All that involves is getting someone to connect to an access point. Of course no one would ever connect to an unsecured access point called linksys, and it's not like your computer won't auto connect to previously used AP.
This is an example and obviously fixed, however I'd be willing to bet that other bugs that work in a similar manner on all OS's exist (or will exist shortly.)
Well figuring that there are 17 million xbox 360's in the world (give or take I believe) lets say 1% of them install a modchip, assuming it costs 50$ to manufacture them (this is most likely ridiculously high) I bet you can charge 100$ for the chip that runs the program he writes if it lets you play on live guaranteed forever (current chips run 60$ and you have a solid chance of being banned).
Which is what I assume this quote is referring to. Additionally keep in mind that every app pen test researcher out there working for a consulting company gets 200-250$/hr even if they are 1 week out of college. So that 100k only pays for 10 weeks of work, nothing on a project of this scope.
Ok so for the 100k the company gets a cheap they can sell at a profit margin of 50$ for 170k customers. Which gets them 8.5 million dollars (I think this is a conservative number but what do I know.).
I agree that the information should be open, but the idea that anti-virus companies would be way behind if it werent for open discussion like this is pretty rediculous. a) the anti-virus company can just infiltrate the private communities (which im sure they do already) b) reverse-engineering. not as efficient but mcafee and other have the resources im sure.
uh i dont know what you do, but my friends cant beat the recruiters off with a stick, as with any other occupation you have to be good at what you do, not just go through the motions
that's funny I work in consulting now doing security stuff and I have been strongly considering returning to school in a few years (23 now) for IP Law. It seems like with a law degree I cna just do so much more
So a couple questions first a) what makes harvard so special? seriously I mean its a generally well regarded college, but not nessecarily in the area of IT b) putting everything on the IP network, is probably a bad idea.
Does Harvard have a nuclear reactor? That would be a "not so good" technology to have on the public network. just seems that the current trend to give everything an IP address is a step in the wrong direction.
That link literally made my jaw drop, but not because of the reasons you posted it. The hacker story was rediculous from all angles
1) it was a linux server but the customer had no clue what he was talking about and kep insisting they patch so they wouldnt be affected by nimda
2) it was obvious from the log excerpts there was a command injection vulnerability in the cart.cgi script. its a script, and i'm assuming that it's not AIT's script. if it was well shame on them for providing vulnerable software, if it wasn't shame on the client for blaming them when it really was his fault.
3) Honestly, I can't blame them for ignoring him in the end. it was obvious he had no idea what he was talking about (.c files are now "hacker files"?) but proceeded the entire time in an extremely haughty manner. Also i wouldnt be surprised if he royally screwed up his install by renaming pretty much every directory HACCKERdirname like HACKERtmp.
so could AIT have done more to help him? probably, any reasonably intelligent sysadmin looking at those logs would have recognized the problem was a command injection (specifically "NEXTPAGE=;echo%20"ex::0:0:ex:/home/root:"%20>%20/ etc/passwd|" where they are basically adding a new user to the password file with no password. ) im sure there were other issues but command injection is where it all begins.
The question is, was it AIT's responsibility to fix these issues? If they got in through a hole in the OS and it was a managed server, yes. If they got in through a file they provided, yes. however it seems most likely that they got in through a hole in a 3rd party cgi script and not the OS. in which case they went beyond what they would be required too but ultimately got fed up hand holding the client. And I can't say I blame them. too much.
I have never had any experience with AIT or even heard of them, this is all just from that ait sucks website, so take it with a grain of salt.
Old news I though? I worked with a couple ex-air force guys who used to do red-teaming for their infowar group, details are sketchy about what exactly they did obviously. But I do know it was a couple years ago, and the guys i work with at least know their stuff very well.
BUT just like you might not be able to encrypted data but you know its encrypted (true encryption is a statiscally even distribution of all characters look it up) you can scan a file and tell if it has been altered by steganography (i think, but dont quote me, because its more random then an image should be) and once you know which are encrypted you can find the algorithim and brute force it.
The guy who writes hacker defender offers the source code for free, but offers to customize it to make it invisible to commericial anti-virus software and root kit detection software.
