Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Slashback

Slashback: Subterfuge, Rejoinder, Caution 174

A desire for information on Code Red and full disclosure, steganography, old game music, and an interesting bit on software patents are the reason you're reading tonight's Slashback.

Good things come in hidden pictures. Intrepid strongman Dug Song writes, in reaction to the "fairly thin" piece earlier today on Steganographic anlysis:

"The only cutting edge, practical work being done today in steganalysis and steganography is by Niels Provos, who gave a talk at HAL2001, and is also presenting at the USENIX security symposium tomorrow: He's been developing several interesting tools to do steganalysis during the course of his universal stego engine development: (http://www.outguess.org/) including stegbreak (which can detect images produced by all popular stego tools -- except outguess), crawl (which he's used to download 2 million jpeg's from eBay to analyze), discern (his distributed computing platform), etc."

Hushing up is not such a good answer sometimes ... Reader Brian McWilliams <brian@pc-radio.com< notes regarding the thread on Slashdot about the costs of full disclosure, "you might want to add an update linking to this story Newsbytes did a couple days ago about the Richard Smith posting. Contains responses from eEye & full disclosure advocates, as well as some more ammo from Smith."

Smith doesn't take kindly to being blamed for damages caused by security holes he publically aired.

So you want to patent "bacon and eggs"? I guess that's OK then. You recently read about the McAffee patent on a seemingly overbroad stretch of computing transactions. Well, it's raised quite a few eyebrows among people interested in a fair computing marketplace. geoa points to this article in which "Neil McAllister in The Gate takes too long to say we shouldn't let another monopoly in the playpen."

It was soooo old ... For everyone enjoying the recent upswing in retro computing interest, Silicon Avatar writes with another tidbit: "Although not necessarily new news, I found a link today when someone mentioned Roland MT-32 to me. Starting with Space Quest IV, Sierra games were written to use either the Adlib soundcard or the Roland MT-32 'soundcard.' Quest Studios seems to have repository of MANY of those songs, including the 'lounge tape' I once had but lost!"

Put that in your souped up underclocked emulator and smoke it.

This discussion has been archived. No new comments can be posted.

Slashback: Subterfuge, Rejoinder, Caution

Comments Filter:
  • by mikey573 ( 137933 ) on Thursday August 16, 2001 @08:33PM (#2112841) Homepage
    If you're looking for more than Sierra game music, check out the Videogame Music Archive [vgmusic.com] for other 8,000 midis for NES, SNES, Genesis, and more. :-) Now that is nostalgia!
  • I am sick of hearing about this. The systems administrators have had plenty of time to get the fix in. And it is within the full right of the bug "finder" to post and pretty much do whatever with what they found.. what if they didnt tell anyone and they decided to write CR#.. it would have been a much bigger mess..

    my $1.49...
    • If software is released with an exploitable error then damage has already been done. If someone discovers the flaw, someone else can as well. Unfortunately a whitehat's disclosure will potentially contribute more damage. However, if a whitehat discovers an exploit and keeps quiet, then a knowing blackhat can do far more widespread damage. If your doctor found cancer in you, you'd prefer he'd tell you and do the chemotherapy (with all it's ravages) than keep silent about the diagnosis.
  • With all due respect to Richard Smith, he seems to have completely missed the point of Full Disclosure.

    His argument basically boils down to "Security through Obscurity"; and anyone who has delt with security knows that this leads to no security at all.

    Yes, there is "one hell of a price tag". Chalk it up to the hidden price tag of Windows.

    What in the world do you expect of an architecture where blatant security flaws are deliberately ignored? What do you expect from a company which has publically stated that "security gets in the way"? And what do you expect from a company where the average time to release a security patch is about 60 days?

    One expects problems - serious problems. And Smith's argument is an attempt to cover these problems up. This hinders how bad the situation really is. While some people might like to stick their head in the sand and not know the truth, this does not make our infrastructure stronger.

