40 posts • joined Wednesday 8th August 2007 13:37 GMT
More From Troy
Re: NOT only Open Networks
I'd have to dig. I'm 98% sure it's true of WEP. And I know I've heard of people hacking OpenRadius or FreeRadius to accept any cred provided in a WPA-Enterprise setup.
NOT only Open Networks
That this only impacts open networks is a big fallacy that is being propagated.
There is nothing that prevents a malicious individual from setting up a WiFi Access Point that accepts whatever WEP/WPA password you throw at it...same goes for hacking OpenRadius to accept any credential.
Re: Or another spin:
Who says this vulnerability isn't exploited?
Read these for a start:
That's just one example of someone proving this is an issue. Go to some IT Security conferences, or sit in a coffee shop near a company that actually does IT Security assessments, or one near a technical high school.university broadcast that you're looking for all sorts of open networks....watch them appear....check your routing....owned!
This isn't new
This is just like:
1) That US Woman suing McDs because they coffee burned her (supposedly).....who woulda thought that coffee might be hot? (Rocket science)
2) A thief breaking into your house then slipping on ice in your driveway while running away, then suing you (even though they were trespassing and stealing from you).
I suppose this means Apple et al are working on FW4000?
Reg Authors Make Me Wonder
Do these guys really know anything about technology?
"The Beta 1 is clearly marked for testing purposes only, but when installed will overwrite any existing Firefox installation (unless you're doing something clever with virtualisation or similar)."
Ya because compared to virtualisation it is complete and utter rocket science for someone to do a custom install and place it in a different directory.....I know I'm break it out in sweat just thinking about it.
Ya why would we have parents actually you know parent and teach their kids about appropriate use of their phones when we can just pass law to deal with the issue. How pathetic the world has become.......
Re: Insecure Code?
@ Anonymous Coward
"If one of my coders gave me the "you didn't say it had to be secure" line, they'd be gone in a flash. They're developing an eTrading site FFS! Of course it has to be secure! What tosh."
I think you missed the point,. Given infinite time, YES the dev should say something and try to do it right. Given a spec and limited time you do what you're told (maybe you still raise the issue but if it really is a tight time line you'll probably be ignored).
"And in perspective - what's 8.2 billion comparing to 150 or so billion a year the US spends on Iraq and Afgan wars?"
Well it's approximately ~5.46% as opposed to ~0.55% for a rover.
Would American's (or the world) consider the mission a success if the crew didn't return? I highly doubt such a notion would ever be acceptable. Look at how long it look to get the Shuttle back to flight status after a crew died. (If it was purely up to NASA do you think it would have taken so long. Sadly NASA has to exist right along side the court of public opinion).
Plus sending a crew on such a lengthy mission can't be assumed to have the same arrival and scientific result probabilities as proven robotic technology. So we've lost a rover or satellite or two out of a dozen or so robotic missions big deal. If we end up without a ship any results or a crew it's a big deal (rightly or wrongly).
If we could just as reliably send a crew and get results back as we currently do with robotic missions I'd completely agree with you however that isn't the reality of the situation. Or if we could do it for the same cost, but that isn't the reality of the situation either.
Lastly, how do you convince the US Gov't to stop spending 150 Billion+ a year in the middle east and start spending it on Space?
Grrr I missed a point in my previous reply.
"And I look at that, actually, from this point - we will have to go to Mars (and incur the cost) sooner or later anyway, so playing with robots in the meantime just adds incremental costs to the whole thing."
Again this would be true if the cost was equal or the likelihood of success was equal. Every Robotic mission increases or chances of success and reduces (through research etc) the cost of the future manned mission. 820 million and some electronics is vastly different than 8.2 Billion and a bunch of lives.
re: MER rovers as the first step to Mars
"And no, they are not good at finding a potential landing site for a manned mission. To survey a potential site with a rover you already must know where you want to look. To drop a couple of crawlers somewhere at random and hope they will stumble upon a great camping site it a bit naive - Mars is a big place."
You're right, that's what the Mars Recon Orbiter did:
"Basically, I am not trying to dimish the achievement of the MER mission (showing how much can be done for a relatively modest amount of money). I am just trying to say that it is not the way forward (at least not a serious one)."
So "the way forward" is to send up the crazies who are happy with your 10% return chance at many many many more times the cost of the rovers?
Lets be nice and say sending people to Mars only costs 10x as much that's 8.2 Billion for a 90% chance of failure....good idea!
Re: Blame the victims
@ Richard Austin
I completely agree.
If people are so greedy that they fall for something like this it should completely be their problem. I hope the Gov't isn't providing any funds back to these people (unless recovered from the perp's).
Another voice of reason
It seems I'm not the ONLY voice of reason.
"What makes it all the more tragic is that chlorine -- for all the hype and worry -- is actually a very ineffective booster for bombs (http://armchairgeneralist.typepad.com/my_weblog/2007/08/no-more-chlorin.html). Of the roughly dozen chlorine-laced bombings in Iraq, it appears the chlorine has killed exactly nobody.(http://armchairgeneralist.typepad.com/my_weblog/2007/06/chlorine_attack.html)"
Re: Illegal in Germany
@ Mark Allen
Looks like the German Gov't is going to have to prosecute itself under its own new "hacking" laws.
