoy the peanuts, but they are very salty, so pretty soon you feel compelled to buy more beer.
One can argue that IBM consulting busines is much like that. They will provide free software, support Linux, etc, in much the same way the bar tender provides free peanuts. But you end up paying for a lot of expensive beer, in that case consulting services.
Actually, there is a lot of code in a Wi-Fi driver. I just verified that the driver for my Centrino card (NETw2v32.sys) weights at 3,704,320 bytes. (That's on Vista RC1, but I suspect Intel will use similar code on many platforms.) Maybe Intel is on the high side. It is certainly possible to write a Wi-Fi driver in less code than that, maybe 300K. But did you read Johny's black hat paper? He points out that the 802.11 family of standard is very complex. The parsing of 802.11 frames is tricky. Given the history of other parsers, from SNMP to JPEG, it is not hard to imagine that a slip here or there could result in a failure.
Recognize that? That was the proper way to stop a classic Unix system. Synch first, to make sure the write cache is flushed and the file system is clean. Then reboot. But repeat the synch command twice, because you never know, just one might be bad luck. Old style voodoo...
The parent wrote: "For your interest, I have included a graph of the approximate number of pirates versus the average global temperature over the last 200 years. As you can see, there is a statistically significant inverse relationship between pirates and global temperature."
The parent is not really well informed.
The worldwide number of pirates is not decreasing. In fact, if anything, it seems to be raising. And I mean real pirates, the boarding-ships-with-guns kind, not the music-from-napster variety. Pirates seem to abound in the Sea of China, in the straight of Molucca, or in the East coast of Africa, where they attack cargo ships. There also are numerous acts of piracy reported in the Caribbeans, where pirates try to commandeer yachts and use them for trafficking drugs.
The "monoculture" argument draws upon the analogy between epidemics among living things and computer epidemics. But it is a false analogy.
An epidemic keeps propagating if, on average, an infected subject infects more than one target. If it infects less than one, the next "generation" will be smaller than the previous one, etc. The number of infected targets depends on how many contacts the subject has, and how many of these get infected.
For human infections, an infected subject contacts family members, maybe schoolmates and coworkers. On average, it takes more than a simple casual contact to get infected. So, the number of contacted targets is small. If enough are vaccinated, or otherwise invalid, the average number of infected targets drops below 1, and the epidemic stops. The interesting result is that the infection stops before every potential target is infected. A typical infection affect a city or a province, and then stops.
Computer infections are very different. A virus infected computer can contact thousands of other computers. Even if many are protected, chances are than many more than 1 in a thousand will be infected. Computer viruses can spread very fast!
Diversifying with two or three brands of software will maybe minimize the results, but cannot stop such infections before all vulnerable machines are infected. To limit the infection to "a city or a state" when a sick machine contacts thousands of otehrs, something like 99.9% of the machines must be either "different" (diversity) or "vaccinated" (anti-virus,etc). Unless you are ready to manage diversity by running a thousand different brand of software, the anti-virus route looks much more realistic.
Slashdot Mirror
So we have a few photographs and the conclusion that the ice loss is devastating--despite no investigation as to whether the photographs were taken during the same day of the year nor as to what the internal variability is. But still, the editors immediately jump to the ice loss is devastating....
Glaciers do not change much with the seasons. Ever heard of things moving "at glacier pace"? Normal movements are in inches. What we see on the photos are differences in miles. No way you can explain that by spring versus fall! This glacier did melt.
If you read the fine article, you will see that they acknowledge wake on lan and other similar work. They are addressing a practical problem in large networks. Classic implementations of Wake-on-Lan wake the computer when another computer sends it a packet. This looks fine in theory, "my computer wakes up when it has something to do," but it does not work well in practice, in a large network.
In any network of a certain size, there is a lot of noise, scans, keep alive traffic. That traffic causes packets to be received frequently, maybe a couple times per minutes. When a computer awakes, it takes some time to put it back to sleep, maybe a minute. Given enough background traffic, the computer never goes to sleep.
The solution is some form of filter, to only wake up the computer if the incoming data packet is "important." For that, you need a proxy. And the proxy needs a lot of tuning. If it does not wake up on "important" traffic, the users are pissed. If it wakes up too often for trivial pings, the energy bill increases. What they claim here is that after a year of trial, they have validated a particular tuning that works well. Seems interesting indeed.
The disorders that make people disfunctional clearly don't provide benefits. But then, why do the gene persist in the genome? Probably because some combinations of the genes, maybe a milder cause of the disorder, do provide benefits.
If the condition does have benefits, then is treatment the right approach? The typical goal of treatment is to "reduce you to normal," presumably so you don't bother other people. But from the society point of view, that's very counterproductive. Society at large will benefit from more geniuses.It would probably benefit even more if we learned to accomodate them!
It's not just Flash. You will not find Microsoft's Silverlight support in Safari either -- and Silverlight does support touch on Windows Mobile. And you will not see Apple putting Google's Chrome on the IPhone. That's because Silverlight supports C#, and Chrome supports very efficient scripting, and either would allow web sites to deliver apps without paying due taxes to Apple.
