I've been a pen tester, and what this guy is doing is not pen testing - it's vetting out false-positives a tool is telling him. As good as tools are, they'll never reveal vulnerabilities that may lead to the overall compromise of an environment. Things like business process flaws (like being able to manually modify prices or submit negative values during balance transfers), blind SQL injection (tools are worthless for those), parameter tampering (like changing an ID showing stuff that isn't yours) and parameter addition. You need an actual person who can look at something and think it's Not Quite Right.... something a tool just can't do.
Biden did a good job reminding everyone that the mess we are in now didn't exactly happen by accident. As he noted it happened precisely because guy's like Ryan voted to put two major wars,
Biden supported the war in Afghanistan ("Whatever it takes, we should do it"), and voted in favor of the "Authorization for Use of Military Force Against Iraq".
You're right. There's a common law example used to describe the situation:
Lets say a robber nabs your briefcase while you're walking down the street. A cop notices, and starts to chase the robber. While the robber's running, the lock on the briefcase breaks, spilling out pictures of underage kids. The robber keeps running, but the cop stops and sees the contents of your briefcase, and then arrests you instead. Since the robber wasn't acting as an entity of the state, the arrest is valid and the evidence is fully admissible in court. The same situation applies if the same thing happens, but only yourself is involved (i.e. your briefcase lock breaks while holding it).
1. Mad cow disease "broke out" after 2000-2001? Umm... no... we've had people sick with vCJD well before the new millenium. And there hasn't been a wide-spread breakout of vCJD - so his predictions are meaningless.
2. Before 9/11? When does JT predict 9/11?
3. The Iraq war? He predicted that? Hell, anyone could have predicted that. Since 1998 Washington's been buzzing about invading, WMD, etc. 9/11 gave Bush the clout to execute it, but he didn't predict anything. The mere fact he eluded to it makes him no different from any other person talking about it since the late 90's.
4. Using the "we're on different worldlines" argument as to why the Olympics didn't happen is a cop-out. You could then use that to claim ANYTHING about why his predictions don't come true, or why something happens that he didn't predict. If we're on a different "worldline", then perhaps everything he said was full of sh*t.
5. How's that US civil war doing? Oh wait, he didn't mean an ACTUAL war yet (even though he predicted 2005) - what he meant was we'll have large disagreements which will LEAD to a civil war, right? Isn't it great when you can manipulate open-ended discussions into your own frame of mind?
I find it interesting that I'm the closed-minded person when I don't believe in your dogma. Wake up - you're the one living in a fantasy land. I predict in 2008 we'll be invaded by Martians. You better start preparing - after all, you have to have an open mind, right?
Sometimes opening your mind too much allows crap like JT to fill in otherwise useful places for information.
The problem is drive - most electrical companies I know don't measure based on peak and non-peak times. So here in the states, it'd take a change in how electricity is measured and billed to make this hit the main stream (and, of course, the backing of energy companies to supply such an incentive). I don't know what it's like in Europe though...
... but its a little more tricky. We figured this out during our senior design project (a video communications system) - all we had to do was have the server start a TCP connection to the client over static source and destination ports, trash the connection before reset/fin packets could be sent and then turn a server on the source port. The NAT we were using would then let an incoming connection come on through to the server. With UDP its a whole lot easier, but it still can be done with TCP as well.
For certain information there are issues that would make it monetarily sound to be up-to-standards... PCI comes to mind. Companies that store and process Visa and MC credit cards are now held to higher level of standards by the credit card companies due to break-ins and information theft. It's something like 50k-100k PER DAY for being out-of-compliance with these standards, plus immediate fines for any information theft. Even to the biggest companies like Wal-Mart, 100k a day isn't exactly "chump change". So even if our government doesn't have regulations with teeth (i.e. HIPPA), there still exist capitalist measures to force companies to become security-minded.
The author failed to point out one of (IMHO) the neatest parts of doing PAM/NSS/LDAP authentication against your server: controlling by host. The LDAP authentication set includes the ability to dictate (using the "host" attribute) which users are allowed on which servers. From an enterprise POV, that helps limit the systems users have access to (controlling which servers your UNIX gurus have access to). You can also tie LDAP into Samba, and using some scripts emulate an active directory. We've been playing with this whole idea for awhile now where I work, to essentially create a mixed environment where Linux/UNIX and Windows can play (somewhat) nicely together. Hopefully this article will bring some more people on board with LDAP authentication for servers....
that'll work for BT transmitted viruses... but more and more cellphones are starting to use internet-esque transmissions methods over broadband cellular networks.... I equate BT transmitted viruses to floppy boot-sector viruses you'd be warned about in school. When was the last time you infected your Windows box by putting a rouge floppy in? How about from the Internet?
