Well since the password protection is done using htaccess which isn't even a part of Pirhana this conversation is pretty futile. We can sit here all day and do what-if's but that is pretty pointless. You are right, if there is one buffer overflow there is likely to be another, but not all buffer overflows are exploitable.
This was a 'routine' code inspection done by ISS, not just someone glancing through the code. This may have been something that stuck out like a sore thumb, but no one else has noticed it during this supposed time of 'peer' review. ISS are security professionals conducting an independent evaluation of RedHat's code.
If I change the password then how can an external user use Pirhanna and change the password with the exploit code attached. Malicious users can only exploit this on an install of Pirhanna where the password wasn't changed. Any sysadmin who doesn't change a password to a tool like Pirhanna is being negligent.
Changing the password is something you need to do on install before anyone exploits it, once you do that you should be safe.
As I understand it, you can't use the exploi code unless you know the password.
If this was an embedded password then I would tend to agree with you. Since this is just a lame default password I think we can attribute this more to a lazy user than a real backdoor in RedHat's code.
RedHat definitely should have had a better default password, or perhaps even force the user to change the password during install.
I think the real question here is, did ISS, and others, start looking for security holes in bigname OpenSource packages in response to Elias Levy's recent article? I know ISS is continually looking into things like this but the timing is pretty good;)
This is pretty rediculous. I am sure that Microsoft are diversifying into Skymapping because they are afraid that the DoJ is going to break them up.
Yep just get right out of OS's and Software and focus on the non-monopolized sphere of SkyMapping. Lots of money to be made there!
Some of these things MS does have nothing to do with how to extend windows to every desktop. Some of them are just pure Geek. Bill is a geek, even if he is a misguided geek. A lot of the MS employees are big geeks (especially the research guys). Give us all a break from trying to be the first one in a/. thread to bash Microsoft to try and look cool.
The TerraServer was a great idea and I think that this project will end up being just as neat.
I love the idea of being able to look at pictures of the entire sky! It may not be a great tool for Astronomy research but it will be a great tool for learning more about constalations and such. It will also be great for getting more people interested in Astronomy. I applaud Microsoft for getting involved in these really neat projects, whatever their motives are.
Plus, being able to look at Area51 was pretty neat. Perhaps we'll get a good view of something interesting in the Sky? Perhaps some closeups of Mir;)
This may be an issue that we have all heard before, but it is one that needs to be addressed again.
I think the real point that Elias is trying to make is that Peer Review is great, but for the most part the 'Peers' reviewing the code and not skilled enough to find a lot of security holes.
I'd like to suggest here that even experienced programmers are bad at identifying security holes. They may be well versed in programming, but programming securely is a whole different subset of skills. It is a specialty within the programming community that very few do well.
Openning your code is a great first step, but I think a lot of the prominent projects need to give that code to qualified external sources (al la the l0pht) for peer review.
I love having access to the source code so I can make myself feel better by being able to do my own peer review, but what I really like it for is the ability to find and fix bugs (not necessarily security bugs) or problems that arise.
Thinking that I (and most of us out there) can competently do a peer review for security of code is kind of like saying that I can do a peer review of my doctors findings by looking over the test results. Sure I can see the broken bones in an Xray, but that's about where my competence stops.
This is a common sentiment. For some time in my early adulthood I was moderately depressed too. Fortunately I had/have a very loving and supportive girlfriend/fiancee and really fun loving friends who always forced me to have fun anyway;)
I too wish I had someone to talk to when I was in high school and I think that it's about time I did talk to someone. My girlfriend just started seeing a psychiatrist last month and really likes it. It's a little slow going for her (she's impatient;) but she likes her shrink a lot and seems to think it's helping. I think I'll visit her shrink next week. I hope you gather up the gumption to do the same.
I would like to point out a problem I have with something you said in this post Jon.
You mention something to the effect of 'Kids shouldn't be making these judgements of other kids, trained Psychologists etc. should be.'
I have a problem with that. Trained professionals in those feilds shouldn't be making judgements about kids either, they should be listening to those kids and trying to help them through their problems. Using shrinks to help identify kids who "MAY" be problems then alienating them is just plain wrong. Help the kids, even if they are unresponsive to help. These trained professionals should know how to deal with those types of situations.
