This is the same thing as people complaining that google is too good at finding things on the internet. Whether it's CC numbers, or vulnerable cgi, google isn't the problem. If you are embarrassed about certain things on your computer, then why are they there? I'm sure that, in time, a robots.txt style thing will come along anyway to prevent unwanted information linkage.
And who are you to say what Linux is about? I say Linux is about having a fully functional, and quickly adaptable operating system. If something which is closed source works better than something that is open source, and both cost no money, then I would gladly use the proprietary version.
Most of all, I think Linux is about options. If someone wants to go for the pure GPL GNU/Linux style system, good for them, they are able to. However, some people like to test their code on modern systems, which may not yet be fully supported by open source drivers.
I would say that every company that is going to make open source drivers is already doing it. If we get some better hardware support in the kernel, then not only does it make it easier to use modern systems, it makes companies more willing to port their proprietary code to Linux, which makes it easier for the hardware to be tested, and ultimately reverse engineered into a nice, clean, and throughly free drivers.
If people didn't have that configuration, it wouldn't spread. If it wouldn't spread, it wouldn't have been found in the wild.
Remember, worms don't need to be able to hit every machine on the internet, they don't even need to be able to hit machines with a particular default install. As long as they can gather the amount of machines the creator wants them to, then it is considered a successful worm.
The hard thing about windows and open source, is that it is non trivial to edit the code to make modifications. Back when I used windows (about 5 years ago), I spent a lot of time attempting to make some basic changes to mozilla, but I was never able to get it to compile properly. Once I started using linux, I realized that customizing any application I wanted was just a few keystrokes away.
Within my first couple weeks using linux, I had already done things like modifying ping to allow oversized icmp packets, and nmap to show services when scanning in verbose mode. These days I modify code on a regular basis, and help out in tracking down bugs whenever I can. I do think that any serious code should be audited by a large userbase, and I do have a great amount of respect for the windows hacking community. I still think that it is much more difficult learn from windows code, which is (in my opinion) on of the main benefits of having code be open.
I guess what im saying is that most windows users dont really realize how "free" their programs really are:-)
From: Berend-Jan Wever To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com Subject: [Full-disclosure] Internet Exploiter meets FireFox
Hi all,
Since I stopped releasing browser exploits, development on them seem to have slowed to a halt. For the latest FireFox vulnerability, I decided to finally port Internet Exploiter and thus PwnZilla was born.
Technical details and documentation are all inline.
FireFox 1.0.7 is out which seems to patch the vulnerability, I could find no release information in the website so far, but that may change in the near future.
Ya, the phone thing was pretty weak, but the article says he did manage to plant a trojan in some AOL servers, and he also launched a DOS on some website he didnt like, so he is at least at script kiddie level.
Not to be a jerk, but how is that insightful? Its not even really that funny. An open source grammar checker would be extremely useful. Everyone mistypes from time to time, and often times spellcheckes are unable to catch it.
To the best of my knowledge, its one of the harder open problems in the OSS community. Im actually surprised that someone didnt enter something like that into the google summer of code. If I had any idea where to start, I know I would have (and I did consider it). It's a very valid question, and I look forward to seeing if anyone here comes up with any good answers.
To be fair, nothing that they do is ever going to be perfect. If the criminal really wanted, they would just open the envelope.
Sending the letter with the pin on the outside of the envelope, or without any of the black crosshatching is pretty insecure. It costs the bank only a little bit more to put the crosshatching on the paper, so they do. The point is not to make it so noone can ever read the pin, the point is to make it annoying enough that criminals commit fraud in other ways.
The most important thing in security is to avoid being the low hanging branch. Kind of like when you are out camping with a bunch of friends in a place known to have alot of bears, you always need to remember to bring a friend who runs slower than you.
Research like this is good though, because the public should always understand what people are doing to protect their information. I feel a bit safer knowing a smart group of people seriously looked at the security protocols, and this was the best they came up with.
You do have to recognize the difference between the IRC bandwidth junkie, and the typical viewer whos just bored out of his mind, or curious if the latest blockbuster is really as good as the popup ads say it is.
Downloading everything that moves might be fun at first, but harddrives fill up quick, so the people who do build up large data collections tend to go for the rare things, which is typically not the latest blockbuster.