    Quite frankly, given how insecure Microsofts' software has been historically, I would expect a strong attempt by them to try to do away with Full Disclosure. It is certainly a lot cheaper than having to fix the problems properly in the first place. While I would not accuse Mr. Smith of being a Microsoft shill, I would certainly say that he is misguided here.

    Full Disclosure helps keep Microsoft honest. Anything less is an attempt to gloss over the fact that Windows is flawed; and that anyone who uses it has to pay an additional hidden tax due to its serious security flaws.

    Please let us deal with the truth, and stick to the truth. Anything less is deceitful; nor will it stop experienced pros from exploiting the existing flaws. Lack of full disclosure will however, lull people into a false sense of security.

    And as we have seen with the Code Red worm, the price of a false sense of security can be very expensive.

  • It was soooo old ... (Score:3, Informative)

    by DuranDuran ( 252246 ) on Thursday August 16, 2001 @09:28PM (#2126109)
    Incidentally, if you're after mobile phone ringtones of themes from your fave older C64, Amiga, and PC computer games, you can check out:

    Arcade Tones [emuunlim.com]

    I'm not related to it, but it was the only place I could find the Megablast by Bomb the Bass from Xenon 2. Now all I need is someone to call me. Call, damnit!!

    DD

    • If you would be so kind as to post your Cell Phone number, I can assure you that you will recieve a high enough volume of calls that you will be able to properly test and evaluate all your ring tones. Why you might even have the added benifit of getting to have a long conversation about the very special properties that can be discovered by a carful evaluation of goats.
  • Steganography (Score:5, Informative)

    by bentini ( 161979 ) on Thursday August 16, 2001 @08:24PM (#2129941)
    I happen to be a researcher in steganography at the moment. I fear that all this work, while "practical" is not as comprehensive as you might make it sound. If you read IEEE Transactions on Information Theory, you might remember the article a couple months ago: "Quantization Index Modulation" by B. Chen and... umm... Cornwell? Sorry, I don't have it in front of me.

    The point is, this article and others have been doning some amazing work on provably good steganography and making some strides in really making stego fit to the information theory model in good ways.

    A lot of the papers cited are less "practical" experiments in steganography but rather information theory which has similar issues. The two most interesting were "writing on dirty paper" and "capacity of memory with errors". These were all about similar problems in VERY different areas.

    The great thing about theory is that it finds connections you'd never imagine.

    If you want to talk about this, my email is dbentley at stanford (it's a university, guess what the TLD is)

    • I played with stegbreak a little bit and it seems totally useless since I couldn't find any data on its false positive rate or on what conditions cause false positives.

      Since sd must report SOME false positives, any answer it gives you is pretty meaningless. The only way to be even slightly sure that someone is hiding data is to get enough positive matches on data from them that you can prove that it's unlikely for all of the positives to be false. Even then there may be some other factor, like photoshop effects that are causing false positives.

      By the way, the original article had too many topics. Why mix a bunch of unrelated stuff together?

      Rocky J Squirrel
  • Full disclosure, although it sounds like a dangerous idea, is perhaps the most effective manner for preventing attack.

    It becomes a double-edged sword, when you release a vulnerability, who will get to it first, the vendor or the crackers?

    Scenario 1: Crackers take charge. OK, for the sake of argument, let's say eEye discovers a remote root in IIS. They release the vulnerability specifics, and as soon as they do so, a cracker creates an exploit, and before you know it, it's the hottest thing on Packetstorm. The attacks spread rampant, but by this time, Microsoft has gotten wind of the threat, and released a patch. Thousands of boxen are patched by admins who keep up with the news, however thousands remain unpatched, and many have been cracked. Over the course of a few months, things get ironed out, cracked boxes get fixed, security patch is propogated everywhere.

