Sweeney believes that a non rules-based monitoring process must be set up to defend all ingress and egress points covering SMTP, DNS, HTTP(s), IM etc.
What exactly is a "non rules-based monitoring process?" I thought I had some clue about security procedures, but I'm be hard pressed to describe what such a process might be. Even more importantly, what would it cost to implement? TFA is no help here, consisting of the usual hand-waving about the never-ending arms race between malware writers and the rest of us.
We all know what the most effective solution to this problem would be. Funny how it's never mentioned in any of these articles.
I've been really suspicious of Verizon's sudden turn to openness since the original announcement. The contrast between its announced future plans and its past actual behavior is stunning.
I'm also wondering where OpenMoko falls into all of this. Are they just whistling in the dark while the carriers line up behind Linux Mobile, Android and Apple?
From some of the comments I've read here and in Ivan's linked blog, I'm guessing (2) is probably an important part of the story. Here in the developed world we have the good fortune to be able to shop among operating systems, and many of us don't see Microsoft software as per se sophisticated. In the developing world, the Microsoft imprimatur carries even more weight than it does here. When you're talking to the Ministry of Education, proposing a Linux-based system isn't going to have the same clout as proposing an MS-based one. For the uninitiated, MS is going to look like "quality goods" and Linux is going to look like the items in the discount bin. Considering that many American businesses still refuse to consider Linux because "if it's free, it can't be good," why should we expect the Minister of Education in a developing country not to have the same point of view?
I thought the most disturbing part of Ivan's blog was the total lack of attention to deployment. As he writes, "parachuting" coders into Peru or Ecuador to handle deployment issues is just retarded. Did they really expect they'd just ship the things into the country, and they'd all miraculously find their way into the hands of waiting children? My guess is that a lot of sons and daughters of political officials and their friends and lackeys are probably enjoying their OLPCs while their peers in rural areas are still waiting.
Perhaps because Apache httpd is really targeted at network and server admins, not people who want to run just one website on their home computer.
That said, in RedHat-flavored distros the answer is easy. Delete or move the files in/var/www/html and replace the contents of that directory with your website. That's it.
Now I'd put my website in a directory under/home/myusername and add a file to/etc/httpd/conf.d to define a virtual host. But I've been using Apache for a dozen or so years now, so I'm pretty comfortable with the contents of httpd.conf.
For people just starting out with Linux who need to do server administration, I often install Webmin, a web-based graphical front-end for system administration. For people more comfortable with GUIs than the command line, it can often make things much easier.
I built a server on Fedora (Core) 3 since we were in that period after RedHat became commercial but before there were reliable respins like Centos. I'll never do so again, primarily because of the short time period during which Fedora distros are supported.
I think the article's author hasn't had much experience with Linux in the enterprise if he's encouraging people to start with Fedora in order to transition to RHEL. I've used Centos 5 as a desktop distribution, and it would be just fine for most workplaces. It has a clean desktop, the usual array of software, and long-term support. It's a bit more work configuring Centos to use proprietary things like codecs, but that's not often a problem in many office settings. In fact, it's often a blessing. (With Fedora it's just a quick trip to Livna and a one-line command to yum.)
My test of the final release candidate of Fedora 9 sent me back to Fedora 8. I'll give the final version another try soon.
You've asked a lot of questions, most of which have, I believe, fairly straightforward answers.
Whether hanging a painting in a restaurant constitutes a "public performance" probably depends on the relationship between the artist and the restaurant owner. If the artist sells the work to the restaurant, title is transferred to the restaurant owner who can do with the work as she pleases. If the painting is leased or loaned to the restaurant by the artist, then the disposition of the painting needs to be covered in the contract between the parties. As for postcard manufacturers, of course they pay royalties if the work has not yet entered the public domain. I doubt you could walk into a museum, photograph a Warhol, then make a postcard from your photo without running afoul of whomever controls Andy's estate.
As for taking photographs, you may indeed copyright your specific photograph of the Grand Canyon, but you can't stop others from taking the identical picture. What you can do is stop someone from making unauthorized copies of your photo, but beyond that you have no rights.
