Meh, who needs hackers when a network failure can take down all your ATC radar at once:
29 posts • joined 27 Jul 2010
Meh, who needs hackers when a network failure can take down all your ATC radar at once:
The IT questions in Section 27 are interesting:
Have you illegally or without proper authorization accessed or attempted to access any information technology system?
Have you illegally or without authorization, modified, destroyed, manipulated, or denied others access to information residing on an information technology system or attempted any of the above?
Have you introduced, removed, or used hardware, software, or media in connection with any information technology system without authorization, when specifically prohibited by rules, procedures, guidelines, or regulations or attempted any of the above?
If you're applying for clearance to work at the NSA, the correct answer is presumably "yes".
Meanwhile, in the background, MalumPoS uses regular expressions to sift through memory and locate fresh credit card information.
... the LogJam flaw shows how internet regulations and architecture decisions made more than 20 years ago are continuing to throw up problems.
Headlining El Reg in 2035:
"Modern internet vulnerable thanks to mid-2010s panic over paedophiles and terrorists. Also, Paris."
That was worth a Ctrl-U, just to learn that the Stupid Sh*t No One Needs & Terrible Ideas Hackathon is actually a thing.
Colleen Josephson, we salute you.
[Citation needed], but I'm guessing that's a reference to section 48 of the Telecommunications (Interception Capability and Security) Act 2013:
This requires network operators to advise the GCSB when they make changes within "areas of specified security interest" as defined in section 47. That section lists things like interception capability, storage of customer or network admin credentials, and parts of the network that aggregate large volumes of customer data (in flight or at rest). I'm neither a lawyer nor a network engineer, so hopefully someone better qualified can explain what this all means in practical terms.
I'd always assumed that "emoji" was a portmanteau of the "emo" in emoticon and the Japanese "ji" meaning character (as in "kanji", literally "Han [Chinese] characters"), but it's actually a Japanese word in its own right.
Kenkyusha's New Japanese-English Dictionary (5th ed.) defines it as "a pictorial symbol; picture writing; a pictograph" and gives the kanji 絵文字 (絵 "e" means picture, as in the famous ukiyo-e art style, and 文字 "moji" means written character). According to the Japanese Wikipedia article on 絵文字 the first encoded emoji was the baseball symbol in CO-59, a 1959 interchange code used by a group of large newspapers (carried into Unicode as U+26BE).
The Hacker's Handbook was one of my most prized possessions as a spotty teenager. Reading the text now (http://www.textfiles.com/etext/MODERN/hhbk), I have to smile at gems like this:
"Hacking is an activity like few others: it is semi-legal, seldom encouraged, and in its full extent so vast that no individual or group, short of an organisation like GCHQ or NSA, could hope to grasp a fraction of the possibilities."
They sure got that right...
Here in NZ they want a blanket right to demand passwords even without reasonable cause:
But it's okay, they promise not to disclose any lawful content and we all know government agencies never abuse their powers.
Is there really "zero chance" the malware authors could hack drive firmware without access to the source code? Sure, publicly available firmware binaries are probably obfuscated in nasty ways and would require a lot of reverse engineering even after decryption, but why should that be beyond the ability of a well-resourced organisation like the NSA? There's a long tradition of amateurs hacking DVD-ROM firmware to disable region locking, for example - if J. Random Hacker can do this in the comfort of their own basement, why can't the professionals do it on a grander scale?
"You agree that access to the Support Portal, including access to the service request function, will be granted only to your designated support contacts and that the Materials may be used only in support of your authorized use of the Oracle product and/or cloud services for which you have a current support contract. Except as specifically provided in your agreement with Oracle, the Materials may not be used to provide services for or to third parties and may not be shared with or accessed by third parties."
Where it gets murky is the situation you've described, where you pick up knowledge in the course of your authorised access that happens to be helpful to a third party sometime in the future. My guess would be that saying "oh hey, I have a downloaded copy of a support article that might come in handy here" is out, but saying "I've hit this problem before and I remember what the fix was" is ok - unless Oracle want to claim they own the part of your brain holding their content, of course...
