A bigger vulnerability has been discovered just now as well...
r8#sh ver | in IOS IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(15)T2, RELEASE SOFTWARE (fc2) r8#reload Proceed with reload? [confirm]
Seems like anyone with admin access can reload your router.
IOS (tm) 4500 Software (C4500-A3JK9S-M), Version 12.2(40a), RELEASE SOFTWARE (fc1) frSwitch#reload Proceed with reload? [confirm]
Confirmed on multiple routers as well! OMFG. On another note, anyone with local access to the router can power down the router causing a massive denial of service. Our admins here at GoodyTwoShoesNetworking.com are placing epoxy across all power buttons and cables to prevent this
US Postal Service announced it was creating a new department. Title "United States Postal Delivery and Management System" it will not interfere with the day to day duties of the US Postal Service which manages and delivers mail. It instead complements the current department
Original Microsoft® Silverlight(TM) is a cross-browser, cross-platform plug-in for delivering the next generation of.NET based media experiences and rich interactive applications for the Web. Silverlight offers a flexible programming model that supports AJAX, VB, C#, Python, and Ruby, and integrates with existing Web applications. Silverlight supports fast, cost-effective delivery of high-quality video to all major browsers running on the Mac OS or Windows.
True translation:
Microsoft® Silverlight(TM) is a cross-browser, cross-platform plug-in that will ultimately be leveraged by bot-net herders using the next generation of.NET attacks. Silverlight offers bot-net herders a flexible programming model that supports AJAX, VB, C#, Python, and Ruby, and integrates with existing Web applications that can be used for spam, IRC, DDoS and XSS "I hax0r3d j0or payGe". Silverlight supports fast, cost-effective delivery of all major attacks.
I wonder how long will it be before some company like these fools comes along and starts lobbying the powers that be to tweak "CAN-SPAM" like fables. I say get to the hardcore bottom of it all. Oh more Viagra spam eh... Sue the damn pharmaceutical companies for allowing their advertisers to break laws. That will minimize a whole slew of spam. Think about the monies pharmaceutical companies would have to even dish out to hear a case if half the US started filing small claims cases, class action cases, etc.
In these days and age its sad to see there still is limited separation of church and state. I wonder when the time will be that most of these church fraudsters will be exposed - bank accounts and all - so we can see who is taking um... donations.
If there is one thing I've learned in my 9 years here @/. (original nicks are joq/xprnstar and sil) is that, Slashdot is very influential believe it or not in the industry. Instances like this paint a not so pretty picture unfairly at companies, industries and technologies. Comments, fine we can deal with those, but there are those - and I don't know for the life of me know why - who takes sites such as/., Ars and others as the hammer of god. If I came in from the outside not knowing the true issue/story with what happened @ Monster, I would look at this article's quick summary and probably want to condemn Monster.com to kingdom come. Oh well rant over.
Via my blog... Big deal. I don't bank with them so I really don't care. When Akamai, Doubleclick or some other cache provider get's Pwnd then I'll worry. Actually, with my email box ringing just now, I think I will retire now that I'm rich. "I am Mr. James Morgan, chief auditor Ministry of Economics, Cotonou Benin Republic.I got your information when I was searching for a reliable, honest and trustworthy person to entrust this business with. I was simply inspired and motivated to pick your contact from the many names and lists in the website. I wish to transfer the sum of $14,300,000.00 USD (Fourteen Million Three Hundred Thousand United States Dollars only.)Into your personal or company's bank account.
As stated, when someone like Doubleclick, Akamai or some other cache serving company gets compromised, then I will worry about things more.
The worst part is Monster.com seems to shrug it off with: 'As is the case with many companies that maintain large databases of information Funny how they shrugged it off:
Earlier this month, Monster discovered [a] a malicious code that attempted to harvest stolen email addresses from its database and transfer them to a server in Ukraine. The hackers then sent out phishing emails that claimed to be prospective employers offering a work-from-home job that asked for access to the user's bank account. Monster responded by notifying these job seekers that their contact records had been downloaded illegally and is now working with law enforcement officials and the appropriate regulatory agencies [b]. Monster also revealed that this incident was not the first time the company's database had been the target of criminal activity.
