Just a thought, but video would be really handy for the install, i'm guessing!
For Solaris? Not likely. I've installed Solaris on a few dozen Solaris boxes, and never needed a monitor on a one of them. They'll dump console out ttya if they don't find a monitor or keyboard, and you can build them from the network with jumpstart.
Sure it does. You're right that the signing doesn't prove that it's trustworthy code, but it does serve some purpose in authentication. There are three steps to trusting a piece of code you download from the net:
1) Verifying that the person who wrote it is really who you think they are.
2) verifying that the code you're getting is really what they wrote.
3) verifying that you actually trust this person.
certs can help with #2. The other steps are left as an exercise for the reader.
For his information, every single exploit Nimda uses has been patched.
Not true. Nimda can propogate via drive shares to a fully-patched machine. Now, granted, putting open shares on the net is stupid. But, I can assure you that at least some of the corporate LANs that are getting thrashed 'cause of this are getting hurt *most* because of the shares propogation.
I think it's a bit early to be announcing the death of Code Red.
Have a look at the stats on www.incidents.org. Right now (as of 11:30 EDT), they have what looks to most folks as the start of a nice exponential growth pattern. It's still small compared to last time, but it is showing no signs of shrinking.
Clearly, the folks who claimed that the dormant infections would all spontaneously re-start were wrong. However, *someone* re-introduced the worm to the wild, and the spread has started again.
re: telnet: welcome to the world of Cisco, son. It wasn't until *very* recently that Cisco even offered ssh-supporting IOS versions at all. It's still very rare to see those versions in use. Now, connecting the management interface of the router to the 'net has some issues of it's own, but it is not unusual...If you're gonna play with Cisco gear, you're gonna use telnet. Deal.
As for replacing the firewall...you really need to get rid of the idea that a firewall is some magic security dust. It is nothing more than a router with an attitude. It controls which services are accessable from which IPs. Nothing more. if you've configured the machines behind it well, the firewall is basically unnecessary. It's useful to do access control, but that's about it.
To add to that (good explanation, by the way), what makes this more interesting is that PSInet still hosts one of the 13 root name servers (c.root-servers.net), meaning that C&W has just cut their customers off from one of the DNS roots. It's not clear how that will affect C&W's customers, but it's still not something I'd do lightly, if I were a network admin.
The Internet is (or at least, was meant to be) all about inclusion of peoples, freedom to access content wherever it is located, and sharing.
No. The Internet was meant to be a DoD information-sharing network that would be resistant to nuclear attack by nature of it's de-centralization. The fact that the biggest use of the net & it's popularity started from the Universities they interconnected, which led to more information sharing, etc, is a happy by-product. Kinda like how the Space program gave us Tang.
Again, I fully abide by all
rules and regulations against SPAM, and provide an unsubscribe option to all mailings.
I'm not going to rise to the obvious troll, but this reminds me of a question that's been bugging me for a while: why do the suit-types (and, often, spammers) think that spam is an acronym? I can almost always tell a suit/spammer from a tech by how they capitalize "spam." If it's all caps, they don't know what they're talking about.
Of course, if it actually *is* an acronym, I'm probably about to get flamed.....
I hate to rain your parade, but Freenet will not help this at all. Even if you're using Freenet, you still have to have your packets *routed*. That's the problem here: the routing tables are growing very quickly.
If you're curious, have a look at this. It's a summary of the size of the Internet routing tables over the last few years. See a pattern?
This
morning's Atlanta Journal-Constitution has a story about how Kroger is now limiting most of its sale items to those who sign up for its discount card. And yes, they can and do
keep track of what you buy.
So, be creative...culture jam. I've got a card for my local grocery store that's registered to "Bozo T. Clown". Yeah, they're collecting demographics for that user, but there's no way that any of it's useful....
There was a young man from Trisk,
whose lovemaking was unusually brisk.
So quick was his action,
that Lorentz contraction
shortened his willy to a disk.
DON'T GIVE OUT YOUR FRIGGEN NAME AS THE PERSON WHO IS ORGANIZING THIS. (Duh!)
and who, pray tell, is going to be the one who pays for the domain name? Someone's got to. (Be real, you're not going to run this without DNS.) The fact is, if you're going to do DNS, you have to be reachable, to pay bills & to make changes. If you're reachable, you're traceable. If you're traceable, you're arrestable.
End result: If you're hosting something in havenco that would get you arrested in your home country, you can still be found and arrested. The only way around this is to have havenco handle all your DNS setup as well, which I don't believe they do. (and, to be honest, that puts you in a very weak position if havenco gets sued, taken over, etc, so having them do your DNS isn't necessarily the best idea anyway.)
