Correct me if I'm wrong, but I always thought Wine used some sort of chrooted environment when executing Windows programs, thus only limiting the security risk to other Windows programs, and not your Linux OS ?
Yes, he could. But then again, I suspect he already did.
From the article:
"The decision was made on Monday to pull the presentation because we wanted to make sure the research was fully baked."
In other words, the research was not even finished yet. Isn't that a little impatient, and might there be a little chance that the researcher in question would have liked the attention he would've gotten if he presented this information at Black Hat, which was part of why he made the decision to pull out the information anyway ?
According to several people who made it on time to the 9 a.m. presentation, Lynn began his talk with a discussion about security issues surrounding services that allow people to make Internet-based telephone calls. Then, they said, Lynn suddenly changed topics and began discussing the highly technical details of his research into the Cisco flaw, saying he would rather quit his job at ISS than keep the information from conference attendees.
Why would anyone, after clearly being informed NOT to talk about this information, talk about this information ?
I know, freedom of information ideals and the like, but couldn't he at least have waited a few weeks to see how Cisco responds, instead of simply revealing the information of a hardware-level exploit
The domains were registered in late March, indicating the company made the decision even before WinHEC gave developers their first taste of Longhorn in over a year.
And why is that, exactly? Couldn't it be that they made up many names, selected, say, 10, and registered the domain names to prevent leaking of the name and it being registered by someone else ?
Sounds like a very small price for such a big risk, so I don't see any reason why registration in March should indicate that they actually decided to go with that name at that date...
Why would a casual gamer pay $10 a month to play a game?
As the owner of such a game, I can tell you it's easy: make sure the players can create free accounts, make them interrested and eventually addicted, and charge fees for additional features, such as in extreme cases advancing above a certain level, or perhaps removal of advertisements, extra statistics, extra means of communications within alliances, etc.
It's all about making the addiction, eventually they will want more. And hey, they play the game for HOURS and HOURS a day... what are those $10 a month worth then, on an actual hourly base ? Not really that much, compared to, for example, the movies...
So, why don't you make your OpenBSD a firewalled (and possibly ip-less) bridge ? That way, attackers have no way of knowing that there's a firewalled bridge between them and the HTTP server, and packets still get filtered... just disallow any outside connections to your bridge-server and you're safe.
Make sure you set your webserver to only allow to respond to accepting connections, not initiate new connections.
No, that's called being entertained... just like going to the movies, taking a swim, going on vacation - it all isn't very much productive, but it isn't a waste of time.
Exactly, just like OOo and Azereus... they all pretty cleanly integrate into the OS, and users don't seem to have much problems installing it - so what's all the fuzz about ? You just need to make sure you have a good installer application, but hey, you should have that as a requirement anyway...
Can you name something that you believe can not be explained mathematically? Do you have evidence for this? If not, then your first sentance could be accurately paraphrased as "Personally, I believe that computers, at this point, can beat mankind in anything."
I think that things such as intuition, psychology and communication cannot be mathematically explained.
The game Go is famous for being hard for computers to play.
This is because the computers aren't strong enough, compared to chess. Take a look at a chessboard - at a single moment in the game, the number of possible moves are quite limited. If you compare this to a 19x19 Go board, where you can place a stone on nearly every place on the board, the number of possible moves, if you go ahead 10 turns, are/insane/.
And in additional, Go is a game that's played by a lot of intuition - there are known groups of budhists who play the game totally on intuition, who are around 3dan.
So in the end, computers will be able to break the best go player - if only you give them enough computing power. But at that point, you can't really speak of "beating" it either, but heck, that was my original point with the current chess beating.
Personally, I believe that computers, at this point, can beat mankind in anything that can be mathematically explained. Chess is an example of something that you can describe in mathematics, and thus, if you throw enough computing power at it, sure it will win. You can calculate ALL the possible moves the opponent can make to win and all the actions you can do against it at any point in the game, if only you have enough computing power.
Now, since it requires a pretty big supercomputer to win from one man, in my opinion calling it a "victory" for technology is a bit too optimistic...
