I'd love to have a honeypot, and I'm sure it would be fun to play around with them.. but this reminds me about the true nature of many network adminstrators.
The reality is that most administrators know about most vulnerabilities, but a large number of them are too lazy or busy to fix them. A lot of them have the "nobody cares enough to hack me" mentality.. which isn't really effective since people scan blocks of IP addresses at a time.
Hopefully some adminstrators will get their acts together after reading about honeypots.
Yes, i signed up for the $200 lifetime subscription also, but... you have to realize, you still payed $100/$200 more than you would have payed, since you're paying for the dial-up subscription services.
I'm not argueing whether this should be allowed, I agree with you, I'd like to see this done also, I'm just trying to show how the TiVo management might feel.
Ok, well, maybe I didn't read the slashdot article too closely. The purpose of this is in order to download the schedule data. Oops...
Either way, this still is NOT beneficial for TiVo. The reason being, the whole way they make money, is that they get you to buy this TiVo box... however, the money is made in the long term. You pay $9.95/month for TV schedule listings for as long as you can afford, in order to get the benefits of TiVo. They of course, make a lot of money this way, and the short term of it... the $300-$500 investment isn't their only source of revenue.
Well, anyway, my point is, that TiVo may not like this either, since, you're stealing a huge source of revenue from them.
Actually, i'm not sure the TiVo people will be happy about people's plans to copy the video. So far, TiVo has supported the fact that people modify their TiVos in order to accomodate for more space. However, TiVo currently has protections in place, to prevent copying of video(as in the aforementioned method), which is an effort to curb the copying of copryrighted material. The TiVo people haven't tried to prevent us from modifying TiVos so far, because it's been mostly harmless, however, if people start to reverse engineer their video protection scheme.... I'm not sure if they'd take that so lightly.
Perhaps you should read the WHOLE article instead of just the first paragraph.
The litigation did not focus on copyright infringement, as has the Napster case. And it goes on to say In dismissing the suit, Pollak said he based his ruling on the Communications Decency Act, which forbids computer service providers for being punished for the speech of others.
Of course... i still disagree with the moderator... but... that's not what these posts are for. If you want to bitch about that... e-mail cmdrtaco or whoever it says to in the FAQ
Even though al gore isn't directly mentioned.... you have to look between the lines, outside of the box.
From the article: # 1: tim berners-lee
# 2: bill GatEs
# 3: linus tORvALds Capitalizded letters: GEORAL If you look at the first three people on the list, you can see, it's an anagram for Al Gore. Al Gore invented the internet, and is the most imporant person of the decade, actually, he's more important than the top three tech people of the decade combined!.... Rush Limbaugh could of told you that.
Sanity is statistical. If everyone thinks that a comment is good, then isn't it good? If everyone else thinks 2 + 2 = 5, is it indeed 5?
Of course not =). I agree that the moderation is very bad. If you ever have tried meda-moderating, you know that moderators usually breifly look at the comment, and moderate it, rather than actually reading it and analyzing what it says.
I'm not sure this type of proposed system would work though... a bunch of people with moderation points.... or a lot more people with moderation points, might not make a difference.. because not everyone is reading the articles for content; perhaps that would be a good poll.
No need to worry, the commarades have taken over slashdot. Please be patient while the crackers learn how to use the slashdot database. If you find that your comment has disappeared, your username is erased, or that the site root has been deleted and you get a 404 message, the crackers appologize profusely.
I, personally, like AOL's AIM client, and I don't really care much for ICQ. However, a minority of my friends like to use ICQ, and refuse to use AIM at all. So, in order to talk to all my friends, I have to run both AIM and ICQ. I feel that integrating AOL and ICQ will make it easier for most IM users to communicate.
When I was a little kid, my mother told me not to stare into the sun, so once when I was six I did. The doctors didn't know if my eyes would ever heal, I was terrified, alone in that darkness. Slowly, daylight crept in through the bandages, and I could see. Something else had changed inside me. That day I had my first headache.
Contarary to what law enforcement agencies would like you to believe, online terrorist activity is not all that big. Even if that trend does grow, carnivore will not prevent such activities since it is mostly used to provide evidence for cases, rather than spot possible criminal activity. Rather, the so-called Echelon is resposible for intercepting terrorist activity.
