2326 posts • joined 6 Apr 2007
Re: All to often the case.
Vulnerability assessment is not an exact science. You can't always simply emulate the exploit and see if it works (this is obviously true for denial of service attacks that could cripple or crash the target). Often the logic runs:
1. Port scan to identify open ports.
2. Look up port number in database to identify service.
3. Retrieve banner including software version information.
4. Look up software in database to check for known vulnerabilities in the reported version.
Since banners can often be trivially spoofed, this is liable to generate false negatives.
If they "didn't have a patching policy in place that covered Linux systems", I'd suggest that they have more to worry about than just Heartbleed.
An idea worth investigating, but the sea is a far more hostile environment than land. It's not just corrosion (though that's bad enough), but a hurricane is almost no threat to a land-based nuclear reactor encased in a heavy concrete shield. At sea, it's another matter.
I think Google's line is much more likely to be: "We'll store all your data for free, as long as you allow us to analyse it so we can target ads at your customers".
It may be NSA or GCHQ proof (good luck with that), but is it proof against a German court order issued on behalf of any of the German 3-letter security agencies? Fortunately there's little chance of a German government violating citizens' rights in this way (whoops, there goes Godwin's Law).
It's Asbestopluma rickettsi not Asbestopluma rickets (probable autocorrect error).
Re: I wish
Wishing for governments to stop wasting money is like wishing for a pachyderm small enough to keep in your pocket or a vegetarian tiger. It's not actually logically impossible, but don't expect to see one any time soon.
WTF is 'Security' doing in there? (Except to form the backronym, of course.)
Very few successful companies 'create' the technologies that drive the market with which they're associated. Google didn't 'create' the search engine; Amazon didn't 'create' mail order; IBM didn't 'create' the computer; Ford didn't 'create' the motor car. Can you give us an example of a company that has become successful through creating from scratch a new technology sector? Please don't say Apple.
It depends to a large degree on the state laws. Only a handful of states (such as NY and Illinois) allow employment contracts to be terminated completely 'at will'. In these states, it's hard to tell the difference between being an employee and a contractor. But employment protection in the US is generally less than in the UK (which, in turn, is less than that across many areas of Western Europe).
All your key are belong us
We 'ad it really tuff
My first program was written in 1969 on punched (5-hole) tape from a Creed teleprinter (not unlike the beast that used to produce the footy results on BBC until a decade or so ago) to run on a Ferranti Sirius. The language was Sirius Autocode - none of your namby-pamby compiled languages for us.
Try tellin' that to t'youth of today ...
Re: COBOL - Yuck!
But the (wholly intentional) advantage of its verbosity is that you could take a section of procedural code and show it to an intelligent accountant or business manager (yes, they do exist, honestly) and explain what it was meant to do. If you were lucky, they might even be able to point out why what you were attempting to achieve wasn't actually what the business needed.
Try doing that in C.
If there really are a million COBOL (I'm old school) programmers out there, I bet their average age isn't much less than 50. So you're losing getting on for 10% of your 'stock' every year, most (hopefully) to well-earned retirement. So who's going to maintain your 100,000 COBOL programs in 10 years time? Do you have a cunning plan to rewrite/redevelop them all in some hip modern language? How many programmers do you need to rewrite 10,000 programs a year?
I've got lots of questions, but I don't hear many answers.
That was brave! I genuinely never heard of anyone doing that, but then I never moved in IBM circles.
This was a big factor in the profitability of mainframes. There was no such thing as an 'industry-standard' interface - either physical or logical. If you needed to replace a memory module or disk drive, you had no option* but to buy a new one from IBM and pay one of their engineers to install it (and your system would probably be 'down' for as long as this operation took). So nearly everyone took out a maintenance contract, which could easily run to an annual 10-20% of the list price. Purchase prices could be heavily discounted (depending on how desperate your salesperson was) - maintenance charges almost never were.
* There actually were a few IBM 'plug-compatible' manufacturers - Amdahl and Fujitsu. But even then you couldn't mix and match components - you could only buy a complete system from Amdahl, and then pay their maintenance charges. And since IBM had total control over the interface specs and could change them at will in new models, PCMs were generally playing catch-up.
My brother-in-law tried to drive to Puerto Rico. Boy, did he get wet!
That's a damn lie! I've been to Toronto for the baseball. And my brother-in-law once went to Puerto Rico. (And it's traveled.)
The universe may well form a closed curve, but it can't be that closed or we would detect the curvature in other ways. If it is closed, there has not been enough time since the big bang for light to perform a complete circumnavigation.
You don't need to detect them, they would appear as 'missing' energy - the same process that caused the neutrino to be postulated*. If dark matter is real, it must be some type of matter that can't be created by banging quarks together (at least, not at a few TeV).
