More later. This is a stub.
More later. This is a stub.
MOVIN' ON UP. You are on Slashdot Classic. We are starting to move into new digs in February by automatically redirecting greater numbers of you. The new site is a work in progress so Classic Slashdot will be available from the footer for several more months. As we migrate our audience, we want to hear from you to make sure that the redesigned page has all the features you expect. Find out more.
And since when did the journal lose its classic
Coined this today. Sounds like a winner - an award for the coolest application of technology. Doesn't have to be useful, just very, very cool.
Who wants post caffeine withdrawals? Not me. So I drink watered down coffee. It only takes a small amount of caffeine to kick-start someone, anything after that is wasted and makes coming down off it that much more regrettable. I also like to sleep at night, not twitch and throw all my covers on the floor.
I'm tired. Bone tired. Caffeine can't do anything about that. Need to hit the hay earlier. Stop eating junk, too.
Gonna be a challenge though. Got an Android tablet today. Want to try all sorts of fun stuff. Install Apache and PHP on it. See if I can make it wireless server. That'd be killer fun.
Ah. But need sleep.
The Economist Weighs In For Shorter Copyright Terms
I suggest we drop by the house of everyone that doesn't understand IF YOU DONT LIKE IT DON'T WATCH/READ/LISTEN TO IT, and slap them in the side of the head.
-This is the best presentation of an argument I've heard in weeks. I can't imagine why you've never run for public office.
--It would be far too exhausting. Can you imagine how many voters would need their heads slapped during the campaign?
Wanted: Campaign volunteers
Requirements: At least one hand and a desire to change the country
"Hit the IP industry where it hurts: Upside their heads."
"How can she slap? She slaps for copyright reform."
"Communicate with today's voters the way their parents once did: with a slap."
"Would you rather have 14 slaps or 95 slaps? We feel the same way about the length of copyright."
"How many slaps does it take to get to the center of a Tootsie Pop?"
-This message sponsored by Students Litigating Against Pratty Publishers
Eh. 's'been a while.
In case you were looking, KVM, I just wanted to say it was a pleasure discussing with you too. It's so rare to find someone so polite on slashdot.
I trust every person with an ounce of sanity is already arming up to defend our country against the blight that is known as Imaginary Property, but I'd like to call attention, for a moment, to a far greater corporate-based evil perpetrating society, brainwashing all the sheeple into believing its ingenious fallacies. I am referring, of course, to money stored digitally in a bank, or as I like to call it, "Imaginary Money"
I mean, it's not like they physically store your money anywhere, they just store some bits on the computer, and those bits could be easily copied for everyone's benefit. It's not any equivalent to real money, because unlike real money, it can be copied. And copying those bits is natural human behaviour. I'm not stealing anything (I SAID IT'S NOT STEALING!!!) because the person off whom I copied these bits isn't losing anything. It's a completely victimless crime.
In fact I would even go so far as to say that the mere fact that so called "bank fraud" is still illegal is IRREFUTABLE proof that the government is corrupt, that it always has been corrupt, and that it always will be corrupt, unless I go on a shooting spree with my AK-47, which I have a constitutional right, nay responsibility to own and use to blow the head off anyone I disagree with.
But first, I think I might stop by a few banks on the way...
(Copied off a post I wrote as AC. Copyright for it is completely revoked)
That's right, TPB censored my blog:
It bashed the pirate bay for their abuse of the legal system, for their hypocritical money-grubbing from ad revenue, while they helped people break their local copyright laws, and their distortion of the copyright problem. I admit it was also a test of their much touted commitment to free speech, but I never really thought they would take it down, and so quickly! It came down overnight!
Boycott baywords and the pirate bay. The MAFIAA is more committed to free speech than them these days.
Whoops! It looks like it's back up! My bad! Still, it was a little suspicious that it came down, but the site itself didn't, and even when I entered in a phony blog name, it asked me whether I wanted to create one.
This is a post exclusively for SanityInAnarchy to reply to when his NDA allows him to.
So... what's this method for beating piracy with next to no DRM that makes bit-for-bit pirated versions inferior?
Listen up, folks. I am about to share with you a practical way to own any corporate Windows network. Before you bitch, first let me tell you that I won't tell you anything you don't already know or is anything other than obvious. That said, this approach works 85-90% of the time. It is time tested. It works. I've done it many times. And if you try this outside of legitimate network vulnerability testing, I hope you go to prison for a long time. That said, on with the show...
First, the bigger the Windows network, the higher likelihood of success. You'll understand why in a moment.
Any company with greater than 100 workstations uses workstation images to deploy new machines. It's a fact of life. The trouble is, the machines are a bit too similar. No one thinks about the local Administrator account. Yes, the local admin account has the same password for every machine. This is the key. Sure, the local admin account password may change when they change the image. But more times than not, many/most/all local admin passwords will be the same.
