I mount and unmount the various age-shares automatically via cron - that way the teenagers can't even watch movies during the day when they have other things to do - but the smallest can watch finding nemo whenever they have free time and a movie is their option. They can see the movies there (no porn in folders!) but can't play them if the source files aren't there.
Considering the rules in Australia allow for something like 10% misread (so you are going 10% slower than the speedo says), I think that yes, he is claiming that exactly.
I had my speedo re-tuned to match my GPS, but it was reading about 6kph over - doing 106 per speedo was actually 100 per road.
I regularly make the run along the B400 to see the family (regularly - about once every month). I always plug in the GPS, but it's more for watching my speed and that I always turn it on than anything else. Recently decided to let it have its head, figured I could always turn around if necessary - shaved a full half hour off the otherwise 12 hour trip (you know, when there is a blue and white behind you:P) because it took me off the highway.
I'm not saying your friend was correct - generally I will stick to the highway anyway, but this crap about lots of traffic is pretty rubbish - at 3 in the morning even the B12 is pretty dead, despite it being a main run for trucks doing the Sydney/Albury to Adelaide trip, you could be bleeding out for hours before someone sees you. It's not quite the M31, despite being remote that one you'd be hard pressed to bury a body before someone drove past, but major roads in Australia can still be pretty "cut off" from it all.
All that said, if you're not at least checking a gregories or your google maps before you go, you're a fucking moron to do anything big out here with no prep and nothing but your phone.
* Except when I worked as a developer on a PBX. Then I had around 8 phones on my desk. I still didn't bother to configure any of them for usage as my office phone...
PBX developer who doesn't actually use the phone for communication purposes. This may explain a few things about my local Xen box;)
If you already have access to that system it's fairly trivial to install password capturing code.
The whole point is to engage in defence in depth - FreeBSD offers kern.securelevel to prevent you from being able to write to the file system, or change firewall rules. We have anti rootkit checking programs (do most people make regular use of rkhunter or anything similar?) Further, you need to encrypt and safely store backups. No password logging program is going to lift them from the hashes you got from the borrowed backup drives. Probably 60% of engagements I have been involved in managed to lift a backup drive from the environment, permitting only the tiniest changes to be made to live servers, thus minimising our risk of breaking things, and a (potential) black-hat's chance of being caught.
Making the hashes harder to crack makes it harder to crack into the server, live or from backups. You'd be surprised how many people forget backups.
Hardly anyone ever reads all the information that would be useful for them, at most they read what gives them the answer they want.
It's not even that - I do it when I call a client on my way to a site (if it's not in the address book). You google the name and the word contact, google returns you the phone number but not much (if any) of the surrounding information, so you dial the number.
If a moderately intelligent tech is doing it that way, of course the masses are. Remove the phone number from public access, do what others suggest and set up a 900 number that costs to call, and go from there.
Your logic needs to be checked. Someone has gone to the effort of writing down all of Newtons work, annotated and bound into a big textbook. Someone has gone to all the effort of putting together a wikipedia entry on virtualisation and have even included an entire page worth of software comparisons. You don't see an "advanced user" getting shitty when someone says "on this particular hardware configuration every third packet gets dropped when using a virtual interface for 802.1q" because clearly that person has been working at it for a while. On the other hand, if someone asked on slashdot "how do I determine the length of the longest side in a right angled triangle" they would be shouted down for the same reason a lot of people are shouting down the OP. These are basics you can either look up, or pay someone to teach you (i.e. school/ university). Most of us have at least gone to the effort of reading the 500 page manual, because someone wrote it to make our job easier.
The culmination of knowledge on the internet should not be a bunch of people telling you the answer. Expert systems and other forms of AI make it easier to look up the answer (i.e. google) which should see, if nothing else, a reduction in basics questions.
Unfortunately this is not the case and there is a particularly large rise in questions like this - particularly amongst the currently-in-school generation of "first world" learners. My citation? Every day experience consulting into schools for OLPC-style deployments.
Canker or not you are dealing with a culture who have, well, read a 500 page manual or three. I don't see that it's a big deal to expect the same from others if I had to do it - of course I was doing it before a widespread internet connection was available, but I don't feel that times have changed that much we should not have to learn for ourselves.
Completely un thread related - if they seriously fed you that line of bullshit, make a complaint, the bastards get away with this crap far too often. If your iMac didn't come with system disks (i.e. it came with Lion/ Mountain Lion) they should have been able to show you the command+option+r internet based recovery system - no need to purchase more of their shit.
