Because attacks against these vulnerabilities all revolve around the ability for the attacker to predictably spoof traffic, the implementation of per-query source port randomization in the server presents a practical mitigation against these attacks within the boundaries of the current protocol specification. Â
But I just think its important to be careful. Don't just blindly patch what is probably the most critical service on your network.
No competent sysadmin does that, of course. As always, you need to independently verify the need for any patches that are recommended for installation on your network.
an has written an article on a javascript attack that can compromise a home router.... that's probably far worse - in terms of real damage (ie: bot creation, personal data stolen)
And that's precisely why the first thing I do on a home router is to disable the cashing nameserver and install DJBDNS on a Linux box instead.:)
Was the sound of a single scratch wiping out years of corporate data...
Never worked in an enterprise server room, I take it? 400 GB is nothing. These days, library devices that put 100-200 200GB or 400 GB LTOx tapes are quite common. Multiple backups of the same data are often made -- some to send offsite, some for local storage, etc.
Optical disc storage would have to have similar capability and durability to be used in the enterprise as a serious archival data storage method. Probably some type of cartridge or caddy would be used.
there wasn't even any definitive proof anyone had died.
Yes, there was. There was physical blood evidence in Reiser's car. Besides, does anyone really think that Nina Reiser would take off to Russa and leave her kids?
I agree with you, with one little caveat. I'd like to see her prosecuted for criminal harassment, not computer trespass. It would only seem logical to prosecute her for what she actually did.
All the defense has to do in that case is suggest that the girl might have been a hormone-raging, unbalanced teenager and the jury will be out all of 10 seconds before they come back with a 'not guilty' verdict.
The criminal computer trespass will likely stick, however.
Thank you, kind sir or madam, for being a force of reason in sea of chaos. I'm reading these posts palming my face, going, "Damn! These people never RTFA, and they don't even bother doing a little research."
*sigh*
Look, people. Laws are worded specific ways for a reason. Usually they are written so that they can be used to prosecute people who break the law. Obviously, no one is going to start prosecuting MySpace or Slashdot or Facebook members who post using an alias.
It's not like Cathoderaytube, elrous0, and LilGuy, or any other pseudonymous user of this website (except for perhaps the Microsoft astroturfers) are out to cause any sort of harm or damage. No one's going to be arresting anybody, not even the aforementioned Microsoft astroturfers, who are probably guilty of nothing more than libel.
Lori Drew, OTOH, performed an act of criminal harassment against an unwitting teenage girl, causing her to commit suicide. I'm sure we'd all like to see her prosecuted, even if she had never used the internets to do it.
You're saying that the common man has no conception of "website". I'm not sure I agree with that. People aren't quite as dumb as you're making them out to be.
This will take time as people come to realize that "the internet" isn't a single source of information.
Yet, the World Wide Web is accessible as if it were a single source of information. That's what confuses people. All they seem to know is they open up "The Internet" on their PC by clicking the little blue "e".
There's a very fine line between 'zealous advocate' and outright barratry. Advising your client to carry on a lawsuit for which you have no evidence and aren't likely to win in court specifically because you have no evidence is, without argument, an unethical and possibly illegal maneuver.
The RIAA lawyers themselves need to suffer some kind of professional penalty that will stay on their record, or this kind of legal abuse will not stop.
Abuse of the legal system is something that an attorney could be censured for by their state's Bar association -- with penalties ranging from fines to and including disbarrment.
Perhaps a countersuit? IANAL, but I don't see why she couldn't turn around and sue them for the harrassment, pain and suffering, etc. Or is there some sort of statute that prevents that? Anyone know?
IPV6 patch for DJBDNS
Personally, I have no need for it or the IXFR functionality at this point.
However, my understanding is that BIND's IXFR implentation breaks if you use hand-written or tool-generated zone files.
Also:
FTFCA (From the flippin' CERT Advisory):
No competent sysadmin does that, of course. As always, you need to independently verify the need for any patches that are recommended for installation on your network.
