If your chiropractor is trained and operating as a physical therapist, then you should just call him your physical therapist. If your chiropractor is acting as a physical therapist, but is not trained as such, then you should go find a real physical therapist. If your chiropractor is acting as a chiropractor.... Oh dear...
If you find yourself having difficulty engaging in normal conversation with adults, instead getting hung up on technicalities like the debatable validity of a comment as a formal argument, then perhaps it is you that has an issue (par for the course with a slashdotter I suppose...).
A comment does not have to be in the form of a formal argument to have a point, and expecting such in an informal discussion ground such as slashdot is nothing short of absurd. The purpose of his comment was to show that your argument was flawed, not to make an argument himself.
Look up Common Carrier sometime (how about now? I dare you to learn). Net neutrality is not a new and exotic concept, and it is not unreasonable or out of line with how business is done in other industries right now.
How many other slashdotters are actually rooting for Galaxy 15? The thought of it possibly knocking about cable television is just far too amusing to me (unlike cable television;).
What, who exactly do you mean by "we're still having to clean up his mess"? Because Obama certainly is not involved in that effort. Hell, I expect him any day now to issue a formal statement thanking Bush for getting all of that shit up and running for him!
I don't know the numbers off the top of my head, but I would suspect not. You can have orbits higher than geosync (think the moon), so you would need to apply a lot of energy to make the satellite leave orbit entirely.
Edit: (well not really, but Preview to the rescue;) Actually, it seems you are kind of on the right track though. http://en.wikipedia.org/wiki/Graveyard_orbit Apply energy to push it into a higher orbit and it will still be in orbit, though in an orbit where it is far less likely to cause harm.
A program can't wait in the background and get root when someone types sudo.
Actually, it most certainly can. Exercise a little creativity.
Alias 'sudo' for a user to script in the user's home directory that looks like sudo, and even executes sudo as the user thought they were, but also logs whatever password they typed. Bamn, no you have the users password and (in the vast majority of cases) the ability to gain root. All of this is quite easy to do, I've done it myself in the past. Takes about 3 minutes to bang it out.
It should be noted that this can also easily be done for 'su'. The trick is rather blunt, and anyone that thought too look for it would immediately notice it, but if your target isn't suspecting you are good to go.
I'm not saying Linux is infallible however the examples people like you list to try to pretend a Linux system is "just as bad" at security are ridiculous at best.
I think we are going to see a lot more of this sort of thing as humans get better and better at organizing matter into computing machines. The future is looking very very bright!
I am arguing with some guy who said 'And authentication without encryption protects you from eavesdroppers how exactly?' Luckily, he seems to have realised he is wrong, and is backing off from his original position.
Wrong. This is exactly what I am still arguing, read my post again.
There are many ways to authenticate both ends of a channel, and have it be safe from MITM attacks, replay attacks, any any other forgery or injection into the channel that that a third party would use, especially considering that the both the ATM and bank card are issued by the bank.
Completely and utterly irrelevant. Those are not the only threats an eavesdropper can pose. As I stated much earlier in this dicussion MITM attacks are not really what you need to be concerned about in this kind of situation.
You are asserting that they used authentication schemes several decades ago for ATM transactions that 1) did not use encryption, and 2) were secure against eavesdroppers. This is, simply put, not true. If you attempt to use authentication in absence of encryption, you are not going to be secure from squat.
Alice and Bob wish to do some banking. Alice is at an ATM, and Bob is a Bank. Alice authenticates with Bob by telling Bob her account number, and the PIN for the account. She does this by shouting across the room for all to here. Eve, listening to this plaintext shouting exchange, writes down Alice's information, and the next day pretends to be Alice to Bob.
You can prevent this scenario a number of ways. For example, authentication can be done over a secure channel (Which is not the case in this situation with older ATMs, they use the same unsecured phoneline for everything).
Or, Alice and Bob can use a challenge-response scheme to authenticate each other. The problem there is still the eavesdropper however. The way to do a challenge-response authentication in the clear is to have Bob generate a random number, and send it to Alice. Alice then takes her PIN and the random number from Bob, applies a one-way function to both of them, and sends the result back to Bob. Bob, knowing both his random number, and Alice's PIN, can also calculate the result of the one-way function, and compare the results.
