105 posts • joined 24 Mar 2007
Before the infection ?
How do you actually get 'infected', is there a working demo online where I can get infected by clicking on a URL ?
> "Before the infection, a default installation of Firefox 3.6.10 would prompt the user after the user clicks the Log In button on a Web page, asking whether he or she wants to save the password," Webroot researcher Andrew Brandt explains. "After the infection, the browser simply saves all login credentials locally, and doesn’t prompt the user."
software applications security
What OS do the vast majority of these bad-apps run on and shouldn't security be built into the Operating System.
re: Rock < User > Hardplace #
> In my personal pantheon of nastiness Google sits even higher the MS. I can't see why anybody would want to install a Google plugin on an MS browser.
Troll the web, and trash anything Google ;)
less is more
It isn't a only a choice between KDE and Gnome ..
Chrome Psychedelic at 565
I have Chrome Psychedelic running at 565 on Lubunto running off a USB device ..
infected with malware ?
> Only jailbroken iPhones with default passwords have ever been infected with malware and even then only by a handful of high-profile worms, such as the Rickrolling worm in Australia and the D'oh bank credential stealing worm in the Netherlands, which both spread last November ..
Like, how did the Rickrolling and D'oh worms get onto the machines without using jailbroken iPhones and default passwords, and without any user action ?
What desktop Operating System is required for this 'botnet' to operate. How is the initial infection achieved on the computers. Is it by clicking on a malicious URL or opening an email attachment.
satire not noticed
> Sadly, Cartmel admitted the satire went completely unnoticed. He said: "Critics, media pundits and politicians certainly didn't pick up on what we were doing. If we had generated controversy and become a cause célèbre we would have got a few more viewers but, sadly, nobody really noticed or cared."
That's not strictly true, one of the best things about the series was the intelligent scripts aimed at the more mature audience. 'The Sun Makers' being another good example, where the entire solar system is privatised by the company. If the politicians didn't get it, we most certainly did.
The Collector of taxes being a sentient poisonous fungus type creature from the planet Usurius., Usurious, Usery .. get it .. eh ??
root achieved on cellular devices
"Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope"
Whoever designed these devices should be sent back to computer school. An authentication device that can be bypassed is a contradiction in terms. Or as some pen pusher would put it in a report: an unantipicate security excursion. Did not anyone check these devices for security vulnerabilities. What are they teaching them in college nowadays ?
"Uh you've reached stewie and brian, we're not here right now, uh and if this is mom, uh send money because we're college students and we need money for books...and highlighters...and.... ramen noodles...and condoms, for sexual relations with our classmates"
a working demo
Is there a link to a working demo ?
user names and passwords
"A spokeswoman for Demon said the company had changed the passwords which were sent out and was in the process of changing user names too"
What were they doing storing passwords in the clear in the first place. What were they doing emailing this document around the company.
Microsoft patents and the OIN
"Microsoft has placed a clutch of Silicon Graphics patents in the hands of those trying to defend Linux and open-source against trolls"
Does not equate to this ..
"Microsoft didn't directly approach the OIN - one of the industry's largest buyers of patents - and went through the AST instead"
And there is no evidence that MS intended the patents to end up in the hands of the OIN
flaws in the program ?
"Flaws in the program are routinely exploited by criminals to install keyloggers and other malicious software on end-user machines"
Shouldn't that be flaws in the underlying platform allow for the installation of malicious software. That platform invariably being the WinTEL one. The one with the built-in buffer overflow feeture ?
disable USB drive for security
"After all the lost data from government departments WTF was the counsel employee doing with a USB stick in the first place", John G Imrie
Look, the presence or absence of a USB drive does nothing what-so-ever to increase/decrease security. If I can get you to visit a certain web site or open a certain attachment, I can own your computer ...
the website reflects poorly on Parliament ?
No, the website reflects poorly on the people who designed and configured the web site. What are their names again?, just so as we can avoid them ...
the end of the world as we know it
Won't the entire worlds economy grind to a halt if they ban msWord in sixty days?
i4i suing Linux ?
"What next, i4i suing anybody else who dares infringe their loosely-worded "patent"? Guess that'll be bye-bye Apple, Linux and anything else that allows data to be used in multiple applications...", email@example.com
According to Groklaw ..