    Scenario 2: The Secret Vulnerability The same vulnerability, discovered by eEye, instead of being released to the public, is released to Microsoft only. Microsoft creates a patch, and puts it on the internet. Few admins apply it, because there is no huge hype about a massive attack wave. This leaves a massive amount of servers open to attack. Then, out of the blue, a cracker discovers the same exploit, and writes the code to exploit it. Script kiddies everywhere are rooting IIS boxen. The threat spreads vigorously, all the while, MS claims plausibly deniability, because they already released a patch.

    The Skinny: Why one is better The second scenario is somewhat similar to the CodeRed situation. MS released a patch for the bug long before the worm spread, and people never expected it. When the wave hit, many admins flocked to the MS update site, and patched their boxen. It uses the media to propogate information about the vulnerability.

    This is why CodeRed spread so fast, because there were fewer patched boxes. If more boxes had been patched, the spread would be less severe.

    The point I am trying to make here is that we must sacrifice a certain amount of servers to any given bug before it is eliminated. The patching-frenzy is triggered by the massive infection. Such a necessity for a patch must be created for it to be propogated fully.

    I hope this is understandable, for I still may be an idiot, I have yet to confirm.

    --Ted
    • by Anonymous Coward
      "Full disclosure" is what your scenario 2 is. Ish. I don't think you'll find many people arguing for scenario 1.
      eEye discovers a vulnerability and tells MS; then, assuming MS comes up with a patch in a timely manner, eEye and MS make the vulnerability and the patch public at the same time. The question is, do they release the full details of the hole, or just that it exists.
      • We sit on it and pretend it never happened, then wonder why our servers are defaced?
        Scenario 4: I'm an admin and I can't bring down my production servers because I'm unsure of how this new, untested patch might affect my systems. Thankfully, eEye or whomever has indicated mitigating factors and released a tool to test my machine for vulnerabilities. I remove the mappings and test my machine, reassuring myself that I'm safe from this.
        I can see that you might not like "exploit" (proof of concept?) code, but for some folks (not just crackers), it's very, very valuable.
  • by Anonymous Coward on Thursday August 16, 2001 @09:22PM (#2131848)
    On Wednesday, Computer Economics, an information technology cost research firm, put the total economic pricetag of the Code Red worm at more than $2 billion, based on an estimate that 760,000 computers worldwide were infected.

    So, let me see, that makes it about $2600 per computer - I never knew that McAfee Virus Shield had gone up in price so much.

    Does Newsbytes have no fucking editor or what?
    • Re:code red costs (Score:2, Interesting)

      by FooRat ( 182725 )

      Wouldn't their estimate also include (a) average hourly rate of administrators fixing the problem multiplied by average number of hours required to correct the problem, (b) productivity loss due to downtime of systems? We rely on our NT server at work pretty heavily (SourceSafe etc), when it goes down half of our programmers either can't work, or can work but in an impaired way that wastes quite a lot of time. And programmers aren't that cheap :) If you have twenty people getting paid 20$/hour, and they all can't work for two hours, thats $800 lost, not to mention that you're probably ending up further behind on a project that was already running late anyway. Another factor is that when the server is down, people often find it a convenient excuse to take a break. Yet another thing is that for many companies, it usually takes something like CR to get the management to realise that they *need* to spend money on things like antivirus software, and you need to have someone keeping the server patched etc. Management often think they're saving money here and there, until something like this happens. So some companies may end up hiring an administrator. And often, not only will an antivirus be installed on the server, but on everyone's systems (hmm .. this is pretty much what happened at our company a few weeks back with SirCam). Installing on everyones systems takes yet more time and money and productivity loss. And of course, you need meetings - you have to have one of those meetings where everyone is present, where everyone has explained to them (by managers who now think that all email attachments should be banned, because they don't understand the technology) the dangers of using email attachments, or running unmanaged web servers, how to keep their antivirus software up to date etc. Many companies are also probably going to go purchase firewall software now too, after CR. Heck, I wouldn't be at all surprised if the cost did approach $2600. I mean, if a large company with 500 desktops suddenly decides to install antivirus software on all 500 desktops just because their server was hit with CR, thats expensive. Professional firewall software can be very expensive too, as well as the training and time required by the administrator(s) to set up and install all the stuff.