Songs played on the radio are governed by complex licensing agreements between the stations and the rightsholders. Whether your store can play that radio station for the listening pleasure of your customers is, I believe, not permissible without some type of contract between you and the rightsholders. That's one reason why Muzak was invented, to give retailers a source of background music for which the royalties have already been collected via your Muzak subscription.
Nope, they've decided that the contents are a valid search to make sure you're not carrying in any information which could be used to cause havoc.
The definition of supposedly dangerous information is quite broad, too. Mark Rasch of SecurityFocus had this excellent column on the subject of laptop searches by Customs. He observes "The customs agents' job is to protect the nation from 'anything harmful,' to gather intelligence, prevent terrorism, and to enforce all of the laws, including child pornography and copyright laws. [emphasis mine]"
In fact the original case concerned someone who carried a computer with child pornography into the US.
If your laptop has a collection of movies or songs that you've "acquired" from various helpful people around the world, I'd make sure they were gone before crossing a US border as well.
The broadcasters didn't sue Sony in the Betamax case; the studios did. (The original suit is Universal, et. al. v Sony.) It was their product that was allegedly being infringed by taping. The broadcasters either didn't care, or quietly supported taping since it would ultimately expand their audience reach.
Of course, today NBC and Universal are both owned by General Electric, so their interests are now aligned in a way that was legally impossible in 1976. Now that we've abolished the "financial interest" rules, the sharp divisions between content and conduit in US television have dissolved.
How do someone a get a "+4, Informative" when the information being presented is wrong?
Bratz dolls teach girls how to be materialistic, airheaded zombies more than any toy I can recall.
You're not old enough to remember the arrival of Barbie. Barbie represented those same values in her day. Teaching children to be "materialistic, airheaded zombies" is a prime requirement for the continuation of the system of consumer capitalism we're discussing here. Marketers encourage children to leech off their parents and demand today's "gotta have" items. Why should we expect those children to stop wanting those gotta-have items when they grow up? Only problem is there's often no longer a parent to pay for it.
So, Americans being an ingenious bunch, we've "fixed" that problem, too. We've extended credit to individual consumers on a scale unheard-of in human civilization. Americans now hold, on average, five credit cards per person (cite). Even with low balance limits, five credit cards together constitutes thousands of dollars in credit available to maintain those buying habits bred into American consumers from birth. Good thing all those American babies get to start life with five credit cards. They'll need them.
No the "I'm going to kill the programmer after I hunt him down and torture him for three weeks" 'feature' that FiOS has is the general buginess of the on-demand stuff. You push the button and about 1 out of 3 times it will simply get confused and refuse to give you access to anything for about 2 minutes. If you are scheduled to record ANYTHING during that time, you are screwed because it will not start recording, and it will not let you fix that fact either (grrr).
I'm really surprised Verizon hasn't fixed this problem by now. AFAIK, the program guide is basically just an HTTP client with all the content stored off-site. The only obvious reason why it should take two minutes to get a listing is if the servers are horribly overloaded.
Why they don't rsync the data to the STB once an hour and run it locally escapes me.
There should never be waits as long as I've had using the FiOS program guide.
Re:The FCC will let me be and let me be me
on
Dealing With Dialup
·
· Score: 1
These aren't restrictions from "homeowners' associations," they're restrictions imposed by the Federal government, the "Cape Cod Commission," the state of MA and its various environmental and other regulatory agencies, and the local town governments. I don't know if the FCC jurisdiction rulings on antennas apply to the local government agencies, but I'm be damned surprised if they applied to regulations imposed by the Federal government itself.
Because the property is located inside the National Seashore, various other restrictions come into play. Even simple renovations on these properties involve a lot of permitting and negotiations intended to preserve the character of the Seashore lands.
I host listservers for a national nonprofit organization. My server got blacklisted by AOL for a while because a few subscribers didn't realize they had joined a list. Instead of asking to be removed, they simply tagged the messages as spam at AOL. It didn't take long before we were suddenly considered a spamming server.
Dealing with AOL over this was one of the more annoying problems I faced last year. Now the messages still get reported as spam, but because I've registered my server with AOL, they now ignore these reports.
Users really have little understanding of the nature of modern e-mail traffic. If they sit behind a decent filtering system, they see so little spam that they think most mail is legitimate. When I tell most people that spam constitutes well over 90% of all mail traffic, their jaws drop.
