Yahoo! (Overture) holds intellectual property rights to pay-per-click and bidding systems that grant Web sites higher placement in search results.
Google agreed to issue 2.7 million shares (~$250 million) of Class A common stock to Yahoo, based in Sunnyvale, Calif. In turn, Yahoo dropped its lawsuit against Google and issued a "fully paid, perpetual license" to Overture patents.
I guess Microsoft thinks its open season on Yahoo! patents now... I hope Microsoft's legal team is ready to open the checkbook as I doubt the two Standford search engines (Yahoo and Google) will allow Microsoft to get in on the action for free!
The problem isn't botnets, the problem is people and systems. The only reason botnets exist is due to the fact that current software is engineered without much thought toward security, and vendor supplied patches are not applied. Shutting down a botnet is at most only minimally worth the effort as the hosts are still vulnerable to be aquired by the next virus that comes around.
The only solution is secure software engineering and prompt, reliable patching.
This issue is very similar to the debate on Music piracy, but its ironic to me how when the "context" of the topic changes, the general consensual opion of the/. crowd changes as well. Let me explain.
Its always been possible to "track" someone who was traveling in public, be it walking or driving, simply by following and observing. The only change here, is that technology has advanced to where tracking someone has become much more efficient and effective through technology.
Likewise, the Music industry has always had piracy. However, when technology advanced, copying music became efficient and effective and was suddenly viewed as a threat.
So the real issue is the advancement of technology and its effect on society, not GPS tracking without a warrant.
Re:What is the salary like at Google?
on
Defining Google
·
· Score: 1
Salary is very much "industry median". They don't overpay, or underpay. I was disappointed when I saw the offer letter I received... I actually took a paycut to go to work at Google. On the brighter side, however, they have an incredible bonus program . Typically, and engineer is targeted at 15-25% of salary as an annual bonus, but based on personal and company performance, it can easily eclipse your base salary. Additionally, there is the stock options, free food, 20% project time, and many other perks...
But by far the best reward at Google is the quality of people you are working with and learning from...
Re:Dress Code for Google Interview?
on
Defining Google
·
· Score: 1
I would suggest Dockers and a polo shirt and you should be fine. I interviewed in dress slacks with shirt & tie and was told (hopefully jokingly) that I was only docked a few points and if had I wore a suit I would have been black-balled. In the end, I was hired as a Senior Engineer, despite the fact that afterwards I realized that my entire first day of interviewing (2 day onsite interview) was spent with my fly open (100% true).
Although performance improvements will reduce the need for staff on a per computer basis, but the demand for computing resources will continue to increase resulting in what will probably be a net loss of zero.
It always interesting how a report can look at 1 contributing factor and ignore all the others when drawing a conclusion.
Keyhole and Worldwind are NOT the same thing. The only similarity is that they both allow viewing of image data. Keyhole goes further by allowing you to search for "Chinese Restraunts" in San Jose and gives you a high-res map, along with markers where all the Chinese restraunts are located. It also does this with: Schools, Parks, Bike Trails, Roads, Fast Food, Earthquake Epicenters, Hospitals, and tons more. There are dozens of other features that make Keyhole a wickedly cool application.
I used keyhole last night to find the nearest Kentucky Fried Chicken and then I printed out the high-res map to drive there from my house. You can get landmarks (like open fields, farmhouses, etc) as visual driving aids from Mapquest.
"I have handwritten this letter so its confidentiality can be maintained until the appropriate arrangements mentioned above can be made."
Does anyone find it funny that he hand-wrote the letter to ensure an electronic copy could be forwarded around, but somehow the actual memo itself was photocopied and released to the press.
Sounds to me like Bush considers Ashcroft one of the "3 mistakes" he said he made in his first term appointments (stated during the Presidential debates) and possibly asked for his resignation.
Actually, I have checked out hundreds of Music CD's from my library... The library is sharing (c) material in a perfectly legal manner.
If I should choose to rip those hundreds of library checked out music CD's, has the libary commited a crime, or have I?
I recall millions of kids in the 80's recording their favorite music off the radio using tape players. Many of those 80's kids created their own favorites tapes using music copied from the airwaves. The Music industry NEVER prosecuted a single copyright infringer back then, so I believe that they are failed to "rigourously enforce their copyrights" and have thus invalidated them... Hmm, sounds like a valid legal argument doesn't it. Whats the difference between then and now, that we have moved from Radio to Ethernet? I think its more of a fear of the improvement in efficiency and quality, not the protection of copyrights that they clear choose to ignore until just recently. There is a valid legal defense in this line of reasoning.
