Depends. Some of the lower tier certs would fall under that category, but the CISSP and SANS certs are certainly non-trivial. I'd wager the vast majority of recent CS and IS graduates would fail those exams.
Bin Laden has actually flat out said on at least 2 tapes that the US could avoid being attacked again if we converted to Islam. You can think whatever you like, but that is straight from the horses mouth.
Hmm, interesting. Two pictures of random signs that could be anywhere, and two pictures of the front of the building. None of which show anything remotely interesting. Incriminating stuff, that:) Not that I don't think they do this, just that the pictures are....underwhelming...
Were you expecting to see a big sign that read "Secret NSA Wiretapping Room: Keep Out"? This is real life not a bugs bunny cartoon. The original leak information included a picture of NSA room as well as a illustrated schematic for how the lines were to be spliced. That along with the fact that the gov'ts only response to this has been to try to block it with State Secrets exemptions, is pretty damning.
That's actually an interesting point. I'll be curious to see what multi-discipline journals like Science do if this passes as NIH funded work might be a minority of the papers published. Though I would bet that other fields get significant gov't funding through NSF or DoD grants.
Where is this grant money going to come from? There are huge costs associated with drug R&D and most candidate drugs fail, so you are talking huge amounts of money that NIH doesn't have to give. Plus big pharma has massive R&D facilities that dwarf those of public research universities who couldn't do what big pharma does even if they wanted to. Having dozens of small scale facilities instead of one large integrated unit is inefficient and would probably hinder research even further because their would be less communication between researchers.
From my own experience, I used Napster back in the good old days and it allowed me to try new genres of music that I would have never been exposed to otherwise. I certainly wouldn't have walked into a music store and dropped $12 on a CD by a band that I've never heard of before. I found myself listening to everything from obscure techno groups to classical music and discovered a number of bands that I really liked and went on to buy every CD they put out. End result was that the RIAA got hundreds of dollars out of me that I wouldn't have spent otherwise and I still bought CDs by the groups I liked. Sure, I didn't go on to purchase every single song that I downloaded, but I wouldn't have bought them anyway.
I wonder when this battle over formats is going to end so I can actually start buying HD movies. Seriously, it's very annoying. I certainly don't want to invest in a player until a winner emerges
Agreed. My DVD player just bit the dust this week and I had been hoping that it would hold on until the format war is over. Instead of buying one or the other, I just went with a cheaper Pioneer DVD player that could upscale DVD output to 1080p.
Malware does not equal virus, iit does not "break" into a machine through security holes
Actually a worm is the only type of malware that exploits are security hole. Trojans and viruses really only differ in that a virus is a file infecter, ie it's going to append its code to legitimate executable file(s) existing on the system. A trojan is just malware pretending to be something it's not, much like the real trojan horse. Granted, much of the malware today are blended threats with some aspects of each, so the distinctions are somewhat blurred. But IMO, the original distinctions very accurately described how each malware functioned, like how floppy disks used to be notorious vectors for transmission of viruses similarly to how a real virus would spread in the community.
The fact that it is not exclusively found in a restricted lab setting is the definition of being "in the wild". Very likely that the porn site knows what they are doing, porn sites are notorious for hosting malware as visitors are likely to click on links.
but remember that with NTP if I send a request to UDP port 123 on the NTP server, the reply does not have to come from UDP port 123 on the NTP server
The reply packet from the NTP server will just have the source and dest ports flipped. You can see it in the tcpdump trace FTA.
Both ntpd and BIND can be and often are configured to use random non-privileged ports for outgoing packets to remove the need to run as root after binding their listening port.
I think you are confused. Please cite the exact part of an RFC or implemetation spec that describes that behavior.
When the UDP response doesn't come from the same port on the server that the request went to, connection tracking (which depends on matching up addresses and ports) fails to work and you need to punch a hole explicitly in both directions.