Now, to Pinkerton. I am interested in hearing their side of why they think this program is useful and will work. I would like to know their reasoning behind it. I think this is very important in helping them realise why we think it is such a bad idea.
When I was in high school I had enough problems. I know I would have fit this programs 'profile' and all that would have done is make my high school years even more difficult. Being branded an outcast by someone other than my classmates. Being told I am dangerous and need help would have definitely bruised my already black and blue self esteem beyond belief.
What we need are more professional and caring school psychologists and teachers. Give them some leeway to help these kids and I think that some of these already singled-out groups would become a lot happier.
Not everyone needs to be 'well adjusted'. I know I still don't conform to societal norms, but I live a happy life with my fiance and I hold down a good job in the computer industry making a decent living. Don't try to make us all conform, diversity is great! Help the geeks etc. come to terms with being 'different' and help show them it is a good thing!
Re:More money = better grade at the end?
on
Laptop Exams?
·
· Score: 1
Ahh, but this isn't always the case. There is a university here in Nova Scotia called Acadia. As part of your tuition you get a laptop, and all of the dorm rooms are outfitted for highspeed access.
You are allowed to send in assignments and even attend some classes via your laptop. As for getting to do some exams on, or with your laptop, I haven't heard anything about them allowing this, but I know they are making extensive use of the laptops they provide students.
They were ahead of their time a few years ago when they started doing this, and yes the tuition went up a bit, but I think it is a valuable addition to the Students.
"Moron. The purpose of Linux is not to be inexpensive. If that happens, fine, it's a nice side effect. The purpose of Linux is to allow you to separate your business plan from the business plan of your software provider."
No, you have his quote out of context. He is trying to say that businesses use Linux instead of something else because it is free, and if it costs more to fix it than you would have paid for a closed source OS then you're shooting yourself in the foot.
He also may not be talking about Windows or MS. I know where I work Linux is used solely as a server OS, and if we didn't go with Linux for those few servers it probably would have been AIX, or BSDI or pehaps even Solaris. That would have required us buying proprietary hardware though (in the case of Solaris and AIX), which drives the cost up significantly.
Forbes is a publication by Business guys, for Business guys. You should try and remember that while you are picking apart their articles. forge
The 7,200 rpm Deskstar 75GXP for desktop computers holds a whopping 75-gigabytes (GB) of data, more than 10 times the capacity of drives found in the average home PC. Looks to me like they are pushing this as a DeskTop hard drive. Especially with a name like Deskstar forge
I take a bit of offense when people lump all MCSE's together into one moronic group. Not everyone who has their MCSE is an inexperienced and useless worker. Sure there is a pile of people who got their MCSE for no other reason than to get more money, or to switch trades, but that doesn't mean that all MCSE's don't know their shit. I won't bother to try and convince you I know what I'm talking about...
When the MCSE program first came out it was a hell of a lot harder to get your certification and having it showed that you really knew your shit. Lately though it is rediculously easy to get that cert. So easy in fact that we have someone working on our helpdesk with his MCSE and he thinks if he minimizes a window that his information will disappear.
What MS is trying to do with the new Win2k cert's is make it difficult again. They have listened to the large base of experienced and knowledgable IT workers out there who have expressed their opinion of the MCSE program.
They are giving current MCSE's a one shot deal to upgrade their certs to Win2k, if you fail then you have to do the whole set of exams. They are also giving the current MCP/MCSE's 2 full years to upgrade to Win2k. That's a pretty decent amount of time to take the 2 upgrade exams or 5 core exams needed to gain the new Win2k MCSE.
The only people I have seen complaining are folks like Coriolis who have a financial interest in selling NT4 books, and MCP/MCSE's who don't know their stuff. Everyone I know who knows their stuff is happy to see these new changes.
"It's hard enough to find and keep talented IT people, and Red Hat is asking us not only to spend $5,000 a person, which eats heavily into our cost, but we also have to lose a $60,000 employee for two weeks, who after being certified, can move almost anywhere he wants, maybe even over to Red Hat. There aren't that many Linux-certified people out there."
