I find that using email makes me more efficient by allowing me to have multiple conversations at once, as well as see the history of the conversation in all of the replies.
Exactly. And I've got the expression that at least some people make up their mind before they send an email, so that their writing is somewhat coherent. This saves me a lot of time. And the asynchronous nature of email enables to schedule my time and allocate it to the most important issue at hand. And people accept auto-generated bulk messages if they contain useful content. If you know how to use it properly, email scales extremely well.
For example, last week, we used email to coordinate efforts to patch or shut down about 1000 boxes running Sendmail (yes, we had a backup strategy if mail communication had beomce impossible because of a worm or something like that). We had to notify about 200 organizational units, and 80 of them required special attention because they wouldn't deal with it on their own. Of course, this isn't a big deal, but try to do this without email and just two or three people.
It seems that this more about AIX than about Linux. Linux is just being added for the sake of publicity, but the real attack vector against IBM are the contractual obligations under the System V source code licensing for AIX.
So much for the GPL virus. Looks as if proprietary license agreements can be pretty viral, too. So beware of Shared Source! You might walk into the System V trap!
Read the NIPC Advisory -- it sends people the the ISS site for Sendmail patches. Not only is the link broken, but ISS does not offer patches on its site, at least not in the public area.
In short, if you rely on NIPC, you are screwed. Nice waste of your tax dollars.
Copyrights and trademarks are very different concepts of so-called intellectual property. Please do not conflate the two, this leads to immediate confusion.
In Germany, dynamic vs. static IP addresses are used to separate business and private Internet connectivity (and dynamic addresses are reassigned every 24 hours). For some applications, this doesn't matter, of course. Actually, business Internet access isn't too expensive either, but you usually pay per volume, so you can't afford all this P2P stuff...
Reasearch networks are particular well at this sports: For example, the German Research Network (DFN) has a strict anti-peering policy. GÉANT, a European research network, appears to accepts only links to a single research network operator in each member country.
Of course, the most important aspect of such networks is that the bandwidth they offer is helpful in Dick Size Wars at supercomputing conferences, so it's not a terribly loss for the Internet at large.
I think I've seen a DeepSight bulletin that was send around 9:00 UTC on that very Saturday (at least "DeepSight" is referenced in it). In this bulletin, Symantec recommended that customers protect MS SQL servers using filters, as an emergency measure. They failed to notice that this worm was melting the networks of their customers and as a result, didn't provide them with adequate information.
I'm furious how a single company tries to profit from the Slammer incident. The network engineers who cooperated in a truly open manner and successfully mitigated the issue on a large scale deserve all the praise. I've never seen such a cooperation before, and I believe it was for the first time that so many people at different network service providers worked together to address a global threat in such a timely manner.
Most people view the Slammer incident as a fearful omen of worse things to come. But as long as the big carriers continue to allow those great engineers to run their networks, these engineers will be able to deal with distinctly more fatal threats, I believe. Let's hope that corporate craze doesn't scare them off.
Spammers have been spoofing legit addresses for a while.
An extremely annoying form is the version with a Return-Receipt-To: header. This can result in a very effective denial of service attack on the victim's mail infrastructure.
The Gnu project was our last best hope for not being co-opted by business... It failed.
Come on, this is nothing new. I visited LinuxTag in 2000 and noticed that even then, most companies viewed GNU/Linux as just another platform for which they can sell proprietary software. There wasn't much talk about GNU, the GPL, or Free Software outside the Free Software Ghetto.
Fortunately, all this didn't dilute the GNU or Free Software label. "Open Source" can be applied to everything which runs on a UNIX-like operating system, irrespective of license and geek factor. I'm sure we'll never see a GNU Award for Free Software Excellence given to e.g. WebSphere, unless WebSphere is actually Free Software.
Of course, the initial momentum of the Linux and Open Source movements has mostly ended in the corporate graveyard. But I doubt that it's harder to work on Free Software for a living than it was at the beginning of 90s, so it's probably not a big deal.
My assumption was that they were talking about ATM (Asynchronous Transfer Mode). Many ATM networks were significantly hurt by this because routers and switches that utilize SVCs kept building and rebuilding circuits.
