For what it’s worth, I understand the CocaColla team’s frustration about only getting a 15-day window from Coca-Cola to proceed with the takedown of their site and sale of their domain name, but I’m sure that is negotiable.
Hardly worth picking an online battle over, if you ask me. You’ll hurt Coca-Cola more by switching to Pepsi from now on. I hear it’s better-tasting, even.
This is my contribution to Uncensored: A Charitable Project to Support The Open Internet. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
This year I will celebrate my fiftieth birthday. While I haven’t spent a half-century hacking, I recall playing with punch cards in the 1960s, so it has been a good forty years of fascination with information technology. In those forty years, what have I done? I have not written any great books. I do not teach in a university. I did not make millions of dollars. I did not invent anything critical to the advancement of the human race.
My perspective is a little like that of C3PO in Star Wars, a minor character throwing his hands up in dismay at calamity and providing others with an interesting viewpoint on the great events of the last forty years.
Like any space opera, the story of information technology is a very simple one. It is played out in a myriad of different ways by a revolving cast of characters, but it always has its loveable heroes, its predictably nefarious villains, innocent civilians to be saved, and bumbling bureaucrats that aren’t inherently evil, but begin every story aiding the forces of darkness out of a misplaced belief they are preserving law and order in their corner of the galaxy.
The heroes are always in possession of a great secret, one that will disrupt the empire. It always works the same way: It takes power out of the hands of the entrenched nobility and bureaucrats and puts it back in the hands of the people. The movie tells us all about it in Act I, deals a great setback to the heroes in Act II, and in Act III they prevail through pluck and a fierce disdain for the overwhelming forces arrayed against them. Who can forget Han Solo's grim tagline, “Never tell me the odds?”
In hardware, minicomputers disrupted mainframes. Then microcomputers disrupted minicomputers. Now phones and tablets are disrupting microcomputers. With each wave, a hardy band of rebels fought against everything the industry threw up in their way. Waves of salespeople spreading FUD. Rigged government procurement deals. Lobbyists in the halls of power passing laws against them. The battle cry of the empire has always been that a victory by the rebels would cost the economy everything, that jobs would vanish and chaos would reign. But each victory by the rebels actually created more jobs, more wealth, and more freedom.
Now in the next century, what does a somewhat battered and out-of-date protocol droid observe? That everything old is new again. The “intellectual property cartels” act like the hardware giants of old, buying politics by the pound and telling everyone who will listen that they need more protection for their patent portfolio, more protection for their cartoon characters, more protection for even the depiction of sporting events.
They tell us that only a “managed economy” for intellectual “property” will preserve jobs, and that ifthe serfs have more “freedom,” this will actually lead to slavery. The warn us that roving bands of pirates are living it up like drug barons on movie downloads. They explain how they need the senate to grant them special, temporary powers to download the contents of your phone or laptop when you cross the border, they explain why they need to send violent special forces police to arrest and extradite the owners of a file downloading business, they explain why they need to monitor the entire world’s tweets looking for jokes in poor taste.
And that’s just how they run politics. If you want to create the future, the possibility of successfully navigating a patent minefield is approximately 3,720 to 1. And I noticed earlier, the electoral motivator has been damaged. It's impossible to go to political innovation speed.
We are, I think, at the beginning of Act III. Some of you will agree with me that surrender is a perfectly acceptable alternative in extreme circumstances. But others will climb into their trusty ships and continue the fight, harassing and wounding the entrenched interests until the whole thing collapses under the weight of its own corruption. The future of our economy really does depend on the rebels succeeding. At every point in the last forty years, wealth, health, and happiness in our economy have been built on the freedom to disrupt the entrenched powers, not the preservation of their rent-seeking monopolies.