Last time I checked (it's a side hobby of mine) only ultrapenguin could run on the UltraSparc architecture. There have been several ports to the sparc architecture, but not that many to the Ultrasparc.
Note: I haven't actually *tried* booting into ultrapenguin linux...for the time being, Solaris is fine for me.
I'm getting to the state where I'm ashamed to be British.
How do you think I feel? I'm 1/2 American, 1/2 British...Between the election, the stupid laws (on both sides) and the Spice Girls, I'm working up some serious therapy bills.
I've looked into this topic for a while, and there's one piece of advice about honeypots that none of these articles ever mentions: Don't put a honeypot on a network that you don't want attacked.
It seems obvious, but I've talked to folks who were proudly saying that they were implementing honeypots on their production networks to make sure that they caught the kiddies.....great....yeah, let's just invite the kiddies right into your private network...that's a great idea. Remember folks, honeypots are fun...but only if there's absolutely no way that an attacker who gets in to the honeypot can do any *real* damage.
Interestingly enough, it seems that the RIAA has some claim to royalties, though a weak one. This comes from the ASCAPFAQ on webcasting:
The ASCAP license does not authorize the reproduction or distribution of music or sound recordings. To obtain these rights you should contact the Harry Fox Agency, Inc.(the wholly-owned licensing subsidiary of the National Music Publishers' Association, Inc.) for authorization to copy and distribute the music, and the copyright owner of the sound recording (usually the record label) for authorization to copy and distribute sound recordings. Information on these important rights may be obtained from the Harry Fox Agency, and the RIAA, the record labels' trade association.
snip
The copying of a copyrighted musical work or sound recording onto your server (as when you load the file containing the work), constitutes exploitation of the reproduction right, for which authorization is required. Again, you should contact the Harry Fox Agency, Inc. for authorization to copy the music onto your server, and the copyright owner of the sound recording (usually the record label), for authorization to copy the sound recording onto your sever.
I can just see it now, someone designs a nifty interface to this "self-arranging room", and then forgets to put a break command in it....the upshot: you have to argue with the room to get things put in place
No, room, I don't care that the Feng Shui of the room is better that way, I want the TV over *there*!
So what I want to know is - is it possible to track this kind of rubbish and remove it, along with users who upload/download it? Keeping it free of this crap will mean that Freenet will be a much cleaner place than the web, and it will also attract less attention from governments looking for their next target.
No, it isn't. And that's quite intentional. The reason: who decides what's appropriate? If we're deleting the kiddie p0rn, why wouldn't we delete the pirated copies of Windows? One could argue that it makes freenet look like a piracy tool if we don't. But, if we delete the pirated copies of Windows, why wouldn't we delete the copies of the MS Kerberos spec? and on and on....It's a slippery slope that no one wants to go down.
Clearly telling the public how to make an exploit can only aggravate the problem, so why do people insist on doing it?
It's called full disclosure, and it's about as zealously adhered to in the security community as open source software is here. The central point is that while releasing the details of an exploit does make it easier for script kiddies to attack you, it also allows you to determine for yourself if your servers are vulnerable. Given M$'s history of writing truth-bending advisories, (or, in this case, denying that there is a vulnerability at all...) I find it very useful.
Slashdot Mirror
For Solaris? Not likely. I've installed Solaris on a few dozen Solaris boxes, and never needed a monitor on a one of them. They'll dump console out ttya if they don't find a monitor or keyboard, and you can build them from the network with jumpstart.
Monitors? Bah, they're for wimps.
1) Verifying that the person who wrote it is really who you think they are.
2) verifying that the code you're getting is really what they wrote.
3) verifying that you actually trust this person.
certs can help with #2. The other steps are left as an exercise for the reader.
Asbestos junk science
Basically, the fire was way too hot for asbestos to handle, even if it had been used. Nice try.
God forbid people should actually stop buying luxury items (like CDs) when they lose their jobs.
Not true. Nimda can propogate via drive shares to a fully-patched machine. Now, granted, putting open shares on the net is stupid. But, I can assure you that at least some of the corporate LANs that are getting thrashed 'cause of this are getting hurt *most* because of the shares propogation.
Have a look at the stats on www.incidents.org. Right now (as of 11:30 EDT), they have what looks to most folks as the start of a nice exponential growth pattern. It's still small compared to last time, but it is showing no signs of shrinking.
Clearly, the folks who claimed that the dormant infections would all spontaneously re-start were wrong. However, *someone* re-introduced the worm to the wild, and the spread has started again.
As for replacing the firewall...you really need to get rid of the idea that a firewall is some magic security dust. It is nothing more than a router with an attitude. It controls which services are accessable from which IPs. Nothing more. if you've configured the machines behind it well, the firewall is basically unnecessary. It's useful to do access control, but that's about it.
