[Tfug] Fwd: Re: [Bulk] Re: Thumb drive sizes vere6u7u

Bender bender at bendertherobot.com
Wed Dec 5 11:10:50 MST 2012 

DECwriters - what year was that?

----- Original Message ----- 
From: "Bexley Hall" <bexley401 at yahoo.com>
To: "Tucson Free Unix Group" <tfug at tfug.org>
Sent: Monday, December 03, 2012 11:29 PM
Subject: [Tfug] Fwd: Re: [Bulk] Re: Thumb drive sizes qygu1y7a


> Hi Kramer,
> 
> On 12/3/2012 8:04 PM, Kramer Lee wrote:
>> I should add that I downloaded nothing from that site (by clicking on
>> anything, I knew it was wrong as it loaded, but just going to the site
>> was enough).  And I was looking for an ECS motherboard BIOS update
>> using a Dell computer and it was the Dell that was reflashed.
> 
> If you have java/script enabled, simply going to the page causes
> the script on that page (or referenced by that page) to run.
> 
> Or, the site exploited a vulnerability in your browser/OS/configuration
> that allowed it to inject code for your browser (or, OS) to execute
> on it's behalf.  The code could have been targeted to your browser,
> your OS or your hardware platform.  The code could even have engaged
> in a *dialog* with the server:  "This appears to be a Dell computer;
> (by examining "well-known" files, etc.) Please send me any malware
> that is suitable for exploitation, here..."
> 
> [These are "drive-by" attacks.]
> 
> "Bugs"/exploits happen because the developer (or tester) had a
> limited imagination (and/or a poor skillset!).  The easiest
> way to *break* (hack, compromise, etc.) a piece of software
> (or, even a generic "device" -- electronic or otherwise) is to
> ask yourself, "What does this thing NOT expect me to do?" -- then
> *do* it!  :>  If it is designed well, it will just complain
> (or, inconvenience you in some way -- like log you out, etc.).
> 
> [We had a computer system at school that was created/written
> by the "professor" for this particular class in which he
> *used* the system.  "Not ready for prime time"  <grin>  A
> favorite pastime was to crash the system late at night (when
> there was no "help" available) the evening before homework
> was due -- i.e., so you are targeting The Procrastinators.
> Volumes were labeled as "small integers":  "0", "1", etc.
> "Gee, I wonder what happens if I list the VTOC of '2'?"  Then,
> tear off the papertrail (so folks in the room can't easily
> figure out *who* caused the problem) and walk away casually.
> Listen to hear the DECwriters gradually stop printing as
> their individual buffers empty.  Followed by the wails of
> those folks who hadn't finished their work yet!  :-/ ]
> 
> Conversely, the best way to design robust/reliable devices is
> to "assume nothing" and "verify everything"!  *EVERYTHING*!!
> 
> This even applies to simple human interactions:
>    "Do you have change for a $20?"
> Then, hand them a $10 and *hope* they give you change for a 20!
> Worst case, you get change for your $10 and are no worse off...
> (I've known people who were scammed by a variation of this)
> 
> --don
> 
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>

More information about the tfug mailing list