Also, your main argument is that "I don't have anything to hide, so why not let them read my mail". Even though you may not value your privacy, many other people do. People commonly send very confidential e-mails, via plain-text, and assume it is safe from interception.
Also, I believe most people wouldn't have so much of a problem if they were more open about Carnivore and its details. For example, if they open-sourced Carnivore and let people inspect it, people wouldn't have as much with a problem with it.
Yes, I agree with you. I'm also going to be installing a telescreen next week.
What they mean is, usually e-mail is sent through a client-server relationship. First, your e-mail client connects to your ISP's mail server which then sends the mail to the reciever's ISP mail server, which the recepient then reads with his/her e-mail client.
In a server-client situation, the client always initiates the server to the connection. With a peer-to-peer relationship, either one can initiate the connection.
Using a peer-to-peer setup would make e-mail more secure since Carnivore intercepts mail on the ISPs mail server, and this eliminates that middleman.
The article mentions "The serial number issue has been raised before, most famously in early 1999 in a clash with Intel over its Pentium II computer chip. ", however, this whole fiasco was over the Pentium III chip as illustrated by this wired article.
To me, yes it is a suprise. I've had a TiVo since christmas time. The one characteristic that makes TiVo better than any other gadget I've owned is it's innovativeness. Not many peope thought of the digital VCR, but not only a digital VCR, one that is so perfectly geared towards the average consumer. I love the interface on it, since it is so easy, yet has so many features. There are few companies that I trust, and I trust the creators of TiVo. Most people don't see this a big deal, but I didn't expect this from the people behind TiVo.
CDNOW? Are you talking about the incident with CD Universe?
Well, it's probably pretty obvious, but all of these companies don't care about security. Security comes in a distant second compared when compared to money. They'd rather concentrate on methods of obtaining more revenue online, than securing their website. That's just my thoughts on these businessmen.
Although, it said that while performing routine security checks they found this problem, right? Well, at least they realized that they had an intrustion. The worst is when the company, and/or the public doesn't find out about the theft, until it is too late.
Whether or not to post stories like these, goes to the center of the argument of Security through Obscurity vs Full Discolsure of security problems.
Your comment points out the Security through Obscurity viewpoint on how to go about things. Rather than tell people as soon as you have problems, you try to hide them, as to prevent more people from finding out about them and therefore exploiting them.
The other viewpoint, of course, is that you tell everyone about these insecurities; even though you may be taking a risk by telling people who would exploit this information, you would also be telling system administrators who could then fix their systems, and therefore the script kiddies wouldn't be able to attack their system.
The major problem with security though obscurity, especially with trinity, is that if you don't let people know about trojans and such, it will still propogate, in underground scenes, which may even be more dangerous. DDoS tools, lame as they are, still can be very dangerous, especially when these tools are installed on machines with fast internet connections, and it is much more efficent to tell people about them than not.
When you use name based virtual hosting with websites, one problem is that browsers which are not HTTP/1.1 compliant try to reverse-lookup the server's IP address, and so, instead of getting the virtual website, they will get the hosting companies website.
You know, I think someone out there wrote something very similar to this, about how technology will be the end of us... oh yes, it was Ted Kaczynski, the unibomber.
It's easy to blame everything on 'society' or a faction thereof.. but the truth is, none of these arguments are supported, it's just one big rant about how our current technological era... sucks.
Jon is just trying to confuse us with a 1984 style feature with big words in the hope that we won't realize that this in one huge unsupported rant.
Local post offices will make paper printouts of e-mail messages and deliver them with the snail mail, charging the sender about 41 cents for a two-page document -- an eight-cent premium to first-class mail. This is just what i need, a service in which i pay to see spam!
Slashdot Mirror
I'd love to have a honeypot, and I'm sure it would be fun to play around with them.. but this reminds me about the true nature of many network adminstrators.
The reality is that most administrators know about most vulnerabilities, but a large number of them are too lazy or busy to fix them. A lot of them have the "nobody cares enough to hack me" mentality.. which isn't really effective since people scan blocks of IP addresses at a time.
