"Most college networks require a login to use- even from your personal computer(s)."

Actually, not a login, for the simple reason that that breaks all non-browser devices. They require registration of your device, but if they required a login then no Playstations, Xboxes, or iPhones would work, because you can't login with an email client or a video game. Once a machine is registered (Identified by the closest thing there is to unique, the MAC)then all the bad guy needs to do is check to make sure the target machine is not on at the moment, and spoof the MAC address. The traffic will be logged as belong to the poor innocent spoofee. And yeah, it may be less than 1% that know how to do it, but a single innocent person be persecuted or prosecuted is too many.

Managed switches don't help prevent MAC address spoofing unless you actually allow a MAC to only connect through the port it first connected on, which kinda gets in the way of people roaming on wifi. Yes there are actually wireless solutions that will approximate physical location by access point triangulation, but good luck in a busy spot. Actually identifying a specific computer on an untrusted network (which they all are these days) is extremely difficult. Knowing what port a particular machine is plugged into is easy, but knowing what machine it is is not. Some wireless solutions now also backhaul all traffic to a wireless controller, so when you roam your connection point to the network doesn't change, but like I said, specifically locating a wireless machine is also next to impossible in a busy public spot.

The problem with MAC spoofing is the incredibly difficult time the person who gets spoofed will have proving their innocence. And of course the legal types on the plaintiffs side will attempt to tell a jury that a MAC address uniquely identifies a machine, and if the poor innocent spoofee gets a normal non tech-savvy lawyer they will probably succeed.

Did I miss something? Have the people coding Ares implemented a new protocol, or is this college 5 years behind? Of course, having actually been involved in writing software to track computers on a college campus I am also curious how the college is fingerprinting machines to detect MAC address spoofing, but since this is a press release I wouldn't expect any technically informative information.

(I think it could of meant paving the way.)????

(I think it could have meant "could have meant")

For Pete's sake, if you are going to criticize accidental errors at least try to avoid stupid ones.

Netbook loaded with CS4?? Wow I didn't realize how far that term had been stretched. I thought netbooks were supposed to be low power little internet gadgets.

For all the players putting their arms around eachother and kicking everyone else in the shins. At least that sounds like what the poster was talking about.

It seems to me you either mistyped an existing domain, or correctly typed a nonexistant domain, unless of course you actually meant to type a different nonexistant domain :-)

hmm, Google, when I was ten... not likely.

umm, doood, why is PS not working when you swap out one of its DLLs with a "hacked" version some evidence of DRM? Adobe is perfectly capable of creating their own convoluted licensing enforcement without Microsoft getting involved.

And I must ask, if you are looping the output into the input of your sound card (which you seem to be doing) do you even have the competence to ensure you don't get good old fashioned feedback? This "story" really reminds me of some of the stuff I overhear from the seventh graders at the school where I work.

Do the Slashdot rubber stampers even read this stuff before putting it on the front page? Or is this some devious troll because we all quit reading idle?

You still need to do homework. I realized a while ago that I not only lack a good understanding of potential weaknesses in my sites, but I also lack the knowledge needed to actually do the forensic log analysis if I was to actually get exploited. Along the lines of the original post, what good introductory tools are there that relate to forensic log analysis?

Mark Twain did not say that first, in fact, he attributed it (incorrectly) to Disraeli, who also did not say it. It was apparently said by another Brit politician, giving a speech in the US, I would look up his name, but I gotta go to work now.

--
"Proximity to wonder has blunted our perception and appreciation of it" --Tim Hartnell in 'Exploring ARTIFICIAL INTELLIGENCE ON YOUR COMMODORE 64'

stupid slashdot sig length limit..bleh...