It sounds like the behaviour described in the article, offering patches you've written yourself without access to licensed support material, is quite different from what they're squabbling about in the lawsuit. Whether it contravenes some other license clause is a whole separate question.
Interesting that out of all the potential applications they chose to highlight powering aircraft. With the level of scepticism they must have expected, surely the last thing they need is to remind people of the 1950s atomic-power-will-solve-everything optimism that fuelled the Aircraft Nuclear Propulsion programme. Then again, if they could demo this puppy in a B-36 I for one would buy tickets to watch.
(Mine's the one with the lead lining.)
"Or better yet how about one which spins up half a million Z80 instances, half a million 6502, and none of those instances would talk to each other?"
Just the ticket for anyone wanting to virtualise half a million Commodore 128s (and who doesn't?).
Good address for an IBM site.
"Black hats would be combing it over for vulnerabilities applicable to Vista, 7, 8, and 8.1 too."
So the same as MS-DOS 1.1 then.
I propose a new unit of unquantifiable performance, the Wally:
> TOTALLY! Shades of Pink Floyd's "The Wall" HA!
Or the Roger Waters solo album Amused to Death, which was inspired by Postman.
To be fair to Oracle, EBS has been certified with JRE 7 since December:
The Metalink notes say they also support IE9 and Firefox ESR 17 on Win7. I have a lot of gripes about how Oracle handles certification and patching in general, but in this case the criticism isn't justified.
Of course not, because why would any phone user ever need an input method for a language that doesn't come pre-installed by their provider? If English was good enough for Our Lord it should be good enough for us.
This worked a treat in Western Australia:
In maths TeX and its cubs are pretty much the standard for writing technical books. Surely Apple know the education sector well enough to realise this, and don't expect serious authors to use drag-and-droolware?
Am I the only one who hears the Quake 3 announcer voice when they read the probe's name?
To be fair to the company, I can see how they might have got the name. The katakana (Japanese syllabic text) stamped on the logo reads ボロックス "borokkusu". That's also how you'd transliterate the English word "blocks" into Japanese - the extra vowels turn up because Japanese is built around what we'd consider to be consonant-vowel syllables. Since the Bollox range seems to be owner-designed kitset-style homes, "blocks" almost makes sense.
Then again I'm nowhere near fluent in Japanese, so this could all be a load of borrokusu.
Last I heard the R1 was slated for retirement in 2011, to be replaced by Rivet Joint:
Has the defence review said anythng about this?
> So how is nsLoginManagerPrompter.js modified under Windows - is it
> only people running as admin ? The article doesn't make it clear.
Well firefox.exe runs as the logged-in user, and by default unprivileged users only have read/exec privs on the Program Files directory tree. So short of finding some sneaky way to subvert a privileged service (Windows equivalent of daemon), it's hard to see how this could work without admin rights.
The more interesting part of question - which neither El Reg nor Webroot answer - is how FF is tricked into modifying this file even if the user does have write access to it. Presumably it's not an arbitrary file overwrite vuln or the trojan would be doing much worse mischief. I can't find any relevant mention of nsLoginManagerPrompter.js on bugzilla.mozilla.org, so I guess either the Mozilla team are quietly fixing this or the whole thing is bogus.
> The global .js files on Linux are protected.
So are the global .js files on Windows, unless the user runs with Admin rights. Yes, I know lots of users do, but "I'm safe because I don't run as root" is different from "I'm safe because I run <insert OS here>".
But who needs history when you can have hype?
So how is IBM tying z/OS licenses to IBM hardware any different from Apple tying MacOS licenses to Apple hardware?
And as long as the customer purchases a legit license, isn't talk of intellectual property rights irrelevant? Even if the clone-makers need to know the secret herbs and spices to support the OS, doesn't competition law allow the OS vendor to demand a "fair and non-discriminatory" license and NDA?