I had the same issue last fall. Solved it 90% by talking with the neighbors. We all stuck our access points in the middles of our basements (keeping the signals mostly going upstairs instead of sideways), we set up channels 1, 6, 11, 1, 6, 11 from door to door. We also set up WEP keys the same way, 0101010101, 0606060606, 1111111111, 0101010101 (and so on). We weren't all that worried about security, we just wanted to keep our damned connections straight.
The biggest change came from putting the AP's downstairs.
it seemed like the point was that there is something great about the wiretapping technology that made it OK and not a dictatorial abomination Yes, that was my exact point. Twenty years or so from now, it'll be obvious.
Why? Because this new "straw dog" issue will better provide them what they need: A newer, better "Presidential abuse of power" to beat their drums about. (Old, stale issues get... well... old and stale!)
I won't go into detail about the top secret monitoring stuff, but I can tell you that the vast majority of even very technically astute civilians are utterly clueless about how it operates. Members of congress are even more clueless about it, except for cleared members of the Intelligence Committee.
The main point is that the monitoring is; 1) essential for catching terrorist plots in the making, and; 2) its technology is fundamentally incompatible with current search warrant law.
1) About two minutes ago congress resumed with a democratic majority.
2) The democrats have vigorously opposed warrantless "wire-tapping" of telephone calls and emails seeking to intercept terrorist communications.
3) The "wire-tapping" technologies are top secret.
4) Today, democrats gain control of the Senate Select Committee on Intelligence. Several new democrats will learn about the top secret technologies.
5) Once so educated, the democrats will privately, quietly drop their opposition to the warrantless "wire-tapping".
6) To save face, the democrats will publicly raise a furor over this specious, totally unimplementable idea of tearing open mail without warrants. They will eventually win the argument, and be able to claim that they "put the President in his place on an important issue of privacy invasion."
7) The monitoring programs will continue uninterrupted, unhindered, and finally, unthreatened by the democrats. George Bush will take a highly-public political loss and a highly-private factual win.
So that's my opinion, FWIW. Anyone who takes a dopey-looking Presidential action like this at face value is a fool. (I'll save all trolls the trouble and suggest the first reply: "Either that or I'm the fool.")
"It will have the ability to restrict your network access if you have a down-level machine..."
Translation: "You WILL upgrade all of your machines to Vista, or Microsoft will artificially degrade their performance." It's called "market development."
Those M$ asshats are actually going to try to sell this as a NAC feature, when it's nothing but another license fee grab. Piss on them: I'm still running several totally stable, bullet-proof web servers on NT4 with 128Mb (albeit behind a good firewall), and I have neither the need nor the intention to "upgrade" them anytime soon (or ever, for that matter).
Thanks for that! I could say it was a slip of the keyboard, but it wasn't: It was a slip of my non-CS, non-CIS, mathematician-turned-programmer brain. Thanks for educating me.
Seriously, what useful work ever gets done without mathematics? Maybe pushing bulk data around into and out of databases, but who other than a C-grade CS student in a third world outsource farm is interested in doing that?
Dead on. In the face of malware and rootkits, the only secure passwords are those which can never be re-used. My personal favorite is having the secure site SMS a one-time password to my cell phone. Sure, it's a little inconvenient, but not as inconvenient as having a hacker root me with a keylogger/mouselogger/screengrabber/whatever and drain my brokerage account into his bank in Nigeria.
Cripes... what happened to the days when something worth patenting actually represented a break-through that improved the quality of our lives, rather than a chicken-shit "GOTCHA" whose only purpose is to extract royalty checks from people doing the actual work of making and delivering something of value.
This "let's tax XML" claim is just reprehensible horse shit, IMHO.
That's it... I'm going to patent an "agency enabling litigous under-achievers
to assert ownership rights for ideas completely obvious to the most casual
observer, and exacting confiscatory license fees therefrom".
Yep, I'm going to patent the U.S. Patent Office, then chage dickheads like
these "patent license" fees for using _my_ patented invention: The patent office.
OK, you're right about the lower PH (acidity) favoring the survival of spem carrying the female gene, but you've completely overlooked why. For any species which can propagate in the one-to-many male-to-female mode, there's an obvious naturally-selected gender control factor: Females impregnated later in their cycles are more likely to conceive males than they would be earlier in their cycles. Why? Duh! It's because if they're getting impregnated late in their cycles, it's likely because there's a shortage of males in the population! Therefore there's a survival-driven selection factor for late-impregnated females to conceive males.
