The hidden windows shares are still advertised by the server, but the windows client ignores them. Try looking at the shares with samba or looking at the network traffic with a sniffer and you'll see the real share list. Gee, does that qualify as a rookit if they're really there but windows is instructed to no show it?
Funny thing is that Windows already hides certain file names anyway. Sony or a virus writer could have simply used one of those.
10-15 kHz isn't high enough to cause a skin effect. If anything it will penetrate skin better. For shocks, it's the voltage that matters as it determines how much current flows. Someone else mentioned that ac currents have a stronger effect on the heart though. Lightening doesn't have a return path. It's a giant arc generated when the charge in the clouds jumps to ground.
For the welder who shocked himself, it was the open circuit voltage that shocked him. Think of a welder as a giant transformer. For DC is has a set of giant diodes to rectify the voltage. When there is no arc, or current flow, there is a higher voltage present on the tip. It varies by machine and the setting, but can be as high as 60-volts. MIG welders usually have a dial called voltage. On stick and tig machines it's called amperage.
Good TIG welders have a high frequency AC mode to get the arc started (10-15kHz I think). It's very helpful when welding aluminum and steel and it makes the arc jump further.
The standard was (4) 12-volt lead acid batteries in series which when charged actually provided about 52 volts. 52 Volts is the typical voltage used now and is supplied by dc-dc converters between the batteries and equipment..
And the symlink lets the webapp escape the sandbox then? One misbehaving webapp could potentially screw with the config file for all the web apps. Yup, that sounds like it's completely secure.
Internet Explorer uses alternate streams to store info about what zone a file was downloaded from. Windows then uses that info when you try to launch the file to make security decisions. One of the recent games I bought uses alternate streams to store authentication data it downloads from the server.
I think that's a good example of where symlinks shouldn't be used. Why not make the webapps smart enough to do an include of the "master" file. Symlinks are a hack to avoid setting things up properly. A useful hack, but still a hack.
Because the flow of heat through a material is proportional to the temp drop. You need to get the outside of the chip that cold to get enough heat flowing out to keep the temp inside within the operating temp. The -80 deg temp was taken on the outside of the chip. I don't think the gpu has an internal diode to measure the internal temp.
Forcing programmers to use perl taint isn't a magic bullet either. It just forces them to untaint the variables and maybe think about it a tad more, but it doesn't force them to do a good job of untainting. About half the perl code I using taint, the author just does a quick regex expression or simply calls untaint.
Can you describe your systems a bit more. I'm wondering why on earth the VOIP devices and servers are locally network accessible much less remotely? They should be on their own internal vlan and isolated as much as possible (eg strong network ACLs). Or are these VOIP systems integrated with the PCs somehow or the gateway/callmanagers located off-site? Personally, I'd never hire a VOIP specialist who sets up insecure systems such as you just described.
I've seen 5 CD/DVD players do this myself in the past few years. There is no physical limit to the lens travel in most players so if the coils get too much current the lens can rise enough to hit the disk. Most recent incident was 3 months ago with a laptop CD that cut a nice groove in a disk. Had an older DVD where the spindle platform come loose and slipped lower down on the motor shaft, causing the spining disk to touch down on the tray. I administer a large network so I see a few more machines and problems than most average consumers.
So when will we see the courts applying identity theft laws to hijacks on-line gaming accounts? Some courts have already applied theft laws to virtual property...
It's obvious you haven't. The SELinux as implemented in Fedora is a joke and hardly protects anything. Sure they've written some policies to protect some of the services, but that's hardly a complete solution. It also doesn't track changes as you suggest. It enforces mandatory access controls (mac) meaning it's a glorified suite of permissions.
Exactly. It also means the Military can scramble or shutdown the civilian use at any moment. For the longest time, they added SA which limited the accuracy of civilian positioning equipment. You don't honestly think a non-US military would rely on it do you? Other than the Brits who have their nose up the US's arse.
If they truly did develop this on their own time, using the companies computers they are guilty of improper use of company equipment. If they did it on company time, then they are also guilty of getting paid for not doing thier job. Either way, the company owns the code. If they did this on their own computers, then they own the code and the company has the right to can them for installing and running unauthorized software. Anyone see any possible angle where the company doesn't have a good reason to can them?