Hopefully some adminstrators will get their acts together after reading about honeypots.
"War is hell" -- General Sherman Techumseh
Ask the real prodigy.
Yes, i signed up for the $200 lifetime subscription also, but... you have to realize, you still payed $100/$200 more than you would have payed, since you're paying for the dial-up subscription services.
I'm not argueing whether this should be allowed, I agree with you, I'd like to see this done also, I'm just trying to show how the TiVo management might feel.
Ok, well, maybe I didn't read the slashdot article too closely. The purpose of this is in order to download the schedule data. Oops...
Either way, this still is NOT beneficial for TiVo. The reason being, the whole way they make money, is that they get you to buy this TiVo box... however, the money is made in the long term. You pay $9.95/month for TV schedule listings for as long as you can afford, in order to get the benefits of TiVo. They of course, make a lot of money this way, and the short term of it... the $300-$500 investment isn't their only source of revenue.
Well, anyway, my point is, that TiVo may not like this either, since, you're stealing a huge source of revenue from them.
Actually, i'm not sure the TiVo people will be happy about people's plans to copy the video. So far, TiVo has supported the fact that people modify their TiVos in order to accomodate for more space. However, TiVo currently has protections in place, to prevent copying of video(as in the aforementioned method), which is an effort to curb the copying of copryrighted material. The TiVo people haven't tried to prevent us from modifying TiVos so far, because it's been mostly harmless, however, if people start to reverse engineer their video protection scheme.... I'm not sure if they'd take that so lightly.
Perhaps you should read the WHOLE article instead of just the first paragraph.
The litigation did not focus on copyright infringement, as has the Napster case. And it goes on to say In dismissing the suit, Pollak said he based his ruling on the Communications Decency Act, which forbids computer service providers for being punished for the speech of others.
Of course... i still disagree with the moderator... but... that's not what these posts are for. If you want to bitch about that... e-mail cmdrtaco or whoever it says to in the FAQ
Wow, first sheep.. now ice. What will they come up with next?
Remember when the secret service raided Steve Jackson Games, took their computer equipment for their Illumanti BBS... and they didn't give it back, because it contained the GURPS Cyberpunk file, which was later called a handbook for computer crime? This sounds remarkabley similar. Perhaps we shall be proactive and get ready to protest the secret service.
Even though al gore isn't directly mentioned.... you have to look between the lines, outside of the box.
From the article:
# 1: tim berners-lee
# 2: bill GatEs
# 3: linus tORvALds
Capitalizded letters: GEORAL
If you look at the first three people on the list, you can see, it's an anagram for Al Gore. Al Gore invented the internet, and is the most imporant person of the decade, actually, he's more important than the top three tech people of the decade combined!.... Rush Limbaugh could of told you that.
Sanity is statistical. If everyone thinks that a comment is good, then isn't it good? If everyone else thinks 2 + 2 = 5, is it indeed 5?
Of course not =). I agree that the moderation is very bad. If you ever have tried meda-moderating, you know that moderators usually breifly look at the comment, and moderate it, rather than actually reading it and analyzing what it says.
I'm not sure this type of proposed system would work though... a bunch of people with moderation points.... or a lot more people with moderation points, might not make a difference.. because not everyone is reading the articles for content; perhaps that would be a good poll.
Reguardless, I agree, something needs to be done.
No need to worry, the commarades have taken over slashdot. Please be patient while the crackers learn how to use the slashdot database. If you find that your comment has disappeared, your username is erased, or that the site root has been deleted and you get a 404 message, the crackers appologize profusely.
Why would they do this, I mean, we all know that the celeron worked out pretty well???
Commrade, you are wrong. Me and my collegues of course put backdoor into slashcode, so en case Slashdot talk bad about mother russia....
The administrators realized how much cheaper it is to copy things off of napster than buy the CDs themselves.
I, personally, like AOL's AIM client, and I don't really care much for ICQ. However, a minority of my friends like to use ICQ, and refuse to use AIM at all. So, in order to talk to all my friends, I have to run both AIM and ICQ. I feel that integrating AOL and ICQ will make it easier for most IM users to communicate.