Well, maybe some networks remain which do this, but they can be felled by a simple port scan.:-)
In fact, ATM networks are less vulnerable to this type of things, if you set them up correctly. You can separate criticial servers (for example, SSH loging to your management stations) using PVCs and reserve bandwidth accordingly. (Yeah, QoS is finally reaching Ethernet and IP, but I'm still unsure if it's possible to deploy the current technology in way that is actually manageable.)
No, it *is* about monoculture. A lot of identical binaries listening to one particular UDP port and going beserk when they get that one particular input.
There aren't that many MSDE/MS SQL Server installations.
I guess quite a few of those Slammer infections would have been avoided if the systems were more homogenous, -- Surely you mean heterogeneous.
No, "homogenous" is correct. If all machines run the same software, they are more easy to administer, and it's less likely that you miss a vulnerable service.
Well, this isn't about monoculture. The fact that there are a plethora of UDP services out there didn't prevent this worm. Even in Microsoft-only enterprise networks, only a fraction of machines was infected. Nobody thinks about QoS for IP data networks in such an environment (granted, it's a hard problem), so just a few uncooperating hosts can bring down your network. In fact, the monoculture wasn't Microsoft in this case, but IP over Ethernet.
That being said, diversity in software or hardware is a good defence against many problems (vendors are less likely to screw you, you can work around bugs by switching platforms etc.), but often, you cannot afford it, and with current IT staff workload, it often ends in desasters. I guess quite a few of those Slammer infections would have been avoided if the systems were more homogenous, as MS SQL/MSDE would not have been running on them... Sadly, most networks aren't in a state in which it is reasonable to think about diversity as an additional line of defense.
I did a quick check and atleast Amazon, Ebay and Yahoo all use 1024 bit RSA certificates, by turning my machine to crack those I could impersonate any of those.
Currently, it costs less than 10^6 dollars to install a new root certificate in the popular browsers. So it's much cheaper to attack the HTTPS PKI this way, in particular since you can impersonate all sites at once.
This means that it's probably not only SCO's IP, but also some of Microsoft's IP that is involved here.
Unfortunately, Microsoft sold its SCO stock, so this conspiracy theory doesn't quite work out. But hey, the Evil often returns to its former Servants to recruit them again, doesn't it?
Easier said than done... that may be true for smaller networks, but isn't the case for larger ISPs.
The idea is that for each host on the Internet, there is at least one independently administrated router in front of it which performs source address validation before forwarding packets further upstream to a transit network (where address validation becomes complicated).
However, it would take quite a long time until you saw any effect, like any other DoS mitigation tactic which does not support incremental deployment.
ICMP Traceback is promising, though. I really hope that it's as useful as it looks.
But would it really matter? Europe being a free-trade zone, I wonder if it would be illegal to import a CD made from PD material from a European country to another European country where said material still enjoys protection?
Good point. If we were talking about copyright, this would be correct. If a copy of a work has been legally distributed in one country of the European Union before, this copy can be distributed in Germany too (if other German law is not infringed, of course).
However, 85 UrhG does not refer to 17 UrhG, so this rule does not apply to the record company's right. This could be an oversight, and indeed might not hold up in court (especial a European one).
A new performance and recording of an old song would be protected by copyright. But a new digital remastering of a public domain recording isn't a new work any more than transforming a.wav to.mp3 makes it a new work.
Yes, but we aren't talking about copyright here. In Germany, it's IPR related to copyright, and different rules apply in this case. If you create a record, this record is protected as a record, whether the material on it is copyrighted or not (see 85 UrhG).
Slashdot Mirror
The programs that I have seen tie into or replace WINSOC,
You mean, by INGSOC?
I find that using email makes me more efficient by allowing me to have multiple conversations at once, as well as see the history of the conversation in all of the replies.
Exactly. And I've got the expression that at least some people make up their mind before they send an email, so that their writing is somewhat coherent. This saves me a lot of time. And the asynchronous nature of email enables to schedule my time and allocate it to the most important issue at hand. And people accept auto-generated bulk messages if they contain useful content. If you know how to use it properly, email scales extremely well.
