985 posts • joined Wednesday 23rd September 2009 16:33 GMT
The fault isn't that they were running MSN (or any other messenger system), it was that the user clicked on the link they received and were C&Ced by the website it directed them to. In the original press release, the exploit vector was IE6, so one would assume they clicked a link from MSN Messenger on their Win(XP?) box and their IE6 popped up and faithfully bent over and took a malicious datastream up the <insert nether-region here>.
Either way, fail on Google for not enforcing Linux+Chrome on their users. Fail to the firewall jocks that allowed the malicious site through. Fail to software vendors for not supporting IE7+ (or even better FF/Chrome/etc). And, of course, fail to MS for allowing a C&C bot to install/hide on a WinPC by simply viewing a website in what should have been a next-to-not privileged app.
This will always be a fun story for the shear amount of fail.
One other side note: If [the hackers] stole the Gaia code, and Google figured it out (presumably from the source repo logs), why not just pilfer a checked-out version instead (which wouldn't have an audit trail)? Or does the source repo not actually check-out code to a workstation, but is web-based and allows for remote editing of a virtual "checked-out" copy?
The thing is, if you look at any computer maker's reportings, they say relatively the same thing. "Sales up XX% over same quarter last year." Intel and AMD are both shipping double-digits over last year, etc. Of course, last year was part of the the Great Recession... If we follow the chain, "Sales up XX% over last year, which was down X% from the previous year, which was down XX% from the previous year..." things must have just evened out a bit then?
The problem over The Pirate Bay being court-ordered to disclose IP addresses of people accessing their website comes to mind here. They argued that they could not due to not logging the information requested in the first place. Of course, the IP was, at some point, in their system and they chose to destroy, rather than log, that information, at which point it was argued they violated Discoverability laws. But hey, all in the name of privacy.
I guess you missed the Safari driveby download scare...
And as for a "convoluted trojan which requires an inordinate amount of user stupidity to actually work," I have seen many of these types infect Wintards. Click on a link provided by a Google search, it ends up being a webpage mimicing an AV scanning your My Computer explorer window saying it has found XXX number of virii, has a "popup" on which you click the "X", which pops up saying "download this. Run?", Click "Run" and windows pops up again, "Are you sure you want to run this? It isn't from a trusted source...blah blah". I'd say that falls on the "inordinate amount of user stupidity" side of the line. Probably more so than a link to install a supposed plugin.
Shhhh Jerome 2, the commentards might hear you. Why would anyone do something as simple as using ODF for their company and simply save it as a .doc to send it out to others? Everyone already has to do it due to .docx...shouldn't be hard.
Anyone else notice with each "new thing" to come out (IE Windows 7), our task is simply to ensure we can keep doing the same old things, but on the new system? Why do you think companies are still on Windows XP? It is because they know WinXP can do what they've always been doing. There are some bonuses for IT Depts in the new Microsoft OS releases, such as Printer Management, but all it does is replace scripting-encumbered auto-printer-mapping with a fancy UI.
1) Make sure the applications (still) work.
2) Make sure user shares and printers are available
3) Filter/Firewall/scrub p0rn, myface, youtube, etc from the corporate network
4) Read The Reg.
Sure, there's more, but this just about covers it.
Of course it's Matlab. Do you think those scientists actually learned anything in their half-semester course of C++?
Funny how they used "programmers" in the article. Script-writers perhaps.
The leopard hasn't changed it's spots, for it is black and simply has a mesh of color streaked across its coat.
"the windows CMD prompy beats the Linux terminal every day"
"every" = "any" perhaps?
Anyway, I'd like you to do something like this at a windows command prompt:
ps -ux | grep "firefox"
kill -9 <insert firefox pid here>
Why you say? Because Ctrl+Alt+Delete->Task Manager (or right-click taskbar -> Task Manager, etc) -> Applications tab (or Processes if you prefer) -> select Firefox -> End Task -> Are you sure? Yes!!!.... wait 5 seconds, didn't die? select and End Task again. Are you sure?!?!? FAIL
kill -9 and it dies. Period.
And yes, I am "conversant" with BOTH, and I actually know which role each should be used for.
Facial recognition is limited by the programming put into it. Boffins are doing fairly well so far, but throw a bit of hair in the way, and it can confuse their software. I think we're more likely to get a vehicle that can drive down a road by "seeing" than we are to get a good "pick out a face from this picture and recognize who it is" program.
And, as a journo note, "curcuits", how did that even make it past a spell/grammar check? Do these articles seriously get written in a comment box with a submit button? Someone have a count of typos in this piece?
