In a world where phishing is a considerably bigger problem then someone snooping your connection, I have to agree with how Firefox functions here. Self-signed certificates provide no way to authenticate the website which is even more important these days after the recent DNS exploits.
I think Mozilla's large "Failed!" message is much better than a default-accept of self-signed certs with a small warning message that would be ignored by 90% of users. Besides, Firefox will still allow self-signed certs after manual intervention.
Seriously, this solution has been posted in response to every DNS article on Slashdot this past month and has been mentioned by just about every article talking about the issue.
Does Slashdot really need to post links to Computer World that rehash was has been discussed 100 times already?
I heard that most large vendors send their software to Europe via SMS, 160 bytes at a time, due to their more advance cell networks. At $500/MB for SMS, of course software is going to cost more in Europe than the US.
Same here...I am on AT&T DSL service and the DNS servers are unpatched, and they haven't released patches for their 2wire DSL modems which do DNS proxying (hopefully not caching). I've switch my machines to OpenDNS, but I don't know how an ISP the size of AT&T is not taking this seriously.
It sounds more like Zonealarm, BES and Sphericall are broken. Why would they try to listen on a UDP port that is use? There are only 65,000+ ports available, why are they running into conflicts when only 2500 are in use? If the port is not in use, why are they not validating the data they are receiving through UDP?
Not to mention that similar conflicts are starting to show up on patched BIND servers that are running other services which rely on UDP.
From my understanding, if you are using a DNS proxy on your router (which most SOHO routers seem to do now), then you might be vulnerable. I checked my 2wire (which has no option to turn off DNS proxy for DHCP clients) and they have not updated the firmware in forever.:/
See my post below about switching to OpenDNS instead.
I used one of the tests below and found that my ISP's DNS servers were vulnerable. Now I am using the OpenDNS servers on all of my clients instead:
208.67.222.222 208.67.220.220
Their servers are not vulnerable, and you can create an account to enable things like antiphishing at the DNS level (much better idea then a browser plug-in).
If you find that your ISP's routers are vulnerable, your best bet is switch to OpenDNS...or just run your own caching server.
#1 - This is only concerning official House communications...not informal messages from House members.
#2 - The letter is actually requesting to open up external sites (like Youtube) for official House communications since the current house.gov website doesn't meet the needs.
#3 - The restrictions requested ask for similar standing on external sites as they have on house.gov. In other words, offical communication can't be posted along side an Obama banner ad.
I distinctly remember applications like this back in the 1998/1999 timeframe where you could install a client-side app and interact through avatars with others visiting the same web site. It was only 2D and I don't think it was ever widely used. It was supposed to be an extension of the chat rooms that were so popular back then...
This is exactly what I was thinking. You are essentially setting yourself up with the equipment of a Freshmen EE lab (excluding AC equipment, power resistors and other high amperage stuff).
You will also need a decent volt/ohmmeter and maybe an AC/DC clamp-on ammeter (not required).
I know for a fact that EDS has got that whole nickel & dime process down to a science, so I don't see why you need to post this on Slashdot. Hopefully that is not your real name & email address in the original post.
I didn't even know that "Print table of links" was an option for printing in IE until today. My guess is that no one actually uses that feature, and this 0-day exploit affects roughly 0 people.
What do you mean Yahoo would be endangered? It wouldn't exist anymore. "Yahoo" would just become a Microsoft brand, probably pulling in the Live/MSN products under it.
This would have been a better deal for Yahoo than Microsoft. Yahoo shareholders would have gotten an "out" from that struggling company, but Microsoft would have been stuck with yet another Internet property that can't compete with Google's advertising business.
If I were a Yahoo shareholder, I would be pissed at the board rejecting Microsoft's offer. If I were a MS shareholder, I would be pissed at Balmer for going off on this wild goose chase.
A quick Google shows that many Illinois state university have surplus programs in place for handling old capital equipment. The same processes are in place at the two large universites I have worked at before.
My guess is that are are some new guy (or student) that really don't know what is going on.