For example, last week, we used email to coordinate efforts to patch or shut down about 1000 boxes running Sendmail (yes, we had a backup strategy if mail communication had beomce impossible because of a worm or something like that). We had to notify about 200 organizational units, and 80 of them required special attention because they wouldn't deal with it on their own. Of course, this isn't a big deal, but try to do this without email and just two or three people.
This is peculiar since Symantec does not post any regular updates to their AntiVirus software on the weekends.
Well, they should had released it on Friday, then, when the worm started to make its rounds.
It seems that this more about AIX than about Linux. Linux is just being added for the sake of publicity, but the real attack vector against IBM are the contractual obligations under the System V source code licensing for AIX.
So much for the GPL virus. Looks as if proprietary license agreements can be pretty viral, too. So beware of Shared Source! You might walk into the System V trap!
Read the NIPC Advisory -- it sends people the the ISS site for Sendmail patches. Not only is the link broken, but ISS does not offer patches on its site, at least not in the public area.
In short, if you rely on NIPC, you are screwed. Nice waste of your tax dollars.
Copyrights and trademarks are very different concepts of so-called intellectual property. Please do not conflate the two, this leads to immediate confusion.
In Germany, dynamic vs. static IP addresses are used to separate business and private Internet connectivity (and dynamic addresses are reassigned every 24 hours). For some applications, this doesn't matter, of course. Actually, business Internet access isn't too expensive either, but you usually pay per volume, so you can't afford all this P2P stuff...
How did this even get posted? It's obviously complete satire.
The interview was actually published in the German Focus magazine a few years ago. (Was it really in 1995? Oh my.) I'm sure Mr. Gates endorsed it.
It's going to be patented, so I'm almost certain that we won't see wide adoption.
You can play around with HashCash. I think many free MUAs support it (including Gnus).
Reasearch networks are particular well at this sports: For example, the German Research Network (DFN) has a strict anti-peering policy. GÉANT, a European research network, appears to accepts only links to a single research network operator in each member country.
Of course, the most important aspect of such networks is that the bandwidth they offer is helpful in Dick Size Wars at supercomputing conferences, so it's not a terribly loss for the Internet at large.
I think I've seen a DeepSight bulletin that was send around 9:00 UTC on that very Saturday (at least "DeepSight" is referenced in it). In this bulletin, Symantec recommended that customers protect MS SQL servers using filters, as an emergency measure. They failed to notice that this worm was melting the networks of their customers and as a result, didn't provide them with adequate information.
I'm furious how a single company tries to profit from the Slammer incident. The network engineers who cooperated in a truly open manner and successfully mitigated the issue on a large scale deserve all the praise. I've never seen such a cooperation before, and I believe it was for the first time that so many people at different network service providers worked together to address a global threat in such a timely manner.
Most people view the Slammer incident as a fearful omen of worse things to come. But as long as the big carriers continue to allow those great engineers to run their networks, these engineers will be able to deal with distinctly more fatal threats, I believe. Let's hope that corporate craze doesn't scare them off.
Spammers have been spoofing legit addresses for a while.
An extremely annoying form is the version with a Return-Receipt-To: header. This can result in a very effective denial of service attack on the victim's mail infrastructure.
The Gnu project was our last best hope for not being co-opted by business... It failed.
Come on, this is nothing new. I visited LinuxTag in 2000 and noticed that even then, most companies viewed GNU/Linux as just another platform for which they can sell proprietary software. There wasn't much talk about GNU, the GPL, or Free Software outside the Free Software Ghetto.
Fortunately, all this didn't dilute the GNU or Free Software label. "Open Source" can be applied to everything which runs on a UNIX-like operating system, irrespective of license and geek factor. I'm sure we'll never see a GNU Award for Free Software Excellence given to e.g. WebSphere, unless WebSphere is actually Free Software.
Of course, the initial momentum of the Linux and Open Source movements has mostly ended in the corporate graveyard. But I doubt that it's harder to work on Free Software for a living than it was at the beginning of 90s, so it's probably not a big deal.
I don't see how sending away warez kiddies damages their network, let alone how it deals them a "staggering blow".
Of course, the response of the warez kiddies is the "staggering blow", like before.