I think we need to take a more serious look at this problem. In the 70's and 80's, people laughed off the possibility of threats like these. Now, we spend millions of dollars trying to keep control over these growing problems. Hopefully we can take what we've learned with past threats and how they've evolved to help stop the flow across this new frontier... or at least slow them down. However, since many of these "smart" phones are already running versions of Windows, are we already doomed...?
How in God's name would you switch a from MySQL to PostgreSQL to Oracle to MS SQL or to anything. Have you ever actually written a real database application?
This has been around much longer than all the "recent" 9/11 stuff... has anyone bothered to search for laws and codes regarding the release of classified information? If so, you'd have probably seen this:
And for the 90% of slashdot that's too lazy to look, here's the meat of this code:
(a) Whoever knowingly and willfully communicates, furnishes,
transmits, or otherwise makes available to an unauthorized person,
or publishes, or uses in any manner prejudicial to the safety or
interest of the United States or for the benefit of any foreign
government to the detriment of the United States any classified
information -
(1) concerning the nature, preparation, or use of any code,
cipher, or cryptographic system of the United States or any
foreign government; or
(2) concerning the design, construction, use, maintenance, or
repair of any device, apparatus, or appliance used or prepared or
planned for use by the United States or any foreign government
for cryptographic or communication intelligence purposes; or
(3) concerning the communication intelligence activities of the
United States or any foreign government; or
(4) obtained by the process of communication intelligence from
the communications of any foreign government, knowing the same to
have been obtained by such processes - Shall be fined under this title or imprisoned not more than ten
years, or both.
(b) As used in subsection (a) of this section - The term ''classified information'' means information which, at
the time of a violation of this section, is, for reasons of
national security, specifically designated by a United States
Government Agency for limited or restricted dissemination or
distribution;
and according to this, its been around since 1998... so before you jump on the ever-popular bush+cronies bash wagon, why don't you take a look to see *when* it was you lost your civil rights... you'll find they've been slowly chopped away at for a long time, by democrats and republicans alike.
Slashdot Mirror
I've been a pen tester, and what this guy is doing is not pen testing - it's vetting out false-positives a tool is telling him. As good as tools are, they'll never reveal vulnerabilities that may lead to the overall compromise of an environment. Things like business process flaws (like being able to manually modify prices or submit negative values during balance transfers), blind SQL injection (tools are worthless for those), parameter tampering (like changing an ID showing stuff that isn't yours) and parameter addition. You need an actual person who can look at something and think it's Not Quite Right.... something a tool just can't do.
Biden did a good job reminding everyone that the mess we are in now didn't exactly happen by accident. As he noted it happened precisely because guy's like Ryan voted to put two major wars,
Biden supported the war in Afghanistan ("Whatever it takes, we should do it"), and voted in favor of the "Authorization for Use of Military Force Against Iraq".
Weak minds seem to also have weak memories
Couldn't have said it better myself
your news comes on either much earlier or much later than mine. our film's always on at 1010
ISU used to have the hacking part of that... http://www.iac.iastate.edu/summercamp/index.html
Slashdot posts frequently modded down to "-1, Flamebait", many /. users cry censorship... ... oh wait ...
You're right. There's a common law example used to describe the situation:
Lets say a robber nabs your briefcase while you're walking down the street. A cop notices, and starts to chase the robber. While the robber's running, the lock on the briefcase breaks, spilling out pictures of underage kids. The robber keeps running, but the cop stops and sees the contents of your briefcase, and then arrests you instead. Since the robber wasn't acting as an entity of the state, the arrest is valid and the evidence is fully admissible in court. The same situation applies if the same thing happens, but only yourself is involved (i.e. your briefcase lock breaks while holding it).
In short, bad fortune can get you arrested.
1. Mad cow disease "broke out" after 2000-2001? Umm... no... we've had people sick with vCJD well before the new millenium. And there hasn't been a wide-spread breakout of vCJD - so his predictions are meaningless.
2. Before 9/11? When does JT predict 9/11?
3. The Iraq war? He predicted that? Hell, anyone could have predicted that. Since 1998 Washington's been buzzing about invading, WMD, etc. 9/11 gave Bush the clout to execute it, but he didn't predict anything. The mere fact he eluded to it makes him no different from any other person talking about it since the late 90's.
