"Did the machines perform their allotted tasks adequately? Were the users frustrated or impeded by them? If not, then - baring malfunction - why replace them?"
This is from a slightly different angle, but I believe it is relevant. I worked as a the network security analyst at my University when I was doing my undergrad work there. A large part of security breaches came from professors using old OS software (NT etc) so that their old applications / hardware drivers (microscopes etc) would work properly. We had 100,000 dollar microscopes being used as spam relays.
The reason I bring this up is because I have heard stories, and from what I understand, this is often a fairly common occurrence in hospitals. My mother works at a hospital, and I have seen some ungodly security holes there, mostly because of the attitude that ridiculously obsolete setups still work fine, so why try to fix them?
On a university network, this is not so bad, but in a hospital, lives are at stake. It was very obviously mostly kids playing on these machines (most of the ones I tracked down ended up being 9-15 year olds in eastern Europe). Kids play, and stuff breaks. I am sure none of them would intentionally kill someone, but that is a real consequence of not maintaining a proper update cycle.
You realize that these fucked up goods are the result of American companies able to operate without restrictions in foreign countries? The factories are making everything according to spec, and it's Mattel who chooses to cut costs everywhere. Chinese companies are now suing Mattel for making them look bad.
I do think that these American internet companies need to stop being pussys though. If china really does start blocking access to google, or yahoo, or whatever, then more and more people in china will discover how easy it is to get around the firewall, and that's the last thing china wants.
Why not just use "I am a happy person who loves their life." as your passphrase? Just as easy to remember, and probably harder to crack. I am not aware of any password cracking utilities that check for reasonable passphrases, but I would love to see the code for one:-)
It's fun to watch actual interviews of him, where he discusses the purpose behind the colbert character. He says he does not let his kids watch the show because he doesn't want them to get the wrong idea.
noscript now lets you approve or deny certain plugins based on domain. As of 1.1.8.3 it only specifies between flash, silverlight, java, and "others", but it is a good start:-)
Cain and Abel (http://oxid.it) has had this capability (along with many others) since February 26 2005. I have personally ran forensics on a machine that had harvested many voip calls off the network.
My pointing out the difficulty was my response to people who believe that the only reason people mess with games is that the game is too hard otherwise. I believe that most aspects of these games are too easy (tedious), and with automation, all that goes away and allows me to only focus on the hard parts.
Everything I do, at work, home, and school is made more efficient because I automate everything that does not need human attention. Why should games be any different?
I can't say that I speak for everyone that writes stuff for these games. Maybe some of them do enjoy the sick thrill of being more powerful than other people in the game. I don't know anyone like that though. The people I compete against are other programmers. Then whoever has written the most efficient code is the winner.
bitlocker gadgets a properly hardware accelerated desktop environment a sane security model
As a security professional (not that I am more qualified, but just to give some perspective), I recommend vista to anyone who can afford it, and ubuntu to anyone who can't. XP is a joke, a cesspool of extensible APIs and network vulnerabilities. Microsoft still isn't 100% there, but I think Microsoft takes security far more seriously than Ubuntu.
Many security flaws are only there for backward compatibility, and I think Microsoft made the right choice to prioritize security over functionality.
Ya, I never really understood the people who know everything about every anime. I first got into Japanese movies because for the first time, I was unable to figure out the ending based on the first 10 minutes of the movie. That does eventually go away though as you read a bit into the history etc.
Japanese media is just like any other media. Some is good, but most of it is crap. Japan just has a pretty rich culture to draw from. The music sucks (Hide is the only artist from the area that I can stand), but the tv and movies are pretty good.
One strange thing that I noticed though is that I listen to music and watch movies from all over the world, but Japan has been the only non-english country that has ever produced a TV show that I find enjoyable. I have actively looked for (and found) TV shows from other east asian and european countries, but never found anything that I could get into.
With a root SSL key, you can sign any domain you want. You could redirect a user's connection via DNS poisoning or whatever, and then serve them pages via https that a browser would recognize as valid. This would mainly be useful for harvesting web credentials, such as banks/paypal/ebay etc. Even the most paranoid security expert would not be able to tell that they were connected to a malicious server.
