I'd be curious to know if a particular application-level vulnerability was used in this event. There has been several vulnerabilities of late related to Java/Apache/PHP such as the hash-collision vulnerability with exploit code here http://www.securityfocus.com/bid/51193/info that has demonstrated to be very effective - so much so that a single host can bring down a relatively large site by exhausting CPU on the web server.... does anyone know the particulars of this event??
I've worked in the defense sector and although I have not signed up for one of these gigs, I know plenty of people that have.
It's true that if you are worth your salt (or look good on paper), can obtain a secret clearance and willing to sacrifice a year of your life working 15 hours a day, every day... you can make $250 in a year in Afghanistan.
Good places to look are the company websites: L3, SRI and STG - there are many more. Also job fairs in military towns.
HOWEVER, if you really want to do this, get on while the getting is good. As you may know, the US trying to fold up it's many operations in SWA and other combat theaters, plus while the government is going broke, it's going to be hard for the DoD to justify paying a quarter million a year for each contractor working in these places... knowing what I know from my days in the DoD, I suspect this gravy train will come to screeching halt... and soon.
That is an excellent point. I would take a guess that most ISP's are not so much up in arms over the bandwidth aspect of things, but that a fair portion of ISP's just happen to be cable and media providers themselves, with their *OWN* video on demand offerings that Netflix is essentially competing with.
Agreed. I generally hate auto-complete. MOST annoying is when entering a US zip code to get the weather, such as on Yahoo... auto-complete for a zip code is about the stupidest use I've seen yet. I do however like the auto-complete feature on certain things, like constrained fields. As an example, I would much rather type "Uni" and have "United Kingdom", "United States", "United Arab Emerites" appear from which I can select from, rather than fishing down a long drop-down list. In this case, auto-complete makes sense. But for things like Google search... annoying at best.
--ponga
Yup. All Govies carry around a CAC, or Common Access Card, which among others things has an RF interface. The difference between this and US passports, for example, is that the passorts come with a handy booklet shield, that when closed, blocks RF. The CAC card has no such thing, unless suplemented with aftermarket holders, etc. Though, I don't believe much information can be gained as the CAC is a smart card - though I would imagine that you would at least have the knowledge of what it was you detected, but probably nothing further.
--ponga
I'm willing to bet this one is going "straight to video" and as soon as several 3D pr0n releases appear, my guess is that 3D television sales will see a jump. And why not, pr0n was leading the charge on both VHS and The Internet... why not 3D televisions!
Hmm. I too use SSH tunnel for port redirection to a remote http proxy, but I've never had to set the FF flag you mention as my FF DNS queries go through the proxy "out of the box" - that's my understanding of how a SOCKS compatible proxy should work. Am I wrong here?
Running Ubuntu at home, seems like once a week there an update for something or other... Thank God Linux is *FAR* more graceful applying patches - I can update anything on the system and so long as the kernel is not touched, no reboot is required. Windoze just kills me... yo have to reboot for every damn thing! Glad I don't have to deal with that...
Good point. I however believe that the value of a CS diploma/degree is being degraded FAR MORE by so-called "online degree" programs or fly-by-night "universities" that SOMEHOW have been accredited and offer programs in CS. These organizations practically GIVE out degrees with LITTLE value and substance to education. Being from a somewhat-of-a top school for my program, I wished more people paid attention to WHERE I got my degree, rather than just the fact that I have one. Unfortunately, most employers don't have a clue and think that my degree is equal with Joe Schmoes degree that he got from ACME Online University when nothing is farther from the truth. This to me IS cheating and is a form of cheating that is much more prevalent and insidious than what TFA describes.
Quick! Somebody buy the Sony engineers a pair of these!
The warning for this "WEC" device reminds me of an old SNL skit:
* Warning: Pregnant women, the elderly, and children under 10 should avoid prolonged exposure to Happy Fun Ball.
* Caution: Happy Fun Ball may suddenly accelerate to dangerous speeds.
* Happy Fun Ball contains a liquid core, which, if exposed due to rupture, should not be touched, inhaled, or looked at.
* Do not use Happy Fun Ball on concrete.
