Re: State Department Developing Cyber Toolkit
From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 11/25/05
- Next message: Moe Trin: "Re: Update on Modem hijacking/internet dumping"
- Previous message: Ript: "Re: What about GIANT spywear?"
- In reply to: Hairy One Kenobi: "Re: State Department Developing Cyber Toolkit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Nov 2005 14:08:56 -0600
On Fri, 25 Nov 2005, in the Usenet newsgroup alt.computer.security, in article
<a_shf.3517$GC1.1144@newsfe6-gui.ntli.net>, Hairy One Kenobi wrote:
>Agreed.. if OS. This was (extremely!) proprietary. Think "next competitor
>catching-up, nail the b***ard!".
Not sure how to read that - remember what microsoft did to Digital Research.
But then, Gary Killdall had a reason to be antagonistic.
>The address of the insurance company was "underhanded", unstead of
>"Underhill". One of the lasses had an outstanding claim on her car
>insurance...)
Nah, that never happened in the "real world"... Surely.... <runs around
the corner and tries to stop snickering to loudly>
>Who gives a **** if you are entirely hack-proof (cough!), if one twat of an
>Operator can delete the live database by mistake, and then do a runner?
Leaving aside the "hack-proof" concept, I don't know of any company that
hasn't had an operator (or even root) take careful aim, and put a .45
caliber (11 m/m) chunk of lead squarely through the wobbley bits. Someone
in another newsgroup (yesterday) identified a similar problem as
"testicular malletosis".
>TBH, I doubt that one soul on this planet noticed - but it's why I *always*
>include backups in any general definition of "security".
The person was lucky - I still recall one of the 'registrars' who was
cleaning up after the Summer interns had left, deleting their old home
directories. People who wield UID 0 really need to look two or three times
before pressing that <Enter> key. Usual problem - an extra space in the
worst possible location - rm'd an entire hard drive (not just a directory
or partition - no, let's go for the whole d?mn thing) instead of a single
(ex-)users directory. Hey, there were only 250 users on that drive, and
they only lost everything between last nights backups and about 10 AM
when she hit the <Enter> key - and we were able to restore to last-night's
backup by about noon or so... I really thought we were going to have a
major incident then, as some of the users were somewhat more than "miffed".
>I wouldn't recommend it for a life's ambition, but "evil" can but fun at
>times.. or at least entertaining,
"I am root. If you see me laughing, you better have a backup."
>hovering over someone's desk, asking "has it crashed yet?" ;o)
Top 100 things you don't want the sysadmin to say:
45. Was that YOUR directory?
>Oh, and the reason that it crashed? You'll love this - buffer overflow.
>Despite the obvious, the progger in question hard-coded a 16-unit queue. I'm
>not Jewish, but.. schmuck!
I am constantly amazed that after (what) 33 years, this is still a problem.
This can't be news to the instructors of programming language classes, For
_years_ we've been screaming about checking/validating input before even
looking at it - yet someone asks in a newsgroup this morning asks what can
go wrong if allowed to pass unchecked user supplied variables to a PHP
script. "Nothing, of course - what could _possibly_ go wrong?"
>"Variables won't, Constant's don't".
"These are not the variables you are looking for... move along"
But then, how many programmer types are still calling whole d*mn modules
"test"?
>Yikes!
One of the Linux FAQs still talks about running Linux on an 80386 with
4 Megs of RAM, though I think it recommends swap files to bring the total
up to 8 Megs of virtual memory. In fact, my home firewall is a 386SX-16
with 8 Megs of RAM (and 8 of swap), but most distribution installation
programs won't even start with less than 128 Megs.
>WTF happened to the Mach kernel that everyone was on about a decade or so?
>Did everyone get bored, or simply stop bothering?
That's straying into advocacy, but let's just say that Linus did a better
PR job, and has a clue about getting free programmers to work together.
Look at the ChangeLog file on a 2.6.x kernel, and you'll see literally
thousands of names. Mach never had a chance in that environment.
>Not sure I'd agree with that, at least in the UK. Last experience with
>employing new grads was back (oh sh**, I /now/ feel old...) ten years ago.
We still get new grads annually. Slight advantage - most of them did time
here as interns, so we know something about them. On the other hand, the
interns gain real-life experience, but are rarely in a position to do much
harm.
>Arrogance to ability ratio around 8:1; the latest types I've seen attain a
>much higher number (!), but seem to fold into spin-speak when questioned.
Don't those types normally end up in Sales/Marketing?
>Met Office reckon on a cold Winter. Could probably burn them for fuel, or
>something ;o)
Problem with that is when you need to burn them, the state environmental
protection agency frequently has declared it a 'no burn' day because of
air quality. (Joking aside - many of the houses here have fireplaces, but
we rarely can use them. When it would be desirable, we usually have a
temperature inversion, trapping pollutants in the air, so the State Air
Quality Board bans fires, and recommends waiting until dark to refuel
cars, etc.)
>Anyway. Let's call a decent progger (as opposed to Developer = Systems
>Analyst/Progger/Project Manager/PHB Victim) at around GBP12-18k. If you're
>good at it, you'd earn more stacking supermarket shelves.
Fsck! That's down near the Federal Poverty level. Flipping burgers is
another way to make more.
>The Developer is more your burn-out candidate.
The poor sod who's got to deliver (at something remotely resembling the
schedule) that something that marketing sold, at a bottom line cost that
doesn't destroy the company. That's why I'm happy to be in an R&D
facility. Yes, we've got to deliver exciting new products, but inventions
don't have schedules.
>'Twas the only way to make decent money.
A likely excuse.
>In the unlikely event that the comment didn't translate too well, British
>"City" == USAian "Wall Street".
Know it well enough. A neighbor (used to be?) a subscriber to the FTL.
><snip bit about nice weather and Thanksgiving 'cos I'm feeling jealous>
This is the time of year we get the visitors - we call 'em "snow birds" -
from the North. You can spot 'em on the streets easy enough - they're the
ones in scanty clothing. The residents are the ones wearing jackets and
heavy coats. The real estate people love 'em, as they buy houses in this
place with the lovely weather. Come May when the thermometer hits 40C (or
July, when it hits 50), it's a different story for some reason.
><Dick van Dyke>
>Avagudun..!
Thankee, Guv'nr
></Cor blimey, Mark Poppins>
Old guy
- Next message: Moe Trin: "Re: Update on Modem hijacking/internet dumping"
- Previous message: Ript: "Re: What about GIANT spywear?"
- In reply to: Hairy One Kenobi: "Re: State Department Developing Cyber Toolkit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
