This method is how most content filters do their jobs. Why not just drop the traffic you ask? Well here's why.. if you don't reset the connections, both sides will just continue trying to communicate with one another by retransmitting the packets. That's why it's TCP and not UDP.. the whole trying to guarantee the delivery thing. Now, they're not just blocking on IP addresses. If that was the case they could just drop the traffic altogether and not need to "forge" anything. However, since it's discovering the traffic is P2P related later on, it does it in such a fashion.
Now the other thing is that the IP addresses being used are owned by the ISP. I am not so sure this is really forging something on behalf of the customer that's breaking laws. The customer doesn't own that IP. On top of that (and I am ASS-U-MING HERE) they are probably breaking the acceptable use policy for the ISP. If they don't allow P2P stuff, you're in violation. They could do a lot worse stuff to be a PITA than just reset your connections.:)
Just 38 per cent of workers were relaxed enough to wait a day or longer before replying. Wow, there's your source of frustration. The point of e-mail and IT is to speed things along. That's why we aren't sending snail mail to our co-workers. Waiting a day or longer? What the hell kind of business is this. That's not relaxed, that's absurd. If you're waiting a day to answer all your e-mails, I hope you get fired. You are slowing down business and time is money.
So it coincidence the site is down for scheduled maintenance right now? I suppose this maintenance was scheduled immediately following their defacement?
SQL injection in a high-profile site is not surprising or uncommon. When you work with back end databases, your protection from such an attack is only all the programmers that make up the DB interfaces on your website. This happens often due to laziness, lack of knowledge, or simple mistakes. It's pretty frequent when you have people collaborate on a project as well. One person might be the best security programmer in the world and do 95% of the website. That "other" guy that did 5% of it could eb the reason you just got hacked. Web attacks are becoming more and more common and will continue to rise with Web 2.0 features. Surprising? Not at all... we see this stuff all the time and on more popular sites than un.org (is that really saying much?).
Note: This is *NOT* child or work-safe material, but is funny as hell whether you like the iPhone or not. If you haven't seen it and have a sense of humor..read on:
Might post might be a little misleading with respect to my copies of the encyclopedia. It was on the chopping block some time ago to make its way to the curb for local pickup. However, for some reason it seems I actually have sentimental value for it and it looks pretty cool. I spared the books from death, but they're still imprisoned. The thing is a kid can now go and peruse (to a degree) a website. There's neat stuff daily on the front page of the website and tons of ways to find interesting things. Also, the last stop would possibly be the (elementary/middle/high) school library. I know each level throughout my years had them.
Well as some have pointed out you can use other DNS servers. However, many people don't have the time/knowledge/or need to mess with this and they really shouldn't have to. Messing with DNS for these purposes is a questionable activity. However, especially in the case of EFNet servers, I find this especially strange. EFNet does have some botnets that end up with them, but they are very few and far between.. and small in nature. These things are taken down pretty rapidly on EFNet and that's part of the reason they're not used frequently. DALnet -- a whole other story. There's tons of active botnets there now. EFNet is definitely much smaller in scale n terms of the number, the size, and the lifespan. This is pretty sad. Redirecting a hacked server being used by an IRCD is one thing. Doing it selective IRCDs on a huge *legit* network.. that's a whole other story.
It's good to see them correct some things. It's not like they haven't had errors before of course. However, wikipedia has some great features such as: always being online and free, covers 10000000 more topics, and doesn't come in a defunct hardback copy that takes 20 minutes to search by hand. Btw.. I still have my 1989 Encyclopedia Britannica and it looks great in the two sets of boxes in the basement.
Yea, right, this is exactly the same. Man why didn't I think of that. I never think before I post. I'm sure they will just look like complete asses and make a mockery of their respective companies if they cannot reasonably prove their decisions.
OK guys I don't think it's going to be as simple as "picking" which laptop they think it is on. I would assume they have to provide some backup/proof as to what they detected and how they know her stuff is on that laptop. This isn't Russian Roulette of computing. The point is also to backup their skills and more importantly their products. This is to get more press and make more $ and I think it's great.
So these are the daughter's of the president and their gift to him is a home made mix CD? Looks like someone forgot about Father's Day and had to think fast! In any event, while most the links are dead, how do we even know what was on the CD? Who said the music on it was actually copyrighted?
