Judging from a lot of the other positive and interested comments to this story on Slashdot, I think it is.
This is Slashdot, "New for nerds. Stuff that matters."
It's new for nerds, about stuff that matters to them. Clearly a lot of Slashdot readers were interested in this.
Personally, I couldn't care less about anime, and yet we have a whole freaking section dedicated to it. How is it any more or less appropriate for Slashdot than a story about the Harry Potter series?
Regardless of the exploit used to gain root, how many of todays rootkits do you think don't require being able to write to some of the files that would be on the read-only drive.
Nothing will prevent all rootkits.
But having files (like/bin/login, a common one changed by rootkits) on a read-only drive may prevent many of the existing rootkits from doing damage or working at all.
If everyone were doing this and it were built into the distributions, then yes, rootkits would be written around this strategy. But if only a small percentage of people are doing this, most rootkits wouldn't be "compatible", for lack of a better word.
Mounting the partition read only is easily overcome as soon as they have root. Change/etc/fstab, unmount, and remount and the partition is now read-write.
A dedicated syslog server is always a good idea if it fits the budget.
You're assuming that/etc/fstab is on the read-write disk. If it's on the read-only disk, they've accomplished nothing and your system is clean after a reboot.
Other things may be compromised, but your core OS would not be. And if other things are compromised, those things are more likely to be backed up and resurface after you restore the server.
Good question. I was always under the impression you could, though it would probably vary by vendor.
I was going to build a device that allowed me to switch between read-only and read-write remotely over TCP/IP or dial in (for servers in a data center).
This was 4 or 5 years ago and I was using Red Hat and security wasn't nearly as good (in any distribution).
I sleep better at night using hardened Gentoo, but if the read-only method were feasible I'd build it into my next server for sure and sleep even better.
I've been wanting to build a computer for my ATV so I can have a nice mapping program (like TopoFusion, or maybe an open source app) and GPS tracking and recording.
These drives wouldn't be affected by the bouncing and vibration like a normal drive would.
The problem is this: We can pick our actions. We cannot pick their consequences.
Anyone who thinks humans can't have an impact on the environment have their heads so far up their butts that the lump in their throat is their nose.
Our actions or lack of actions do have consequences, and we do have to live with those consequences.
I have no idea what the consequence of this species being lost will be, but I guarantee there will be consequences, and doubt very highly that they will be positive and produce a net gain in the world.
If you have an internal locus of control (you believe that you have control over your life and progress) you are much happier than if you have an external locus of control (you believe that other people and circumstances have control over you).
If your life is dictated to you by bosses, deadlines, and pushy clients at work, then you go home and feel like you have no control at home, you are bound to get burned out and / or depressed.
I hereby invite Boeing-Spectrolab to open source this technology and give it to the world.
This would easily have the single greatest positive impact on humanity within my lifetime (born in 1973).
That would remind me a little of the movie "The Saint" and how giving away free energy would change the world.
That should even earn the decision-maker Person of the Year award. And really tick off the investors. But, the needs of the many outweigh the needs of the few.
Laws should be enforced, or fought to be removed, but not ignored.
Either speed limits are a good idea and should be enforced, or take away our freedom and should be removed.
What difference does it make whether a cop pulls you over and tickets you, or a machine tickets you?
Police departments are way understaffed and underfunded, and have way better things to be doing than driving around being traffic cops.
I would much rather have the speed limits and tailgating laws enforced and have the highways be safer and more enjoyable to be on. Tailgaters are very dangerous and annoying (and the source of a great deal of road rage). Tailgaters getting tickets is a good thing.
What do we lose? Privacy? No, not really. The right to break the law and get away with it? Show me that in the constitution.
You can't just glance at two cars and know if they rear car is following too close.
IIRC, most laws define tailgating by the ~time~ between two cars, not the distance. In Utah, at least, it's the two second rule.
So tailgating at 20 MPH is very different than tailgating at 80 MPH.
The laser can calculate in an instant if the rear car is breaking the law and by how much. Much less subjective. By eye you could only pull over the most blatant tailgater's.
If all you need is a modem line tap or an illegal program to crack ATM's, there isn't much security is there?