* Discontinue use of Happy Fun Ball if any of the following occurs:
o itching
o vertigo
o dizziness
o tingling in extremities
o loss of balance or coordination
o slurred speech
o temporary blindness
o profuse sweating
o heart palpitations
* If Happy Fun Ball begins to smoke, get away immediately. Seek shelter and cover head.
* Happy Fun Ball may stick to certain types of skin.
* When not in use, Happy Fun Ball should be returned to its special container and kept under refrigeration. Failure to do so relieves the makers of Happy Fun Ball, Wacky Products Incorporated, and its parent company, Global Chemical Unlimited, of any and all liability.
* Ingredients of Happy Fun Ball include an unknown glowing green substance which fell to Earth, presumably from outer space.
* Happy Fun Ball has been shipped to our troops in Saudi Arabia and is being dropped by our warplanes on Iraq.
* Do not taunt Happy Fun Ball.
* Happy Fun Ball comes with a lifetime warranty.
I see what you are saying. But at least in theory, optical media such as CD/DVD, etc *should be* much cheaper than anything like a disk drive by virtue of the material components used alone. A DVD is largely plastic, whereas a disk has electronics and finely tuned mechanics and is much more complex; the media AND the drive for that media are all-in-one whereas with DVD, you have one drive for any number of media.
Ya, I'm not sure where we are going wrong there either...
I've noticed over the last few years a growing trend toward host-based detection systems, like the McAfee product line for example.The US government or at least the DoD is really jumping on this band wagon.
God/nature/FSM/evolution/al gore/$deity has done a pretty damn good job at building our brains, why are we trying to reinvent that wheel in a computer?
Actually, I'm suprised HAMs haven't created a resiliant point to point civilian network yet.
Well, depends on what you mean by "civilian network." However, a few interesting points emerge in the context of this discussion;
1) Ham (amateur) radio is still the best bet, "when all else fails" way to communicate in case all hell breaks loose, i.e., the "tubes" go down, or some such event. Ham radio will still be able to get the message through. Give me an HF transceiver, a decent antenna, a deep cycle battery and a few solar panels and I'll be able to make contact with SOMEONE, so long as a nuke did not go off down the block. Most every other means of non-local communication involves a system in some form; POTS, the aforementioned "tubes," cellular phone networks, satallites, etc, whereas HF radio is point to point, leaving the only vulnerability frequency jamming, which is difficult at best, or an unforeseen catastrophic solar event.
So such a "network" is possible and plausible, except for the following political reason;
2) Ham (amateur) radio is allocated and ultimately regulated by the government. A few regulations that would hinder a "civilian network" are a) you must have a valid FCC license to transmit, b) information transmitted on an amateur band must be in the clear (no encryption allowed).
So, it's entirely possible and would be cool as hell to have such a network, it's not possible if from a regulatory standpoint.
------
Perhaps a MUCH BETTER solution would be to create a private organization that collects "donations" which is then used to put up a few birds... then "philanthropists" could use equipment similar to Hughes Net to obtain Internet (and even MORE interesting INTRAnet) via these satellites. An autonomous and private Intranet... with multiple downlink sites, perhaps in other countries, over various ISP's.. that would be friggin' BRILLIANT!!
-p
> Ok, this is many things but it is not a troll. Must we go through this every time a new set of idiots starts to get mod points?
You have cleverly replied to yourself as AC complaining of the moderation... then replied to your AC reply. Nicely done!
And for the record, I agree wholeheartedly with all of your posts... a story about petrified wood an the first comment referencing hot grits gets modded troll!? What is/. coming to...
Slashdot Mirror
I'd be curious to know if a particular application-level vulnerability was used in this event. There has been several vulnerabilities of late related to Java/Apache/PHP such as the hash-collision vulnerability with exploit code here http://www.securityfocus.com/bid/51193/info that has demonstrated to be very effective - so much so that a single host can bring down a relatively large site by exhausting CPU on the web server.... does anyone know the particulars of this event??