"No need for analysts' opinions and such. OpenOffice.org is clean, according to the i4i folks, and it's their patent. As for ODF, it doesn't use CustomXML, and it had no plans to do so, despite what you've been reading in the fuddy papers"
W32/Induc-A virus being spread by Microsoft software
| headline corrected |
'When a file infected with W32/Induc-A runs, it looks to see if it can find a Delphi installation on the current machine. If it finds one, it tries to write malicious code to SysConst.pas'
Does the original W32/Induc-A require administrator rights to infect the machine. Is SysConst.pas normally required to be writable by administrator. Notice how they managed to not one mention Windows in the body of that 'report'.
"W32/Induc-A virus being spread by Delphi software houses"
"If you believe that you may be using software written in Delphi you would be very wise to ensure that your anti-virus software is updated. Actually, regardless of whether you use Delphi-written apps that's a good idea"
OpenSUSE support forum
I used to be an Open SuSE enthusiast but dropped out because of the very low activity on the forum. That, and they barred me for asking questions about the covenant with Microsoft. The one that says you can't even work on OpenSUSE in your own companies time. And you don't own your own code contributions. Now, I'm a Ubuntu enthusiast.
<a href ="http://i25.tinypic.com/2prisyg.jpg">Slashdot Advert</a>
who is to blame
"On Thursday morning, IT consultant Paul Nash received an urgent call from a client whose Apache webserver had crashed the previous night and inexplicably wouldn't restart"
The blame lies wholly with IT consultant Paul Nash, that he configured such a system.
insert GPL fud
"The spirit of the GPL, and its purpose, were pretty straightforward and in my view honourable. But beware - it's more than it looks. Large companies can use it to harrass small ones. Small ones can use it to harrass large ones", David Coveney
The 'spirit' of the GPL is hardly the issue as the terms have been explicidly laid down in the actual text of the license. What large/small companies harrass other small/large companies. Please point out where actual harrass took place rather than the requirement that the terms of the GPL be adhered to. GPL 3 was specifically designed to prevent anyone coming after you for patent royalties ..
the root of the problem is the OS
Wouldn't it be simpler to design on OS that is immune to defects in the applications that run on top of it.
don't work on Firefox
Don't work on Firefox 3.5.1
insert bogus personal anecdote
"Until someone can come up with a way to stop employees from working against their companies, just so they can spend their working days goofing around on Facebook and Twitter"
You're kidding, since when were people allowed to twitter on NHS patent record systems. Any evidence to the contrary?
" I work for a company that works very closely with the NHS .. A patient faking illness just pops it in lets the malware off " SNORT !!!
Chrome OS - a vanity project ?
> The idea of a desktop running a thin OS served by the cloud is fine - until you want to do image processing, or make music or videos .. Linux is a fine OS until you get to the applications - ah, yes... GIMP - and integration with the real-world,doing stuff your Mum needs to do.
Your Mum must be way cleverer than mine if she can do image processing, or make music videos videos. For most people the browser is the PC and a quick perusal of the specs tells us that Chrome OS does a lot more. Given that a number of hardware manufacturers have climbed on board, Chrome OS will make the desktop obsolete.
> Linux is a fine OS until you get to the applications - ah, yes... GIMP
Andrew, what planet have you been living on up to recently. Here are some Linux systems sophisticated enough for even your Mom to find interesting.
patent promise is *NOT* conveyed
"Microsoft is promising not to pursue patent claims against Linux and open-source software using the open-source implementation of .NET, Project Mono"
Except the do-not-sue promise is *not* passed on to downstream customers using the Open Source project Mono !!
re: How long does it take some people to learn? #
"McAffee has been a terrible product for many years", Henry 9
What doesn't it do different than the others apart from scanning files for known patterns ?
insert free adveret for msOffice .. :)
re: Not their first epic fail, either
"Fortunately, Office had been installed from an Administrative Installation Point, so it repaired itself on-the-fly", mechBgon
the politicians were clearly ill advised
@AC2 'the politicians were clearly ill advised'
No, the politicians concocted a fake dossier and pretended to believe it. As a pretext to invading Iraq. Which they had no choice in doing. At least the ones in this little ole US colony.
changes cause problems
'You make a small innocuous change to a minor component and something you thought was totally unconnected falls over. That's the nature of the game', Richard Porter
No it isn't, it's the nature of a badly designed agile Web 11 thingy .. :)
open source hard to implement fud
"if you have something that by its very nature...is very complex with many roles and the way you configure it...then you need open source to have many instances of it because no one will be able to do an independent implementation of it"
They speak a different language out there in Redmond, microspeak, where 'open source' and publically documented standards mean the exact opposite.
it isn't about the desktop !!!