The company says that to boost its security measures it is implementing new robust capabilities for worldwide monitoring and surveillance of site traffic, reviewing and tightening all site access policies and controls and launching a series of targeted initiatives to protect job seeker contact information.
[a] Monster discovered: Did you note that Monster themselves noticed the infiltration. Wasn't posted to a full disclosure list which means they caught it on their own for a change. Give them that credit
[b] Monster initiated contacting those affected and working with LEA's. This didn't come to light in the same fashion as say with what happened at LinkedIn. Linkedin spurns bug bounty hunter. So why post such a trollish statement as "monster shrugged it off". There should be a mechanism to moderate those who post articles.
You state: Internet should be right up there with power, water, transportation, etc. It's already a given that it's a key component of growth and future development. Incorrect. The world works fine without the Internet. We were working fine in the 70's and 80's. We just work more faster and have become more productive with it. However most would say we've hit our plateau with the Internet. As for your comment on: "We need to start treating it more like that instead of a big giveaway to the monopolies that we're broken up in the 80's (at&t). So much for deregulation." There is little in terms of monopolization as many paint out on the Internet. From my POV I see little(r) companies complaining about bigger companies charging less and forcing them out but what about the complaints that hey, those bigger companies spent their own monies laying out the infrastructure. Not only did they lay out the infrastructure, some actually DO share it for the little guys. Its never enough though. If its that big an issue, some of those little guys should take out loans and build their own lines so they won't have to worry about being bullied. Bottom line.
I can't see how a public works effort such as this would work because I'm looking at it from the admin/engineer side of things. So here we have Chicago creating a network that will be funded how. Firstly officials there wanted freebies, they didn't even offer a bone. So having worked at a provider, I can say the provider's first mode of thinking was "Why should I". Think about it, the city charging $20 the provider gets what? Why would the provider dish out all that cash when all it takes is a cluster of people to open WAP's all over the place to let their neighbors surf for free. Sure people do it now, but there is no city official dipping into a providers pockets right now.
Provider --> resells to City @ say 10.00 per person/etc (who cares)
City --> sells to citizens @ say 20.00
City now also has to hire network engineers, admins, tech support etc. Higher taxes.
Provider --> resells to City @ say 10.00 per person/etc (who cares)
City --> sells to citizens @ say 20.00
Citizens --> Opens WAP's citywide leading city to lose revenue
Really who cares. Americans have been too busy watching America's Next Top SomethingOrOther to give a rats ass about their civil liberties. Started off small and now its escalating. While I doubt the FBI is using this for the nightmare scenarios depicted by those who can't see a need for it (not I said CAN'T see a need for it) I dislike the thought, but I do see where there would be a need for it. The potential for abuse from a system like this is what's scary to me, not the fact that its in use. So while everyone cries foul AFTER the fact, remember there have been many rambling on about this for years. I did it in 2000 when Carnivore was released, I rambled on about CIPAV and always take the time to support the efforts of groups like EFF and EPIC. One person like a little privacy maniac some would say. For me means little, I'm aware of what can be done to my privacy, but I'm also aware of how to truly retain a portion of my privacy. Its when this becomes outlawed as it has been done in Germany will I truly get fed up and move out the US. While the rest of normal America focuses on the important things in life like Bratney Spears, Americas Next Stupid Reality Show, Whats Oprah Doing Now crap.
I recently had to call NYPD to find out something about a ticket. So I dialed the local precint... To my amusement (not kidding):
Thank you for calling yadda yadda...
For homicide press 1
For a detective press 2
For donut squad press 3
Alright, so I made up donut squad... But it was funny yet a little scary to think that automation is going a little too far sometimes. I tried to call my mother recently and got the same thing:
Thank you for calling your mother...
