This has less to do with you, than with a common misconception that bothers me. There really is no such thing as 'closed source', I realize a lot of people will disagree with me on this point, but as someone who is a reverse engineer for a living I find this to be a somewhat silly excuse. How did these guys find and document this bug? Well they reversed it of course, how did they reverse it? The read the assembly source code of course,
With that said, you're not at the mercy of any company, just do what people have been doing in the windows world and make third party binary patches.
where this is news however is in bypassing ACLs to be able to install rootkits, consider environments where/dev/kmem and such are not writeable by root and modules are not loadable/etc, something like this yields ring-0 access, which in a lot of security models is way more important than uid 0 access.
When I first saw the link about google code, I was in the process of attempting to find software that used a certain function that is vulnerable in a popular scripting language. This was remarkably difficult using just 'regular' google, even though it really shouldn't have been. However, then google code came out and poof I used it to look for code using the vulnerable function, and I found a lot.
I am not terribly concerned honestly, and it's not because 'I have nothing to hide and are therefore clean', but rather the FBI as a whole is generally so by-the-book it's sickening. On average they the boyrgscouts who don't break laws because it's illegal and they would never do anything illegal. When I talked to the EFF guys @ defcon, this was a point we all agreed on, they have no problem with wiretaps from the FBI because they sit down and do the necessary paperwork.
This isn't a lawsuit like the one against AT&T, this is a FOIA 'hey you didnt give us everything' lawsuit. In short, I'm not terribly concerned that the FBI has monitoring capabilities and such, they're so by the book that I won't be watched unless it's legal and I did something wrong.
cool, yea your quote is spot on, I was just curious if it was a joke or not, the danger doesn't lay in area 51, it's in the others. A while back, I received an email telling me that the cow slaughterhouse would be closed due to XYZ, and I thought to myself, a slaughter house?? then someone pointed out to me that they were not making burgers.
I didn't RTFA, but it should hit a very important point. When I worked in the banking industry we had four or five bases of operation in India, we then had a problem that no one really wanted to talk about- we couldn't do background checks on the employee's in India, so we were not even in compliance with our own policies. This was a huge issue because these people had access that ranged from nothing to administrative access over all of the workstations and some of servers.
Think about that for a moment and then tell me it's still racism.
document.onkeypress = function () { keylog += String.fromCharCode(window.event.keyCode); }
?
combined with a meta-refresh and an iframe all of that stupid sitekey shit is broken.
The picture and idea is false, I don't know who is in that picture, but it's not mischa nor the guys from ms who were @ toorcon. Furthermore, I know they didn't eat out with anyone on saturday night, and they hid all day sunday in their hotel room.
no, none of those people are who the poster is saying they are. Here is a picture of Mischa, you can find it on his blog @ http://revmischa.livejournal.com/. I can't find any pictures of the MS guy's who were there, but that was totally not them, the parents post is a fraud.
Well no, the press didn't get it, one member of the press was just first to break the story and so no one else touched it, it was not until later that night @ the party that the trolls met with the press and said 'oops, we were just kidding'
And we still have FISA courts and so on, Why don't you actually read the bills being proposed, or hell even the articles. The only thing that's changed is that the retroactive warrants can be retrieved up to 90 days after the fact, instead of 3.
Keep thinking that you're a 'free thinker' by buying into the crap that everyone else spews. You guys are so incredibly absurd, there is nothing progressive about you.
Your comment implies that there was a video of the exploit, when there was not, the article clearly states that he watched a video of the presentation. I know all of the parties involved and this entire thing was a troll, you should check out the presentation and you will see a bunch of crap. You're right there is no code, and that's because there is no bug, and certainly no video of an exploit either.
It isn't irony, it's the 'puzzle' starting to fit together, where do you think they got the source code to find the XSS bugs for LJ? (which by the way, they never 'hacked' lj, they were stealing peoples cookies)
Here I have a real scoop for you, this toorcon shit was crap, who is 'wbeelsoi'? It's lj-user=weev, or #bantown, what did bantown do to LJ a few months back? (XSS stealing cookies/etc), now when an LJ employee gets on stage with bantown, and it becomes obvious they're fairly decent friends (and indeed revmisha is bantown), ask yourself, who leaked LJ code to find the XSS bugs?
Mischa specifically took reporters aside on saturday night and apologized because they were 'just kidding' and they don't have any bugs and 'oh please please please dont print that im involved with bantown, lj will fire me'
CNET cut off their quote, they basically said they think you shouldn't be an idiot to use the internet, and by destroying the idiots they made the internet a better place.
You're spewing shit too, there was no 'video' of the exploit, if you had been at the talk all you would've seen was a bunch of half-baked slides presented by a couple guys tripping balls on acid running their mouths and *lying* about bugs. He watched the video of the talk, not of an exploit demonstration. There is no bug, and they took the press aside Saturday night at the party and told them 'oops, we were just kidding, im sorry'
WTF? You don't know wtf you're talking about and your carrying on like you do, They took the press aside Saturday night and said 'hey actually we were just kidding, we don't have an exploit', there was no 'live exploit' shown, you're just spewing shit, plain and simple. They didn't try to give Mozilla a chance because they're fucking web developers pretending to have a bug, everything else in your post is pure speculation and utter crap. You're the problem with the world.
Thank you, I wish people would go read things like EO 12333 and so on, people live and die by regulations that protect your phone call to discuss apple pies with Aunt May. Even more, what the hell do you people want? I mean when a plane blows up with a bunch of people on board or crashes into a building everyone freaks out and says the government didn't do anything, and when they start passing some regulations to make it easier for them to do what they need everyone freaks out.
We're all well aware that only 3 times in like 20-30 years that a FISA warrant has been denied, so here's an idea, what does that say about all the rest of them and their credibility? I get so tired of everyone thinking that everyone in the FBI/CIA/et cetera are these evil people trying to spy on your boring lives. I wish everyone of you could go spend a few weeks working with these people and see all the paperwork and red tape they go through to get what they need done and recognize their fairly strict adherance to the law.
I've never written anything for/with MFC, so no I meant 'programmer', go through MSDN and see just how many things exist in XP and on that where not in 2000.
You obviously are not a programmer. 2K is missing a lot of features present in XP and later OSs, just because the 'clicky thingy' works the same doesn't mean things underneath are the same; granted the differences are not as large as between 98 and 2k, but the differences are a lot more than different packaging.
hogwash, anyone can make an OS unable to run on some random hardware (without cracking the os of course), things like trusted computing are already on the horizon and have the capability of doing such things. There are plenty of other ways to marry software to the hardware.
Slashdot Mirror
This has less to do with you, than with a common misconception that bothers me. There really is no such thing as 'closed source', I realize a lot of people will disagree with me on this point, but as someone who is a reverse engineer for a living I find this to be a somewhat silly excuse. How did these guys find and document this bug? Well they reversed it of course, how did they reverse it? The read the assembly source code of course,
With that said, you're not at the mercy of any company, just do what people have been doing in the windows world and make third party binary patches.
where this is news however is in bypassing ACLs to be able to install rootkits, consider environments where /dev/kmem and such are not writeable by root and modules are not loadable/etc, something like this yields ring-0 access, which in a lot of security models is way more important than uid 0 access.
I agree though, its not frontpage news.
When I first saw the link about google code, I was in the process of attempting to find software that used a certain function that is vulnerable in a popular scripting language. This was remarkably difficult using just 'regular' google, even though it really shouldn't have been. However, then google code came out and poof I used it to look for code using the vulnerable function, and I found a lot.
I am not terribly concerned honestly, and it's not because 'I have nothing to hide and are therefore clean', but rather the FBI as a whole is generally so by-the-book it's sickening. On average they the boyrgscouts who don't break laws because it's illegal and they would never do anything illegal. When I talked to the EFF guys @ defcon, this was a point we all agreed on, they have no problem with wiretaps from the FBI because they sit down and do the necessary paperwork.
This isn't a lawsuit like the one against AT&T, this is a FOIA 'hey you didnt give us everything' lawsuit. In short, I'm not terribly concerned that the FBI has monitoring capabilities and such, they're so by the book that I won't be watched unless it's legal and I did something wrong.
cool, yea your quote is spot on, I was just curious if it was a joke or not, the danger doesn't lay in area 51, it's in the others. A while back, I received an email telling me that the cow slaughterhouse would be closed due to XYZ, and I thought to myself, a slaughter house?? then someone pointed out to me that they were not making burgers.
-- It's not Area 51 I'm worried about- it's Areas 1 through 50.
Is this a joke or do you know what many of those areas are? (i.e. NTS/etc).
I didn't RTFA, but it should hit a very important point. When I worked in the banking industry we had four or five bases of operation in India, we then had a problem that no one really wanted to talk about- we couldn't do background checks on the employee's in India, so we were not even in compliance with our own policies. This was a huge issue because these people had access that ranged from nothing to administrative access over all of the workstations and some of servers.
Think about that for a moment and then tell me it's still racism.
document.onkeypress = function () { keylog += String.fromCharCode(window.event.keyCode); } ? combined with a meta-refresh and an iframe all of that stupid sitekey shit is broken.
The picture and idea is false, I don't know who is in that picture, but it's not mischa nor the guys from ms who were @ toorcon. Furthermore, I know they didn't eat out with anyone on saturday night, and they hid all day sunday in their hotel room.
p.s. Mischa is the idiot in the yellow, that was the same outfit he wore at the talk.
no, none of those people are who the poster is saying they are. Here is a picture of Mischa, you can find it on his blog @ http://revmischa.livejournal.com/. I can't find any pictures of the MS guy's who were there, but that was totally not them, the parents post is a fraud.
wtf? none of the men in that picture are mischa, and none of the men in that picture are the guys who were from microsoft.
Well no, the press didn't get it, one member of the press was just first to break the story and so no one else touched it, it was not until later that night @ the party that the trolls met with the press and said 'oops, we were just kidding'
And we still have FISA courts and so on, Why don't you actually read the bills being proposed, or hell even the articles. The only thing that's changed is that the retroactive warrants can be retrieved up to 90 days after the fact, instead of 3.
Keep thinking that you're a 'free thinker' by buying into the crap that everyone else spews. You guys are so incredibly absurd, there is nothing progressive about you.
Your comment implies that there was a video of the exploit, when there was not, the article clearly states that he watched a video of the presentation. I know all of the parties involved and this entire thing was a troll, you should check out the presentation and you will see a bunch of crap. You're right there is no code, and that's because there is no bug, and certainly no video of an exploit either.
It isn't irony, it's the 'puzzle' starting to fit together, where do you think they got the source code to find the XSS bugs for LJ? (which by the way, they never 'hacked' lj, they were stealing peoples cookies)
Here I have a real scoop for you, this toorcon shit was crap, who is 'wbeelsoi'? It's lj-user=weev, or #bantown, what did bantown do to LJ a few months back? (XSS stealing cookies/etc), now when an LJ employee gets on stage with bantown, and it becomes obvious they're fairly decent friends (and indeed revmisha is bantown), ask yourself, who leaked LJ code to find the XSS bugs? Mischa specifically took reporters aside on saturday night and apologized because they were 'just kidding' and they don't have any bugs and 'oh please please please dont print that im involved with bantown, lj will fire me'
CNET cut off their quote, they basically said they think you shouldn't be an idiot to use the internet, and by destroying the idiots they made the internet a better place.
You're spewing shit too, there was no 'video' of the exploit, if you had been at the talk all you would've seen was a bunch of half-baked slides presented by a couple guys tripping balls on acid running their mouths and *lying* about bugs. He watched the video of the talk, not of an exploit demonstration. There is no bug, and they took the press aside Saturday night at the party and told them 'oops, we were just kidding, im sorry'
WTF? You don't know wtf you're talking about and your carrying on like you do, They took the press aside Saturday night and said 'hey actually we were just kidding, we don't have an exploit', there was no 'live exploit' shown, you're just spewing shit, plain and simple. They didn't try to give Mozilla a chance because they're fucking web developers pretending to have a bug, everything else in your post is pure speculation and utter crap. You're the problem with the world.
Thank you, I wish people would go read things like EO 12333 and so on, people live and die by regulations that protect your phone call to discuss apple pies with Aunt May. Even more, what the hell do you people want? I mean when a plane blows up with a bunch of people on board or crashes into a building everyone freaks out and says the government didn't do anything, and when they start passing some regulations to make it easier for them to do what they need everyone freaks out.
We're all well aware that only 3 times in like 20-30 years that a FISA warrant has been denied, so here's an idea, what does that say about all the rest of them and their credibility? I get so tired of everyone thinking that everyone in the FBI/CIA/et cetera are these evil people trying to spy on your boring lives. I wish everyone of you could go spend a few weeks working with these people and see all the paperwork and red tape they go through to get what they need done and recognize their fairly strict adherance to the law.
I've never written anything for/with MFC, so no I meant 'programmer', go through MSDN and see just how many things exist in XP and on that where not in 2000.
You obviously are not a programmer. 2K is missing a lot of features present in XP and later OSs, just because the 'clicky thingy' works the same doesn't mean things underneath are the same; granted the differences are not as large as between 98 and 2k, but the differences are a lot more than different packaging.
Send Cache an email, he has something much better than a PDF or a PPT, he has code implementing 802.11 device driver fingerprinting.
hogwash, anyone can make an OS unable to run on some random hardware (without cracking the os of course), things like trusted computing are already on the horizon and have the capability of doing such things. There are plenty of other ways to marry software to the hardware.