"...filed a charge against German <a href="http://www.bsi.de/">BSI</a>. BSI stands for: Bundesamt für Sicherheit in der Informationstechnik (Federal Office for Information Security) and they are the central IT security service provider for the German government. The reason for the charge is BSIs distribution of BOSS (BSI OSS Security Suite), which is basically a Live CD containing Open Source security tools such as Nessus and John the Ripper."
I know this will anger a lot of people but if they have to put some animals down then so be it. Even if they have to put a lot of animals down then so be it. It's a sad reality but the planet breads too many dogs and cats to be "pets" and there are too few humans who can reasonably take care of them. I understand that pets hold places in people's hearts that's fine but we should be wasting gov't (or really tax payer) money to keep them alive. If the shelter can't deal with them that sucks but it's the world we live in.
Re: @ Thorin re: chemical weapons
Thanks for pointing out the link to the article posted more then half a year ago! Definately directly related and still relevant.
"Published Thursday 22nd February 2007 15:21 GMT"
Also if you bothered read the linked article that you so helpfully pointed out, you would have noted:
" It requires a relatively high concentration to be deadly so colossal quantities must be delivered to have useful combat effect."
"The most significant physical effect of including chlorine gas cylinders with an explosive payload will typically be extra fragmentation damage, rather than associated poisonings."
In other words the chlorine isn't being employed as a chemical weapon, it's being employed to increase the yield of the explosive devices, which could be accomplished by ay pressurized gas canister/tank. If you link further to the original BBC article (which was linked via the link you felt the need to point out) you'd note "Three weeks ago, a truck carrying explosives and a chlorine tank blew up in Anbar province." A chlorine tank....as in singular.
"Fucks sake Thorin - its almost like prats like you are paid to come to forums like this and waste peoples time"
Sorry EnricoSuarve, I know some of you love the media and it's FUD, misdirection, and fear mongering. I find it amusing that you supposedly wasted time reading the comments but then took the time to post yourself. Your comments was definately much more time worthy then everyone elses.
Re(2): Nice Subject
"The headline "Chemical-weapons hysteria causes cholera" is accurate."
No it isn't.
"It's a little thing we like to call "cause and effect". Perhaps you've heard of it?"
Indeed, thanks for checking though.
"Cause: chlorine allegedly used as a weapon.
Effect: U.S. government goes overboard by creating embargo on chlorine."
WRONG. Read the article again. "...gas are being held up due to fears it might be used as a chemical weapon...". There is NO use, there is NO alleged use. There is FEAR of use.
"Cause: chlorine embargo.
Effect: no clean water.
Cause: no clean water.
Effect: cholera in water is allowed to reproduce and spread."
So we step through 3 series of cause and effect to supposedly arrive at the subject. It's still wrong, neither chemical-weapons nor hysteria have "caused" cholera. Perhaps they "lead" to cholera but they have NOT "caused" it. Even if we ignore the use of "caused" there still isn't any chemical-weapons, there is only FEAR of chemical-weapons. The title should actually be "Fear of chemical-weapons leads to embargo resulting in cholera" or something like that.
"What would you like to argue next?" Anything you like, shall we start a debate blog?
"That bullets don't really kill people"
Bullets and guns don't kill people, they're inanimate objects. Perhaps you've heard of them? People kill people.
"...that instead it's the damage to the various tissues that actually kills people?"
This is also a good point, many people live with bullets and shrapnel in their bodies for years and years. Many people are shot and live. It IS as you have pointed out the damage caused by the bullet which kills the person not the bullet itself. I suppose in some bizzare extreme case a bullet (or many bullets) could result in lead poisoning though.
@ Steve thanks for the support, though I still don't think "Chemical-weapons hysteria causes cholera to spread" is perfect, maybe "Chemical-weapons hysteria results in spread of cholera". IMHO the chemical-weapons (which don't actually exist) aren't causal of the chorlera spread (not directly enough), but I can agree that cholera spread is a result of the topic. Sorry if I'm not being clear enough, I don't want to write a huge essay on this. Basically I agree that subjects can follow cause and effect, if that cause and effect are in direct relation and not many steps apart. Anyway I'll digress and hopefully you get what I was aiming at.
PS > Wow now that I previewed it, I did kinda write an essay, sorry about that everyone!
"ClearSpeed plots 1 TeraFlop floating point pizza box"
Isn't that kinda redundant?
Flop in TeraFlop stands for FLoatingpoint OPeration.
@ AnonymousCoward above. I'm not sure where u got 180.000 (perhaps it has since been corrected) however you should note that many localizations switch the decimal and comma.
As for this article. It's nice to know that our scientists notice this type of thing and track it but I hope they don't try to stop it. It's nature in action, if 1000s of Dolphins die there's a reason for it, we may not see it but it's balancing something else out.
Re: more bijoux quibble
Hmmm I guess the question is really to the author.