HTTPS just makes it hard to eavesdrop. It doesn't mean the site you are getting your plugin from isn't a spoofed one with a self-signed cert or that your legitimate location for downloading the plugin hasn't been hacked. I guess all of www.download.com downloads are vulnerable since they're sent over http or ftp - which is suceptible to attacks! Also, if your DNS (or host file etc) is owned/poisoned then I'd think your firefox plugin is the least of your concerns. Give me a break.
A quick read of the RFC tells me that this is simply a more computationally-intensive variant of SPF. But the real question is will it prevent me from being sunburned??
This will sort of mirror what I've responded with on Full Disclosure. The first issue is that there really are not any details on this "survey" that was done. I am pretty sure I could conduct a survey that had 1000 WordPress blogs where only 1 of them was a vulnerable version. I am not saying there aren't plenty of older/vulnerable versions out there, but I think you get the point. The second issue is that relying on your extraction of a version number does not mean it's actually vulnerable. Patches or other mitigations could be in place.
So if it's news to you that people run old and/or vulnerable software, then this might be something new. Otherwise it's just what I would expect.
I read this article on the way in today and saw some of the stumbling blocks they hit. One of them was that in many instances the materials the houses were made of prevented a clear (if any) signal from getting through. This requires additional equipment to get it to function. The speeds offered by these services are also usually that all that super. Then it mentions this kind of service has been a possible motivator for the local cable/telephone companies to suddenly offer services in the area. The end result is that there are more choices, but you can't be surprised when you offer crap and no one takes it.
Well the first response above is one of my own reactions. How hard is it to just use fake information? How exactly are they narrowing down sex offenders on MySpace? Then I realized that most sex offenders are morons and this probably would nab them. Then again what happens to people in the same general area that have the same or a similar name? I am a little confused as to what this will prove. How do you know the MySpace account wasn't setup as someone pretending to be the sex offender trying to get them in trouble? There seems to be a lot of murky areas here.
Well if you watch through the whole video you will see that they reference this video as basically being an experiment. If the creators of the video are understanding and interpreting everything they think they should be protected from the law. The only problem is that the law still allows someone to sue you even if they are wrong. Going to court and defending yourself isn't free, even if your attorney is...
Honestly, I would be quite interested in what Disney does on this one. This would be nice to track.
Slashdot Mirror
LOL, sure with their knock off brand space ship I am sure they'll land and come right back without a problem. I'll keep holding my breath. :D
This method is how most content filters do their jobs. Why not just drop the traffic you ask? Well here's why.. if you don't reset the connections, both sides will just continue trying to communicate with one another by retransmitting the packets. That's why it's TCP and not UDP.. the whole trying to guarantee the delivery thing. Now, they're not just blocking on IP addresses. If that was the case they could just drop the traffic altogether and not need to "forge" anything. However, since it's discovering the traffic is P2P related later on, it does it in such a fashion.
:)
Now the other thing is that the IP addresses being used are owned by the ISP. I am not so sure this is really forging something on behalf of the customer that's breaking laws. The customer doesn't own that IP. On top of that (and I am ASS-U-MING HERE) they are probably breaking the acceptable use policy for the ISP. If they don't allow P2P stuff, you're in violation. They could do a lot worse stuff to be a PITA than just reset your connections.
So it coincidence the site is down for scheduled maintenance right now? I suppose this maintenance was scheduled immediately following their defacement?
SQL injection in a high-profile site is not surprising or uncommon. When you work with back end databases, your protection from such an attack is only all the programmers that make up the DB interfaces on your website. This happens often due to laziness, lack of knowledge, or simple mistakes. It's pretty frequent when you have people collaborate on a project as well. One person might be the best security programmer in the world and do 95% of the website. That "other" guy that did 5% of it could eb the reason you just got hacked. Web attacks are becoming more and more common and will continue to rise with Web 2.0 features. Surprising? Not at all... we see this stuff all the time and on more popular sites than un.org (is that really saying much?).
Note: This is *NOT* child or work-safe material, but is funny as hell whether you like the iPhone or not. If you haven't seen it and have a sense of humor..read on:
p hone
http://www.thebestpageintheuniverse.net/c.cgi?u=i
Might post might be a little misleading with respect to my copies of the encyclopedia. It was on the chopping block some time ago to make its way to the curb for local pickup. However, for some reason it seems I actually have sentimental value for it and it looks pretty cool. I spared the books from death, but they're still imprisoned. The thing is a kid can now go and peruse (to a degree) a website. There's neat stuff daily on the front page of the website and tons of ways to find interesting things. Also, the last stop would possibly be the (elementary/middle/high) school library. I know each level throughout my years had them.
