Anyway, the FCC/FTC/DOJ/park service etc. periodically come by and close down a telemarketer, but it is pretty
much for show, and in every case the telemarketer has actually been charged with fraud, not with calling people
who've been asked to have their numbers removed. In general, it being the law anyway, telemarketers will take your
# off if you ask (unlike spammers.)
Actually, some provisions of the TCPA do work pretty well- I've only ever received one telemarketer call in the past two years on my cell phone.
I don't get telemarketing calls any more- I dumped all my POTS lines, all I have is a cell phone. It is a violation of
Federal Law (47 USC Sec 227) to use an automated dialing system to make unsolicted calls to cellular, pager, and other radio-based system where the user pays to receive the message.
In most states, you can collect $500 from the originator for each violation.
There are plenty of issues where the law regarding the activities of network administrators (and especially consultants) regarding security work is unclear, or unjust.
The case of Randal Schwartz is not the greatest example of misapplication of the law. Like Kevin Mitnick, Randal has been made into a martyr even though he suffered primarily as a result of his own bad choices.
AC writes:
As a network admin, cases like Oregon vs. Randal Schwartz (author of O'Riely's Llama book on Perl and co-author of the Gecko being prosecuted for performing what I would consider basic network security functions scare the shit out of me.
While Randal is a nice guy and his motives were pure, his actions were wrong. He may not have deserved the royal reaming he got, but he did overstep the bounds of his role at Intel.
He was a consultant, he was at Intel to perform a specific role, which did not include password cracking and building a 'backdoor' to the Internet.
Maybe the solution is education. I doubt the jury in the case had a clue what the issue was or how you secure a network in the first place.
And if you don't know about the case, goto http://www.lightlink.com/spacenka/fors/.
Good luck, Randal. May the Schwartz be with you.
The restitution awarded to Intel was bogus, and was eventually overturned.
Jabber has difficulty communicating with AIM/ICQ because AOL intentionally takes action to block Jabber servers from proxying user communications with AIM/ICQ users from jabber clients.
From my limited review of the source code, Jabber is not inherently worm-proof, it's just not popular enough to attract much attention from worm authors.
Any security advantages that Jabber does have are unrelated to the open source code, but rather are almost entirely due to the communications protocol itself, which makes extensive use of XML and generally does not permit direct client-to-client communications.
I'm not so sure that Goner speading via ICQ has anything to do with the 'shoddy' nature of the client software, there've been other similar malware that used AIM or Messenger to spread their payload.
What about the snowbelt?
on
This is IT?
·
· Score: 2
Aside from the ability of IT to make headway after a foot of snow falls in one night, cold weather tends to have a detrimental effect on batteries, and on humanns. What happens when you are halfway home from work on a -10F Chicago winter night and the batteries die?
As for weather, here in the Midwest we occasionally use outerware to mitigate the effects of the elements on our epidermis. That comes highly recommended. And your mom told me you should wear a hat, too.
Ever read about 'death from exposure'? All the outerwear in the world won't save you if you spend enough time out in subzero temperature without a source of heat... something that my car has, but IT does not.
Why IT won't cut it in many big cities.
on
This is IT?
·
· Score: 2
This product will fail to become popular in Chicago for the same reason that people don't commute by bike... weather and crime.
AC writes
The reason people drive is because they are out of shape, physically incapable of riding a bicycle, or the weather discourages them. Segway solves some of this problem.
The reason I drive is because while a bike would be fine for the six cool yet sunny days of the year that I'm told is the quota for Chicago, it is just not practical between the potholes, road construction, crazy drivers, and the weather.
Speaking of weather, between the consecutive weeks of freezing temperature and the liberal use of salt on the roads, I doubt IT would last a single winter in Chicago.
Another consideration... the neighborhoods I have to drive through to get to and from work, I wouldn't want to be going through in the middle of the night in the exposed transport of a bicycle or IT.
