Warcraft III is a special case. For a lot of integrated intel cards, it's better to disable hardware T&L and just use software T&L. I can play WC3 with all the settings maxed on my x3100 on my laptop, but it was hardly playable at low before disabling the hardware T&L.
By utilizing the science of MATHEMATICS...we can see that this doesn't make any god damn sense.
"When we put this machine online it was, on average, hit by a potential security assault every 15 minutes....The fastest an attack struck was mere seconds and it was never longer than 15 minutes before the honeypot logged an attempt to subvert it."
How can the average be 15, but there was never any period LONGER than 15, and some periods less than 15.
I was about to point out that there's 97.5 years left in the century, but I suppose you could be counting from 2001 to 2101....so nevermind. I'm not sure what's more appropriate here....Seinfeld millenium reference or Princess Bride poisoned wine reference?
I'm as much of a gamer as most people, but honestly, who the hell are they marketing this towards*? The "my parents are divorced and one parent is over-compensating with insane toys" subsect of the market doesn't seem to be large enough to sustain a console. How many teenagers/college students can afford something like this? As a college student myself, I work more than I probably should, and I don't come close to breaking even after tuition and such. I purchased a PS2 not too long ago, and generally don't get any games that are much more than $20. If I ever purchase another console, it's probably going to be a Wii just from an economical standpoint. I don't care if Sony has the OMGLOOKATTHATZ polygons (which, from hardware comparisons, it won't) or if they have a GTA for every city in the country (which, since it's not exclusive to their console, everyone will)...with $600 + ~$80 per game, I could invest in Microsoft and Nintendo and watch Sony weep as their computer without a keyboard fucking tanks.
Granted, a VOIP vulnerability scanner is a pretty focused tool, but how many Slashdot readers don't already use *insert your own packet capturing software here*?
Not to rain on anyone's parade, but it seems counter-intuitive to me that this list contains a laptop bag that will charge everything BUT a laptop. Yeah, being able to charge my mp3 player while I'm scooting around town is a pretty slick feature, but it seems like someone buying an emergency kit for their car that contains patches to fix the hole in their boat.
One of the highlights of the initial setup was that our Solaris box was a "default" install. When our Solaris guy poked around for a few minutes, he found out he had almost nothing (not even man pages). When he asked what kind of "default" install it was, the guy who set them up said that it was his normal production install. Technically, it was his default, but what the hell? Our Fedora box had no development tools, our 2K server box was basically dead on arrival, and there were files on the 2k3 server created at 12:58, and we got into the room at 1:05-ish. Hopefully they start setting things up a little earlier in Texas.
Holy bejesus fuckchrist. I'm sitting here using firefox, and the second that I state that someone who knows what the fuck they're doing has tested IE7 thoroughly and says it's surprisingly secure, everyone labels me an MS shill? Does IE6 suck? Yes. Is firefox inherently better? Yes. Still, god damn. I guess slashdot isn't the correct forum for stating hypothetically that an MS product might not totally suck. Besides, why believe the word of someone who makes $4000 a day doing security audits on software/networks when you can just make blind assumptions? I know I'll take the word of some random ass slashdot reader over an industry professional any day.
Yeah, you could change the default port for anything, but that only adds the time it takes to do an nmap.
"Security by obscurity" - not necessarily using a program that few people know and assuming they don't know the exploits, but rather being inconsequential enough that no one will take the time to hack your ass.
A little clarification from someone who participated.
This wasn't a competition to spawn a generation of script-kiddies.
Social engineering played a part in the competition.
When the article says "restrictions," it's not saying we weren't allowed to change shit. The "no changing ip's" business was that we had to have services on a certain IP for the duration of the competition.
"The easiest way to defeat the attackers would be to lock them out at the firewall or router. Then all the sql-injection vulnerabilities wouldn't matter."
No dice. Our main "network guy" knows about as much about Cisco gear as anybody else, but our router still got fuzzed. At the time, it was a little disheartening. However, later on I overheard a conversation between a contestant on another team and the Windows girl on the red team. While this guy was going on and on about his "invincible" router and switch configs, she said "access lists are nothing." He tried to elaborate, and that he did this and that, but no. You can deny all outside traffic at the router, and they'll get in. The specific red team folks we had at ours (Midwest regional) were fucking good...as in writing 0-day exploits while sitting there good. $4000 a day security auditors good. At the end of it all, we all realized that the level of skill from the red team was high enough that they could have destroyed any team there in a heartbeat, but it was more fun to play around with them. I asked on the hackers how big name companies like Google and Visa don't get hacked to shit, and his response was along the lines of "You just have a backup plan for when you get hacked because it will happen eventually." The main point of the competition is mostly educational. I learned more in the month before our regional security-wise than I have in the last few years. We won, so we must have done something right, but at the same time, I'm convinced that the only secure computer is one that's not plugged in.