What a waste of bandwidth. The replies Mr Shatner provided to the Slashdot questions make me wonder how many seconds he spent composing his insightful and thought provoking answers.
I hope Slashdot never wastes its time again with such a poorly selected candidate for our highly visible and respectable Q&A.
For reference, I installed and configured an SSH server while employed with CapitalOne financial to facilitate the secure SFTP/SCP transfer of data between CapitalOne and its numberous vendors. I utilized F-Secure SSH which is a commercial SSH software package with both Unix and Windows ports. Sun Solaris on the Sparc platform was used as the foundation for the Server.
I am not sure if the solution is still in use since I am no longer employed there but the solution worked well at the time with one exception, there was no Macintosh port at the time which limited the use with some of CapitalOne's marketing/graphic vendors (all those artsy fartsy types love the Mac!)
Lets look at Iridium as an example:
Motorola controlled the Telemetry Tracking And Control (TTAC) function for Iridium's birds. The satellites were controlled through, of all things, SNMP! Yes, its true. SNMP issued commands controlled the basic functions of the satellite. Commands were issued from TTAC's to the birds as they passed overhead. One can only communicate when the satellite is over the horizon of the transmitting/receiving TTAC, you can't just broadcast a signal from anywhere and hope the satellite gets it. NExt, you can only communicate with a satellite thats listening. Power consumption is a critical issue in satellites (no 120v ac in space.) Therefore, the satellites only listen and transmit when they are overhead of a TTAC. The signal must be coming from or going to the general area of the TTAC (its directional). Because they communicate as they travel overhead, the distance involved, etc, this creates a distorted egg shaped signal "footprint" around the TTAC. When the bird is directly overhead, the footprint is shaped like a circle (for Iridium, approx 20 miles diameter), then back to an egg shape as the bird approaches the far horizen. Any HAM/hacker wanting to snoop or squash the TTAC signal must be in the general vacinity of the TTAC in order to be able to receive or transmit effectively.
Motorola had several issues that are probably prevalent thoughout the commercial sat industry. First, the TTAC stations WERE connected to the rest of the Motorola network, which in turned connected to 3rd party networks, and on an on. Even though Firewalls, ACL's were used, they were based on very general rules, usually restricting to broad networks. Also, dial-in was supported on routers throughout the network for maintenance, so the best way around the Firewalls would simply be Soc. engineering a router password and dial-up the TTAC router/switch.
This could be achieved by: Located the TTACS for the satellite in question, usually public info. Get any phone numbers at that location you can. WAR dial a range of numbers around the TTAC numbers and note any Cisco devices answering. Use the SE'd passwd on the discovered Cisco dialups until you find a winner. Once in, either swipe the control apps for your own transmitter/reviever, or perform a one time attack since you unlikely to get a second chance one they notice.
SIDE NOTE: There is NO chance of anyone ever using a satellite to crash into another bird. It takes motorola several months just to move 1 bird from orbit A into adjacent orbit B. Fuel is extremely limited on these things. Besides, picture the entire earth as a parking lot with 50,100 or even 500 hundred cars continuously driving around on it. What is the likely hood any of them will ever collide, much less run into each other. Now imagine it with each car having 1 gallon of gas to use. The logistics now become very clear.
I make the following recommendations based on how I achieved my degree after being in a situation such as the one described.
Select an accredited university. Do NOT get a degree by mail. You will get called on it by any reputable employer.
Find a university that will provide "work experience" credits. I went through Wayland University (based in Texas). They allowed up to 20 some credits based on real-world work experience. This eliminates the need for some boring electives.
Select a BS program that is quickest to achieve. I obtained a degree in Business Administration because I knew and could document my technical experience. With the Bus. Admin degree I would prove to employers I can also understand business and management allowing me to progress up the corporate ladder.
Next, CLEP or DANTES test out of every class you can. At around $50 a pop, they are worth taking even if you are unsure of passing. I took ACCOUNTING I class and CLEP'd out of ACCOUNTING II. I also CLEP'd numerous math, physics, and astronomy classes simply because I knew the material reasonably well. Depending on the university you select, you may only need around a 50% passing score on CLEP or DANTES tests to be given credit. Since they are multiple choice, your almost guaranteed 25% correct by guessing.;)
Once you have cleaned out all the elective classes through CLEPs and work experience, you need to focus on core classes. Universities require you to take a minimum number of required courses from them in order to obtain a degree, usually 11 classes or so. You will not be able to get around this. Select the classes you believe will be important to give you a good background in the degree field you've choosen. They will actually be beneficial to you in the long run.