As for the career/gender thing, gee... do you suppose that the nurses and teachers (usually civil servants) have regular work schedules which allow them to have regular private lives, while engineers, IT people and the like (usually in the commercial sector) work longer, more erratic hours, therefore often having less predictable, stable home lives? Seems to me that could explain that the teachers and nurses simply get more regular nookie than us poor/. nerds!
Well, I just read
the paper, and I applaud Colin on several levels. First off, the theory of the attack is rock-solid and well-written. Secondly, he describes very implementable OS work-arounds, crypto library fixes, and finally chip design corrections which will totally eliminate the security hole.
This is one of the best thought out, best written papers of its kind that I have read in my over thirty years of work in the engineering field.
By saying "keyboards harbor bacteria and super-germs" in the present tense, "harbor" means that keyboards right now contain super-germs. That is a crock, and a gross mis-characterization of what the study found. In the study, they _innoculated_ keyboards with "super germs", then found how long the germs could live. So the headline ought to read more like "bacteria and super-germs can survive on keyboards for 24 hours or more".
Rob---
...before some jerkoff exploits this totally avoidable vulnerability inside the payload of a virus or trojan horse? Imagine that: Some dumb corporate cluck innocently clicks on an email attachment, and ten seconds later every other PC on the corporate LAN's subnet suddenly goes apoplectic, and they all stay that way until the infected machine is detected and shut down. We all know something like this will eventually happen, now that the LAND cat is out of the bag (again).
It gets worse: Suppose some nefarious bastard wanted to commit a crime and have plenty of getaway time. All he'd have to do is find a way to get a few key law enforcement machines trojaned, confirm their infections (with outbound pings or something), and then just time the LAND attack to correspond with the timing of the crime.
Gosh, it's so exciting to live in a world with a huge, homogenous population of highly-vulnerable mission-critical platforms!
Well of course you're dead on about slashdot readers. But what about the kid who makes one extra click to surf the new, secure https://disney.com in the morning, whose dad surfs his bank that evening? Hell, with 80% of the wireless routers in residences running default SSID's and no WEP or WAP, one could even launch this attack on a stationary target, where the likelihood of eventual compromise over a period of hours or days would approach certainty. Good luck associating that cause and effect!
...isn't a quick one-time man in the middle attack, where a proxy server issues a one-time bogus certificate that the surfer has to accept in order to become a victim. The real threat is that the one bogus certificate can be built with the rights of a root certificate authority, capable of issuing other certificates.
So the really scary attack goes like this:
1) Set the evil proxy to transparently pass all traffic until an innocuous, non-SSL site (like maybe slashdot.org) is surfed.
2) When such a site (which wouldn't arouse one's security suspicions) is surfed, spoof it with a page announcing a "new, secure version" of the site is available as a feature, explaining that all the surfer has to do to get the "enhanced security" is to accept a one-time special certificate.
3) Send the bogus cert with the CA certification flag as securing, for example, https://slashdot.org.
4) Proxy all of the slashdot traffic using ssl, and wait (perhaps a long time) for the victim to eventually surf an actual SSL-secured site.
5) Generate a bogus cert for the SSL-secured site, proxy it, and record anything of interest. Once the victim has installed your bogus cert with the CA flag, you have the ability to generate certs for any domain, and spoof any secure URL he ever surfs without any certificate acceptance dialogs popping up.
...running nearly twenty times slower sounds a little like hooking a 1,200 horsepower supercharged nitromethane-burning Hemi to a set
of bicycle tires. With either one, if you can't "hook it up", what's the point?
Are you referring to BWJones's post saying I see comments like "PhD's dont know nothin" (sic)?
If so, perhaps someone should point out that (sic) is Latin for "thus." In the context of a quotation, it means "quoted exactly as originally written, even though it has obvious errors."
Most of the anti-intellectual remarks I read here sound more like vain attempts to sound non-conformist. (Maybe that's why so many with an anti-intellectual bent hang out here: To avoid conformity. Now there's irony for you!)