Re:Simulations are lacking, here's why
on
Students vs. Hackers
·
· Score: 2, Interesting
Not for nothing, but I participated in the Midwest regional (we won, w00ty w00t), and social engineering actually played a huge part. Our team (SIU) spent multiple nights in the bar and the hotel getting drunk with the red team. At the end of it all, one of the hackers said that the entire red team voted us as the best. Unfortunately, the red team's vote was never used for scoring as was originally intended, but hearing that was one of the highlights of the weekend. Since then, one of the hackers pointed out that he'd "rather see a team that he got to drink with win the nationals." Is social engineering as advanced in a competition as it would be in real life? Probably not. However, it definitely does play a role...at least in our competition.
Not really sure why this is even news. After a computer security competition last weekend, I had the chance to talk to professional security auditors, i.e. hackers. The reason I bring it up is that at one point, one of them said that "he had a web page he would like everyone to visit...with firefox." Needless to say, this scared the shit out of me. After pressing for more info of browser related exploits, he said that IE7 is suprisingly solid security-wise. Same goes for Vista, at least the parts of it that are finished (no more ldap). I shudder at the thought of IE pushers trying to convince people to switch away from firefox because it's not secure enough. I don't know, food for thought.
Having played both of these games (WoW/GW), I know what they're like. Is WoW a better game? Definitely. Is it worth the money? Probably. However, being a Poor Ass College Student(TM), that $15 a month seems like a fucking mountain of cash. I'm sitting here with $4 in my pocket, and short of pawning my clothes, it's all of my assets. I work (more than a student should), but with rent, food, gas, and other lame responsibilities, I'm doing just dandy with my free GW account.
I work for the network engineering department at my college, and a quick tally puts me at:
3 switch passwords
4 passwords for different types of wireless AP's, etc.
4 passwords for utilities to manage said hardware
3 passwords for various scripts written by people around the cubicle farm
2 passwords for programs we use to log the location, serial number, etc. of all of our switches
1 home login
2 passwords for email addresses (school and gmail)
1 universal password I use for stuff that doesn't need to be particularly secure.
The only passwords that are static are the home login, gmail account, and universal password. The work passwords are changed every 45 days, the school password has to be changed at least every 120 days. Because of my affinity for losing wallets, I can't really keep a list or anything. I don't use any cheating methods like prefixing all the passwords with the same string. This is partly because I don't choose any of the work passwords, and partly because that's lame. The idea is if you're not a moron, you should be able to keep track of a couple of passwords if you're going to be using them reasonably frequently.
"Even a monkey can remember 10 digits. Are you dumber than a monkey?"
Slashdot Mirror
Warcraft III is a special case. For a lot of integrated intel cards, it's better to disable hardware T&L and just use software T&L. I can play WC3 with all the settings maxed on my x3100 on my laptop, but it was hardly playable at low before disabling the hardware T&L.
By utilizing the science of MATHEMATICS...we can see that this doesn't make any god damn sense.
"When we put this machine online it was, on average, hit by a potential security assault every 15 minutes....The fastest an attack struck was mere seconds and it was never longer than 15 minutes before the honeypot logged an attempt to subvert it."
How can the average be 15, but there was never any period LONGER than 15, and some periods less than 15.
1, 3, 2, 5, 4, 3, 4, 2, 3
Average is....5? Bzzzt.
I was about to point out that there's 97.5 years left in the century, but I suppose you could be counting from 2001 to 2101....so nevermind. I'm not sure what's more appropriate here....Seinfeld millenium reference or Princess Bride poisoned wine reference?
I'm as much of a gamer as most people, but honestly, who the hell are they marketing this towards*? The "my parents are divorced and one parent is over-compensating with insane toys" subsect of the market doesn't seem to be large enough to sustain a console. How many teenagers/college students can afford something like this? As a college student myself, I work more than I probably should, and I don't come close to breaking even after tuition and such. I purchased a PS2 not too long ago, and generally don't get any games that are much more than $20. If I ever purchase another console, it's probably going to be a Wii just from an economical standpoint. I don't care if Sony has the OMGLOOKATTHATZ polygons (which, from hardware comparisons, it won't) or if they have a GTA for every city in the country (which, since it's not exclusive to their console, everyone will)...with $600 + ~$80 per game, I could invest in Microsoft and Nintendo and watch Sony weep as their computer without a keyboard fucking tanks.
* -- Don't end sentences with prepositions, kids.
Granted, a VOIP vulnerability scanner is a pretty focused tool, but how many Slashdot readers don't already use *insert your own packet capturing software here*?
Not to rain on anyone's parade, but it seems counter-intuitive to me that this list contains a laptop bag that will charge everything BUT a laptop. Yeah, being able to charge my mp3 player while I'm scooting around town is a pretty slick feature, but it seems like someone buying an emergency kit for their car that contains patches to fix the hole in their boat.
Any way to mod the article summary down as redundant? There's 4 sentences, and 3 of them say the exact same thing.
One of the highlights of the initial setup was that our Solaris box was a "default" install. When our Solaris guy poked around for a few minutes, he found out he had almost nothing (not even man pages). When he asked what kind of "default" install it was, the guy who set them up said that it was his normal production install. Technically, it was his default, but what the hell? Our Fedora box had no development tools, our 2K server box was basically dead on arrival, and there were files on the 2k3 server created at 12:58, and we got into the room at 1:05-ish. Hopefully they start setting things up a little earlier in Texas.