A couple of words of advice for the OP. Set up a system to funnel spams to individual spam folders. (I set global rules in/etc/procmailrc for this.) If you're using SpamAssassin to filter, ignore most anything over 12. If you can, just send these to/dev/null or a quarantine mailbox.
If you want to improve the visibility of your spam filtering operations, and perhaps get some recognition for, or help with, coping with spam, announce a "filtering holiday" in your organization. My recommendation would be to disable filtering over a weekend when most traffic is spam. When everyone arrives on Monday morning, it won't take more than a minute or two for them to realize what the spam problem is really like.
Sure. If Barry Goldwater had become president in 1964 rather than Americans re-electing Lyndon Johnson, most of the civil rights reforms that we take for granted today (in voting, accomodations, etc.) would not have been passed. Why do you think blacks vote 4-1 for the Democrats in most elections?
Unless the criminal is a complete idiot there's more than one drop spot...
Indeed. If I were writing botnet software I'd distribute multiple copies of the collected data across a number of the compromised computers. The press release and article abstract indicate that the botnet control programs and the data were located in the same place. That doesn't seem like a particularly good architecture for this type of system. I'd keep the command programs far away from the harvested data. My hunch is that the data aren't that valuable as I outline below.
I can accept that buying, installing and running a botnet could be as easy as installing an RPM. What appears more disturbing is the reported "timeframe of less than a month" to harvest over 5,000 records. But what kind of records are these? Finjan tells us that the data "consisted of 5,388 unique log files [my emphasis]. Both email communications and web-related data were among them."
They go on to list some specific examples:
Compromised patient data Compromised bank customer data Business-related email communications Captured Outlook accounts containing email communication
I'd be curious to see how much actual "patient" or "bank customer" data is revealed in "log files."/var/log/maillog on my servers would certainly reveal "business-related email communications" in the sense of senders and recipients. Mail logs might also contain some entries for mail between providers and patients or between banks and their customers. Apache logs wouldn't be so useful, though they do contain the usernames when Basic Authentication is used. But none of those logs would reveal much about the content of those communications. I don't know anything about Outlook so I have no idea how its logs might reveal "captured Outlook accounts containing email communication."
Still if all they got after a month were logs, I'm not sure how valuable they would be unless the goal was harvesting addresses for spamming or phishing. Capturing the logs of compromised mail servers would certainly yield a pretty high proportion of legitimate addresses, especially recipient addresses. This method seems especially attractive if you're trying to identify targets for "spear-phishing." If you can compromise some corporate mail servers, you can build up a nice list to "spear."
So I'm guessing Finjan found a machine containing some 5,600 mail server "log files" totalling 1.4 GB. Since the logs are worthless once the addresses are harvested, protecting them isn't much of a priority. I suppose competitive spammers might want to keep these potentially higher-yielding names to themselves, but given the volumes at which spammers operate, they probably don't care.
I think I'll go take a look at my mail servers now just to ease my mind.
Yes, it appears it really is that much better. Browse any of the threads in the Playback Help forum at AnimeSuki. You'll see lots of people complaining that they couldn't play H.264 encodes on their current hardware platform without installing CoreAVC. This is especially a problem for files in the 720p format.
I was consistently unable to play 720p encodes on my P4 running Fedora with either mplayer or xine as the engine. My newer Pentium D doesn't have the same problems, though it chokes on 1080p encodes.
The other alternative to CoreAVC is upgrading to a faster computer.
I always thought Attenborough's presentation had serious ontological problems. His commentary often suggested that species somehow "chose" the traits that encouraged their survival. My vision of evolution is more of a giant crap-shoot, where there are lots of mutations and some survive while others do not.
OLPC is the only product in this market that forces the user to use only what is decreed by the manufacturer.
Funny how when the OLPC project began there wasn't any "market" in low-cost computers for children in the developing world. If anything, most observers thought Negroponte and company were tilting at windmills. I wonder why companies like Intel and Microsoft became so interested in this market so quickly once the actual XO laptop appeared. Could it have been they discovered there was more to this "market" than they originally thought? Or were they concerned that this new competitor might actually succeed in changing the culture of computing in many parts of the world?