I could not agree more strongly with the article's sentiment about the importance of learning to communicate clearly and correctly in the written language. As a kid, I detested English courses and did poorly. When I got to college, though, I was paying for it myself. I decided to attack English Composition with a vengeance, to get my money's worth. I did. It was the best B+ I ever earned in my life. Years later, I read a statement on education by Dwight Eisenhower, and that made it clear that I'd learned more in that course than just English Composition. Eisenhower said that "no man is truly educated until he has mastered a subject for which he has no appetite."
President Eisenhower was correct: If you never master a subject you couldn't give a damn about, you can't know how to study, learn, and master an unappealing subject. Without knowing that, there's a virtually infinite supply of subjects you wouldn't know how to learn even if you absolutely needed to learn them!
So one of the benefits of earning a "well-rounded" education is simply learning more about how to learn. (I'd love to hear an anti-intellectual, anti-well-rounded-education attempted rebuttal to that!)
How likely is it that Joe Ham in some suburbs is going to be capable of talking to India?
Uh, very likely indeed. I've been a ham since 1969, and with only modest, low-powered equipment and antennas, I've talked with people all over the world. We used to joke that the range of our gear was "exactly halfway around the world in any direction," but one night years ago, a friend and I proved that was wrong: I was chatting from Minnesota to Joe down at Guantanamo Bay, Cuba, when he said it sounded like I had some kind of little echo or something. I turned my antenna around towards the North Pole, we continued chatting, and we realized that the signal path was better that evening going the long way around the Earth!
And forget repeaters... they're neither needed nor legal on the frequencies that propagate that far. We're talking 14 or 21 MHz, not 144MHz and higher.
Because selling that parlor-trick inverted-pendulum conveyance to the general public is certain to hurt people. Standing atop a Segway, entrusting your balance to its gyros and motors, is inherently dangerous. You're standing atop a wheeled axle, with your center of gravity about three feet off of the floor. Cut the power and you'll fall fast and hard, because as your feet shoot out from under you, your body rotates about its center of gravity (your ass, basically), and you plummet to the deck. Oh yeah, that would be the hard, smooth deck you were riding on to give the Segway's Michelins enough traction to balance you in the first place.
Thanks, but no thanks, Mr. Kamen. Maybe you should stick to inventing medical devices.
Slashdot Mirror
I had the same issue last fall. Solved it 90% by talking with the neighbors. We all stuck our access points in the middles of our basements (keeping the signals mostly going upstairs instead of sideways), we set up channels 1, 6, 11, 1, 6, 11 from door to door. We also set up WEP keys the same way, 0101010101, 0606060606, 1111111111, 0101010101 (and so on). We weren't all that worried about security, we just wanted to keep our damned connections straight. The biggest change came from putting the AP's downstairs.
Why? Because this new "straw dog" issue will better provide them what they need: A newer, better "Presidential abuse of power" to beat their drums about. (Old, stale issues get... well... old and stale!)
I won't go into detail about the top secret monitoring stuff, but I can tell you that the vast majority of even very technically astute civilians are utterly clueless about how it operates. Members of congress are even more clueless about it, except for cleared members of the Intelligence Committee.
The main point is that the monitoring is; 1) essential for catching terrorist plots in the making, and; 2) its technology is fundamentally incompatible with current search warrant law.
I bet this is nothing but a political straw dog:
1) About two minutes ago congress resumed with a democratic majority.
2) The democrats have vigorously opposed warrantless "wire-tapping" of telephone calls and emails seeking to intercept terrorist communications.
3) The "wire-tapping" technologies are top secret.
4) Today, democrats gain control of the Senate Select Committee on Intelligence. Several new democrats will learn about the top secret technologies.
5) Once so educated, the democrats will privately, quietly drop their opposition to the warrantless "wire-tapping".
6) To save face, the democrats will publicly raise a furor over this specious, totally unimplementable idea of tearing open mail without warrants. They will eventually win the argument, and be able to claim that they "put the President in his place on an important issue of privacy invasion."
7) The monitoring programs will continue uninterrupted, unhindered, and finally, unthreatened by the democrats. George Bush will take a highly-public political loss and a highly-private factual win.
So that's my opinion, FWIW. Anyone who takes a dopey-looking Presidential action like this at face value is a fool. (I'll save all trolls the trouble and suggest the first reply: "Either that or I'm the fool.")
OK, if that's the case, you got me: I didn't RTFA. My bad.