August is nice, summer term lets out and youve got a month to kill before fall term starts up again:-)
Also as a side note you will notice projects coming out with nifty new features as classes start up again. Often for me its that panic as I realize that ive only written half the code ive been promising myself I would get around to in the past year.
DNS cache poisoning doesnt stop at tricking people out of their money. At defcon Kaminsky also showed how it can easily be used to do things like email misdirection, which I think is much more of a big deal.
Reminds me of the root-fu scoreboard at defcon. For some reason it runs windows, and every year someone manages (in one way or another) to make it go bsod, to much cheering and laughter. Ghetto Hackers arent running things this year though, so that tradition may get passed up:-(
Seriously now, its not like we are at war with china. If they start making more than the US, then good for them. Last I checked we were allies, and anything good that happens to an ally is good for the group. Using words like "threaten" or implying we (the US) are about to be asked to step down from some god given position is pretty damn arrogant if you ask me.
More likely though, the paper was just meant to scare some govt types into dumping more money unto the university system here, and we need it bad:-)
I really dont think they are going to stop. It seems like they have to run out of classics eventually, but there are still many, many more childhood memories for them to ruin.
Honestly, if the SEC outlawed April Fools Day altogether I'd consider it a net win.
Hey, dont go grinching up april fools day. That's one of the few holidays I still celebrate whole heartedly! It has also remained fairly pristine in the face of commercialism.
Well look at suprnova. All they did is provide a place where people could post links that point to servers which pointed to torrents, which pointed to trackers, which pointed to peers.
Thats got to be at least 5 degrees away from anything that *might* be illegal, and they still got shutdown. I'll probably never forget the wave of nausea that swept over me when I found out.
Slashdot Mirror
This is the same thing as people complaining that google is too good at finding things on the internet. Whether it's CC numbers, or vulnerable cgi, google isn't the problem. If you are embarrassed about certain things on your computer, then why are they there? I'm sure that, in time, a robots.txt style thing will come along anyway to prevent unwanted information linkage.
Did anyone else just think "holy FUCK we're screwed!"
Linux is about Open Source
And who are you to say what Linux is about? I say Linux is about having a fully functional, and quickly adaptable operating system. If something which is closed source works better than something that is open source, and both cost no money, then I would gladly use the proprietary version.
Most of all, I think Linux is about options. If someone wants to go for the pure GPL GNU/Linux style system, good for them, they are able to. However, some people like to test their code on modern systems, which may not yet be fully supported by open source drivers.
I would say that every company that is going to make open source drivers is already doing it. If we get some better hardware support in the kernel, then not only does it make it easier to use modern systems, it makes companies more willing to port their proprietary code to Linux, which makes it easier for the hardware to be tested, and ultimately reverse engineered into a nice, clean, and throughly free drivers.
If people didn't have that configuration, it wouldn't spread.
If it wouldn't spread, it wouldn't have been found in the wild.
Remember, worms don't need to be able to hit every machine on the internet, they don't even need to be able to hit machines with a particular default install. As long as they can gather the amount of machines the creator wants them to, then it is considered a successful worm.
Well, if we want to make an all-star physicist basketball team, we don't want to clone the wrong guy now do we?
The hard thing about windows and open source, is that it is non trivial to edit the code to make modifications. Back when I used windows (about 5 years ago), I spent a lot of time attempting to make some basic changes to mozilla, but I was never able to get it to compile properly. Once I started using linux, I realized that customizing any application I wanted was just a few keystrokes away.
:-)
Within my first couple weeks using linux, I had already done things like modifying ping to allow oversized icmp packets, and nmap to show services when scanning in verbose mode. These days I modify code on a regular basis, and help out in tracking down bugs whenever I can. I do think that any serious code should be audited by a large userbase, and I do have a great amount of respect for the windows hacking community. I still think that it is much more difficult learn from windows code, which is (in my opinion) on of the main benefits of having code be open.
I guess what im saying is that most windows users dont really realize how "free" their programs really are
technophobia is far from what I would ever call "insightful". Just because you can live without it does not mean that it shouldnt be implimented.
why not make a nice clean ipv6 network, and then we in the US can join them once we realize how much better it is?
Ballmer Throws A Chair At "F*ing Google"
Does Atlanta want to be Coketown?
sorry, I think LA already has this title.
much safer than jurassic park. this time if the frog DNA takes over, they just end up eating themselves.
