Great, now I'm sad and pinin' for the fjords!
PININ' FOR THE FJORDS!?
If the ad blockers would actually follow the links and give the people the clicks they desire, without displaying the advertisement, would that help?"
Are you asking if illegal click fraud would help Arstechnica? I think the answer is an unequivocal "no;"
...the demographic studies these revenue sources depending upon the click analysis would fail. How nice.
Why is that nice? Because then you'll see the ads that should have gone to 90-year-old widows instead of the video game ad you would normally see? How nice because Ars would go out of business? What exactly is your point here... because if it's what it seems to be on the surface then it's really dumb.
Simply sending a reboot command, or a single command that causes the machine to hang, isn't a DOS
This is a common view of a DoS because flood-style attacks are the types you hear about on the news and on Slashdot, however what you said is simply not true. Crashing a webserver remotely is, without a doubt, a denial of service attack, as you are denying service to the end user. It makes absolutely no difference what means you use to accomplish this goal. If you don't believe me, just take a look at this week's CERT security bulletin: http://www.us-cert.gov/cas/bulletins/SB10-040.html.
For Wireshark:
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
For Asterisk:
Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.
Postgresql:
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."
So we have malformed packet, bad handshake, and a poorly handled statement, all of which cause what the CERT is classifying as "denial of service," and none of which even remotely match what you describe as a DoS attack.
1e100=1
Scientific notation does not work like that.
1e1 = 1*10^1 = 10
1e10 = 1*10^10 = 10000000000
1e100 = 1*10^100 = Slashdot doesn't let you write 100 zeros in a row. You get the idea.
Whoever designed these devices should be sent back to computer school. An authentication device that can be bypassed is a contradiction in terms.
First of all, this is not an authentication device, it's a cell network extender, which obviously requires some kind of authentication for any measure of security. What "Authentication device" (I think they mean "authentication mechanism") has never had a vulnerability exposed? Are all devices with a privilege escalation vulnerability designed by people who "should be sent back to computer school?" ("computer school?"
The real issue here is the fact that security is sometimes not taken as seriously with hardware and firmware design in commodity devices as it is with software.
OK so maybe some aspects of the game are more plausible than others.
-Purple Mechtron
To do nothing is to be nothing.