Funny. Thanks for the post though, I'll keep an eye out for bot herders with the nick PFAK. Hopefully I won't see any...
Well as some have pointed out you can use other DNS servers. However, many people don't have the time/knowledge/or need to mess with this and they really shouldn't have to. Messing with DNS for these purposes is a questionable activity. However, especially in the case of EFNet servers, I find this especially strange. EFNet does have some botnets that end up with them, but they are very few and far between.. and small in nature. These things are taken down pretty rapidly on EFNet and that's part of the reason they're not used frequently. DALnet -- a whole other story. There's tons of active botnets there now. EFNet is definitely much smaller in scale n terms of the number, the size, and the lifespan. This is pretty sad. Redirecting a hacked server being used by an IRCD is one thing. Doing it selective IRCDs on a huge *legit* network.. that's a whole other story.
It's good to see them correct some things. It's not like they haven't had errors before of course. However, wikipedia has some great features such as: always being online and free, covers 10000000 more topics, and doesn't come in a defunct hardback copy that takes 20 minutes to search by hand. Btw.. I still have my 1989 Encyclopedia Britannica and it looks great in the two sets of boxes in the basement.
Insightful? How is this insightful? This is the Internet. Write whatever the hell you want in the comment field. Cry me a river.
Yea, right, this is exactly the same. Man why didn't I think of that. I never think before I post. I'm sure they will just look like complete asses and make a mockery of their respective companies if they cannot reasonably prove their decisions.
OK guys I don't think it's going to be as simple as "picking" which laptop they think it is on. I would assume they have to provide some backup/proof as to what they detected and how they know her stuff is on that laptop. This isn't Russian Roulette of computing. The point is also to backup their skills and more importantly their products. This is to get more press and make more $ and I think it's great.
It's time to put your money where your mouth is..
So these are the daughter's of the president and their gift to him is a home made mix CD? Looks like someone forgot about Father's Day and had to think fast! In any event, while most the links are dead, how do we even know what was on the CD? Who said the music on it was actually copyrighted?
That's right NASA not Nasa.
Moran? What is a moran?
sfsfsflsfkfs My post is as useless as the story. Just wanted to waste your time twice.
I think TISNF I'm gonna txt my BFF Jill ASAP.
People actually blog about NCAA baseball? And they threw him out.. I bet that kept a total 0 people from getting the latest from the game.
HTTPS just makes it hard to eavesdrop. It doesn't mean the site you are getting your plugin from isn't a spoofed one with a self-signed cert or that your legitimate location for downloading the plugin hasn't been hacked. I guess all of www.download.com downloads are vulnerable since they're sent over http or ftp - which is suceptible to attacks! Also, if your DNS (or host file etc) is owned/poisoned then I'd think your firefox plugin is the least of your concerns. Give me a break.
This will sort of mirror what I've responded with on Full Disclosure. The first issue is that there really are not any details on this "survey" that was done. I am pretty sure I could conduct a survey that had 1000 WordPress blogs where only 1 of them was a vulnerable version. I am not saying there aren't plenty of older/vulnerable versions out there, but I think you get the point. The second issue is that relying on your extraction of a version number does not mean it's actually vulnerable. Patches or other mitigations could be in place.
So if it's news to you that people run old and/or vulnerable software, then this might be something new. Otherwise it's just what I would expect.
I read this article on the way in today and saw some of the stumbling blocks they hit. One of them was that in many instances the materials the houses were made of prevented a clear (if any) signal from getting through. This requires additional equipment to get it to function. The speeds offered by these services are also usually that all that super. Then it mentions this kind of service has been a possible motivator for the local cable/telephone companies to suddenly offer services in the area. The end result is that there are more choices, but you can't be surprised when you offer crap and no one takes it.
Well the first response above is one of my own reactions. How hard is it to just use fake information? How exactly are they narrowing down sex offenders on MySpace? Then I realized that most sex offenders are morons and this probably would nab them. Then again what happens to people in the same general area that have the same or a similar name? I am a little confused as to what this will prove. How do you know the MySpace account wasn't setup as someone pretending to be the sex offender trying to get them in trouble? There seems to be a lot of murky areas here.
Well if you watch through the whole video you will see that they reference this video as basically being an experiment. If the creators of the video are understanding and interpreting everything they think they should be protected from the law. The only problem is that the law still allows someone to sue you even if they are wrong. Going to court and defending yourself isn't free, even if your attorney is...
Honestly, I would be quite interested in what Disney does on this one. This would be nice to track.
This URL you posted has an uncanny resemblance to the one posted in original posting.