Final thoughts. I completed my degree in just under 2 years by completly immersing myself into the program (while continuing to work full time and run my own ISP and security consulting business). I had ZERO social life for those 2 years but it was well worth the effort. As a side note, once you have the credits (through CLEP, DANTES, or actually taking classes) and complete you degree you always have the option to leverage those in a second degree at another university. Get the quickest degree (Business admin, forestry, or whatever) then go back later and take a few additional classes to get the CS if you desired.
Most important, although you might think a CS degree is critical, employers first look to see if you have ANY degree, which provides them documented evidence of ability to learn and desire to grow in knowledge. Get a degree!
http://paw.org/news/works.html I wrote some PERL a few months ago to do just this. Scans a variety of websites and "steals" their articles,/. included. Of course, I also provide credit to the original source and the links take you to the actual website to read the article. Its was fun to do. Still could use a lot more work, but I am now distracted with another project... -Alascom http://paw.org >Perhaps just as easy would be to code a true Slashbot. How hard is it to scan Salon, CNet, the NYTimes etc. >for relevant article topics, parse them and post a summary with links? Sit back and watch the karma roll in baby!
>...because of one typo... Apparently security is not a specialty of yours. Most security problems ARE the result of "typos" and small errors. If the code was written incorrectly, and I use that to intercept users or information, how can you deny its a clean hack. Apparently, you young kids who watch a movie or read a book and think your hackers don't really understand what hacking is... Its not always the cool "click the pi symbol and get into the FBI Mainframe." The contest said a valid win was stealing user information, so if they make a typo and I use that to intercept users when they click links, then intercept information from those users, its a clear success. In the real world, the results could be FAR more insideous. -Alascom
That rant of yours in very funny. Let me explain that securent.hackpcweek.com IS vulnerable. The problem isn't NT however, its in the HTML code on the server. Similarly, the Linux wasn't vulnerable, but the CGI script was. YES, SECURENT CAN BE HACKED. You heard it here first. The rules state: break into the system, modify pages, and/or steal user information. Well, according to those rules it can be broken. Let me explain. I examined the SECURENT html source and noticed several links to "www.hackpcweek.com.com" (notice the extra.com). Then I contacted Curt Connell with EDS who is Administrative contact for COM.COM. (Please don't call or bother him anymore). A simple 'A' record in the.com.com DNS server refering 'www.hackpcweek.com.com' to my own web server would allow me to steal user information. Whats more, the user would b believe they were still on a real "pcweek" server seeing valid pcweek documents, allowing me to send malicious code, request confidential information, etc. Curt was unable to get "official" EDS permission to create the 'A' record, but the hack is valid and does exist. (Again, please do not bother Curt anymore). A simple goof in the HTML code renders the NT box 'hackable'. A side benefit is we circumvent the Firewall, IDS and other security features by just directing to another site. Oops. The NT 'IS' vulnerable to attack. In closing, don't consider an operating system insecure based on the applications (or HTML) thats on it.