This is a big problem, I do application/infrastructure attack and penentration and have seen/had co-workers see this fairly often in mainly financial and defense clients. This problem definetly exists and is causing some major headaches in the info sec world.
Quantum computing is, you know, really hard. As far as i know is just a handful (5 or something low) because it takes alot of power to control really small things. the code wouldnt be that much harder to develop and they have several algorithims developed the hardest point is error detection and correction which they are making good progress on. things just take time, ya know?
Actually this isnt really a bad idea, although I'm sure you meant it to be sarcrastic, I can't find the link at this moment but there has been talk of bookstores getting their own (small, digital) presses and when a customer wants a book they simply print it for them right there. That would solve the problem right there. Don't give the bookstore the PDF or what have you untill the day before its supposed to be released. (obviously the PDF would be DRM'ed) to give enough time to print all the copies they need to.
This is the third link in recent memory, and their server always goes down. Also for the most part their reviews are pretty bad, can't we wait to post these stories for a reputable site to have a review up?
Are you serious? Entrapment is an undercover cop asking you if you want to buy drugs, then when you say no, he tries to persuade you and suceeds, possibly becuase you just want him to go away.
It's really not that easy for something to qualify as entrapment, also consider that writing malicious code isnt illegal, it's free speech and no different then writing a book that urges people to do something malicious, not at all illegal.
But no please, keep thinking everything is illegal and dont bother doing anything it makes it easier to actually make it illegal.
Real-life applications is probably going to be something like smart sensor networks, you strap a small sensor to each little plane, send it out, tell them to flock together and have maybe one slight larger plane lagging behind which sends all the data back (power requirements for satelite communication and all). a lot harder to shoot down and a lot cheaper (and easier) to replace if it does get shot down.
uhh sorry its late, i didnt finish my though, it's not that hard, _in theory_ to create emergent flocking behavior its just really really neat to see it done with actual planes/helicopters.
As an A-LIFE dork I think the fact that they got these planes to exhibit true (if they arent lying little light on details) flocking behavior, it's not hard to make things flock it takes basically 3 instructions.
1) Follow the plane/bird in front of you 2) Go about as fast as the plane/birds around you 3) Don't hit other birds/planes, keep a reasonable distance.
Emergent behavior is really amazing if you are interested in it some more check out alife9.org Its the website of the last alife conference in boston that took place over the summer, really neat stuff in there.
yeah i do the same thing, the only caveat is that the wifi and audio drivers might require some tweaking, mine did, but other then that, yeah gentoo works great on the D600.
Linux on Laptops is a great resource for how-tos on getting your specific model of laptop working, there are some other sites as well (linux.org), and while they aren't the best updated they helped me at least get linuxs working on my D600 very well. Also its a good spot to check to see if you particular laptop model is generally supported.
Ummm? Been to NYC lately? They have. You can no longer just go to canal street and buy illegal DVD's blatantly in the open, the cops are actually starting to crack down on it. occasionally you see some immigrants selling dvds all laid out on a blanket, wondery why they are laid out on a blanket? That's so when their little kids they use as runners see the police and come tell them they can sweep it all up put it in a cart and run, literally run, away before the cops come.
Now compare that to canal street/anywhere in nyc 5 years ago.
I don't understand your argument. Sure biodiesel is nice, but how is it better? If any thing this process is better because it breaks down the waste into more usable parts (water, oil, carbon black) which can then be more efficiently used. Additonally while the cost is rather high right now that is sure to drop precipitously as larger plants come on-line that are able to process greater amounts of waste.
Lastly, only certain kinds of waste are suitable for use as biodiesel, and not things like tukey guts or cow crap. This technology offers an excellent way to control many different kinds of waste.
While biodiesel may be a more accesible use of waste now, I see no reason why the two technologies shouldn't be developed in parallel.
Slashdot Mirror
Fox news says you can hack a computer wirelessly. I believe a trusted news source way more than a nerd like you.
Ok so this is flame bait, but really, you can hack computers wirelessly :(
http://news.cnet.com/Apple-Macs-vulnerable-to-Wi-Fi-hijacks/2100-1002_3-6118245.html
And its on OS X :( Doh.
All that involves is getting someone to connect to an access point. Of course no one would ever connect to an unsecured access point called linksys, and it's not like your computer won't auto connect to previously used AP.