I've worked in the defense sector and although I have not signed up for one of these gigs, I know plenty of people that have. It's true that if you are worth your salt (or look good on paper), can obtain a secret clearance and willing to sacrifice a year of your life working 15 hours a day, every day... you can make $250 in a year in Afghanistan. Good places to look are the company websites: L3, SRI and STG - there are many more. Also job fairs in military towns. HOWEVER, if you really want to do this, get on while the getting is good. As you may know, the US trying to fold up it's many operations in SWA and other combat theaters, plus while the government is going broke, it's going to be hard for the DoD to justify paying a quarter million a year for each contractor working in these places... knowing what I know from my days in the DoD, I suspect this gravy train will come to screeching halt... and soon.
That is an excellent point. I would take a guess that most ISP's are not so much up in arms over the bandwidth aspect of things, but that a fair portion of ISP's just happen to be cable and media providers themselves, with their *OWN* video on demand offerings that Netflix is essentially competing with.
Agreed. I generally hate auto-complete. MOST annoying is when entering a US zip code to get the weather, such as on Yahoo... auto-complete for a zip code is about the stupidest use I've seen yet. I do however like the auto-complete feature on certain things, like constrained fields. As an example, I would much rather type "Uni" and have "United Kingdom", "United States", "United Arab Emerites" appear from which I can select from, rather than fishing down a long drop-down list. In this case, auto-complete makes sense. But for things like Google search... annoying at best. --ponga
Yup. All Govies carry around a CAC, or Common Access Card, which among others things has an RF interface. The difference between this and US passports, for example, is that the passorts come with a handy booklet shield, that when closed, blocks RF. The CAC card has no such thing, unless suplemented with aftermarket holders, etc. Though, I don't believe much information can be gained as the CAC is a smart card - though I would imagine that you would at least have the knowledge of what it was you detected, but probably nothing further. --ponga
I'm willing to bet this one is going "straight to video" and as soon as several 3D pr0n releases appear, my guess is that 3D television sales will see a jump. And why not, pr0n was leading the charge on both VHS and The Internet... why not 3D televisions!
...From TFS...
Ya, hold on. I've been away for a while but, ain't it "From the TFA"??
Hmm. I too use SSH tunnel for port redirection to a remote http proxy, but I've never had to set the FF flag you mention as my FF DNS queries go through the proxy "out of the box" - that's my understanding of how a SOCKS compatible proxy should work. Am I wrong here?
FTFA:
* Many improvements to the sftp(1) client, many of which were implemented by Carlos Silva through the Google Summer of Code program:...
... - Add recursive transfer support for get/put and on the commandline
(Alas!!)
Whole host of other improvements and bugfixes; give it read if SSH is pertinent to your environment....
Running Ubuntu at home, seems like once a week there an update for something or other... Thank God Linux is *FAR* more graceful applying patches - I can update anything on the system and so long as the kernel is not touched, no reboot is required. Windoze just kills me... yo have to reboot for every damn thing! Glad I don't have to deal with that...
Good point. I however believe that the value of a CS diploma/degree is being degraded FAR MORE by so-called "online degree" programs or fly-by-night "universities" that SOMEHOW have been accredited and offer programs in CS. These organizations practically GIVE out degrees with LITTLE value and substance to education. Being from a somewhat-of-a top school for my program, I wished more people paid attention to WHERE I got my degree, rather than just the fact that I have one. Unfortunately, most employers don't have a clue and think that my degree is equal with Joe Schmoes degree that he got from ACME Online University when nothing is farther from the truth. This to me IS cheating and is a form of cheating that is much more prevalent and insidious than what TFA describes.
...the Internet really is a series of interconnected networks...
It's actually a series of TUBES.
Quick! Somebody buy the Sony engineers a pair of these!
The warning for this "WEC" device reminds me of an old SNL skit:
* Warning: Pregnant women, the elderly, and children under 10 should avoid prolonged exposure to Happy Fun Ball.
* Caution: Happy Fun Ball may suddenly accelerate to dangerous speeds.
* Happy Fun Ball contains a liquid core, which, if exposed due to rupture, should not be touched, inhaled, or looked at.
* Do not use Happy Fun Ball on concrete.
* Discontinue use of Happy Fun Ball if any of the following occurs:
o itching
o vertigo
o dizziness
o tingling in extremities
o loss of balance or coordination
o slurred speech
o temporary blindness
o profuse sweating
o heart palpitations
* If Happy Fun Ball begins to smoke, get away immediately. Seek shelter and cover head.