"Doing that general purpose operating system is a nightmare, and you lose your shirt on it," Smith explains. "At the end of the day, you have to do something that puts rice in the bowl", Jordan Smith Xandros
It isn't about the desktop, it never was, it was always about getting control of the customer experience. The battle for the desktop was fought and won, by Microsoft, a long time ago. MS, always late to the party, recognizes this, which is why it is moving to services based round the xbox and 'the cloud'. They realize that if you don't control the total stack, from the desktop to the server, then you're just the delivery people. Which is why Apple making money out of the iTunes on Windows is total anathema at Redmond. How dare Apple make a buck out of the Microsoft Desktop without paying the MS tax.
Digital Video Recorders, set-top boxes, subscription services and 'other tiny computing devices' will sell, but the real money is in subscription services. As long as the consumers are using your devices, else you're just the delivery people.
sophisticated Defense Department tools
"The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools"
No amount of tacked-on 'security' will secure 'webservers'. What is needed is embedded hardware providing a secure VPN and PKI infrastructure. That way you only have a single set of nodes to watch instead of multiple/differing Windows configurations. That way if a 'webservers' is vulnerable to an 'SQL injection attack', the hackers won't see it. Else you expend energy in futile solution such as above.
pool overruns ?
I hadn't heard the term before, and I do try and keep up. Are there any actual examples of 'pool overruns', in the public domain, that can be successfully run on OS X and Linux
"Independent Security Evaluators has successfully exploited weaknesses in Windows, OS X and Linux. "I think they're trying to stay ahead of the curve"
“This simple check blocks the most common exploit technique for pool overruns,”
Like, where and how did MS come out with a fix so quickly and why not design a MMU that isn't vulnerable to 'pool overruns' rather than havign to check for them, after the fact.
"It doesn't mean pool overruns are impossible to exploit, but it significantly increases the work for an attacker."
ex-commies would be pro-BNP
> Griffin writes that the "BNP website [was] taken offline in largest cyber attack in recorded history" .. The email .. claims that the assault originated from "eastern Europe and Russia" and was also directed against Clear Channel, a firm which reportedly provides billboard advertising to the BNP, as well as the party website.
I would have thought that the ex-commies would be pro-BNP as they would tend to undermine the current blair-bushite regime. Besides can we really believe him. A borked upgrade over the weekend being more likely.
I have personal knowledge of two such incidents. One was blamed on some fascist regime far-far-away. The other caused free long distance mobile calls for the entire weekend. They were both down to a flakey system, failed upgrades and incompetent staff.
tree style tabs
This is good, now I would like the tab menu to disappear until I move the mouse to the left of the screen ..
"I use tree style tabs, It changes the tab layout to a tree style (hence the name), very good for using loads of tabs on a widescreen monitor"
By Anonymous Coward Posted Saturday 16th May 2009 06:59 GMT
I don't use tabs
I don't use tabs because I like a clean uncluttered interface. Currently I have FF open, at the top I have three 'bars', the title bar, displaying the name of the current web site (TheRegister), second bar contains the menus, File, Edit etc, the third contains the URL address bar and the back/forward buttons. At the bottom is a status line that says 'Done' and has the noscript menu tab. When I search, the 'Find' bar pops up above the status line.
All in all a bit of a waste of space. How about a single bar at the top containing the menu/address bar and a single status line at the bottom that duplicates as a search bar.
If you select 'new window' (ctrl N) any URLs clicked on become part of a group as if you selected new tab. A single item in the menu bar allows you to jump between tabbed groups. So you ctrl N, open a number of URLS, ctrl N again, click on a number of URLs and you now have to groups of tabbed files. A popdown menu on the top right allows you to jump between groups. The status line at the bottom indicated the number of groups, instead of cluttering up the screen with multiple tabs.
The Safe C Library
"The Safe C Library provides bound checking memory and string functions per ISO/IEC TR24731. These functions are alternative functions to the existing Standard C Library"
See safe_lib.h .. of Dr. Dobbs Feb 2009
This reminds me of when Microsoft patented SUDO ..
scrapped last year for undisclosed reasons"
"SCOPE .. was scrapped last year for undisclosed reasons"
Conflicker Worm Invades Hospital Instruments
"Various Royal Navy warships and Royal Navy submarines, and hospitals across the city of Sheffield turned to be down under Conflicker’s attack"
"ATM virus that steals money from banks"
Novell contributing code from openSUSE
Which begs the question as to why they didn't create their own Moblin type project and launched that on the low-powered mobile market, instead of advertising their competitors products on their own web site !
the solution is obvious
Create a network of VPN nodes with multiple redundan routes, that utilize end-to-end encryption and authentication and connect your 'computers' to that. Now don't tell how/why it can't be done, tell me how it can be !