Unfortunately, as others have mentioned before, the way into this market is via a few gatekeepers in key government ministries. Despite the "bottom-up" logic that was a motivating vision of the OLPC project, what really appears to matter is "top-down" marketing to bureaucrats. That's a game where established players like Intel and Microsoft hold nearly all the cards.
Twister was the first game to come to my mind because of the potential for topological analysis after the game ends.
Another topological contest is to pair people up (hopefully with members of the opposite sex, or the same sex if appropriate). Have them compete at the task of removing their partners' undergarments as quickly as possible while leaving their outer garments in place. Lots of topological problems there.
I haven't looked at the case in a while, but I thought the class-action suit was premised on the nature of the marketing Microsoft undertook for Vista, particularly the emphasis on Aero and other "glitzy" features in its advertising. I'm not entirely convinced Microsoft will lose this case, but the plaintiffs claim that the "Vista-capable" sticker was applied to machines that were unable to perform at the level advertised.
Automobile ads invariably show vehicles with many additional features, but they include a disclaimer that the car being shown costs more than the advertised base sticker price. There were no disclaimers for Vista that said that the "as-advertised" version required a more expensive hardware platform than one that was tagged "Vista capable."
These are recollections based on my skimming the case when it was submitted.
Firefox lists eleven cookies from PayPal, only a few of which are session cookies. The rest all have expiration dates a decade or two from now. I presume some of these are used to track my behavior over longer periods for whatever advertising or marketing value this information might provide. Some seem rather weird though like a cookie called simply "Apache" with a 2037 expiry. Will we still be using Apache in 2037?
There's also a paypal.112.2o7.net cookie, which I find more obnoxious than PayPal's own.
Along the same lines, my general predisposition is to remove as much responsibility for security from users as is possible. That means scanning email for viruses before they reach the desktop, blocking users from downloading dangerous payloads (like executables) over the web, and so forth. Security should be a part of infrastructure, not something tacked on at the users' end.
Perhaps one reason why it's so hard to figure out what those guys are hawking at the RSA conference is that what they're really hawking is fear. That's been something of a winning strategy on many levels here in the US for the past seven years now.
Does it bother anyone else that a site supposedly devoted to journalism about technology can simply echo really stupid comments like this one? The article doesn't cite anyone else in regard to this claim except Mr. Cicconi. I guess we just can't expect "journalists" to actually dig deeper into a story; this article shows how tech "journalism" is often little more than the reproduction of press releases.
Moreover the journalist feels compelled to turn this into a story about net neutrality. I thought a more pungent question would have been who Mr. Cicconi thinks should be coming up with the hundreds of billions of dollars in new capital investment he envisions. While he extols the value of private capital in the development of the Internet, the speech itself sounds like the sort of thing that's waved around before asking for some type of government assistance.
No, they're not pretending to be msn.com. They're putting up an error page with advertising that tells you that you've requested a non-existent subdomain address.
This sort of thing has been around for a while year. A few years back, Network Solutions started hijacking all queries for non-existent domains in.com,.net, and.org. It took sustained opposition from savvy techies, and some patches to ISC BIND to thwart these efforts, before Network Solutions relented.
I run my own DNS servers so I'm pretty much immune to DNS hijacking of this sort. For instance, that "linux.microsoft.com" hostname mentioned in another comment here turns up a "not found" error for me, not a page about Linux as the poster suggests.
The FBI's jurisdiction ends at the water's edge. Scanning an offshore tracker might be considered as gathering "foreign intelligence." That's been the bailiwick of the CIA and NSA, and off-limits to the FBI for decades. It's true that the reorganization of functions after the establishment of the Department of Homeland Security has made these distinctions less clear.
What makes it more complex is the absence of any prior evidence of guilt before the scanning occurs. If the purpose is to discover new perpetrators rather than track ones already known, where, if at all, do Fourth Amendment protections against search and seizure come into play? Can FBI agents sniff around foreign cities looking for evidence that some American back in the States might be committing a crime? What if there's no prior evidence that any crime is being committed?
I don't know the answers to these questions, but I do think it's an over-statement to claim it's "perfectly" legal.
