Too Stupid to Surf? - 09/25/03 05:16 AM
![[Linked Image]](https://www.electrical-contractor.net/ubb/eek.gif)
Re: Too Stupid to Surf? - 09/25/03 07:25 AM
That link gave me a full screen pop-up ad for Verizon when I closed it. The whole concept presented is truly unmanageable. Let's face it, the internet is a global free-for-all. Let the user beware.
Re: Too Stupid to Surf? - 09/25/03 10:56 AM
I agree.
From the beginning there has been no law governing the internet. They tried, and by the time it was possible it was too late. No one can police it now, it is too big and too fluid.
There are existing laws being enforced dealing with hackers costing companies money, the 'pervert stuff', fraud, and violations of copyright law, etc.
These are not convictions on internet use, but convictions on what the internet has been used for.
I feel there have never been laws to govern the internet, and I hope it stays that way.
It is harmless. If you don't like what it does to your sys, then don't go online with your favourite machine, stupid!
From the beginning there has been no law governing the internet. They tried, and by the time it was possible it was too late. No one can police it now, it is too big and too fluid.
There are existing laws being enforced dealing with hackers costing companies money, the 'pervert stuff', fraud, and violations of copyright law, etc.
These are not convictions on internet use, but convictions on what the internet has been used for.
I feel there have never been laws to govern the internet, and I hope it stays that way.
It is harmless. If you don't like what it does to your sys, then don't go online with your favourite machine, stupid!
Re: Too Stupid to Surf? - 09/25/03 11:10 AM
99% of the problem with viruses, worms, et al is due to you-know-who writing software that allows this to happen.
If there is going to be licensing and regulation (and as something of a libertarian, I'd say that's a big "if") it would be better aimed at making the software giants improve their trashy programs and at getting rid of all the pop-up junk and other garbage that is on the net.
The drawback would be that any sort of official regulation to do that would undoubtedly stifle the open and free nature of the Internet for everyone else too.
If there is going to be licensing and regulation (and as something of a libertarian, I'd say that's a big "if") it would be better aimed at making the software giants improve their trashy programs and at getting rid of all the pop-up junk and other garbage that is on the net.
The drawback would be that any sort of official regulation to do that would undoubtedly stifle the open and free nature of the Internet for everyone else too.
Re: Too Stupid to Surf? - 09/25/03 11:39 AM
arlighty then, just for the libertarian constiutionalists , to which i side also.....
[This message has been edited by sparky (edited 09-25-2003).]
[This message has been edited by sparky (edited 09-25-2003).]
Re: Too Stupid to Surf? - 09/25/03 12:25 PM
pauluk, I agree with your point.
Is it true that 'certain' new OS systems from 'said company', have to link to the net every month or so for 'licence verification'? If the link doesn't verify, then your OS fails?
Is it true that 'certain' new OS systems from 'said company', have to link to the net every month or so for 'licence verification'? If the link doesn't verify, then your OS fails?
Re: Too Stupid to Surf? - 09/25/03 04:19 PM
Quote
99% of the problem with viruses, worms, et al is due to you-know-who writing software that allows this to happen.
I think it depends on how you look at it. I'm more angry with the people that write and try to spread these worms and virusses and I think that's where the blame really belongs. The OS or it's creators aren't really causing these problems other people are.
I think it's true that the more viable solution is to make the OS more secure, but's that's only because there's no way to prevent our fellow man from trying to hurt others. Don't we complain about having to "dumb down" the Electrical Systems we install and follow codes that seem to try to protect the consumer from their own stupidity? In reality isn't blaming the OS for allowing viruses etc. like blaming Clothing manufacturers because their products aren't bulletproof?
Bill
Re: Too Stupid to Surf? - 09/25/03 04:48 PM
Blaming an OS for allowing viruses is like blaming a homeowner for causing burglaries by not having a strong enough lock on the door.
Re: Too Stupid to Surf? - 09/25/03 05:58 PM
I can't say that I agree with the remedies offered in the story, but I think it raises some important points.
I think it's time for more Computer-based instruction to become part of school curriculum and not just as an elective or optional area of study.
