Posts by Jason DePriest

16GB or 32GB?

Let me know when they have the 120GB version. Anything less is hardly worth it.

where is proof-of-concept

So I can see if Firefox with AdBlock Plus+NoScript+RequestPolicy+JavaScript Options can prevent exploit.

Let's see... for IE I can use the extension... um... or... never mind.

Script Kiddie?

By definition, a script kiddie uses someone else's code. These dudes are using their own 0-days which should explain their motives pretty plainly.

They don't want anyone else to have their tools. They don't want script kiddies sh**ting up the pool with a million derived iterations of something they discovered and would prefer to horde.

Also, money. Because it always boils down to money. Perhaps they want to sell their 0-days to the vendors or on the black market. Full disclosure makes that impossible or at least less profitable.

Even if the anti-sec front dudes performing the actual attacks against sites are script kiddies, you can bet the message was written by someone with an actual brain. Just read it. There is a serious lack of high-fivin' leet speak. The grammar and formatting look correct. It reads like a manifesto, not a "lolz u got pwned" defacement.

I have no idea who is behind the Anti-Sec "movement", but it isn't just some neckbeard sitting in his mom's basement stuffing Cheetos in his gullet, washing it down with a Code Red Mountain Dew while symbolically raging against the jocks who used to give him wedgies. It reminds me, in a way, of Anonymous and the attacks against Scientology.

This could be the start of something.

Maybe not. Maybe it is just a flash in the pan, but there is lots of money to be made in exploits and giving them away via full disclosure is pissing off the wrong people. Whether the truly criminal elements in the security market would be bold enough to strike in such an almost sanctimonious manner remains to be seen.

Look at the birth of the Pirate Party after what happened to The Pirate Bay. TPB may have sold out to pay their fines, but the mindset, the feelings of F* the Man and the Corporations are still boiling.

There will be an outlet.

@Tony Hoyle

"TweetDeck, one of the most popular Twitter clients, integrates bit.ly, making the flaws much more risky than might otherwise be the case."

"Twitter" for this "month of X bugs" is more than just the service itself, but includes the various common ways of interacting with the service.

Screws up my browser sumthin' fierce

I just installed it and was able to use it for about an hour before falling back to 3.x.

Strangeness:

* periodically lose the ability to use the mouse wheel to scroll,

* scroll bar would jump to left side of browser,

* forms would no longer submit (and I get a message telling me that I am submitting a form across unencrypted sites; say 'continue' and it doesn't),

* 'options' dialog window blank except for 'ok' and 'cancel' buttons,

* add-ons I use on a daily basis not updated yet.

I'll wait for 3.5.1 I guess.

Cyberspace?

Really? That term is a little silly for a government office. Wouldn't National Office of Information Warfare Preparedness or something be better?

Also, if the group that is doing the pen testing is beholden to the offices it is testing, then the tests are invalid. It must be an independent body that won't have its funding cut when it tries to push for vulnerabilities to be fixed.

Your job must be fantastic

You spent entirely too much time coming up with this cheeky article.

Reading it and giggling, I am reminded that you were actually paid money to come up with it.

I think I've come up with a way to create a logo that mimics Sun's by the way.. but it can't really be drawn easily in ASCII art...

Helping the authorities

I'm pretty sure that means naming names and selling out some bigger fish.

Great for Marketing - not so much for bored end-users

Access to all the social networking sites can be a great way to create a corporate presence, providing information in a less sterile setting about your company and your culture.

At the same time, unfettered access to the masses can lead to scads of wasted time and inappropriate material being leaked.

This is the sort of thing that shouldn't be enabled globally, but should be doled out to those who have it in their job description to explore emerging technology for enhancing and advancing the reputation of the business and scoping out bright young talent to hire.

Secunia's PSI *is* a single update service

I love Secunia PSI so much that, if I weren't already happily married, I would pursue it with vigor.

It replaces a product I used a decade ago from Cybermedia, called Oil Change. It took 10 years for another company to come up with something that did the same thing. And they give it away for home use!