Slashdot Mirror
Sweeney believes that a non rules-based monitoring process must be set up to defend all ingress and egress points covering SMTP, DNS, HTTP(s), IM etc.
What exactly is a "non rules-based monitoring process?" I thought I had some clue about security procedures, but I'm be hard pressed to describe what such a process might be. Even more importantly, what would it cost to implement? TFA is no help here, consisting of the usual hand-waving about the never-ending arms race between malware writers and the rest of us.
We all know what the most effective solution to this problem would be. Funny how it's never mentioned in any of these articles.
Getting out of the phone business seems all the rage these days.
I've been really suspicious of Verizon's sudden turn to openness since the original announcement. The contrast between its announced future plans and its past actual behavior is stunning.
I'm also wondering where OpenMoko falls into all of this. Are they just whistling in the dark while the carriers line up behind Linux Mobile, Android and Apple?
From some of the comments I've read here and in Ivan's linked blog, I'm guessing (2) is probably an important part of the story. Here in the developed world we have the good fortune to be able to shop among operating systems, and many of us don't see Microsoft software as per se sophisticated. In the developing world, the Microsoft imprimatur carries even more weight than it does here. When you're talking to the Ministry of Education, proposing a Linux-based system isn't going to have the same clout as proposing an MS-based one. For the uninitiated, MS is going to look like "quality goods" and Linux is going to look like the items in the discount bin. Considering that many American businesses still refuse to consider Linux because "if it's free, it can't be good," why should we expect the Minister of Education in a developing country not to have the same point of view?
I thought the most disturbing part of Ivan's blog was the total lack of attention to deployment. As he writes, "parachuting" coders into Peru or Ecuador to handle deployment issues is just retarded. Did they really expect they'd just ship the things into the country, and they'd all miraculously find their way into the hands of waiting children? My guess is that a lot of sons and daughters of political officials and their friends and lackeys are probably enjoying their OLPCs while their peers in rural areas are still waiting.
Perhaps because Apache httpd is really targeted at network and server admins, not people who want to run just one website on their home computer.
/var/www/html and replace the contents of that directory with your website. That's it.
/home/myusername and add a file to /etc/httpd/conf.d to define a virtual host. But I've been using Apache for a dozen or so years now, so I'm pretty comfortable with the contents of httpd.conf.
That said, in RedHat-flavored distros the answer is easy. Delete or move the files in
Now I'd put my website in a directory under
For people just starting out with Linux who need to do server administration, I often install Webmin, a web-based graphical front-end for system administration. For people more comfortable with GUIs than the command line, it can often make things much easier.
I built a server on Fedora (Core) 3 since we were in that period after RedHat became commercial but before there were reliable respins like Centos. I'll never do so again, primarily because of the short time period during which Fedora distros are supported.
I think the article's author hasn't had much experience with Linux in the enterprise if he's encouraging people to start with Fedora in order to transition to RHEL. I've used Centos 5 as a desktop distribution, and it would be just fine for most workplaces. It has a clean desktop, the usual array of software, and long-term support. It's a bit more work configuring Centos to use proprietary things like codecs, but that's not often a problem in many office settings. In fact, it's often a blessing. (With Fedora it's just a quick trip to Livna and a one-line command to yum.)
My test of the final release candidate of Fedora 9 sent me back to Fedora 8. I'll give the final version another try soon.
You've asked a lot of questions, most of which have, I believe, fairly straightforward answers.
Whether hanging a painting in a restaurant constitutes a "public performance" probably depends on the relationship between the artist and the restaurant owner. If the artist sells the work to the restaurant, title is transferred to the restaurant owner who can do with the work as she pleases. If the painting is leased or loaned to the restaurant by the artist, then the disposition of the painting needs to be covered in the contract between the parties. As for postcard manufacturers, of course they pay royalties if the work has not yet entered the public domain. I doubt you could walk into a museum, photograph a Warhol, then make a postcard from your photo without running afoul of whomever controls Andy's estate.
As for taking photographs, you may indeed copyright your specific photograph of the Grand Canyon, but you can't stop others from taking the identical picture. What you can do is stop someone from making unauthorized copies of your photo, but beyond that you have no rights.
