Ok, this is a purely curiosity-based question, and I know there's lot of web security people roaming around here. How would you actually detect that a website like this is a honeypot?
If all of the email addresses in the DNS entry go to fbi.gov, it might be a honeypot.
If the server ip addresses are in the fbi.gov ip block, it might be a honeypot.
Feel free to add others!
To answer your question, the Mac Plus was an AIO or all-in-one computer. I'm not sure if you are old enough to know or remember what a cathode ray tube [wikipedia.org] is, but the Mac Plus used one as a display, and it generated a substantial amount of heat, requiring a fan to cool the machine.
Yeah, these were a real joy to work on. Remember all the warnings about not opening your TV due to the dangerous voltages, etc? All of that was right next to the floppy drive/memory/motherboard you were replacing. The first couple of steps in the service manual after opening the case were to discharge various parts of the display so that you didn't accidentally electrocute yourself.
That's an interesting opinion which I doubt has any basis in reality. As a counterexample, apparently, there's a lot of people hired into the drug trade at below federal minimum wage. There might be other perks such as sex or drugs, but it remains that a lot of people are working illegally (in more than one sense of the word) for much less than any "living wage" would be. So they're already working at the so-called "don't pay enough to make it worth working" level.
But does that take into account any benefits that a person getting paid "under the table" also receives? If these individuals take legitimate jobs, they may lose any public assistance benefits they are currently receiving by being unemployed.
I don't think Craigslist has legal standing to stop others from doing similar things.
Of course they do. The C&D says that PadMapper has violated Craigslist's terms of service and must therefore stop using Craigslist immediately. That is well within their right to do if they so choose. This is just about what Craigslist says you can and cannot do with the data they provide through their service. If you don't abide by that then Craigslist can say to GTFO.
Don't know why it hasn't been mentioned in all of the comments so far, but Open DNS http://www.opendns.com/home-solutions/parental-controls/ will handle exactly what you need, and its harder to bypass than some other software out there.
The issue with this is that it is that it filters the whole house and would interfere with his access to internet pr0n.
Now that there is an economic "boom" in offensive hacking in the US (and probably elsewhere, too), what are the core skill sets that one should have? Computer languages, networking, social engineering? Any non-IT skills, like physics, EE, etc.?
The implication here, since the creators had to know security researchers already had the virus code, is that there is some module the researchers don't know about (which is actually highly probable, anyways, given the fact they wouldn't have unrestricted access to the targeted computers) and the creators wanted to eliminated the evidence. Most likely, that was the module that fulfilled Flame's main purpose, since researchers still aren't sure exactly what it does, which means now they might never know. It also helps that the targeted computers are (most likely) not infected anymore, so people can't even identify if they were ever hit.
I consider this unlikely since the first thing researchers would do would be to create an offline copy of the affected drives. Analysis can proceed from there and the infected system can be restored as often as needed.
Similarly a dead man's switch would be easily bypassed once it was identified by isolating the restored system on a closed network where everything was sand boxed and simulated, including the CC servers. Validation code in the client for the CC servers could be patched around as well if there was some form of validation scheme. Possession is 9/10th of p0wnage after all.
Many file systems will allocate new blocks when overwriting data. Not sure what Windows does. There is also the problem of scrubbing old versions of the files whenever updates are recieved(sic).
Another interesting issue is file compression on the disk. Some systems try to overwrite a file with the same number of bytes but use an overwrite pattern. Unfortunately since that pattern is highly compressible, you are likely to only update 5% of the actual disk blocks that have your data on them. Another pass with a different pattern but the same basic compressibility only overwrites the same 5% of the blocks. Naive implementations can result in programs that supposedly overwrite your data 11 times with different patterns, only to leave 95% of the data untouched.
Indeed. The US economy hasn't been mishandled enough, let's impose a few more nightmarish policies to see just what it will take to break the backbone of this country.
You may say that in jest, but in reality that is probably what it will take for the United States to finally wake up and do something about it.
Is it just me, or has the quality of the trolls at Slashdot absolutely plummeted in the last several years? I really appreciate quality trolling, but I'm afraid that it's turned into a lost art form around here.
Nah, it's just summer and the kiddies are out of school during the day.