When he said "Wales is 20,780 square km" did he mean area (ie: from an overhead perspective such as a map)
Did he mean surface area (ie: as you've described with all the hills and valleys normalized/stretched out).
I did find other significant (I guess perhaps arguably) references to the same measurement:
http://en.wikipedia.org/wiki/The_size_of_Wales (20,779 square km)
http://www.simonkelk.co.uk/sizeofwales.html (20,779 square km)
Re: a bijoux quibble
"Moreover, this "depth of 1 metre" business. If we accept, as I think we must, that Wales is a little bumpy, then from where do we draw the line when measuring depth. "
The hills are irrelevant. Draw a wavy line on a piece of paper now draw another wavy line exactly parallel 1cm (or 1m) below that. OMG!!!!
As for the volume calculation, note the article states the following:
"Wales is 20,780 square km" > Square Km ... as in 2 dimensions.
"x 1 metre depth" > Hey look everyone it's a 3rd dimension!
Re: How antiquated!
'"Wales is 20,780 square km x 1 metre depth = 20,780,000,000 cubic metres = 103,300,000 cubic furlongs"
Whatever happened to the gf units?'
Let p = pi = 3.14159265
IIRC 4/3pr^3= Volume of a Sphere
Given that the article stated a gf had radius 5cm.
4/3 * 3.14159265 * 5^3 = 523.598775cm^3 or ~5.236m^3
So 20,780,000,000 / 5.236 = 3.96867838 × 10^9gf
(I did this really quick, please let me know if there are any errors)
@ Anonymous & Steve
I agree, they give up a chance to verify their repair process and further safeguard the crew because they found a small tear in 2 out of 5 layers of a glove. If I was up there I'd definatley want to be fixing it.
I kind of find it strange that the astronauts aren't making their own call on this one. WTF can NASA do? "No don't leave the craft".....GL with that.
Not to mention russian space suits or the impracticality of only taking 1 suit for each person that's meant to space walk...nice redundancy!
Re: How Amusing
@ Walter Brown
I think you're giving them too much credit. Symantec probably only has their name associated with it so that they can get a few royalty cheques.
"Nice malware vehicle."
Huh? They're talking "on chip" so either hardware or at best Firmware. How is that a malware vehicle?
Stupid Comments from Vendors
"To the best of our knowledge, Purple Pill was a proof of concept demonstration tool that was available for a very limited time and is no longer available," it added.
What a pull the wool over their eyes type statement. Anyone with half a brain should realize that "no loner available" actually means "no longer available from the original source". Microsoft doesn't have "Phenominal cosmic power" like the genie in Aladdin, they may have had the original download/site taken offline but how many 1000s of copies of the program (and perhaps source) do you figure are in the wild beyond their control/notice?
RE: Dumb Comment
"The principle that should be focused on is limiting *who* has access to these tools, not *what* they do."
That principle has worked so well in stopping illegal drug use and keeping guns out of the hands of criminals. Great idea! /snicker
So you honestly believe anything that can be used to a negitive end should be illegal?
There goes your dinner fork, your beer, your Tylenol, etc.
Re: How are weapons used?
-----quote-----This tool is a kind of weapon.
Mankind does not have a good record with mass-distribution of weapons.
Just look at Africa:
1. The use of machine guns make soceity impossible.
2. It's impossible for a teenager to have a machine gun and not use it.
Releasing tools like this one is just going to make things worse, on balance.
Your points don't make sense.
#1 How do machine guns make society impossible?
(Just so we're clear here http://dictionary.reference.com/browse/society :
1. an organized group of persons associated together for religious, benevolent, cultural, scientific, political, patriotic, or other purposes.
2. a body of individuals living as members of a community; community. )
Last time I checked Africa was a VERY large "organized group of persons associated together for" various purposes.
#2 Why is it impossible for a teen to have a machine gun and not use it. It's a choice, assuming they have a brain and a heart beat they can make the right choice or the wrong choice. The existance of the machine gun and their ownership of it does not force them one way or another.
Someone else's actions towards the person or people may facilitate a certain response but that is not the "fault" of the object in question.
As the saying goes "Guns don't kill people, people kill people" (whether with guns, bare hands, knives, dinner forks, drowning, etc.)
Where's the personal part? The only element you listed that "might" be considered personal is the referrer info.
1) Browser (user-agent) can be spoofed, though I honestly don't see why I'd care if anyone knows that I use FireFox or IE or whatever.
2) IP address isn't personal information (though under certain circumstances my ISP could probably be compelled to link it to personal information).
3) The disclosure and accuracy of the physical location of "my" IP address isn't controlled by me and is likely limited to the information provided by my ISP to ARIN et al (though under certain circumstances my ISP could probably be compelled to link it to personal information).
4) The configuration settings of my browser aren't personal. Who cares if someone logs what language my browser is set for? Or what plugins I have installed?
5) Ok so someone might be able to figure out that I ordered pizza or flowers etc based on what site I browsed to their site from or where I go as I leave their site. BIG DEAL! At worst they link this to a user name I provide on their site which may or may not (likely may not) provide them any details as to who I actually am (ie: Thorin Oakenshield, etc.)