That rant of yours in very funny. Let me explain that securent.hackpcweek.com IS vulnerable. The problem isn't NT however, its in the HTML code on the server. Similarly, the Linux wasn't vulnerable, but the CGI script was. YES, SECURENT CAN BE HACKED. You heard it here first. The rules state: break into the system, modify pages, and/or steal user information. Well, according to those rules it can be broken. Let me explain. I examined the SECURENT html source and noticed several links to "www.hackpcweek.com.com" (notice the extra.com). Then I contacted Curt Connell with EDS who is Administrative contact for COM.COM. (Please don't call or bother him anymore). A simple 'A' record in the.com.com DNS server refering 'www.hackpcweek.com.com' to my own web server would allow me to steal user information. Whats more, the user would believe they were still on a real "pcweek" server seeing valid pcweek documents, allowing me to send malicious code, request confidential information, etc. Curt was unable to get "official" EDS permission to create the 'A' record, but the hack is valid and does exist. (Again, please do not bother Curt anymore). A simple goof in the HTML code renders the NT box 'hackable'. A side benefit is we circumvent the Firewall, IDS and other security features by just directing to another site. Oops. The NT 'IS' vulnerable to attack. In closing, don't consider an operating system insecure based on the applications (or HTML) thats on it. -Alascom alascom@dc2600.com
That rant of yours in very funny. Let me explain that securent.hackpcweek.com IS vulnerable. The problem isn't NT however, its in the HTML code on the server. Similarly, the Linux wasn't vulnerable, but the CGI script was. YES, SECURENT CAN BE HACKED. You heard it here first. The rules state: break into the system, modify pages, and/or steal user information. Well, according to those rules it can be broken. Let me explain. I examined the SECURENT html source and noticed several links to "www.hackpcweek.com.com" (notice the extra.com). Then I contacted Curt Connell with EDS who is Administrative contact for COM.COM. (Please don't call or bother him anymore). A simple 'A' record in the.com.com DNS server refering 'www.hackpcweek.com.com' to my own web server would allow me to steal user information. Whats more, the user would believe they were still on a real "pcweek" server seeing valid pcweek documents, allowing me to send malicious code, request confidential information, etc. Curt was unable to get "official" EDS permission to create the 'A' record, but the hack is valid and does exist. (Again, please do not bother Curt anymore). A simple goof in the HTML code renders the NT box 'hackable'. A side benefit is we circumvent the Firewall, IDS and other security features by just directing to another site. Oops. The NT 'IS' vulnerable to attack. In closing, don't consider an operating system insecure based on the applications (or HTML) thats on it. -Alascom alascom@dc2600.com
The NT box is still up, and CAN be hacked. I know, I already found a workable hack to steal user information from the NT server. Of course, will I still get $1000 for being the first to compromise the NT Server or is the "contest" officially over... Anyone know if it still going on? or should I just post how to hack it. -Alascom
Slashdot Mirror
Google agreed to issue 2.7 million shares (~$250 million) of Class A common stock to Yahoo, based in Sunnyvale, Calif. In turn, Yahoo dropped its lawsuit against Google and issued a "fully paid, perpetual license" to Overture patents.
I guess Microsoft thinks its open season on Yahoo! patents now... I hope Microsoft's legal team is ready to open the checkbook as I doubt the two Standford search engines (Yahoo and Google) will allow Microsoft to get in on the action for free!
Value of PI == 3.14159265....
Google sells == 14,159,265 shares...
You have to love a company so cool that even something as boring as a secondary stock issue can be made into an inside joke for geeks.
The problem isn't botnets, the problem is people and systems. The only reason botnets exist is due to the fact that current software is engineered without much thought toward security, and vendor supplied patches are not applied. Shutting down a botnet is at most only minimally worth the effort as the hosts are still vulnerable to be aquired by the next virus that comes around.
The only solution is secure software engineering and prompt, reliable patching.
Oh no... Could it be name
gaypal?
Click "Link to this page" in the upper right corner of the map, then bookmark the link or email it to yourself....
The "Link to this page" option creates a URL suitable for recreating the exact query you have on the map.
Get your Google-warez here...
www.googlestore.com
This issue is very similar to the debate on Music piracy, but its ironic to me how when the "context" of the topic changes, the general consensual opion of the /. crowd changes as well. Let me explain.
Its always been possible to "track" someone who was traveling in public, be it walking or driving, simply by following and observing. The only change here, is that technology has advanced to where tracking someone has become much more efficient and effective through technology.
Likewise, the Music industry has always had piracy. However, when technology advanced, copying music became efficient and effective and was suddenly viewed as a threat.
So the real issue is the advancement of technology and its effect on society, not GPS tracking without a warrant.
Salary is very much "industry median". They don't overpay, or underpay. I was disappointed when I saw the offer letter I received... I actually took a paycut to go to work at Google. On the brighter side, however, they have an incredible bonus program . Typically, and engineer is targeted at 15-25% of salary as an annual bonus, but based on personal and company performance, it can easily eclipse your base salary. Additionally, there is the stock options, free food, 20% project time, and many other perks...
But by far the best reward at Google is the quality of people you are working with and learning from...
I would suggest Dockers and a polo shirt and you should be fine. I interviewed in dress slacks with shirt & tie and was told (hopefully jokingly) that I was only docked a few points and if had I wore a suit I would have been black-balled. In the end, I was hired as a Senior Engineer, despite the fact that afterwards I realized that my entire first day of interviewing (2 day onsite interview) was spent with my fly open (100% true).
