10 posts • joined Friday 28th December 2007 19:24 GMT
Why would attacker need to take over the machine?
Everything that is interesting for attacker is under users own account.
Tell me one, just one thing that would be of interest for attacker and could not be gained with user privileges.
If battle goes badly, change the rules
Actually the best way to defend your system against this kind of crap is to prevent it from getting into the system in the first place.
And thats where web blockers and exploit guard components come to play, if user cannot get to the hostile page, or the hostile advertisement cannot load user is safe.
Traditional AV is the last line of defense when more modern techniques fail
No admin password is needed for Linux
Unless you are using some distro which has ultra paranoid security, you don't need admin access to install stuff that can access users stuff.
Just install attack component as Gnome or KDE applet and you get both autostart and access to all user data. No root password needed.
USB-SEA is typical Apple invention
USB-SEA sounds like typical Apple invention, a good idea as long as you accept the limitations it brings.
If self extraction would be mandatory we would not have cheap passive USB hubs. Also I have my PC in very hard to get location and I have printer and other cables connected to back of the PC.
It would really suck to eject my printer or USB hub cable by mistake when I want to eject USB stick from the front.
CD-R and DVD-R media contain manufacturing date in the disc info.
So if you are about to create a forgery of CD-R you must have to be able to obtain a disc that is at least as old as the documents in the disc.
And this is already something most people do not know about, so they would be easily caught if they burn a fresh disc with altered documents.
WTF they had SSH open to the world
It boggles the mind that high profile target like apache.org had SSH port open to everyone.
Any admin worth their salt knows that you should have SSH and any other login protocols accessible only over local network on publicly visible target like that.
Actually the first mobile phones were introduced in 1971.
Typical US assumptions.
Finns introduced ARP (short for AutoRadioPuhelin) in 1971, which would be two years before Motorola.
Fake golf clubs are easy to spot
I read article from local technology mag (a one with long reputation of accuracy).
They went to china and bought fake clubs from 3 different stores. Then they tested them both in lab and blind tests with golf pros.
Needless to say that the fake clubs performed abysmally, the pros could detect the difference with first swing. And when you saw the lab photos you did not wonder why.
The fake with was really shoddily built and had completely wrong construction when compared to club it was supposed to imitate.
Probably same thing with that fake kit, they probably has Cisco OS, but HW quality will probably show both in durability and ability to handle high loads and heat.
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Lightning strikes USB bosses: Next-gen jacks will be REVERSIBLE
- Pics Brit inventors' GRAVITY POWERED LIGHT ships out after just 1 year
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt
- Storagebod Oh no, RBS has gone titsup again... but is it JUST BAD LUCK?