More jobs and businesses have been created by VCRs than destroyed by them. More jobs and businesses have been created by the breakup of AT&T than destroyed by it. More jobs and businesses have been created by the decline of IBM than lost in Armonk. More jobs and businesses have been created by the stagnation of Microsoft than lost in Redmond. And it will be the same with the RIAA, the MPAA, Intellectual Ventures, and everyone else scheming to enthral the people with digital “rights” management and criminal prosecution of “file sharing.” In the destruction of the monopolization of ideas, lie the seeds of a new revolution, one that will bring wealth, freedom, and jobs.
Rebels, the force will be with you. Always.
What’s your “Go-to” Joke?
Collected by reddit
There were two sisters, one called Petal and one called Fridge. One day, Petal asks her parents, “Why did you call me Petal?” and they replied “Because when you were a baby, a petal fell on you.” And then Fridge says “bllaaarrarararraraaarg”.
A man goes to the doctor for his annual check-up, and the doctor tells him, “You need to stop masturbating.”
The man asks, “Why?”
The doctor replies, “Because I’m trying to examine you”A polar bear walks into a bar, sits down and order a “Bicardi and………………………………………… cola”
Bartender asks, whats with the huge pause??? Polar Bear says “These? Born with’em….”A horse walks into a bar. Several people get up and leave because they realize the potential danger of the situation.
Three nuns are sitting on a park bench. Then a man comes up and exposes himself to them. Two of them have a stroke. But the third one couldn’t reach.
What did the buffalo say to his son when he dropped him off at school? …….Bison.
Two whales walk into a bar. The bartender asks them what they want.
The first whale replies: WOOOOOOWWWWWW WOOOOOOOEEEEEEEEEEE WOAAAAAAAAAAHHHHHHHHHHHH OOOOOOOOOOOOOOOOOOOOOOAAAAAAAAAAAAA WOOOOO
The second whale says: “Frank, you’re drunk”.A man sits down at a bar and says to the bartender: “I bet you 300 dollars that I can piss into the cup all the way over there on the other side of the bar and not miss a single drop.”
The bartender said: “There is no way you can do that. Sure, I’ll bet you 300 dollars.”
The man then begins to undo his pants and begins pissing. He starts pissing all over the bar, the bottles, the floor and the bartender, not making a single drop in the cup.
The bartender starts laughing and says: “You fucking idiot! You owe me 300 dollars!”
The man gets up and walks over to the pool table and starts laughing and shaking hands with the men standing there. He walks back to bar laughing, sits down and hands the bartender the $300 dollars.
The bartender asks: “Why are you laughing? You just lost the bet.”
The man said: “I’m laughing because I bet those guys over there one thousand dollars that I could piss all over you and your bar and not only would you not be mad, you’d be happy about it.”Why does Santa have such a large sack? Because he only comes once a year! Kids love that joke
A magician was walking down the street, then he turned into a grocery store.
An old lady at the bank asked me if I could help her check her balance. So I pushed her over.
A lady walks into a bar and sees a really cute guy sitting at the counter. She goes over and asks him what he is drinking.
“Magic Beer”, he says
She thinks he’s a little crazy, so she walks around the bar, but after that there is no one else worth talking to,goes back to the man sitting at the bar and says,”That isn’t really Magic Beer, is it?”
“Yes, I’ll show you.” He takes a drink of the beer, jumps out the window,flies around the building 3 times and comes back in the window.
The lady can’t believe it: “I bet you can’t do that again.”
He takes another drink of beer, jumps out the window, flies around the building three times, and comes back in the window.
She is so amazed that she says she wants a Magic Beer, so the guy says to the bartender, “Give her one of what I’m having.”
She gets her drink, takes a gulp of the beer, jumps out the window, plummets 30 stories, breaks every bone in her body, and dies.
The bartender looks up at the guy and says, “You know, you’re a real asshole when you’re drunk, Superman!”My favorite knock knock joke from The Office.
‘Knock Knock”
“Who’s there?”
“The KGB”
“The KGB wh–” SLAP
“We are the ones asking the questions!”What did batman say to robin before they got into the car?
Robin! Get in the car!I have this horrible joke from like middle school about some fruit going up your ass. It’s so stupid, but every time I tell it I start laughing so hard I tear up. It’s embarrassing honestly. And it’s kind of vulgar, so it never seems appropriate.