We've done well with robot explorers, and I believe that is always the best "first encounter" with new environments. However, a human on mars could do more than a robot (at least the ones currently designed) could. For one, get unstuck. Perhaps clean/empty a testing container (soil sampler currently has only 6(?) testing chambers).
Of course, while we're still squabbling over who has to foot the bill for exploration and scientific progress, progress will be slow indeed. Just think of the progress that would be made if we knew, 100%, that a rock would smash Earth in 30 years. I guarantee one of two things would happen: 1) We invent/build some tech that will blow up/push the rock, regardless of global cost (yes, a global effort. funny huh?) or 2) the very wealthy would pool their money to life-boat themselves off until it is safe. (yes, I know, it sounds awefully 2012ish, but which is most probable?)
I for one vote for the original plan. Heavy lifters to get the crap up in the debris field known as LEO, construct the ship there, then ferry our happy, curious selves to wherever our propulsion can get us. Perhaps we'll have something akin to warp drives by the time those in charge finally figure it out. (I'll let you figure out which is more likely to happen first)
"when will they implement sorting of columns such as sender?"
As soon as you realize Google is a search engine. Just start typing the sender's name/email address into that search box at the top and it will automagically suggest the sender's full name/email for which you tab+enter or click+click (depending on how tech savy you are) and you (almost) instantly get your email "sorted" by sender (and content, which can be just as handy).
I, for one, welcome our new drag-and-drop enabled, sometimes spotty reliability, email overlords. May their servers always contribute to global warming and my searches (almost) always come with at least one link to a phishing site. (but you love them anyway)
"But come on, the first thing I though of was to cause a big popup window that says your computer might be infected with malware. It is preventing this windows update from completing, here is some suggested actions to take to remove the malware."
I believe you are missing something in your post. THIS IS WHAT MALWARE DOES TO GET INSTALLED IN THE FIRST PLACE. (the suggested action is "buy this AntiVirus 2010 software")
Sorry for the flame, but it was warranted.
"What I tell you three times is true (why?)"
One computer may get it wrong. Of two computers, one may get it wrong, but you wouldn't know which. With three computers, the correct answer wins by popular vote. The chance of a rare-as-it-is fluke of getting it wrong in the first place, TWICE, is an "acceptible margin of error." (most likely in the realm of <0.0000000000001%).
Why do you think any kind of true vote-based system uses odd numbers? There will always be a tie-breaker vote, since "yea" or "nay" is binary after all.
Seriously, if you have less than 2TB of data (about what tapes can manage nowadays), you'd be better off just dumping that data to an HDD. Better rewrite sustainability (for those 30-day tape cycles), and much longer archival lifespan. I wouldn't trust my data on a tape for longer than a few years. Unless those 32TB+ (compressed) tapes cost less than $100 (and I actually have that much data to dump in a full backup), I would still mark them is less-than-useful. Especially at $3k per device to write them.
"Now many years into the real world I realize it is not how good your code that determines your rank in an IT org but how can you outlast everyone else by eating crap and being a yes man."
Isn't the "yes man" and "eating crap" classes part of the MIS degree anyway? I'll take a field-working CS-type for an IT Manager than an MIS person any day, since they actually have a concept of how things can work, rather than reading marketing hype to make their decisions for them.
Perhaps they are simply avoiding the inevitable sludge-fest of a Win-Mac-Lin bash?
Anyway, I'm wondering WTF The Reg didn't just post the top 10 and the bottom 5 (for the rest of us to mock of course), but instead direct us to a registration-required website?
The FAIL is for the lack of actual usable information in the report.
"clusters to tap into vast amounts of latent processing capacity in Windows 7 PCs"
Ah! So that's why my Win7 is slower than WinXP! M$ must be tapping into my latent cycles to crunch search requests for Bing!
/mines the one with the tin-foil hat in the pocket.
A personal favorite BOFH episode of mine is when the BOFH has to attend a training and when asked to log in using his username and password, punches in "root." He receives a reprimand of "No, log on with YOUR username" to which he promptly responds: "But root IS my username!"
Ah, it is all too true, especially in a Windows environment. I can't even have a shared USB printer on a Windows box without having to grant the user(s) on said workstation Power User status. Some software, as stated before, refuses to work properly/install without Admin privileges, however, if you "run as administrator" the crappy software throws the keys/links/etc into the administrator's profile rather than yours and now is broken. Only way to install? Give yourself Administrator privileges, install, then revoke them, and then hope it doesn't need admin rights to simply run the program. Shoddy software is probably a key cause of requiring we admins to sit in an Admin account for our daily work. I can't tell you how many times I wished I could "right-click -> run as administrator" items in the control panel.
Yes, I'm presenting this from a Windows point of view because, last I checked, coporate environments like to use Windows. In Windows, as an Admin, you need Admin privileges.
"Intel and Micron announced a 25nm process earlier this year and are using the lower cost per chip to increase their profits rather than lower prices."
Ah, capitalism at its finest. And of course, the inevitable next report (some months down the road): "Now, with multiple manufacturers releasing flash chips in the sub-30nm range, prices have finally started to fall [slightly] on the large-profit-margin Intel and Micron-based SSDs."
Greedy coporate pirates. :)
Ah, but if they incorporated AJAX for the thumbs up/down buttons, then they'd never have any votes logged, for if you haven't read most of the comments, everyone seems to be browsing the web using "security by obscurity" browsers or NoScript-enabled ones such as Lynx (complete lack thereof) or FireFox and the like.
For those "normal" people willing to have acceptible risk vs functionality, I second the AJAX motion.
"HP also kicked out a new small form factor workstation called the Z2000 SFF.... What makes this is workstation instead of a desktop PC in a tower case is not clear. Prices start at $739 for a base configuration"
I believe you had already answered this question above: "...executives think they need one because their egos demand it."
What better way to satisfy their egos than to hand them a "workstation" that is even the fancy SFF, and have it be just about as cheap as a regular old SFF business model?
Why hasn't OS X been targeted, even though it has more "wealthy" people? Most of the malware I have been being punted about recently is scareware (that in turn installs a back-door or the like). Scareware works off of numbers. If only 1 in 100 infected are stupid enough to actually pay for the stuff to "get protected," then attempting to infect a measely 5-10% of the computer population is just plain stupid. It is the same reason commercial game developers don't develop for Linux. If your goal is to make returns by getting it out to the largest possible audience for the least amount of effort (or in the case of malware, the highest chance of infection from a random visitor), you target the most popular OS. It's just icing on the cake that the most popular OS happens to have loads of stupid users.
<insert repetative language about WinXP and x64 bit drivers and WinXP insecurities here>
Fail. That is all.
The true problem
The biggest FAIL I've read about in this whole story is that Google was hacked because its userbase was still using IE6 as an active browser. THEY MAKE CHROME FOR CRYING OUT LOUD! I would have thought their mandate would be "Use Chrome or get fired." Of course, unless their one of those companies using some flavour of software that simply requires IE6 to run properly. Then they just fall into the category of "Why didn't you use Chrome when surfing MyFace and SpaceBook at work???"
Fail to Google and M$ IE6
Their "patented" HDD rails aren't unique.
The Cooler Master Ammo 533 also has rails for the HDDs (not shown in photos). This tool-less case is quite nice, and I do agree, hard drive rails that just slide into place are nice.
I guess everyone is forgetting about the mole used in The Matrix III to penetrate "Zion." Of course, such a bunker-buster will probably be just as obvious and take just as long to bust through. Even using conventional drilling, it takes several hours to reach any reasonable depth. Post a requirement for human conveyance and they might as well hope for the mole machine from Core.
Disabling an immune response and declaring that 4 days of "smoking" showed significant reduction in lung inflammation? Well, it's nice they've proven the drug works as designed (an anti-lung inflammatory). However, the immune response was triggered for a reason. When these smokers have their small airways in their lungs fill with tar even faster because their lungs don't constrict in attempt to prevent deep penetration of the smoke/crap, then who will be responsible? Frankly, they should have left the mice smoking their regime until the first few died. My money is on the ones that have been injected with the drug.
First post an M$ bash, second and third a McrappyFee bashing. Gone are the days (that never existed) of quality comments.
My vote would be immediate "responsible" disclosure and if a patch isn't released in 2 weeks, go public. Proof-of-concept exploit code is close to rediculous, considering it allows some script kiddie to just dump the exploit into their virii framework with no effort of their own. The problem with propriety systems is there's no incentive to secure their stuff in any reasonable timeframe because where else are you going to go? Don't like the M$ failship? Unlikely your corp is going to jump ship to *nix and still get vendor support for your Win32 software running under Wine. Apple is right-out due to no sensible [note use of word] companies developing business apps for that platform.
M$ clearly has the application advantage, even if their OS is riddled with holes worse than a discarded water heater in the backwoods of Alabama... It is no different than the iPhone and App Store. People still buy the outdated hardware to get at the software, even though the likes of the Nexus One are on the market. No apps? No use.
Figure my allegence with that one. /coat
I agree the patent system needs reform/abolishment. However, since there would be next-to-no incentive to be the first to innovate if we did away with patents, perhaps make a requirement for "unique and novel." Yes, yes, it supposedly already requires that. But I'm talking, if someone invents a Warp Drive, grant them a patent. If someone invents coating the wires connecting to a warp drive with "identifying colors based on purpose" toss it out! Or perhaps "graphically displaying warp drive power graphically based on percent-of-maximum" crap. You get the idea.
Perhaps we should simply force all mutli-core programmers to actually read a book about threading rather than develop frameworks that deal with threads "behind the scenes" and hope it works.
<insert "teach a man to fish"-type comment here and mutter something about understanding a concept>
Yep, just set the jumper when installing the new disk and all will be well in the world.
Nothing to see here, move along.
p.s. Why would someone be dropping a 2TB HDD into a DOS-based system anyway? I know log files can get long, but sheesh.
Perhaps the CRS-X naming convention is similar to open-source projects, where odd numbers represent "unstable" builds, and even numbers are "production" releases. They just don't want to admint their CRS-1 and CRS-3 systems would have versionings of "0.1" and "0.3" in the open source world....
Symantics aside, world-changing technology isn't what I'd label the CRS-3. 3x the bandwidth/performance is quite radical by any means, but the only "world-changing" impact they could muster from this would be if they gave it away for free (with an optional support contract of course. How else would they make money?).
Last I checked, showing a degree was only proof that one had enough thought-power to do a list of tasks EXACTLY how one was asked, consistantly, over a long period of time. This is something that "self-taught" people with no Uni degree have no proof (and sometimes ability) to be able to do.
Now, as one of those that fall into the "self-taught" category, I've gone through the motions of getting a paper to back up my skills. When asked why, I merely reply "so I have a piece of paper backing up that I know what I know." Yes, it was an utter waste of my time. I gleaned perhaps one concept in each class that I did not know already. With years of field experience, it was no surprise. Now, the quality of work put forth by other students was quite another matter. You could easily see the "self-taught" students vs. the "normal" students. Their work (programming code, etc) spoke for itself. Self-taught students' code was varying degrees of atrocious, however it worked, and it worked well. The "normal" students had "standard" formatting, but couldn't even figure out how to loop through an array, let alone complete the assignment. And this is in a second or third year class! I always dreaded the "group projects" and specifically associated with the self-taught crowd for the fact that I could rely on their horribly constructed code to actually work its magic and all I had to do was decypher their class interfaces, rather than write the whole project myself just to make it work.
The education system, even in the US, fails miserably. Perhaps these dim-witted politicians want their progeny to have the "advantage" of the college education they failed to receive, at the cost of the quality of that education. It reminds me of a certain situation in border states in the US that had to "dumb down" secondary school exit exams just so more students could pass them.
It could be yours!
You can have it too! Sticker price says $2.6bn, but I'll let you have it for $2.5bn.
Missed the point
Very informative reply, but I think jake simply missed clicking the "joke alert" icon, as his "Flash? What's that?" comment most likely implied he chooses not to install flash at all and therefor has no problems. Good attempt though.
They already stated ways to possibly power these base stations: stick them on a mobile unit. So, if an alternater in a vehicle isn't good enough, I'm sure sticking an antenna on the back of a Paladin for some good'ol tank grunt should both protect the tower and power it sufficiently. When all else fails, mobile generators in on a trailer should do nicely. Probably the base ballist to keep it upright in high winds....
"every time I browse for porn and erase my dirty tracks with the push of a couple of buttons."
Last I checked, this is a good way to get stuck permenantly browsing porn as all the crapware shoves itself onto your system through the crap they call a browser.
And as for the tracks, isn't that what porn-mode, erm "In-Private Browsing," is for?
Fail for crappily-constructed sarcasm (please say it was just sarcasm).
"Oh, and the next "modern" machine I see with a modem needs to go in the blender - waste of space and power"
Unless, you're a Road Warrior. You know, the kind that may need to make (or receive) a fax whilst in <enter a random nowhere-ville location here> for business reasons. You know, the type that might be in to the ultra-portable and light, but cheap for the beancounter's approval, type laptop.
Simply put, online dating (and no, not restricted to "dating" sites) avoids the evolutionary problem of finding a suitable mate within proximity, by chance.
Pontificate at your own expense.
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- NSFW Oz couple get jiggy in pharmacy in 'banned' condom ad
- Exploits no more! Firefox 26 blocks all Java plugins by default
- Shivering boffins nail Earth's coldest spot