This is an example and obviously fixed, however I'd be willing to bet that other bugs that work in a similar manner on all OS's exist (or will exist shortly.)
Well figuring that there are 17 million xbox 360's in the world (give or take I believe) lets say 1% of them install a modchip, assuming it costs 50$ to manufacture them (this is most likely ridiculously high) I bet you can charge 100$ for the chip that runs the program he writes if it lets you play on live guaranteed forever (current chips run 60$ and you have a solid chance of being banned).
Which is what I assume this quote is referring to. Additionally keep in mind that every app pen test researcher out there working for a consulting company gets 200-250$/hr even if they are 1 week out of college. So that 100k only pays for 10 weeks of work, nothing on a project of this scope.
Ok so for the 100k the company gets a cheap they can sell at a profit margin of 50$ for 170k customers. Which gets them 8.5 million dollars (I think this is a conservative number but what do I know.).
I would agree with his decision.
Seriously? So slashdot really is just all advertisements now? :(
I agree that the information should be open, but the idea that anti-virus companies would be way behind if it werent for open discussion like this is pretty rediculous. a) the anti-virus company can just infiltrate the private communities (which im sure they do already) b) reverse-engineering. not as efficient but mcafee and other have the resources im sure.
uh i dont know what you do, but my friends cant beat the recruiters off with a stick, as with any other occupation you have to be good at what you do, not just go through the motions
that's funny I work in consulting now doing security stuff and I have been strongly considering returning to school in a few years (23 now) for IP Law. It seems like with a law degree I cna just do so much more
So a couple questions first a) what makes harvard so special? seriously I mean its a generally well regarded college, but not nessecarily in the area of IT b) putting everything on the IP network, is probably a bad idea.
Does Harvard have a nuclear reactor? That would be a "not so good" technology to have on the public network. just seems that the current trend to give everything an IP address is a step in the wrong direction.
That link literally made my jaw drop, but not because of the reasons you posted it. The hacker story was rediculous from all angles
/ etc/passwd|" where they are basically adding a new user to the password file with no password. ) im sure there were other issues but command injection is where it all begins.
1) it was a linux server but the customer had no clue what he was talking about and kep insisting they patch so they wouldnt be affected by nimda
2) it was obvious from the log excerpts there was a command injection vulnerability in the cart.cgi script. its a script, and i'm assuming that it's not AIT's script. if it was well shame on them for providing vulnerable software, if it wasn't shame on the client for blaming them when it really was his fault.
3) Honestly, I can't blame them for ignoring him in the end. it was obvious he had no idea what he was talking about (.c files are now "hacker files"?) but proceeded the entire time in an extremely haughty manner. Also i wouldnt be surprised if he royally screwed up his install by renaming pretty much every directory HACCKERdirname like HACKERtmp.
so could AIT have done more to help him? probably, any reasonably intelligent sysadmin looking at those logs would have recognized the problem was a command injection (specifically "NEXTPAGE=;echo%20"ex::0:0:ex:/home/root:"%20>%20
The question is, was it AIT's responsibility to fix these issues? If they got in through a hole in the OS and it was a managed server, yes. If they got in through a file they provided, yes. however it seems most likely that they got in through a hole in a 3rd party cgi script and not the OS. in which case they went beyond what they would be required too but ultimately got fed up hand holding the client. And I can't say I blame them. too much.
I have never had any experience with AIT or even heard of them, this is all just from that ait sucks website, so take it with a grain of salt.
Old news I though? I worked with a couple ex-air force guys who used to do red-teaming for their infowar group, details are sketchy about what exactly they did obviously. But I do know it was a couple years ago, and the guys i work with at least know their stuff very well.
BUT just like you might not be able to encrypted data but you know its encrypted (true encryption is a statiscally even distribution of all characters look it up) you can scan a file and tell if it has been altered by steganography (i think, but dont quote me, because its more random then an image should be) and once you know which are encrypted you can find the algorithim and brute force it.
The guy who writes hacker defender offers the source code for free, but offers to customize it to make it invisible to commericial anti-virus software and root kit detection software.
This is a big problem, I do application/infrastructure attack and penentration and have seen/had co-workers see this fairly often in mainly financial and defense clients. This problem definetly exists and is causing some major headaches in the info sec world.