Bill
I think it's time for more Computer-based instruction to become part of school curriculum and not just as an elective or optional area of study.
Bill
Re: Too Stupid to Surf? - 09/26/03 08:57 AM
Quote
. I'm more angry with the people that write and try to spread these worms and virusses and I think that's where the blame really belongs. The OS or it's creators aren't really causing these problems other people are.
If we have to accept the reality that these people are out there, however, what can be done about it? We could try to implement a system which tracks every user so that anyone sending this garbage can be traced and suitably dealt with, but then we're back to imposing such a level of control that we'd risk stifling the natural free-flow of information. Such a system would also be tremendously difficult to implement, leaving aside concerns over privacy and civil liberties.
Re: Too Stupid to Surf? - 09/27/03 06:26 AM
Along the lines of what Paul is talking about, it's obvious that the target of many disgruntled (or wannabe) hackers is the OS of the Pacific Northwest - which came about from a marketing angle (mostly fueled by the "new end user" market structure).
Marketing Angle includes the entire story - from the IBM proposal, to the IT Media craze.
(this would make a nice threaded story, very interresting events involved in those early days - including Xerox PARC, Apple II, and the cloning of the ROM BIOS!).
I have yet to hear of hard core WORMS and Trojan Horses that affect machines running Linux, but maybe the info is kept quiet? <enter X-Files mode>
Very seldomly is anything heard which targets the Mac OS.
The last few (and very crippling) WORMS were hacked to target and abuse the holes in the "Not-Mentioned" OS's Security, and work via backdoor.
This really sucks, because it takes advantage of innocent unsuspecting end users- the ones which are not responsible for whatever anger is being vented; and they end up either being totally screwed over with rampant Viral scripts, unwillingly adding to the problem via E-Mail or being the infected host on a LAN (which screws up the whole LAN), along with requiring the services of Technical Personnel to fix everything!
It also makes everything for us power users very difficult! WORMS clogging up the already thin pipelines connecting E-Mail Robots; all the trouble from Harvesters, Spambots; and on and on!
Even worse is the trendy Virus Scanning Software, and the needs of Firewalls! Everyone is getting rich from clowns sending out annoying applets, however it's us who suffer!
Sent a .zip file to work (work uses AOL), and when I went to download it, the default Virus Scanning Applet killed my zip attachment!
All that was left were parameters in the zip file!
Extremely irritating! Also a major PITA since I needed the files that day early AM, and had to get them during Lunch!
It's easy to get the attachment without the Virus check, but I wanted to see what would happen.
This experiment answered a ton of "Whaddaheck???" questions I had, from similar situations of E-Mailed attached zip files to co-workers (and others using AOL). Still cannot get most of them to bypass the Virus Alert - no matter how much security I include!
(security being file size(s), name, sig files, indicating text, and "pre" messages which described following message with attachment).
They will not bypass the virus scan because they are afraid to "catch a virus".
Oh well, that's what "Sneakernet" is for, huh?![[Linked Image]](https://www.electrical-contractor.net/ubb/wink.gif)
Said it once, and will say it again:
If I had the talent and scripting skills of the "pro" hackers, I would write so many kick butt apps for daily use!
Not one of them would be malicious at all!
Scott35
Marketing Angle includes the entire story - from the IBM proposal, to the IT Media craze.
(this would make a nice threaded story, very interresting events involved in those early days - including Xerox PARC, Apple II, and the cloning of the ROM BIOS!).
I have yet to hear of hard core WORMS and Trojan Horses that affect machines running Linux, but maybe the info is kept quiet? <enter X-Files mode>
Very seldomly is anything heard which targets the Mac OS.
The last few (and very crippling) WORMS were hacked to target and abuse the holes in the "Not-Mentioned" OS's Security, and work via backdoor.
This really sucks, because it takes advantage of innocent unsuspecting end users- the ones which are not responsible for whatever anger is being vented; and they end up either being totally screwed over with rampant Viral scripts, unwillingly adding to the problem via E-Mail or being the infected host on a LAN (which screws up the whole LAN), along with requiring the services of Technical Personnel to fix everything!
It also makes everything for us power users very difficult! WORMS clogging up the already thin pipelines connecting E-Mail Robots; all the trouble from Harvesters, Spambots; and on and on!