    • Re:code red costs (Score:2, Insightful)

      by evilpaul13 ( 181626 )
      McAfee wasn't even necessary, just apply the security patch and reboot.

      I guess the "how many dozen suits does it take to change a light bulb" applies to using web browsers and rebooting a server?
      • ...to leave a box wide open to exploits? Just one, and his name is listed above. Maybe he and the moron that modded his FUD "insightful" should get together and breed. The world needs a few more microencephalics. Frkn idiots...

        hubbabubba

        And don't call me no Sig-less Wonder!

        • ...to leave a box wide open to exploits? Just one, and his name is listed above. Maybe he and the moron that modded his FUD "insightful" should get together and breed. The world needs a few more microencephalics. Frkn idiots...

          FUD? Do you have a faint clue what that means? Since when did McAffee "seal a box up and prevent exploits" btw? It is a fscking antivirus that won't do anything to prevent future gaping holes in IIS or any other part of Windows 2000 from being exploited.

          It isn't like someone that can't open Internet Explorer, click Tools > Windows Update and apply some patches that are making national news for two weeks is going to keep AV definitions up to date either. I wonder how your 'briliant' post didn't get modded '-1 Flamebait.'

        • Excuse me, oh bril(l)iant evilpaul13! You may be a master of the English language *cough* and a widely-hailed security guru *wheeze*, but you also seem to be operating under the dangerously mistaken notion that all a person has to do to eradicate a CR2 infection is patch and reboot. WRONG. Who said anything about AV programs??? Not I. Now how about sending me the IP of the box you worked that particular bit of magic on? I need to own a few dozen more to pull off my scheme for global domination.

          hubbabubba

          Eighth Wonder Of The World, But Nonetheless A

      • Re:code red costs (Score:3, Interesting)

        by Syberghost ( 10557 )
        What part of "infected server" don't you understand?

        You've got a server with an open, exploitable remote hole, and evidence that it's been advertising itself to the net as "exploitable server here!" in thousands of web logs.

        If you just patch that server and go on with life, you're an idiot. You need to either do a full audit to make sure it's clean, or (far cheaper) rebuild the damn thing from a wiped HD. You don't know what somebody else has done on it.

        This is especially true if it's Code Red II.
  • Actually, Space Quest IV was not the first Sierra game to use sound. King's Quest IV was (The Perils of Rosella). Sierra almost singlehandledly created a market for sound cards by supporting the Roland MT-32 and the Adlib music cards with it.

    It response to some other messages, the Sound Blaster was predated by the Game Blaster, a.k.a. Creative Music System (I had one). As many people have pointed out, that card used crappy AM synthesis, and the Adlib sounded much better with FM synthesis. The Creative came out with the Sound Blaster, which emulated the Adlib, the CMS (initially at least, later optional), and had the DAC that permitted it to play recorded samples (anyone remember the .VOC format?) It also had basic voice synthesis.

    (Hello, my name is Dr. Sbaitso. I am here to help you. Please state whatever is on your mind freely. Our conversation will be kept in the strictest confidence. Memory contents will erased right after you leave. So, tell me about your problems.)

    Space Quest III, released shortly after KQ4, was the first game to incorporate sound samples in it's design, although they were there unoficially - Sound Blaster support was added way AFTER the release. Play the game again, and during the intro sequence, when Roger wakes up, he states "Where am i?". When I heard that a few years after I pleayed the game I nearly flipped. I couldn't believe it had been there all along! Apparently Roberta Williams wasn't too thrilled the Space Quest guys had done so much more with the sound system than she had for KQ4, she said she didn't even know that was possible when she made her game.