This is the way my company feels about training. They would rather let me sit for 6 months toiling with a new concept, figure it out and start to use it than to send me on a 1 week course which would give me enough information to figure it out in a matter of weeks.
Their excuse is that if I get training I will leave, but what ends up happening is people get fed up with never being sent to learn new things but still expected to get the information so they leave and go somewhere that is interested in training people.
Now 6 months is a little extreme but I know some of our programmers toil for at least 6 months with some of this SAP crap before they become even remotely useful. Send them on a course or two over that 6 months and yo'd be getting a lot more work out of them.
I have no sympathy for someone who runs their company with that mentality. forgey
No, that is cybersquatting as well. If your only intent when registering a domain name is to try and sell it then it is cybersquatting. Bar none, no matter who it is.
I despise those "This domain name is for sale" Websites!
What this guy is talking about is a legitimate domain name. The company bought, was using it, but recently had some changes and presumably changed their name. Now they are done with it, but why just give it up when someone might buy it from you right?
Well I have a problem with that too. It doesn't fall under my definition of cybersquatting, but I think it's unethical.
Sure you can spout all you want about companies are just out to make money etc. etc. etc. but I don't agree with this. An ethical company that does The Right Thing(tm) will end up making money in spite of themselves. I have seen it happen almost every time. There is no excuse for unethical business behavior.
Give the domain up. Give it back to Network Solutions and let them sell it back to someone.
If someone has approached you and offered you money for it, then I would say that is probably acceptable. But trying to find someone to buy the domain is just wrong. Give it back.
Please tell me you're joking? I thought that/. at least wouldn't be filled with people professing Security through Obscurity!
That isn't going to get you anywhere, finding out what your Firewall/OS runs ins't very difficult. Wonderful tools like nmap make figuring out your network that much easier.
But, what firewall or what OS you run is really a non-issue here, this is about a DoS, and no matter what hardware/software you are running, we're all subject to a DoS. Sure if you hurry you can block the offenders at a router, but unless you render your network pretty useless (from blocking too many protcols/ports) you're still going to be hit.
This is not a Smurf attack, it is a distributed DoS attack and there are some large differences.
A Smurf attack is very simplistic, and easy to prevent your network from being used in a Smurf attack. The trinoo and TFN Distributed DoS attacks are not exploiting a misconfigured server, they are installing an Agent on a hacked machine (or hundreds of hacked machines) and controlling them via a handler tool.
The architecture looks like this:
                  /---A gent        ---Handler---Ag ent Client---Handler---Agent Client---Handler---Agent        ---Handler---Ag ent                   \---A gent
So the Client controls the Handlers which in turn each have a myriad of hacked servers with Agents installed that it connects to. Depending on which version of the attack is being used (trinoo vs TFN or another of the 4 or 5 versions that have popped up over the past few months) different communication methods will be used.
The TFN uses some encyption (Blowfish) for it's communication between Client and Handler, which goes across 16660/TCP by default. It uses ICMP for it's communication unlike its predecessor trinoo which used UDP.
Communication from Handler to Agent is done across 65000/TCP, ICMP ECHO_REPLY. If your system is hacked and being used in a Distributed DoS attack then I recommend blocking ECHO and ECHO_REPLY.
From what I understand most systems being used in this attack are Solaris 2.x machines, with some Linux being scattered in there for fun. The Makefile has rules in it for Linux and Solaris, the default being Linux. http://staff.washington.edu/ dittrich/misc/tfn.analysis
Here's the thing. What exactly did FreeBSD fail at? Any OS is going to have trouble with a DoS that big. The DoS had nothing to do with FreeBSD, in fact almost all the hosts that are hacked to have this Trinoo/TFN client installed on are Solaris, with the second largest number being Linux.
Of course things are going to change. I haven't seen a merger (or acquisition) that didn't change the way things worked for _both_ parties.
The challenege is in making things better. Change doesn't have to be a bad thing, there are lots of things that we can do to make/., Freshmeat, linux.com, Sourceforge et al. better. I have a lot of faith in Larry and VA, they have shown us all constantly that they are committed to Linux and the OpenSource community. They show us time and time again where their priorities are, and those priorities aren't always just money.