Songs played on the radio are governed by complex licensing agreements between the stations and the rightsholders. Whether your store can play that radio station for the listening pleasure of your customers is, I believe, not permissible without some type of contract between you and the rightsholders. That's one reason why Muzak was invented, to give retailers a source of background music for which the royalties have already been collected via your Muzak subscription.
Nope, they've decided that the contents are a valid search to make sure you're not carrying in any information which could be used to cause havoc.
The definition of supposedly dangerous information is quite broad, too. Mark Rasch of SecurityFocus had this excellent column on the subject of laptop searches by Customs. He observes "The customs agents' job is to protect the nation from 'anything harmful,' to gather intelligence, prevent terrorism, and to enforce all of the laws, including child pornography and copyright laws. [emphasis mine]"
In fact the original case concerned someone who carried a computer with child pornography into the US.
If your laptop has a collection of movies or songs that you've "acquired" from various helpful people around the world, I'd make sure they were gone before crossing a US border as well.
The broadcasters didn't sue Sony in the Betamax case; the studios did. (The original suit is Universal, et. al. v Sony.) It was their product that was allegedly being infringed by taping. The broadcasters either didn't care, or quietly supported taping since it would ultimately expand their audience reach.
Of course, today NBC and Universal are both owned by General Electric, so their interests are now aligned in a way that was legally impossible in 1976. Now that we've abolished the "financial interest" rules, the sharp divisions between content and conduit in US television have dissolved.
How do someone a get a "+4, Informative" when the information being presented is wrong?
Bratz dolls teach girls how to be materialistic, airheaded zombies more than any toy I can recall.
You're not old enough to remember the arrival of Barbie. Barbie represented those same values in her day. Teaching children to be "materialistic, airheaded zombies" is a prime requirement for the continuation of the system of consumer capitalism we're discussing here. Marketers encourage children to leech off their parents and demand today's "gotta have" items. Why should we expect those children to stop wanting those gotta-have items when they grow up? Only problem is there's often no longer a parent to pay for it.
So, Americans being an ingenious bunch, we've "fixed" that problem, too. We've extended credit to individual consumers on a scale unheard-of in human civilization. Americans now hold, on average, five credit cards per person (cite). Even with low balance limits, five credit cards together constitutes thousands of dollars in credit available to maintain those buying habits bred into American consumers from birth. Good thing all those American babies get to start life with five credit cards. They'll need them.
No the "I'm going to kill the programmer after I hunt him down and torture him for three weeks" 'feature' that FiOS has is the general buginess of the on-demand stuff. You push the button and about 1 out of 3 times it will simply get confused and refuse to give you access to anything for about 2 minutes. If you are scheduled to record ANYTHING during that time, you are screwed because it will not start recording, and it will not let you fix that fact either (grrr).
I'm really surprised Verizon hasn't fixed this problem by now. AFAIK, the program guide is basically just an HTTP client with all the content stored off-site. The only obvious reason why it should take two minutes to get a listing is if the servers are horribly overloaded.
Why they don't rsync the data to the STB once an hour and run it locally escapes me.
There should never be waits as long as I've had using the FiOS program guide.
These aren't restrictions from "homeowners' associations," they're restrictions imposed by the Federal government, the "Cape Cod Commission," the state of MA and its various environmental and other regulatory agencies, and the local town governments. I don't know if the FCC jurisdiction rulings on antennas apply to the local government agencies, but I'm be damned surprised if they applied to regulations imposed by the Federal government itself.
Because the property is located inside the National Seashore, various other restrictions come into play. Even simple renovations on these properties involve a lot of permitting and negotiations intended to preserve the character of the Seashore lands.
I host listservers for a national nonprofit organization. My server got blacklisted by AOL for a while because a few subscribers didn't realize they had joined a list. Instead of asking to be removed, they simply tagged the messages as spam at AOL. It didn't take long before we were suddenly considered a spamming server.
/etc/procmailrc for this.) If you're using SpamAssassin to filter, ignore most anything over 12. If you can, just send these to /dev/null or a quarantine mailbox.
Dealing with AOL over this was one of the more annoying problems I faced last year. Now the messages still get reported as spam, but because I've registered my server with AOL, they now ignore these reports.