How much is returned to the public? WARF has put almost $1 billion back into research at the University ($50 million last year) and supported 1500 seperate research projects last year. Not to mention that there are 1000's of people employeed around the state in the private sector at small biotech companies and other firms developing products off of WARF licensed technologies.
I suppose that is good news for us system administrators that run hosted services for other companies...huh?
There are actually many large companies that do not run data centers; however, seeing the cost they are willing pay for a completely hosted IT department, I do not think they are saving money or resources.
I go through this fight several times a year with our department. Mid-year rolls around and some department gets approval to expand by 20 people, and it becomes IT's problem when we can't install all of the software these 20 new people require. Luckily I have the backing of our CEO here, so our policy is to never install software without a license.
In previous jobs that was rarely the case, and the executive stance was usually "just make it work, we can buy the software next year". Of course, rarely is that software purchase approved for next year especially when everything seems to be working fine without them.
With 10's of thousands of these being ordered and shipped to third world countries, has anyone actually thought about how they are going to be distributed? It's kind of like the food programs for poor countries...it is not that there isn't enough money or food, it just nearly impossible to get the resources to the people that actually need it.
I envision thousands of these laptops sitting in warehouses across the global, with only a handful of "showcase" schools actually receiving and using the laptops.
Maybe I'm just cynical, but I don't think real problem here is technology or the cost of it.
Seriously, customers require this so IT staff can do remote support and reboot the machine remotely. It is only enabled for one reboot, and you must have cryptographic access to enable this feature. The only threat is if someone where to enable this, not reboot, and then have the machine stolen.
Why does crap like this make it to the front page of Slashdot?
With improved suspend states and hibernation, my PC and laptops are never shut off any more. I'm sure my browsers are left open for days or weeks at a time...but hey, I use IE and don't have to restart it every day.
Slashdot Mirror
In a world where phishing is a considerably bigger problem then someone snooping your connection, I have to agree with how Firefox functions here. Self-signed certificates provide no way to authenticate the website which is even more important these days after the recent DNS exploits.
I think Mozilla's large "Failed!" message is much better than a default-accept of self-signed certs with a small warning message that would be ignored by 90% of users. Besides, Firefox will still allow self-signed certs after manual intervention.
Seriously, this solution has been posted in response to every DNS article on Slashdot this past month and has been mentioned by just about every article talking about the issue.
Does Slashdot really need to post links to Computer World that rehash was has been discussed 100 times already?
Well, you can choose to not use caching servers that are still vulnerable.
I heard that most large vendors send their software to Europe via SMS, 160 bytes at a time, due to their more advance cell networks. At $500/MB for SMS, of course software is going to cost more in Europe than the US.
Same here...I am on AT&T DSL service and the DNS servers are unpatched, and they haven't released patches for their 2wire DSL modems which do DNS proxying (hopefully not caching). I've switch my machines to OpenDNS, but I don't know how an ISP the size of AT&T is not taking this seriously.
It sounds more like Zonealarm, BES and Sphericall are broken. Why would they try to listen on a UDP port that is use? There are only 65,000+ ports available, why are they running into conflicts when only 2500 are in use? If the port is not in use, why are they not validating the data they are receiving through UDP?
Not to mention that similar conflicts are starting to show up on patched BIND servers that are running other services which rely on UDP.
From my understanding, if you are using a DNS proxy on your router (which most SOHO routers seem to do now), then you might be vulnerable. I checked my 2wire (which has no option to turn off DNS proxy for DHCP clients) and they have not updated the firmware in forever. :/
See my post below about switching to OpenDNS instead.
I used one of the tests below and found that my ISP's DNS servers were vulnerable. Now I am using the OpenDNS servers on all of my clients instead:
208.67.222.222
208.67.220.220
Their servers are not vulnerable, and you can create an account to enable things like antiphishing at the DNS level (much better idea then a browser plug-in).
If you find that your ISP's routers are vulnerable, your best bet is switch to OpenDNS...or just run your own caching server.
The letter is avialable here
#1 - This is only concerning official House communications...not informal messages from House members.
#2 - The letter is actually requesting to open up external sites (like Youtube) for official House communications since the current house.gov website doesn't meet the needs.