Sure, that might be, but I don't think it's a proper analogy in here... a proper one would be the point where someone buys 1 candle, and then magically shares the light of that candle with (hundred ?) of thousands of other people, who never need to buy candles anymore, and the candle maker gets pissed...
I'm sure he didn't refer to those kind of situations, either...:)
Thus if you check email so much that it interferes with other functioning, like you check email so much you can't go to the grocery store, then it is a disorder. If you just check email a lot but remain fully functional, then it's nothing.
... which was exactly my point. How many of the people questioned in this survey are actually addicted, according to the things you just specified? How many of the people questioned actually are addicted and letting their email-checking get in the way of other activities, on a regular basis ?
Personally, I don't think that's a whole lot of people...
Think about it this way: if they thought they could get there legitimately, why would they have needed to alter the account information in the URL?
It depends on how you see that... true, it is an action they must do, which might lead them to think it smells fishy. However, they could just as well have reasoned ``if this works, it probably isn't such big a deal for them, since they would've prevented to let it work if it was''... perhaps that is a bit naive, but I think that's what's the core of the problem - how big was the realisation that what they were doing was in fact illegal ?
I don't think it's much more than downloading mp3's... we all know it's somewhat illegal, but we don't do much harm in doing so.
Perhaps this is where you and I differ, but I take a hard-line on the ethical issue of breaking security measures for the sole purpose of extracting information that doesn't belong to you.
At the point that that information is so freely available, I would actually put the blame on the person in charge of making it so freely available, rather than the persons making use of the information (which doesn't harm anyone)... and yes, probably that's where you and I differ.:)
My comment was in response to the concern that these students were already going to be accepted, and their otherwise acceptable applications were being dismissed out of hand. My reply was that there are plenty of reasons the schools provide that otherwise valid applications may be rejected, one of them being ethical violations, one of them being criminal violations, etc.
Ok, I misunderstood that indeed. I'm sorry for my somewhat harsh reply then...:)
Yes, dear god yes it is. This is a serious ethical issue: these people felt there was nothing wrong with knowingly violating security measures.
And to what extend did they indeed know they were violating security measures ?
It could easily be mistaken for something very innocent, like guessing each other's hotmail passwords and such... i know a lot of kids who do that, is that unethical enough to deny them from a school application too ?
Think about it this way: if they'd been arrested for a drug bust, they'd have been excluded also, despite their previously valid acceptances. The difference is only the specific misdeed; there's no question that some misdeeds nullify the entire application.
Comparing an url modification with getting busted for drug posession really removed a lot of credibility from your post, I'm sorry...
It's sad for the unlucky ones that this happened, but the harsh reality is that smaller mistakes are enough to let your competitors wipe you out in real business. Perhaps they'll learn something valuable from business school after all.
You're treating them a lot like numbers there... sure, there is plenty replacement for them in this case, but a certain number of the ``hacking'' students were accepted, for valid reasons... those reasons are now being completely ignored, solely because they did something which is not more offending than walking into your teacher's room and check out what score you have for your test in advance... sure, it isn't nice, and sure, in certain ways it can be seen as a privacy infrigment, but is it enough to completely ignore the reasons you initially accepted them ?
Sounds to me the school doesn't know how to handle this situation, and basically are doing this to scare off other potential hacking-attempts, while in fact they should be getting their security straight...
These kids didn't even know they were hacking. All they knew was that they received an url via MSN from their friends where they could look up their status...
Sure, they should've know it wasn't supposed to go this way, but should they really be punished like this ?
Personally, I don't think they should be the ones punished, but rather the person in charge of the security of the website...
Slashdot Mirror
I don't believe any country who is part of the EU has a jury comparable to the US-type of jury...
... not that I'm aware of, at least. Over here, it's just pure lawyers and judges deciding the potential criminal's life.
But that would require Windows binaries with Linux-specific exploits inside it, neh ?
The question was whether existing vulnerabilities could be used to exploit your Linux OS. I don't think so...
Correct me if I'm wrong, but I always thought Wine used some sort of chrooted environment when executing Windows programs, thus only limiting the security risk to other Windows programs, and not your Linux OS ?
Yes, he could. But then again, I suspect he already did.
From the article:
"The decision was made on Monday to pull the presentation because we wanted to make sure the research was fully baked."
In other words, the research was not even finished yet. Isn't that a little impatient, and might there be a little chance that the researcher in question would have liked the attention he would've gotten if he presented this information at Black Hat, which was part of why he made the decision to pull out the information anyway ?
From the article:
According to several people who made it on time to the 9 a.m. presentation, Lynn began his talk with a discussion about security issues surrounding services that allow people to make Internet-based telephone calls. Then, they said, Lynn suddenly changed topics and began discussing the highly technical details of his research into the Cisco flaw, saying he would rather quit his job at ISS than keep the information from conference attendees.
Why would anyone, after clearly being informed NOT to talk about this information, talk about this information ?
I know, freedom of information ideals and the like, but couldn't he at least have waited a few weeks to see how Cisco responds, instead of simply revealing the information of a hardware-level exploit
The domains were registered in late March, indicating the company made the decision even before WinHEC gave developers their first taste of Longhorn in over a year.
And why is that, exactly? Couldn't it be that they made up many names, selected, say, 10, and registered the domain names to prevent leaking of the name and it being registered by someone else ?
Sounds like a very small price for such a big risk, so I don't see any reason why registration in March should indicate that they actually decided to go with that name at that date...
Why would a casual gamer pay $10 a month to play a game?
As the owner of such a game, I can tell you it's easy: make sure the players can create free accounts, make them interrested and eventually addicted, and charge fees for additional features, such as in extreme cases advancing above a certain level, or perhaps removal of advertisements, extra statistics, extra means of communications within alliances, etc.
It's all about making the addiction, eventually they will want more. And hey, they play the game for HOURS and HOURS a day... what are those $10 a month worth then, on an actual hourly base ? Not really that much, compared to, for example, the movies...
So, what you're saying is: The GPL does bad things before it does good things?
The GPL scares companies off, so yes, it does.
So, why don't you make your OpenBSD a firewalled (and possibly ip-less) bridge ? That way, attackers have no way of knowing that there's a firewalled bridge between them and the HTTP server, and packets still get filtered... just disallow any outside connections to your bridge-server and you're safe.
Make sure you set your webserver to only allow to respond to accepting connections, not initiate new connections.
And spending hours playing WoW or Halflife isn't?
No, that's called being entertained... just like going to the movies, taking a swim, going on vacation - it all isn't very much productive, but it isn't a waste of time.
Exactly, just like OOo and Azereus... they all pretty cleanly integrate into the OS, and users don't seem to have much problems installing it - so what's all the fuzz about ? You just need to make sure you have a good installer application, but hey, you should have that as a requirement anyway...
Can you name something that you believe can not be explained mathematically? Do you have evidence for this? If not, then your first sentance could be accurately paraphrased as "Personally, I believe that computers, at this point, can beat mankind in anything."
I think that things such as intuition, psychology and communication cannot be mathematically explained.
The game Go is famous for being hard for computers to play.
This is because the computers aren't strong enough, compared to chess. Take a look at a chessboard - at a single moment in the game, the number of possible moves are quite limited. If you compare this to a 19x19 Go board, where you can place a stone on nearly every place on the board, the number of possible moves, if you go ahead 10 turns, are /insane/.
And in additional, Go is a game that's played by a lot of intuition - there are known groups of budhists who play the game totally on intuition, who are around 3dan.
So in the end, computers will be able to break the best go player - if only you give them enough computing power. But at that point, you can't really speak of "beating" it either, but heck, that was my original point with the current chess beating.
Personally, I believe that computers, at this point, can beat mankind in anything that can be mathematically explained. Chess is an example of something that you can describe in mathematics, and thus, if you throw enough computing power at it, sure it will win. You can calculate ALL the possible moves the opponent can make to win and all the actions you can do against it at any point in the game, if only you have enough computing power.
