Here's an NYT article in case you're like me and starting to really get annoyed at stupid people arguing for stupidity instead of against it like any race that is expected to continue breeding should.
Just in case any of the words are just too big for you, double-click on them.
Sure, the article is from 2005, but precious little (if any) progress has been made since then.
The cable industry seems to be hell bent on having a lock on viewer equipment in much the same way the DVD industry has a lock on DVD playback equipment. We could write letters about this to the FCC, but it's unlikely cable companies will do anything other than shriek "PIRATES!" on behalf of their corporate masters. On top of this, there doesn't even seem to have been a lessening on the bullshit provisions that would appear to require the third party appliances at the cable company's bidding do something as onerous as say, put more f**king ads on the screen when you're just trying to see what's on.
Me, I just want to be able to either get (and pay for) digital cable to use with my homebrew PVR, or have Comcast STFU about it every time I talk to them. So long as I have to suffer the insanity of using a firewire cable to change channels (and they're begrudging about even that around here) but not actually get the video through that medium, I'm not going to be using digital cable. It's really that simple. F**k your extra advertisements--I'm already paying a monthly bill. While we're at it, f**k the onerous restrictions they're trying to place on the system under the guise of preventing video retransmission and piracy--the actual cable and media thieves really haven't had much of a problem breaking encryption systems, so it's not like this is going to pose more than a miniscule slowdown for them. The real question people should be asking is why these measures are so clearly aimed at preventing people at home from recording a TV show and then burning it to watch again later, just like they've always been able to do with VHS tapes.
Lots of juicy, juicy in this one, but there's something about it that smells funny.
A server compromise trend has been recently reported targeting multiple hosting platforms. RedHat Enterprise Linux & Centos 4/5 and Fedora Core 5/6 are the most common targets. This compromise is not believed to be specific to cPanel software. This issue has been seen on systems running a variety of control panels. There are still many unknown details regarding this exploit. It has been established that this compromise requires super user privileges. It is common to see a short but successful root login via ssh 5-10 minutes before the compromise occurs. The initial entry point is not confirmed at this time.
So basically, the people too stupid to pick a decent root password are getting exploited... nothing much new here... kind of hard to take over the Internet with unimportant machines no one puts much importance into and don't attract many pageviews.
This isn't always the case in older variants of the rootkit. To be certain your server isn't compromised, it's best to sniff packets for a brief 3-5 minute period. You can do this using the command below:
tcpdump -nAs 2048 src port 80 | grep "[a-zA-Z]\{5\}\.js'"
...alternatively, you could simply find an exploitable bug in tcpdump or grep and encourage many thousands of people around the world to run those binaries for several minutes on their really important, high page-view sites while you madly scan thousands of prospective target webhosts with your other botnet of more easily exploited machines.
Exploitable bugs in tcpdump you say? No... that's never happened before.
In case any of you have loved ones or whatever running Windows, this is something you may need soon. Normally this wouldn't be such a pain in the ass, but this is now one of those "landscape changes" resulting from people like the Russian Business Network (also known as "criminals"--there is no mincing words on this) really bearing down on the subject of installing malware onto people's computers.
I'm going to say something that will upset some of you now. Pregnant women and those prone to fainting may wish to stop reading now.
* * *
This fscker will get you through Firefox if you're not careful.
* * *
It's not Firefox that's being exploited, but any one of three plugins (and probably more than that) that are installed if you have not been keeping them up to date. High on the list of possibilities are Quicktime and Adobe Reader plugins for one very specific reason.
Those two things have their automated update checkers tied up in exceptionally ponderous system tray apps that most people disable because they're a big waste and slow down booting. ...so if you don't have these doing their thing through the system tray, the first time you may find out there's a necessary update is when the plugin is triggered by the browser--at which point it's too late, you've been compromised.
The machine I just cleaned up was infected while a person was browsing MySpace (and this isn't MySpace-specific, I'll explain at the bottom) using Firefox and it was infected through the Quicktime plugin. All the user initially saw was that Quicktime was informing them of an update being available... and then they started getting the popups advertising for what are essentially phony anti-spyware programs.