This is great. Secure authentication without encryption (arguably)! Eve can listen to this transaction all day and still not learn Alice's PIN! So what exactly is the issue? Well, simply put, they did not have one-way functions to do this with during the time we were talking about. Literature on one-way functions from even just before the 80s is severely lacking, it is not reasonable at all to expect that banks, some of the last people to adopt new security technologies, would know about it, and be correctly using it. Even though they could have done this, they didn't know how to. Furthermore, once you use challenge-response authentication in a secure fashion such as this, it becomes much harder to argue that encryption was not in fact used. The original statement was that ATMs originally did not use any sort of encryption at all, assuming that although they didn't bother to use encryption, but had the presense of mind to use a secure challenge-response authentication scheme, is just plain silly.
You mean if there is no authentication, there is no authentication?
Authentication does not imply secure authentication.
Provided enough information you don't have to fake being an ATM. You can *be* an ATM. If the authentication is done in the clear, then you can capture it. ATMs don't authenticate your pin number and whatnot, they are basically just thin clients in that regard. Capture the guys account information, pin number, ect, then you have all you need to screw him over. If you don't believe that, then feel free to post your such information in a reply.
The OP was asserting that ATMs originally worked like telnet or rsh. Authentication but vulnerable to eavesdropping. Listen to the original connection an you have all the information you need to authenticate yourself at a later date. You can't just say "there is authentication so it is safe", you have to do the authentication correctly. You know what else is a form of authentication? The "shave and a hair cut" door-knock.
The use of COPS doesn't seem people from speeding past the school near me. They _often_ have police officers idling around when students are coming or leaving. What makes you think cameras will be any better at stopping jackasses from speeding?
Theoretically they don't need to modify *your* transaction to steal your money if they can record the entirety of the plaintext of your transaction. If they are able to collect the right data (as would be the case if the entire transaction was in the open) then they would be able to use the ATM to authorize a second transaction at a later date. In this hypothetical the attacker is the shop-owner anyways, so physical access to the ATM can be assumed, even if it isn't strictly needed.
Slashdot Mirror
If your chiropractor is trained and operating as a physical therapist, then you should just call him your physical therapist.
If your chiropractor is acting as a physical therapist, but is not trained as such, then you should go find a real physical therapist.
If your chiropractor is acting as a chiropractor.... Oh dear...
Thanks for proving my point though! You're a real sport.
That's ok, Galaxy 15 would probably crash into my plane anyways.
If you find yourself having difficulty engaging in normal conversation with adults, instead getting hung up on technicalities like the debatable validity of a comment as a formal argument, then perhaps it is you that has an issue (par for the course with a slashdotter I suppose...).
A comment does not have to be in the form of a formal argument to have a point, and expecting such in an informal discussion ground such as slashdot is nothing short of absurd. The purpose of his comment was to show that your argument was flawed, not to make an argument himself.
Look up Common Carrier sometime (how about now? I dare you to learn). Net neutrality is not a new and exotic concept, and it is not unreasonable or out of line with how business is done in other industries right now.
How many other slashdotters are actually rooting for Galaxy 15? The thought of it possibly knocking about cable television is just far too amusing to me (unlike cable television ;).
Done as well. I haven't even had to do this with 'Politics', until now only Idle has had the dishonour.
His point is that he thinks your point is shit. Is that really that hard to grep?
Wait, the best word you could think of that means "pressure" was "payola", not "pressure"? O.o
Now I'm understanding of not RTFA, but not reading your fucking parent post is a bit much I think.
What, who exactly do you mean by "we're still having to clean up his mess"? Because Obama certainly is not involved in that effort. Hell, I expect him any day now to issue a formal statement thanking Bush for getting all of that shit up and running for him!
Spoken like a true Crackberry addict.
"My addiction isn't bad because it doesn't prevent me from doing what I want to do. Besides, I could stop at any time if I wanted too!"
I don't know the numbers off the top of my head, but I would suspect not. You can have orbits higher than geosync (think the moon), so you would need to apply a lot of energy to make the satellite leave orbit entirely.
Edit: (well not really, but Preview to the rescue ;)
Actually, it seems you are kind of on the right track though. http://en.wikipedia.org/wiki/Graveyard_orbit Apply energy to push it into a higher orbit and it will still be in orbit, though in an orbit where it is far less likely to cause harm.
Actually, it most certainly can. Exercise a little creativity.