Although performance improvements will reduce the need for staff on a per computer basis, but the demand for computing resources will continue to increase resulting in what will probably be a net loss of zero.
It always interesting how a report can look at 1 contributing factor and ignore all the others when drawing a conclusion.
Keyhole and Worldwind are NOT the same thing. The only similarity is that they both allow viewing of image data. Keyhole goes further by allowing you to search for "Chinese Restraunts" in San Jose and gives you a high-res map, along with markers where all the Chinese restraunts are located. It also does this with: Schools, Parks, Bike Trails, Roads, Fast Food, Earthquake Epicenters, Hospitals, and tons more. There are dozens of other features that make Keyhole a wickedly cool application.
I used keyhole last night to find the nearest Kentucky Fried Chicken and then I printed out the high-res map to drive there from my house. You can get landmarks (like open fields, farmhouses, etc) as visual driving aids from Mapquest.
I give keyhole a thumbs up.
Try searching for "best search engine" on search.msn.com.p x?FORM=SRCHWB&q=b est%20search%20engine
;)
http://search.msn.com/results.as
Google: #1
Microsoft Search isn't even in the top 10 results...
Game, set, match....
Add this to robots.txt
/
User-agent: msnbot
Disallow:
I will fight Micro$oft efforts to monopolize another area of the tech industry (to its detriment)
Google: Don't be evil!
Microsoft: Greed is good, greed works!
"I have handwritten this letter so its confidentiality can be maintained until the appropriate arrangements mentioned above can be made."
Does anyone find it funny that he hand-wrote the letter to ensure an electronic copy could be forwarded around, but somehow the actual memo itself was photocopied and released to the press.
Sounds to me like Bush considers Ashcroft one of the "3 mistakes" he said he made in his first term appointments (stated during the Presidential debates) and possibly asked for his resignation.
Actually, I have checked out hundreds of Music CD's from my library... The library is sharing (c) material in a perfectly legal manner.
If I should choose to rip those hundreds of library checked out music CD's, has the libary commited a crime, or have I?
I recall millions of kids in the 80's recording their favorite music off the radio using tape players. Many of those 80's kids created their own favorites tapes using music copied from the airwaves. The Music industry NEVER prosecuted a single copyright infringer back then, so I believe that they are failed to "rigourously enforce their copyrights" and have thus invalidated them... Hmm, sounds like a valid legal argument doesn't it. Whats the difference between then and now, that we have moved from Radio to Ethernet? I think its more of a fear of the improvement in efficiency and quality, not the protection of copyrights that they clear choose to ignore until just recently. There is a valid legal defense in this line of reasoning.
What a waste of bandwidth. The replies Mr Shatner provided to the Slashdot questions make me wonder how many seconds he spent composing his insightful and thought provoking answers.
I hope Slashdot never wastes its time again with such a poorly selected candidate for our highly visible and respectable Q&A.
For reference, I installed and configured an SSH server while employed with CapitalOne financial to facilitate the secure SFTP/SCP transfer of data between CapitalOne and its numberous vendors. I utilized F-Secure SSH which is a commercial SSH software package with both Unix and Windows ports. Sun Solaris on the Sparc platform was used as the foundation for the Server.
I am not sure if the solution is still in use since I am no longer employed there but the solution worked well at the time with one exception, there was no Macintosh port at the time which limited the use with some of CapitalOne's marketing/graphic vendors (all those artsy fartsy types love the Mac!)
-Alascom
Lets look at Iridium as an example:
Motorola controlled the Telemetry Tracking And Control (TTAC) function for Iridium's birds. The satellites were controlled through, of all things, SNMP! Yes, its true. SNMP issued commands controlled the basic functions of the satellite. Commands were issued from TTAC's to the birds as they passed overhead. One can only communicate when the satellite is over the horizon of the transmitting/receiving TTAC, you can't just broadcast a signal from anywhere and hope the satellite gets it. NExt, you can only communicate with a satellite thats listening. Power consumption is a critical issue in satellites (no 120v ac in space.) Therefore, the satellites only listen and transmit when they are overhead of a TTAC. The signal must be coming from or going to the general area of the TTAC (its directional). Because they communicate as they travel overhead, the distance involved, etc, this creates a distorted egg shaped signal "footprint" around the TTAC. When the bird is directly overhead, the footprint is shaped like a circle (for Iridium, approx 20 miles diameter), then back to an egg shape as the bird approaches the far horizen. Any HAM/hacker wanting to snoop or squash the TTAC signal must be in the general vacinity of the TTAC in order to be able to receive or transmit effectively.