Users really have little understanding of the nature of modern e-mail traffic. If they sit behind a decent filtering system, they see so little spam that they think most mail is legitimate. When I tell most people that spam constitutes well over 90% of all mail traffic, their jaws drop.
A couple of words of advice for the OP. Set up a system to funnel spams to individual spam folders. (I set global rules in
If you want to improve the visibility of your spam filtering operations, and perhaps get some recognition for, or help with, coping with spam, announce a "filtering holiday" in your organization. My recommendation would be to disable filtering over a weekend when most traffic is spam. When everyone arrives on Monday morning, it won't take more than a minute or two for them to realize what the spam problem is really like.
That suggestion is only partly made in jest.
Sure. If Barry Goldwater had become president in 1964 rather than Americans re-electing Lyndon Johnson, most of the civil rights reforms that we take for granted today (in voting, accomodations, etc.) would not have been passed. Why do you think blacks vote 4-1 for the Democrats in most elections?
Unless the criminal is a complete idiot there's more than one drop spot...
/var/log/maillog on my servers would certainly reveal "business-related email communications" in the sense of senders and recipients. Mail logs might also contain some entries for mail between providers and patients or between banks and their customers. Apache logs wouldn't be so useful, though they do contain the usernames when Basic Authentication is used. But none of those logs would reveal much about the content of those communications. I don't know anything about Outlook so I have no idea how its logs might reveal "captured Outlook accounts containing email communication."
Indeed. If I were writing botnet software I'd distribute multiple copies of the collected data across a number of the compromised computers. The press release and article abstract indicate that the botnet control programs and the data were located in the same place. That doesn't seem like a particularly good architecture for this type of system. I'd keep the command programs far away from the harvested data. My hunch is that the data aren't that valuable as I outline below.
I can accept that buying, installing and running a botnet could be as easy as installing an RPM. What appears more disturbing is the reported "timeframe of less than a month" to harvest over 5,000 records. But what kind of records are these? Finjan tells us that the data "consisted of 5,388 unique log files [my emphasis]. Both email communications and web-related data were among them."
They go on to list some specific examples:
Compromised patient data
Compromised bank customer data
Business-related email communications
Captured Outlook accounts containing email communication
I'd be curious to see how much actual "patient" or "bank customer" data is revealed in "log files."
Still if all they got after a month were logs, I'm not sure how valuable they would be unless the goal was harvesting addresses for spamming or phishing. Capturing the logs of compromised mail servers would certainly yield a pretty high proportion of legitimate addresses, especially recipient addresses. This method seems especially attractive if you're trying to identify targets for "spear-phishing." If you can compromise some corporate mail servers, you can build up a nice list to "spear."
So I'm guessing Finjan found a machine containing some 5,600 mail server "log files" totalling 1.4 GB. Since the logs are worthless once the addresses are harvested, protecting them isn't much of a priority. I suppose competitive spammers might want to keep these potentially higher-yielding names to themselves, but given the volumes at which spammers operate, they probably don't care.
I think I'll go take a look at my mail servers now just to ease my mind.
Yes, it appears it really is that much better. Browse any of the threads in the Playback Help forum at AnimeSuki. You'll see lots of people complaining that they couldn't play H.264 encodes on their current hardware platform without installing CoreAVC. This is especially a problem for files in the 720p format.
I was consistently unable to play 720p encodes on my P4 running Fedora with either mplayer or xine as the engine. My newer Pentium D doesn't have the same problems, though it chokes on 1080p encodes.
The other alternative to CoreAVC is upgrading to a faster computer.
I always thought Attenborough's presentation had serious ontological problems. His commentary often suggested that species somehow "chose" the traits that encouraged their survival. My vision of evolution is more of a giant crap-shoot, where there are lots of mutations and some survive while others do not.
OLPC is the only product in this market that forces the user to use only what is decreed by the manufacturer.
Funny how when the OLPC project began there wasn't any "market" in low-cost computers for children in the developing world. If anything, most observers thought Negroponte and company were tilting at windmills. I wonder why companies like Intel and Microsoft became so interested in this market so quickly once the actual XO laptop appeared. Could it have been they discovered there was more to this "market" than they originally thought? Or were they concerned that this new competitor might actually succeed in changing the culture of computing in many parts of the world?