Alias 'sudo' for a user to script in the user's home directory that looks like sudo, and even executes sudo as the user thought they were, but also logs whatever password they typed. Bamn, no you have the users password and (in the vast majority of cases) the ability to gain root. All of this is quite easy to do, I've done it myself in the past. Takes about 3 minutes to bang it out.
It should be noted that this can also easily be done for 'su'. The trick is rather blunt, and anyone that thought too look for it would immediately notice it, but if your target isn't suspecting you are good to go.
Agreed, full heartedly.
I think we are going to see a lot more of this sort of thing as humans get better and better at organizing matter into computing machines. The future is looking very very bright!
Wrong. This is exactly what I am still arguing, read my post again.
Completely and utterly irrelevant. Those are not the only threats an eavesdropper can pose. As I stated much earlier in this dicussion MITM attacks are not really what you need to be concerned about in this kind of situation.
You are asserting that they used authentication schemes several decades ago for ATM transactions that 1) did not use encryption, and 2) were secure against eavesdroppers. This is, simply put, not true. If you attempt to use authentication in absence of encryption, you are not going to be secure from squat.
Alice and Bob wish to do some banking. Alice is at an ATM, and Bob is a Bank. Alice authenticates with Bob by telling Bob her account number, and the PIN for the account. She does this by shouting across the room for all to here. Eve, listening to this plaintext shouting exchange, writes down Alice's information, and the next day pretends to be Alice to Bob.
You can prevent this scenario a number of ways. For example, authentication can be done over a secure channel (Which is not the case in this situation with older ATMs, they use the same unsecured phoneline for everything).
Or, Alice and Bob can use a challenge-response scheme to authenticate each other. The problem there is still the eavesdropper however. The way to do a challenge-response authentication in the clear is to have Bob generate a random number, and send it to Alice. Alice then takes her PIN and the random number from Bob, applies a one-way function to both of them, and sends the result back to Bob. Bob, knowing both his random number, and Alice's PIN, can also calculate the result of the one-way function, and compare the results.
This is great. Secure authentication without encryption (arguably)! Eve can listen to this transaction all day and still not learn Alice's PIN! So what exactly is the issue? Well, simply put, they did not have one-way functions to do this with during the time we were talking about. Literature on one-way functions from even just before the 80s is severely lacking, it is not reasonable at all to expect that banks, some of the last people to adopt new security technologies, would know about it, and be correctly using it. Even though they could have done this, they didn't know how to. Furthermore, once you use challenge-response authentication in a secure fashion such as this, it becomes much harder to argue that encryption was not in fact used. The original statement was that ATMs originally did not use any sort of encryption at all, assuming that although they didn't bother to use encryption, but had the presense of mind to use a secure challenge-response authentication scheme, is just plain silly.
Authentication does not imply secure authentication.
Well, on rare occasions, mules have been known to reproduce.
Provided enough information you don't have to fake being an ATM. You can *be* an ATM. If the authentication is done in the clear, then you can capture it. ATMs don't authenticate your pin number and whatnot, they are basically just thin clients in that regard. Capture the guys account information, pin number, ect, then you have all you need to screw him over. If you don't believe that, then feel free to post your such information in a reply.
The OP was asserting that ATMs originally worked like telnet or rsh. Authentication but vulnerable to eavesdropping. Listen to the original connection an you have all the information you need to authenticate yourself at a later date. You can't just say "there is authentication so it is safe", you have to do the authentication correctly. You know what else is a form of authentication? The "shave and a hair cut" door-knock.
Or they might just do this.
Funny, seems to me like we haven't been doing either...
Excuse me for being dense, but what possible reasons would "of course" make you object to such an image? You are crazy as shit.
The use of COPS doesn't seem people from speeding past the school near me. They _often_ have police officers idling around when students are coming or leaving. What makes you think cameras will be any better at stopping jackasses from speeding?
Yes! Won't somebody please think of the children?!?
Theoretically they don't need to modify *your* transaction to steal your money if they can record the entirety of the plaintext of your transaction. If they are able to collect the right data (as would be the case if the entire transaction was in the open) then they would be able to use the ATM to authorize a second transaction at a later date. In this hypothetical the attacker is the shop-owner anyways, so physical access to the ATM can be assumed, even if it isn't strictly needed.
I seriously hope you are kidding me. Do you really think the only thing that is transmitted over those wires is your account balance?