It checks almost every application on my system and lets me know when I need to patch it and why.

Oh lovely Secunia, PSI! You have saved me much time and grief with family members.

Also, I already get hardware driver updates from Windows Update. That's the only third party stuff I know of you can get through it. And those are Microsoft certified.

Another extreme to consider

Your realize that there are actually people with strange metabolisms.

There are those who eat with wild abandon all manner of calories while sitting around doing nothing and gain no weight.

There are those who eat intelligently and in moderation while engaging in modest exercise and lose no weight.

For these groups, the BMI is less than useless. You'd need some sort of endocrine system analysis to assess the health of someone like that.

Though I reckon the skinny lay-about would rather stay that way while the rotund power walker would gladly take medication to help with a hormone problem.

The law applies to everyone

Not just the little people.

Regardless of their motives or the "public good", the law was broken. If they don't like it, work to get the law amended to allow this sort of exception *before* testing it out.

See here http://blogs.securiteam.com/index.php/archives/1261 for another brits take on it. I'm an American, so my opinion is only worth about 1/2 on this forum.

Missing the point

"While defendant does not profit from erotic services per se, erotic services is the catalyst behind Craigslist being the ninth most popular website in the country"

That tells you all you need to know. Erotic services are overwhelmingly supported by the populace.

The populace may be comprised of mostly heathens and sodomites with desires the Christian camp (myself included) find amoral, but it is not the place of law to dictate ethics.

Regulate and tax them just like tobacco and alcohol.

Expand the sin tax. If the numbers are any indication, it could help solve our (the US) deficit and fund the ridiculous bail outs.

I do not wish to create a title for my rather brief comment

Truly it is Microsoft only if you can't even use Firefox running on a Windows box to access it (or Opera, I imagine). You can run IE under Linux with WINE, but that is beyond any expectations the government should have.

Facts and figurines

Digi's computer had thousands of kiddie porn images on it. That is a crime. It doesn't matter if he downloaded them as a joke, if someone else uploaded them without his knowledge, or if he wanked to them daily. Possession of kiddie porn is very illegal.

Does anyone think for one second that the FBI is going to stop investigating a potential pedophile just because of a plea bargain? The plea covers past offenses, but not new ones. Digi better watch his back 'cause there seem to be a list of folks trying to stab him in it.

pants

http://www.google.com/search?hl=en&q=pants

#1 Wikipedia

http://www.google.com/search?hl=en&q=bollocks

#1 Wikipedia

http://www.google.com/search?hl=en&q=tripe

#1 Wikipedia

http://www.google.com/search?hl=en&q=crap

#1 Wikipedia

http://www.google.com/search?hl=en&q=naff

#1 Wikipedia

#2 Wiktionary

I sense a trend here. At least if you search for "encyclopedia britannica," the www.britannica.com site is #1.

bad advice

Hey AC, Adblock Filterset.G does not work with AdBlock Plus and, in fact, the AdBlock Plus folks tell you not to install it if you have AdBlock Plus (http://adblockplus.org/en/faq_project#filterset.g).

I wonder if Firekeeper would catch it... it picks up some other attacks.

Re: Anon Cow

The EAL stuff seems to be for commercially available systems only.

You would need to search for a specific implementation of OpenBSD being sold on some sort of device.

(penguin because you don't have an icon for the BSD demon)

THIS is the sabre you are looking for

http://www.hammacher.com/publish/75896.asp

[quote]

The Star Wars® Luke Skywalker® Lightsaber.

An exact replica of the famous Jedi and Sith weapon from the epic Star Wars series, this lightsaber is faithful to every outward detail of the original hilts and reproduces the authentic, digitally recorded sounds from the movie, including the classic hum when idle, swooshing sound when swung, and clashing sound when it strikes another object or lightsaber.

The sturdy blade is composed of shatterproof polycarbonate enclosed around a string of bright LEDs that illuminate in sequence from hilt to tip when turned on, providing the illusion of a focused beam of energy emanating from the hilt.