Motorola had several issues that are probably prevalent thoughout the commercial sat industry. First, the TTAC stations WERE connected to the rest of the Motorola network, which in turned connected to 3rd party networks, and on an on. Even though Firewalls, ACL's were used, they were based on very general rules, usually restricting to broad networks. Also, dial-in was supported on routers throughout the network for maintenance, so the best way around the Firewalls would simply be Soc. engineering a router password and dial-up the TTAC router/switch.
This could be achieved by: Located the TTACS for the satellite in question, usually public info. Get any phone numbers at that location you can. WAR dial a range of numbers around the TTAC numbers and note any Cisco devices answering. Use the SE'd passwd on the discovered Cisco dialups until you find a winner. Once in, either swipe the control apps for your own transmitter/reviever, or perform a one time attack since you unlikely to get a second chance one they notice.
SIDE NOTE: There is NO chance of anyone ever using a satellite to crash into another bird. It takes motorola several months just to move 1 bird from orbit A into adjacent orbit B. Fuel is extremely limited on these things. Besides, picture the entire earth as a parking lot with 50,100 or even 500 hundred cars continuously driving around on it. What is the likely hood any of them will ever collide, much less run into each other. Now imagine it with each car having 1 gallon of gas to use. The logistics now become very clear.
I make the following recommendations based on how I achieved my degree after being in a situation such as the one described.
;)
Select an accredited university. Do NOT get a degree by mail. You will get called on it by any reputable employer.
Find a university that will provide "work experience" credits. I went through Wayland University (based in Texas). They allowed up to 20 some credits based on real-world work experience. This eliminates the need for some boring electives.
Select a BS program that is quickest to achieve. I obtained a degree in Business Administration because I knew and could document my technical experience. With the Bus. Admin degree I would prove to employers I can also understand business and management allowing me to progress up the corporate ladder.
Next, CLEP or DANTES test out of every class you can. At around $50 a pop, they are worth taking even if you are unsure of passing. I took ACCOUNTING I class and CLEP'd out of ACCOUNTING II. I also CLEP'd numerous math, physics, and astronomy classes simply because I knew the material reasonably well. Depending on the university you select, you may only need around a 50% passing score on CLEP or DANTES tests to be given credit. Since they are multiple choice, your almost guaranteed 25% correct by guessing.
Once you have cleaned out all the elective classes through CLEPs and work experience, you need to focus on core classes. Universities require you to take a minimum number of required courses from them in order to obtain a degree, usually 11 classes or so. You will not be able to get around this. Select the classes you believe will be important to give you a good background in the degree field you've choosen. They will actually be beneficial to you in the long run.
Final thoughts. I completed my degree in just under 2 years by completly immersing myself into the program (while continuing to work full time and run my own ISP and security consulting business). I had ZERO social life for those 2 years but it was well worth the effort. As a side note, once you have the credits (through CLEP, DANTES, or actually taking classes) and complete you degree you always have the option to leverage those in a second degree at another university. Get the quickest degree (Business admin, forestry, or whatever) then go back later and take a few additional classes to get the CS if you desired.
Most important, although you might think a CS degree is critical, employers first look to see if you have ANY degree, which provides them documented evidence of ability to learn and desire to grow in knowledge. Get a degree!
Hope this helps.
http://paw.org/news/works.html I wrote some PERL a few months ago to do just this. Scans a variety of websites and "steals" their articles, /. included. Of course, I also provide credit to the original source and the links take you to the actual website to read the article. Its was fun to do. Still could use a lot more work, but I am now distracted with another project... -Alascom http://paw.org >Perhaps just as easy would be to code a true Slashbot. How hard is it to scan Salon, CNet, the NYTimes etc. >for relevant article topics, parse them and post a summary with links? Sit back and watch the karma roll in baby!
