Doesn't the underlying operating also play a big part in the reliability of the software? Even if your code is correct, can you say the same for what you run the code on, or what you compiled/interpreted it with? Then there is the hardware.
It reminds me of many medical devices that have software running on Windows internally. I remember having LASIK done and the device looked like it was run by a PC with a Windows app. I did not turn out blind.
As long as the media doesn't fact-check what the candidates say, neither will the public majority.
The media is too scared to say any candidate is a liar. I feel this is a huge problem as to why the American public hasn't reached the level of sophistication you talk about.
attrition.org used to have a very up to date website defacement list. This publicly showed which companies were compromised and served as a hall of shame.
Just like squid proxying, why not redirect port 25 transparently to a Comcast mail proxy. This proxy could queue mail and essentially throttle outgoing mail or reject if spam is detected.
I'd like to run Icecast in our office relaying to some external streams to utilize bandwidth for many listeners. Unfortunately, Icecast stays connected to the relays even when there are no listeners, which is a waste. I remember earlier versions of Icecast had this feature, but it has now since gone.
Ah, but who says it should be hosted in the US and have US laws apply to it? What if the system is setup offshore? Or what would happen if this were implemented on something like Freenet?
What I'd suggest is first contacting the standard support channels as you've done. If you still receive no response (or responses with little help) and really feel this is an important problem that needs to be resolved, keep the whole conversation in one email message replying to their support and CCing as many addresses for the company you can find.
That CC: should include marketing department, CEO, CTO, webmaster, sales, WHOIS name registrants, security/abuse contacts, and whoever else you can find on their web page. At least this way you have a higher chance that someone will see the thread that will push it to a higher priority. Again this should probably only be done after you have exhausted the primary support channels to no avail.
I used to report any sort of scans to my network to CERT/SANS, but at some point there were just too many 'attacks' to keep track of. Any reports sent to the administrator(s) of the domain/IP usually resulted in either no response or "we'll look into it".
The sites I worked at got portscanned at least twice a day, usually from a cable modem user running Redhat Linux (easily found out by telnetting back to their IP, which has almost every service still enabled). These are script kiddies, and really I don't think I should waste time on someone who downloaded nmap.
A smart cracker won't blindly portscan your machine, because that pretty much gives him (and his skill) away. I think portscans are a fact of life. The ones to worry about are the quiet crackers, who only give away few signs that they are attempting an attack.
What is more interesting to me is the signature of attacks. I don't think analysis of this sort can be done by looking at an IP, as you may see a pattern in your firewall logs that involve many IPs or spans many days. The trick is putting all of the information together in some sort of analytical way to determine if it is a threat or not.
You have to look at this relative to previous OS's released by Microsoft. How many bugs were in Windows 95, in NT? I hope MS has at least reduced the number of bugs.
Why don't we monitor what type of connections are being made and then make a program to submit random junk constantly so their 'tracking' would be worthless?
Slashdot Mirror
Doesn't the underlying operating also play a big part in the reliability of the software? Even if your code is correct, can you say the same for what you run the code on, or what you compiled/interpreted it with? Then there is the hardware.
It reminds me of many medical devices that have software running on Windows internally. I remember having LASIK done and the device looked like it was run by a PC with a Windows app. I did not turn out blind.
I've always liked the chemistry equation:
PV=nRT
Checkout Time Management for System Administrators
Hell freezes over.
Anyone experimented with running these systems as cluster systems or disposable servers? Would be pretty cool to stack these up.
Some notes on David Bossie.
As long as the media doesn't fact-check what the candidates say, neither will the public majority.
The media is too scared to say any candidate is a liar. I feel this is a huge problem as to why the American public hasn't reached the level of sophistication you talk about.
attrition.org used to have a very up to date website defacement list. This publicly showed which companies were compromised and served as a hall of shame.
Why not continue along these lines?
You may want to checkout the movie Maximum Overdrive. There's a great scene that shows how robot lawnmowers can improve our lives.
Just like squid proxying, why not redirect port 25 transparently to a Comcast mail proxy. This proxy could queue mail and essentially throttle outgoing mail or reject if spam is detected.
I believe you can prevent infection on Windows XP by disabling the 'Server' service under Start->Run->services.msc
Google is censoring this as it is deemed offensive by the maglev train manufacturers.
This specification says to use _ep.domain.com records in DNS. Aren't underscores illegal in DNS?
I'd like to run Icecast in our office relaying to some external streams to utilize bandwidth for many listeners. Unfortunately, Icecast stays connected to the relays even when there are no listeners, which is a waste. I remember earlier versions of Icecast had this feature, but it has now since gone.
Ah, but who says it should be hosted in the US and have US laws apply to it? What if the system is setup offshore? Or what would happen if this were implemented on something like Freenet?
That CC: should include marketing department, CEO, CTO, webmaster, sales, WHOIS name registrants, security/abuse contacts, and whoever else you can find on their web page. At least this way you have a higher chance that someone will see the thread that will push it to a higher priority. Again this should probably only be done after you have exhausted the primary support channels to no avail.
The sites I worked at got portscanned at least twice a day, usually from a cable modem user running Redhat Linux (easily found out by telnetting back to their IP, which has almost every service still enabled). These are script kiddies, and really I don't think I should waste time on someone who downloaded nmap.
A smart cracker won't blindly portscan your machine, because that pretty much gives him (and his skill) away. I think portscans are a fact of life. The ones to worry about are the quiet crackers, who only give away few signs that they are attempting an attack.
What is more interesting to me is the signature of attacks. I don't think analysis of this sort can be done by looking at an IP, as you may see a pattern in your firewall logs that involve many IPs or spans many days. The trick is putting all of the information together in some sort of analytical way to determine if it is a threat or not.
The news agencies are probably not reporting it because they use Microsoft Windows and can't make themselves look bad to the public.
You have to look at this relative to previous OS's released by Microsoft. How many bugs were in Windows 95, in NT? I hope MS has at least reduced the number of bugs.
Network Intrusion Detection: An Analyst's Handbook
by Stephen Northcutt
ISBN: 0735708681
Excellent book on intrusion detection.
Why don't we monitor what type of connections are being made and then make a program to submit random junk constantly so their 'tracking' would be worthless?