This particular variant did the following things above and beyond "the usual". It blew AVG right off the drive. It damaged the Quicktime installation so that it could not be updated without going and manually getting the update, although Quicktime itself still worked properly. After a partial removal in safe mode was attempted, it locked out all accounts, including the administrator account. Very not cool, that. (It of course disabled all the internet security settings in XP, and riddled the registry with itself, and installed "partner" software as the usual.)
Why this is not specific to MySpace
The problem that's coming up now is that the criminals are using front companies to buy ad space from legitimate/normal ad companies, and serving the ads from their own machines, which every so often will instead return a 404 document which invokes a vulnerable plugin. I've seen multiple perfectly reasonable sites go into a panic lately (CuteOverload got so freaked out their wiped their site and restored it from a scoured backup) because their users were reporting that their antivirus solutions were hollering about viruses on their site--which turned out to be coming from major ad banner companies that would otherwise be considered "safe".
This is old news I know, but my question is, as a service provider are they allowed MIM attacks like this (am I misreading this, isn't that what masquerading as the other computer your talking to and sending false data is?).
In a move almost staggeringly myopic, agents from Swedish National Crime and the Swedish Security Police raided Dan Egerstad on Monday of this week, rather clearly on the basis of his massive non-hack of the TOR routing service.
For those not catching on, Dan is the gentleman we all cheered a short while ago for having the ingenuity to set up and connect several new TOR (an anonymizing packet routing system) nodes and see if people were actually using the network with unencrypted protocols (which would basically be foolish in the extreme). It turns out that Dan's suspicions were right, and that not only were people using the network insecurely, lots of people, up to and including embassies and government and military offices were using the network unsafely--effectively sending emails and other sensitive traffic across the network completely in the clear where anyone who added their connectivity to the network could see it. This is very, very bad.
Let me make this clear... Anyone, myself included, can at any time, add their resources to and use the TOR network, simply by joining it and using it. (Non-technical explanation for simplicity) Participants in the network pass each other's traffic back and forth randomly through encrypted links, counting on the misdirection of a massive shell game to protect their privacy. Users are supposed to encrypt all their traffic as well as an additional step to keep the last site that handles the traffic before it goes back out to the Internet at large from being able to see what's being sent around. The encryption of the TOR network itself protects the contents up to that point, but no farther. For embassies and other installations that might have things going on where a breach of security could mean people die, incorrect use of the network almost guarantees that someone's likely to get hurt--possibly many, many someones. Dan figured that if anyone can do this, bad people were probably already doing it.
After doing his due diligence and trying to tell the people using the network unsafely the mistakes they were making (and getting nowhere), Dan took the more civic-minded approach of shouting it to the heavens by publishing samples and account information of the hapless fools on his website, and announcing the disturbing results of his completely legal and ethical research to security-oriented mailing lists in hopes that people would take notice and stop endangering themselves and others. The resulting splash he hoped would penetrate far and wide and just maybe, make the problem go away.
It now appears that, true to history, anyone foolish enough to take away any powerful organization's ability to lie to itself about utter and terrifying failures of their security model is someone those organizations are going to try to hold responsible for it and crush. Seeming to be under pressure from other organizations (very likely the ones Dan was trying to protect) the Swedish authorities have basically confiscated most of Dan's stuff, and it remains to be seen just how far this will go before sanity takes hold again.
We can now chalk up another one to the forces of ignorance and stupidity for attacking people who are working to help them stay safe. Dan should have been getting a medal (or at least a thank you) for this work, and instead, people are trying to destroy his life. Way to go, folks.
New, it cost about 200 British Pounds. It gets almost 100 MPG.
I want the sport version shown at the end.
Frankly, I think someone should try making these again. Something like this that maybe got as fast as 45mph (definitely not safe for this on the interstate) and you could sell for say, $400-$500... You could not keep people out of your showroom without dogs and minefields.