    Boy I feel old.
  • by doug363 ( 256267 ) on Thursday August 16, 2001 @08:19PM (#2132649)
    Recently, there has been rumors about terrorist using steganography to hide their communication and secret plans. ...[snip]...So far we have analyzed 2 Million images obtained from ebay auctions. So far not a single hidden message could be found.

    Hehe. Some people really have too much time/computing power to waste :).

    <tounge-in-cheek>
    I think it's a good thing that they haven't found anything yet, but not because I'm concerned about terrorists communicating over the Internet. Imagine some of the comments in the mainstream media: "Terrorists use Internet to send hidden messages to children!!" and "Popular Internet site taken over by terrorists!!". This would fit in nicely with senators learning about the dangers in things like file-sharing programs. Terrorists/pornographers/that sleazy guy across the road could be using Gnutella to communicate to other shady characters this very minute!
    </tounge-in-cheek>

  • by jgrumbles ( 515918 ) on Thursday August 16, 2001 @09:42PM (#2132993) Journal
    Porn isn't just for masturbation anymore, you can collaborate with fellow terrorists while fulfilling your sexual needs.
  • Gameboy stream (Score:2, Informative)

    by *deadend42* ( 303761 )
    Funny this should be brought up, I just finished getting my shoutcast stream working that plays exclusively Gameboy MIDIs. Tune in [dyndns.org].
  • by PopeAlien ( 164869 ) on Thursday August 16, 2001 @08:25PM (#2133616) Homepage Journal
    Why when I was a kid we did'nt have these fancy laptop computers and tiny digital memory cards.. Nosir, we had punchcards, and we liked 'em.. If you wanted to type up a business proposal you had to punch it up on paper cards using a hydraulic press operated by connecting cables on a patch bay ..

    And if you ever wanted to read one of those proposals you had to spread the cards out on your big-ol conference table-top and get way up on ladders to be able to read it all.. Yep.. Then some smart sumbitch invented the pneumatic chair which could get you up there to read the punchcards without the ladder.. yep. those were the days..

    I think I'm gonna go down in the basment and bang on my altair..

  • Just some thoughts (Score:3, Interesting)

    by boaworm ( 180781 ) <boaworm@gmail.com> on Thursday August 16, 2001 @09:20PM (#2133792) Homepage Journal
    I read through the abstract [164.195.100.11] description of the MCAfee Patent. I find this a bit interresting...

    ... the user directs the Internet browser to a Internet clinical services provider web site computer and logs in to the site using an identifier and a secure password...

    Does this mean... that if i dont go there with an internet browser, i "worked around" the patent ? Lets take Microsoft and their .NET software... If I'm not totally wrong here, the idea there is to provide these types of services. You run programs of the servers, and maybe pay per use. So, Microsoft just integrates a .NET browser, (instead of an internet browser), a client software that can search the MS.NET for .NET applications out there.

    Or the open-source approach ? Use a peer2peer-style software. You start GnAppliTella, enter search for "word processor", and voila, you have a bunch of servers providing you with an online word processor. And.. since the patent seems to require some password authentication, what if you provide these online software services for free ?

    What I'm trying to point out, is that this patent is only useful if you use an "internet browser". I dont really think the online future lies within the restrictions of a web browser of todays style. They are big, sometimes filled with advertisements, they crash, they have security flaws, etc etc etc. Perhaps this patent seems like a big deal right now, but my guess is that tomorrow will tell different.

  • Speaking of old MIDI stuff always made me wonder: Just how did Creative Labs become the de facto standard of sound cards back in the days of DOS gaming? Maybe I don't remember clearly, but it's not as if there was a huge gaming population back then (back then, yeah way back in the early 90's...cripes I feel old). Was music more of less an afterthought back then? Seems you'd want to make the gameplay independent of the music (not like movies, where the score plays an integral part in the emotion of the moment) just because there would be a good possibility the user wouldn't have a compatible sound card or perhaps not even a sound card at all.

