Yes, we did have something like this happen where I work. Our IT group ended up blocking all social networking sites. Our marketing department raised a fit because they use Facebook for business purposes.
The company I work for hired this firm to test our application late last year. I have been very impressed by their results. They perform both automated and manual testing. I receive an email after each test listing the number of vulnerabilities found and their severity. No details are sent through email. I can then log into their portal and read the details. Once an item has been fixed, you can use their portal to schedule that particular item for retest. The interface seems pretty slick and the people I've worked with on their team have been very easy to work with. I don't know how much they charge, unfortunately. I do plan to look into that once my own web application is far enough along.
I am horribly shamed to admit this, but I worked for them for about 8 months. HEY! I was a poor, starving college student, get off me! Anyway, yes, they are required to ask that information. Reasing being that they want to send you their ad in the mail every couple of weeks. Durring one of the corporate management changes several years ago, they did an experiment. They stopped asking for this info for a month. Three months later (their ad cycle is 3 months iirc), their sales had dropped quite a bit.
So, now they really put the pressure on employees to get this information. I think something like 80% names and addresses was considered standard. If you drop below 60% or so, you'll definately hear about it from the manager. Mine threatened to fire me when my N/A dropped to 30%.
So, help the poor employee out while keeping your information out of their system... give the store's address (I saw a manager do this once without even asking me for my info).
That's not correct, WHOIS Privacy Protection does exactly that, where some proxy information is put into whois instead of the registrant information. The proxy is obviously obliged to forward important messages to the owner of the domain. This is even free with some registrars.
Can you point me to one of these registrars that have this service for free? My domain is coming up for renewal RSN and I have had a BIG problem with an angry person in Turkey (Hi Ilgaz) because my registrar insists that my real contact information is required. Long distance calls, death threats, waking me up at 3:00 in the morning... all over a gline on a small IRC network (that was placed because he was making death threats on people no less). Anyway, I should stop ranting about that. Anyway, if you could point me to one of these registrars, it would be greatly appreciated. Thanks
Interesting. When I signed up for service with PacBell (now SBC) I told them I wanted no long distance service. I am STILL charged an Interstate network access charge plus some other FCC mandated crap. Add that to the standard phone charges and enhanced DSL service and my bill ends up being over $100/mo. What a rip off.
Hell, I mutter "All your base..." in my compSci class and I am hard-pressed to find someone that can complete the phrase!
lol, this reminds me of my computer security class. The teacher (who had a Ph.D in Computer Science, was the head of the department, and a lawyer to boot) said "All your base are belong to us". My roommate and I busted up laughing. Everyone in the class was looking at us like we were crazy. I found it rather disappointing that these were all CompSci students that should be up to date on the industry. Only justfies my numerous rants about CompSci students only being there to make money and making the market difficult for myself who actually enjoys working with computers.
He thinks the killer app for this one is for keeping your porn storage hidden, if you're busted by the cops. I think his concept is weak, given the wireless signal is traceable (security through obscurity?), WEP is breakable, and the fact that you have to have the thing plugged in somewhere
I think the perfect solution to that would be to hide the device (say, in the crawl space under the house if you have it, far away from the entry to the crawl space to make it even more difficult to find), connect it to power through an X10 module and just hit the off switch when the police come knocking on the door. no wireless signel. no wires going near it, save the AC line that was already there that you tapped into. no reason to tear up the floor to find it.
You mention administrative health data. If you're talking about medical records and are in the United States (it sounds like you are from Canada), then this is clearly against the Health Insurance Portability and Accountability Act of 1996. I certinly hope that other countries have similar regulations. All institutions not granted an extention are required to meet HIPAA standards for data security very soon now. For more details on what you should do, check out http://www.hipaa.org/. If you're not in the United States, PLEASE check your local laws. Medical records should NOT be accessable except to those that require access to them and have permission to do so.
Sometimes the teachers would give me shit, "Toqer, why don't you just walk away?" Yeah thats it, just walk away, while they shout out insults to your back. Not fighting just shows them you're scared of them, which makes the bullying worse.
This kind of shit really pisses me off. The school I went to my first 3 years of school was a bad place to be. It wasn't east Oakland or south central LA, but it was full of people who wanted to be there it seemed. Every recess, there would be massive circles of kids around a fight. I stayed away from those. Of course, there were the bullies that roamed the school yard. Teachers would just tell me to walk away. Well no shit, don't you think I tried that first? I may have been in second grade, but I wasn't completely brain dead. Walking away, running away, it didn't matter. They were faster than I was and could catch me. It was getting to be a real problem, so my mom had a talk with the principal. She said that she couldn't do anything about it. Then my mom suggested that maybe she should teach me how to defend myself. The principal said that if she did that, she'd kick me out of school. Damned if you do, damned if you don't. So, I was put in private school until I graduated High School.