Having been through a merger recently I know how tough it can be, especially with competing divisions. The focus should be on making each better, on integrating what you can, and improving whatever you keep as solely your groups realm. Trim the fat, get rid of some of the redundancy and make everything you can as good as you can.
I think we will see some interesting changes at Andover and VA, but I bet you won't see many of them (besides the new servers:) for at least 2 months. It takes a while to let the business stuff settle down before anyone can really look at making major changes.
I wish VA, Andover and Slashdot the best and hope that things do change:)
I have to say that I agree it probably isn't a big deal, but I would seek the advice of a lawyer and at the very least get him to draft a response letter stating that he is your lawyer and you are not going to give up the domain name as you are not infringing on their trademarks (insert law references here) etc. etc.
Ignoring their official letter is probably a bad idea. Spend the Hundred bucks and get a lawyer to send them a letter.
Don't you think that RedHat buying Cygnus makes more sense when you consider that quote? If Cygnus was interested in open sourcing their products what better way to facilitate that than to merge with a company like RedHat who has successfully been doing Open Source developement and actually making money at it?
I find it very interesting that JP cites Attrition.org as the site that reported he was being Investigated by the FBI, but he failed to mention that the Ottawa Citizen also reported that. In fact they removed it from their website rather than risk legal action.
It seems (according to Adam Penenberg) that Harvard reacted much the same way. Although JP may not have explicitly said he would sue two secperate organizations got the feeling that he was intending to sue if they didn't remove the content. I can say that I am impressed that a newspaper actually removed a story because one of the parties involved complained.
JP, as always, likes to ignore other information that makes his stance less believable.
Slashdot Mirror
Well since the password protection is done using htaccess which isn't even a part of Pirhana this conversation is pretty futile. We can sit here all day and do what-if's but that is pretty pointless. You are right, if there is one buffer overflow there is likely to be another, but not all buffer overflows are exploitable.
This was a 'routine' code inspection done by ISS, not just someone glancing through the code. This may have been something that stuck out like a sore thumb, but no one else has noticed it during this supposed time of 'peer' review. ISS are security professionals conducting an independent evaluation of RedHat's code.
forge
I disagree.
If I change the password then how can an external user use Pirhanna and change the password with the exploit code attached. Malicious users can only exploit this on an install of Pirhanna where the password wasn't changed. Any sysadmin who doesn't change a password to a tool like Pirhanna is being negligent.
Changing the password is something you need to do on install before anyone exploits it, once you do that you should be safe.
As I understand it, you can't use the exploi code unless you know the password.
Phil
If this was an embedded password then I would tend to agree with you. Since this is just a lame default password I think we can attribute this more to a lazy user than a real backdoor in RedHat's code.
RedHat definitely should have had a better default password, or perhaps even force the user to change the password during install.
I think the real question here is, did ISS, and others, start looking for security holes in bigname OpenSource packages in response to Elias Levy's recent article? I know ISS is continually looking into things like this but the timing is pretty good ;)
This is pretty rediculous. I am sure that Microsoft are diversifying into Skymapping because they are afraid that the DoJ is going to break them up.
/. thread to bash Microsoft to try and look cool.
Yep just get right out of OS's and Software and focus on the non-monopolized sphere of SkyMapping. Lots of money to be made there!
Some of these things MS does have nothing to do with how to extend windows to every desktop. Some of them are just pure Geek. Bill is a geek, even if he is a misguided geek. A lot of the MS employees are big geeks (especially the research guys). Give us all a break from trying to be the first one in a
forge
The TerraServer was a great idea and I think that this project will end up being just as neat.
;)
I love the idea of being able to look at pictures of the entire sky! It may not be a great tool for Astronomy research but it will be a great tool for learning more about constalations and such. It will also be great for getting more people interested in Astronomy. I applaud Microsoft for getting involved in these really neat projects, whatever their motives are.
Plus, being able to look at Area51 was pretty neat. Perhaps we'll get a good view of something interesting in the Sky? Perhaps some closeups of Mir
forge
This may be an issue that we have all heard before, but it is one that needs to be addressed again.