    Perhaps like all things in PC gaming, the sound card only became a necessity because of Leisure Suit Larry and Wolfenstein 3D. You've either got to have it to hear sleazy softporn sounds or the screaming deaths of Nazis.

    • I remember when I first bought an 8 bits SoundBlaster to play DOOM, it was a truely unforgettable moment.
      Creative Labs became the de facto standard of sound cards by using the same marketing strategy that RedHat, MS and Heinz use.
      • > I remember when I first bought an 8 bits SoundBlaster to play DOOM, it was a truely unforgettable moment.

        Same moment, different card. Gravis Ultrasound. Totally blew me the hell away. Plugged it into my stereo and cranked it the hell up and didn't get any sleep that night. Must've pissed off the neighbors. Fuck 'em, I didn't care!!!

    • a quick timeline (Score:3, Interesting)

      by Alien54 ( 180860 )
      In general, sound support in the early days was a royal pain. This was where a lot of folks first learned to configure PCs. The problems is tech support were legendary.

      Here is a quick sound timeline:

      1987 AD-LIB soundcard released. Not widely supported until a software company, aito, released several games fully supporting AD-LIB - the word then spread how much the special sound effects and music enhanced the games. Adlib, a Canadian Company, had a virtual monopoly until 1989 when the SoundBlaster card was released.

      1989 Release of Sound Blaster Card, by Creative Labs, its success was ensured by maintaining compatibility with the widely supported AD-LIB soundcard of 1987.

      1989 World Wide Web invented by Tim Berners-Lee

      1990 MPC (Multimedia PC) Level 1 specification published by a council of companies including Microsoft and Creative Labs. This specified the minimum standards for a Multimedia IBM PC. The MPC level 1 specification originally required a 80286/12 MHz PC, but this was later increased to a 80386SX/16 MHz computer as an 80286 was realised to be inadequate. It also required a CD-ROM drive capable of 150 KB/sec (single speed) and also of Audio CD output. Companies can, after paying a fee, use the MPC logo on their products.

      1991 Linux is born

      1992 Introduction of Windows 3.1

      1992 Wolfenstein 3D released by Id Software Inc.

      1992 Sound Blaster 16 ASP Introduced.

      1993 MPC Level 2 specification introduced This was designed to allow playback of a 15 fps video in a window 320x240 pixels. The key difference is the requirement of a CD-ROM drive capable of 300KB/sec (double speed). Also with Level 2 is the requirement for products to be tested by the MPC council, making MPC Level 2 compatibility a stamp of certification.

      1994 Doom II released - Command & Conquer released - Netscape 1.0 released - Linux Kernel. version 1.0 released

      - - -

      White House Selected Vegetables Coffee Mug [radiofreenation.com]

    • Take it from me, as a screwed over owner of the original adlib....

      The reason that SB took over and Adlib died is because it had no ability to play back sampled sounds. So, it could beep and bop all day with it's crappy synthesizer, the it couldn't play speech or sound effects.

      The SB, however, emulated the adlib's synthesizer perfectly, was 5 or 10 bucks cheaper, and it could play back samples.

      Of course, game developers jumped on this, and Adlib pulled a 3DFX:

      By the time it released it's 2nd gen products, it was 6 months late to market, more expensive, and had fewer features. The SB16 had won.

      And I still had an Adlib.
    • Early 90s? Hell - Soundblasters were ruling the roost in the late 80s.Sierra originally supported two sound generation devices: Adlib and Roland MT-32.
      The Roland was for people with lots of money to spend, the Adlib was for everyone else.
      Remember the Adlib? 8bit card with FM synthesis?
      It made better music than Creative Lab's predecessor to the Sound Blaster - Sound Master maybe?
      It was an AM synthesis card and it sucked.
      Early Sound Blasters contained the AM synthesis chips, which were optional on later models
      since no one used them anyway.
      The sound blaster was basically an Adlib card ripoff - with a single mono digital channel.
      The DAC is what made the sound blaster stand out - now you could have REAL sound effects - not corny
      effects made out of various FM noises.