I figure their quick-n-dirty solution was some little widget that let them lookup or compile data quicker than using the provided software. Probably a time-saver, too. Whether their software is scaleable is doubtful. Could also be a security issue, because we all know that quick-n-dirty is rarely high quality coding.
Heck, I'd be glad if they could get FireFox stable! It still randomly leaks memory and hogs cpu. Right now, I have 4 firefox windows open and firefox is chewing up 65 meg of memory and 75-meg of pagefile. Lots of other little things still don't work right. Try right-clicking and select save-link-as, now wait while Firefox hangs until the download starts. You can't switch to any other firefox windows. You're really stuck if that was a broken link as you then get to wait for it to timeout. It also does not process proxy.pac files properly preventing me from rolling it out in a corporate environment. Sorry, just like Linux, it's still not ready for prime-time on the desktop.
I'm not talking about the people who have no clue about whether they carry a serious genetic flaw. I'm talking about the people who DO KNOW and keep having kids, hoping the one-in-3 odds are in their favor next time. The answer there is simple: continuing to bring children into the world when you know they will probably have a crappy life is worse than child abuse.
Before you say it, I'm not in favor of Eugenics. I'd just rather see research dollars go towards curing something wide-spread and non-preventable like cancer instead of trying to fix a genetic aberretion that affects the breeding potential of a small percentage of the population.
Isn't it simpler to tell these people carrying fatal genetic flaws to not have biological children? Rather than figure out how to pass on defective genes and have a kid living a screwed up life, go adopt a healthy child!
It's ludicrous that couples frequently put their desire to have a child ahead of common sense when their child stands a significant chance of being abnormal or handicapped. I've heard of people who keep trying to have kids, knowing that there is a %50 chance of passing on serious genetic defect. Also related are Downs kids. It's proven that males siring kids very late in life dramatically increases the chance of Downs to as high as 1-in-20. Don't be selfish about wanting kids when the odds are so high!
There is no such thing as expunged. In the US when you turn 18, your juvenile records are sealed and supposedly can only be opened with your permission or a court order. With that said, I believe the Patriot Act allows designated govt agencies to silently review the files, and applying for a govt security clearance also implies consent.
I had the joy of interviewing network admin candidates for our NT4 domain, all of whom had MSCE certs. None of them were worth hiring. I asked simple questions that few could answer. One couldn't explain the difference between a PDC and BDC! Another didn't know how trusts worked. Pathetic.
I had fun with one cocky guy who insisted he could hack into any computer. I called his bluff. I handed him an NT4 laptop, told him the filesystem was FAT formatted, told him an acct/password for a regular user and then asked him to get admin rights. He didn't have a clue how to proceed. Simplest method btw since FAT has no file security, is to replace the screensaver or any services with a copy of cmd.exe. Poof a commandline running as system.
First, get a network admin who know something about security and dealing with classified IT systems (someone asking for advice on slashdot using a yahoo account doesn't qualify). Seriously - go talk to your ISSM/ISSO/CIO, that's what they are there for. Do you really trust this collection of boobs to give you advice that won't land your ass in jail or get your security clearance yanked for stupidity?
Next, if your ISSM/ISSO/CIO is the usual non-technical pencil pusher and doesn't have the proper resources or knowledge, head over to DISA, specifically DISA STIGS for implementation guides and hardening tools. Also talk to the OADR and project owner to make sure there are no requirements above the DOD minimums such as Tempest or additional physical security requirements.
I'm sure producing that compressed air costs much more 1c/km. News flash, compressed air has an even worse energy density/weight ratio than H2. I won't even mention the horrible efficiency of an air powered motor.
If you still think a hydrogen powered vehicle is a good idea, you've been listening to the media and ignoring all the issues. First, hydrogen is simply a temporary energy storage. It is not a primary energy source, but rather is produced by elctrolysis of water or by reducing Natural Gas. Electrolysis is very expensive, so hydrogen is usually made from Nat Gas. In both cases, the energy content of the H2 produced is far less than the energy of the materials and energy used to produce it. Plus there is that little problem of Hydrogen having a very poor energy/weight ratio.
> Running from a limited user account coupled with
> using a non-IE browser removes nearly every
> (current) major malware attack vector.
Except ignorant users. See my earlier post about a user installing cursor from cursormania.com. This was done on a restricted account running FireFox. Also of interest - it installed a Firefox plugin.