>...because of one typo... Apparently security is not a specialty of yours. Most security problems ARE the result of "typos" and small errors. If the code was written incorrectly, and I use that to intercept users or information, how can you deny its a clean hack. Apparently, you young kids who watch a movie or read a book and think your hackers don't really understand what hacking is... Its not always the cool "click the pi symbol and get into the FBI Mainframe." The contest said a valid win was stealing user information, so if they make a typo and I use that to intercept users when they click links, then intercept information from those users, its a clear success. In the real world, the results could be FAR more insideous. -Alascom
That rant of yours in very funny. Let me explain that securent.hackpcweek.com IS vulnerable. The problem isn't NT however, its in the HTML code .com). Then I contacted Curt Connell with EDS who is Administrative contact for COM.COM. (Please don't call or bother him anymore). A simple 'A' record in the .com.com
on the server. Similarly, the Linux wasn't vulnerable, but the CGI script was. YES, SECURENT CAN BE HACKED. You heard it here first. The
rules state: break into the system, modify pages, and/or steal user information. Well, according to those rules it can be broken. Let me explain. I
examined the SECURENT html source and noticed several links to "www.hackpcweek.com.com" (notice the extra
DNS server refering 'www.hackpcweek.com.com' to my own web server would allow me to steal user information. Whats more, the user would b believe they were still on a real "pcweek" server seeing valid pcweek documents, allowing me to send malicious code, request confidential information, etc. Curt was unable to get "official" EDS permission to create the 'A' record, but the hack is valid and does exist. (Again, please do not
bother Curt anymore). A simple goof in the HTML code renders the NT box 'hackable'. A side benefit is we circumvent the Firewall, IDS and other security features by just directing to another site. Oops. The NT 'IS' vulnerable to attack. In closing, don't consider an operating system insecure based on the applications (or HTML) thats on it.
-Alascom
alascom@dc2600.com
That rant of yours in very funny. Let me explain that securent.hackpcweek.com IS vulnerable. The problem isn't NT however, its in the HTML code on the server. Similarly, the Linux wasn't vulnerable, but the CGI script was. YES, SECURENT CAN BE HACKED. You heard it here first. The rules state: break into the system, modify pages, and/or steal user information. Well, according to those rules it can be broken. Let me explain. I examined the SECURENT html source and noticed several links to "www.hackpcweek.com.com" (notice the extra .com). Then I contacted Curt Connell with EDS who is Administrative contact for COM.COM. (Please don't call or bother him anymore). A simple 'A' record in the .com.com DNS server refering 'www.hackpcweek.com.com' to my own web server would allow me to steal user information. Whats more, the user would believe they were still on a real "pcweek" server seeing valid pcweek documents, allowing me to send malicious code, request confidential information, etc. Curt was unable to get "official" EDS permission to create the 'A' record, but the hack is valid and does exist. (Again, please do not bother Curt anymore). A simple goof in the HTML code renders the NT box 'hackable'. A side benefit is we circumvent the Firewall, IDS and other security features by just directing to another site. Oops. The NT 'IS' vulnerable to attack. In closing, don't consider an operating system insecure based on the applications (or HTML) thats on it. -Alascom alascom@dc2600.com
That rant of yours in very funny. Let me explain that securent.hackpcweek.com IS vulnerable. The problem isn't NT however, its in the HTML code on the server. Similarly, the Linux wasn't vulnerable, but the CGI script was. YES, SECURENT CAN BE HACKED. You heard it here first. The rules state: break into the system, modify pages, and/or steal user information. Well, according to those rules it can be broken. Let me explain. I examined the SECURENT html source and noticed several links to "www.hackpcweek.com.com" (notice the extra .com). Then I contacted Curt Connell with EDS who is Administrative contact for COM.COM. (Please don't call or bother him anymore). A simple 'A' record in the .com.com DNS server refering 'www.hackpcweek.com.com' to my own web server would allow me to steal user information. Whats more, the user would believe they were still on a real "pcweek" server seeing valid pcweek documents, allowing me to send malicious code, request confidential information, etc. Curt was unable to get "official" EDS permission to create the 'A' record, but the hack is valid and does exist. (Again, please do not bother Curt anymore). A simple goof in the HTML code renders the NT box 'hackable'. A side benefit is we circumvent the Firewall, IDS and other security features by just directing to another site. Oops. The NT 'IS' vulnerable to attack. In closing, don't consider an operating system insecure based on the applications (or HTML) thats on it. -Alascom alascom@dc2600.com
The NT box is still up, and CAN be hacked. I know, I already found a workable hack to steal user information from the NT server. Of course, will I still get $1000 for being the first to compromise the NT Server or is the "contest" officially over... Anyone know if it still going on? or should I just post how to hack it. -Alascom