somehow I doubt outright fake chipsets and devices like this can be produced by anyone other than cisco themselves.
Well stop doubting, there is enough industrial espionage going on that this stuff does happen. Even companies like Cisco are not immune to it. I can tell you that Cisco is taking this stuff very seriously, to the extent that in the not-too-distant future, your Cisco software images will only run on hardware that contains an embedded digital certificate that is validated by the software image. This is a huge problem for Cisco's warranty/failure auditing department.
Are you referring to a different RFC? 2616 establishes the function for the various HTTP requests, among other things. The only recommendation that it provides is regarding sensitive data as part of a GET URI, from section 15.1.3:
Authors of services which use the HTTP protocol SHOULD NOT use GET
based forms for the submission of sensitive data, because this will
cause this data to be encoded in the Request-URI. Many existing
servers, proxies, and user agents will log the request URI in some
place where it might be visible to third parties. Servers can use
POST-based form submission instead
Repeat after me kids: "GET and POST are equally tamperable and equally (in)secure. The only thing they are not, is equally logged".
The SQL error message unto itself is not an indicator of vulnerability. It *is* an indicator that you were able to get input from the web form to manipulate/modify the SQL query (and break it). This is the first step in determining whether a given web app is even exploitable. If all you keep getting back is "invalid username" or a normal app response, it's unlikely that the app is vulnerable.
The trick to exploiting SQL injection is being able to figure out the right sequence of input characters needed to gracefully terminate the intended SQL command, while also being able to craft a subsequent SQL query that does what you intend. Alternatively, you may want to modify the intended command. For example, "SELECT orderstatus FROM table where orderid = $FORM{'orderid'}" expects the orderid form field to be some value that's in the table somewhere. If instead you enter "1 OR 1=1" as your input, you'd get every row back since 1=1 for all rows. Using this example, you could also try to append a new query, by entering something like "1; drop database;". Many times an attacker will need to find various escape characters, quotes, etc. to get their input crafted properly to exploit the app.
SQL errors in web apps are what web crackers like to see for the same reason that exploit authors like to see segfaults where EIP=0x41414141.. it means that they were able to get their input down to the execution point in a program that got past the boilerplate protections that the app had in place (if any).
No.. The Blue Pill refers to creating undetectable malware using AMD's Secure Virtual Machine extensions (aka Pacifica) on AM2 based processors.
In short, what happens is that the malware enables Virtual Machines in the CPU by setting the SVME bit in the MSR EFER register, and puts the OS into a VM. It is then able to hook into all layers of the OS using the VM hypervisor, which controls all processing before the OS can. It doesn't need to install any files and depending on the extents that the malware author goes to hide itself against timing analysis (1:15 difference in execution latency when in VM mode vs native mode), it's pretty darn undetectable.
The question becomes, how do you get this malware to be loaded in the first place? The answer (what the OP is about) is to use raw disk access to the pagefile. By VirtualAlloc()'ing a shitload of RAM and causing all unused drivers to be paged to disk, you can edit the pagefile where those code bits have been swapped to inject malicious code. As far as I can tell, this is the part that the original post is about, not the "Blue Pill" (the AMD VM hack). In all likelihood, MS will disable these critical parts of the kernel from being pagable at all to mitigate this issue (it's already a registry option.)
The basis of the vulnerability is that it modifies device drivers that get swapped out to the pagefile. It can then hook shellcode when the driver is instanciated, in this case allowing unsigned drivers to be loaded.
You are probably thinking of the AMD hypervisor she discussed for designing Vista rootkits.
Let's face it, who just shares one sone (or one CD's worth of song's)? Most of the offenders are sharing hundreds or thousands of songs. So, if you were caught stealing 1000 or 5000 CD's is it better? What if we say that for every 15 songs downloaded from you, that is equivalent to stealing a CD.. now how many is it worth?
This was pretty much my take on this issue too - not really a case of concern because of DoD using technology owned by an Israeli company since they already use Firewall-1/VPN-1 all over the place. My understanding with FW-1 and DoD using foreign-owned tech is that the DoD has access to review the source code as a requirement to using it.