Data analysis of moderations/UID/day of the week/date would probably turn up some really interesting stuff.
if you want a accurate number for how many amps your house has, sum the amps listed on every switch of your circuit breaker (or fuses if you have em) and then imagine this number multiples to many surrounding neighborhoods.
This is incorrect. The amperage listed on the main breaker in the panel is the true maximum amperage that can be drawn at the same time (assuming a single panel for the home). Just like your Internet connection, your house is "oversubscribed" to your electrical service. What I mean is that the sum of the amperage capacity of all of the individual circuits in your house is much greater than the max amperage of your home's service. As an example a home might have a 200amp service, but may have 15 to 20 circuits rated at 15amps. The assumption is that not all of your circuits will be drawing their maximum capacity at the same time.
I only wish my phone would hold by default the X-million data points that my outmoded (but cheap and functional) dedicated GPS device does, without quite so much cloud-centric bottlenecking, and leave all expensive data use for optional overlays and current conditions.
You mean like any number of Nokia phones that support the free OVI Maps application?
THOMAS may only allow 1 bill at a time, but there are only so many bills before Congress. Download them one at a time and make an external database. Host that site yourself.
They will figure a way to claim copyright and send DMCA notices to get the site taken down. That assumes they don't just sieze the entire domain and the servers.
What do you mean if? You don't even have to read the article - the two sentence summary states that the patent was granted.
He probably said that because slashdot submitters quite frequently confuse patent applications with the actual patent approvals. Readers do it even more frequently. Of course these days the application for and the granting of a patent seem to go hand in hand.
Slashdot Mirror
Whether ensconced in the Ecuador Embassy or in jail in the US he is an object lesson to those who would follow in his footsteps.
And that, my friends, is the whole point of the exercise.
Ok, this is a purely curiosity-based question, and I know there's lot of web security people roaming around here. How would you actually detect that a website like this is a honeypot?
If all of the email addresses in the DNS entry go to fbi.gov, it might be a honeypot.
If the server ip addresses are in the fbi.gov ip block, it might be a honeypot.
Feel free to add others!
Shamgunov has excellent credentials in the database world, in spite of having worked at Microsoft on SQL Server for six years.
FTFY
To answer your question, the Mac Plus was an AIO or all-in-one computer. I'm not sure if you are old enough to know or remember what a cathode ray tube [wikipedia.org] is, but the Mac Plus used one as a display, and it generated a substantial amount of heat, requiring a fan to cool the machine.
Yeah, these were a real joy to work on. Remember all the warnings about not opening your TV due to the dangerous voltages, etc? All of that was right next to the floppy drive/memory/motherboard you were replacing. The first couple of steps in the service manual after opening the case were to discharge various parts of the display so that you didn't accidentally electrocute yourself.
MacOS System 6 had RAMdisk applications . . . generally much faster than the disk bus.
Whoosh!
That's an interesting opinion which I doubt has any basis in reality. As a counterexample, apparently, there's a lot of people hired into the drug trade at below federal minimum wage. There might be other perks such as sex or drugs, but it remains that a lot of people are working illegally (in more than one sense of the word) for much less than any "living wage" would be. So they're already working at the so-called "don't pay enough to make it worth working" level.
But does that take into account any benefits that a person getting paid "under the table" also receives? If these individuals take legitimate jobs, they may lose any public assistance benefits they are currently receiving by being unemployed.
I don't think Craigslist has legal standing to stop others from doing similar things.
Of course they do. The C&D says that PadMapper has violated Craigslist's terms of service and must therefore stop using Craigslist immediately. That is well within their right to do if they so choose. This is just about what Craigslist says you can and cannot do with the data they provide through their service. If you don't abide by that then Craigslist can say to GTFO.
Really? You must be new here.
Don't know why it hasn't been mentioned in all of the comments so far, but Open DNS http://www.opendns.com/home-solutions/parental-controls/ will handle exactly what you need, and its harder to bypass than some other software out there.
The issue with this is that it is that it filters the whole house and would interfere with his access to internet pr0n.
Now that there is an economic "boom" in offensive hacking in the US (and probably elsewhere, too), what are the core skill sets that one should have? Computer languages, networking, social engineering? Any non-IT skills, like physics, EE, etc.?
Arabic?
That said, only a handful of gun owners I know have every actually replaced their pins, and most wouldn't have a clue as to how to do it.