I've written hundreds of custom iptables and pf firewall scripts including build specs for fortune500 companies and used connection tracking for handling both NTP and DNS. It works, I've done it, I'm doing it right now.
Remember that UDP doesn't have the concept of a connection.
All statefull firewalls including OSXs have a concept of connection tracking for UDP and you absolutely can identify a state like "new" or "established" for udp. Firewall connection tracking is not the same concept as tcp connection states and connection state tracking *does* exist for protocols which do not in of themselves have a built-in state tracking mechanism like tcp.
And you can't block all incoming UDP packets.
You can block unsolicited incoming connections but allow udp packets belonging to a connection that was initiated by the OSX system, again using the statefull connection tracking mechanism.
When the user says "block all incoming connections" but also says "synchronize your time to the Internet"
The firewall settings should *always* override other application settings so that an administrator cannot accidentally open a hole in the firewall. Letting an application override system security is moronic and lazy. Microsoft has spent years digging itself out of that same mentality that you seem to be happily advocating. Unless you want other systems to be able to sync their time from your OSX system, then you do not need to allow total access to the ntp ports. You can block incoming connection attempts but still allow your system to sync to the remote timeserver.
They do it both ways. In the screenshot they use local IP addresses, but look at the text dump slightly above the image link on the front page, I'll quote it for clarity:
No, it's exactly what the output says...it's either open or filtered. If the packet is accepted by the system, then no icmp error message is generated which is the same as if it is silently dropped by a firewall (hence open|filtered). Generally when you do a udp scan of a firewall that is filtering udp connections, then *all* ports on the system will appear as open|filtered. If just a few appear that way while others are closed then you can be fairly sure they are open. They then go on to show a tcpdump trace of a unsolicited incoming SMB connection and the corresponding reply. Their analysis is spot on, you just have no idea what you are talking about.
They are now basing an assumption (or marketing spin) because of output from an Nmap scan. This just indicates a flaw in the signature Nmap has (or the lack thereof) for this particular firewall implementation.
That's how UDP scanning works. The fact that all of the other ports on the system appear as closed is highly suggestive that these ports are still accessible to the network. Plus, if you look at the last PNG image on the first page it shows an actual screenshot of tcpdump observing a connection from the remote client to the OS X system and the corresponding reply, clearly showing that a remote incoming connection is allowed through the firewall.
Perhaps Heise are just used to using Linux, where the firewall trumps all ?
Unless things have changed with Leopard, OS X runs ipfw which is a standard freeBSD firewalling software. It functions very similar to iptables on linux and absolutely should "trump all" otherwise an administrator could easily accidentally compromise system security by starting an application. Frankly this looks like a page from the old microsoft playbook of sacrificing security for ease of use.
It'll be interesting to read the software section. It was surprising to see that they use an EOL'd version of Redhat (RH 9) that is no longer supported by Redhat. Granted, they're just webservers, but you'd think that would still require a lot of manually updating to keep things patched.
It has nothing to do with one operating being more secure than another. Windows 2003 server is pricey and is likely to be deployed at a company with at least some form of IT support and is therefore more likely to be properly maintained. Someone running a server in their basement or a mom and pop business is more likely to choose Linux. I've seen plenty of cracked linux boxes where someone threw up a box with PHPbb or LAMP and left it running unpatched for several years. Usually they only realize it is when they get an email complaining about attacks originating from their machine or a notice from their ISP. Often these are non-root compromises where the attacker is running as the Apache user and has the standard toolkit with bot software and flooders stashed in/tmp.
I actually used to respect their company 10 years ago because they made quality electronics. Now they've turned into this evil entity that is trying to squeeze money out of their customers. First I noticed a significant decrease in the quality of their speaker components. Then I had issues with 2 DVD players that I bought from them. One would skip all the time and the other would just refuse to play certain disks (some out of the box). I searched online and found tons of similar complaints and Sony always seemed to deny that there was a problem. That led to a class action lawsuit against Sony for intentionally concealing that fact that there was a firmware problem (see link in my sig). Then the rootkit debacle. Now this. Congratulations, you actually managed to turn me from die-hard customers to someone who will *never* buy a Sony product ever again.