Not ugly sells, but simple sells? I'd put it in graphic design terms: "pretty alone doesn't sell". I used to work for a web design/hosting company doing CGI development (way back in the day!) and it never ceased to amaze me at how much time the graphic designers spent on page layout, getting tables to align right, and generally making the web world mimic the print world. Not once did they ever care about how the shopping cart order flow or database search functionality worked. Looks like it's 10 years later and they are only now just "getting it".
Just because you can say it doesn't mean there aren't consequenses from saying it!
Threatening to kill Danish citizens is not a "consequence" of freedom of speech. Pissing someone off doesn't give them the right to burn shit, and kill people. That is not a valid "consequence" of speech.
Agreed, I'm not here to justify the way many Muslims are behaving. I'm speaking more to the Jyllands-Posten's excuse that they don't need to apologize for offending Muslims, in the name of Free Speech.
Ya know, there's something that everyone born with the right to free speech seems to have forgotten lately..
Just because you can say it doesn't mean there aren't consequenses from saying it! To think that someone can stand on their soapbox and rant on about something that infuriates others and not have their ass kicked shows a severe lack of common sense.
That said, there's definitely room for tolerance of conflicting opinions, views, etc. in our world. But don't expect everyone to act that way.
From what I hear, Cisco has agreed to not touch SA for 2 years. Is that correct?
I'm pretty sure that only applies to senior management, who have agreed to stay for two years following the acquisition. Based on my experience with other companies, I'd venture to say that within 6-12 months, any redundant or competitive product lines will be merged or cut. As far as the product partnerships go, those would probably remain for the period of their contractual obligation.
As previously posted, they are paying $5.3B net since the other $1.7B cash is for $1.7B cash. S-A has no significant debt, and definitely not $1.7B worth. Refer to these (correct) articles:
Scientific-Atlanta also comes with a bushel of excess cash. The money in its bank vault will go to Cisco, shaving the ultimate price tag for Scientific-Atlanta from $6.9 billion to $5.3 billion.
Cisco said that the net cost of the acquisition would be $5.3 billion after subtracting Scientific-Atlanta's existing cash balance. It also plans to assume outstanding Scientific-Atlanta options.
[Disclaimer: I am an S-A employee]
Scientific-Atlanta and Motorola are the main players in the Hybrid Fiber-Coax (HFC) infrastructure that the entire cable industry, and thus all of cable-based broadband Internet runs on. With the telcos getting into this market (SBC and Verizon), there is going to be a huge shift in the cable TV industry over the next few years. Cisco and S-A together will have the capability to merge cable (which consists of IPTV, Video on demand, DVR's, real-time video compression and content management), VoIP, and traditional Internet together in a way that no other vendor will be positioned to do. The HFC networks are already IP-based and interactive services will leverage this even more going forward.
Re:I tried reasoning with the IT people
on
Too Many Passwords
·
· Score: 1
There are a few main attack vectors with regards to simple (one-factor) passwords:
Brute Force (vs live system or cracking encrypted pw)
Interception (trojan, sniffer)
Intentional sharing/distribution
Complex passwords really only protect against brute force attacks - be it against a live system or against a password database (shadow, SAM, etc.) One factor authentication can only defeat intentional sharing if you are using biometrics - tokens or passwords by themselves can be shared. Thus, the main weakness to your approach (short of two-factor auth) lies in the likelihood of the password being intercepted. If said password traverses the network unencrypted, then that probability is high and voids your argument, but that all depends on the network applications which the password is used for.
Slashdot Mirror
I think what he means to say is "not always using GET", vs. "never using GET". At least I hope so.
Repeat after me kids: "GET and POST are equally tamperable and equally (in)secure. The only thing they are not, is equally logged".
The trick to exploiting SQL injection is being able to figure out the right sequence of input characters needed to gracefully terminate the intended SQL command, while also being able to craft a subsequent SQL query that does what you intend. Alternatively, you may want to modify the intended command. For example, "SELECT orderstatus FROM table where orderid = $FORM{'orderid'}" expects the orderid form field to be some value that's in the table somewhere. If instead you enter "1 OR 1=1" as your input, you'd get every row back since 1=1 for all rows. Using this example, you could also try to append a new query, by entering something like "1; drop database;". Many times an attacker will need to find various escape characters, quotes, etc. to get their input crafted properly to exploit the app.