Similarly you could crack keys used for signed software updates (windows update etc), and silently patch systems with malicious code.
Hardly an alternative to hushmail. Hushmail allows anonymous users to sign up (tor is good) for free email accounts, and has built in support for clientside crypto in your emails. Nothing that I know of comes close. Some people would say firegpg + gmail would cover that, but there are some issues. First of all, there does not exist an untracable way to make a gmail account. Also, I believe that in the default configuration, the AJAXness of gmail sends each letter you type one at a time over the wire unencrypted as you type them. This allows google to suggest words etc as you type, and also eliminates any benefit that would be obtained by encrypting the message in your browser. Maybe something like the "encryptthis" plugin with maybe yahoo or hotmail (some sort of webmail that does not require references to get an account), but even then remember you are dealing with American companies, so who knows.
"... a good sign that the Feds doesn't possess some magical method of factoring enormous primes that they're not telling anyone about."
These are Canadian feds:-) Even in the US, only a few get access to the code cracking mountains. Not that it would take much, as you can silently hijack any ssl connection with a single cracked verisign/thawte key. Then you win the internet:-)
Also, on a side note, prime numbers are the easiest numbers to factor:-p
Calm down. No need to be appalled. If you look into it, you will see that the account owners intentionally disabled the "troublesome" secure interface (enabled by default), which hushmail discourages. They also inform you of exactly what that means when you do it. This article is FUD designed to scare people away from using a really good free service.
I disagree. If you are into the whole "I am an orc warlord, and will defend the honor of my people!" type player, you should be playing on the role playing servers. I, and many others like me, have much more fun developing scripting and automation sequences. Despite what you may believe, it is hard math. It is also harder than you might think to develop good glides for the game.
I would be fine if there were separate servers for this, but the closest that blizzard has provided is PvP. Unfortunately blizzard has decided to treat these customers as enemies, which is why I stopped playing the World of Warcraft.
Still though, I became interested in programming and network security because as a kid I spent my days "hacking" diablo 2. The only party it's unfair to is the NPCs in the game.
On a side note, if you go to rootkit.com, you will find that a large number of the users there are using FU/hxdef (common windows rootkit code) etc to hide their automation apps from warden:-)
The same thing happened with SHA. Even creepier was that they just threw a "leftshift 1" in the middle of the algorithm. This is the difference between SHA0 and SHA1, yet 10 years later new attacks on hashing algorithms emerged that broke SHA0 wide open, but SHA1 was resistant.
This 10 year thing starts to tickle my paranoia. NIST has the stated goal to make all of it's algorithms unbreakable for at least 10 years, and the NSA claims on their website that they are always 10 years ahead of what is known publicly (with respect to computational power and cryptographic research).
He hacked NOTHING. He sat on a tor exit node with dsniff. You can do that setup in minutes (I used to run driftnet-gtk on my tor exit node for kicks). He noticed a large amount of dumbasses using email with no encryption, and wanted it to stop ASAP, so he released the info.
Remember, google put safari into android, not firefox. Google constantly gives a ton of money away to any organization working towards their vision of a free internet. That doesn't mean that google has "lobbyists" working inside firefox forcing their decisions one way or the other.
I actually totally agree with you. I believe that information should not be regulated by the government. If people want to send secrets, crypto is publicly available, and not super hard to use these days (hopefully it will get better very soon as voip enabled phones get more popular).
You might argue that few people know how to properly use crypto, but I can assure you that if the NSA was more forthcoming about their surveillance policies, people would learn quick.
My problem with the situation is the lies. If the NSA wants to tap everyone, that's fine, but I would like to know what is tapped so I know where I need to focus my crypto. The NSA is not chartered for domestic surveillance. They are also a federal agency, making them public servants. They are supposed to have my best interests in mind, but now even when they are completely busted, and proof is all over the table, they still lie and attempt to hide information from tax paying, law abiding US citizens.
Slashdot Mirror
"Did the machines perform their allotted tasks adequately? Were the users frustrated or impeded by them? If not, then - baring malfunction - why replace them?"
This is from a slightly different angle, but I believe it is relevant. I worked as a the network security analyst at my University when I was doing my undergrad work there. A large part of security breaches came from professors using old OS software (NT etc) so that their old applications / hardware drivers (microscopes etc) would work properly. We had 100,000 dollar microscopes being used as spam relays.