My assumption was that they were talking about ATM (Asynchronous Transfer Mode). Many ATM networks were significantly hurt by this because routers and switches that utilize SVCs kept building and rebuilding circuits.
:-)
Well, maybe some networks remain which do this, but they can be felled by a simple port scan.
In fact, ATM networks are less vulnerable to this type of things, if you set them up correctly. You can separate criticial servers (for example, SSH loging to your management stations) using PVCs and reserve bandwidth accordingly. (Yeah, QoS is finally reaching Ethernet and IP, but I'm still unsure if it's possible to deploy the current technology in way that is actually manageable.)
No, it *is* about monoculture. A lot of identical binaries listening to one particular UDP port and going beserk when they get that one particular input.
There aren't that many MSDE/MS SQL Server installations.
I guess quite a few of those Slammer infections would have been avoided if the systems were more homogenous,
-- Surely you mean heterogeneous.
No, "homogenous" is correct. If all machines run the same software, they are more easy to administer, and it's less likely that you miss a vulnerable service.
Well, this isn't about monoculture. The fact that there are a plethora of UDP services out there didn't prevent this worm. Even in Microsoft-only enterprise networks, only a fraction of machines was infected. Nobody thinks about QoS for IP data networks in such an environment (granted, it's a hard problem), so just a few uncooperating hosts can bring down your network. In fact, the monoculture wasn't Microsoft in this case, but IP over Ethernet.
That being said, diversity in software or hardware is a good defence against many problems (vendors are less likely to screw you, you can work around bugs by switching platforms etc.), but often, you cannot afford it, and with current IT staff workload, it often ends in desasters. I guess quite a few of those Slammer infections would have been avoided if the systems were more homogenous, as MS SQL/MSDE would not have been running on them... Sadly, most networks aren't in a state in which it is reasonable to think about diversity as an additional line of defense.
I did a quick check and atleast Amazon, Ebay and Yahoo all use 1024 bit RSA certificates, by turning my machine to crack those I could impersonate any of those.
Currently, it costs less than 10^6 dollars to install a new root
certificate in the popular browsers. So it's much cheaper to attack
the HTTPS PKI this way, in particular since you can impersonate all
sites at once.
Mediaforce has sent a couple of user education requests to German network operators in early 2002.
First of all, read this document: Microsoft Applauds European Commission Decision to Close Santa Cruz Operation Matter -Decision upholds Microsoft's right to receive royalties if SCO utilizes Microsoft's technology.
This means that it's probably not only SCO's IP, but also some of Microsoft's IP that is involved here.
Unfortunately, Microsoft sold its SCO stock, so this conspiracy theory doesn't quite work out. But hey, the Evil often returns to its former Servants to recruit them again, doesn't it?
Easier said than done... that may be true for smaller networks, but isn't the case for larger ISPs.
The idea is that for each host on the Internet, there is at least one independently administrated router in front of it which performs source address validation before forwarding packets further upstream to a transit network (where address validation becomes complicated).
However, it would take quite a long time until you saw any effect, like any other DoS mitigation tactic which does not support incremental deployment.
ICMP Traceback is promising, though. I really hope that it's as useful as it looks.
You guys should know that a trivial remote root hole for SSH was released today on bugtraq.
The posting appears to be a fake. (I wonder why your snake oil alerts didn't go off...)
But would it really matter? Europe being a free-trade zone, I wonder if it would be illegal to import a CD made from PD material from a European country to another European country where said material still enjoys protection?
Good point. If we were talking about copyright, this would be correct. If a copy of a work has been legally distributed in one country of the European Union before, this copy can be distributed in Germany too (if other German law is not infringed, of course).
However, 85 UrhG does not refer to 17 UrhG, so this rule does not apply to the record company's right. This could be an oversight, and indeed might not hold up in court (especial a European one).
A new performance and recording of an old song would be protected by copyright. But a new digital remastering of a public domain recording isn't a new work any more than transforming a .wav to .mp3 makes it a new work.
Yes, but we aren't talking about copyright here. In Germany, it's IPR related to copyright, and different rules apply in this case. If you create a record, this record is protected as a record, whether the material on it is copyrighted or not (see 85 UrhG).