maybe his co-workers could complain about horse manure! NOW! That's beuracracy
257 posts • joined 3 Mar 2010
session based tickets
The Kerberos Ticket-Granting Server uses 'seeding' patterns for its 'session-based' authentication, the very basis of how it works is rather insecure.
As regards to the Kerberos network connectivity, look to the KDC for that.
All in the implementation of the crypto
When adding 256-bit XTS-AES encryption, I note XTS is "a block cipher mode of operation"
Can you confirm it is not DMA port related?
Wishful thinking has no place in computer science
As regards to the interviewing question, I despise developers that ask such a question/have that mindset, since if they were proper developers they'd have already researched the physics (including quantum physics) behind it, before asking the question since, critically, computing is a science.
The same applies to "how many sides on a amplituhedron"
Re: wonder how good mobile support is
Yes you will find there is a difference between mobile and desktop certificate support and method. I also doubt the CA is on the 'default' trusted CA's list for every device... so you may still find issues
That's all great that they're a free CA... It's not at all expensive to set up a CA... however, how long will the CA last? and more importantly is it 'trusted' by the majority? How long until an abuse of their 'supposed' secure crypto?
4000 is nothing
4000 doesn't seem a lot in the general scheme of things, with some techniques reaching into the plausible millions of variants... *cough* amatuers
Encryption/hashing/salting of password versus transport layer security / SSL
What you are partially referring to in this article is more, the pci-dss standard...
Im sure even the 'plaintext' password is somewhat transmitted over HTTPS? (SSL / TLS) or at least I hope so, otherwise it wouldn't be pci-dss compliant.
'Rainbow tables' comes to mind when talking about supposedly 'one-way' hashing and salting using commonly available/commercial crypto... which is not too hard to decrypt such hashing / salting, so it doesn't really make an ounce of difference to the 'knowledgeable'...
Next, CESG would advise businesses to use publicly available FIPS...? Or would that be a step too far?
webcaching --- theres the simple answer, oh wait they implemented that on most ISPs about 5 years ago...
if any request frame passes through port 80 or port 443 then cache... log data of what IP, time and URL requested (in the frame)
Similar to how a proxy works... its just mandated at the router...
Re: Can anyone* see my web requests if I use HTTPS?
"copies of major root CA private keys"
Why bother with that? Just go for implementation flaws and protocol vulnerabilities... SSL 2 is obsolete, SSL 3 is vulnerable ... and SSL in itself is potentially flawed... TLS isn't so perfect either...
DNSSEC / EDNS0
You forgot to mention the TCP port 53 fallback and DNSSEC / EDNS0...
You also forgot the technical detail that a DNS request can be "edns-udp-size 4096 ;" yes 4096 bytes of data...
The actual study they used states:
a) it is suggestive...
b) "there are no studies evaluating the carcinogenic potential of meat in relation to its content of carcinogens."
c) "we performed this study focusing on Spanish population."
d) "the study population should halve the monthly consumption of these foods, and also not to surpass the number of 5 servings of beef/pork/chicken (considered together)."
e) mentions chorizo
Title: An estimation of the carcinogenic risk associated with the intake of multiple relevant carcinogens found in meat and charcuterie products
Re: urine-filled bottles
since when did The Reg turn into a sensationalist tabloid?
Improve the M-SEARCH discovery function of SSDP...
You can test vulnerability here --- https://www.grc.com/su/upnp-exposed.htm
Looks like the hacker has done other NHS sites previously:
Any link with their web server would be my question...
Then again, could be an update mishap?
Re: As I was saying
I read that as cat, shall I connect my pets to it too? *hic hic*
"mainly cite section 127 of the 2003 Communications Act, which outlaws messages that are "grossly offensive or of an indecent, obscene or menacing character"."
I believe that may also cover those of frivolous or vexatious nature... if not, it f'in well should!
Harmony in a network
I dont know whether its specific to servers or network infrastructure, since infrastructure is what servers sit and reply on, so they must somehow work in unison.
Heres a metaphor:
The network is like a road, a server is like a petrol station... where the server gets its oil from is just as important as who it serves, but also the effect it can have on its customers vehicles too.
Dodgy batch (patch) of petrol? :-S Or is it 'the standard', 'the design' or 'the implementation'?
The problem is, if a remote administrator can do something, if not thought about whos doing what and when... its possible for others to do too? :-/
Just a thought of metaphorical proportion?
Wouldn't one need a lawyer/barrister for that also?
Re: You takes your chances..........
In the UK that could be tricky, since the circumstances of bumping the elbow would be taken into account. Given that presumably, the spilling of the pint is a sub-effect of bumping your elbow and the intention.
Criminal legislation in the UK does somewhat cover this, such as the protection from harassment act / equality act and other legislation may touch upon it (for instance in the computer world, communications act / misuse of computers act / data protection act)
The likelyness is, they would plead not guilty in court, normally, just to bump the cost in a typical 'victory for the victor' duel, which actually then makes it economically unviable from the offset for the average joe that may have to pay for rectification of the matter also (e.g. mental health).
"Once you understand the threat, and you understand, the mechanics of 'how', it works"
Yet his 14 year old nephew, didnt understand the mechanics of it....
It's a rarely static threat, so to determine its mechanics is like, likening electricity flow to some cog wheels turning...
Best get the elbow grease at the ready and all turn into mechanics... *shakes head in hands* the irony!
Out comes the pragma/cache-control, copyright, doc-class, doc-rights and other applicable meta tags!
Re: Good to see...