The reason I bring this up is because I have heard stories, and from what I understand, this is often a fairly common occurrence in hospitals. My mother works at a hospital, and I have seen some ungodly security holes there, mostly because of the attitude that ridiculously obsolete setups still work fine, so why try to fix them?
On a university network, this is not so bad, but in a hospital, lives are at stake. It was very obviously mostly kids playing on these machines (most of the ones I tracked down ended up being 9-15 year olds in eastern Europe). Kids play, and stuff breaks. I am sure none of them would intentionally kill someone, but that is a real consequence of not maintaining a proper update cycle.
"Where else but China can we get lead toys for our kids?"
Maybe Mexico?
http://www.boston.com/business/articles/2007/11/29/mattel_destroys_leaden_toys_in_mexico/
You realize that these fucked up goods are the result of American companies able to operate without restrictions in foreign countries? The factories are making everything according to spec, and it's Mattel who chooses to cut costs everywhere. Chinese companies are now suing Mattel for making them look bad.
I do think that these American internet companies need to stop being pussys though. If china really does start blocking access to google, or yahoo, or whatever, then more and more people in china will discover how easy it is to get around the firewall, and that's the last thing china wants.
Why not just use "I am a happy person who loves their life." as your passphrase? Just as easy to remember, and probably harder to crack. I am not aware of any password cracking utilities that check for reasonable passphrases, but I would love to see the code for one :-)
It's fun to watch actual interviews of him, where he discusses the purpose behind the colbert character. He says he does not let his kids watch the show because he doesn't want them to get the wrong idea.
http://www.mininova.org/tor/711888
I think that the type of people looking to unlock their phones are the type of people who would be interested in seeing how the unlock code works.
Getting removed from the google index is almost as bad :-)
noscript now lets you approve or deny certain plugins based on domain. As of 1.1.8.3 it only specifies between flash, silverlight, java, and "others", but it is a good start :-)
It's just one more lie to create an account.
Are you 18 or over? > yes
Are you currently living in New Jersey? > no
FYI, they guy who is making this claim is Lawrence Krauss, author of the book "The Physics of Star Trek".
Cain and Abel (http://oxid.it) has had this capability (along with many others) since February 26 2005. I have personally ran forensics on a machine that had harvested many voip calls off the network.
I know that my vote will be greatly affected by how candidates come down on this issue.
My pointing out the difficulty was my response to people who believe that the only reason people mess with games is that the game is too hard otherwise. I believe that most aspects of these games are too easy (tedious), and with automation, all that goes away and allows me to only focus on the hard parts.
Everything I do, at work, home, and school is made more efficient because I automate everything that does not need human attention. Why should games be any different?
I can't say that I speak for everyone that writes stuff for these games. Maybe some of them do enjoy the sick thrill of being more powerful than other people in the game. I don't know anyone like that though. The people I compete against are other programmers. Then whoever has written the most efficient code is the winner.
bitlocker
gadgets
a properly hardware accelerated desktop environment
a sane security model
As a security professional (not that I am more qualified, but just to give some perspective), I recommend vista to anyone who can afford it, and ubuntu to anyone who can't. XP is a joke, a cesspool of extensible APIs and network vulnerabilities. Microsoft still isn't 100% there, but I think Microsoft takes security far more seriously than Ubuntu.
Many security flaws are only there for backward compatibility, and I think Microsoft made the right choice to prioritize security over functionality.
red rocket!
Ya, I never really understood the people who know everything about every anime. I first got into Japanese movies because for the first time, I was unable to figure out the ending based on the first 10 minutes of the movie. That does eventually go away though as you read a bit into the history etc.
Japanese media is just like any other media. Some is good, but most of it is crap. Japan just has a pretty rich culture to draw from. The music sucks (Hide is the only artist from the area that I can stand), but the tv and movies are pretty good.
One strange thing that I noticed though is that I listen to music and watch movies from all over the world, but Japan has been the only non-english country that has ever produced a TV show that I find enjoyable. I have actively looked for (and found) TV shows from other east asian and european countries, but never found anything that I could get into.
