I was going to reply to PopeRatzo with a link to the WP article about that book's very topic, right-wing authoritarianism, but you kinda beat me to it. I don't have any mod points, but I can do better anyway by quoting you at +2

/me dons my internet-psychologist's trousers:
Some of the replies in this discussion are clearly from people who are RWAs.

Why do Sun readers have black penises?

Because the print comes off on their hands.

- Jasper Carrott

I've said this before, but I'm going to repeat it:

If you are on an ISP that censors, because they inject fake 404s you cannot be sure what is a real 404 and what isn't. So if you see any 404s, call them up and get them to confirm if it is their system or if it is the actual server. And if enough people did this, the censorship would go away...... until they come up with another method, that doesn't open them up to costs. But if they do that, I'm sure we can figure something else out.

You forgot to mention that customer services will be a call you have to pay for. They will have worked it out such that implementing the censorship and turning it off for some will turn a profit - you will be giving them that profit when you jump through the hoops they want you to.

Recently t-mobile spammed my phone with some new fucking feature that I don't want - they will send you a text if someone phones you and you don't answer. Well, fuck that! The phone already says if there is a missed call, I don't need to be told twice. I also know how shit their network is, and I don't need to be kept up to date as to how shit it is.

To turn off this unasked for feature I was meant to call up (and pay) or text them (and pay). Yeah, it's a few pence, but it is the principle that I object to. So I found their corporate fax number, and rang some numbers similar to it. I ended up getting straight through to someone who was able to turn off the feature I didn't want. The thing is, I didn't get through to just some call centre peon, I wasted the time of someone better paid within t-mobile, and explained to someone who might actually be willing to understand why I was trying to waste their time and money - because I don't like having my time and money wasted with features that are only there to try and encourage the user to use their phone more.

I though the difference was that fax sound like an unpleasant screeching noise, and fox sounds worse?

And whilst you say that, there will still be the odd fax machine about. Perhaps in some director's office who doesn't want to have to use the new system - and can pull rank to be able to not have to use it. Perhaps a legal department sometimes faxes confidential communication, and the simplest way to keep it secured is to have a simple fax machine, that doesn't have any ability to keep copies etc., in a locked room. Smaller regional offices are more likely to be stuck with older kit - I have worked for a couple of corps where the sites that executives frequently used had all the best facilities and newest (and shiniest) kit, and the rest would only get new stuff when the old stuff broke and caused a big problem. Those more minor regional offices are much more likely to have DOS-able faxes.

Anonymous - dig out those war diallers and find the hidden faxes in the corporate telephone number blocks. The publicised fax numbers will have to be handling fax-spam, and that might be useful for the corporation to be able to ignore these attacks. The targeting of non-public faxes is much more likely to lead to a cubicle full of used thermal paper, leading to direct costs for the corporations.

Solving one problem whilst making another is the basis of capitalism!

Industry knows the situation you have illustrated, and hence why this US government policy has come up: it has been lobbied for by the very companies that stand to benefit from the modern mainframe.

d'oh! Shit, missed that :)

But you can still commit data into /var/spool/exim4 in the form of an exim config file, and exim will run commands in that config file as root if exim is launched by root or debian-exim. Which is the case here.... isn't it?

If you can run any command on a remote system as root, then surely instead of simply elevating the privilege of an existing session, you do something else to 0wn the box? The root commands put in that config file could make a new user, give that new user root privileges, and allow them to ssh in. Probably much more easily noticed, but is still remote root.

As far as I can tell, and know, that above does allow a program to be run that is otherwise on a noexec partition. bsDaemon suggested that putting the mail spool on a noexec partition would stop this attack, but I don't think it will. I do know that I know enough to get by on Linux, but I also know I do not understand all the ins and outs of the system, so am perfectly willing to accept I am wrong about noexec partitions. I just don't think I am....

Part of TFA:

So the file setuid is set to be executable as root via exim's feature of being able to run commands from its config file. At least, I think that is what is going on. As exim will need to open port 25 I guess the program sits on disk with the suid bit set, and once port 25 is opened it drops privileges to debian-exim. But it appears exim will also execute commands from a user specified config file, and it must be doing so before it drops its privs.

I happen to have a debian virtual machine here:
lintorrent:~# ls -l `which exim4`
-rwsr-xr-x 1 root root 695968 2008-09-30 19:27 /usr/sbin/exim4

Exim is on disk with a suid of root.

From the exim manpage:

Ahhh, because the initial exploit gives the attacker a shell as debian-exim, exim won't give up root as quick as if exim -CDodgyConfigFile is run as any other local user (apart from root). The person publicising the attack is keeping some details with himself and the exim devs, so I don't know exactly how that initial shell that is mentioned is presented. Does the attacker telnet into the server, start talking in SMTP, then just gets a shell responding after sending right secret phrase?