That this post (my post) got modded up to +5 shows exactly what is wrong with the moderation system... There were two earlier comments with basically the same content, but posted by AC or just a user without a +1 bonus point.
Actually, there was one thing my post had that these other posts lacked- I actually went to the trouble of counting the number of sony/non-sony items on the 'geek gift list' at the site.
A CRT television has some serious advantages over LCD or projection, that's why they still make and sell "tube TV's".
Brightness, sharpness, and viewing angle are all much, much better with a direct-view CRT than you could ever get on the very best rear projection.
I bought a Sony XBR after watching one at a friend's house. They may be big, they may be heavy, they may be "old school technology", but they still kick the ass of any rear projection unit.
I don't buy stuff because of brand names or advertising, or price. I buy the product that best serves it's intended purpose... and the Sony XBR is the best TV I've found.
My only regret is that I didn't spring for a larger screen:-)
There are plenty of cool geek gifts not made by Sony, so when 6 out of 13 items on their list are Sony products, you have to suspect something is up...
I like some stuff Sony makes, but I wouldn't call their products "geek friendly".
All other issues aside, wireless devices are are based on shared bandwidth, that is, they act like hubs.
This product is a 10/100 ethernet switch. A completely different animal.
You can now use a single faceplate with a single FastEthernet run back to your core switch to provide switched 10 or 100Mbps connectivity to multiple hosts, and they cannot see each others traffic.
I'm not sure if it's worth several hundred bucks, but it is a neat idea.
In Chicago, we got so sick of sucky internet providers that we banded together and created a Coop, where you pay for only the pipe, and you get what you pay for.
Did you not see the question mark at the end of the subject on the parent comment?
FYI, I did read both the Slashdot article and the referenced offsite article, and neither answers my question as to how Google (or any other web-crawler 'bot) finds 'secret' files that presumably are never linked to from a 'non-secret' page.
Other users here have offered constructive suggestions about how this can happen (apache bug, referer data exposed by analog, etc) , meanwhile you waste your time and karma composing rants about why my question is redundant.
To the best of my knowledge, search engines all work by indexing the web, starting with the base of web sites or submitted URLs, and following the links on each page.
Given this premise, the only way that Google or another search engine could find a page with credit card numbers or other 'secret' data, would be if that page was linked to from another page, and so on, leading back to a 'public' area of some web site.
That is to say, the web-indexing bots used by search engines cannot find anything that an ordinary, very patient human could not find by randomly following links.
With very few exceptions, the only lasting friendships I have with people I work with are with people who I knew in the industry who subsequently got me hired at their workplace.
Generally, after you spend forty hours a week in close proximity with somebody, you don't want to spend your weekend with them too.
No, really, the FCC says there are words you can never ever say on the radio.
The FCC regulates the airwaves, and their broadcast regulations are much stricter than the federal laws regulating 'speech'. Basically, radio and TV are special cases, not to be compared to newspapers.
Also: how about this. Can the New York Times print the source code to DeCSS? Nope. Thats "abridgement" of the free press.
Actually, the NYT can print the source code to DeCSS. They might be prosecuted after the fact, but they cannot be prevented from printing it, and as the code was entered into court records, they could lawfully print those records without repercussion.
I specifically singled out newspapers in my comment, because the 'press' (in the oldest sense) tends to be very strict defenders of their right to print what they choose... and generally they choose not to print profanity, solely because of their image as a 'family paper'.
Actually, many newspapers will print 'fuck' and similar language without using ***, where the editors feel that the word is important to the article.
And yes, newspapers can print 'the seven dirty words', without censure by the government. Many papers have printed all or part of George Carlin's original monologue over the years.
Back in 1995, as part of a response to the CDA, the Philadelphia City newspaper and Harper's magazine printed the seven dirty words in reporting on an online article by the American Reporter.
Next time you hear your favorite song on the radio, and they change "fuck" or "shit" or "bitch" to something else or just bleep it out, be aware that its because the government told them they couldn't play that on the air or print it in the press.
Wrong.