I hate the language as much as the next guy, but there is a good book floating around, Invent your own computer games with Python or something like that. As abhorrent as I am about a language that enforces where I put my tabs and returns, that book has been good for quite a few of my minions so far.
Do what we've always done - 10 year old jumps between a PC, Mac, (3)DS, iPad, HTC, and occasionally a Linux box when she wants to play a game against her big brother. She's got lots to learn, sure, but she's also had the ability for the last 4 years to use each of those devices for the appropriate purpose, swapping between some of them (upgrades and otherwise - most of the equipment is second hand bar the DS and iPad) depending on what she wants/ who is using them (e.g. Office is on PC and Mac, she can game from the DS or iPad, and she uses both the android phones and iPad for apps and various other bits).
I just don't see the point of locking any child in to one platform, whether you think they are fisher price, evil, or tha bestest open sauce thing evar.
What known issues? I haven't run in to any in the past few years and I've been installing the devices into enterprise for at least that long. The only thing I've ever had "trouble" with is getting certificates issued for 2-factor auth, not that you can't do it it's just a manual process somewhat.
I'm senior engineer in an Apple shop ATM - if your hardware is crap, the mac will have troubles. Period. This is right up there with turn portfast on for STP routers where Mac's plug in, don't have a.local AD domain, and expect more chatter on your network than a "normal" PC.
I like to point out that the mac equipment is a sensitive little bitch, you'll see the apple kit drop off the network well before pc branded kit - doesn't mean there isn't a problem, just that the mac found it first.
If you found out your local department store was sending your home address through to the local marketing agency you'd be pitching an absolute fit. This is the same. I'm just browsing to a web page, that shouldn't mean that [google/jquery/insertother] should know about it, even if their code is being used on that web page. Just because it's a digital way of gathering the information, doesn't mean it is any less of an intrusion.
And the sysadmin in me feels that constantly polling off to get the latest version of adsense/jquery.js/googleapi is just a waste of bandwidth and resources. Just because you have a 100MB link and 64GB of RAM doesn't mean browsing to a web page or running a program should use it all.
Maybe you noticed it this week (or wired did) but the.au version at least has been saying for a very long time now that they don't get PC viruses. It has been a great point of hilarity in my office for quite some time.
The old adage of practice makes perfect would seem to apply - it only makes perfect if you're practicing correctly from the beginning. I ran into a particularly (for me) difficult piece of relativity equation in a text book some time ago, even now when I look at it it makes little sense to me. I was, however, able to go to a lecturer and have them clarify it for me based on how they understood my previous perceptions.
It beggars belief that there wasn't a big red button attached to a console in a control room somewhere that didn't shred RAM and all those components though. Even as far back as 1960 the western world was prepared to suicide pilots in the event of capture, not building that sort of thing in to an unmanned aircraft seems stupid in the extreme.
Any good pentester maintains good physical security (because, you know, you carry your laptop with you at all times), firewalls their own machine, and maintains a fairly decent log of what is crossing their interfaces anyway.
Unfortunately most of the people (I'd go as far as 95-99%) on the backtrack forums are neither pentesters nor good. They use wicd because they don't know how to edit a config file or run their own wpa_supplicant. Most of them go as far as trying to use BT for their regular day-to-day stuff. Idiots. But the backtrack team put up with them, so something like this becomes massive news.
I didn't see headlines when the wget vulnerability was in Backtrack 3...
Based on a few of the indicators in the article, I couldn't say for absolute certainty. The indicator:
- Copies itself into/Library/launched
implies administrative permissions of some level (you can't just write to/Library/ unless the systems permissions are shot to hell. Likewise:/Applications/Automator.app/Contents/MacOS/DockLight should not be writable to a non-authenticated user (indeed, it is NOT writable on my laptop - admin user, but no authentication etc.). The article has a few typo's in it which I originally thought may have accounted for/Library/launched (perhaps they meant ~/Library/launched). Certainly the Microsoft KB on this vulnerability doesn't imply administrative rights granted in a one shot.
That said, any package downloaded that is NOT codesigned can be manipulated to include an install-as-administrator payload in the post install hooks - really once you have local user access it is just a manner of time. True everywhere.
I spend my days working as a mac tech, so no, I really do not. I am, however, still highly amused that it happens this way. In much the same fashion as I am amused when wine is used to exploit a linux box.
Apple exploit found in the wild... targets Microsoft product running on Apple OS.
I like the persistence bit though - use the standard plist files to maintain persistence just like any normal piece of code (like maintaining persistence by running a Windows Service).
Slashdot Mirror
Also it's fucking hot out here. As in - my tyres got sticky in the car park hot out here.
Then what is the point of having XBMC for my movies?