      Adlib fell behind since they couldn't do digital to analog - and they took WAY too long coming out with the Adlib Gold which could.
      By then Sound Blaster was the new standard - the ol' embrace and extend strategy...
      Sound Blaster really made people sit up and take notice when Prince of Persia was released - the first game I ever had with REAL sound.
      • IIRC, the Sound Blaster percursor was called Game Blaster (what's it with Creative and Blaster?)

        I remember at the time, the SB was like 3 boards in one: The Adlib, the GameBlaster, and the new one with the DAC. They were all different, unrelated chips.
    • Just how did Creative Labs become the de facto standard of sound cards back in the days of DOS gaming?

      Price, the Soundblaster was the best buy for the money. Few DOS games used sampled sounds since they took up so much space, rather they focused on MIDI music. To get the best quality music took a Roland MT32 or Sound Canvas which cost somewhere between $400 and $1000, a Soundblaster cost $130 and it could play and record audio samples. Unless you had money to burn or you were into computer music, it was the best choice.

  • by Anonymous Coward
    Last week AT&T Broadband's solution to stopping port 80 was just to completely block all incomming packet going to port 80. See the 7/30 accouncement [att.com]. Its to bad they had to cop out and filter this network wide. Its to bad I can't get speakeasy dsl in my area yet because I would have switch over in an instant.
    • My Nazi ISP has done that for years, along with ports 21, 23, 25, 110, 6000, and anything else in /etc/services which might be considered remotely useful. Unfortunatly, there is no other alternative for broadband in my area, so I just have to take it and like it.
    • I got plenty of "Code Red" attempts in my web log from the speakeasy.net domain. Maybe they should've blocked port 80!
    • If you click on the Code Red link in the 7/30 annnouncement and look about halfway down the page, they have a Q&A about filtering port 80
    • What I _don't_ hear people saying is "what happens when Code Red VII scans multiple ports and not just port 80"? The filtering of a single port is a Band-Aid(TM) and does not address the real problem: shoddy system administration.

      In fact, I'm beginning to believe that the TOS should be enforced: no public servers on non-business broadband connections. Why? Because securing your computer is a serious job that is more than the @"lookie I've got a web site"Home user can/will handle.

      Of course, I'm using my home system as a temporary back-up server (our main hosting service is experiencing trouble) while a new product gets demonstrated to potential investors/customers. I'm on an AT&T Broadband cable modem connection (fast enough for the demos) so when they filtered port 80 I reconfigured Apache to listen on 8081. No big deal. Oh, they also left 443 open, so those home users running ecommerce web apps at home (!) should have not even noticed the change. TOS? What TOS?

      On second thought, restricting a whole class of Internet users to read-only violates the Internet Way. Toss the TOS.

      • A 'business connection' will be just an excuse for higher chages with no improvement in speed, reliability or service.
      • I have to disagree. I want to buy *internet service* period. Charge me for extra bandwidth if you want (if I use it).. but don't tell me i "can't have listening TCP sockets'.

        The internet is about connecting computers, not about 'consumers' and 'servers'
        • I want to buy *internet service* period. Charge me for extra bandwidth if you want (if I use it).. but don't tell me i "can't have listening TCP sockets'.

          With this I agree.

  • Game Music (Score:2, Informative)

    by $uperjay ( 263648 )
    The problem I have with a lot of old game music is that the volume isn't tapered at the end, so it just drops off. Even better than the original music, however, are some remixes; Overclocked Remix [overclocked.org] has quite a few good ones, and they've just redone the layout on their site to make things easier to find (although the downloads can be a bit slow). I recommend the c64vibe remix of the good ole Arkanoid music, myself.

    Most of the later Squaresoft rpgs were released with full soundtracks, as well, most of which you can probably find on ebay.