When a newspaper prints or does not print profanity, it is not 'because the government told them they couldn't... print it in the press", it is because the Editor decided not to include it so as not to offend the readership and taint the 'family' attitude of a particular paper.
There is no government pressure on newspapers not to print 'fuck', and there have been many cases in the past couple of years of major papers printing 'fuck'. In eaach case, the decision is made by the editors, without giving a damn what the government thinks.
In much of the 'old school' newspaper business, the 'First amendment' is more important than life itself. A newspaper may engage in self-censorship, where they choose to print or omit 'fuck' or 'shit' based on how the readers will respond, how the editorial board of the newspaper want to present the issue and the paper itself, and how the word fits into the story... but not because of government pressure.
This reminds me of an idea I had when the V-Chip was first introduced.... add a 'Not' gate.
By inverting the output of the V-Chip, you would never again be subjected to Barney...
A friend of mine is planning to deploy an AP as a freenet for friends, with a similar configuration:
Internet -- Firewall -- OpenBSD -- WLAN
The second interface on the (cheap, dedicated PC) OpenBSD host has a crossover directly to the wireless AP, and IPFW rules such that hosts on the wireless segment would only have access to a Squid HTTP proxy, and a permit rule for IPSEC to allow a VPN connection through the OpenBSD host to the 'internal' LAN.
Authentication and security for IPSEC VPN is well documented. Your friends can all browse the web without needing VPN software, and you can get to your local LAN hosts with any IPSEC client.
MAC address spoofing is trivial, even easier than cracking WEP. The MAC should never be relied upon as a security mechanism.
Actually, I am using ORiNOCO products for both the AP and the client. Also tried the 3Com.
Even at it's very best, 802.11b is an 11mbps shared bandwidth connection. Not so hot.
Most likely the problem is environmental, appears that signal strength is good, but noise is also high, according to
dstumbler.
I'm hoping to get a free eval of some of the Cisco products in the next month or so.
Bullshit. Four (well-trained, drug-enhanced, whatever) people with pistols are not going to massacre four hundred unarmed conference attendees.
Real life doesn't work that way. Look at the various other shooting sprees. Ten or so people get shot, then a bunch of overweight ex-high-school-football players with a hero complex pile onto your four terrorists and drag them to the floor.
It just takes a couple of people with carry permits and a lack of respect for these stupid 'disarm the sheeple at public events' restrictions to put a serious crimp in the style of your four armed attackers.
Ebola in the fire supression system? You must be a Tom Clancy fan.
I remember wardialing, back in the days of 'CALLPAK' and unlimited local calling.
Now every local call costs a minimum of 3.5 cents, which isn't bad for the average user, but makes war dialing an expensive proposition.
IIRC, the whole scene died out back around 1990, partly due to the rate changes, and partly due to increased telco monitoring of 'unusual activity' with rumors of improved computerized event correlation and visits from telco security really putting a damper on things.
Re:Is this ethical/legal or not? Is WLAN worth it?
on
Drive-By Hacking in London
·
· Score: 5, Informative
In general, 'wardriving' aka
Netstumbling, refers to the basic act of wandering around and logging the GPS coordinates and response of 802.11b wireless networks to broadcast 'beacon' requests.
IANAL. I have been consulting with laywers, and this is a paraphrase of what they say (in the state of Illinois):
The basic act of identifying a wireless network while on the 'public way' is ethical, and usually legal. The moment you connect to a network and begin to access their machines or use their resources, you are on very shaky ground ethically, and, while unlikely to be prosecuted, are committing a criminal act.
Wireless networks are not only much less secure than wired, they are also considerably slower and less reliable. I have difficulty getting a reliable wireless connection more than fifty feet away from the AP. I have ethernet cables longer than that!
It's generally safe to assume that an administrator who doesn't take the minimal first step of turning on WEP and 'require WEP', is an admin who isn't security-savvy enough to take the much bigger step of forcing all packets through an authenticating VPN gateway.