As it powers up, the lightsaber replicates the actual initialization sound used in the films, and built-in motion detectors detect blade movement and prompt the same battle sounds that are the hallmarks of the "elegant weapon, from a more civilized age."

The hilt is made of durable die-cast aluminum and polyethylene and crafted to replicate all outward characteristics of the unique lightsabers used by Anakin Skywalker®, Luke Skywalker, Yoda® and Darth Vader®. Requires three AAA batteries. Ages 14 and up. Luke Skywalker. Blue blade; from Star Wars: A New Hope. 44" L

Duty Free to Canada- Click for details

Item 75896 ................... $129.95

Available for Immediate Shipment.

[/quote]

Cheaper and fully functional... sort of.

I have your title right here

If only they had been running OS/2 Warp, this wouldn't have happened.

Ribbon is pretty good

I find Ribbon extremely intuitive. If I were sat in front of a computer for the first time, Ribbon would be easier to use than File, Edit, etc menus.

I was afraid I would hate it when I was upgraded to Office 2007 at work, but I find I like it very much.

I wonder when OpenOffice.org will have a Ribbon-like interface to compete.

proxies for laughs

I manage a Blue Coat proxy server for work.

My co-workers and I agree that a policy of allow-everything, report, and publish would work better.

Every week we could sent out a report to all employees of the most interesting sites visited by their fellow employees.

Want to know who is secretly a furry porn addict? Check the report.

Is your neighbor searching for instructions on how to build a bomb? Check the report.

Does your boss like to purchase objects to pleasure his pets? Check the report.

Alas, management does not support our view and would rather block it on the front end than taunt those who abuse free-reign access.

Mine's the one with the 3G laptop modem in the pocket...

no free p0rn?

Has he not heard of "the Internet" which has boat loads of p0rn available through any search engine? Even faster if he uses image search?

Apparently. Not.

Mine's the one with the brick-sized mobile phone in the pocket...

questions

[quote]Childs could use the names and passwords to "impersonate any of the legitimate users in the City by using their password to gain access to the system,"[/quote]

Yes, but the questions is, "did he?"

Check the logs people... if you can figure out how.

Admins in poorly structured environments often find themselves in possession of privileged information they don't need to do their job. It is amazing how willingly and frequently some end-users will give up passwords without even being asked.

Email received: "I need help with my VPN. My user name is mdouglas and my password is salguodm. Please fix ASAP!"

Can he help it if some people are morons? Isn't that the point of his defense?

Yes, they are proving his point by doing what they did... I hope his lawyer seizes the opportunity.

Unfortunately, the jurors may be just as technically illiterate as the city managers...

Paris Hilton knows more about Information Security than these guys.

AT&T U-Verse okay? Maybe?

Your name server, at 151.164.14.196, appears to be safe, but make sure the ports listed below aren't following an obvious pattern.

--------------------------------------------------------------------------------

Requests seen for 4f5029e03184.toorrr.com:

151.164.14.196:18902 TXID=4222

151.164.14.196:44489 TXID=45620

151.164.14.196:2701 TXID=65443

151.164.14.196:57187 TXID=34670

151.164.14.196:1526 TXID=56490

Note: dnsnode1-x4.stlsmo.sbcglobal.net [151.164.14.196]

Re: all the "my old extension for Firefox doesn't work any more"

You can fix that yourself.

Download the XPI. It is just a renamed Zip file.

Unzip it.

Find the install.rdf file and open it in an editor.

Look for the targetApplication section with the id of {ec8030f7-c20a-464f-9b0e-13a3a9e97384} and change the maxVersion to 3.*

Re-zip it and change the extension to .xpi.

Drag and drop your new file into your Firefox browser.

Dance joyously.

@ an AC

Since only one other person has mentioned it, this is a Firefox 2 bug that happens to still be present in Firefox 3.

If Tipping Point had released information on this last week as a Firefox 2 bug, it would hardly be news.

