34 posts • joined Wednesday 31st October 2007 14:31 GMT
And thus the 'electonics-based weaponry' industry
dissolves back into the mists of fantasy from whence it came.
Who's going to buy a gun that US.Gov can disable pretty-much at will.
This wouldn't have helped in 2000 anyway..
in the case that supposedly sparked this system's creation.. the problem wasn't that the agencies didn't know where the child lived.. but that they didn't share their case notes. Which ContactPoint won't do either..
Hooray for government project scope creep... It's probably secure! and it's probably completely useless!
if this was a search of e.g. his house of commons email, then I'd imagine it to be a high security system with auditing and logging at all levels.
Either that or b. someone was present whilst they searched or c. this information was divulged by the police to the MP in question after legal pressure.
Not just 'search boxes and fields'
Don't forget other ways of using GET and POST requests to a server (EG Manually) lots of people think that if they protect the 'forms' on their website, they're invulnerable.
There's also cookies, which if used without care can be a nice vector for attack.. and even persistant data, if you're reading from a database that's written to by other, untrusted (or just badly written, including your own!) applications, that can be used to inject too.
£300m across every UK business?
£17 per computer per year.. so.. if you have 10,000 computers (a lot) that's £170,000 a year..
I'd hazard a guess that for a company with tens of thousands of PCs, that would be a drop in the ocean of their annual turnover. Scaling it down to your average mid-size with 1000 PCs (to be generous) you're talking about £17,000 a year,, most places spend more than that on sandwiches for the board.
In summary.. who cares?
I hope this is tested in court.
and I hope the Beeb win.
If they do, this will be a massive win for security researchers and curious people on the internet to play around with 'hacking' tools for 'research purposes' on other people's computers and get away with it.
What needs to be done to get the Met' to investigate this?
Based on their obvious lack of understanding of how bittorrent works
are we really to believe this is actually copyrightable material, and not just .torrent indexes?
(probably, as it's a topsite, but still?)
Also there's no reference to any persons being arrested; so are we to assume no-one has been?
PS. There's no copyrightable material 'on' The Pirate Bay (except for that which is (C) thepiratebay) it might be found VIA the pirate bay.. but that's a totally different thing.
The worst terrorist hit ever (?) was the world trade centre.
a privately owned building, in one of the most densely populated areas of the world. based on prior experience, that's the sort of thing that terrorists have targeted and will target.. not 'hard' targets like official institutions or military bases.
Very very cool!
Me and me mates all travel a lot, and often bump into each other in random cities.. often only finding out that we're in the same place by accident... so this will save us dining alone unnecessarily :D
Wrong, what about Prospero X-3?
As per the title, we did it 5th... It wasn't launched from the UK, but the article says we've never built a rocket capable of putting objects in orbit. Clearly we have, and a long time before most other people.
We're waiting for 7
Put simply, why wouldn't we wait? There's no big move away from XP compatibility with software vendors yet (as there was with eg 3.1 to 95, or 95 to 2000/XP.)
For a business, the operating system is there to run the applications that the business needs, and as less than 10% of businesses use Vista, we know that XP will be supported by for quite some time yet. Until there's a real benefit in either cheaper/easier support, or significantly advanced features (or exclusive applications) an OS upgrade is all pain, no gain!
And of course, we still have PCs around the place running windows 2000, with no problems whatsoever.. so even windows 7 can wait for a bit!
Broadband for everyone!
except those people in hard to reach areas... i.e. those who don't already have it.
We expect a level of nonsense from the government, and UK.gov fails to disappoint yet again!
@alexander 'Just glue a net to the front, problem solved'
I must point out the slightly obvious: any net that can stop at least one 5Kg lump of meat travelling at a relative velocity of up to 500 mph will have to be very, very sturdy. to such an extent that it will need to be very heavy, and will certainly restrict the airflow into the engine.
Moreover.. once the bird gets splashed across this net/mesh/grill, the airflow may well be cut off so much that the engine flames out anyway...
Hang on a minute..
What's that, failing to comply with web standards is causing a headache for the Internet Explorer team at Microsoft?
'what goes around comes around' springs to mind! Finally they get a taste of what the thousands of web developers having to implement non-compliant tricks to subvert the shoddy old versions of internet explorer had to go through.
Least likely attack vector.
Is this website hosted in a data-centre in Obama's basement, patrolled at night by only his most trusted henchmen; Is the content management system written by eunuchs who will only be releasd from their cages in 2015; is everyone with administrative rights vetted for their knowledge and application of network security?
One rogue employee at wherever it's hosted, or on the web app development team, or one slip-up on the security of the campaign team's personal PC security (or using a cyber-café PC with a keylogger on it, f'rexample) could do just as much damage as a rogue urchin file... yes it's a bad idea.. but it's unrealistic to call it a likely threat.
One interesting security angle to this is that if the cards can be changed maliciously, then any data gathered from a card reader must be considered potentially malicious, and sanitized before use.
I'd bet that there are a quite a few apps out there which make the assumption that the data on a card will be in perfect condition, and certainly not actively trying to break something.
*changes name to jeff' or 1==1; -- a la XKCD :)
The game is teaching our ..18+ year olds...
that if they're ever in a post-apocolyptic nuclear wasteground, fighting for their life against zombie-mutants and mad-max types... taking a pain-killer will help them ignore pain.
I say the developers should be hanged for such immorality.
Full disclosure is sometimes the only way to get a fix..
and regarding the US not having an official secrets act..
The Espionage Act effectively does the same thing for any information deemed 'classified'.. so much for freedom of the press
RE: You'd not change the pwd surely?
G E. I don't know how this system works, but one possible exploit is in the 'change/ forgot my password' functionality; changing the password to one you know is almost always a lot easier than finding the existing one.
If the hack centred around resetting passwords, then anyone who's password is unchanged is safe (from this particular attack)
I think software devs could learn something from web security then..
the only way to resolve this is for software to stop storing keys in memory; but will need some sort of session identifier in order to maintain security etc.
looking at the HMRC out-turn estimates...
it's interesting that with all these 'green' transport taxes... the estimated expenditure on transport and on the environment are falling (as a % of total outturn) every year for the next 5 years.
And the expenditure on local government and filling up the NHS black holeis going up every year...
Not even Paris would believe these takes have anything to do with the environment
Working in a retail-related industry
We're on call 24/7, all parts of the business are producing at something like 400% and after christmas it doesn't slow down for a good week or two...
I have GOT to get into the finance sector :D
The most dangerous thing
is when webalizer is left on the default setup and shows secure and 'hidden' login portals etc. for admins and content editors.
Although obscurity never = security, it certainly increases the workload of a potential hacker, and immediately turns off any opportunists looking for an easy site to break.
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Review Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16
- Analysis Microsoft's licence riddles give Linux and pals a free ride to virtual domination
- NSFW Oz couple get jiggy in pharmacy in 'banned' condom ad