Edit: Added joke, thanks to request + downvotes. Found it online!
Three men who were lost in the jungle were captured by cannibals. The cannibal king told the prisoners that they could live if they pass a trial.
The first step of the trial was to go to the forest and get ten pieces of the same kind of fruit. So all three men went separate ways to gather fruits. The first one came back and said to the king, “I brought ten apples.” The king then explained the trial to him.”You have to shove the fruits up your butt without any expression on your face or you’ll be eaten.” The first apple went in… but on the second one he winced out in pain, so he was killed. The second one arrived and showed the king ten berries. When the king explained the trial to him he thought to himself that this should be easy. 1…2…3…4…5…6…7…8… and on the ninth berry he burst out in laughter and was killed.
The first guy and the second guy met in heaven. The first one asked, “Why did you laugh, you almost got away with it?” The second one replied,”I couldn’t help it, I saw the third guy coming with pineapples.”Two antennas meet on a roof and fall in love. The wedding wasn’t much but the reception was excellent.
Why don’t blind people skydive?
It scares the hell out of the dog.What do you call a fake noodle?
An impasta.Nice try Carlos Mencia
Not mine, but a coworkers.
My two lesbian neighbours got me a Rolex for my birthday. They misunderstood when I said “I wanna watch.”
He’s been telling this since Christmas.Lady goes to her doc.
“Doc, I have quite the problem. I can’t control my gas. All day long I’m farting and farting. The only good news is they are the ‘silent but deadly’ type.
The Doc pauses for a moment and replies, “first let’s get you fitted for a hearing aid.”A guy walks into a bar, orders six jägermeister shots.
The bartender asks him if it’s a special occation?
The guy answers “yes indeed, my very first blowjob”.
The bartender gets excited and says “Congratulations, I’ll give you the seventh shot on the house”.
The guy answers “Nah, if six jäger shots isn’t enough to get rid of the taste, the seventh wont make much of a difference”.A man is sitting at the bar when he notices a beautiful woman walk in and sit down at a table across the room. After 30 minutes the man finally builds up enough courage to walk up to her and offer her a drink, but before he can finish his sentence she yells “NO I WILL NOT HAVE SEX WITH YOU!”. Confused and embarrassed, the man quietly returns to his seat while the rest of the bar stares at him. Shortly after the woman approaches him and says “I’m sorry to yell at you like that. You see, I’m a grad student and I’m studying peoples reactions to embarrassing situations”. The man shouted “WHAT DO YOU MEAN 200 DOLLARS?!”
What’s the hardest part of eating a vegetable? The wheelchair
Understanding the bin, sbin, usr/bin , usr/sbin split
Rob Landley rob at landley.net
Thu Dec 9 15:45:39 UTC 2010
- Previous message: Applet for detecting the filesystem type.