I mount and unmount the various age-shares automatically via cron - that way the teenagers can't even watch movies during the day when they have other things to do - but the smallest can watch finding nemo whenever they have free time and a movie is their option. They can see the movies there (no porn in folders!) but can't play them if the source files aren't there.
Considering the rules in Australia allow for something like 10% misread (so you are going 10% slower than the speedo says), I think that yes, he is claiming that exactly. I had my speedo re-tuned to match my GPS, but it was reading about 6kph over - doing 106 per speedo was actually 100 per road.
I regularly make the run along the B400 to see the family (regularly - about once every month). I always plug in the GPS, but it's more for watching my speed and that I always turn it on than anything else. Recently decided to let it have its head, figured I could always turn around if necessary - shaved a full half hour off the otherwise 12 hour trip (you know, when there is a blue and white behind you :P) because it took me off the highway.
I'm not saying your friend was correct - generally I will stick to the highway anyway, but this crap about lots of traffic is pretty rubbish - at 3 in the morning even the B12 is pretty dead, despite it being a main run for trucks doing the Sydney/Albury to Adelaide trip, you could be bleeding out for hours before someone sees you. It's not quite the M31, despite being remote that one you'd be hard pressed to bury a body before someone drove past, but major roads in Australia can still be pretty "cut off" from it all.
All that said, if you're not at least checking a gregories or your google maps before you go, you're a fucking moron to do anything big out here with no prep and nothing but your phone.
* Except when I worked as a developer on a PBX. Then I had around 8 phones on my desk. I still didn't bother to configure any of them for usage as my office phone...
PBX developer who doesn't actually use the phone for communication purposes. This may explain a few things about my local Xen box ;)
If you already have access to that system it's fairly trivial to install password capturing code.
The whole point is to engage in defence in depth - FreeBSD offers kern.securelevel to prevent you from being able to write to the file system, or change firewall rules. We have anti rootkit checking programs (do most people make regular use of rkhunter or anything similar?) Further, you need to encrypt and safely store backups. No password logging program is going to lift them from the hashes you got from the borrowed backup drives. Probably 60% of engagements I have been involved in managed to lift a backup drive from the environment, permitting only the tiniest changes to be made to live servers, thus minimising our risk of breaking things, and a (potential) black-hat's chance of being caught.
Making the hashes harder to crack makes it harder to crack into the server, live or from backups. You'd be surprised how many people forget backups.
Hardly anyone ever reads all the information that would be useful for them, at most they read what gives them the answer they want.
It's not even that - I do it when I call a client on my way to a site (if it's not in the address book). You google the name and the word contact, google returns you the phone number but not much (if any) of the surrounding information, so you dial the number.
If a moderately intelligent tech is doing it that way, of course the masses are. Remove the phone number from public access, do what others suggest and set up a 900 number that costs to call, and go from there.
Your logic needs to be checked. Someone has gone to the effort of writing down all of Newtons work, annotated and bound into a big textbook. Someone has gone to all the effort of putting together a wikipedia entry on virtualisation and have even included an entire page worth of software comparisons. You don't see an "advanced user" getting shitty when someone says "on this particular hardware configuration every third packet gets dropped when using a virtual interface for 802.1q" because clearly that person has been working at it for a while. On the other hand, if someone asked on slashdot "how do I determine the length of the longest side in a right angled triangle" they would be shouted down for the same reason a lot of people are shouting down the OP. These are basics you can either look up, or pay someone to teach you (i.e. school/ university). Most of us have at least gone to the effort of reading the 500 page manual, because someone wrote it to make our job easier.
The culmination of knowledge on the internet should not be a bunch of people telling you the answer. Expert systems and other forms of AI make it easier to look up the answer (i.e. google) which should see, if nothing else, a reduction in basics questions.
Unfortunately this is not the case and there is a particularly large rise in questions like this - particularly amongst the currently-in-school generation of "first world" learners. My citation? Every day experience consulting into schools for OLPC-style deployments.
Canker or not you are dealing with a culture who have, well, read a 500 page manual or three. I don't see that it's a big deal to expect the same from others if I had to do it - of course I was doing it before a widespread internet connection was available, but I don't feel that times have changed that much we should not have to learn for ourselves.
Completely un thread related - if they seriously fed you that line of bullshit, make a complaint, the bastards get away with this crap far too often. If your iMac didn't come with system disks (i.e. it came with Lion/ Mountain Lion) they should have been able to show you the command+option+r internet based recovery system - no need to purchase more of their shit.