"when hackers took control of Federal Aviation Administration computers in Alaska. By exploiting the administration's interconnected networks"
"Two separate attacks in 2006 hit the FAA's remote maintenance monitoring system and its air traffic control systems. The latter forced the FAA to shut down a portion of ATC systems in Alaska"
"The report went on to fault the FAA for employing woefully inadequate IDS, or intrusion detection systems. .. none of the IDS sensors monitor mission critical ATC operation systems"
One would be wrong
"One would think that a setup like this would run up its generators every few days to check all was well with the engine, alternator and transformers etc. and note if the damn thing works properly", rhydian
One would be more accurate to speculate that the maintenece was outsourced to a company that hired another company that outsourced to another company that hired on cheap east european contract labor. At least that's the way they do it round here.
why a software company would buy a hardware company
"I have no idea why a software company would buy a hardware company. We don't want to buy any hardware companies,"
Because they get to control the total stack. A good move for the new Sun division would be to partner with media and telecoms companies and sell a total solution for the next wave of online rich content. Sell the server hardware and software to the content providers and sell a high end multimedia computer to the consumer for the living room. They would make their money back on subscriptions.
restricting access to /dev/mem
"A set of recently discovered security holes in Mac and Linux platforms reminds those over-confident in their superior protection that no one is immune to vulnerabilities"
The flaw does seem to be have already addressed (at least since 1999) and relies giving USER write access to /dev/mem. And is specifically referred to in comments in the paper.
"only root has acces to /dev/mem ?", Sep 1999
"If this option is disabled you allow userspace (root) access to all of memory, including kernel and userspace memory"
"I'm having difficulty dumping the memory from a Ubuntu 6.10 PC. When I try and run it (yes both using sudo and as root) I get: dd: reading '/dev/mem': Operation not permitted"
Ash: what did you see ?
"Unsurprisingly, we are one of the 83% that will be going straight to Windows 7", Ash Chapman
"A poll of 1,100 Windows customers has found 84 per cent won't be adopting the successor to Windows Vista during the next twelve months"
Ash: what did you see. I read it as saying 84% won't be going straight to Windows 7 ..
lack of openness ..
'Steven Martin leaked details about the project last week, and complained about being “disappointed by the lack of openness in the development of the Cloud Manifesto”'
If the doc wasn't open, then how did Steven Martin get hold of a copy. And the writers do say this:
"is meant to start a conversation around standards and help clients ask the right questions about cloud interoperability. This document is not a contract with vendors or a position on what standards should be'
Now that the document is out; ather than attack the manner of it's aetology, what exactly does Steven Martin have to say about the contents. .
why Microsoft objects ..
The reason why Microsoft objects is that they invented 'cloud computing' :)
US military hacker
'self-confessed UFO evidence hunter turned US military hacker son over to the US'
For the umpteemed time, he logged in to Windows NT computers that all used the same passwordless admin account and installed a remote desktop application and sent msgs to the supervisors screen via wordpad ..
Not Microsoft's problem?
"I for one can't see why they should be obliged to ignore IP violation (if that is genuinely what has occurred here) simply because the other party *chose* to use Linux", anonymous coward
Tom Tom uses third party and GPL software in its products. Neither of which are owned by Microsoft. Therefore it owes nothing, nada, zilch to Redmond ..
Hey, I hate M$ as much as the next guy but come on.", Anonymous Coward
I don't understand how someone can hate a company. It's just a device for converting base matter into shiny objects .. :)
"Tom Tom is using an M$ patent that they have not licensed. What does this have to do with open source or linux?", Anonymous Coward
Tom Tom isn't using a M$ patent, Tom Tom is using third party and GPL software. The real question is what does an old long-file-names-for-fat patent got to do with Open Source. And since neither Tom Tom, the third party company or the Linux kernel team would have ever read this M$ patent, what has Microsoft got to do with Open Source.
"And since when was Tom Tom distributing linux anyway? If they didn't want to use a proprietary filesystem, they should have used a non-proprietary filesystem", Anonymous Coward
They used a mixed Linux kernel third party solution. Redmond is appariently upset that peopel are selling GPS devices without paying them for the 'innovation'.
- Vid Hubble 'scope snaps 200,000-ton chunky crumble conundrum
- Bugger the jetpack, where's my 21st-century Psion?
- Google offers up its own Googlers in cloud channel chumship trawl
- Interview Global Warming IS REAL, argues sceptic mathematician - it just isn't THERMAGEDDON
- Windows 8.1 Update 1 spewed online a MONTH early – by Microsoft