* I have committed the ultimate sin, I have predicted the existence of a particle that can never be observed. - Wolfgang Pauli
Re: @ Chris Miller
The act I had in mind was the act of speech (although Eich doesn't even seem to have done that, just made what he may well have thought was a small private donation to a political fund). Some people think that holding opinions is one thing but speaking out about them or (horrors) actually encouraging others to support you is wrong. That's not what I consider to be free speech. You may hold different views, as is your right.
So you'll generously permit others to hold views contrary to your own, but if they act on them they should be made an outcast? I don't think you've really got the hang of this free speech concept, have you? (Sadly, you're far from alone in this confusion.)
Given the people who probably commissioned this software, I think the code review process might well be one in which we can all be glad we're not participating.
Re: This is a real success story for our country
If you expect to see FTTH (other than as a special deal at a sizeable cost) in a country like the UK, where 90% of the population live in individual dwellings, dream on! If 50Mbps isn't enough for you (and, if it isn't, WTF are you doing with it?), move to a giant apartment block in Seoul or Tokyo, where you can get 1Gbps (albeit shared with hundreds of others).
This is not an attempt to justify BT's position, merely management of expectations.
It wouldn't be easy to tell from a distance whether a star or even a galaxy was composed of anti-matter. The main give-away would be interaction with the interstellar or intergalactic medium.
If anti-matter really does have negative gravitational mass (most physicists expect it wouldn't, but that doesn't remove the need for experiment), it might have negative inertial mass as well. That would mean that it would move in the opposite direction to any force* imposed on it - so two anti-matter particles would attract gravitationally, but the resultant force would cause them to move apart. This experiment wouldn't eliminate this possibility, since the upward force from Earth's 'anti'-gravity would cause antimatter to fall just like normal matter.
Science fiction writers can use this idea as a space drive, because equal masses of matter and antimatter would 'chase' each other at ever increasing speeds - their mutual repulsion causing them to move in the same direction. There's no violation of energy conservation because the total mass is zero.
* including electromagnetic forces, which doesn't correspond with observation.
Re: It's a simple matter in the UK
the fact that the 3rd party in question is a member of staff is actually
irrelevant relevant if said member of staff has given permission for their email to be accessed in this way as part of their employment contract (and, these days, the vast majority will). I admire your libertarian sentiments as regards web filtering, but if I'm providing an Internet service so you can do your job, I reserve the right to control what can be accessed when. Even if it's just blocking timewaster.com or online betting sites.
15 years ago, we were contacted by the police who had found one of our staff posting stuff on Islamic web sites and chat rooms about killing kafirs. Needless to say, he was shown the door pretty swiftly. Imagine if he'd been storing stuff on our servers.
Leaking IP is (generally) not a criminal offence - law enforcement would laugh at any such request. But if an organisation suspects that someone is leaking proprietary information, you can bet they'll be going through their email and other Internet logs - and if they find who it was, said person will very soon be sitting outside the front door holding a cardboard box of their belongings, with a surprised expression on their face. If you don't think that can happen to you, I suggest you read your employment Ts&Cs again.
Most organisations don't host a public email service, so Microsoft have additional PR concerns to worry about. But any such provider is bound to respond to legal requests from the appropriate authorities. You would rightly expect your bank to keep your account transactions private, and if they negligently disclosed them you would be entitled to compensation. But faced with a court order, they will hand them over to the authorities. And that's just as it should be.
As I understand it, determining whether the aircraft was on the northern* or southern track depended on the fact that the satellite 'wobbles' slightly north and south of its nominal geostationary location. This slight movement would have been additive on one track and the opposite on the other (and the magnitude changes between hourly pings). It's this analysis that has enabled Inmarsat to eliminate the northern path.
* The northern track was never very plausible, because it crosses too many dodgy areas where one would imagine a rogue radar return flying at 35,000 feet would have attracted attention. But then there aren't many completely plausible explanations of this event.
thick as two short planks?
Let's see: Lily Luahana Cole, a Cambridge University (going well so far) art history graduate (bugger). Art History - that's what royals do, isn't it - neither Art nor History, a bit like taking a degree in French Chemistry.
I know I've posted it before, but
A charity that gets most of its funding from government is no more a charity than a prostitute is your girlfriend. Paul Staines (Guido Fawkes)
Re: Seriously how often *do* people replace their TV's?
If 20s is a real figure, rather than an exaggeration for effect, I'd say there's something wrong with your setup (or maybe it's a sign that your signal is weak). I do notice that it takes longer to switch between Freeview HD channels (albeit only a second or so) than standard Freeview, and I'd always (in my ignorance) put that down to having to wait for a full frame to be broadcast (most of the signal is a 'delta' with the previous frame - I hear the same effect when switching DAB stations on radio). I'll bet there are experts on here who can correct my naive interpretation.