If you need money press 1
If you need your laundry done, press 2
If its mother's day, press 3
Nice, give them 9 choices you pre-define on what you want them to be and hope they don't become miserable drones. That's a nice method of control wouldn't you say? Your choices are Doctor, Policeman, Teacher, Politician, Lawyer, Fireman, Veterinarian, Astronaut, Homemaker... Pick now or you'll fall behind Timmy. What happened to freedom of choice. What happens when a student - typical 14 years old at the time is being handed some career and having those studies shoved down his throat only to find out later... "Gee I don't want to be a fireman... I should have studied something else!". Off to the welfare office for little Timmy thanks to his teachers shoving their shit down his throat and making up his mind for him. I say, teach the core studies you've taught and offer an array of information a child can choose from. Not what you dictate. Is this the US or pre Cold War Russia?
Wait a minute you've got this all wrong. He was simply playing SIMS and that alleged hit he put out. Part of the game. Stealing money... part of the game. Now if you would kindly let him out of prison, he won't steal, rape, rob, pillage anymore your honor
Depending on what they release. If its something akin to a facial recognition system, I would think that filling every few frames unseen to the naked eye or perhaps slight snow could throw off any facial recognition like software Google could throw out. Another method if this is the case would be to throw in perhaps a lens filter over the video. E.g. assume Google's software is set to compare a current video with known content. How would it achieve this. Perhaps light based spectrums, image positioning... Shift every so frames, throw in a slight tint, and it should be a wrap.
By deleting a single gene in a small portion of the brains of mice, researchers at UT Southwestern Medical Center found that the animals were affected in a way resembling schizophrenia in humans.
After the gene was removed, the animals, which had been trained to use external cues to look for chocolate treats buried in sand, couldn't learn a similar task, the researchers report in a paper appearing in today's issue of The Journal of Neuroscience.
Dr. Robert Greene, professor of psychiatry, and his colleagues have found that eliminating a gene in a mouse's brain creates memory problems that are reminiscent of schizophrenia. T he researchers deleted the gene, which codes for a part of a protein involved in passing signals between nerve cells needed for learning and memory. When a similar protein is blocked by drugs in humans, it leads to a psychotic state similar to schizophrenia.
Technically, MIT wasn't first: Schizophrenia - Mice With Defective Memory May Hold Clues
Main Category: Schizophrenia News
Article Date: 23 Jan 2006 - 21:00 PDT
There goes the idiotic penis OS envy zealotry. I use OSX too. Does nothing for me considering the majority of time I spend at a machine I have about 10+ shells opened logged into various machines. OSX will do what... Nothing that any other distro I have won't do. I'm gonna place you at around the age of 16-22 for that comment. And its likely you've been using ANYTHING nix related for more than 5 years.
If you got re-directed there... Trust me when I tell you this, you need it. Its from my mod_security rules which is taking information based off of known spyware installations. Something in your useragent forced the redirect so you should actually take the time to either check your machine or it is likely a host in your range was infected and you're seeing the residue of their address... Highly doubtful on the latter.
RBAC's and re-visiting Trusted Solaris... I happen to like a lot of the security functions Sol10+ has integrated into new releases. Sort of reminds me slightly of Trusted Sol. What I do semi agree on is gnu compatibility but to be honest with you, I have no problem administrating a Sol box (any version) without GNU utils. One thing I can foresee with Solaris moving towards this route is the introduction of more security issues. It's kind of rare to see dozens of Solaris security issues - granted when they're there, their extreme. However, GNU*anything you're escalating security risks. Let's be realistic, jump on any security mailing lists and you will see all sorts of issues with third party GNU stuff.
Out of curiousity have you ever even used Solaris (http://www.infiltrated.net/sunDesk.jpg) I have do and have for the past 8+ years. Did it occur that maybe Sun is trying to woo Linux users over. One can get into the whole "Linux/BSD/Solaris" penis envy arguments about the pros and cons of each so here goes:
I could go on with Scientific Linux, FreeBSD and NetBSD screens if you'd like, I use most on a daily basis. Linux for a lot of Asterisk use (professionally), OpenBSD for firewalls and security (professionally), Solaris for DB stuff (professionally), and so on. Anyhow, perhaps Sun is trying to simply trying woo Linux users over to using Sun nothing more nothing less.. Highly doubtful Sun is aiming to be Linux. Sorry to inform the zealots before you come along posting a "but my Linux penis does x recursive foo bar zip zilch sequencing faster that..."... Look there are certain things that should not be left to Linux at least in my shops and that's what counts to me not what you think or someone's distorted benchmarkings, and no I will not get into zealotry here. Stating facts.