The final piece of the attack, going to root, summed up by "and gets suid bit on /var/spool/exim4/setuid \
everything else is trivial" could have the extra sh dropped in just in front of /var/spool/exim4/setuid. I do know that most Linux distros will ignore an suid of root on a shell script, but what is written to the mail spool isn't a shell script. It looks like C (I'm no programmer), and I didn't know you could execute uncompiled code like that... and trying it here I can't get it to work. Though I think the really important bit is that Exim will execute as root commands in a config file if exim is run as root or as the exim user (debian-exim in this case).

noexec ain't bulletproof:

root@bender:/mnt# mount -o noexec,size=10M,nr_inodes=100 -t tmpfs tmpfs ./tmp/
root@bender:/mnt# cd tmp
root@bender:/mnt/tmp# echo echo blah > test.sh
root@bender:/mnt/tmp# chmod +x test.sh
root@bender:/mnt/tmp# l
total 12K
drwxrwxrwt 2 root root 80 2010-12-10 17:33 ./
drwxr-xr-x 13 root root 4.0K 2009-01-23 04:07 ../
-rwxr-xr-x 1 root root 10 2010-12-10 17:33 test.sh*
root@bender:/mnt/tmp# ./test.sh
-su: ./test.sh: Permission denied
root@bender:/mnt/tmp# sh ./test.sh
blah

And if I have understood this exploit, that extra sh could still be added.

Wasn't modem shotgunning really called PPP frame bonding or something?..... After a wikipede it looks like channel bonding or modem bonding is more appropriate.

IIRC Windows 98 supported it, and 95 didn't, though you needed an ISP that supported it too. No idea what the state of support was like in *nix back then - probably complete. NT4 always had more sophisticated dial up than 9x, so that could probably do it, and that means every NT since is able to.

Just had a mess about with a Windows 2000 VM, and that indeed does support the shotgunnage of modems. You simply add a tick next to the modem in a dial up networking networklet properties (yeah, I'm fucked if i can remember what the microsofties call those things). And playing about with the Windows settings, if your dial up server is SLIP rather than PPP, it doesn't seem to allow multilinking (what Windows seems to call modem shottying). If this is a limitation of SLIP or MS's implementation of a SLIP client, I don't know.

<blink> was always criminal, but I seem to remember <marquee> being the choice of the truly tasteless webmaster.

The mainstream computer companies are constantly banging on about how their products are easier to use, more user friendly, etc. than the competition. This is because the majority of the market (or the profitable bit) are essentially new computer users. Or are getting a computer of their own for the first time for recreational use, when they had generally only used computers in work/school for work/school stuff.

If the market was made up of experienced users, things wouldn't be sold as "easy to use", where easy to use is "possibly intuitive for those who don't get computer concepts, and will not RTFM". Cars (yeah, ignore the .sig) aren't sold as easy to use because the market for cars is made up of people who have to demonstrate they can work a car, and hence understand what features a car will and won't have, where they will probably be, and which ones to use and when. Car buyers don't need the steering wheel to be huge and green, they don't need a wizard to wind the windows down.

It wouldn't surprise me to find out that, world wide, every year there are more new users to the internet than the previous year. This means there's lots of new users who don't know how spam works, who don't know how affiliates work, who don't know how banner ads work, who don't know how Google works, who don't know about shit like those text advert links inserted into articles, etc.. These new users possibly will not think that v14gr4 is purposefully written like that, and might even think something like computer messages can suffer interference like a radio signal can.

New users also aren't used to the fonts. Slashdotters can no doubt tell the difference between l 1 I | and o O 0, and can identify the characters correctly when they aren't alongside the ones they could be confused with, but new users? No chance. v14gra might not look that odd to a new user, and so they don't spot it as suspect. You also can't buy viagra off the shelf (or at least, I don't think you can), so when presented with it human interest does kick in for some individuals.

I do sound like I am blaming new users, but I have been using the internet long enough to have seen new users come to the internet and wise up many times. Sometimes they barely wise up, sometimes they wise up very quick, but generally they stand to be manipulated the most when new to the web. There are people though who know they are limited, and so take things extra cautiously, though they are a fucking rare breed.

New users aren't necessarily used to the concepts that computers can produce copies for virtually no effort. Whilst there is a very clear cost to spam put through your front door, there isn't with email or other forms of spam, so even if the person has thought about the economics of advertising IRL, they might not get it right when it comes to computers. And so the spam could seem more legitimate than it is (not that I see any adverts as legitimate - they exist to manipulate your decision making processes, and I do not want that done to me. So I reject all advertising, everywhere).

Anyway, the answer? Education. And proper education, not asking MS what people should be learning. And not mandated computer science for all (though it should be available, if people want it). I dunno exactly what people need, but IME if some people had some basic knowledge of concepts like files and directories, programs and data, they would find using computers much less frustrating. I feel many proprietary products (and free ones that have copied paradigms) purposefully obscure what is going on so that the user becomes dependent on the proprietary product to do a job. The user can't learn what is going on, and if they did, they might change to a different product to do the same job. And that's bad for business.

Really? IR from a nuclear blast doesn't travel at c, whereas the visible light does? Does this make the UV faster than c, and the gamma radiation arrive before the bomb has even been dropped?

Your declaration of "fact" that doesn't correspond to physics seems to substantiate other comments in this discussion that drills like duck and cover were propaganda to make nuclear war more palatable by the general public.

When a government starts to listen to its people about nuclear weapons, and hasn't and isn't trying to convince the people that the weapons are necessary, the weapons tend to go away. cf South Africa, post apartheid.

It must be nice to only be able to see the world in black or white, where complex situations are either one thing, or one other.

Such a flawless logic system wouldn't ever open you up to being manipulated into supporting certain things that might not actually be in your or your peers' interests, either. Oh no.