Suggesting that a site might be secure and yet not have WEP is akin to suggesting that a host might be secure and yet not have enabled shadow passwords. Yes, it is possible, but it is higly unlikely.
Actually, your last line almost says something very important, just change a couple of words:
Just because a WLAN has WEP does not mean it is secure.
When the logos first started to appear, I heard from a friend in the business that they were there to combat piracy, by other TV stations.
It is not uncommon for a station to re-use news footage or network feeds from another station, with or without permission.
When the translucent small 'bugs' first appeared, the 'pirating' stations would sometimes cover up the original station's info by using a larger, more opaque 'bug'
Slashdot Mirror
In most states, you can collect $500 from the originator for each violation.
Sounds like a good model for spam legislation.
The case of Randal Schwartz is not the greatest example of misapplication of the law. Like Kevin Mitnick, Randal has been made into a martyr even though he suffered primarily as a result of his own bad choices.
AC writes:
While Randal is a nice guy and his motives were pure, his actions were wrong. He may not have deserved the royal reaming he got, but he did overstep the bounds of his role at Intel.He was a consultant, he was at Intel to perform a specific role, which did not include password cracking and building a 'backdoor' to the Internet.
From my limited review of the source code, Jabber is not inherently worm-proof, it's just not popular enough to attract much attention from worm authors.
Any security advantages that Jabber does have are unrelated to the open source code, but rather are almost entirely due to the communications protocol itself, which makes extensive use of XML and generally does not permit direct client-to-client communications.
I'm not so sure that Goner speading via ICQ has anything to do with the 'shoddy' nature of the client software, there've been other similar malware that used AIM or Messenger to spread their payload.
The reason I drive is because while a bike would be fine for the six cool yet sunny days of the year that I'm told is the quota for Chicago, it is just not practical between the potholes, road construction, crazy drivers, and the weather.
Speaking of weather, between the consecutive weeks of freezing temperature and the liberal use of salt on the roads, I doubt IT would last a single winter in Chicago.
Another consideration... the neighborhoods I have to drive through to get to and from work, I wouldn't want to be going through in the middle of the night in the exposed transport of a bicycle or IT.
Actually, there was one thing my post had that these other posts lacked- I actually went to the trouble of counting the number of sony/non-sony items on the 'geek gift list' at the site.
Brightness, sharpness, and viewing angle are all much, much better with a direct-view CRT than you could ever get on the very best rear projection.
I bought a Sony XBR after watching one at a friend's house. They may be big, they may be heavy, they may be "old school technology", but they still kick the ass of any rear projection unit.
I don't buy stuff because of brand names or advertising, or price. I buy the product that best serves it's intended purpose... and the Sony XBR is the best TV I've found.
My only regret is that I didn't spring for a larger screen :-)
I like some stuff Sony makes, but I wouldn't call their products "geek friendly".
This product is a 10/100 ethernet switch. A completely different animal.
You can now use a single faceplate with a single FastEthernet run back to your core switch to provide switched 10 or 100Mbps connectivity to multiple hosts, and they cannot see each others traffic.
I'm not sure if it's worth several hundred bucks, but it is a neat idea.
In Chicago, we got so sick of sucky internet providers that we banded together and created a Coop, where you pay for only the pipe, and you get what you pay for.
www.ISPFH.org
The drawbacks?
It ain't cheap.
FYI, I did read both the Slashdot article and the referenced offsite article, and neither answers my question as to how Google (or any other web-crawler 'bot) finds 'secret' files that presumably are never linked to from a 'non-secret' page.
Other users here have offered constructive suggestions about how this can happen (apache bug, referer data exposed by analog, etc) , meanwhile you waste your time and karma composing rants about why my question is redundant.
Given this premise, the only way that Google or another search engine could find a page with credit card numbers or other 'secret' data, would be if that page was linked to from another page, and so on, leading back to a 'public' area of some web site.
That is to say, the web-indexing bots used by search engines cannot find anything that an ordinary, very patient human could not find by randomly following links.