I think the real point that Elias is trying to make is that Peer Review is great, but for the most part the 'Peers' reviewing the code and not skilled enough to find a lot of security holes.
I'd like to suggest here that even experienced programmers are bad at identifying security holes. They may be well versed in programming, but programming securely is a whole different subset of skills. It is a specialty within the programming community that very few do well.
Openning your code is a great first step, but I think a lot of the prominent projects need to give that code to qualified external sources (al la the l0pht) for peer review.
I love having access to the source code so I can make myself feel better by being able to do my own peer review, but what I really like it for is the ability to find and fix bugs (not necessarily security bugs) or problems that arise.
Thinking that I (and most of us out there) can competently do a peer review for security of code is kind of like saying that I can do a peer review of my doctors findings by looking over the test results. Sure I can see the broken bones in an Xray, but that's about where my competence stops.
forge
Don't be an idiot. This article applies to us because a large number of the /. audience is interested in learning more than what is 'applicable' to us.
I know I love reading the myriad of articles that get posted here, generally I learn something new and that is a good thing.
forge
This is a common sentiment. For some time in my early adulthood I was moderately depressed too. Fortunately I had/have a very loving and supportive girlfriend/fiancee and really fun loving friends who always forced me to have fun anyway ;)
;) but she likes her shrink a lot and seems to think it's helping. I think I'll visit her shrink next week. I hope you gather up the gumption to do the same.
I too wish I had someone to talk to when I was in high school and I think that it's about time I did talk to someone. My girlfriend just started seeing a psychiatrist last month and really likes it. It's a little slow going for her (she's impatient
forge
I would like to point out a problem I have with something you said in this post Jon.
You mention something to the effect of 'Kids shouldn't be making these judgements of other kids, trained Psychologists etc. should be.'
I have a problem with that. Trained professionals in those feilds shouldn't be making judgements about kids either, they should be listening to those kids and trying to help them through their problems. Using shrinks to help identify kids who "MAY" be problems then alienating them is just plain wrong. Help the kids, even if they are unresponsive to help. These trained professionals should know how to deal with those types of situations.
Now, to Pinkerton. I am interested in hearing their side of why they think this program is useful and will work. I would like to know their reasoning behind it. I think this is very important in helping them realise why we think it is such a bad idea.
When I was in high school I had enough problems. I know I would have fit this programs 'profile' and all that would have done is make my high school years even more difficult. Being branded an outcast by someone other than my classmates. Being told I am dangerous and need help would have definitely bruised my already black and blue self esteem beyond belief.
What we need are more professional and caring school psychologists and teachers. Give them some leeway to help these kids and I think that some of these already singled-out groups would become a lot happier.
Not everyone needs to be 'well adjusted'. I know I still don't conform to societal norms, but I live a happy life with my fiance and I hold down a good job in the computer industry making a decent living. Don't try to make us all conform, diversity is great! Help the geeks etc. come to terms with being 'different' and help show them it is a good thing!
forge
Ummmm, no.
Whistler is one of the largest ski resorts in North America. It is in British Columbia, Canada a few hours north of Seattle.
The next release of Whistler will be called Blackcomb, which is the mountain directly beside Whistler.
www.whistler-blackcomb.com
Ahh, but this isn't always the case. There is a university here in Nova Scotia called Acadia. As part of your tuition you get a laptop, and all of the dorm rooms are outfitted for highspeed access.
You are allowed to send in assignments and even attend some classes via your laptop. As for getting to do some exams on, or with your laptop, I haven't heard anything about them allowing this, but I know they are making extensive use of the laptops they provide students.
They were ahead of their time a few years ago when they started doing this, and yes the tuition went up a bit, but I think it is a valuable addition to the Students.
"Moron. The purpose of Linux is not to be inexpensive. If that happens, fine, it's a nice side effect. The purpose of Linux is to allow you to separate your business plan from the business plan of your software provider."
No, you have his quote out of context. He is trying to say that businesses use Linux instead of something else because it is free, and if it costs more to fix it than you would have paid for a closed source OS then you're shooting yourself in the foot.