SQL errors in web apps are what web crackers like to see for the same reason that exploit authors like to see segfaults where EIP=0x41414141.. it means that they were able to get their input down to the execution point in a program that got past the boilerplate protections that the app had in place (if any).
No.. The Blue Pill refers to creating undetectable malware using AMD's Secure Virtual Machine extensions (aka Pacifica) on AM2 based processors.
In short, what happens is that the malware enables Virtual Machines in the CPU by setting the SVME bit in the MSR EFER register, and puts the OS into a VM. It is then able to hook into all layers of the OS using the VM hypervisor, which controls all processing before the OS can. It doesn't need to install any files and depending on the extents that the malware author goes to hide itself against timing analysis (1:15 difference in execution latency when in VM mode vs native mode), it's pretty darn undetectable.
The question becomes, how do you get this malware to be loaded in the first place? The answer (what the OP is about) is to use raw disk access to the pagefile. By VirtualAlloc()'ing a shitload of RAM and causing all unused drivers to be paged to disk, you can edit the pagefile where those code bits have been swapped to inject malicious code. As far as I can tell, this is the part that the original post is about, not the "Blue Pill" (the AMD VM hack). In all likelihood, MS will disable these critical parts of the kernel from being pagable at all to mitigate this issue (it's already a registry option.)
AMD Virtual Machines Ref: http://www.amd.com/us-en/assets/content_type/white _papers_and_tech_docs/24593.pdf
Joanna's paper should be available here in about two weeks or so.
You are probably thinking of the AMD hypervisor she discussed for designing Vista rootkits.
Let's face it, who just shares one sone (or one CD's worth of song's)? Most of the offenders are sharing hundreds or thousands of songs. So, if you were caught stealing 1000 or 5000 CD's is it better? What if we say that for every 15 songs downloaded from you, that is equivalent to stealing a CD.. now how many is it worth?
This was pretty much my take on this issue too - not really a case of concern because of DoD using technology owned by an Israeli company since they already use Firewall-1/VPN-1 all over the place. My understanding with FW-1 and DoD using foreign-owned tech is that the DoD has access to review the source code as a requirement to using it.
Not ugly sells, but simple sells? I'd put it in graphic design terms: "pretty alone doesn't sell". I used to work for a web design/hosting company doing CGI development (way back in the day!) and it never ceased to amaze me at how much time the graphic designers spent on page layout, getting tables to align right, and generally making the web world mimic the print world. Not once did they ever care about how the shopping cart order flow or database search functionality worked. Looks like it's 10 years later and they are only now just "getting it".
Just because you can say it doesn't mean there aren't consequenses from saying it! To think that someone can stand on their soapbox and rant on about something that infuriates others and not have their ass kicked shows a severe lack of common sense.
That said, there's definitely room for tolerance of conflicting opinions, views, etc. in our world. But don't expect everyone to act that way.
I'm pretty sure that only applies to senior management, who have agreed to stay for two years following the acquisition. Based on my experience with other companies, I'd venture to say that within 6-12 months, any redundant or competitive product lines will be merged or cut. As far as the product partnerships go, those would probably remain for the period of their contractual obligation.
As quoted here:
Or here.
[Disclaimer: I am an S-A employee] Scientific-Atlanta and Motorola are the main players in the Hybrid Fiber-Coax (HFC) infrastructure that the entire cable industry, and thus all of cable-based broadband Internet runs on. With the telcos getting into this market (SBC and Verizon), there is going to be a huge shift in the cable TV industry over the next few years. Cisco and S-A together will have the capability to merge cable (which consists of IPTV, Video on demand, DVR's, real-time video compression and content management), VoIP, and traditional Internet together in a way that no other vendor will be positioned to do. The HFC networks are already IP-based and interactive services will leverage this even more going forward.
- Brute Force (vs live system or cracking encrypted pw)
- Interception (trojan, sniffer)
- Intentional sharing/distribution
Complex passwords really only protect against brute force attacks - be it against a live system or against a password database (shadow, SAM, etc.) One factor authentication can only defeat intentional sharing if you are using biometrics - tokens or passwords by themselves can be shared. Thus, the main weakness to your approach (short of two-factor auth) lies in the likelihood of the password being intercepted. If said password traverses the network unencrypted, then that probability is high and voids your argument, but that all depends on the network applications which the password is used for.