Faceparty was the original contender to Myspace...
Possible to detect and monitor... but not so easy to filter out
You can capture just dns requests from a dns server itself using a capture filter, such as this one:
"<CONNECTIONTYPE> host <GATEWAYMAC> and src net <LOCALNET/CIDR> or not src net <LOCALNET/CIDR> and port 53" (optionally omitting "and udp" and changing the port if configured differently)
of course you can specify destinations respectively, if you're doing this further upstream by using:
host <IP> or net <IPRANGE/CIDR> or mask <netmask> if its over multiple subnets
Which will capture all requests and responses to and from... Heres where it gets difficult:
You would just need to apply filters to this, using pattern matching for distinguishing characteristics but there may be need for utilising comparisons within the filters.
Possible solutions for the opensource community
so are you saying that TTL, expiry and any cache including an EDNS0 cache timeout are redundant and are of no effect in relation to caches and if that is the case... caches may aswell not exist...
If that is the case, I also think a cached response shouldn't have its own flag assigned to it?
Or, depending upon your network setup... you could implement the use of a router/switches iptables/netfilter (provided it has --match --hexstring and --algo filters) by matching the request for the recursive flag set on usually UDP packets inbound at a certain offset. I believe iptables/netfilter is included within most linux and unix distros. Zeroshell (a linux based router distro) may even allow you to enter raw commands to utilise this.
Wireshark is useful for finding what offset and the dns query flags--- which is the hex string you wish to filter for... you may also apply a rate limiter using the same patterns, but with the rate respectively.
*interjects* You would need a method of applying an address answer limit... but then surely this could also be covered by:
http://tools.ietf.org/html/rfc2827 or http://tools.ietf.org/html/bcp38
it says primarily about forged packets, I assume that would be dns spoofing or even related to cache poisoning? Is there a difference between the two?
Re: Here's a workaround on Windows Server
http://support.microsoft.com/kb/198408 <<< theres some hidden gems within!
All relational to root
DNS amplification Is more to do with forwarding queries to root servers than recursive lookups, if you wish to have a look through some whitepapers, although recursive lookups can play a part of it, hopefully you enabled DNS spoofing/DNS cache pollution protection too and spool size to limit queries to an adjustable level?
Rate limitation only works so far given it can be small but many... the counter to this is big but few
What about 3 Mobile's dns resolvers that queries/matches the ip listed in the SOA record and checks that against the A record... and will fail to resolve if one cannot be resolved successfully... as is, with section 2.4.2 of here: http://www.iana.org/procedures/nameserver-requirements.html
"the watchdog believes punters will expect "moderate restrictions" on broadband traffic even when the service has been advertised as "unlimited"."
When the vast majority of service users dont know their left from their right elbows?
One would assume...
That this model would work, if these three conditions return true...
your contractor has no bias / hangups for whom gets the position and judges purely upon merits AND
big data should be considered a philosophical 'sales term' since... if it is distributed it is, somewhat, modular which forms part of a whole 'architecture' AND
the company is willing to pump in the resources, for what people require to achieve this aim with (this includes trusting your team to do their job properly)...
Some developers, I think are better at coding than others, results will vary depending upon coding style, but you do get incompatibilities between styles, so knowing what resources you have already and what is missing , might perhaps, be best left to a philosopher or even the youth of today (since youth by nature are best at pointing out anomalies)... the downside with that, can be, that it comes with some ego?
Would send a correction in...
But, you would probably disagree.
Since the basis of network packet transmission is on syncronised time, and thus you get timeouts for applications within networks, and the WAN is no exception.
But hey there would go someones tech cred ehy!? ^_^
A degree in awards anyone?
Configure and manage advanced enterprise virtual computing environment
Monitor and troubleshoot enterprise virtual computing environment
Design and configure enterprise desktop virtualisation
Manage security controls for cloud service deployment
Direct the development of a cloud computing strategy for a business
All of those tasks would probably be worthy of a Noble Award!? no?
Dave Lee of the BBC - last updated ... 27 March 2013 @ 13:03
Did I mention the reflexes?
"idiocy just spreads like a bad smell"
Just as Mathmaticians are limited by their limited ability to define infinity...
Best look to physics for the answer! They'll have the same problem.
On a side note what is the root number of squared... anything inbetween is interpretatory.
Re: This just in
and be careful to avoid contamination between the two... ;-)
Re: So there are people out there looking for these systems with the tools to do damage.
jumping to a conclusion that it MUST be ex-employees springs to mind... just like the origin of everything bad in the world?
Banks and Media Networks
What about them? :-/
The economy needs protecting!
"hospitals, dams and nuclear power plants" are out... okay... I'm alrite with that!
What about other power plant types? air traffic systems? maritime systems? mobile systems? satellites (in space) and on the ground (set top box networks?)... internet capable vehicles? even drones? missile systems of not a nuclear ability?
How would one be able to define who and how someone is targetting civilian systems? could a malformed DNS response packet be sufficient?
I reckon this whole cyberwar thing is somewhat, just asking for trouble... :-( *shrugs*
Re: If you wanna be elite...
Call Jeremy Clarkson, he might condone it to find those people!? :-/
Re: On tracking (etc)
Depends if the information stored in the readme is a herring or the truth? how could one tell the difference? What if its somebody elses information in order to frame them for such? I guess if it said Jeremy Clarkson, there might be motive too! CRAZY! *facepalms*
Why wireshark labels it a malformed DNS response. :-/
What about EDNS0? and the billions of other DNS options...