Generally, after you spend forty hours a week in close proximity with somebody, you don't want to spend your weekend with them too.
I specifically singled out newspapers in my comment, because the 'press' (in the oldest sense) tends to be very strict defenders of their right to print what they choose... and generally they choose not to print profanity, solely because of their image as a 'family paper'.
Actually, many newspapers will print 'fuck' and similar language without using ***, where the editors feel that the word is important to the article.
And yes, newspapers can print 'the seven dirty words', without censure by the government. Many papers have printed all or part of George Carlin's original monologue over the years.
Back in 1995, as part of a response to the CDA, the Philadelphia City newspaper and Harper's magazine printed the seven dirty words in reporting on an online article by the American Reporter.
Wrong.
When a newspaper prints or does not print profanity, it is not 'because the government told them they couldn't ... print it in the press", it is because the Editor decided not to include it so as not to offend the readership and taint the 'family' attitude of a particular paper.
There is no government pressure on newspapers not to print 'fuck', and there have been many cases in the past couple of years of major papers printing 'fuck'. In eaach case, the decision is made by the editors, without giving a damn what the government thinks.
In much of the 'old school' newspaper business, the 'First amendment' is more important than life itself. A newspaper may engage in self-censorship, where they choose to print or omit 'fuck' or 'shit' based on how the readers will respond, how the editorial board of the newspaper want to present the issue and the paper itself, and how the word fits into the story... but not because of government pressure.
This reminds me of an idea I had when the V-Chip was first introduced.... add a 'Not' gate. By inverting the output of the V-Chip, you would never again be subjected to Barney...
Internet -- Firewall -- OpenBSD -- WLAN
The second interface on the (cheap, dedicated PC) OpenBSD host has a crossover directly to the wireless AP, and IPFW rules such that hosts on the wireless segment would only have access to a Squid HTTP proxy, and a permit rule for IPSEC to allow a VPN connection through the OpenBSD host to the 'internal' LAN.
Authentication and security for IPSEC VPN is well documented. Your friends can all browse the web without needing VPN software, and you can get to your local LAN hosts with any IPSEC client.
MAC address spoofing is trivial, even easier than cracking WEP. The MAC should never be relied upon as a security mechanism.
Most likely the problem is environmental, appears that signal strength is good, but noise is also high, according to dstumbler.
I'm hoping to get a free eval of some of the Cisco products in the next month or so.
Real life doesn't work that way. Look at the various other shooting sprees. Ten or so people get shot, then a bunch of overweight ex-high-school-football players with a hero complex pile onto your four terrorists and drag them to the floor.
It just takes a couple of people with carry permits and a lack of respect for these stupid 'disarm the sheeple at public events' restrictions to put a serious crimp in the style of your four armed attackers.
Ebola in the fire supression system? You must be a Tom Clancy fan.
http://geekswithguns.com/
Now every local call costs a minimum of 3.5 cents, which isn't bad for the average user, but makes war dialing an expensive proposition.
IIRC, the whole scene died out back around 1990, partly due to the rate changes, and partly due to increased telco monitoring of 'unusual activity' with rumors of improved computerized event correlation and visits from telco security really putting a damper on things.
IANAL. I have been consulting with laywers, and this is a paraphrase of what they say (in the state of Illinois):
Wireless networks are not only much less secure than wired, they are also considerably slower and less reliable. I have difficulty getting a reliable wireless connection more than fifty feet away from the AP. I have ethernet cables longer than that!
Suggesting that a site might be secure and yet not have WEP is akin to suggesting that a host might be secure and yet not have enabled shadow passwords. Yes, it is possible, but it is higly unlikely.
Actually, your last line almost says something very important, just change a couple of words:
Remember, "Security is a process, not a product"
It is not uncommon for a station to re-use news footage or network feeds from another station, with or without permission.
When the translucent small 'bugs' first appeared, the 'pirating' stations would sometimes cover up the original station's info by using a larger, more opaque 'bug'
And so began the logo wars...