Don't let stupidity fool you
on
An eBay For Hackers
·
· Score: 2, Interesting
I saw via a security mailing list ridicule at "Who the hell would buy a Yahoo messenger exploit. har har". So let's think about this for a minute... Done, how many people do you know that use Yahoo messenger at their corporate office? As obscure as some may think the site will be, all you need is some hardcore "pwning" going on, and some government will treat the site as they did Pirate Bay and shut it down quickly
Slashdot Mirror
so means that you're not if authenticated router to the can't it do to crash a cause?
They don't have an ASCII representation of a /. effect. So I made one for em:
##
##
##
##
##
## ###
## ###
US Postal Service announced it was creating a new department. Title "United States Postal Delivery and Management System" it will not interfere with the day to day duties of the US Postal Service which manages and delivers mail. It instead complements the current department
Original Microsoft® Silverlight(TM) is a cross-browser, cross-platform plug-in for delivering the next generation of .NET based media experiences and rich interactive applications for the Web. Silverlight offers a flexible programming model that supports AJAX, VB, C#, Python, and Ruby, and integrates with existing Web applications. Silverlight supports fast, cost-effective delivery of high-quality video to all major browsers running on the Mac OS or Windows.
.NET attacks. Silverlight offers bot-net herders a flexible programming model that supports AJAX, VB, C#, Python, and Ruby, and integrates with existing Web applications that can be used for spam, IRC, DDoS and XSS "I hax0r3d j0or payGe". Silverlight supports fast, cost-effective delivery of all major attacks.
True translation: Microsoft® Silverlight(TM) is a cross-browser, cross-platform plug-in that will ultimately be leveraged by bot-net herders using the next generation of
I wonder how long will it be before some company like these fools comes along and starts lobbying the powers that be to tweak "CAN-SPAM" like fables. I say get to the hardcore bottom of it all. Oh more Viagra spam eh... Sue the damn pharmaceutical companies for allowing their advertisers to break laws. That will minimize a whole slew of spam. Think about the monies pharmaceutical companies would have to even dish out to hear a case if half the US started filing small claims cases, class action cases, etc.
In these days and age its sad to see there still is limited separation of church and state. I wonder when the time will be that most of these church fraudsters will be exposed - bank accounts and all - so we can see who is taking um... donations.
If there is one thing I've learned in my 9 years here @ /. (original nicks are joq/xprnstar and sil) is that, Slashdot is very influential believe it or not in the industry. Instances like this paint a not so pretty picture unfairly at companies, industries and technologies. Comments, fine we can deal with those, but there are those - and I don't know for the life of me know why - who takes sites such as /., Ars and others as the hammer of god. If I came in from the outside not knowing the true issue/story with what happened @ Monster, I would look at this article's quick summary and probably want to condemn Monster.com to kingdom come. Oh well rant over.
Via my blog... Big deal. I don't bank with them so I really don't care. When Akamai, Doubleclick or some other cache provider get's Pwnd then I'll worry. Actually, with my email box ringing just now, I think I will retire now that I'm rich. "I am Mr. James Morgan, chief auditor Ministry of Economics, Cotonou Benin Republic .I got your information when I was searching for a reliable, honest and trustworthy person to entrust this business with. I was simply inspired and motivated to pick your contact from the many names and lists in the website. I wish to transfer the sum of $14,300,000.00 USD (Fourteen Million Three Hundred Thousand United States Dollars only.)Into your personal or company's bank account.
As stated, when someone like Doubleclick, Akamai or some other cache serving company gets compromised, then I will worry about things more.