- Next message: Understanding the bin, sbin, usr/bin , usr/sbin split
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tuesday 30 November 2010 15:58:00 David Collier wrote: > I see that busybox spreads it's links over these 4 directories. > > Is there a simple rule which decides which directory each link lives > in..... > > For instance I see kill is in /bin and killall in /usr/bin.... I don't > have a grip on what might be the logic for that. You know how Ken Thompson and Dennis Ritchie created Unix on a PDP-7 in 1969? Well around 1971 they upgraded to a PDP-11 with a pair of RK05 disk packs (1.5 megabytes each) for storage. When the operating system grew too big to fit on the first RK05 disk pack (their root filesystem) they let it leak into the second one, which is where all the user home directories lived (which is why the mount was called /usr). They replicated all the OS directories under there (/bin, /sbin, /lib, /tmp...) and wrote files to those new directories because their original disk was out of space. When they got a third disk, they mounted it on /home and relocated all the user directories to there so the OS could consume all the space on both disks and grow to THREE WHOLE MEGABYTES (ooooh!). Of course they made rules about "when the system first boots, it has to come up enough to be able to mount the second disk on /usr, so don't put things like the mount command /usr/bin or we'll have a chicken and egg problem bringing the system up." Fairly straightforward. Also fairly specific to v6 unix of 35 years ago. The /bin vs /usr/bin split (and all the others) is an artifact of this, a 1970's implementation detail that got carried forward for decades by bureaucrats who never question _why_ they're doing things. It stopped making any sense before Linux was ever invented, for multiple reasons: 1) Early system bringup is the provice of initrd and initramfs, which deals with the "this file is needed before that file" issues. We've already _got_ a temporary system that boots the main system. 2) shared libraries (introduced by the Berkeley guys) prevent you from independently upgrading the /lib and /usr/bin parts. They two partitions have to _match_ or they won't work. This wasn't the case in 1974, back then they had a certain level of independence because everything was statically linked. 3) Cheap retail hard drives passed the 100 megabyte mark around 1990, and partition resizing software showed up somewhere around there (partition magic 3.0 shipped in 1997). Of course once the split existed, some people made other rules to justify it. Root was for the OS stuff you got from upstream and /usr was for your site- local files. Then / was for the stuff you got from AT&T and /usr was for the stuff that your distro like IBM AIX or Dec Ultrix or SGI Irix added to it, and /usr/local was for your specific installation's files. Then somebody decided /usr/local wasn't a good place to install new packages, so let's add /opt! I'm still waiting for /opt/local to show up... Of course given 30 years to fester, this split made some interesting distro- specific rules show up and go away again, such as "/tmp is cleared between reboots but /usr/tmp isn't". (Of course on Ubuntu /usr/tmp doesn't exist and on Gentoo /usr/tmp is a symlink to /var/tmp which now has the "not cleared between reboots" rule. Yes all this predated tmpfs. It has to do with read- only root filesystems, /usr is always going to be read only in that case and /var is where your writable space is, / is _mostly_ read only except for bits of /etc which they tried to move to /var but really symlinking /etc to /var/etc happens more often than not...) Standards bureaucracies like the Linux Foundation (which consumed the Free Standards Group in its' ever-growing accretion disk years ago) happily document and add to this sort of complexity without ever trying to understand why it was there in the first place. 'Ken and Dennis leaked their OS into the equivalent of home because an RK05 disk pack on the PDP-11 was too small" goes whoosh over their heads. I'm pretty sure the busybox install just puts binaries wherever other versions of those binaries have historically gone. There's no actual REASON for any of it anymore. Personally, I symlink /bin /sbin and /lib to their /usr equivalents on systems I put together. Embedded guys try to understand and simplify... Rob -- GPLv3: as worthy a successor as The Phantom Menace, as timely as Duke Nukem Forever, and as welcome as New Coke.
January 26, 2012
Internet Against SOPA, PIPA
Last week, several websites, including Google and Wikipedia, raised awareness of the prohibitive measures included in the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA). Here are some of the legislation's controversial provisions:
- Music review sites can only allude to a song's title and content in vague terms
- All pirated material available only at the Commerce Department's new site, Torrent.gov
- Government will actively encourage people to download only public-domain music, such as Pipey Lester's "That Cat's a-Mewing!" or Ukulele Ted's "Nickel For Your Hat"
- Denies future generations the ability to watch hilarious scene from Dirty Work where Chris Farley yells at the Asian hooker anytime, free of charge, which is a fundamental right of being an American
- Does absolutely nothing to get rid of goddamn Lolcats
- Makes the MPAA and RIAA feel better, which, if you have any shred of a soul, causes pure rage to swell through your very being
- Any person suspected of Photoshopping bill sponsor Rep. Lamar Smith (R-TX) in an unflattering manner shall be subject to a minimum sentence of two months in prison; sentence will be increased by an additional two months if MS Paint is used
- No longer legal to steal Ryan Gosling's credit card information
Recent Infographic
Romney Facing Flak For Turn As Venture Capitalist
01.19.12 | ISSUE 48•03
Detroit Ending 24-Hour Police Station Access
01.12.12 | ISSUE 48•02
01.05.12 | ISSUE 48•01
More Infographic
03.27.02 | ISSUE 38•11
09.15.11 | ISSUE 47•37
02.25.98 | ISSUE 33•07
Security Onion is one of my favorite tools. Doug Burks did an amazing job pulling many of the top open source Network Security Monitoring (NSM) and Intrusion Detection System (IDS) programs. You can run Security Onion in Live CD mode, or you can install it and run it off of your hard drive.