He also may not be talking about Windows or MS. I know where I work Linux is used solely as a server OS, and if we didn't go with Linux for those few servers it probably would have been AIX, or BSDI or pehaps even Solaris. That would have required us buying proprietary hardware though (in the case of Solaris and AIX), which drives the cost up significantly.
Forbes is a publication by Business guys, for Business guys. You should try and remember that while you are picking apart their articles. forge
The 7,200 rpm Deskstar 75GXP for desktop computers holds a whopping 75-gigabytes (GB) of data, more than 10 times the capacity of drives found in the average home PC. Looks to me like they are pushing this as a DeskTop hard drive. Especially with a name like Deskstar forge
Disclaimer: I too am almost done my MCSE.
I take a bit of offense when people lump all MCSE's together into one moronic group. Not everyone who has their MCSE is an inexperienced and useless worker. Sure there is a pile of people who got their MCSE for no other reason than to get more money, or to switch trades, but that doesn't mean that all MCSE's don't know their shit. I won't bother to try and convince you I know what I'm talking about...
When the MCSE program first came out it was a hell of a lot harder to get your certification and having it showed that you really knew your shit. Lately though it is rediculously easy to get that cert. So easy in fact that we have someone working on our helpdesk with his MCSE and he thinks if he minimizes a window that his information will disappear.
What MS is trying to do with the new Win2k cert's is make it difficult again. They have listened to the large base of experienced and knowledgable IT workers out there who have expressed their opinion of the MCSE program.
They are giving current MCSE's a one shot deal to upgrade their certs to Win2k, if you fail then you have to do the whole set of exams. They are also giving the current MCP/MCSE's 2 full years to upgrade to Win2k. That's a pretty decent amount of time to take the 2 upgrade exams or 5 core exams needed to gain the new Win2k MCSE.
The only people I have seen complaining are folks like Coriolis who have a financial interest in selling NT4 books, and MCP/MCSE's who don't know their stuff. Everyone I know who knows their stuff is happy to see these new changes.
"It's hard enough to find and keep talented IT people, and Red Hat is asking us not only to spend $5,000 a person, which eats heavily into our cost, but we also have to lose a $60,000 employee for two weeks, who after being certified, can move almost anywhere he wants, maybe even over to Red Hat. There aren't that many Linux-certified people out there."
This is the way my company feels about training. They would rather let me sit for 6 months toiling with a new concept, figure it out and start to use it than to send me on a 1 week course which would give me enough information to figure it out in a matter of weeks.
Their excuse is that if I get training I will leave, but what ends up happening is people get fed up with never being sent to learn new things but still expected to get the information so they leave and go somewhere that is interested in training people.
Now 6 months is a little extreme but I know some of our programmers toil for at least 6 months with some of this SAP crap before they become even remotely useful. Send them on a course or two over that 6 months and yo'd be getting a lot more work out of them.
I have no sympathy for someone who runs their company with that mentality. forgey
No, that is cybersquatting as well. If your only intent when registering a domain name is to try and sell it then it is cybersquatting. Bar none, no matter who it is.
I despise those "This domain name is for sale" Websites!
What this guy is talking about is a legitimate domain name. The company bought, was using it, but recently had some changes and presumably changed their name. Now they are done with it, but why just give it up when someone might buy it from you right?
Well I have a problem with that too. It doesn't fall under my definition of cybersquatting, but I think it's unethical.
Sure you can spout all you want about companies are just out to make money etc. etc. etc. but I don't agree with this. An ethical company that does The Right Thing(tm) will end up making money in spite of themselves. I have seen it happen almost every time. There is no excuse for unethical business behavior.
Give the domain up. Give it back to Network Solutions and let them sell it back to someone.
If someone has approached you and offered you money for it, then I would say that is probably acceptable. But trying to find someone to buy the domain is just wrong. Give it back.
forge
Please tell me you're joking? I thought that /. at least wouldn't be filled with people professing Security through Obscurity!
That isn't going to get you anywhere, finding out what your Firewall/OS runs ins't very difficult. Wonderful tools like nmap make figuring out your network that much easier.