Unfortunately, as others have mentioned before, the way into this market is via a few gatekeepers in key government ministries. Despite the "bottom-up" logic that was a motivating vision of the OLPC project, what really appears to matter is "top-down" marketing to bureaucrats. That's a game where established players like Intel and Microsoft hold nearly all the cards.
Twister was the first game to come to my mind because of the potential for topological analysis after the game ends.
Another topological contest is to pair people up (hopefully with members of the opposite sex, or the same sex if appropriate). Have them compete at the task of removing their partners' undergarments as quickly as possible while leaving their outer garments in place. Lots of topological problems there.
I haven't looked at the case in a while, but I thought the class-action suit was premised on the nature of the marketing Microsoft undertook for Vista, particularly the emphasis on Aero and other "glitzy" features in its advertising. I'm not entirely convinced Microsoft will lose this case, but the plaintiffs claim that the "Vista-capable" sticker was applied to machines that were unable to perform at the level advertised.
Automobile ads invariably show vehicles with many additional features, but they include a disclaimer that the car being shown costs more than the advertised base sticker price. There were no disclaimers for Vista that said that the "as-advertised" version required a more expensive hardware platform than one that was tagged "Vista capable."
These are recollections based on my skimming the case when it was submitted.
Firefox lists eleven cookies from PayPal, only a few of which are session cookies. The rest all have expiration dates a decade or two from now. I presume some of these are used to track my behavior over longer periods for whatever advertising or marketing value this information might provide. Some seem rather weird though like a cookie called simply "Apache" with a 2037 expiry. Will we still be using Apache in 2037?
There's also a paypal.112.2o7.net cookie, which I find more obnoxious than PayPal's own.
Along the same lines, my general predisposition is to remove as much responsibility for security from users as is possible. That means scanning email for viruses before they reach the desktop, blocking users from downloading dangerous payloads (like executables) over the web, and so forth. Security should be a part of infrastructure, not something tacked on at the users' end.
Perhaps one reason why it's so hard to figure out what those guys are hawking at the RSA conference is that what they're really hawking is fear. That's been something of a winning strategy on many levels here in the US for the past seven years now.
Does it bother anyone else that a site supposedly devoted to journalism about technology can simply echo really stupid comments like this one? The article doesn't cite anyone else in regard to this claim except Mr. Cicconi. I guess we just can't expect "journalists" to actually dig deeper into a story; this article shows how tech "journalism" is often little more than the reproduction of press releases.
Moreover the journalist feels compelled to turn this into a story about net neutrality. I thought a more pungent question would have been who Mr. Cicconi thinks should be coming up with the hundreds of billions of dollars in new capital investment he envisions. While he extols the value of private capital in the development of the Internet, the speech itself sounds like the sort of thing that's waved around before asking for some type of government assistance.
No, they're not pretending to be msn.com. They're putting up an error page with advertising that tells you that you've requested a non-existent subdomain address.
.com, .net, and .org. It took sustained opposition from savvy techies, and some patches to ISC BIND to thwart these efforts, before Network Solutions relented.
This sort of thing has been around for a while year. A few years back, Network Solutions started hijacking all queries for non-existent domains in
I run my own DNS servers so I'm pretty much immune to DNS hijacking of this sort. For instance, that "linux.microsoft.com" hostname mentioned in another comment here turns up a "not found" error for me, not a page about Linux as the poster suggests.
Maybe; maybe not.
The FBI's jurisdiction ends at the water's edge. Scanning an offshore tracker might be considered as gathering "foreign intelligence." That's been the bailiwick of the CIA and NSA, and off-limits to the FBI for decades. It's true that the reorganization of functions after the establishment of the Department of Homeland Security has made these distinctions less clear.
What makes it more complex is the absence of any prior evidence of guilt before the scanning occurs. If the purpose is to discover new perpetrators rather than track ones already known, where, if at all, do Fourth Amendment protections against search and seizure come into play? Can FBI agents sniff around foreign cities looking for evidence that some American back in the States might be committing a crime? What if there's no prior evidence that any crime is being committed?
I don't know the answers to these questions, but I do think it's an over-statement to claim it's "perfectly" legal.