To add to that (good explanation, by the way), what makes this more interesting is that PSInet still hosts one of the 13 root name servers (c.root-servers.net), meaning that C&W has just cut their customers off from one of the DNS roots. It's not clear how that will affect C&W's customers, but it's still not something I'd do lightly, if I were a network admin.
No. The Internet was meant to be a DoD information-sharing network that would be resistant to nuclear attack by nature of it's de-centralization. The fact that the biggest use of the net & it's popularity started from the Universities they interconnected, which led to more information sharing, etc, is a happy by-product. Kinda like how the Space program gave us Tang.
I'm not going to rise to the obvious troll, but this reminds me of a question that's been bugging me for a while: why do the suit-types (and, often, spammers) think that spam is an acronym? I can almost always tell a suit/spammer from a tech by how they capitalize "spam." If it's all caps, they don't know what they're talking about.
Of course, if it actually *is* an acronym, I'm probably about to get flamed.....
If you're curious, have a look at this. It's a summary of the size of the Internet routing tables over the last few years. See a pattern?
So, be creative...culture jam. I've got a card for my local grocery store that's registered to "Bozo T. Clown". Yeah, they're collecting demographics for that user, but there's no way that any of it's useful....
There was a young man from Trisk, whose lovemaking was unusually brisk. So quick was his action, that Lorentz contraction shortened his willy to a disk.
and who, pray tell, is going to be the one who pays for the domain name? Someone's got to. (Be real, you're not going to run this without DNS.)
The fact is, if you're going to do DNS, you have to be reachable, to pay bills & to make changes. If you're reachable, you're traceable. If you're traceable, you're arrestable.
End result: If you're hosting something in havenco that would get you arrested in your home country, you can still be found and arrested. The only way around this is to have havenco handle all your DNS setup as well, which I don't believe they do. (and, to be honest, that puts you in a very weak position if havenco gets sued, taken over, etc, so having them do your DNS isn't necessarily the best idea anyway.)
Note: I haven't actually *tried* booting into ultrapenguin linux...for the time being, Solaris is fine for me.
How do you think I feel? I'm 1/2 American, 1/2 British...Between the election, the stupid laws (on both sides) and the Spice Girls, I'm working up some serious therapy bills.
It seems obvious, but I've talked to folks who were proudly saying that they were implementing honeypots on their production networks to make sure that they caught the kiddies.....great....yeah, let's just invite the kiddies right into your private network...that's a great idea. Remember folks, honeypots are fun...but only if there's absolutely no way that an attacker who gets in to the honeypot can do any *real* damage.
What will you do to protect the rights of atheists and those who hold minority faiths, such as Wicca, Santaria, Shinto, et al?
Well, my wife's an evil witch, so I can sympathise with this question...Oh, wait, did I say that out loud?
The ASCAP license does not authorize the reproduction or distribution of music or sound recordings. To obtain these rights you should contact the Harry Fox Agency, Inc.(the wholly-owned licensing subsidiary of the National Music Publishers' Association, Inc.) for authorization to copy and distribute the music, and the copyright owner of the sound recording (usually the record label) for authorization to copy and distribute sound recordings. Information on these important rights may be obtained from the Harry Fox Agency, and the RIAA, the record labels' trade association.
snip
The copying of a copyrighted musical work or sound recording onto your server (as when you load the file containing the work), constitutes exploitation of the reproduction right, for which authorization is required. Again, you should contact the Harry Fox Agency, Inc. for authorization to copy the music onto your server, and the copyright owner of the sound recording (usually the record label), for authorization to copy the sound recording onto your sever.
No, room, I don't care that the Feng Shui of the room is better that way, I want the TV over *there*!
Or, you could just screw with their data by having *everyone* use the same account...like, say user: anoncoward pw: anoncoward
Yes, but not steriods. This has clearly been injected with crack.
No, it isn't. And that's quite intentional. The reason: who decides what's appropriate? If we're deleting the kiddie p0rn, why wouldn't we delete the pirated copies of Windows? One could argue that it makes freenet look like a piracy tool if we don't. But, if we delete the pirated copies of Windows, why wouldn't we delete the copies of the MS Kerberos spec? and on and on....It's a slippery slope that no one wants to go down.
It's called full disclosure, and it's about as zealously adhered to in the security community as open source software is here. The central point is that while releasing the details of an exploit does make it easier for script kiddies to attack you, it also allows you to determine for yourself if your servers are vulnerable. Given M$'s history of writing truth-bending advisories, (or, in this case, denying that there is a vulnerability at all...) I find it very useful.
Do you really honeatly believe that there's no creativity involved in programming? Really? Damn, you must write boring code.