That would prevent you from unlocking a iPhone with the new firmware, it shouldn't have bricked an iPhone that has already been unlocked (you're just closing the barn door after the horses already got away). The big question is whether this was co-incidentally as Apple would have you believe or whether they actually included code in the update that looked to see if a legitimate SIM in place and would brick your phone if it wasn't.
From what I've seen most foreign students have little problem getting student visas if they can show that they're going to be funded. Getting a postdoc is significantly harder because you're now an "employee" rather than a trainee or student. That seems to be the criteria...can you show that you can pay your way through and are you potentially taking away a position that an American could fill.
First ATCC has said that they don't think they were defrauded and have no interesting in pursuing any kind of litigation. Second Kurtz got the bacteria from ATCC specifically because it was well characterized and because it was *THE SAFEST* thing he could use to do this exhibit. He could have easily cultured bacteria from his mouth that would be *much* more dangerous than this organism was. This is about the prosecutor wanting to get somebody so that they don't have to walk away empty-handed.
Slashdot Mirror
Depends. Some of the lower tier certs would fall under that category, but the CISSP and SANS certs are certainly non-trivial. I'd wager the vast majority of recent CS and IS graduates would fail those exams.
Bin Laden has actually flat out said on at least 2 tapes that the US could avoid being attacked again if we converted to Islam. You can think whatever you like, but that is straight from the horses mouth.
Were you expecting to see a big sign that read "Secret NSA Wiretapping Room: Keep Out"? This is real life not a bugs bunny cartoon. The original leak information included a picture of NSA room as well as a illustrated schematic for how the lines were to be spliced. That along with the fact that the gov'ts only response to this has been to try to block it with State Secrets exemptions, is pretty damning.
Original leak info (pdf warning): http://www-tc.pbs.org/wgbh/pages/frontline/homefront/etc/kleindoc.pdf
That's actually an interesting point. I'll be curious to see what multi-discipline journals like Science do if this passes as NIH funded work might be a minority of the papers published. Though I would bet that other fields get significant gov't funding through NSF or DoD grants.
Where is this grant money going to come from? There are huge costs associated with drug R&D and most candidate drugs fail, so you are talking huge amounts of money that NIH doesn't have to give. Plus big pharma has massive R&D facilities that dwarf those of public research universities who couldn't do what big pharma does even if they wanted to. Having dozens of small scale facilities instead of one large integrated unit is inefficient and would probably hinder research even further because their would be less communication between researchers.
From my own experience, I used Napster back in the good old days and it allowed me to try new genres of music that I would have never been exposed to otherwise. I certainly wouldn't have walked into a music store and dropped $12 on a CD by a band that I've never heard of before. I found myself listening to everything from obscure techno groups to classical music and discovered a number of bands that I really liked and went on to buy every CD they put out. End result was that the RIAA got hundreds of dollars out of me that I wouldn't have spent otherwise and I still bought CDs by the groups I liked. Sure, I didn't go on to purchase every single song that I downloaded, but I wouldn't have bought them anyway.
Agreed. My DVD player just bit the dust this week and I had been hoping that it would hold on until the format war is over. Instead of buying one or the other, I just went with a cheaper Pioneer DVD player that could upscale DVD output to 1080p.
I think you are confused. Please cite the exact part of an RFC or implemetation spec that describes that behavior.
I've written hundreds of custom iptables and pf firewall scripts including build specs for fortune500 companies and used connection tracking for handling both NTP and DNS. It works, I've done it, I'm doing it right now.
You can block unsolicited incoming connections but allow udp packets belonging to a connection that was initiated by the OSX system, again using the statefull connection tracking mechanism.