I definately agree with this post and the replies to it. People refusing to help and placing the blame on the victom really piss me off. My question is, why would they kick me out of school for defending myself, but not kick the bully out of school for attacking me? Damn public schools.
There are laws on the books in which the owner of an object is held accountable for crimes committed using those objects. The one I specifically in mind is the one in which the the owner of a firearm is responsable if others gain access to it. Suppose for a moment I have two kids in my house. One of them picks up a gun, points it at his friend in play, assumes it is unloaded, and pulls the trigger. There has been more than one case in California in which the owner of the gun was put in jail. There is precident for criminal negligance laws.
Unless they changed the headline between the time you posted and the time I read it, they did take care in posting. The headline as I read it is "Bind 4 and 8 Vulnerabilities"
Life can be tough even on a largish pipe. I have a pretty decent DSL connection (well, downlink is good, but uplink is limited to 15k/sec) and have been DDoSed right off the net. Grabbed 15 Korean IPs in a 1.5 second packet capture. All because I banned someone. When he let up, he told me not to ban him again or he'd do it again. As you can see from this little example, banning is not really a good solution either. If someone is determined enough, they will get you. At this point, the only thing you can do is e-mail the administrator of their ISP. In this case, I e-mailed the ISP and the university this guy was coming from as well as the admin of the Korean ISP where the attack appeared to have originated from. I only got a response back from the university admin. Actually, I'm surprised I even got that response. To date, that's the only abuse report I have sent that was replied to. Your conclusion is quite correct. Smarter admins are needed, not only on the IRC end, but ALSO on the ISP end. They need to understand that they are allowing problems to happen when they don't implement source routing at the router among other things. I think they just don't really care what their users are doing. Just as long as they get paid.
I haven't seen anyone mention the performance and usability impact of floods. Keep in mind that there are a finite amount of resources on an IRC server, just like any other system. If someone decided to crapflood in a channel, the server has to send that to any users in that channel, one by one. EFNet and other large networks have pretty big demands on bandwidth and processor usage. The more these resources are allocated to a crapflood, the less resources are available for legitimate traffic. Some may call this a Denial of Service attack. Personally, if I see something like this, I stop it immediately. Unfortunately, the only way a user is identified is by their nickname, and their user@host. If a flood is coming from many different hosts with some portion in common, the most efficient solution is to ban everything matching that protion. It takes less time and puts less stress on the server as it doesn't have to match 20 different hosts, only the one. This is simply a matter of server performance.
This follows as well with usability. If you have 20 clients, each spewing lines of bogus data every second, no one else can see what's going on in the channel. I'll go out on a limb and say that there is no maybe about it. This IS a DoS attack by definition. For those of you who think that making a channel +m will solve the problem, think again. I have seen join/part floods and/nick floods as well. The only solution for the channel operator is the ban. Flood bots from multiple hosts and dynamic IPs make this impossible to do in a fair manner. Wide bans are sometimes needed to maintain usability of the system.
Let me try to give a real world example. Let's look at a large scale riot. There will be people actually doing illegal acts (damaging property, endagering public saftey, etc.) and innocent bystanders. The police will do their best to stop the rioters while leaving the bystanders alone. However, the number if rioters outnumber the number of police officers. So, the police shoot tear gas into the croud to pacify them. Do any bystanders get hit with the gas? Of course. There is just no way around this. This is how the world works.
Here is the bottom line. IRC is a priviladge, not a right. You do not own the equipment. The administrators are kind enough to allow you to use their equipment, free of charge. They donate their time to making sure everything runs smoothly. As is true in society, to have things running smoothly, some rules need to be made, and rules are useless without consequences. Break the rules, face the consequences. Yes, sometimes innocents get hit with these consequences. No one said life, in the real world or otherwise, was fair. Anyone who can solve these problems to everyone's satisfaction will have created a utopian society. That just isn't possible, given human nature (IMHO anyway). </rant>
You're forgetting those lame phuqs that like to register 10,000 domains and give them to people for about 200 times what they paid for them. That's why I have my.info domain..com,.net, and.org were all taken. I wasn't about to pay $600 for my personal domain when I could get a.info for $30 for two years:P
Perhaps I'm just crazy, but did anyone see the house bill number listed there? The PDF file just had a blank where that should go and I didn't see it listed anywhere. I would really like to write my representitive about this and would like to reference the bill number. Anyone know?
ugh, I remember those days. My parents still get those calls all the time. Friday nights are hell. We always say we're going to have fun with these people in the manner you describe, but never actually do it. We just poitely say that they have the wrong number, and even tell them the correct number if neccisary. You'd think that most people would feel stupid for having misdialed. It's not that difficult of a mistake to make, as our number was 2366 and theirs was 3266. Most people will apologise and redial. One time, my mom answered the phone and told this guy that he had the wrong number and hung up. The guy called back and shouted "fuck you" at her. Unfortunately that was before we got caller ID.
and just try to open a Maildir with 1000+ mails and see how long it takes your favorite Mailprogram to only display the subjects.
Until about 3 days ago, I had 1700+ messages in my Maildir, and pine (patched to support Maildir) opened my inbox in about two seconds. Compare this with my sent-mail folder, which had about the same number of messages in it. This folder is stored in mbox format and it took 5+ seconds to open AND CLOSE this folder. I believe that Maildir is the fastest option, short of keeping a seperate database.
I also used to work at Radio Shaft, and most customers buying a cordless phone would ask me about the battery and how to keep it charged. I finally got to the point where I would just tell them before they asked. My speach went something like this: When you get the phone home, charge it for a good 24 hours. When you wake up in the morning, take it off the cradle and put it back before you go to sleep. Replace the battery after a year. (insert shameless plug for the service contract that would replace the batteries for free for 3 years) But you know what? I never followed my own advice. I leave the phone on the charger all day and all night. In the rare instance that I have a long phone conversation, the battery never dies or even complains. The battery in my current phone (admittedly, quite an old phone) is about a year old and I have had several long conversations in the past week without any problems at all. I am really curious to know what people are doing to these things that cause them to ask this question in the first place.
but I always thought linux distros fall into 2 categories;
I get asked the question "which distro should I use?" a lot. I always give the same answer: It depends on how well you know linux. I feel there are actually 3 catagories for linux distros. The first is the same as yours, the newbie distros such as RedHat and Mandrake. The next level would be those for the seasoned user: Slackware and Debian. Finally, there are those for the hardcore linux hacker: Linux From Scratch and Gentoo. Of course, if you have to ask the question, odds are you fall into the first catagory:-)
Personally, my progression was RedHat, Slackware, LFS, and a couple of weeks ago, Gentoo. For those of you hardcore enough to run LFS and are tired of looking for updates yourself (as I was) Gentoo is definately the distro for you.
hehe, I've actually seen a mail robot at PacBell in San Ramon, CA. no, not the SMTP kind, the snail mail kind. It's been in use there for a long time. Of course, it runs along a track, so it can't really find a way around obstructions. Seems to work pretty well though
Slashdot Mirror
Absolute power, is even more fun!</bofh>
Yes, we did have something like this happen where I work. Our IT group ended up blocking all social networking sites. Our marketing department raised a fit because they use Facebook for business purposes.
The company I work for hired this firm to test our application late last year. I have been very impressed by their results. They perform both automated and manual testing. I receive an email after each test listing the number of vulnerabilities found and their severity. No details are sent through email. I can then log into their portal and read the details. Once an item has been fixed, you can use their portal to schedule that particular item for retest. The interface seems pretty slick and the people I've worked with on their team have been very easy to work with. I don't know how much they charge, unfortunately. I do plan to look into that once my own web application is far enough along.
What about this?
I am horribly shamed to admit this, but I worked for them for about 8 months. HEY! I was a poor, starving college student, get off me! Anyway, yes, they are required to ask that information. Reasing being that they want to send you their ad in the mail every couple of weeks. Durring one of the corporate management changes several years ago, they did an experiment. They stopped asking for this info for a month. Three months later (their ad cycle is 3 months iirc), their sales had dropped quite a bit.
So, now they really put the pressure on employees to get this information. I think something like 80% names and addresses was considered standard. If you drop below 60% or so, you'll definately hear about it from the manager. Mine threatened to fire me when my N/A dropped to 30%.
So, help the poor employee out while keeping your information out of their system... give the store's address (I saw a manager do this once without even asking me for my info).
Can you point me to one of these registrars that have this service for free? My domain is coming up for renewal RSN and I have had a BIG problem with an angry person in Turkey (Hi Ilgaz) because my registrar insists that my real contact information is required. Long distance calls, death threats, waking me up at 3:00 in the morning... all over a gline on a small IRC network (that was placed because he was making death threats on people no less). Anyway, I should stop ranting about that. Anyway, if you could point me to one of these registrars, it would be greatly appreciated. Thanks
Interesting. When I signed up for service with PacBell (now SBC) I told them I wanted no long distance service. I am STILL charged an Interstate network access charge plus some other FCC mandated crap. Add that to the standard phone charges and enhanced DSL service and my bill ends up being over $100/mo. What a rip off.
lol, this reminds me of my computer security class. The teacher (who had a Ph.D in Computer Science, was the head of the department, and a lawyer to boot) said "All your base are belong to us". My roommate and I busted up laughing. Everyone in the class was looking at us like we were crazy. I found it rather disappointing that these were all CompSci students that should be up to date on the industry. Only justfies my numerous rants about CompSci students only being there to make money and making the market difficult for myself who actually enjoys working with computers.
I think the perfect solution to that would be to hide the device (say, in the crawl space under the house if you have it, far away from the entry to the crawl space to make it even more difficult to find), connect it to power through an X10 module and just hit the off switch when the police come knocking on the door. no wireless signel. no wires going near it, save the AC line that was already there that you tapped into. no reason to tear up the floor to find it.
Just my two centsYou mention administrative health data. If you're talking about medical records and are in the United States (it sounds like you are from Canada), then this is clearly against the Health Insurance Portability and Accountability Act of 1996. I certinly hope that other countries have similar regulations. All institutions not granted an extention are required to meet HIPAA standards for data security very soon now. For more details on what you should do, check out http://www.hipaa.org/. If you're not in the United States, PLEASE check your local laws. Medical records should NOT be accessable except to those that require access to them and have permission to do so.
This kind of shit really pisses me off. The school I went to my first 3 years of school was a bad place to be. It wasn't east Oakland or south central LA, but it was full of people who wanted to be there it seemed. Every recess, there would be massive circles of kids around a fight. I stayed away from those. Of course, there were the bullies that roamed the school yard. Teachers would just tell me to walk away. Well no shit, don't you think I tried that first? I may have been in second grade, but I wasn't completely brain dead. Walking away, running away, it didn't matter. They were faster than I was and could catch me. It was getting to be a real problem, so my mom had a talk with the principal. She said that she couldn't do anything about it. Then my mom suggested that maybe she should teach me how to defend myself. The principal said that if she did that, she'd kick me out of school. Damned if you do, damned if you don't. So, I was put in private school until I graduated High School.
I definately agree with this post and the replies to it. People refusing to help and placing the blame on the victom really piss me off. My question is, why would they kick me out of school for defending myself, but not kick the bully out of school for attacking me? Damn public schools.
There are laws on the books in which the owner of an object is held accountable for crimes committed using those objects. The one I specifically in mind is the one in which the the owner of a firearm is responsable if others gain access to it. Suppose for a moment I have two kids in my house. One of them picks up a gun, points it at his friend in play, assumes it is unloaded, and pulls the trigger. There has been more than one case in California in which the owner of the gun was put in jail. There is precident for criminal negligance laws.
Unless they changed the headline between the time you posted and the time I read it, they did take care in posting. The headline as I read it is "Bind 4 and 8 Vulnerabilities"
Life can be tough even on a largish pipe. I have a pretty decent DSL connection (well, downlink is good, but uplink is limited to 15k/sec) and have been DDoSed right off the net. Grabbed 15 Korean IPs in a 1.5 second packet capture. All because I banned someone. When he let up, he told me not to ban him again or he'd do it again. As you can see from this little example, banning is not really a good solution either. If someone is determined enough, they will get you. At this point, the only thing you can do is e-mail the administrator of their ISP. In this case, I e-mailed the ISP and the university this guy was coming from as well as the admin of the Korean ISP where the attack appeared to have originated from. I only got a response back from the university admin. Actually, I'm surprised I even got that response. To date, that's the only abuse report I have sent that was replied to. Your conclusion is quite correct. Smarter admins are needed, not only on the IRC end, but ALSO on the ISP end. They need to understand that they are allowing problems to happen when they don't implement source routing at the router among other things. I think they just don't really care what their users are doing. Just as long as they get paid.
oh stop kissing ass. It's not going to get you an O: line
I haven't seen anyone mention the performance and usability impact of floods. Keep in mind that there are a finite amount of resources on an IRC server, just like any other system. If someone decided to crapflood in a channel, the server has to send that to any users in that channel, one by one. EFNet and other large networks have pretty big demands on bandwidth and processor usage. The more these resources are allocated to a crapflood, the less resources are available for legitimate traffic. Some may call this a Denial of Service attack. Personally, if I see something like this, I stop it immediately. Unfortunately, the only way a user is identified is by their nickname, and their user@host. If a flood is coming from many different hosts with some portion in common, the most efficient solution is to ban everything matching that protion. It takes less time and puts less stress on the server as it doesn't have to match 20 different hosts, only the one. This is simply a matter of server performance.
/nick floods as well. The only solution for the channel operator is the ban. Flood bots from multiple hosts and dynamic IPs make this impossible to do in a fair manner. Wide bans are sometimes needed to maintain usability of the system.
This follows as well with usability. If you have 20 clients, each spewing lines of bogus data every second, no one else can see what's going on in the channel. I'll go out on a limb and say that there is no maybe about it. This IS a DoS attack by definition. For those of you who think that making a channel +m will solve the problem, think again. I have seen join/part floods and
Let me try to give a real world example. Let's look at a large scale riot. There will be people actually doing illegal acts (damaging property, endagering public saftey, etc.) and innocent bystanders. The police will do their best to stop the rioters while leaving the bystanders alone. However, the number if rioters outnumber the number of police officers. So, the police shoot tear gas into the croud to pacify them. Do any bystanders get hit with the gas? Of course. There is just no way around this. This is how the world works.
Here is the bottom line. IRC is a priviladge, not a right. You do not own the equipment. The administrators are kind enough to allow you to use their equipment, free of charge. They donate their time to making sure everything runs smoothly. As is true in society, to have things running smoothly, some rules need to be made, and rules are useless without consequences. Break the rules, face the consequences. Yes, sometimes innocents get hit with these consequences. No one said life, in the real world or otherwise, was fair. Anyone who can solve these problems to everyone's satisfaction will have created a utopian society. That just isn't possible, given human nature (IMHO anyway).
</rant>
"Polarize the hull plating"
You're forgetting those lame phuqs that like to register 10,000 domains and give them to people for about 200 times what they paid for them. That's why I have my .info domain. .com, .net, and .org were all taken. I wasn't about to pay $600 for my personal domain when I could get a .info for $30 for two years :P
Perhaps I'm just crazy, but did anyone see the house bill number listed there? The PDF file just had a blank where that should go and I didn't see it listed anywhere. I would really like to write my representitive about this and would like to reference the bill number. Anyone know?
you think that's YOUR favorite line? My real name is Mike, and everyone calls me PC, even in real life.
Google cache for this story
ugh, I remember those days. My parents still get those calls all the time. Friday nights are hell. We always say we're going to have fun with these people in the manner you describe, but never actually do it. We just poitely say that they have the wrong number, and even tell them the correct number if neccisary. You'd think that most people would feel stupid for having misdialed. It's not that difficult of a mistake to make, as our number was 2366 and theirs was 3266. Most people will apologise and redial. One time, my mom answered the phone and told this guy that he had the wrong number and hung up. The guy called back and shouted "fuck you" at her. Unfortunately that was before we got caller ID.
Until about 3 days ago, I had 1700+ messages in my Maildir, and pine (patched to support Maildir) opened my inbox in about two seconds. Compare this with my sent-mail folder, which had about the same number of messages in it. This folder is stored in mbox format and it took 5+ seconds to open AND CLOSE this folder. I believe that Maildir is the fastest option, short of keeping a seperate database.
I also used to work at Radio Shaft, and most customers buying a cordless phone would ask me about the battery and how to keep it charged. I finally got to the point where I would just tell them before they asked. My speach went something like this: When you get the phone home, charge it for a good 24 hours. When you wake up in the morning, take it off the cradle and put it back before you go to sleep. Replace the battery after a year. (insert shameless plug for the service contract that would replace the batteries for free for 3 years) But you know what? I never followed my own advice. I leave the phone on the charger all day and all night. In the rare instance that I have a long phone conversation, the battery never dies or even complains. The battery in my current phone (admittedly, quite an old phone) is about a year old and I have had several long conversations in the past week without any problems at all. I am really curious to know what people are doing to these things that cause them to ask this question in the first place.
I get asked the question "which distro should I use?" a lot. I always give the same answer: It depends on how well you know linux. I feel there are actually 3 catagories for linux distros. The first is the same as yours, the newbie distros such as RedHat and Mandrake. The next level would be those for the seasoned user: Slackware and Debian. Finally, there are those for the hardcore linux hacker: Linux From Scratch and Gentoo. Of course, if you have to ask the question, odds are you fall into the first catagory :-)
Personally, my progression was RedHat, Slackware, LFS, and a couple of weeks ago, Gentoo. For those of you hardcore enough to run LFS and are tired of looking for updates yourself (as I was) Gentoo is definately the distro for you.
hehe, I've actually seen a mail robot at PacBell in San Ramon, CA. no, not the SMTP kind, the snail mail kind. It's been in use there for a long time. Of course, it runs along a track, so it can't really find a way around obstructions. Seems to work pretty well though