* Happy Fun Ball may stick to certain types of skin.
* When not in use, Happy Fun Ball should be returned to its special container and kept under refrigeration. Failure to do so relieves the makers of Happy Fun Ball, Wacky Products Incorporated, and its parent company, Global Chemical Unlimited, of any and all liability.
* Ingredients of Happy Fun Ball include an unknown glowing green substance which fell to Earth, presumably from outer space.
* Happy Fun Ball has been shipped to our troops in Saudi Arabia and is being dropped by our warplanes on Iraq.
* Do not taunt Happy Fun Ball.
* Happy Fun Ball comes with a lifetime warranty.
I see what you are saying. But at least in theory, optical media such as CD/DVD, etc *should be* much cheaper than anything like a disk drive by virtue of the material components used alone. A DVD is largely plastic, whereas a disk has electronics and finely tuned mechanics and is much more complex; the media AND the drive for that media are all-in-one whereas with DVD, you have one drive for any number of media.
Ya, I'm not sure where we are going wrong there either...
I shall now have to amend my requirements for women that I will have sex with.
Pulse now optional.
It's +5 Funny, because it's true!
(Thanks for that GENIUS comment, btw. *ROFL* Seriously!)
Soon, the human race will never again need to have a sense of direction, thanks to our GPS-and-wifi-triangulation-capable overlords!
:/
I've noticed over the last few years a growing trend toward host-based detection systems, like the McAfee product line for example.The US government or at least the DoD is really jumping on this band wagon.
Any thoughts about this approach?
Okay dammit, who the hell tags every story with the word "mars" in it, with the tag "getyourasstomars"...
:D Totally underrated movie!
Because I laugh my ass off every time I see it
For the uninitiated: http://www.youtube.com/watch?v=53ARrp7x4bQ
God/nature/FSM/evolution/al gore/$deity has done a pretty damn good job at building our brains, why are we trying to reinvent that wheel in a computer?
We're lazy.
Next!
"I'm convinced we can clean up the Internet in 10 years..."
Disconnect from the 'Net every computer running Windows operating systems. Hell, we can have this place spic-n-span overnight!
Actually, I'm suprised HAMs haven't created a resiliant point to point civilian network yet.
Well, depends on what you mean by "civilian network." However, a few interesting points emerge in the context of this discussion;
1) Ham (amateur) radio is still the best bet, "when all else fails" way to communicate in case all hell breaks loose, i.e., the "tubes" go down, or some such event. Ham radio will still be able to get the message through. Give me an HF transceiver, a decent antenna, a deep cycle battery and a few solar panels and I'll be able to make contact with SOMEONE, so long as a nuke did not go off down the block. Most every other means of non-local communication involves a system in some form; POTS, the aforementioned "tubes," cellular phone networks, satallites, etc, whereas HF radio is point to point, leaving the only vulnerability frequency jamming, which is difficult at best, or an unforeseen catastrophic solar event.
So such a "network" is possible and plausible, except for the following political reason;
2) Ham (amateur) radio is allocated and ultimately regulated by the government. A few regulations that would hinder a "civilian network" are a) you must have a valid FCC license to transmit, b) information transmitted on an amateur band must be in the clear (no encryption allowed).
So, it's entirely possible and would be cool as hell to have such a network, it's not possible if from a regulatory standpoint.
------
Perhaps a MUCH BETTER solution would be to create a private organization that collects "donations" which is then used to put up a few birds... then "philanthropists" could use equipment similar to Hughes Net to obtain Internet (and even MORE interesting INTRAnet) via these satellites. An autonomous and private Intranet... with multiple downlink sites, perhaps in other countries, over various ISP's.. that would be friggin' BRILLIANT!! -p
when you pry it from my cold dead hands!"
> Ok, this is many things but it is not a troll. Must we go through this every time a new set of idiots starts to get mod points?
/. coming to...
You have cleverly replied to yourself as AC complaining of the moderation... then replied to your AC reply. Nicely done!
And for the record, I agree wholeheartedly with all of your posts... a story about petrified wood an the first comment referencing hot grits gets modded troll!? What is
Isn't that what the Libyans who shot Doc Brown were driving?
MOD PARENT UP! So true...