And that's precisely why the first thing I do on a home router is to disable the cashing nameserver and install DJBDNS on a Linux box instead. :)
Well, if you read the list, you'd know that Microsoft's own DNS implementation is also affected and in need of patching.
Note that DJBDNS (and derivatives) are not affected, since it uses randmoized source ports for DNS resolving.
Never worked in an enterprise server room, I take it? 400 GB is nothing. These days, library devices that put 100-200 200GB or 400 GB LTOx tapes are quite common. Multiple backups of the same data are often made -- some to send offsite, some for local storage, etc.
Optical disc storage would have to have similar capability and durability to be used in the enterprise as a serious archival data storage method. Probably some type of cartridge or caddy would be used.
there wasn't even any definitive proof anyone had died.
Yes, there was. There was physical blood evidence in Reiser's car. Besides, does anyone really think that Nina Reiser would take off to Russa and leave her kids?
More like 'unlucky guess' ;)
Oh, and there was no reasonable doubt. They had physical blood evidence that Nina was murdered in his car.
Right. But you'd have to be bloody insane to think that maybe Hans didn't do it at this point. I mean, he knew where the body was buried.
All you people who said "I still don't believe Hans did it" -- do you doubt it now?
I agree with you, with one little caveat. I'd like to see her prosecuted for criminal harassment, not computer trespass. It would only seem logical to prosecute her for what she actually did.
All the defense has to do in that case is suggest that the girl might have been a hormone-raging, unbalanced teenager and the jury will be out all of 10 seconds before they come back with a 'not guilty' verdict.
The criminal computer trespass will likely stick, however.
Thank you, kind sir or madam, for being a force of reason in sea of chaos. I'm reading these posts palming my face, going, "Damn! These people never RTFA, and they don't even bother doing a little research."
*sigh*
Look, people. Laws are worded specific ways for a reason. Usually they are written so that they can be used to prosecute people who break the law. Obviously, no one is going to start prosecuting MySpace or Slashdot or Facebook members who post using an alias.
It's not like Cathoderaytube, elrous0, and LilGuy, or any other pseudonymous user of this website (except for perhaps the Microsoft astroturfers) are out to cause any sort of harm or damage. No one's going to be arresting anybody, not even the aforementioned Microsoft astroturfers, who are probably guilty of nothing more than libel.
Lori Drew, OTOH, performed an act of criminal harassment against an unwitting teenage girl, causing her to commit suicide. I'm sure we'd all like to see her prosecuted, even if she had never used the internets to do it.
You haven't met some of my students... ;)
There you guys sit, all laughing at me at pointing and jeering at my Tinfoil Hat 3000(tm), but look who's sitting pretty now! Ha! Fsckers!
Yet, the World Wide Web is accessible as if it were a single source of information. That's what confuses people. All they seem to know is they open up "The Internet" on their PC by clicking the little blue "e".
The real tech scam: you have to upgrade your PC every two years to run the latest and greatest versions of Windows and Office.
There's a very fine line between 'zealous advocate' and outright barratry. Advising your client to carry on a lawsuit for which you have no evidence and aren't likely to win in court specifically because you have no evidence is, without argument, an unethical and possibly illegal maneuver.
Well said, Morgaine!
The RIAA lawyers themselves need to suffer some kind of professional penalty that will stay on their record, or this kind of legal abuse will not stop.
Abuse of the legal system is something that an attorney could be censured for by their state's Bar association -- with penalties ranging from fines to and including disbarrment.
A hitchhiker should never go anywhere without his towel.
Perhaps a countersuit? IANAL, but I don't see why she couldn't turn around and sue them for the harrassment, pain and suffering, etc. Or is there some sort of statute that prevents that? Anyone know?
Bingo.
I propose that we rename "indeterminate state" to "undead cat state", just because it sounds cooler and (sorta) makes sense.