The least bad solution with the current standards is to give to each IPv6 multiple addresses, e.g. one with the Verizon prefix, one with the Sprint prefix, one with SAVVIS. Of course, that solution assumes that the exit routers are capable of choosing the exit route based on the source address picked by the host, which is a *big* assumption. I suppose that if there is enough demand, Cisco, Juniper et al will come up with such routers.
If that works, you get the equivalent of each host having multiple "virtual network cards", one for each provider. Of course, they do not in fact have multiple cards, just multiple addresses.
Failing that, the big organizations will pay their providers large sums and get a short prefix (/32, probably) that will be routed. The small folks will be left hanging.
Thought experiment: assume we start to carry all possible /48 prefixes in the BGP routing table. You end up with 2^48 entries in the tables. Guess what: if we tried that, even if routers did somehow manage to get enough memory, they would just choke under the weight of routing updates. So there is a limit to what can be absorbed.
The solution is aggregation. With proper aggregation, all Verizon customers appear in BGP under a small set of short prefixes, instead of millions of /48 prefixes. With fewer routing entries, BGP tables are smaller, routing more efficient, and the whole Internet more stable. This is exactly what IPv6 address allocations were designed to accumplish.
You got a unique /48 number from ARIN. That's fine, but that is just that, a number. It does not provide you with any particular right to spam the BGP routers with your entries.
-- Louarnkoz.
Alain Williams wrote "It is quite simple: Microsoft said that it was unhackable, so as far as the idiot politicians were concerned it must be true." Well, I doubt that very much. Microsoft will say things like "more secure", but certainly not "unhackable". The source is much more likely the "idot politician".
How comfortable are you, if strangers can reverse engineer the structure of your network? What if they can identify the laptop by listening to broadcast queries at a public Wi-Fi point? The more information you place in a name, the more you expose.
The higher your paranoia level, the more you want to stick to random names.
The flesh of the wireless user, that is. Or their brains. With the "personal" version of WPA or WPA2, the user enters a password or a passphrase, and the key is essentially a sophisticated hash of the password. As many have already pointed out, the article basically describes "automated password guessing". This is basically the same tool that we used in the old days to "recover" passwords from the hashes in the password file. Try a password, check if the hash match. Repeat with many plausible passwords. With more CPU, or with parallel processing in the GPU, they can make much more elaborate guesses than simply trying all the words in the dictionary, or adding numbers, or changing cases. In these days and age, anything that relies on a password or a passphrase and exposes a hash should be viewed with suspicion. If the key was generated by a meat-based processor like your brain, then it can certainly be discovered in a "small" number of guesses, where small is millions or billions, i.e. small for the computer. In fact, if your brain can remember the key, it can probably be discovered. This does not just apply to wireless. Pretty much anything based on passwords or passphrases should be considered insecure. -- Louarnkoz
Actually, the progress from B to G and then N correspond to specific improvements in the radio. B uses "direct sequence" modulation; G (and A) use OFDM, which is more efficient and allows for greater throughput; N uses MIMO, which roughly multiplies the bandwidth of the channel by adding antennas and radios, in the same band.
Actually, all versions of Windows since XP/SP2 (August 2004) come with the built-in firewall turned on by default. To get the "owned in 4 minutes" statistic, you need to either install an old unpatched version of XP or XP/SP1, or deliberately turn off the firewall. Which explain maybe why TFA is so light on details...
-- Louarnkoz
This has nothing to do with the classic issue of "wireless security", such as the relative strength of WEP versus WPA or WPA2. Some attack works by sending control frames, i.e. the cleartext packets that are used to establish the wireless connection in the first place, without any security being applied. Other attacks allow a station to abuse its connection privileges -- instead of merely consuming a wireless service, it can take over the whole device.
The same technique was demonstrated by Cache & Maynor with Wi-Fi in the summer of 2006. The lessons were quickly learned on the "client" side of the Wi-Fi networks. For example, the validation tools for Windows wireless drivers now include tests against fuzzing attacks. The technique is well known, and the tool advertsied in the article is just one of many available solutions.
However, the article points to an interesting area, the quality of implementation in "appliances" such as Wi-Fi access points. PC and Mac drivers may be well tested now, but who knows what software is run in the average access point? Also, it is much easier to download a new driver for a PC or a Mac than to update the firmware in an access point. So, we may expect to see some interesting exploits against various appliances...
-- Louarnkoz
Actually, that would not be a record, and yes, other standards beat that. For example, the draft 802.11n standard received over 5,000 comments during the ratification process by the IEEE 802.11 working group. Yet there was basic consensus on the specification in the industry, and there are already interoperable implementations certified by the WI-Fi alliance. (I am in fact using 802.11n right now, with a D-Link router and an HP/Centrino laptop...)