Quantum computing is, you know, really hard. As far as i know is just a handful (5 or something low) because it takes alot of power to control really small things. the code wouldnt be that much harder to develop and they have several algorithims developed the hardest point is error detection and correction which they are making good progress on. things just take time, ya know?
Actually this isnt really a bad idea, although I'm sure you meant it to be sarcrastic, I can't find the link at this moment but there has been talk of bookstores getting their own (small, digital) presses and when a customer wants a book they simply print it for them right there. That would solve the problem right there. Don't give the bookstore the PDF or what have you untill the day before its supposed to be released. (obviously the PDF would be DRM'ed) to give enough time to print all the copies they need to.
Yeah its a consipiracy .... oh.... wait.
This is the third link in recent memory, and their server always goes down. Also for the most part their reviews are pretty bad, can't we wait to post these stories for a reputable site to have a review up?
What?
Are you serious? Entrapment is an undercover cop asking you if you want to buy drugs, then when you say no, he tries to persuade you and suceeds, possibly becuase you just want him to go away.
It's really not that easy for something to qualify as entrapment, also consider that writing malicious code isnt illegal, it's free speech and no different then writing a book that urges people to do something malicious, not at all illegal.
But no please, keep thinking everything is illegal and dont bother doing anything it makes it easier to actually make it illegal.
Real-life applications is probably going to be something like smart sensor networks, you strap a small sensor to each little plane, send it out, tell them to flock together and have maybe one slight larger plane lagging behind which sends all the data back (power requirements for satelite communication and all). a lot harder to shoot down and a lot cheaper (and easier) to replace if it does get shot down.
uhh sorry its late, i didnt finish my though, it's not that hard, _in theory_ to create emergent flocking behavior its just really really neat to see it done with actual planes/helicopters.
As an A-LIFE dork I think the fact that they got these planes to exhibit true (if they arent lying little light on details) flocking behavior, it's not hard to make things flock it takes basically 3 instructions.
1) Follow the plane/bird in front of you
2) Go about as fast as the plane/birds around you
3) Don't hit other birds/planes, keep a reasonable distance.
Emergent behavior is really amazing if you are interested in it some more check out alife9.org Its the website of the last alife conference in boston that took place over the summer, really neat stuff in there.
I probably missed the karma boat on this one but c'est la vie. These are NOT self-replication robots, what they are, are self re-configurable robots, and quite honestly, not that impressive, if you want to see something with blow you away check out MURATA Satoshi and his bots. They are rediculous, just watch the video (asf sorry)http://complexity.vub.ac.be/~comdig/ALife9/M urata.asf e x.html
http://unit.aist.go.jp/is/dsysd/mtran/English/ind
yeah i do the same thing, the only caveat is that the wifi and audio drivers might require some tweaking, mine did, but other then that, yeah gentoo works great on the D600.
Linux on Laptops is a great resource for how-tos on getting your specific model of laptop working, there are some other sites as well (linux.org), and while they aren't the best updated they helped me at least get linuxs working on my D600 very well. Also its a good spot to check to see if you particular laptop model is generally supported.
Ummm? Been to NYC lately? They have. You can no longer just go to canal street and buy illegal DVD's blatantly in the open, the cops are actually starting to crack down on it. occasionally you see some immigrants selling dvds all laid out on a blanket, wondery why they are laid out on a blanket? That's so when their little kids they use as runners see the police and come tell them they can sweep it all up put it in a cart and run, literally run, away before the cops come.
Now compare that to canal street/anywhere in nyc 5 years ago.
I don't understand your argument. Sure biodiesel is nice, but how is it better? If any thing this process is better because it breaks down the waste into more usable parts (water, oil, carbon black) which can then be more efficiently used. Additonally while the cost is rather high right now that is sure to drop precipitously as larger plants come on-line that are able to process greater amounts of waste.
Lastly, only certain kinds of waste are suitable for use as biodiesel, and not things like tukey guts or cow crap. This technology offers an excellent way to control many different kinds of waste.
While biodiesel may be a more accesible use of waste now, I see no reason why the two technologies shouldn't be developed in parallel.
ok my spelling sucks, but my point is still valid, sorry. I'm kind of in a rush to get out of here, but I needed to comment.