"It will have the ability to restrict your network access if you have a down-level machine..."
Translation: "You WILL upgrade all of your machines to Vista, or Microsoft will artificially degrade their performance." It's called "market development."
Those M$ asshats are actually going to try to sell this as a NAC feature, when it's nothing but another license fee grab. Piss on them: I'm still running several totally stable, bullet-proof web servers on NT4 with 128Mb (albeit behind a good firewall), and I have neither the need nor the intention to "upgrade" them anytime soon (or ever, for that matter).
Thanks for that! I could say it was a slip of the keyboard, but it wasn't: It was a slip of my non-CS, non-CIS, mathematician-turned-programmer brain. Thanks for educating me.
...fill memory and cause a crash before your next performance review. That would be sufficient for many of the CIS majors I've met.
Seriously, what useful work ever gets done without mathematics? Maybe pushing bulk data around into and out of databases, but who other than a C-grade CS student in a third world outsource farm is interested in doing that?
Dead on. In the face of malware and rootkits, the only secure passwords are those which can never be re-used. My personal favorite is having the secure site SMS a one-time password to my cell phone. Sure, it's a little inconvenient, but not as inconvenient as having a hacker root me with a keylogger/mouselogger/screengrabber/whatever and drain my brokerage account into his bank in Nigeria.
Prior art? More like "TOTALLY ARTLESS".
Cripes... what happened to the days when something worth patenting actually represented a break-through that improved the quality of our lives, rather than a chicken-shit "GOTCHA" whose only purpose is to extract royalty checks from people doing the actual work of making and delivering something of value.
This "let's tax XML" claim is just reprehensible horse shit, IMHO.
That's it... I'm going to patent an "agency enabling litigous under-achievers to assert ownership rights for ideas completely obvious to the most casual observer, and exacting confiscatory license fees therefrom". Yep, I'm going to patent the U.S. Patent Office, then chage dickheads like these "patent license" fees for using _my_ patented invention: The patent office.
...is the one that simply installs, behaves, doesn't need patches, and does its job well for over ten years... like MS-DOS 6.22.
OK, you're right about the lower PH (acidity) favoring the survival of spem carrying the female gene, but you've completely overlooked why. For any species which can propagate in the one-to-many male-to-female mode, there's an obvious naturally-selected gender control factor: Females impregnated later in their cycles are more likely to conceive males than they would be earlier in their cycles. Why? Duh! It's because if they're getting impregnated late in their cycles, it's likely because there's a shortage of males in the population! Therefore there's a survival-driven selection factor for late-impregnated females to conceive males.
/. nerds!
As for the career/gender thing, gee... do you suppose that the nurses and teachers (usually civil servants) have regular work schedules which allow them to have regular private lives, while engineers, IT people and the like (usually in the commercial sector) work longer, more erratic hours, therefore often having less predictable, stable home lives? Seems to me that could explain that the teachers and nurses simply get more regular nookie than us poor
Well, I just read the paper, and I applaud Colin on several levels. First off, the theory of the attack is rock-solid and well-written. Secondly, he describes very implementable OS work-arounds, crypto library fixes, and finally chip design corrections which will totally eliminate the security hole.
This is one of the best thought out, best written papers of its kind that I have read in my over thirty years of work in the engineering field.
By saying "keyboards harbor bacteria and super-germs" in the present tense, "harbor" means that keyboards right now contain super-germs. That is a crock, and a gross mis-characterization of what the study found. In the study, they _innoculated_ keyboards with "super germs", then found how long the germs could live. So the headline ought to read more like "bacteria and super-germs can survive on keyboards for 24 hours or more". Rob---
...before some jerkoff exploits this totally avoidable vulnerability inside the payload of a virus or trojan horse? Imagine that: Some dumb corporate cluck innocently clicks on an email attachment, and ten seconds later every other PC on the corporate LAN's subnet suddenly goes apoplectic, and they all stay that way until the infected machine is detected and shut down. We all know something like this will eventually happen, now that the LAND cat is out of the bag (again).
It gets worse: Suppose some nefarious bastard wanted to commit a crime and have plenty of getaway time. All he'd have to do is find a way to get a few key law enforcement machines trojaned, confirm their infections (with outbound pings or something), and then just time the LAND attack to correspond with the timing of the crime.
