.. all the Slashdotters who were moving to Canada to escape their totalitarian state will be whining about how dear everything is up there now. You did all move to Canada right?
Apparently, it was just the ones that can do math.
Yeah, I'd love to tell 50k users that they need to supply me with a complete list of IPs they'd ever need to talk to - that would have made my job so much easier. Or maybe I could individually read and whitelist more than a million emails per month. As for our websites, the only people reading those would be potential customers, so no reason to panic there either, right?
Whitelisting IPs and/or programs is not feasible in most situations.
Before you start calling people 'jackass' - I used to *be* IT security at a medium-sized university. I've done my fair share of incident response and policy-pushing. And no, I don't think it's going to work because it will cause more problems than it solves - in most work environments. But it will help to build a them-and-us mentality between the IT dept and the rest of the workers.
BTW, I believe you can already do white-listing in this manner - there are tools out there.
Unless you have looked at some core dumps, then your "experience" is not worth very much. I haven't seen any problems with generated code with GCC since 1996. Sometimes it doesn't compile the latest and greatest C++, but it's never generated incorrect code for me.
"Ford flipped the switch which he saw was now marked 'Mode Execute Ready' instead of the now old-fashioned 'Access Standby' which had so long ago replaced the appallingly stone-aged 'Off'."
Who modded this insightful? NT achieved C2 certification (discretionary access control). The military - I very much hope - are using at least B1-rated (mandatory access control) systems where it matters. See http://en.wikipedia.org/wiki/Trusted_Computer_Syst em_Evaluation_Criteria (TCSEC, used to be orange book).
I don't think it's quite as obscure as the Banach-Tarski paradox joke in someone's sig. ("An anagram of BANACH TARSKI is BANACH TARSKI BANACH TARSKI").
But when a Democrat is president, and he tries to send the police for the next big strike when an aircraft carrier is called for, will you remember this conversation?
That is why you as a Republican should be worried about it. Hillary is going to get in, and you want her to have the same sort of powers Bush is exercising ?
Bollocks. I used to run email for a university with around 50,000 students (and around 500,000 deliverable email addresses - don't ask). We had one issue during 2 years which was a local college had got itself listed in one of the spamcop zones, because it had turned into a spam relay. So the DNSBL was working as desired. We whitelisted them as they had fixed the problem, but the listing expired around the same time anyway.
During that period we were dumping about 50% of inbound mail thanks to DNSBLs, with no complaints. Our users would have thrown away more legitimate mail than the DNSBL did, had we not been filtering.
Slashdot Mirror
Apparently, it was just the ones that can do math.
Yeah, I'd love to tell 50k users that they need to supply me with a complete list of IPs they'd ever need to talk to - that would have made my job so much easier. Or maybe I could individually read and whitelist more than a million emails per month. As for our websites, the only people reading those would be potential customers, so no reason to panic there either, right?
Whitelisting IPs and/or programs is not feasible in most situations.
Before you start calling people 'jackass' - I used to *be* IT security at a medium-sized university. I've done my fair share of incident response and policy-pushing. And no, I don't think it's going to work because it will cause more problems than it solves - in most work environments. But it will help to build a them-and-us mentality between the IT dept and the rest of the workers.
BTW, I believe you can already do white-listing in this manner - there are tools out there.
Remember when the US had a drug problem and then we declared a War on Drugs and now you can't buy drugs anymore?
Can someone send me a list of all IPv4 hosts which are not malicious? k thanx bye.
PS. please can you also send me an update whenever a new machine is compromised?
Unless you have looked at some core dumps, then your "experience" is not worth very much. I haven't seen any problems with generated code with GCC since 1996. Sometimes it doesn't compile the latest and greatest C++, but it's never generated incorrect code for me.
Fuck no. I could deploy a thousand Linux machines and never have to use the same distro/kernel/config twice. Linux rulez man!
Ah yes, who can forget the great 1 Microsoft Way truck-bombing of '97 ? Or when Linus sent Alan Cox round to kneecap Andy Tanenbaum?
You can run a GUI on my server when you pry the root password from my cold, dead fingers.
"Ford flipped the switch which he saw was now marked 'Mode Execute Ready' instead of the now old-fashioned 'Access Standby' which had so long ago replaced the appallingly stone-aged 'Off'."
Actually, I believe you could just wrap the existing POP/IMAP listener in stunnel and use the alterate POPS/IMAPS ports.
If you can STARTTLS using telnet, then I'm officially Impressed.
Who modded this insightful? NT achieved C2 certification (discretionary access control). The military - I very much hope - are using at least B1-rated (mandatory access control) systems where it matters. See http://en.wikipedia.org/wiki/Trusted_Computer_Syst em_Evaluation_Criteria (TCSEC, used to be orange book).
But Belgium doesn't exist!.
Er, cake please.
In the absence of -1 Really Bad Pun, please mod the parent +1 Funny.
No, I think it made the growing threat of Al Qaeda considerably *worse*.
I don't think it's quite as obscure as the Banach-Tarski paradox joke in someone's sig. ("An anagram of BANACH TARSKI is BANACH TARSKI BANACH TARSKI").
Any system that re-elects John Howard must be deeply flawed :p
That is why you as a Republican should be worried about it. Hillary is going to get in, and you want her to have the same sort of powers Bush is exercising ?
'Necrophilia' and 'Cheers!' should never appear next to each other in any English text. EVER!
(I am so, so sorry)
Bollocks. I used to run email for a university with around 50,000 students (and around 500,000 deliverable email addresses - don't ask). We had one issue during 2 years which was a local college had got itself listed in one of the spamcop zones, because it had turned into a spam relay. So the DNSBL was working as desired. We whitelisted them as they had fixed the problem, but the listing expired around the same time anyway.
During that period we were dumping about 50% of inbound mail thanks to DNSBLs, with no complaints. Our users would have thrown away more legitimate mail than the DNSBL did, had we not been filtering.
Since no one else has posted yet: http://geekz.co.uk/schneierfacts/
Blackhat already has meetings in Europe (Amsterdam?) and Asia (Japan?). http://www.blackhat.com/html/bh-europe-06/bh-eu-06 -index.html