Slashdot Mirror
The hidden windows shares are still advertised by the server, but the windows client ignores them. Try looking at the shares with samba or looking at the network traffic with a sniffer and you'll see the real share list. Gee, does that qualify as a rookit if they're really there but windows is instructed to no show it?
Funny thing is that Windows already hides certain file names anyway. Sony or a virus writer could have simply used one of those.
10-15 kHz isn't high enough to cause a skin effect. If anything it will penetrate skin better. For shocks, it's the voltage that matters as it determines how much current flows. Someone else mentioned that ac currents have a stronger effect on the heart though. Lightening doesn't have a return path. It's a giant arc generated when the charge in the clouds jumps to ground.
For the welder who shocked himself, it was the open circuit voltage that shocked him. Think of a welder as a giant transformer. For DC is has a set of giant diodes to rectify the voltage. When there is no arc, or current flow, there is a higher voltage present on the tip. It varies by machine and the setting, but can be as high as 60-volts. MIG welders usually have a dial called voltage. On stick and tig machines it's called amperage.
Good TIG welders have a high frequency AC mode to get the arc started (10-15kHz I think). It's very helpful when welding aluminum and steel and it makes the arc jump further.
The standard was (4) 12-volt lead acid batteries in series which when charged actually provided about 52 volts. 52 Volts is the typical voltage used now and is supplied by dc-dc converters between the batteries and equipment..
And the symlink lets the webapp escape the sandbox then? One misbehaving webapp could potentially screw with the config file for all the web apps. Yup, that sounds like it's completely secure.
Internet Explorer uses alternate streams to store info about what zone a file was downloaded from. Windows then uses that info when you try to launch the file to make security decisions. One of the recent games I bought uses alternate streams to store authentication data it downloads from the server.
I think that's a good example of where symlinks shouldn't be used. Why not make the webapps smart enough to do an include of the "master" file. Symlinks are a hack to avoid setting things up properly. A useful hack, but still a hack.
Because the flow of heat through a material is proportional to the temp drop. You need to get the outside of the chip that cold to get enough heat flowing out to keep the temp inside within the operating temp. The -80 deg temp was taken on the outside of the chip. I don't think the gpu has an internal diode to measure the internal temp.
Forcing programmers to use perl taint isn't a magic bullet either. It just forces them to untaint the variables and maybe think about it a tad more, but it doesn't force them to do a good job of untainting. About half the perl code I using taint, the author just does a quick regex expression or simply calls untaint.
Can you describe your systems a bit more. I'm wondering why on earth the VOIP devices and servers are locally network accessible much less remotely? They should be on their own internal vlan and isolated as much as possible (eg strong network ACLs). Or are these VOIP systems integrated with the PCs somehow or the gateway/callmanagers located off-site? Personally, I'd never hire a VOIP specialist who sets up insecure systems such as you just described.
I've seen 5 CD/DVD players do this myself in the past few years. There is no physical limit to the lens travel in most players so if the coils get too much current the lens can rise enough to hit the disk. Most recent incident was 3 months ago with a laptop CD that cut a nice groove in a disk. Had an older DVD where the spindle platform come loose and slipped lower down on the motor shaft, causing the spining disk to touch down on the tray. I administer a large network so I see a few more machines and problems than most average consumers.
So when will we see the courts applying identity theft laws to hijacks on-line gaming accounts? Some courts have already applied theft laws to virtual property...
It's obvious you haven't. The SELinux as implemented in Fedora is a joke and hardly protects anything. Sure they've written some policies to protect some of the services, but that's hardly a complete solution. It also doesn't track changes as you suggest. It enforces mandatory access controls (mac) meaning it's a glorified suite of permissions.
Exactly. It also means the Military can scramble or shutdown the civilian use at any moment. For the longest time, they added SA which limited the accuracy of civilian positioning equipment. You don't honestly think a non-US military would rely on it do you? Other than the Brits who have their nose up the US's arse.
If they truly did develop this on their own time, using the companies computers they are guilty of improper use of company equipment. If they did it on company time, then they are also guilty of getting paid for not doing thier job. Either way, the company owns the code. If they did this on their own computers, then they own the code and the company has the right to can them for installing and running unauthorized software. Anyone see any possible angle where the company doesn't have a good reason to can them?