Get access to a workstation. If you're a consultant, tell them you need one before you show up. That way, a nice fresh workstation will be waiting for you when you get there. If not, wait until everyone goes home and help yourself to one (or more). No matter. Get your hands on at least one.
Did you guess step two? Dump the hashes and crack them. If you're lucky, you'll have LANMAN hashes. If not, you'll have NT hashes. LM hashes fall faster than SCO's stock price. NT hashes can be cracked, but you better be prepared. Rainbow tables work for NT hashes too. Maybe you'll get lucky. Maybe you'll have a few hundred gigs of NT hash Rainbow tables. Whatever. Chances are good you'll have LANMAN hashes. (For you auditors out there, that's finding number two. Number one was common passwords for local Admin accounts.)
Step three is to see how many machines you can access with your new local admin password. Look up how to attach to other machines from the command line. Write a few batch files. You can test your newly stolen credentials against a couple of hundred machines in a few hours.
Find your Windows admin users. They may be smart enough to change the local admin passwords. With a big enough comapny, they won't all be smart enough. Keep plugging and keep good notes.
Review the file systems of the machines you can access. There may be some good nuggets inside. Maybe you'll find router passwords, maybe you'll find love letters to the admin's mistress. It's all valuable. (Keep good notes.)
When you find a Windows admin's workstation, bug it. You want to record all authentication sessions. There are many good keystroke loggers out there. If your paranoid, don't use them. Write your own.
Retrieve your Domain Admin creds and have fun. Make a new domain admin account. Call it something that fits in with the present members of the domain admin group. If the group is large (finding number four for you auditors), just make an account that looks natural. If not, make one that mimics another legit account. Many admins have extra accounts for whatever reason. If you see an account "bwilson", try "bwilson2". The admins will naturally think it belongs to Bill. Why did Bill make another account? Believe me, no one will ask him.
Change your mac address for each session. Better yet, change your network port.
Use another workstation you already own. Use an encrypted volume for your activities. Have the volume close after ten minutes of inactivity.
Steal the mac address of a lonely network printer. Use the printer's network jack too. Printers don't use 802.11x.
Use a wireless bridge. If they can't find you connected to a port, they can't find you.
Variations on a theme:
Tell the admin about the common local admin passwords. Chances are, he will make a job to run once a month to change all the local admin passwords. If the local admin passwords weren't all the same before, they are now. Be sure to thank him for making the vulnerability even bigger than it was before. (Hey Rob-The-Windows-Security-Guru: That one's for you, dumbass!)
Get stuck on a NetWare network? Consider yourself lucky. NetWare caches NDS credentials down to the local machine as a local user by default. Crack the local and you have NDS creds. Even if the NDS account is deleted, the local account stays, and may get you access to any machine the NDS user accessed when the account was active. I've accessed local workstations with two year old expired NDS accounts. Thanks Novell! (See what happens when you make interoperability with Microsoft a higher concern than security? With moves like that, you deserve to have Bill Gates eat your lunch.)
I will update this post whenever I feel like it, which may be never. If you have something to say about it, feel free.
[Here's a 2nd try, as the first attempt evidently went to bit heaven.]
Saturnday night I went out with other Santa Cruz Astronomy Club members to the Bonny Doon airfield. I live about 15 miles from the site and was a bit put off when upon unpacking found the power cord had left its storage compartment on my portable power pack. I'd been there before, leaving it home, but this time it appears well and truly lost. (Sunday I picked up a new cord at Radio Shack and used a tie-strip to secure it to the eq. mount.)
So muscling the LXD-75 10 inch SNT around was the order of the night. Not terrible, but it meant no tracking, which is the feature I depend upon most. Around midnight Orion cleared the trees and I swung the tube over to examine the Orion Nebula (M42), in Orion's sword. It's one of my favourite sights and this evening would be one of the best for viewing.
Early on I could easily make out the four brightest stars in Trapesium and continued to check up as Orion progressed higher. About 1:00 AM I was easily able to make out five stars, by 1:30 AM I was able to clearly see six, which is the full known compliment of blue stars in that stellar nursery. Cue massive geek astronomical excitement!
After a bit I swung the scope over to Fornax and Eridanus to scan for galaxies, which were in abundance. About 2:00 AM I was still wide awake, thanks to my 1L Sigg full of green tea, but knew I'd need to head home eventually or be the worse for it while unpacking and transporting all this wonderful dead weight back into the house. After returning home I was still pretty awake and enthusiastic enough to plan my viewing for the next week while downing some soup.
Sunday proved to be a difficult adjustment, even with the extra hour to sleep in.
MAC user's dynamic debugging list evaluator? Never heard of that.