To return to the fundamental question of a drop in TV sales, once again there are no drivers for people to replace sets that are working perfectly well. Maybe 4K will provide an incentive for new sales, but I'd bet that unless you've got a 100" set (and a mansion big enough to house it) you won't be able to see the difference with 'standard' HD.
Ah yes, recycled paper. Let's overlook the fact that trees grown for woodpulp are a crop, and the concept of recycling paper makes as much sense as recycling wheat. No, let's collect our waste paper, take it in a fume-belching lorry to a factory, where it can be mashed up and treated with lots of nice environmentally friendly bleach (because there'll be a lot of toner and ink mixed in and no-one wants to send out bank statements and bills printed on muddy grey-brown paper). Environmentalism in action.
And don't even get me started on 'recycling' bottles ...
Wasn't setting up a vaulting horse outside the store a bit of a give-away?
Re: “female hygiene accessory”
Or even (one of my favourites) a douchewaffle (636).
What sort of idiot company allows people to access Hotmail from their workplace? Oh, wait ...
Coin-operated trolleys are mechanically very simple - they're not collecting money, just giving you an incentive to return the trolley. Any object vaguely similar in size and shape to a £1 coin (€1 or even a suitable washer) will work equally well.
Coin operated ticket machines, dispensers of snacks/condoms, etc. will require much more careful adjustment or even replacement.
The other thing these 'rich lists' tend to ignore (partly because it's much more difficult to find out) is how much debt the wealthy have. The Queen may be in the clear, but Maxwell would have been on the Sunday Times rich list until he went for his long swim and it turned out his wealth was negative too. I'm sure there are lots of current members of the club to whom this would equally apply.
Back to front
It's the "commercial in confidence" government contracts that should be open to public scrutiny first.
Re: Mobile phones don't have remotely enough range
Some aircraft support the use of cellphones via an on-board picocell and satellite link (roaming costs are huge, of course). The 777 is certainly capable, and some of the Malaysian fleet support it, but I haven't seen a statement as to whether this particular airframe was one of them.
The fact that no calls were made suggests that it probably wasn't (or that the facility was accidentally or intentionally disabled).
The tail of the A330 floated because it's constructed from carbon fibre. The tail of the B777 is of similar construction, but is 'only' 60 feet in height, which might not be consistent with the estimated size of this object. I think parts of the flooring in a 777 are also carbon fibre.
They will be punished by being suspended on full pay while an investigation takes place and then, if found at fault, be required to take early retirement on enhanced terms.
Re: ... and a fitting tribute this is.
A huge exaggeration. Today's £1 has the equivalent (RPI) purchasing power of 9 old pence in 1953.
The 'time to live' for an airliner with a serious fire on board is minutes, not hours. The fire would have to be strong enough to knock out (and presumably kill) the pilots (no mayday messages sent), and then subside for 7 hours until fuel exhaustion. I'm afraid this is no longer plausible (but then I'm not aware of any plausible explanation that fits all the 'known' facts).
Re: What if it was ditched and sunk intact?
It's generally agreed that the Hudson landing was a remarkable feat of airmanship, but it took place in benign conditions on an inland waterway. Quite different to attempting a landing in the open ocean, where even a few foot swell would be almost certain to cause catastrophe.
Re: Here's more sensible analysis...
An excellent theory when it was posted. But it is no longer consistent with the (apparent) fact that ACARS 'keep alive' transmissions were received for 7 hours.
Any attempt to penetrate the reality distortion field that surrounds Salmond and his merry men (and token woman) is doomed to failure. Expect a reply demanding that you stop your Sassenach bullying. Scotland is a proud nation and won't stand for this sort of behaviour, etc ad nauseam.
As a security consultant, I've used the majority of these tools. There isn't a huge variation, either in price (where negotiating skills probably outweigh differences in list price) or performance. They're a bit like AV products: none of them is perfect; they're mostly pretty good; and which one is 'best' varies from month to month. For my purposes, reporting is an important consideration, and I like eEye Retina for its ability to produce nicely formatted CSV output.
I couldn't use a tool (no matter how good) that took all day to scan 88 systems - Retina does that in 30-45 minutes on my (nothing special) laptop. Since much of the work of these tools consist in firing off a probe packet and waiting to see if there's a response (unless you've found a vulnerability, there probably won't be), CPU performance shouldn't normally be much of a consideration. If you're testing locally (rather than over the Internet) you can probably adjust timeouts to improve performance by an order of magnitude.
The real blimp
Is the guy directing the "wide load" through the gates near the end of the video. Just average-sized for Ohio, I guess.
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs