They'll say anything to get more control over the internet and your free expression.
Well there is also that. Major corporations definitely want a higher level of control over the content people consume on the internet. These corporations are the same ones who pay to have a candidate of their choice in office.
This is probably just PR crap like the last cold war....
Hardly. The sheer number of Chinese penetrations into our commercial and govt networks is astounding. The media is only reporting a few of the incidents, and the major breaches into the DOD are classified and never publicly disclosed.
All this crap about "user awareness" is a dead end. It takes too much attention...... And don't claim that's impossible unless you've read up on SE Linux and NSA's work on secure systems.
You just contradicted yourself. SELinux is a pain in the ass to setup properly and requires user awareness. Most users end up turning it off when they can't figure out why it's breaking something or flooding the syslog with warnings. It's great for a dedicated purpose, internet facing server but it's virtually unusable for a desktop.
It depends. If a "cyberwar" could do real damage to our infrastructure -- shutting down the power grid is the most commonly used example -- then it's definitely a real war, just as real as if enemy planes are dropping bombs on our power plants. The use of new technology which permits new tactics doesn't make it "not real war," else you could claim that there hasn't been a real war since the invention of the bow! But it's a pretty big "if," and the would be "cyberwarriors" are spending a lot of time pumping up the threat without a lot of real evidence.
Hitting the power grid is pretty low class and way obvious. Try thinking more subtle like Stuxnet destroying Iran's nuclear fuel processing capability. Or perhaps something to quietly influence the financial markets to bleed billions out of the US. Crashing the US flight controller computers would have a serious impact (just look at the impact immediately after 911 as an example). Or, as is currently the case, routinely penetrating their networks to collect valuable information or technology.
Very true from what I understand, even using back up images and network drives it can still take hours before you can get a desk back online.
The actual repair of swapping the MB or power supply took 15 minutes. You either have to deal with the downtime while waiting for Dell to send you parts, or you maintained a large than normal number of spare computers. A the height of the problem, I was losing one a day and was spending about 10% of my time just dealing with the failures Even buying a bunch of aftermarket power supplies, and a few spare GX270s, I still had lots of user down time.
The fixed models had a K shape cut into the caps the old ones looked like a +, they used up the old known bad parts then started shipping good ones. They ran out of known bad pretty early on.
I knew about the expansion cuts being different. They were shipping us bad parts for at least a year, while publicly denying it was a widespread problem.
If your a corporate customer and can afford the gold warranty support and buy in a large enough volume to pressure them when something goes wrong your golden no pun intended.
Speaking from experience you still take the hit in lost work hours and your efforts to deal with the problem.
I'm still seeing these burnt up Nvidia chips get replaced with the same identical board on warranty repairs, and still finding busted caps on certain (cough gx270 gx280 cough) models.
We had a very large number of GX270's. Within 4 years, 2/3rds of the power supplies and 1/2 of the motherboards died from bad caps. They didn't even flinch when I called and said the MB had caps leaking brown crap. They were happy to ship a new MB and let me swap it even though we had the on-site service contract. The problem was that Dell was shipping replacement parts that would have the same problem within 2 months. I stopped calling on the power supplies and just bought new non-dell branded ones.
They had to know they had a widespread problem and that the parts they were shipping would have the same issues. They were simply trying to use up their spare parts inventory and string the customers along until they were out of warranty service contract. That's dishonest.
Not an issue with iOS. It is 100% secure from this type of hacks. People who value their security go with the mature platforms and apps that have been checked over by professionals to make sure they are not Trojans.
A little tongue in cheek eh? Yes Apple has certainly had a few questionable and/or vulnerable apps make their way into the store.
"This isn't a tool to find vulnerabilities. It's a tool to exploit them once found."
How do you expect to test if someone can break into your system with SQLNinja without running it and attempting to break in? How do you plan on proving to upper management that there really is a vulnerability, and that your conjecture that you could break in is something more than mere conjecture?
Valid points. Still doesn't mean that Redhat should include this in their repositories any more than they should include virus building tools.
I'm afraid that I don't understand your point. Are you saying that, because this isn't a program that just goes "oh look, I think I found a vulnerability" but actually exploits it, that it's any less valuable to someone in charge of network security?
If you're trying to secure a system, a tool which identifies the vulnerabilities is of great use. This tool doesn't find the vulnerabities, you have to do that yourself. Once you find a vulnerable webpage, you use this tool to exploit it.
It's kind like checking a building for open doors, actively trying to jimmy the doors, or see how easily the locks can be picked. That's valuable as it identifies weaknesses. This tool would be more akin to going in and stealing things after someone else pointed out the unlocked door.
Of course no-one has pointed out the political angle. I doubt RedHat wants to host a tool in the repositories whose stated purpose is for compromising Microsoft SQL databases.
damn buffer I copied it wrong and hit enter to fast. I meant to say they call it exploration now , although look at the links directly in the navbar , exploits etc what not
Well sure exploration implies mapping something out. Exploitation would imply taking advantage of something once it's discovered.
The difference between tcpdump, nmap, and sqlninja is that tcpdump and nmap have a lot of uses (is my port open?).
Yes of course, but there are also plugins for e.g. nmap that will give you 'recommendations' for _said_ open ports on target which in the end is also a 'penetration tool' which was one of the reasons for not adding this particular package. So how is that so much different ?
Because the sole purpose of SQLninja is to exploit a SQL injection vulnerability once detected by other means, not to actually discover them. To me, that is a black hat tool with no redeeming use as a pen testing program.
Smith said the language is intended to clarify its stance on a class of software that can be used both to secure and penetrate protected networks.....If a piece of software can be used to test a network for vulnerability, it can likely be used to penetrate said network.
This software does not secure or test anything. It's used to a exploit SQL injection vulnerability found by other means. Go read its sourceforge page which says.
There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network
You may be right, but it would be especially ironic since if those companies would have had ninjaSQL, and used it effectively in testing their networks, then they wouldn't have been a victim of SQL exploits in the first place...
This isn't a tool to find vulnerabilities. It's a tool to exploit them once found.
From the sourcforge page for this tool
"Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv2.
There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network. In a nutshell, here's what it does: "
As you probably have figured out, sqlninja does not look for SQL injection vulnerabilities. Again, there are already several tools that perform that task already.
True, but nevertheless reading the fine print is a bit scary. Legal precedents have been set for warrant-less searches in many, many situations. Situations where people would otherwise assume they have a legal right to privacy, airport body scanners.
Do note that the term "Border" got redefined to be anywhere within 100-miles of the physical border inland entry points. International airports count as entry points. 2/3rds of the US population is technically within this area.
In general, the border is the point where entry into the United States is first made by land from the neighboring countries of Mexico or Canada, at the place where a ship docks in the United States after having been to a foreign port, and at any airport in the country where international flights first land.
Border searches can also occur in places other than the actual physical border. Two different legal concepts authorize such searches: (1) searches at the functional equivalent of the border; and (2) extended border searches. These concepts allow federal officers to conduct border searches even in situations when it is not feasible to conduct the search at the actual point of entry (e.g., examining a person upon arrival at a U.S. airport rather than during a mid-flight crossing into the country).
INA 287(a)(3), 8 U.S.C. 1357(a)(3). This statute also authorizes searches without warrant “within a reasonable distance from any external boundary of the United States.” Reasonable distance is defined by 8 C.F.R. 287.1(a)(2) to mean “within 100 air miles from any external oundary of the United States or any shorter distance which may be fixed by the chief patrol agent of CBP, or the special agent in charge of ICE.” External boundary is defined by 8 C.F.R. 287.1(a)(1) to mean “the land boundaries and the territorial sea of the United States extending 12 nautical miles from the baselines of the United States determined in accordance with international law.”
I have seen Microsoft Security Essentials listed in my WSUS server for a couple of months now. I also have been installing it in place of whatever free AV was in place on systems I work on for friends and family.
Hmm. Now I'm going to have to look on Monday. I've seen the Forefront client stuff and the updates, but not the MSE client itself.
...Either way my password gets recorded in a safe place...
The whole point is that the password may not be getting recorded in a safe place. Plaintext is obviously a poor choice, but it's also a common practice.
I take it you've never heard of the OS-level security feature called Keychain, present on both OS X and iOS - basically, it's a way of storing data in an encrypted form, using the user's login password (or PIN) as the seed for the encryption key. Not unbreakable, but surely a hell of a lot better than plaintext.
Considering this ships as default with the OS, it's inexcusable to not use it. Morons.
Keychain in iOS has limitations, for example it's always unlocked and the user doesn't have to authentication for the apps to get their keys back out. Still I agree that apps should use the built-in key services when possible.
Also on an iPod Touch you should lock it when not it use. Otherwise if it's stolen the thief doesn't have automatic access to your bank account.
No, if you know anything about programming the decryption key does not have to be in plaintext.
You could always XOR it and store it in the registry. (Bonus points to those getting this reference). My point is that the decryption method or key is a known quantity and only a mild impediment to getting the password.
I don't know much about WIndows, I've heard it has improved since Windows 3.1 and that's about it. I am used to GNU/Linux distributions giving me all the latest software when I apt-get update or emerge sync;emerge -uv world or yum update or whatever. I never go to some website to get or update some piece of software, the OS has some feature which lets me do that. If Windows Update would be able to do something like that then it sounds to me as if it's a very good thing. Perhaps not so good as long as it only lets you grab Microsoft software, and it would likely be hard for them to add too much other software being that Windows typically means non-free software, but still.. this sounds to me like a step in the right direction. But as said, I don't really know that much about the Windows world.
So you haven't a clue about recent Windows or how windows update works, but you opted to chime in anyway? Go crawl back under your Linux rock. Redhat 6 sucked, so it must still suck....
Slashdot Mirror
They'll say anything to get more control over the internet and your free expression.
Well there is also that. Major corporations definitely want a higher level of control over the content people consume on the internet. These corporations are the same ones who pay to have a candidate of their choice in office.
This is probably just PR crap like the last cold war....
Hardly. The sheer number of Chinese penetrations into our commercial and govt networks is astounding. The media is only reporting a few of the incidents, and the major breaches into the DOD are classified and never publicly disclosed.
All this crap about "user awareness" is a dead end. It takes too much attention. ..... And don't claim that's impossible unless you've read up on SE Linux and NSA's work on secure systems.
You just contradicted yourself. SELinux is a pain in the ass to setup properly and requires user awareness. Most users end up turning it off when they can't figure out why it's breaking something or flooding the syslog with warnings. It's great for a dedicated purpose, internet facing server but it's virtually unusable for a desktop.
It depends. If a "cyberwar" could do real damage to our infrastructure -- shutting down the power grid is the most commonly used example -- then it's definitely a real war, just as real as if enemy planes are dropping bombs on our power plants. The use of new technology which permits new tactics doesn't make it "not real war," else you could claim that there hasn't been a real war since the invention of the bow! But it's a pretty big "if," and the would be "cyberwarriors" are spending a lot of time pumping up the threat without a lot of real evidence.
Hitting the power grid is pretty low class and way obvious. Try thinking more subtle like Stuxnet destroying Iran's nuclear fuel processing capability. Or perhaps something to quietly influence the financial markets to bleed billions out of the US. Crashing the US flight controller computers would have a serious impact (just look at the impact immediately after 911 as an example). Or, as is currently the case, routinely penetrating their networks to collect valuable information or technology.
The Air Force had a shitload of those bad machines. They ended up on pallets at property disposal.
Of course Dell is still generally USAF standard. :)
So did the Navy NMCI network. Somewhere around 400 thousand at the time. Now the NMCI contract uses HP computers since EDS got bought out by HP.
Very true from what I understand, even using back up images and network drives it can still take hours before you can get a desk back online.
The actual repair of swapping the MB or power supply took 15 minutes. You either have to deal with the downtime while waiting for Dell to send you parts, or you maintained a large than normal number of spare computers. A the height of the problem, I was losing one a day and was spending about 10% of my time just dealing with the failures Even buying a bunch of aftermarket power supplies, and a few spare GX270s, I still had lots of user down time.
The fixed models had a K shape cut into the caps the old ones looked like a +, they used up the old known bad parts then started shipping good ones. They ran out of known bad pretty early on.
I knew about the expansion cuts being different. They were shipping us bad parts for at least a year, while publicly denying it was a widespread problem.
If your a corporate customer and can afford the gold warranty support and buy in a large enough volume to pressure them when something goes wrong your golden no pun intended.
Speaking from experience you still take the hit in lost work hours and your efforts to deal with the problem.
I'm still seeing these burnt up Nvidia chips get replaced with the same identical board on warranty repairs, and still finding busted caps on certain (cough gx270 gx280 cough) models.
We had a very large number of GX270's. Within 4 years, 2/3rds of the power supplies and 1/2 of the motherboards died from bad caps. They didn't even flinch when I called and said the MB had caps leaking brown crap. They were happy to ship a new MB and let me swap it even though we had the on-site service contract. The problem was that Dell was shipping replacement parts that would have the same problem within 2 months. I stopped calling on the power supplies and just bought new non-dell branded ones.
They had to know they had a widespread problem and that the parts they were shipping would have the same issues. They were simply trying to use up their spare parts inventory and string the customers along until they were out of warranty service contract. That's dishonest.
Not an issue with iOS. It is 100% secure from this type of hacks. People who value their security go with the mature platforms and apps that have been checked over by professionals to make sure they are not Trojans.
A little tongue in cheek eh? Yes Apple has certainly had a few questionable and/or vulnerable apps make their way into the store.
How do you expect to test if someone can break into your system with SQLNinja without running it and attempting to break in? How do you plan on proving to upper management that there really is a vulnerability, and that your conjecture that you could break in is something more than mere conjecture?
Valid points. Still doesn't mean that Redhat should include this in their repositories any more than they should include virus building tools.
I'm afraid that I don't understand your point. Are you saying that, because this isn't a program that just goes "oh look, I think I found a vulnerability" but actually exploits it, that it's any less valuable to someone in charge of network security?
If you're trying to secure a system, a tool which identifies the vulnerabilities is of great use. This tool doesn't find the vulnerabities, you have to do that yourself. Once you find a vulnerable webpage, you use this tool to exploit it.
It's kind like checking a building for open doors, actively trying to jimmy the doors, or see how easily the locks can be picked. That's valuable as it identifies weaknesses. This tool would be more akin to going in and stealing things after someone else pointed out the unlocked door.
Of course no-one has pointed out the political angle. I doubt RedHat wants to host a tool in the repositories whose stated purpose is for compromising Microsoft SQL databases.
damn buffer I copied it wrong and hit enter to fast. I meant to say they call it exploration now , although look at the links directly in the navbar , exploits etc what not
Well sure exploration implies mapping something out. Exploitation would imply taking advantage of something once it's discovered.
From reading the minutes:
"Argument for SQLninja to be added to Fedora is that it is a 'penetration testing tool.' "
Try reading the sourceforge page instead. http://sqlninja.sourceforge.net/sqlninja-howto.html#s1. It's not a pen testing tool. It's an exploit tool.
The difference between tcpdump, nmap, and sqlninja is that tcpdump and nmap have a lot of uses (is my port open?).
Yes of course, but there are also plugins for e.g. nmap that will give you 'recommendations' for _said_ open ports on target which in the end is also a 'penetration tool' which was one of the reasons for not adding this particular package. So how is that so much different ?
Because the sole purpose of SQLninja is to exploit a SQL injection vulnerability once detected by other means, not to actually discover them. To me, that is a black hat tool with no redeeming use as a pen testing program.
Smith said the language is intended to clarify its stance on a class of software that can be used both to secure and penetrate protected networks.....If a piece of software can be used to test a network for vulnerability, it can likely be used to penetrate said network.
This software does not secure or test anything. It's used to a exploit SQL injection vulnerability found by other means. Go read its sourceforge page which says.
There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network
You may be right, but it would be especially ironic since if those companies would have had ninjaSQL, and used it effectively in testing their networks, then they wouldn't have been a victim of SQL exploits in the first place...
This isn't a tool to find vulnerabilities. It's a tool to exploit them once found.
From the sourcforge page for this tool
"Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv2.
There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network. In a nutshell, here's what it does: "
As you probably have figured out, sqlninja does not look for SQL injection vulnerabilities. Again, there are already several tools that perform that task already.
True, but nevertheless reading the fine print is a bit scary. Legal precedents have been set for warrant-less searches in many, many situations. Situations where people would otherwise assume they have a legal right to privacy, airport body scanners.
Do note that the term "Border" got redefined to be anywhere within 100-miles of the physical border inland entry points. International airports count as entry points. 2/3rds of the US population is technically within this area.
Citation needed.
Too lazy to use Google, eh? Have a look at http://www.fas.org/sgp/crs/homesec/RL31826.pdf
In general, the border is the point where entry into the United States is first made by land from the neighboring countries of Mexico or Canada, at the place where a ship docks in the United States after having been to a foreign port, and at any airport in the country where international flights first land.
Border searches can also occur in places other than the actual physical border. Two different legal concepts authorize such searches: (1) searches at the functional equivalent of the border; and (2) extended border searches. These concepts allow federal officers to conduct border searches even in situations when it is not feasible to conduct the search at the actual point of entry (e.g., examining a person upon arrival at a U.S. airport rather than during a mid-flight crossing into the country).
INA 287(a)(3), 8 U.S.C. 1357(a)(3). This statute also authorizes searches without warrant “within a reasonable distance from any external boundary of the United States.” Reasonable distance is defined by 8 C.F.R. 287.1(a)(2) to mean “within 100 air miles from any external oundary of the United States or any shorter distance which may be fixed by the chief patrol agent of CBP, or the special agent in charge of ICE.” External boundary is defined by 8 C.F.R. 287.1(a)(1) to mean “the land boundaries and the territorial sea of the United States extending 12 nautical miles from the baselines of the United States determined in accordance with international law.”
I have seen Microsoft Security Essentials listed in my WSUS server for a couple of months now. I also have been installing it in place of whatever free AV was in place on systems I work on for friends and family.
Hmm. Now I'm going to have to look on Monday. I've seen the Forefront client stuff and the updates, but not the MSE client itself.
How is this different from the Mac? I thought the initial authentication upon login opens up the Keychain?
I thought if your iPhone was PIN-code protected it would use that to lock the Keychain, no?
The details are in the links provided above.
...Either way my password gets recorded in a safe place...
The whole point is that the password may not be getting recorded in a safe place. Plaintext is obviously a poor choice, but it's also a common practice.
I take it you've never heard of the OS-level security feature called Keychain, present on both OS X and iOS - basically, it's a way of storing data in an encrypted form, using the user's login password (or PIN) as the seed for the encryption key. Not unbreakable, but surely a hell of a lot better than plaintext.
Considering this ships as default with the OS, it's inexcusable to not use it. Morons.
Keychain in iOS has limitations, for example it's always unlocked and the user doesn't have to authentication for the apps to get their keys back out. Still I agree that apps should use the built-in key services when possible.
Also on an iPod Touch you should lock it when not it use. Otherwise if it's stolen the thief doesn't have automatic access to your bank account.
No, if you know anything about programming the decryption key does not have to be in plaintext.
You could always XOR it and store it in the registry. (Bonus points to those getting this reference). My point is that the decryption method or key is a known quantity and only a mild impediment to getting the password.
I don't know much about WIndows, I've heard it has improved since Windows 3.1 and that's about it. I am used to GNU/Linux distributions giving me all the latest software when I apt-get update or emerge sync;emerge -uv world or yum update or whatever. I never go to some website to get or update some piece of software, the OS has some feature which lets me do that. If Windows Update would be able to do something like that then it sounds to me as if it's a very good thing. Perhaps not so good as long as it only lets you grab Microsoft software, and it would likely be hard for them to add too much other software being that Windows typically means non-free software, but still.. this sounds to me like a step in the right direction. But as said, I don't really know that much about the Windows world.
So you haven't a clue about recent Windows or how windows update works, but you opted to chime in anyway? Go crawl back under your Linux rock. Redhat 6 sucked, so it must still suck....