With a root SSL key, you can sign any domain you want. You could redirect a user's connection via DNS poisoning or whatever, and then serve them pages via https that a browser would recognize as valid. This would mainly be useful for harvesting web credentials, such as banks/paypal/ebay etc. Even the most paranoid security expert would not be able to tell that they were connected to a malicious server.
Similarly you could crack keys used for signed software updates (windows update etc), and silently patch systems with malicious code.
"GPG works fine."
Hardly an alternative to hushmail. Hushmail allows anonymous users to sign up (tor is good) for free email accounts, and has built in support for clientside crypto in your emails. Nothing that I know of comes close. Some people would say firegpg + gmail would cover that, but there are some issues. First of all, there does not exist an untracable way to make a gmail account. Also, I believe that in the default configuration, the AJAXness of gmail sends each letter you type one at a time over the wire unencrypted as you type them. This allows google to suggest words etc as you type, and also eliminates any benefit that would be obtained by encrypting the message in your browser. Maybe something like the "encryptthis" plugin with maybe yahoo or hotmail (some sort of webmail that does not require references to get an account), but even then remember you are dealing with American companies, so who knows.
"... a good sign that the Feds doesn't possess some magical method of factoring enormous primes that they're not telling anyone about."
:-) Even in the US, only a few get access to the code cracking mountains. Not that it would take much, as you can silently hijack any ssl connection with a single cracked verisign/thawte key. Then you win the internet :-)
:-p
These are Canadian feds
Also, on a side note, prime numbers are the easiest numbers to factor
Calm down. No need to be appalled. If you look into it, you will see that the account owners intentionally disabled the "troublesome" secure interface (enabled by default), which hushmail discourages. They also inform you of exactly what that means when you do it. This article is FUD designed to scare people away from using a really good free service.
I disagree. If you are into the whole "I am an orc warlord, and will defend the honor of my people!" type player, you should be playing on the role playing servers. I, and many others like me, have much more fun developing scripting and automation sequences. Despite what you may believe, it is hard math. It is also harder than you might think to develop good glides for the game.
:-)
I would be fine if there were separate servers for this, but the closest that blizzard has provided is PvP. Unfortunately blizzard has decided to treat these customers as enemies, which is why I stopped playing the World of Warcraft.
Still though, I became interested in programming and network security because as a kid I spent my days "hacking" diablo 2. The only party it's unfair to is the NPCs in the game.
On a side note, if you go to rootkit.com, you will find that a large number of the users there are using FU/hxdef (common windows rootkit code) etc to hide their automation apps from warden
The same thing happened with SHA. Even creepier was that they just threw a "leftshift 1" in the middle of the algorithm. This is the difference between SHA0 and SHA1, yet 10 years later new attacks on hashing algorithms emerged that broke SHA0 wide open, but SHA1 was resistant.
This 10 year thing starts to tickle my paranoia. NIST has the stated goal to make all of it's algorithms unbreakable for at least 10 years, and the NSA claims on their website that they are always 10 years ahead of what is known publicly (with respect to computational power and cryptographic research).
He hacked NOTHING. He sat on a tor exit node with dsniff. You can do that setup in minutes (I used to run driftnet-gtk on my tor exit node for kicks). He noticed a large amount of dumbasses using email with no encryption, and wanted it to stop ASAP, so he released the info.
Remember, google put safari into android, not firefox. Google constantly gives a ton of money away to any organization working towards their vision of a free internet. That doesn't mean that google has "lobbyists" working inside firefox forcing their decisions one way or the other.
I actually totally agree with you. I believe that information should not be regulated by the government. If people want to send secrets, crypto is publicly available, and not super hard to use these days (hopefully it will get better very soon as voip enabled phones get more popular).
You might argue that few people know how to properly use crypto, but I can assure you that if the NSA was more forthcoming about their surveillance policies, people would learn quick.
My problem with the situation is the lies. If the NSA wants to tap everyone, that's fine, but I would like to know what is tapped so I know where I need to focus my crypto. The NSA is not chartered for domestic surveillance. They are also a federal agency, making them public servants. They are supposed to have my best interests in mind, but now even when they are completely busted, and proof is all over the table, they still lie and attempt to hide information from tax paying, law abiding US citizens.