37 posts • joined Wednesday 26th March 2008 12:37 GMT
I am not defending the term "hacking". I'm suggesting that the media calling script kiddies "hackers" feeds their egos, and perhaps that is the actual reason they make a nuisance of themselves. Call them what they are.
Taking down a few DNS servers is not a massive challenge, and could be done by more or less anybody for the downloading of a script. Just like letting down car tyres.
Can we stop calling this morons "hackers", please? DDoS is about the intellectual level of letting the air out of car tyres. How about "obnoxious wanker" instead? It even sounds a bit like his handle. Maybe that's what he meant but he just couldn't spell "obnoxious".
Re: Coming to a browser near you soon
Re: IE still exists?
Chromium's core is webkit, which used to be KHTML, which was the rendered for the KDE project. KDE is a desktop environment for Unix, and Windows NT (hence XP, Vista, 7, 8, ...) is meant to be a Unix killer.
Firefox is based on gecko, which was the cross platform renderer for Netscape6. Internet explorer was specifically meant to kill Netscape.
Using either as the core of IE would not just be microsoft admitting that they had failed to kill Unix or Netscape (the technology, that is, since netscape the company is quite clearly dead), but actually admitting that after all these years of trying, they're still totally out-classed.
Re: You need more Research
You also need to do more research if you think being capable of being used as a transparent proxy has anything to do with anything. Tor has many weaknesses and shortcomings where anonymity is concerned, but this isn't one of them.
every GPS enabled mobile phone contains a relativity corrector
Shhh! Keep your voice down! If Stephen Fry hears that he'll be postulating that reading email on his Jesus phone is theoretically capable of initiating time travel.
As you may have realised, my collision comment was in response to the comment about Gerhard Mack's password being wrong, and even then I qualified it with a lack of confidence in my inference.
As for encrypting the has store -- that's all well and good, until it turns out that your hash store is a database table, and the front end to that database is vulnerable to sql injection. No idea if that had anything to do with how they got the password and billing details, but since stratfor got almost everything else wrong, it wouldn't surprise me if simple script kiddie stuff played a big part.
Without knowing what hashing algorithm was used for the passwords, it's impossible to speak with confidence, but there's always a possibility of hash collisions -- you may have had the world's greatest password, but a weak hashing algorithm might result in a collision with "password"123.
My understanding is that passwords were hashed. It's credit card and other sensitive ID information that was not. md5 is useless for these things, because you need to be able to decrypt them for repeat billing and the like (otherwise it'd be safer not to store them at all)
I blame Maggie Thatcher ...
Do you really need the joke explained to you?
If you read only the upper case words, the headline is "ALIEN LIFE FOUND ON MOONS"
Or, in other words, it takes the piss out of the sun and its sensationalist headlines.
Logically, if you need to suppress the Refer(r)er header when you cross from https to http for privacy reasons, it only makes sense to do the same when you cross from one domain to another when using https for both (since you don't want sensitive information from example.com to get logged in the access log for nosey-buggers.net)
Therefore, regardless of what rfc2616 requires browsers actually do, suppressing all referral information would actually be in the spirit of the document, while passing potentially sensitive information along would not.
I have no idea which google actually do, but since they call it "secure", I'd imagine they do the sensible thing and suppress for all.
rfc2616 isn't for google to play by -- it's the browser that does not send the refer(r)er field if it's crossing from a secure request to an insecure request, not the server.
Let me tell you a story. A long, long, long time ago we had this thing called "paper money" and you could receive it from a "hole in the wall". There was a complicated arrangement where some of these things charged you for dispensing paper money if you didn't have the correct magic icon on your magic token.
People bitched like you wouldn't believe about this.
Now there's a much simpler arrangement where only a few machines charge you money and they announce how much in big letters on the screen. Also, it's not that much.
It seems to me that some people do not wish to learn from the past. In the meantime, I'll stick with good old fashioned paper money. It's a lot harder to steal than any of the high tech alternatives.
"People need to understand that lyricist jinn is a fully independent artist with limited capabilities, listen to the lyrics and humble yourselves."
"People need to understand that lyricist jinn is an individual with limited abilities."
Employing door lurkers to check the receipt on your phone does more than move the problem from the checkout to the door, it actually makes things worse by taking multiple short, parallel queues and turning them into one long, serial queue.
Re: Too easy
You are absolutely correct. However, that flies in the face of facebook's business model, which is to harvest as much information about EVERYONE as they possibly can, so that they can turn it into targeted advertising revenue.
It is not in their interests to do the right thing, so they won't do the right thing. This is true for all businesses, whether it's google, facebook or Tesco (you don't really thing clubcards and nectar cards are about getting you a better deal on your shopping, do you? The POS terminal is a dataharvesting device and loyalty cards are the GUID that helps stores to tie transactions together)
Congratulations, 1984 arrived a very long time ago.
If the circumstances were right, I would be a looter. I'd be among them. I freely admit it.
I wouldn't be looting jesus phones, crackberries and plasma televisions, though. I can live quite happily without that crap, and so can they,
Food. I'd loot food, if I were starving (or the world had just ended and I felt a sudden need to stockpile for the future.)
Things would have to be pretty damned hairy for me to take something that I have no right to, though, and I can imagine no situation so dire that I would go out on the rob for a new telly.
Stopping spam in two less easy steps
1. All mail client producers (including webmail outfits) must update their software to REJECT HTML/rich email. Let's be honest, nobody really needs to be able to send email in fluffy pink comic sans. This almost completely neuters phishing (sure, you can try the old http://email@example.com trick, but it's a lot harder to dupe people when you can't hide behind <a> tags). This also makes it harder for image spammers (popular with the pharmaspam crowd) to get their image looked at.