I don't think there is crypto. I think the information is sent across the phone lines as plain text. The purpose of the modem line tap or illegal program is to convert the signal going over the line (the same signal you hear when you pick up the phone during a fax or internet connection) to text. From there, no mention is made of encryption.
See this page. "The Modem Line Tap, MLT2400A is a modem protocol analyzer that translates telephone data communications into standard ASCII characters for display on a PC screen."
If the data was properly encrypted before it was sent, the hackers wouldn't have been able to use the data. If there was crypto, it was token crypto at best. Just enough to tell their share holders it was encrypted.
I saw a news report the other day of a guy that hooked his a device (it may have been an iPod) to the back of an ATM where the phone line comes out, and intercepted the signal transmitting the information.
He was able to get credit card numbers, pins, and all of the other information transmitted, and stole a lot of money before being caught. And he wasn't caught by bank security or software, he was caught because a clerk was paying attention, IIRC.
Slashdot Mirror
IIRC, the movie Firefox is about an airplane (I think called Firefox), that is controlled by the mind.
Does anyone know of any do-it-yourself projects for games like this?
Something like that would be really fun to have.
Judging from a lot of the other positive and interested comments to this story on Slashdot, I think it is.
This is Slashdot, "New for nerds. Stuff that matters."
It's new for nerds, about stuff that matters to them. Clearly a lot of Slashdot readers were interested in this.
Personally, I couldn't care less about anime, and yet we have a whole freaking section dedicated to it. How is it any more or less appropriate for Slashdot than a story about the Harry Potter series?
Out of curiosity, have the read the other 6 books?
Regardless of the exploit used to gain root, how many of todays rootkits do you think don't require being able to write to some of the files that would be on the read-only drive.
/bin/login, a common one changed by rootkits) on a read-only drive may prevent many of the existing rootkits from doing damage or working at all.
Nothing will prevent all rootkits.
But having files (like
If everyone were doing this and it were built into the distributions, then yes, rootkits would be written around this strategy. But if only a small percentage of people are doing this, most rootkits wouldn't be "compatible", for lack of a better word.
Mounting the partition read only is easily overcome as soon as they have root. Change /etc/fstab, unmount, and remount and the partition is now read-write.
A dedicated syslog server is always a good idea if it fits the budget.
You're assuming that /etc/fstab is on the read-write disk. If it's on the read-only disk, they've accomplished nothing and your system is clean after a reboot.
Other things may be compromised, but your core OS would not be. And if other things are compromised, those things are more likely to be backed up and resurface after you restore the server.
Good question. I was always under the impression you could, though it would probably vary by vendor.
I was going to build a device that allowed me to switch between read-only and read-write remotely over TCP/IP or dial in (for servers in a data center).
This was 4 or 5 years ago and I was using Red Hat and security wasn't nearly as good (in any distribution).
I sleep better at night using hardened Gentoo, but if the read-only method were feasible I'd build it into my next server for sure and sleep even better.
I run Gentoo Linux servers for hosting email and websites, and have wanted a way to really secure the boxes.
/tmp /var/log
/usr/bin on a read-only drive seems like an effective way to protect against many, many different root-kits, worms, etc.
Many hard drives have jumpers that make them read only.
I thought it would be great to have all of the rarely changed portions of the operating system on a separate drive set to read only.
The only time you would move the jumper to read-write would be when you were installing updates.
Things like:
etc
Would have to always be on a read-write drive.
But having things like
What do you think? Feasible or impractical?
I've been wanting to build a computer for my ATV so I can have a nice mapping program (like TopoFusion, or maybe an open source app) and GPS tracking and recording.
These drives wouldn't be affected by the bouncing and vibration like a normal drive would.
OK, so it's natural selection.
The problem is this: We can pick our actions. We cannot pick their consequences.
Anyone who thinks humans can't have an impact on the environment have their heads so far up their butts that the lump in their throat is their nose.
Our actions or lack of actions do have consequences, and we do have to live with those consequences.
I have no idea what the consequence of this species being lost will be, but I guarantee there will be consequences, and doubt very highly that they will be positive and produce a net gain in the world.
Oops, forgot the closing tag I think.
It's a concept called "locus of control", and it's just as true for them as it is for us.
I think they definitely felt those frustrations and burn-out. But I think they felt it to the degree to which they had control over their lives.
It's a concept called , and it was just as true for them as it is for us.
If you have an internal locus of control (you believe that you have control over your life and progress) you are much happier than if you have an external locus of control (you believe that other people and circumstances have control over you).
If your life is dictated to you by bosses, deadlines, and pushy clients at work, then you go home and feel like you have no control at home, you are bound to get burned out and / or depressed.
I hereby invite Boeing-Spectrolab to open source this technology and give it to the world.
This would easily have the single greatest positive impact on humanity within my lifetime (born in 1973).
That would remind me a little of the movie "The Saint" and how giving away free energy would change the world.
That should even earn the decision-maker Person of the Year award. And really tick off the investors. But, the needs of the many outweigh the needs of the few.
Laws should be enforced, or fought to be removed, but not ignored.
Either speed limits are a good idea and should be enforced, or take away our freedom and should be removed.
What difference does it make whether a cop pulls you over and tickets you, or a machine tickets you?
Police departments are way understaffed and underfunded, and have way better things to be doing than driving around being traffic cops.
I would much rather have the speed limits and tailgating laws enforced and have the highways be safer and more enjoyable to be on. Tailgaters are very dangerous and annoying (and the source of a great deal of road rage). Tailgaters getting tickets is a good thing.
What do we lose? Privacy? No, not really. The right to break the law and get away with it? Show me that in the constitution.
So what does it take to keep the punctuation police force busy 24/7/365?
Besides, the point isn't to keep the police busy. Just the opposite. It's to free them up to do more productive things.
So are you opposed to speed limits, or just their enforcement?
By sniff for drugs I mean technology.
Read the definition of spam.
I think their should be a solar powered sensor array on every overpass on our major highways.
It would detect:
* Speed
* Distance to vehicle in front
* Sniff for drugs
* License plate to match against APB list (not stored)
An array of cameras would record video and pictures of offending vehicles and issue tickets.
If drugs are sniffed, the same vehicles are watched for at subsequent overpasses to determine which one it is.
The system should use off-the-shelf hardware and be open source.
The highways would be safer, and law enforcement agencies would have more time and resources to devote to what really matters.
I'm all for photo-cop whenever it can work reliably. Set the threshold high so that only the worst (and most dangerous) offenders are ticketed.
The point of a speed limit is safety. Revenue is a nice side-effect (and necessary, both as a deterrent and logistically).
That frees up cops to do real police work. Heck, they may even have enough free time to enforce other laws, like immigration.
You can't just glance at two cars and know if they rear car is following too close.
IIRC, most laws define tailgating by the ~time~ between two cars, not the distance. In Utah, at least, it's the two second rule.
So tailgating at 20 MPH is very different than tailgating at 80 MPH.
The laser can calculate in an instant if the rear car is breaking the law and by how much. Much less subjective. By eye you could only pull over the most blatant tailgater's.
This one.
Also covered here.
And here.
If there was crypto used, it absolutely sucked.
If all you need is a modem line tap or an illegal program to crack ATM's, there isn't much security is there?
I don't think there is crypto. I think the information is sent across the phone lines as plain text. The purpose of the modem line tap or illegal program is to convert the signal going over the line (the same signal you hear when you pick up the phone during a fax or internet connection) to text. From there, no mention is made of encryption.
See this page. "The Modem Line Tap, MLT2400A is a modem protocol analyzer that translates telephone data communications into standard ASCII characters for display on a PC screen."
If the data was properly encrypted before it was sent, the hackers wouldn't have been able to use the data. If there was crypto, it was token crypto at best. Just enough to tell their share holders it was encrypted.
No wonder some of them started making voting machines, too!
Here is the story.
I saw a news report the other day of a guy that hooked his a device (it may have been an iPod) to the back of an ATM where the phone line comes out, and intercepted the signal transmitting the information.
He was able to get credit card numbers, pins, and all of the other information transmitted, and stole a lot of money before being caught. And he wasn't caught by bank security or software, he was caught because a clerk was paying attention, IIRC.
Not all of us are Jimmy Neutron. Try again in english, please.