Sounds like a good business opportunity to me.
The owner of a gun has a a responsibility to keep it safe. Moral and legal..
Citation needed.
Your actions will get around to other companies.
FTFY
What is the value of a random persons stolen linkedin account... I'm trying to figure out how its not zero.
Because people have been known to reuse passwords on other sites that might have a non-zero value.
The telecom industry is reconsolidating and has what is arguably the most powerful lobby in Washington
OK, I'll argue. I don't think the telecom industry's lobbying holds a candle to either the banking industry or the insurance industry.
[Car frames] are expensive to replace, but not as much as the driver.
Not really, but people tend to frown when you put things in the opposite order.
The implication here, since the creators had to know security researchers already had the virus code, is that there is some module the researchers don't know about (which is actually highly probable, anyways, given the fact they wouldn't have unrestricted access to the targeted computers) and the creators wanted to eliminated the evidence. Most likely, that was the module that fulfilled Flame's main purpose, since researchers still aren't sure exactly what it does, which means now they might never know. It also helps that the targeted computers are (most likely) not infected anymore, so people can't even identify if they were ever hit.
I consider this unlikely since the first thing researchers would do would be to create an offline copy of the affected drives. Analysis can proceed from there and the infected system can be restored as often as needed.
Similarly a dead man's switch would be easily bypassed once it was identified by isolating the restored system on a closed network where everything was sand boxed and simulated, including the CC servers. Validation code in the client for the CC servers could be patched around as well if there was some form of validation scheme. Possession is 9/10th of p0wnage after all.
Many file systems will allocate new blocks when overwriting data. Not sure what Windows does. There is also the problem of scrubbing old versions of the files whenever updates are recieved(sic).
Another interesting issue is file compression on the disk. Some systems try to overwrite a file with the same number of bytes but use an overwrite pattern. Unfortunately since that pattern is highly compressible, you are likely to only update 5% of the actual disk blocks that have your data on them. Another pass with a different pattern but the same basic compressibility only overwrites the same 5% of the blocks. Naive implementations can result in programs that supposedly overwrite your data 11 times with different patterns, only to leave 95% of the data untouched.
Indeed. The US economy hasn't been mishandled enough, let's impose a few more nightmarish policies to see just what it will take to break the backbone of this country.
You may say that in jest, but in reality that is probably what it will take for the United States to finally wake up and do something about it.
Is it just me, or has the quality of the trolls at Slashdot absolutely plummeted in the last several years? I really appreciate quality trolling, but I'm afraid that it's turned into a lost art form around here.
Nah, it's just summer and the kiddies are out of school during the day. Data analysis of moderations/UID/day of the week/date would probably turn up some really interesting stuff.
if you want a accurate number for how many amps your house has, sum the amps listed on every switch of your circuit breaker (or fuses if you have em) and then imagine this number multiples to many surrounding neighborhoods.
This is incorrect. The amperage listed on the main breaker in the panel is the true maximum amperage that can be drawn at the same time (assuming a single panel for the home). Just like your Internet connection, your house is "oversubscribed" to your electrical service. What I mean is that the sum of the amperage capacity of all of the individual circuits in your house is much greater than the max amperage of your home's service. As an example a home might have a 200amp service, but may have 15 to 20 circuits rated at 15amps. The assumption is that not all of your circuits will be drawing their maximum capacity at the same time.
I only wish my phone would hold by default the X-million data points that my outmoded (but cheap and functional) dedicated GPS device does, without quite so much cloud-centric bottlenecking, and leave all expensive data use for optional overlays and current conditions.
You mean like any number of Nokia phones that support the free OVI Maps application?
THOMAS may only allow 1 bill at a time, but there are only so many bills before Congress. Download them one at a time and make an external database. Host that site yourself.
They will figure a way to claim copyright and send DMCA notices to get the site taken down. That assumes they don't just sieze the entire domain and the servers.
What do you mean if? You don't even have to read the article - the two sentence summary states that the patent was granted.
He probably said that because slashdot submitters quite frequently confuse patent applications with the actual patent approvals. Readers do it even more frequently. Of course these days the application for and the granting of a patent seem to go hand in hand.
Cool. I would finally get a chance to try out my HERF gun.