4. Using the "we're on different worldlines" argument as to why the Olympics didn't happen is a cop-out. You could then use that to claim ANYTHING about why his predictions don't come true, or why something happens that he didn't predict. If we're on a different "worldline", then perhaps everything he said was full of sh*t.
5. How's that US civil war doing? Oh wait, he didn't mean an ACTUAL war yet (even though he predicted 2005) - what he meant was we'll have large disagreements which will LEAD to a civil war, right? Isn't it great when you can manipulate open-ended discussions into your own frame of mind?
I find it interesting that I'm the closed-minded person when I don't believe in your dogma. Wake up - you're the one living in a fantasy land. I predict in 2008 we'll be invaded by Martians. You better start preparing - after all, you have to have an open mind, right?
Sometimes opening your mind too much allows crap like JT to fill in otherwise useful places for information.
Or it could all be a hoax
The problem is drive - most electrical companies I know don't measure based on peak and non-peak times. So here in the states, it'd take a change in how electricity is measured and billed to make this hit the main stream (and, of course, the backing of energy companies to supply such an incentive). I don't know what it's like in Europe though...
ip.src=209.56.124.23 || ip.dst=209.56.124.23
So is that just your two - I mean - five cents?
"donut" suck for him? perhaps his code has "holes"? that'd be the "icing" on the hole deal! har har har
My God have you all lost your mind? The best "Trek" game was EGA Trek. Simple interface. Blow little blips up.
http://en.wikipedia.org/wiki/EGA_Trek
... but its a little more tricky. We figured this out during our senior design project (a video communications system) - all we had to do was have the server start a TCP connection to the client over static source and destination ports, trash the connection before reset/fin packets could be sent and then turn a server on the source port. The NAT we were using would then let an incoming connection come on through to the server. With UDP its a whole lot easier, but it still can be done with TCP as well.
umm, this is slashdot. we don't follow baseball.
1. Give away software 2. ? 3. Profit!... er..
Actually, since it was two American scientists that discovered the RNA interference, WE'LL let you know when it's all clear!
For certain information there are issues that would make it monetarily sound to be up-to-standards... PCI comes to mind. Companies that store and process Visa and MC credit cards are now held to higher level of standards by the credit card companies due to break-ins and information theft. It's something like 50k-100k PER DAY for being out-of-compliance with these standards, plus immediate fines for any information theft. Even to the biggest companies like Wal-Mart, 100k a day isn't exactly "chump change". So even if our government doesn't have regulations with teeth (i.e. HIPPA), there still exist capitalist measures to force companies to become security-minded.
The author failed to point out one of (IMHO) the neatest parts of doing PAM/NSS/LDAP authentication against your server: controlling by host. The LDAP authentication set includes the ability to dictate (using the "host" attribute) which users are allowed on which servers. From an enterprise POV, that helps limit the systems users have access to (controlling which servers your UNIX gurus have access to). You can also tie LDAP into Samba, and using some scripts emulate an active directory. We've been playing with this whole idea for awhile now where I work, to essentially create a mixed environment where Linux/UNIX and Windows can play (somewhat) nicely together. Hopefully this article will bring some more people on board with LDAP authentication for servers....
should'a been a winnebago! barf, get me eagle 5!
...an entire ROBOTIC ARMY of cheeze-eatin' surrender monkeys!
that'll work for BT transmitted viruses... but more and more cellphones are starting to use internet-esque transmissions methods over broadband cellular networks.... I equate BT transmitted viruses to floppy boot-sector viruses you'd be warned about in school. When was the last time you infected your Windows box by putting a rouge floppy in? How about from the Internet?
I think we need to take a more serious look at this problem. In the 70's and 80's, people laughed off the possibility of threats like these. Now, we spend millions of dollars trying to keep control over these growing problems. Hopefully we can take what we've learned with past threats and how they've evolved to help stop the flow across this new frontier... or at least slow them down. However, since many of these "smart" phones are already running versions of Windows, are we already doomed...?
Why Perl DBI, of course!
title 18, sec 798
And for the 90% of slashdot that's too lazy to look, here's the meat of this code: and according to this, its been around since 1998... so before you jump on the ever-popular bush+cronies bash wagon, why don't you take a look to see *when* it was you lost your civil rights... you'll find they've been slowly chopped away at for a long time, by democrats and republicans alike.
all they want is a home for themselves. ship 'em to kavis alpha IV.