| |
| Current Topic: Miscellaneous |
|
Moving large blocks using primitive materials |
|
|
|---|
| Topic: Miscellaneous |
10:00 pm EDT, Apr 14, 2008 |
Wally Wallington has demonstrated that he can lift a Stonehenge-sized pillar weighing 22,000 lbs and moved a barn over 300 ft. What makes this so special is that he does it using only himself, gravity, and his incredible ingenuity. Moving large blocks using primitive materials |
|
OpenDNS Autofix: Very Bad Idea (tm) |
|
|
|---|
| Topic: Miscellaneous |
3:49 pm EDT, Jul 13, 2006 |
In return, sites like the notoriously sluggish MySpace.com load significantly faster, thanks to the way OpenDNS caches IP addresses. Users who type "wordpres.sorg" or "craigslist.or" into their browser's address field are automatically routed to the correct address, instead of getting a 404 error page.
This is such a very bad idea. Any time you have a computer try to figure out what you meant at the end of a connection, you are creating a serious security vulnerability. Prime example: Apache's mod_speling (SIC). If I send a request for indexh.tml, mod_speling detects the mistake and will serve back index.html. The problem is any security products like an IDS/IPS won't have this intelligence to try and "fix" the request before they analyze it. The IDS/IPS simply sees and logs a request for indexh.tml Modspelling, like this feature in OpenDNS, allows an attacker to side step the attack signatures on a IDS/IPS to exploit a site because the web server will "fix" the attack once it reaches its target. OpenDNS Autofix: Very Bad Idea (tm) |
|
MySpace case opens security can of worms [printer-friendly] | The Register |
|
|
|---|
| Topic: Miscellaneous |
3:38 pm EDT, Jul 13, 2006 |
...paradoxically, the closer we get to systems that achieve a reasonable score in keeping evildoers out, the more vulnerable we are to attack from those evildoers who bypass our filters. So when the Attorney General of a US State speaks of requiring MySpace to achieve giant strides, it's worth suggesting that he's not only being unreasonable; he may even be making things worse. The simple argument is that if parents think MySpace is a safe place to leave their children alone, they are likely to leave them far more vulnerable to the predators who do break in, than if they recognise the reality of the situation. That reality is that predators will break in. The way to deal with it is to supervise and monitor, so that people know they are being watched - exactly the same way you stop fights in the school playground. It's not rocket science.
Hear hear. MySpace case opens security can of worms [printer-friendly] | The Register |
|
invisiblethings: Introducing Blue Pill |
|
|
|---|
| Topic: Miscellaneous |
3:25 pm EDT, Jul 13, 2006 |
Interesting... I know some of y'all MSers will be at Blackhat. I expect a report :) -k invisiblethings: Introducing Blue Pill |
|
Unwise Microwave Oven Experiments |
|
|
|---|
| Topic: Miscellaneous |
4:37 pm EDT, Jun 26, 2006 |
] Are you a kid? Does your microwave oven belong to your
] parents? If so, then don't even THINK about trying any of
] these experiments. I'm serious. If I wreck my microwave
] oven, I can buy another. Also, I'm a professional
] electrical engineer. I know enough physics and RF effects
] to take correct safety precautions when I'm
] experimenting. But you don't know the precautions, so you
] should be smart: read and enjoy my writing, but don't
] duplicate my tests unless you grow up to become an
] electronics tech, engineer, etc., and buy your OWN
] microwave oven. Yes! Unwise Microwave Oven Experiments |
|
Special forces to use strap-on 'Batwings' | the Daily Mail |
|
|
|---|
| Topic: Miscellaneous |
11:39 am EDT, Jun 14, 2006 |
Elite special forces troops being dropped behind enemy lines on covert missions are to ditch their traditional parachutes in favour of strap-on stealth wings. The lightweight carbon fibre mono-wings will allow them to jump from high altitudes and then glide 120 miles or more before landing - making them almost impossible to spot, as their aircraft can avoid flying anywhere near the target.
Special forces to use strap-on 'Batwings' | the Daily Mail |
|
RE: Fried Fish: Mozilla Ping Feature |
|
|
|---|
| Topic: Miscellaneous |
5:37 pm EST, Jan 18, 2006 |
Decius wrote: It is now possible to define a ping attribute on anchor and area tags. When a user follows a link via one of these tags, the browser will send notification pings to the specified URLs after following the link.
If IE picks this up, MemeStreams could use it...