Hence they waited until the official release of Firefox 3 to determine if it was still present (not that the betas and RCs couldn't have told them the same thing), so they could roll out the "first to find a bug in Firefox 3" carpet.

Re: Glen - My auditors are better than yours

At my last job, the IT Auditors were very competent. Audit, had regular book and paperwork auditors, but they also had a separate group of auditors with backgrounds in IT. Since it was a financial institution, the director put a heavy emphasis on IT compliance.

I hear it isn't going so well over there now. They've had a new director for a couple of years and he doesn't see why IT compliance and security is that important. He's focusing them on traditional auditing.

Where they used to be hiring IT specific auditors, now they are laying them off (sorry, I mean "rightsizing") and the talent that doesn't get shown the door is leaving on its own accord because the job is no longer fulfilling.

My new job is with a much smaller company about 1/6 the number of employees. From what I've heard about auditors here (haven't worked with them much), it may be more like what you say.

I guess I was spoiled at my last job by auditors who knew what I was talking about. :(

calculated stupidity

The CTO of the company I used to work for resigned because he was forced to outsource a significant portion of his empire. He knew what it meant, but his concerns fell on deaf ears.

Unfortunately, large, public companies are still ruled by the shareholders and if the shareholders say jump, the execs jump.

It was a short-term cost-savings measure to put cash in the sharholders' pockets.

They knew they'd have to pay the piper eventually, but apparently they didn't really care about the lost jobs or flailing customer service or the language barriers or the time zone barriers or the fact that the programmers working on some of our code have never even talked directly to a customer or have any idea what it is, exactly, that we do.

he has spoken

amanfromMars once again astounds us with his amazingly insightful comments

woe unto those who are too underevolved to understand the wisdom contained in the few crumbs he allows to fall to our waiting, ravenous maws

whether advanced bot or schizophrenic geek, amanfromMars is the way to enlightenment

bravo

@Peter Mellor

That was an amazing explanation. Thanks for that. I quit reading up on black holes much when they still thought they might be connected to "white holes."

Hotmail's roots

@Sam

Hotmail was originally running on BSD and Unix platforms and was *the* free non-ISP email account to have. I don't know if MS ever got it all running on Windows.

I've been using Hotmail since before Microsoft purchased it. I slowly weened myself off of it after that. Tried Yahoo!'s free webmail but didn't like it much.

Once GMail came along (and I wrangled an invite), I jumped from Hotmail completely. I keep the Hotmail account so I have a Live ID for some Microsoft website functions that require it.

* Paris Hilton icon because she really likes Hot Males (I could not avoid such a juicy pun, sorry).

Say what

@ greg and his 72 virgins

You'd prefer just a few experienced girls? The 72 virgins are actually *perpetual* virgins so that even after you deflower them, they are still magically virgins. I don't see the appeal either, but I'm not The Prophet Mohamed PBUH.

@ James and The Hitchiker's Guide

The ship of useless folks from HHGTTG crashed on Earth. Perhaps it's true after all.

@ I. Aproveofitspendingonspecificprojects and America is stinky

It went wrong when corporate interests trumped the safety and security and will of the common people and resulted in the squandering of solidarity of the rest of the world's commitment to us after 9/11. When Bush basically spit on the UN and told many other allies to sod off, they were decidedly miffed. The fact that he admits no wrong-doing and feels his every decision has been the right one only compounds the problem.

Compare "no specific, credible intelligence" with Bruce Schneier's http://www.schneier.com/blog/archives/2008/02/latest_news_on.html, specifically the part where an oil rig is evacuated because someone dreamed of a bomb.

I chose Paris because at this point, she'd be just as effective at running America. Love my country, not so much my leaders.

unofficially from Diebold

I had a conversation with some Diebold sales reps trying to sell me some new managed services about this a few months ago.

They told me that they can design the most secure, robust e-voting system there is, but no one would buy it because it cost too much.

"How much security can I get for just one dollar?"