It’s based on Xubuntu 10.04 and contains a ton of programs including Snort, Suricata, Sguil, Squert, argus, Xplico, tcpreplay, scapy, hping, and many other security tools. Sounds complicated right? Well, Doug has done the hard work in pulling all these tools together into an easy to use Linux distribution.
Run this on a system that has two network cards and you have a complete NSM/IDS system. One NIC connects to your network or the internet side of your traffic and records and monitors every packet that comes in or goes out of your system. The second NIC connects to your LAN side and can be used to remotely view and monitor intrusion attempts and security threats.
The exceptional basic setup video above was created by Adrian Crenshaw aka “Irongeek”. Adrian has always done an amazing job passing on information on the latest security tools and techniques. Irongeek.com has a ton of videos and security how too’s, check it out!
Share this:
Like this:
~ by D. Dieterle on January 24, 2012.
Posted in Computer Security
Tags: intrusion attempts, Intrusion Detection, intrusion detection system, intrusion detection system ids, Intrusion Prevention, Linux Security, Network Security Monitoring, scapy, Security Onion, squert
Rough term for an event where PowerPoint presentations are occurring in multiple rooms. You might call it a conference, but really it’s a powerpointalism experience. The definition of a conference —a formal meeting for discussion — doesn’t really apply since only the people up the front are talking and everyone else is listening. Generally, you want to be involved.
Note that powerpointalism can also be a noun “I’m experiencing powerpointalism” or more simply, setting one’s status to “powerpointalism” explains your current status.
Note that powerpointalism is how you experience marketecture.
Compare with PowerPoint Waterboarding which tends to occur in much smaller groups that you can’t escape from.
With reference to @aneel during Cisco Live Conference in Las Vegas, 2011.
-->
- Share this:
Had the now-defunct LulzSec hacking group had its demands met earlier this month for getting botnet intelligence from startup Unveillance, it could have wrested control of a portion of the infamous Qakbot's command-and-control infrastructure that's under the purview of the security firm.The bots Unveillance had sinkholed are Qakbot-infected machines as well as some Mariposa-infected machines, which could have been a treasure trove of botnet firepower for the hacking group, security experts say. Qakbot is a Trojan that spreads like a worm, and its goal is to steal financial accounts and ultimately help siphon money. The botnet has been spotted on the rise, most recently infecting 1,500 Massachusetts state PCs and possibly exposing personal information of some 250,000 state residents.
Karim Hijazi, CEO and president at Unveillance, which uses sinkhole servers to pose as botnet servers that capture communique from orphaned bots, says his firm controls a large portion of the Qakbot botnet's command-and-control infrastructure via its sinkhole servers. "I believe [LulzSec] wanted it for use for a variety of reasons," Hijazi says. "Fraud, information-stealing, reverse-proxy, [etc.]."
In addition, Unveillance sinkholed some Mariposa bots, which LulzSec was also interested in obtaining. Although law enforcement controls the Mariposa command-and-control servers themselves, there are still plenty of machines worldwide infected with the bot malware. "We still see over 4 million events/communications from infected machines part of Mariposa per hour and over 100,000 unique IP addresses an hour," Hijazi says.