When I was a little kid, my mother told me not to stare into the sun, so once when I was six I did. The doctors didn't know if my eyes would ever heal, I was terrified, alone in that darkness. Slowly, daylight crept in through the bandages, and I could see. Something else had changed inside me. That day I had my first headache.
Contarary to what law enforcement agencies would like you to believe, online terrorist activity is not all that big. Even if that trend does grow, carnivore will not prevent such activities since it is mostly used to provide evidence for cases, rather than spot possible criminal activity. Rather, the so-called Echelon is resposible for intercepting terrorist activity.
Also, your main argument is that "I don't have anything to hide, so why not let them read my mail". Even though you may not value your privacy, many other people do. People commonly send very confidential e-mails, via plain-text, and assume it is safe from interception.
Also, I believe most people wouldn't have so much of a problem if they were more open about Carnivore and its details. For example, if they open-sourced Carnivore and let people inspect it, people wouldn't have as much with a problem with it.
Yes, I agree with you. I'm also going to be installing a telescreen next week.
No, not necessarily.
What they mean is, usually e-mail is sent through a client-server relationship. First, your e-mail client connects to your ISP's mail server which then sends the mail to the reciever's ISP mail server, which the recepient then reads with his/her e-mail client.
In a server-client situation, the client always initiates the server to the connection. With a peer-to-peer relationship, either one can initiate the connection.
Using a peer-to-peer setup would make e-mail more secure since Carnivore intercepts mail on the ISPs mail server, and this eliminates that middleman.
The article mentions "The serial number issue has been raised before, most famously in early 1999 in a clash with Intel over its Pentium II computer chip. ", however, this whole fiasco was over the Pentium III chip as illustrated by this wired article.
To me, yes it is a suprise. I've had a TiVo since christmas time. The one characteristic that makes TiVo better than any other gadget I've owned is it's innovativeness. Not many peope thought of the digital VCR, but not only a digital VCR, one that is so perfectly geared towards the average consumer. I love the interface on it, since it is so easy, yet has so many features. There are few companies that I trust, and I trust the creators of TiVo. Most people don't see this a big deal, but I didn't expect this from the people behind TiVo.
CDNOW? Are you talking about the incident with CD Universe?
Well, it's probably pretty obvious, but all of these companies don't care about security. Security comes in a distant second compared when compared to money. They'd rather concentrate on methods of obtaining more revenue online, than securing their website. That's just my thoughts on these businessmen.
Although, it said that while performing routine security checks they found this problem, right? Well, at least they realized that they had an intrustion. The worst is when the company, and/or the public doesn't find out about the theft, until it is too late.
Whether or not to post stories like these, goes to the center of the argument of Security through Obscurity vs Full Discolsure of security problems.
Your comment points out the Security through Obscurity viewpoint on how to go about things. Rather than tell people as soon as you have problems, you try to hide them, as to prevent more people from finding out about them and therefore exploiting them.
The other viewpoint, of course, is that you tell everyone about these insecurities; even though you may be taking a risk by telling people who would exploit this information, you would also be telling system administrators who could then fix their systems, and therefore the script kiddies wouldn't be able to attack their system.
The major problem with security though obscurity, especially with trinity, is that if you don't let people know about trojans and such, it will still propogate, in underground scenes, which may even be more dangerous. DDoS tools, lame as they are, still can be very dangerous, especially when these tools are installed on machines with fast internet connections, and it is much more efficent to tell people about them than not.
When you use name based virtual hosting with websites, one problem is that browsers which are not HTTP/1.1 compliant try to reverse-lookup the server's IP address, and so, instead of getting the virtual website, they will get the hosting companies website.
You know, I think someone out there wrote something very similar to this, about how technology will be the end of us... oh yes, it was Ted Kaczynski, the unibomber.
It's easy to blame everything on 'society' or a faction thereof.. but the truth is, none of these arguments are supported, it's just one big rant about how our current technological era... sucks.
Jon is just trying to confuse us with a 1984 style feature with big words in the hope that we won't realize that this in one huge unsupported rant.
Local post offices will make paper printouts of e-mail messages and deliver them with the snail mail, charging the sender about 41 cents for a two-page document -- an eight-cent premium to first-class mail. This is just what i need, a service in which i pay to see spam!