    ---

  • by Anonymous Coward
    King's Quest V and VI are the best Sierra games. In fact, the best puzzle-adventure games. I'm listening to the opening music of V now and fondly remembering such zany adventures as the Ants (led by King Antony), the Yeti, and the memorable performance of Graham's line "Can I help you in any way?" which I am still quoting to thi day.
  • by Rogain ( 91755 )
    subterfudge...mmmmmm....uuuuhhhhhhhmmmmmm...so delicous!
  • Hohohoh (Score:2, Funny)

    by Anonymous Coward
    Hehe, here is the best bit [umich.edu] from the above. Heh.

    Difficult to find enough machines:
    • Started client on about 100 machines at University of Michigan without asking for persmission.
    • Received a warning about losing my computer privilages the next day.
  • Here's an ethical question for you:

    Currently, I run a script "default.ida" that, when hit, logs into the attacker's back door and reboots his server.

    What would be the ethics of making it do "deltree /y \inetpub" instead?
    • What would be the ethics of making it do "deltree /y \inetpub" instead?

      Poor, you'd hit his content.

      On the other hand, something like:

      move \inetpub \inetpub.old
      move \winnt \winnt.old
      force-reboot

      would be perfectly acceptable.

      • Yes, but technically, he needs to rebuild that server anyway or he's a menace to the net.

        It's been pointed out to me, however, that just killing inetpub would probably cause them to just recover it from a backup and go on.

        deltree /y \ is probably better.

        Our discussion degenerated from there into the possibility of overwriting their bootsector with a RedHat FTP auto-install image, then rebooting...
  • JPEGs (Score:4, Funny)

    by sheetsda ( 230887 ) <doug.sheets@gma[ ]com ['il.' in gap]> on Thursday August 16, 2001 @08:09PM (#2155088)
    which he's used to download 2 million jpeg's

    2 million jpegs? He's got my collection beat.

    • Re:JPEGs (Score:3, Funny)

      by sulli ( 195030 )
      Yeah, and I'm sure he downloaded them just to see if they used steganography...
      • Oh, come on. I bet only 35% of those were pornographic. You can't fault a researcher for having 600,000 porn pix, it's his job.
      • Occupational Hazzard. Much like any other high-risk job
      • Re:JPEGs (Score:3, Funny)

        by ozbird ( 127571 )
        Yeah, and I'm sure he downloaded them just to see if they used steganography...

        So when he was complaining about the "hidden bits" in the photos, he was talking about steganography? Silly me...
  • Hackwatch (Score:4, Informative)

    by tagishsimon ( 175038 ) on Friday August 17, 2001 @10:12AM (#2155277) Homepage
    Good to see that "Reader Brian McWilliam" was also the author of the Newsbytes story he asked you to link to.

    Odd for me to have seen much of the bones of his story already discussed at length in The Register [theregister.co.uk], on the day before McWilliam's posted his Newsbytes contribution.

    Still; I'm sure the slashdot effect will please his employers & increase his marketability.

    Here, meanwhile, is what TheReg [theregister.co.uk] thinks of mcWilliams and his half-assed understanding of things technical.

  • Especially when they took a couple of my offered arrangements to post... There's nothing more heartening to a composer getting started than a connoisseur listening to what you've created and saying, "Hey, I like that. It's pretty good. I think other people should hear this, too!" That was a couple of years ago now, and I've done several projects since then. Gotten a lot better, and learned to fix the minor errors cropping up in those early midi files. (What? You mean I have to initialize the volume in ALL the tracks?)

    I grew up playing Sierra games, and Mark Siebert et al. have given me a lot of inspiration for what I write, as well. Hours listening to looping midi themes really give you a taste for how to fit a mobius track together. I'm still glad somebody is keeping alive all the music I loved. I even bought the CD, some of us actually think it's worth a little money to hear it again as it was intended... Rolands weren't cheap then, and they aren't cheap now.

When it is not necessary to make a decision, it is necessary not to make a decision.

Working...