LulzSec wanted Mariposa for DDoS purposes, says Pedro Bustamante, senior research adviser for Panda Security. "It’s important to note that even if LulzSec [was able] to completely hack Unveillance and take over their systems, this will not have an impact on LulzSec getting access to the Mariposa botnet," Bustamante says. "The reason is that the DNS records for the Mariposa command-and-control servers are under the control of law enforcement, and are only being redirected to Unveillance for sinkholing purposes ... we can change the DNS records for the main C&C domains and point them somewhere else as to minimize the impact" of any theft of those existing Mariposa bots, he says.
Clues to LulzSec's botnet intentions began to surface last month, when Unveillance discovered some unusual traffic patterns around its network. On May 25, Hijazi noticed something funny was going on with his email account as well. "An email I saw on my phone was showing as already-read on my computer," even though he had not opened the message yet, he recalls.
Minutes later, he witnessed an email in his inbox go from "unread" to "read" and then back to "unread" again. "That was a really compelling event," he says. Between that and the unusual traffic trying to get past Unveillance's firewalls, something was definitely going amiss: "It was lockdown time," he says.
In the wee hours of the morning, Hijazi received an email with his Infragard password in the subject line, and a message asking if he wanted "to talk," and signed "Love, Friends." He gathered his team at 4:30 a.m., and they began brainstorming and shoring up security.
It wasn't until later in an online chat with the hackers that Hijazi learned what the attackers really wanted: "They ... [were] saying, 'We want your botnet information' or they would 'dox' us," he says. Among their demands was Qakbot information and its sinkholes: "They wanted [me] to convey ownership of the domain for DDoS'ing. They wanted command and control of those DDoS botnets," Hijazi says.
When Hijazi refused, they demanded money, but he replied that his firm was a start-up and didn't have any money. "On Friday, they dumped my emails online, and InfraGard was taken down," he says.
While Anonymous -- from which LulzSec originally spun off -- has been best known for using "crowdsource" distributed denial-of-service (DDoS) attacks using the Low Orbit Ion Cannon (LOIC) tool, the group also has relied on established botnets to take down websites it targets.
Meanwhile, Hijazi says the AntiSec operation headed by Anonymous is hosting a new hacker training school via an IRC chat room for new recruits. "New information about their 'new' AntiSecPro hacker training school shows intent to use the ZeuS source code to train new recruits [bot-herders] how to compile and deploy a ZeuS botnet," Hijazi says.
Aside from the Zeus training and offering source code for Zeus 2.0.8.9, the "#school4lulz" training includes language injection via HTTP, IDS evasion, SQL injection techniques, botnet C&C protocol selection, takeover mitigation, social engineering skills, war-driving, and how to find an individual's personal information online, Unveillance says.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
E-mail this page
| Print this page
| Breach Patrol: When Should Customers Be Told?
Speed of notifications seems to be a key question nowJun 17, 2011 | 02:24 PM | 0 Comments
By Mathew J. Schwartz, InformationWeek
Special to Dark Reading
Dark Reading
Are companies notifying consumers quickly enough after their personal data has been exposed via a security breach?The speed of such notifications seems to be a key question now. Earlier this month, the House Committee on Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade peppered representatives from two breached companies with questions ranging from how they'd secured their data, to how quickly they'd notified affected customers.
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
-->Deja-Vu: Cisco VPN Windows Client Privilege Escalation
-->Published: 2011-06-28,
Last Updated: 2011-06-28 20:14:39 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)Cisco released earlier today a bulletin regarding a vulnerability in the Cisco VPN client for Windows 7. The vulnerability is pretty simple: The client runs as a service, and all users logged in interactively have full access to the executable. A user could now replace the executable, restart the system and have the replacement running under the LocalSystem account.
The fix is pretty simple: Revoke the access rights for interactive users.
The interesting part : NGS Secure Research found the vulnerability, and released the details after Cisco released the patch [1]. The vulnerability is almost identical to one found in 2007 by the same company in the same product [2]
Very sad at times how some vendors don't learn. Lucky that at least companies like NGS appear to be doing some of the QA for them.
[1] http://www.securityfocus.com/archive/1/518638
[2] http://www.securityfocus.com/archive/1/476812------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Post
Tutti i commenti