-- Louarnkoz
Vista does not activate file sharing and discovery unless you say so. You are supposed to declare the network as a "home" network, where these things are permitted, by opposition to a public network like a Starbucks coffee shop, where you probably don't want file sharing turned on. Then, you are supposed to actually enable file sharing, etc. All that is done from the "network and sharing center", available by clicking on the "network" icon in the tray panel.
Actually, Teredo was specifically designed so that the Microsoft servers DO NOT SEE any of the data exchanged by the hosts. They only see the initial exchange of packets requested to set-up a tunnel through the NAT.
-- Louarnkoz
I took a quick look at the list of drivers on the site, and it looks like a collection of x86 drivers designed for XP. What about 64 bit drivers? -- Louarnkoz
Think again. Vista has not yet been put on the market. Right now, it is available to bulk purchases by enterprises, but there is no indication that these enterprises are engaging in massive upgrades. It is also available for download by MSDN subscribers. All in all, there are probably a million or 2 copies out there, most of which are used in secure settings.
PC will start shipping with Vista January 30, 2007. The industry ships maybe 200 millions PC per year. Assume 50% of them will shipwith Vista, that's 8 millions Vista shipment per month. These will be your classic "malware target" PC, complete with clueless users and broadband connections. So, by the end of February, the target market for the supposed "0-day exploit" will be at least 4 times larger than it is now.
So, why sell a Vista exploit now? The probable result will be to tip Microsoft, and get them to release some patch before January 30. The net result in term of infected PC would be near zero. If you are a malware peddler, why would you form $50,000 for a dud?
I think this 'exploit" smells very much of a publicity stunt.
-- Louarnkoz
Yeah, right. What they are really saying is, why give away a bug for $500 when we can sell it for much more on the black market?
In fact, the public advertisement of a "zero day exploit" makes a lot of sense if you want to establish yourself as a seller of other undisclosed exploits. Publishing the exploit is a gambit. You will loose the exploit as soon as it gets fixed, but you get your name in the trade press, on Slashdot, etc. Doing so, you establish credibility as a merchant of malware. You can set up shop, and advertise 30 other previously undisclosed bugs. Now, the botnet herders, spammers and other DDOS extortionists know were to buy a new exploit if they need one.
OK, we know about free speech vs. free as beer. But there is another model,"free as peanuts in a bar". You enter a bar, order a beer, and are served free peanuts with it. You enjoy the peanuts, but they are very salty, so pretty soon you feel compelled to buy more beer. One can argue that IBM consulting busines is much like that. They will provide free software, support Linux, etc, in much the same way the bar tender provides free peanuts. But you end up paying for a lot of expensive beer, in that case consulting services.
Actually, there is a lot of code in a Wi-Fi driver. I just verified that the driver for my Centrino card (NETw2v32.sys) weights at 3,704,320 bytes. (That's on Vista RC1, but I suspect Intel will use similar code on many platforms.) Maybe Intel is on the high side. It is certainly possible to write a Wi-Fi driver in less code than that, maybe 300K. But did you read Johny's black hat paper? He points out that the 802.11 family of standard is very complex. The parsing of 802.11 frames is tricky. Given the history of other parsers, from SNMP to JPEG, it is not hard to imagine that a slip here or there could result in a failure.
Recognize that? That was the proper way to stop a classic Unix system. Synch first, to make sure the write cache is flushed and the file system is clean. Then reboot. But repeat the synch command twice, because you never know, just one might be bad luck. Old style voodoo...
The parent is not really well informed.
The worldwide number of pirates is not decreasing. In fact, if anything, it seems to be raising. And I mean real pirates, the boarding-ships-with-guns kind, not the music-from-napster variety. Pirates seem to abound in the Sea of China, in the straight of Molucca, or in the East coast of Africa, where they attack cargo ships. There also are numerous acts of piracy reported in the Caribbeans, where pirates try to commandeer yachts and use them for trafficking drugs.
An epidemic keeps propagating if, on average, an infected subject infects more than one target. If it infects less than one, the next "generation" will be smaller than the previous one, etc. The number of infected targets depends on how many contacts the subject has, and how many of these get infected.
For human infections, an infected subject contacts family members, maybe schoolmates and coworkers. On average, it takes more than a simple casual contact to get infected. So, the number of contacted targets is small. If enough are vaccinated, or otherwise invalid, the average number of infected targets drops below 1, and the epidemic stops. The interesting result is that the infection stops before every potential target is infected. A typical infection affect a city or a province, and then stops.
Computer infections are very different. A virus infected computer can contact thousands of other computers. Even if many are protected, chances are than many more than 1 in a thousand will be infected. Computer viruses can spread very fast!
Diversifying with two or three brands of software will maybe minimize the results, but cannot stop such infections before all vulnerable machines are infected. To limit the infection to "a city or a state" when a sick machine contacts thousands of otehrs, something like 99.9% of the machines must be either "different" (diversity) or "vaccinated" (anti-virus,etc). Unless you are ready to manage diversity by running a thousand different brand of software, the anti-virus route looks much more realistic.
-- Louarnkoz