[a] Monster discovered: Did you note that Monster themselves noticed the infiltration. Wasn't posted to a full disclosure list which means they caught it on their own for a change. Give them that credit
[b] Monster initiated contacting those affected and working with LEA's. This didn't come to light in the same fashion as say with what happened at LinkedIn. Linkedin spurns bug bounty hunter. So why post such a trollish statement as "monster shrugged it off". There should be a mechanism to moderate those who post articles.
You state: Internet should be right up there with power, water, transportation, etc. It's already a given that it's a key component of growth and future development. Incorrect. The world works fine without the Internet. We were working fine in the 70's and 80's. We just work more faster and have become more productive with it. However most would say we've hit our plateau with the Internet. As for your comment on: "We need to start treating it more like that instead of a big giveaway to the monopolies that we're broken up in the 80's (at&t). So much for deregulation." There is little in terms of monopolization as many paint out on the Internet. From my POV I see little(r) companies complaining about bigger companies charging less and forcing them out but what about the complaints that hey, those bigger companies spent their own monies laying out the infrastructure. Not only did they lay out the infrastructure, some actually DO share it for the little guys. Its never enough though. If its that big an issue, some of those little guys should take out loans and build their own lines so they won't have to worry about being bullied. Bottom line.
I can't see how a public works effort such as this would work because I'm looking at it from the admin/engineer side of things. So here we have Chicago creating a network that will be funded how. Firstly officials there wanted freebies, they didn't even offer a bone. So having worked at a provider, I can say the provider's first mode of thinking was "Why should I". Think about it, the city charging $20 the provider gets what? Why would the provider dish out all that cash when all it takes is a cluster of people to open WAP's all over the place to let their neighbors surf for free. Sure people do it now, but there is no city official dipping into a providers pockets right now.
Provider --> resells to City @ say 10.00 per person/etc (who cares) City --> sells to citizens @ say 20.00
City now also has to hire network engineers, admins, tech support etc. Higher taxes.
Provider --> resells to City @ say 10.00 per person/etc (who cares) City --> sells to citizens @ say 20.00 Citizens --> Opens WAP's citywide leading city to lose revenue
Really who cares. Americans have been too busy watching America's Next Top SomethingOrOther to give a rats ass about their civil liberties. Started off small and now its escalating. While I doubt the FBI is using this for the nightmare scenarios depicted by those who can't see a need for it (not I said CAN'T see a need for it) I dislike the thought, but I do see where there would be a need for it. The potential for abuse from a system like this is what's scary to me, not the fact that its in use. So while everyone cries foul AFTER the fact, remember there have been many rambling on about this for years. I did it in 2000 when Carnivore was released, I rambled on about CIPAV and always take the time to support the efforts of groups like EFF and EPIC. One person like a little privacy maniac some would say. For me means little, I'm aware of what can be done to my privacy, but I'm also aware of how to truly retain a portion of my privacy. Its when this becomes outlawed as it has been done in Germany will I truly get fed up and move out the US. While the rest of normal America focuses on the important things in life like Bratney Spears, Americas Next Stupid Reality Show, Whats Oprah Doing Now crap.
I recently had to call NYPD to find out something about a ticket. So I dialed the local precint... To my amusement (not kidding):
Thank you for calling yadda yadda...
For homicide press 1
For a detective press 2
For donut squad press 3
Alright, so I made up donut squad... But it was funny yet a little scary to think that automation is going a little too far sometimes. I tried to call my mother recently and got the same thing:
Thank you for calling your mother...
If you need money press 1
If you need your laundry done, press 2
If its mother's day, press 3
Nice, give them 9 choices you pre-define on what you want them to be and hope they don't become miserable drones. That's a nice method of control wouldn't you say? Your choices are Doctor, Policeman, Teacher, Politician, Lawyer, Fireman, Veterinarian, Astronaut, Homemaker... Pick now or you'll fall behind Timmy. What happened to freedom of choice. What happens when a student - typical 14 years old at the time is being handed some career and having those studies shoved down his throat only to find out later... "Gee I don't want to be a fireman... I should have studied something else!". Off to the welfare office for little Timmy thanks to his teachers shoving their shit down his throat and making up his mind for him. I say, teach the core studies you've taught and offer an array of information a child can choose from. Not what you dictate. Is this the US or pre Cold War Russia?