Even worse is the trendy Virus Scanning Software, and the needs of Firewalls! Everyone is getting rich from clowns sending out annoying applets, however it's us who suffer!
Sent a .zip file to work (work uses AOL), and when I went to download it, the default Virus Scanning Applet killed my zip attachment!
All that was left were parameters in the zip file!
Extremely irritating! Also a major PITA since I needed the files that day early AM, and had to get them during Lunch!
It's easy to get the attachment without the Virus check, but I wanted to see what would happen.
This experiment answered a ton of "Whaddaheck???" questions I had, from similar situations of E-Mailed attached zip files to co-workers (and others using AOL). Still cannot get most of them to bypass the Virus Alert - no matter how much security I include!
(security being file size(s), name, sig files, indicating text, and "pre" messages which described following message with attachment).
They will not bypass the virus scan because they are afraid to "catch a virus".
Oh well, that's what "Sneakernet" is for, huh?
Said it once, and will say it again:
If I had the talent and scripting skills of the "pro" hackers, I would write so many kick butt apps for daily use!
Not one of them would be malicious at all!
Scott35
Re: Too Stupid to Surf? - 09/28/03 04:25 PM
I feel that the os vendors should be held accountable for major security holes left by inattentive programmers and simple apathy, win 2k was released with ms having over 1000 KNOW security issues and bugs, not to mention how many have come to light over the last three years since its release. MS is also slow to respond to any issues, and even ignoring some. If you take a look at open source software, mainly Linux and some Unix, when there is a security issue discovered it is usually patched within a day or two, especially the linux community.
Most people who write the viruses are bored programmers that want to see if they can, most have no payload and go unnoticed, but there are quite a few with nasty payloads and can go undetected. The software is out there to allow somebody with minimal programming experience to download a virus creation suite and wreak havoc on a company, college, or school lan/man/wan. I agree that it is sad that we all have to have, at a minium, firewall software and anti-virus running at all times. To equate it to the real world we all have locks on our front doors and most people get a flu or mumps shot. The only way to stay on top of all of it is to get in the "hacker community", or watch from a safe distance, just as there is this board for electrical questions and problems there are several boards and thousands of web sites with hacking resources. I spent six months as a network administrator and one of my biggest issues was network security, staying on top of current issues and threats and making sure that my firewalls could hold up to an attack, I follow this at home as well, I have one linux PC sitting next to me that its only job is to filter all my network traffic, the equivelent of having a deadbolt on the front door, but keeping up on the current issues you make sure that the back doo and side door are locked as well. There are a number of resources for helping you stay on top, CERT (Computer emergency response team)sends out e-mails any time they find a security issue in anything, most anti-virus vendors have their own "labs" and most send out notifications if you sign up for them. If anybody has any questions feel free to e-mail me directly.
Jim
Most people who write the viruses are bored programmers that want to see if they can, most have no payload and go unnoticed, but there are quite a few with nasty payloads and can go undetected. The software is out there to allow somebody with minimal programming experience to download a virus creation suite and wreak havoc on a company, college, or school lan/man/wan. I agree that it is sad that we all have to have, at a minium, firewall software and anti-virus running at all times. To equate it to the real world we all have locks on our front doors and most people get a flu or mumps shot. The only way to stay on top of all of it is to get in the "hacker community", or watch from a safe distance, just as there is this board for electrical questions and problems there are several boards and thousands of web sites with hacking resources. I spent six months as a network administrator and one of my biggest issues was network security, staying on top of current issues and threats and making sure that my firewalls could hold up to an attack, I follow this at home as well, I have one linux PC sitting next to me that its only job is to filter all my network traffic, the equivelent of having a deadbolt on the front door, but keeping up on the current issues you make sure that the back doo and side door are locked as well. There are a number of resources for helping you stay on top, CERT (Computer emergency response team)sends out e-mails any time they find a security issue in anything, most anti-virus vendors have their own "labs" and most send out notifications if you sign up for them. If anybody has any questions feel free to e-mail me directly.