From: Berend-Jan Wever
To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Subject: [Full-disclosure] Internet Exploiter meets FireFox
Hi all,
Since I stopped releasing browser exploits, development on them seem to have slowed to a halt. For the latest FireFox vulnerability, I decided to finally port Internet Exploiter and thus PwnZilla was born.
Technical details and documentation are all inline.
FireFox 1.0.7 is out which seems to patch the vulnerability, I could find no release information in the website so far, but that may change in the near future.
Get the exploit at http://www.milw0rm.com/
Cheers,
SkyLined
Ya, the phone thing was pretty weak, but the article says he did manage to plant a trojan in some AOL servers, and he also launched a DOS on some website he didnt like, so he is at least at script kiddie level.
Not to be a jerk, but how is that insightful? Its not even really that funny. An open source grammar checker would be extremely useful. Everyone mistypes from time to time, and often times spellcheckes are unable to catch it.
To the best of my knowledge, its one of the harder open problems in the OSS community. Im actually surprised that someone didnt enter something like that into the google summer of code. If I had any idea where to start, I know I would have (and I did consider it). It's a very valid question, and I look forward to seeing if anyone here comes up with any good answers.
To be fair, nothing that they do is ever going to be perfect. If the criminal really wanted, they would just open the envelope.
Sending the letter with the pin on the outside of the envelope, or without any of the black crosshatching is pretty insecure. It costs the bank only a little bit more to put the crosshatching on the paper, so they do. The point is not to make it so noone can ever read the pin, the point is to make it annoying enough that criminals commit fraud in other ways.
The most important thing in security is to avoid being the low hanging branch. Kind of like when you are out camping with a bunch of friends in a place known to have alot of bears, you always need to remember to bring a friend who runs slower than you.
Research like this is good though, because the public should always understand what people are doing to protect their information. I feel a bit safer knowing a smart group of people seriously looked at the security protocols, and this was the best they came up with.
You do have to recognize the difference between the IRC bandwidth junkie, and the typical viewer whos just bored out of his mind, or curious if the latest blockbuster is really as good as the popup ads say it is.
Downloading everything that moves might be fun at first, but harddrives fill up quick, so the people who do build up large data collections tend to go for the rare things, which is typically not the latest blockbuster.
Ever seen full metal jacket?
August is nice, summer term lets out and youve got a month to kill before fall term starts up again :-)
Also as a side note you will notice projects coming out with nifty new features as classes start up again. Often for me its that panic as I realize that ive only written half the code ive been promising myself I would get around to in the past year.
DNS cache poisoning doesnt stop at tricking people out of their money. At defcon Kaminsky also showed how it can easily be used to do things like email misdirection, which I think is much more of a big deal.
Reminds me of the root-fu scoreboard at defcon. For some reason it runs windows, and every year someone manages (in one way or another) to make it go bsod, to much cheering and laughter. Ghetto Hackers arent running things this year though, so that tradition may get passed up :-(
Seriously now, its not like we are at war with china. If they start making more than the US, then good for them. Last I checked we were allies, and anything good that happens to an ally is good for the group. Using words like "threaten" or implying we (the US) are about to be asked to step down from some god given position is pretty damn arrogant if you ask me.
:-)
More likely though, the paper was just meant to scare some govt types into dumping more money unto the university system here, and we need it bad
Sure, ruin Star Wars, Dukes of Hazzard, Transformers, and millions of other memories from my childhood days. Why not ruin Voltron.
:-)
The worst is yet to come
I really dont think they are going to stop. It seems like they have to run out of classics eventually, but there are still many, many more childhood memories for them to ruin.
The Rock) will direct
These four words do not belong so close together, especially in that order.
Honestly, if the SEC outlawed April Fools Day altogether I'd consider it a net win.
Hey, dont go grinching up april fools day. That's one of the few holidays I still celebrate whole heartedly! It has also remained fairly pristine in the face of commercialism.
Well look at suprnova. All they did is provide a place where people could post links that point to servers which pointed to torrents, which pointed to trackers, which pointed to peers.
Thats got to be at least 5 degrees away from anything that *might* be illegal, and they still got shutdown. I'll probably never forget the wave of nausea that swept over me when I found out.