Wait a minute you've got this all wrong. He was simply playing SIMS and that alleged hit he put out. Part of the game. Stealing money... part of the game. Now if you would kindly let him out of prison, he won't steal, rape, rob, pillage anymore your honor
Depending on what they release. If its something akin to a facial recognition system, I would think that filling every few frames unseen to the naked eye or perhaps slight snow could throw off any facial recognition like software Google could throw out. Another method if this is the case would be to throw in perhaps a lens filter over the video. E.g. assume Google's software is set to compare a current video with known content. How would it achieve this. Perhaps light based spectrums, image positioning... Shift every so frames, throw in a slight tint, and it should be a wrap.
He should also go after Mediasentry if they were responsible for obtaining his information and dishing it off to the US Department of RIAA
Schizophrenia - Mice With Defective Memory May Hold Clues
Main Category: Schizophrenia News
Article Date: 23 Jan 2006 - 21:00 PDT
There goes the idiotic penis OS envy zealotry. I use OSX too. Does nothing for me considering the majority of time I spend at a machine I have about 10+ shells opened logged into various machines. OSX will do what... Nothing that any other distro I have won't do. I'm gonna place you at around the age of 16-22 for that comment. And its likely you've been using ANYTHING nix related for more than 5 years.
If you got re-directed there... Trust me when I tell you this, you need it. Its from my mod_security rules which is taking information based off of known spyware installations. Something in your useragent forced the redirect so you should actually take the time to either check your machine or it is likely a host in your range was infected and you're seeing the residue of their address... Highly doubtful on the latter.
RBAC's and re-visiting Trusted Solaris... I happen to like a lot of the security functions Sol10+ has integrated into new releases. Sort of reminds me slightly of Trusted Sol. What I do semi agree on is gnu compatibility but to be honest with you, I have no problem administrating a Sol box (any version) without GNU utils. One thing I can foresee with Solaris moving towards this route is the introduction of more security issues. It's kind of rare to see dozens of Solaris security issues - granted when they're there, their extreme. However, GNU*anything you're escalating security risks. Let's be realistic, jump on any security mailing lists and you will see all sorts of issues with third party GNU stuff.
Out of curiousity have you ever even used Solaris (http://www.infiltrated.net/sunDesk.jpg) I have do and have for the past 8+ years. Did it occur that maybe Sun is trying to woo Linux users over. One can get into the whole "Linux/BSD/Solaris" penis envy arguments about the pros and cons of each so here goes:
j pg (linux (Backtrack screen))
... Look there are certain things that should not be left to Linux at least in my shops and that's what counts to me not what you think or someone's distorted benchmarkings, and no I will not get into zealotry here. Stating facts.
http://www.infiltrated.net/openpimp.jpg (my openbsd screen)
http://www.infiltrated.net/currentPentestDesktop.
http://www.infiltrated.net/sunDesk.jpg (Solaris Nevada)
I could go on with Scientific Linux, FreeBSD and NetBSD screens if you'd like, I use most on a daily basis. Linux for a lot of Asterisk use (professionally), OpenBSD for firewalls and security (professionally), Solaris for DB stuff (professionally), and so on. Anyhow, perhaps Sun is trying to simply trying woo Linux users over to using Sun nothing more nothing less.. Highly doubtful Sun is aiming to be Linux. Sorry to inform the zealots before you come along posting a "but my Linux penis does x recursive foo bar zip zilch sequencing faster that..."
I saw via a security mailing list ridicule at "Who the hell would buy a Yahoo messenger exploit. har har". So let's think about this for a minute... Done, how many people do you know that use Yahoo messenger at their corporate office? As obscure as some may think the site will be, all you need is some hardcore "pwning" going on, and some government will treat the site as they did Pirate Bay and shut it down quickly