Jim
Re: Too Stupid to Surf? - 09/30/03 07:42 PM
Most hackers (I'm using this term in its original, non-malicious meaning) like to play around with systems to see what can be done and how security can be defeated. I certainly did that years ago, although I hasten to add that I never did so with any intent to cause havoc, it was just the fun of "Beating the system."
Here's my confession:
Back when I was around 13 (that would have been 1979) my school had an account with the local technical college to use their PDP-11/40. The PDP had numerous terminals around the building, including a large number of ASR33 teletypes in one room where we could go most evenings, plus about a dozen dial-up lines used for the schools and other remote sites.
Under the operating system they used, all the TTY lines were assigned numbers which could be opened as files if not already in use. In that big TTY room at the college, all the 25-way D-connector outlets that the teletypes plugged into were very conveniently Dymo-taped with the KB numbers, and it didn't take long to sketch out a map of the room. Similarly, it didn't take too long to deduce the KB numbers assigned to the modems.
I wrote a short program which would open a channel to any unlocked TTY port and send appropriate messages, written to imitate the standard OS responses ("WELCOME TO RSTS/E" etc.).
When at the college, I'd pick a vacant terminal (all could be seen from anywhere else in the room), seize it with my program and then wait for someone to sit down and start to log in. The messages they got looked just like the real system prompts, so they would enter their account number and password. To avoid suspicions, my program gave some sort of response along the lines of "SYSTEM ERROR -- PLEASE REPEAT LOGIN" and then drop the link so that they would then log in for real. By that time I already had their password, of course.![[Linked Image]](https://www.electrical-contractor.net/ubb/biggrin.gif)
As I said, it was never used for mischief, mostly just for the fun of seeing what the guys at rival high schools were doing!
It's amazing also how much security can be compromised by just a little social engineering. A few years later I put the college computer center staff to the test. I was living 300 miles away by then, and thought it would be fun to see what the new students at my old school were up to.
I called the computer center voice line: "Hello, this is Mr. ---- from ---- High School. I'm having trouble getting into account 37,0. Th password used to be ----, but I think our department head might have just changed it and unfortunately he's not here today. Any chance you could check for me?"
"Just a moment.... The current password is ----."
It really was that simple, although I guess the response might have been different had I not given the correct account number for the school. And that was 20 odd years ago, before computer security became a big issue.
Here's my confession:
Back when I was around 13 (that would have been 1979) my school had an account with the local technical college to use their PDP-11/40. The PDP had numerous terminals around the building, including a large number of ASR33 teletypes in one room where we could go most evenings, plus about a dozen dial-up lines used for the schools and other remote sites.
Under the operating system they used, all the TTY lines were assigned numbers which could be opened as files if not already in use. In that big TTY room at the college, all the 25-way D-connector outlets that the teletypes plugged into were very conveniently Dymo-taped with the KB numbers, and it didn't take long to sketch out a map of the room. Similarly, it didn't take too long to deduce the KB numbers assigned to the modems.
I wrote a short program which would open a channel to any unlocked TTY port and send appropriate messages, written to imitate the standard OS responses ("WELCOME TO RSTS/E" etc.).
When at the college, I'd pick a vacant terminal (all could be seen from anywhere else in the room), seize it with my program and then wait for someone to sit down and start to log in. The messages they got looked just like the real system prompts, so they would enter their account number and password. To avoid suspicions, my program gave some sort of response along the lines of "SYSTEM ERROR -- PLEASE REPEAT LOGIN" and then drop the link so that they would then log in for real. By that time I already had their password, of course.
As I said, it was never used for mischief, mostly just for the fun of seeing what the guys at rival high schools were doing!
It's amazing also how much security can be compromised by just a little social engineering. A few years later I put the college computer center staff to the test. I was living 300 miles away by then, and thought it would be fun to see what the new students at my old school were up to.
I called the computer center voice line: "Hello, this is Mr. ---- from ---- High School. I'm having trouble getting into account 37,0. Th password used to be ----, but I think our department head might have just changed it and unfortunately he's not here today. Any chance you could check for me?"
"Just a moment.... The current password is ----."
It really was that simple, although I guess the response might have been different had I not given the correct account number for the school. And that was 20 odd years ago, before computer security became a big issue.