2. Encourage the widespread use of public key crypto. Educate people to use it. have all mail clients refuse to accept mail that hasn't been both encrypted AND signed. MUA providers should have their tools mark mail signed by a key that is not in your WoT as untrusted so that the user gets a visual cue to approach with caution. When you sign up for a service, you should receive their public key and they should be able to receive yours (either by direct submission from you, or from a public keyserver). This would freeze spammers out by making it less likely that their mail would ever get read. This might even get rid of those annoying boilerplates about "misdelivered email" -- if it's been encrypted with YOUR public key, then it stands to reason that YOU are the intended recipient, right?
Okay, so there might still be some spam, but it's unlikely to be profitable and should be much more manageable (unless the spammers find new ways to be sneaky).
If you want some extra homework, consider deeper architectural changes to how email works, such as DJB's IM2000.
VBScript and SMB?
If you are prepared to arse about with substrings, VBS may well be able to do what my bash does. I'd rather not have to write it, though. Powershell may be a better bet (since it was intended to provide unix shell-like scripting capabilities to windows, which, in microsoft's estimation, were lacking. Make of that what you will), but you'd know better than me.
We could have used SMB (via samba), but we didn't because only a complete tool would use SMB for a one off transfer, and it would have taken considerably longer (not in set up time, which is near instant, but in transfer time -- SMB/CIFS is very, very slow -- we might as well have used netcat over wireless if we wanted it to take an hour. We could also have used WebDAV (again, not fast) or NFS (absolute PITA)).
AFAICT, windows hasn't improved since windows 3.11 (I have vista for work, which I try to avoid using. Not impressed)
Name one thing ...
Okay, I'll bite the troll-bait ...
There is nothing you can do on *nix that you cannot do on windows without a little thought. However, if you know *nix WELL, there are things that you can do very easily and naturally that are neither easy nor natural on windows.
Two examples from my real life:
Several years ago, I was asked to rename all of the (few thousand) image files in a directory so that they had the string "_dpr" between the stem and the extension. I came up with a bash incantation looking something like this:
cd /path; for ext in jpg png gif; do ls | grep "\.$ext$" | while read file; do mv "$file" "$(basename "$file" ".$ext")_dpr.$ext"; done; done; cd "$OLDPWD"
(On windows you'd either spend all week on the task or install cygwin and use a *nix style shell to run a *nix style command, so it's possible, but not particularly natural).
A few weeks ago, a friend and I wanted to exchange a few GB of data. With no USB sticks to hand, we fished out a length of crossover (because the wireless network would have been painfully slow) and used netcat (he typed 'nc -l -p 1234 >file.dat'; I typed 'nc 10.0.0.3 1234 <file.dat'; it took about a minute, maybe two)
On windows you might manage to find a native build of netcat, or you might set up a one-off FTP server, or you might go out and buy a USB stick, so you could do it, but it would be neither easy or natural (and it would probably take you longer than a minute (including faffing about time), even with a length of crossover).
I have a few more (increasingly boring) anecdotes in a similar vein. I tend to acquire one every couple of years.
It may be that the converse of my thesis is also true, that there are things you can easily and naturally do on windows that are neither easy nor natural on *nix, but if there are, I am yet to find them. Perhaps you could furnish us all with an example or two, that you have experienced in your real life?
It is FUD when Microsoft says linux violates a patent or 370
Particularly when they do not specify which patents they are referring to.
The patents in question may be at the end of their lives.
The patents in question may be trivial to avoid, once you know about them (see tridge's vfat patch, for example)
The patents may be blindingly obvious, and unlikely to survive reexamination.
The patent may not actually be infringed at all -- just because microsoft's opinion is that it is doesn't mean that anyone else sees it that way.
If you can't see the patent, you just don't know. If end users and potential integrators cannot inspect the patent to decide for themselves, they are encouraged to assume that the claim is valid, cannot be worked around, and may make linux a liability.
And THAT is why every microsoft patent claim to date has been FUD. They have served to create (some, minimal) Fear, Uncertainty and Doubt in the market. If they weren't FUD, Microsoft could just say "Patents X, Y and Z are infringed, mofo, now make your house clean." (or whatever the appropriate legalism is)
They haven't, and this is very telling.
If Linux Foundation members are "a bunch of angles"
I'd like to nominate Oracle and Google for obtuseness.
Re: The gnomes again
1. As you say
Step 2 is a compound step:
2a. Notice that every Thursday Mrs Jones takes the Jones children to "the park"
2b. Notice that every Thursday at about the same time, Mrs Smith goes to "fleapit motel"
2c. Notice that every Thursday Mr Jones also goes to "fleapit motel"
2d. Conclude that neither want Mr Smith nor Mrs Jones to learn of this
2e. I think you can see where this is going.
3. Profit (again, as you say).
In the mid 1980s, when the KGB employed a bunch of coke addled German script kiddies to search American military networks for information, and got caught, the US authorities didn't seek extradition. Hell, when told about the activities by some hippie astronomer who'd stumbled across the scheme, they didn't even bother securing their computers.
If activities conducted by proxies working on behalf of the KGB didn't warrant an extradition, why should some some geek with a UFO obsession suddenly be in need of such expensive justice?
About what you'd expect
The same Sys-Con that _still_ employs Maureen O'Gara? Seems to me that generally abusive behaviour fits pretty well with their established track record.
I suppose running a blog aggregation site is all you have left when your real journalists and editors resign in protest. I'm just surprised it's taken them this long to notice that nobody seems to write for them any more.
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Review Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16
- NSFW Oz couple get jiggy in pharmacy in 'banned' condom ad
- Analysis Microsoft's licence riddles give Linux and pals a free ride to virtual domination