I hate the language as much as the next guy, but there is a good book floating around, Invent your own computer games with Python or something like that. As abhorrent as I am about a language that enforces where I put my tabs and returns, that book has been good for quite a few of my minions so far.
Do what we've always done - 10 year old jumps between a PC, Mac, (3)DS, iPad, HTC, and occasionally a Linux box when she wants to play a game against her big brother. She's got lots to learn, sure, but she's also had the ability for the last 4 years to use each of those devices for the appropriate purpose, swapping between some of them (upgrades and otherwise - most of the equipment is second hand bar the DS and iPad) depending on what she wants/ who is using them (e.g. Office is on PC and Mac, she can game from the DS or iPad, and she uses both the android phones and iPad for apps and various other bits).
I just don't see the point of locking any child in to one platform, whether you think they are fisher price, evil, or tha bestest open sauce thing evar.
You mean like how there's *always* been a human in charge when they've had an accident?
What known issues? I haven't run in to any in the past few years and I've been installing the devices into enterprise for at least that long. The only thing I've ever had "trouble" with is getting certificates issued for 2-factor auth, not that you can't do it it's just a manual process somewhat.
I'm senior engineer in an Apple shop ATM - if your hardware is crap, the mac will have troubles. Period. This is right up there with turn portfast on for STP routers where Mac's plug in, don't have a .local AD domain, and expect more chatter on your network than a "normal" PC.
I like to point out that the mac equipment is a sensitive little bitch, you'll see the apple kit drop off the network well before pc branded kit - doesn't mean there isn't a problem, just that the mac found it first.
If you found out your local department store was sending your home address through to the local marketing agency you'd be pitching an absolute fit. This is the same. I'm just browsing to a web page, that shouldn't mean that [google/jquery/insertother] should know about it, even if their code is being used on that web page. Just because it's a digital way of gathering the information, doesn't mean it is any less of an intrusion.
And the sysadmin in me feels that constantly polling off to get the latest version of adsense/jquery.js/googleapi is just a waste of bandwidth and resources. Just because you have a 100MB link and 64GB of RAM doesn't mean browsing to a web page or running a program should use it all.
Eh I'm an idiot. Ignore.
Maybe you noticed it this week (or wired did) but the .au version at least has been saying for a very long time now that they don't get PC viruses. It has been a great point of hilarity in my office for quite some time.
The old adage of practice makes perfect would seem to apply - it only makes perfect if you're practicing correctly from the beginning. I ran into a particularly (for me) difficult piece of relativity equation in a text book some time ago, even now when I look at it it makes little sense to me. I was, however, able to go to a lecturer and have them clarify it for me based on how they understood my previous perceptions.
Bring on the robits.
It beggars belief that there wasn't a big red button attached to a console in a control room somewhere that didn't shred RAM and all those components though. Even as far back as 1960 the western world was prepared to suicide pilots in the event of capture, not building that sort of thing in to an unmanned aircraft seems stupid in the extreme.
Any good pentester maintains good physical security (because, you know, you carry your laptop with you at all times), firewalls their own machine, and maintains a fairly decent log of what is crossing their interfaces anyway.
Unfortunately most of the people (I'd go as far as 95-99%) on the backtrack forums are neither pentesters nor good. They use wicd because they don't know how to edit a config file or run their own wpa_supplicant. Most of them go as far as trying to use BT for their regular day-to-day stuff. Idiots. But the backtrack team put up with them, so something like this becomes massive news.
I didn't see headlines when the wget vulnerability was in Backtrack 3...
Based on a few of the indicators in the article, I couldn't say for absolute certainty. The indicator:
/Library/launched
/Library/ unless the systems permissions are shot to hell. Likewise: /Applications/Automator.app/Contents/MacOS/DockLight should not be writable to a non-authenticated user (indeed, it is NOT writable on my laptop - admin user, but no authentication etc.). The article has a few typo's in it which I originally thought may have accounted for /Library/launched (perhaps they meant ~/Library/launched). Certainly the Microsoft KB on this vulnerability doesn't imply administrative rights granted in a one shot.
- Copies itself into
implies administrative permissions of some level (you can't just write to
That said, any package downloaded that is NOT codesigned can be manipulated to include an install-as-administrator payload in the post install hooks - really once you have local user access it is just a manner of time. True everywhere.
I spend my days working as a mac tech, so no, I really do not. I am, however, still highly amused that it happens this way. In much the same fashion as I am amused when wine is used to exploit a linux box.
Apple exploit found in the wild... targets Microsoft product running on Apple OS.
I like the persistence bit though - use the standard plist files to maintain persistence just like any normal piece of code (like maintaining persistence by running a Windows Service).