The firewall settings should *always* override other application settings so that an administrator cannot accidentally open a hole in the firewall. Letting an application override system security is moronic and lazy. Microsoft has spent years digging itself out of that same mentality that you seem to be happily advocating. Unless you want other systems to be able to sync their time from your OSX system, then you do not need to allow total access to the ntp ports. You can block incoming connection attempts but still allow your system to sync to the remote timeserver.
If a user sets his firewall to "block all incoming connections" and ntp is still allowed, that is either a flaw in the firewall or the user interface.
No, it's exactly what the output says...it's either open or filtered. If the packet is accepted by the system, then no icmp error message is generated which is the same as if it is silently dropped by a firewall (hence open|filtered). Generally when you do a udp scan of a firewall that is filtering udp connections, then *all* ports on the system will appear as open|filtered. If just a few appear that way while others are closed then you can be fairly sure they are open. They then go on to show a tcpdump trace of a unsolicited incoming SMB connection and the corresponding reply. Their analysis is spot on, you just have no idea what you are talking about.
Perhaps Heise are just used to using Linux, where the firewall trumps all ?
Unless things have changed with Leopard, OS X runs ipfw which is a standard freeBSD firewalling software. It functions very similar to iptables on linux and absolutely should "trump all" otherwise an administrator could easily accidentally compromise system security by starting an application. Frankly this looks like a page from the old microsoft playbook of sacrificing security for ease of use.
It'll be interesting to read the software section. It was surprising to see that they use an EOL'd version of Redhat (RH 9) that is no longer supported by Redhat. Granted, they're just webservers, but you'd think that would still require a lot of manually updating to keep things patched.
If you think that's bad, wait until a tree takes out your internet connection and your entire shop can no longer do any work.
It has nothing to do with one operating being more secure than another. Windows 2003 server is pricey and is likely to be deployed at a company with at least some form of IT support and is therefore more likely to be properly maintained. Someone running a server in their basement or a mom and pop business is more likely to choose Linux. I've seen plenty of cracked linux boxes where someone threw up a box with PHPbb or LAMP and left it running unpatched for several years. Usually they only realize it is when they get an email complaining about attacks originating from their machine or a notice from their ISP. Often these are non-root compromises where the attacker is running as the Apache user and has the standard toolkit with bot software and flooders stashed in /tmp.
But isn't that the equivalent of 4 Canadian months now?
I actually used to respect their company 10 years ago because they made quality electronics. Now they've turned into this evil entity that is trying to squeeze money out of their customers. First I noticed a significant decrease in the quality of their speaker components. Then I had issues with 2 DVD players that I bought from them. One would skip all the time and the other would just refuse to play certain disks (some out of the box). I searched online and found tons of similar complaints and Sony always seemed to deny that there was a problem. That led to a class action lawsuit against Sony for intentionally concealing that fact that there was a firmware problem (see link in my sig). Then the rootkit debacle. Now this. Congratulations, you actually managed to turn me from die-hard customers to someone who will *never* buy a Sony product ever again.
That would prevent you from unlocking a iPhone with the new firmware, it shouldn't have bricked an iPhone that has already been unlocked (you're just closing the barn door after the horses already got away). The big question is whether this was co-incidentally as Apple would have you believe or whether they actually included code in the update that looked to see if a legitimate SIM in place and would brick your phone if it wasn't.
From what I've seen most foreign students have little problem getting student visas if they can show that they're going to be funded. Getting a postdoc is significantly harder because you're now an "employee" rather than a trainee or student. That seems to be the criteria...can you show that you can pay your way through and are you potentially taking away a position that an American could fill.
Is there a lot of oil in Serbia?
First ATCC has said that they don't think they were defrauded and have no interesting in pursuing any kind of litigation. Second Kurtz got the bacteria from ATCC specifically because it was well characterized and because it was *THE SAFEST* thing he could use to do this exhibit. He could have easily cultured bacteria from his mouth that would be *much* more dangerous than this organism was. This is about the prosecutor wanting to get somebody so that they don't have to walk away empty-handed.