Now, since it requires a pretty big supercomputer to win from one man, in my opinion calling it a "victory" for technology is a bit too optimistic...
Sure, that might be, but I don't think it's a proper analogy in here... a proper one would be the point where someone buys 1 candle, and then magically shares the light of that candle with (hundred ?) of thousands of other people, who never need to buy candles anymore, and the candle maker gets pissed...
I'm sure he didn't refer to those kind of situations, either... :)
The Konqueror team don't have access to the Safari code, at least not in a form they can use.
Apple's doing the minimum stated in the license... if the Konqueror team doesn't like this, they used the wrong license.
Wow, I had no idea you guys were so unfamilliar with that term... out of interrest, how many people don't know what Scandinavia is?
Thus if you check email so much that it interferes with other functioning, like you check email so much you can't go to the grocery store, then it is a disorder. If you just check email a lot but remain fully functional, then it's nothing.
Personally, I don't think that's a whole lot of people...
... if reading my email every morning is an addiction, what's the difference between "addiction" and "daily routine" ?
Video game music: not just kid stuff
They got game
Those are two I know of, for the rest, use google...
Asshat. ;)
Think about it this way: if they thought they could get there legitimately, why would they have needed to alter the account information in the URL?
It depends on how you see that... true, it is an action they must do, which might lead them to think it smells fishy. However, they could just as well have reasoned ``if this works, it probably isn't such big a deal for them, since they would've prevented to let it work if it was''... perhaps that is a bit naive, but I think that's what's the core of the problem - how big was the realisation that what they were doing was in fact illegal ?
I don't think it's much more than downloading mp3's... we all know it's somewhat illegal, but we don't do much harm in doing so.
Perhaps this is where you and I differ, but I take a hard-line on the ethical issue of breaking security measures for the sole purpose of extracting information that doesn't belong to you.
At the point that that information is so freely available, I would actually put the blame on the person in charge of making it so freely available, rather than the persons making use of the information (which doesn't harm anyone) ... and yes, probably that's where you and I differ. :)
My comment was in response to the concern that these students were already going to be accepted, and their otherwise acceptable applications were being dismissed out of hand. My reply was that there are plenty of reasons the schools provide that otherwise valid applications may be rejected, one of them being ethical violations, one of them being criminal violations, etc.
Ok, I misunderstood that indeed. I'm sorry for my somewhat harsh reply then... :)
Yes, dear god yes it is. This is a serious ethical issue: these people felt there was nothing wrong with knowingly violating security measures.
And to what extend did they indeed know they were violating security measures ?
It could easily be mistaken for something very innocent, like guessing each other's hotmail passwords and such... i know a lot of kids who do that, is that unethical enough to deny them from a school application too ?
Think about it this way: if they'd been arrested for a drug bust, they'd have been excluded also, despite their previously valid acceptances. The difference is only the specific misdeed; there's no question that some misdeeds nullify the entire application.
Comparing an url modification with getting busted for drug posession really removed a lot of credibility from your post, I'm sorry...
It's sad for the unlucky ones that this happened, but the harsh reality is that smaller mistakes are enough to let your competitors wipe you out in real business. Perhaps they'll learn something valuable from business school after all.
You're treating them a lot like numbers there... sure, there is plenty replacement for them in this case, but a certain number of the ``hacking'' students were accepted, for valid reasons... those reasons are now being completely ignored, solely because they did something which is not more offending than walking into your teacher's room and check out what score you have for your test in advance... sure, it isn't nice, and sure, in certain ways it can be seen as a privacy infrigment, but is it enough to completely ignore the reasons you initially accepted them ?
Sounds to me the school doesn't know how to handle this situation, and basically are doing this to scare off other potential hacking-attempts, while in fact they should be getting their security straight...
But in this case you get what you deserve.
These kids didn't even know they were hacking. All they knew was that they received an url via MSN from their friends where they could look up their status...
Sure, they should've know it wasn't supposed to go this way, but should they really be punished like this ?
Personally, I don't think they should be the ones punished, but rather the person in charge of the security of the website...