But, what firewall or what OS you run is really a non-issue here, this is about a DoS, and no matter what hardware/software you are running, we're all subject to a DoS. Sure if you hurry you can block the offenders at a router, but unless you render your network pretty useless (from blocking too many protcols/ports) you're still going to be hit.
forge
This is not a Smurf attack, it is a distributed DoS attack and there are some large differences.
A Smurf attack is very simplistic, and easy to prevent your network from being used in a Smurf attack. The trinoo and TFN Distributed DoS attacks are not exploiting a misconfigured server, they are installing an Agent on a hacked machine (or hundreds of hacked machines) and controlling them via a handler tool.
The architecture looks like this:
p        /---A gentg entg entp        \---A gent
         &nbs
       ---Handler---A
Client---Handler---Agent
Client---Handler---Agent
       ---Handler---A
         &nbs
So the Client controls the Handlers which in turn each have a myriad of hacked servers with Agents installed that it connects to. Depending on which version of the attack is being used (trinoo vs TFN or another of the 4 or 5 versions that have popped up over the past few months) different communication methods will be used.
The TFN uses some encyption (Blowfish) for it's communication between Client and Handler, which goes across 16660/TCP by default. It uses ICMP for it's communication unlike its predecessor trinoo which used UDP.
Communication from Handler to Agent is done across 65000/TCP, ICMP ECHO_REPLY. If your system is hacked and being used in a Distributed DoS attack then I recommend blocking ECHO and ECHO_REPLY.
From what I understand most systems being used in this attack are Solaris 2.x machines, with some Linux being scattered in there for fun. The Makefile has rules in it for Linux and Solaris, the default being Linux. http://staff.washington.edu/ dittrich/misc/tfn.analysis
forge
Here's the thing. What exactly did FreeBSD fail at? Any OS is going to have trouble with a DoS that big. The DoS had nothing to do with FreeBSD, in fact almost all the hosts that are hacked to have this Trinoo/TFN client installed on are Solaris, with the second largest number being Linux.
:)
What does that say about Sun now?
They put the DoS in dot com?
Of course things are going to change. I haven't seen a merger (or acquisition) that didn't change the way things worked for _both_ parties.
/., Freshmeat, linux.com, Sourceforge et al. better. I have a lot of faith in Larry and VA, they have shown us all constantly that they are committed to Linux and the OpenSource community. They show us time and time again where their priorities are, and those priorities aren't always just money.
:) for at least 2 months. It takes a while to let the business stuff settle down before anyone can really look at making major changes.
:)
The challenege is in making things better. Change doesn't have to be a bad thing, there are lots of things that we can do to make
Having been through a merger recently I know how tough it can be, especially with competing divisions. The focus should be on making each better, on integrating what you can, and improving whatever you keep as solely your groups realm. Trim the fat, get rid of some of the redundancy and make everything you can as good as you can.
I think we will see some interesting changes at Andover and VA, but I bet you won't see many of them (besides the new servers
I wish VA, Andover and Slashdot the best and hope that things do change
forge
You forget, Ving Rhames has played a geek before.
Well, he tried to play a hacker in Mission Impossible at least
forge
I have to say that I agree it probably isn't a big deal, but I would seek the advice of a lawyer and at the very least get him to draft a response letter stating that he is your lawyer and you are not going to give up the domain name as you are not infringing on their trademarks (insert law references here) etc. etc.
Ignoring their official letter is probably a bad idea. Spend the Hundred bucks and get a lawyer to send them a letter.
forgey
Don't you think that RedHat buying Cygnus makes more sense when you consider that quote? If Cygnus was interested in open sourcing their products what better way to facilitate that than to merge with a company like RedHat who has successfully been doing Open Source developement and actually making money at it?
Makes sense to me at least.
forgey
I find it very interesting that JP cites Attrition.org as the site that reported he was being Investigated by the FBI, but he failed to mention that the Ottawa Citizen also reported that. In fact they removed it from their website rather than risk legal action.
It seems (according to Adam Penenberg) that Harvard reacted much the same way. Although JP may not have explicitly said he would sue two secperate organizations got the feeling that he was intending to sue if they didn't remove the content. I can say that I am impressed that a newspaper actually removed a story because one of the parties involved complained.
JP, as always, likes to ignore other information that makes his stance less believable.
forgey