I figure their quick-n-dirty solution was some little widget that let them lookup or compile data quicker than using the provided software. Probably a time-saver, too. Whether their software is scaleable is doubtful. Could also be a security issue, because we all know that quick-n-dirty is rarely high quality coding.
Heck, I'd be glad if they could get FireFox stable! It still randomly leaks memory and hogs cpu. Right now, I have 4 firefox windows open and firefox is chewing up 65 meg of memory and 75-meg of pagefile. Lots of other little things still don't work right. Try right-clicking and select save-link-as, now wait while Firefox hangs until the download starts. You can't switch to any other firefox windows. You're really stuck if that was a broken link as you then get to wait for it to timeout. It also does not process proxy.pac files properly preventing me from rolling it out in a corporate environment. Sorry, just like Linux, it's still not ready for prime-time on the desktop.
Too bad MS Windows still doesn't support booting from USB devices.
I'm not talking about the people who have no clue about whether they carry a serious genetic flaw. I'm talking about the people who DO KNOW and keep having kids, hoping the one-in-3 odds are in their favor next time. The answer there is simple: continuing to bring children into the world when you know they will probably have a crappy life is worse than child abuse.
Before you say it, I'm not in favor of Eugenics. I'd just rather see research dollars go towards curing something wide-spread and non-preventable like cancer instead of trying to fix a genetic aberretion that affects the breeding potential of a small percentage of the population.
Isn't it simpler to tell these people carrying fatal genetic flaws to not have biological children? Rather than figure out how to pass on defective genes and have a kid living a screwed up life, go adopt a healthy child!
It's ludicrous that couples frequently put their desire to have a child ahead of common sense when their child stands a significant chance of being abnormal or handicapped. I've heard of people who keep trying to have kids, knowing that there is a %50 chance of passing on serious genetic defect. Also related are Downs kids. It's proven that males siring kids very late in life dramatically increases the chance of Downs to as high as 1-in-20. Don't be selfish about wanting kids when the odds are so high!
There is no such thing as expunged. In the US when you turn 18, your juvenile records are sealed and supposedly can only be opened with your permission or a court order. With that said, I believe the Patriot Act allows designated govt agencies to silently review the files, and applying for a govt security clearance also implies consent.
I had the joy of interviewing network admin candidates for our NT4 domain, all of whom had MSCE certs. None of them were worth hiring. I asked simple questions that few could answer. One couldn't explain the difference between a PDC and BDC! Another didn't know how trusts worked. Pathetic.
I had fun with one cocky guy who insisted he could hack into any computer. I called his bluff. I handed him an NT4 laptop, told him the filesystem was FAT formatted, told him an acct/password for a regular user and then asked him to get admin rights. He didn't have a clue how to proceed. Simplest method btw since FAT has no file security, is to replace the screensaver or any services with a copy of cmd.exe. Poof a commandline running as system.
First, get a network admin who know something about security and dealing with classified IT systems (someone asking for advice on slashdot using a yahoo account doesn't qualify). Seriously - go talk to your ISSM/ISSO/CIO, that's what they are there for. Do you really trust this collection of boobs to give you advice that won't land your ass in jail or get your security clearance yanked for stupidity?
Next, if your ISSM/ISSO/CIO is the usual non-technical pencil pusher and doesn't have the proper resources or knowledge, head over to DISA, specifically DISA STIGS for implementation guides and hardening tools. Also talk to the OADR and project owner to make sure there are no requirements above the DOD minimums such as Tempest or additional physical security requirements.
I'm sure producing that compressed air costs much more 1c/km. News flash, compressed air has an even worse energy density/weight ratio than H2. I won't even mention the horrible efficiency of an air powered motor.
If you still think a hydrogen powered vehicle is a good idea, you've been listening to the media and ignoring all the issues. First, hydrogen is simply a temporary energy storage. It is not a primary energy source, but rather is produced by elctrolysis of water or by reducing Natural Gas. Electrolysis is very expensive, so hydrogen is usually made from Nat Gas. In both cases, the energy content of the H2 produced is far less than the energy of the materials and energy used to produce it. Plus there is that little problem of Hydrogen having a very poor energy/weight ratio.
> Running from a limited user account coupled with > using a non-IE browser removes nearly every > (current) major malware attack vector. Except ignorant users. See my earlier post about a user installing cursor from cursormania.com. This was done on a restricted account running FireFox. Also of interest - it installed a Firefox plugin.