Viva la Smurf Attack! I have to wonder if the Mozilla developers have fully considered the implications of this feature. With browser redirect tracking, the company providing the content bears the burden of processing; with the track back mechanism implemented in the client, no such limitation exists. This by itself would not necessarily be a problem, except for the fact that the developers appear to be supporting MULTIPLE track back locations. This is Bad. Consider for a moment what kind of havoc that could be reaped by compromising a banner ad server to include a list of track back urls that all resolve to a single, unsuspecting, network. Someone just got a free army of DDoS clients, all courtesy of your friendly web browser. If one considers the implications of this feature being implemented in an html rendering engine, then the consequences of a spammer taking advantage of this "feature" become truly frightening. Fortunately, all is not lost for this technology. If the track back ping implementation is limited to a single URI, then its potential for abuse becomes equivalent to that of the IMG SRC tag. RE: Fried Fish: Mozilla Ping Feature |
|
Man peed way out of avalanche |
|
|
|---|
| Topic: Miscellaneous |
3:16 pm EST, Jan 28, 2005 |
A Slovak man trapped in his car under an avalanche freed himself by drinking 60 bottles of beer... [...] He said: "I was scooping the snow from above me and packing it down below the window, and then I peed on it to melt it. It was hard and now my kidneys and liver hurt. But I'm glad the beer I took on holiday turned out to be useful and I managed to get out of there." Update: false, but definitely something that could have been in Strange Brew Man peed way out of avalanche |
|
RE: Onion Routing 2.0: tor |
|
|
|---|
| Topic: Miscellaneous |
3:44 pm EST, Jan 7, 2005 |
Acidus wrote:
] ] The complex version: Onion Routing is a connection-oriented
] ] anonymizing communication service. Users choose a
] ] source-routed path through a set of nodes, and negotiate a
] ] "virtual circuit" through the network, in which each node
] ] knows its predecessor and successor, but no others. Traffic
] ] flowing down the circuit is unwrapped by a symmetric key at
] ] each node, which reveals the downstream node.
]
] What about traffic analysis? While I don't know much about
] this, I had a talk about this very same thing with Decius not
] too long ago. Don't you need some type of anonymous cloud
] takes and "holds" your request for some random length of time?
] That way if enough people are inject requests into the cloud,
] there is no way to match an incoming transmition cloud with
] one leaving the cloud. It's a performance tradeoff, and it is thought that even the typical padding and reordering is not sufficient. The design document has this to say: No mixing, padding, or traffic shaping (yet): Onion Routing originally called for batching and reordering cells as they arrived, assumed padding between ORs, and in later designs added padding between onion proxies (users) and ORs [27,41]. Tradeoffs between padding protection and cost were discussed, and traffic shaping algorithms were theorized [49] to provide good security without expensive padding, but no concrete padding scheme was suggested. Recent research [1] and deployment experience [4] suggest that this level of resource use is not practical or economical; and even full link padding is still vulnerable [33]. Thus, until we have a proven and convenient design for traffic shaping or low-latency mixing that improves anonymity against a realistic adversary, we leave these strategies out. They suggest (but dont say outright) that reordering & batching may occur at some point. It would certainly give me more warm fuzzies if it did. http://freehaven.net/tor/cvs/doc/design-paper/tor-design.html makes for an interesting read... RE: Onion Routing 2.0: tor |
|
|
|---|
| Topic: Miscellaneous |
1:43 pm EDT, Sep 18, 2003 |
Gremlin wrote:
] The phaomnneil pweor of the hmuan mnid.
]
] Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it
] deosn't mttaer in waht oredr the ltteers in a wrod
] are, the olny iprmoetnt tihng is taht the frist and
] lsat ltteer be at the rghit pclae. The rset can be a
] total mses and you can sitll raed it wouthit porbelm.
] Tihs is bcuseae the huamn mnid deos not raed ervey
] lteter by istlef, but the wrod as a wlohe.
]
] Fcuknig amzanig, huh? Ian Grigg pointed out on the cryptography list that this inner transposition technique could be used as a simple steganographic channel:
http://www.mail-archive.com/cryptography@metzdowd.com/msg00853.html The suggestion was shortly followed by the following post from Peter Wayner: Changing around the order of a list of items is a pretty cool way to hide information. You can hide about log_2(n!) bits of information in a list of n items. In the case of words, you can move around the inner letters as long as there are no duplicates. If you want to experiment with the basic technique, check out this web page with an applet I wrote. http://www.wayner.org/books/discrypt2/sorted.php RE: naet ltilte ticrk! |
|