Holy bejesus fuckchrist. I'm sitting here using firefox, and the second that I state that someone who knows what the fuck they're doing has tested IE7 thoroughly and says it's surprisingly secure, everyone labels me an MS shill? Does IE6 suck? Yes. Is firefox inherently better? Yes. Still, god damn. I guess slashdot isn't the correct forum for stating hypothetically that an MS product might not totally suck. Besides, why believe the word of someone who makes $4000 a day doing security audits on software/networks when you can just make blind assumptions? I know I'll take the word of some random ass slashdot reader over an industry professional any day.
Yeah, you could change the default port for anything, but that only adds the time it takes to do an nmap.
"Security by obscurity" - not necessarily using a program that few people know and assuming they don't know the exploits, but rather being inconsequential enough that no one will take the time to hack your ass.
A little clarification from someone who participated.
This wasn't a competition to spawn a generation of script-kiddies.
Social engineering played a part in the competition.
When the article says "restrictions," it's not saying we weren't allowed to change shit. The "no changing ip's" business was that we had to have services on a certain IP for the duration of the competition.
"The easiest way to defeat the attackers would be to lock them out at the firewall or router. Then all the sql-injection vulnerabilities wouldn't matter."
No dice. Our main "network guy" knows about as much about Cisco gear as anybody else, but our router still got fuzzed. At the time, it was a little disheartening. However, later on I overheard a conversation between a contestant on another team and the Windows girl on the red team. While this guy was going on and on about his "invincible" router and switch configs, she said "access lists are nothing." He tried to elaborate, and that he did this and that, but no. You can deny all outside traffic at the router, and they'll get in. The specific red team folks we had at ours (Midwest regional) were fucking good...as in writing 0-day exploits while sitting there good. $4000 a day security auditors good. At the end of it all, we all realized that the level of skill from the red team was high enough that they could have destroyed any team there in a heartbeat, but it was more fun to play around with them. I asked on the hackers how big name companies like Google and Visa don't get hacked to shit, and his response was along the lines of "You just have a backup plan for when you get hacked because it will happen eventually." The main point of the competition is mostly educational. I learned more in the month before our regional security-wise than I have in the last few years. We won, so we must have done something right, but at the same time, I'm convinced that the only secure computer is one that's not plugged in.
Not for nothing, but I participated in the Midwest regional (we won, w00ty w00t), and social engineering actually played a huge part. Our team (SIU) spent multiple nights in the bar and the hotel getting drunk with the red team. At the end of it all, one of the hackers said that the entire red team voted us as the best. Unfortunately, the red team's vote was never used for scoring as was originally intended, but hearing that was one of the highlights of the weekend. Since then, one of the hackers pointed out that he'd "rather see a team that he got to drink with win the nationals." Is social engineering as advanced in a competition as it would be in real life? Probably not. However, it definitely does play a role...at least in our competition.
Not really sure why this is even news. After a computer security competition last weekend, I had the chance to talk to professional security auditors, i.e. hackers. The reason I bring it up is that at one point, one of them said that "he had a web page he would like everyone to visit...with firefox." Needless to say, this scared the shit out of me. After pressing for more info of browser related exploits, he said that IE7 is suprisingly solid security-wise. Same goes for Vista, at least the parts of it that are finished (no more ldap). I shudder at the thought of IE pushers trying to convince people to switch away from firefox because it's not secure enough. I don't know, food for thought.
Having played both of these games (WoW/GW), I know what they're like. Is WoW a better game? Definitely. Is it worth the money? Probably. However, being a Poor Ass College Student(TM), that $15 a month seems like a fucking mountain of cash. I'm sitting here with $4 in my pocket, and short of pawning my clothes, it's all of my assets. I work (more than a student should), but with rent, food, gas, and other lame responsibilities, I'm doing just dandy with my free GW account.
p.s. WTS Shirt of Hanesosity, Crude leather pants
I work for the network engineering department at my college, and a quick tally puts me at: 3 switch passwords 4 passwords for different types of wireless AP's, etc. 4 passwords for utilities to manage said hardware 3 passwords for various scripts written by people around the cubicle farm 2 passwords for programs we use to log the location, serial number, etc. of all of our switches 1 home login 2 passwords for email addresses (school and gmail) 1 universal password I use for stuff that doesn't need to be particularly secure. The only passwords that are static are the home login, gmail account, and universal password. The work passwords are changed every 45 days, the school password has to be changed at least every 120 days. Because of my affinity for losing wallets, I can't really keep a list or anything. I don't use any cheating methods like prefixing all the passwords with the same string. This is partly because I don't choose any of the work passwords, and partly because that's lame. The idea is if you're not a moron, you should be able to keep track of a couple of passwords if you're going to be using them reasonably frequently.
"Even a monkey can remember 10 digits. Are you dumber than a monkey?"