#3 - The restrictions requested ask for similar standing on external sites as they have on house.gov. In other words, offical communication can't be posted along side an Obama banner ad.
I distinctly remember applications like this back in the 1998/1999 timeframe where you could install a client-side app and interact through avatars with others visiting the same web site. It was only 2D and I don't think it was ever widely used. It was supposed to be an extension of the chat rooms that were so popular back then...
This is exactly what I was thinking. You are essentially setting yourself up with the equipment of a Freshmen EE lab (excluding AC equipment, power resistors and other high amperage stuff).
You will also need a decent volt/ohmmeter and maybe an AC/DC clamp-on ammeter (not required).
I know for a fact that EDS has got that whole nickel & dime process down to a science, so I don't see why you need to post this on Slashdot. Hopefully that is not your real name & email address in the original post.
I didn't even know that "Print table of links" was an option for printing in IE until today. My guess is that no one actually uses that feature, and this 0-day exploit affects roughly 0 people.
What do you mean Yahoo would be endangered? It wouldn't exist anymore. "Yahoo" would just become a Microsoft brand, probably pulling in the Live/MSN products under it.
This would have been a better deal for Yahoo than Microsoft. Yahoo shareholders would have gotten an "out" from that struggling company, but Microsoft would have been stuck with yet another Internet property that can't compete with Google's advertising business.
If I were a Yahoo shareholder, I would be pissed at the board rejecting Microsoft's offer. If I were a MS shareholder, I would be pissed at Balmer for going off on this wild goose chase.
In fact, here is the state law that governs this process: http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=555&ChapAct=30%C2%A0ILCS%C2%A0605/&ChapterID=7&ChapterName=FINANCE&ActName=State+Property+Control+Act.
A quick Google shows that many Illinois state university have surplus programs in place for handling old capital equipment. The same processes are in place at the two large universites I have worked at before.
My guess is that are are some new guy (or student) that really don't know what is going on.
So, I suppose all of the LAMP sites out there vulnerable to SQL injection are the fault of Microsoft too?
http://www.google.com/search?hl=en&q=site%3Asecurityfocus.com+php+sql+injection
How much is returned to the public? WARF has put almost $1 billion back into research at the University ($50 million last year) and supported 1500 seperate research projects last year. Not to mention that there are 1000's of people employeed around the state in the private sector at small biotech companies and other firms developing products off of WARF licensed technologies.
I suppose that is good news for us system administrators that run hosted services for other companies...huh?
There are actually many large companies that do not run data centers; however, seeing the cost they are willing pay for a completely hosted IT department, I do not think they are saving money or resources.
I go through this fight several times a year with our department. Mid-year rolls around and some department gets approval to expand by 20 people, and it becomes IT's problem when we can't install all of the software these 20 new people require. Luckily I have the backing of our CEO here, so our policy is to never install software without a license.
In previous jobs that was rarely the case, and the executive stance was usually "just make it work, we can buy the software next year". Of course, rarely is that software purchase approved for next year especially when everything seems to be working fine without them.
For high priority bug fixes, it usually takes 1 to 2 weeks to get a patch out once we determine that a patch is needed.
No, he is the perennial Debby Downer of the technology world. How many times has he predicted Apple would fail? I've lost count...
With 10's of thousands of these being ordered and shipped to third world countries, has anyone actually thought about how they are going to be distributed? It's kind of like the food programs for poor countries...it is not that there isn't enough money or food, it just nearly impossible to get the resources to the people that actually need it.
I envision thousands of these laptops sitting in warehouses across the global, with only a handful of "showcase" schools actually receiving and using the laptops.
Maybe I'm just cynical, but I don't think real problem here is technology or the cost of it.
Seriously, customers require this so IT staff can do remote support and reboot the machine remotely. It is only enabled for one reboot, and you must have cryptographic access to enable this feature. The only threat is if someone where to enable this, not reboot, and then have the machine stolen.
Why does crap like this make it to the front page of Slashdot?
With improved suspend states and hibernation, my PC and laptops are never shut off any more. I'm sure my browsers are left open for days or weeks at a time...but hey, I use IE and don't have to restart it every day.