Gosh, it's so exciting to live in a world with a huge, homogenous population of highly-vulnerable mission-critical platforms!
Well of course you're dead on about slashdot readers. But what about the kid who makes one extra click to surf the new, secure https://disney.com in the morning, whose dad surfs his bank that evening? Hell, with 80% of the wireless routers in residences running default SSID's and no WEP or WAP, one could even launch this attack on a stationary target, where the likelihood of eventual compromise over a period of hours or days would approach certainty. Good luck associating that cause and effect!
...isn't a quick one-time man in the middle attack, where a proxy server issues a one-time bogus certificate that the surfer has to accept in order to become a victim. The real threat is that the one bogus certificate can be built with the rights of a root certificate authority, capable of issuing other certificates.
So the really scary attack goes like this:
1) Set the evil proxy to transparently pass all traffic until an innocuous, non-SSL site (like maybe slashdot.org) is surfed.
2) When such a site (which wouldn't arouse one's security suspicions) is surfed, spoof it with a page announcing a "new, secure version" of the site is available as a feature, explaining that all the surfer has to do to get the "enhanced security" is to accept a one-time special certificate.
3) Send the bogus cert with the CA certification flag as securing, for example, https://slashdot.org.
4) Proxy all of the slashdot traffic using ssl, and wait (perhaps a long time) for the victim to eventually surf an actual SSL-secured site.
5) Generate a bogus cert for the SSL-secured site, proxy it, and record anything of interest. Once the victim has installed your bogus cert with the CA flag, you have the ability to generate certs for any domain, and spoof any secure URL he ever surfs without any certificate acceptance dialogs popping up.
Anybody see any holes in this compromise?
...running nearly twenty times slower sounds a little like hooking a 1,200 horsepower supercharged nitromethane-burning Hemi to a set of bicycle tires. With either one, if you can't "hook it up", what's the point?
Are you referring to BWJones's post saying I see comments like "PhD's dont know nothin" (sic)?
If so, perhaps someone should point out that (sic) is Latin for "thus." In the context of a quotation, it means "quoted exactly as originally written, even though it has obvious errors."
Most of the anti-intellectual remarks I read here sound more like vain attempts to sound non-conformist. (Maybe that's why so many with an anti-intellectual bent hang out here: To avoid conformity. Now there's irony for you!)
I could not agree more strongly with the article's sentiment about the importance of learning to communicate clearly and correctly in the written language. As a kid, I detested English courses and did poorly. When I got to college, though, I was paying for it myself. I decided to attack English Composition with a vengeance, to get my money's worth. I did. It was the best B+ I ever earned in my life. Years later, I read a statement on education by Dwight Eisenhower, and that made it clear that I'd learned more in that course than just English Composition. Eisenhower said that "no man is truly educated until he has mastered a subject for which he has no appetite."
President Eisenhower was correct: If you never master a subject you couldn't give a damn about, you can't know how to study, learn, and master an unappealing subject. Without knowing that, there's a virtually infinite supply of subjects you wouldn't know how to learn even if you absolutely needed to learn them!
So one of the benefits of earning a "well-rounded" education is simply learning more about how to learn. (I'd love to hear an anti-intellectual, anti-well-rounded-education attempted rebuttal to that!)
And forget repeaters... they're neither needed nor legal on the frequencies that propagate that far. We're talking 14 or 21 MHz, not 144MHz and higher.
Programmers sit serenely, silently coding for hours at a stretch.
Then they execute the code for the first time, see the results, and scream out SHEEEIIIIT, GODDAMN IT!!!
Hence, to an outside observer, the natural language of programmers is indistinguishable from a case of Tourette's Syndrome.
"Why is Segway at fault?"
Because selling that parlor-trick inverted-pendulum conveyance to the general public is certain to hurt people. Standing atop a Segway, entrusting your balance to its gyros and motors, is inherently dangerous. You're standing atop a wheeled axle, with your center of gravity about three feet off of the floor. Cut the power and you'll fall fast and hard, because as your feet shoot out from under you, your body rotates about its center of gravity (your ass, basically), and you plummet to the deck. Oh yeah, that would be the hard, smooth deck you were riding on to give the Segway's Michelins enough traction to balance you in the first place.
Thanks, but no thanks, Mr. Kamen. Maybe you should stick to inventing medical devices.