699 posts • joined 31 May 2011
Pump and Dump
P.S. Proof of concept: Stock market pump-and-dump spam has almost entirely stopped. The stock exchanges acted to block the profits, and the spammers
gave up moved on to greener pastures.
Fixed that for you. The problem is that there are so many suckers. Still good points - Have an up-vote.
Re: Er... news?
So this is another "stuff bought second hand not wiped" news story?
Yes, in as much as there was data on it that might be valuable in and of itself (e.g. account details). However, the researcher was able to learn enough about the second hand box to be able to hack systems that are still in production, assuming they are still set up the same as the terminal he purchased. Knowing that the owner doesn't change the default password or that the password can be recovered from the discarded machine and is likely to be the same on systems still in use can be pure gold (literally). Finally, "Oh's findings suggest the retailer had a poor security policy that went beyond anything particular to the terminal he bought on eBay."
I would like to know which retailer this is so I can avoid walking through its doors.
Blade of grass on a football field
"I worry about the accuracy of their research if they think there's as many as a billion blades of grass on a football field."
Turns out this is a mathematics project/thing currently used to teach kids how to estimate. There are a number of examples posted online. This one gave the result as "about 63,350,000." A bunch of 5th graders could have told them better.
Re: Tired admin
A sysadmin really should check that every patch works and doesn't break critical services/applications before deploying.
I could not agree more and yet the people who get pissy if the "critical services/applications" aren't working are typically the same bunch who will not fork over the cash to set up development or test environments. I have had to work in several large network environments in which we had to "test in production," which basically means that we target a subset of the overall production environment and see what happens next before proceeding with the rest.
To play Devil's Advocate a bit:
I love the way I can log on from any device and just carry on without thinking about what device I'm using...
I don't, at least in as much as it is the default and automated (passwords stored on device). I also have an issue with the fact that others on my home network share access to some data. I know Google searches performed on one device show up in the cache for others regardless of the accounts being used. I don't know what other data leaks may show up, but this should be enough to raise concerns.
...he has no issues anymore with Malware, Viruses and toolbar hijackers.
It might not have any now, but I find it hard to give credence to the claim that there will be no malware, especially given the relative small amount of time between Android gaining popularity and malware being developed for it. Chrome has relatively few users right now, so it is not a worthwhile target. This will change as soon as someone thinks a profit can be made from it, so pretty soon. This also discounts targeting by government sponsored groups.
Google do not sell your personal data, they use your data to place more appropriate adverts.
Essentially, they do not sell the data, but have set themselves up as a proxy. It's more profitable if they simply rent it. On the other hand, they gather as much data as they possibly can, making them a very tempting target for governments and black hats alike. This sort of data gathering is baked into all of their products, as far as I know.
My C720 is the best computer I've ever had. And the cheapest.
I cannot argue with your personal experience, though I would stipulate there are cheaper machines and better machines out there, though perhaps not in the same package. As far as better value for money, beware getting exactly what you pay for. Manufacturers will sell at a loss if they think they will make up the difference and then some later down the road. It is why printer ink cartridges are ridiculously expensive, for example. Google seems to have a good idea of how to make money, so I would not expect them to do otherwise with these machines. The question is more one of how they do so.
I checked Amazon's site when I got home from work on Friday. It wasn't particularly hard to find the list of books available through this service, including listings by genre.
"No[w] if only I could use that just once in our call logging system!"
You can, but just once (for obvious reasons).
Rubber Duckie, you're the one \ You make flying through the vacuum of space lots of fun...
Tux, 'cause that's as close to a duck as we have ==>
Re: 8 years for 15K
It's really not possible for me not to be cynical about banks, having worked for one of the largest. Yes, they make mistakes, but they are much more apt to behave just as SuccessCase describes. They have a responsibility to their shareholders and feel that because it affects their (upper management's) personal pockets. They feel a responsibility to their customers mostly because of regulatory pressure and if they can around it, they will and have demonstrably acted in this manner on a consistent basis.
Looks suspiciously like a sink hole. What could the government possibly be hiding down there? Dirt? Water? An underground civilization? (˙ǝuo ʇsɐl ǝɥʇ ʇoN :∀)
The local library in my county lists 165,128 volumes in its collections. While 600,000 may sound like a considerably greater amount, it will probably make little practical difference. While Amazon has greater span compared to my local library system, it also has a much larger customer base. Even assuming only a fraction of their current customers sign up, there will still be a far greater number than live in my area and make use of the public library. With them will come far greater variations in reading taste and selection.
Also, Amazon currently has a big incentive to increase returns on this new effort. They will almost certainly be pushing people to buy books from them based on the data gathered from the service. While this is a pretty good business plan, I would not have to deal with this from a public library. They are apt to push other books on me, it still comes to the low price of my tax contribution.
On the other hand, public libraries offer services such as inter-library loans, public meeting rooms, and free events for kids. None of these are likely to be offered by Amazon with this new paid-for service. I am not sure how much of that applies to you as you are almost certainly in a different locale, but I would guess that at least some of it holds true.
Pleier says the interactions so far observed match the rate of W-W production and scattering predicted by Standard Model physics – which is yet another arrow-to-the-knee for more exotic physics.
Earlier in the article, it was mentioned that "at a critical temperature the Higgs field becomes tachyonic," To me, anything becoming tachyonic would seem to be exotic.
Re: @moiety: Try downloading the data sheet for a chip
I have started advising those foolish enough to ask me that they should routinely lie when filling out those questions used to validate your identity, especially when the sites involved are high value (e.g. banking, medical, et cetera). It makes it less valuable to harvest information from social media and other online sources. Obviously, this does not eliminate the risk of identity theft, but it helps secure individual sites.
As far as passwords are concerned, I find that a pattern-based system works fairly well. You need only remember the pattern used and a starting point for a given site. For example, if my base pattern was 1qaz@WSX and I wanted to apply it to El Reg's site, I would start at the letter T (for www.Theregister.co.uk/) and transpose: tgb5YHN^.
Re: Defence is always more difficult than attack.
Google may actually be on the right side on this one.
No, definitely not. They are on their side, not the right side. What they are basically saying is that they don't appreciate the competition and are willing to pay top dollar to put it down.
Re: I'll go pedantic
I think the big thing here isn't the creation of a router or switch, but the fact that they have created a photonic transistor.
Re: Yup, that's why I won't use apps.
It obviously does not stop with Android. I don't recall getting any sort of notification that Chrome would be able to access my web cam and mic. I just happened to notice that it had spawned yet another process. I realize that Flash and similar do this, but I can choose to enable, disable, or uninstall these if I wish. Now, Google have embedded this in their browser. Additional bloat, no or ill-defined user controls, and more... what's not to love?
Google seems to be intent on undermining any expectation that consumers should have control over their online lives. This is definitely not what I want to deal with.
Re: Nice job making the illustration captions illegible
"From left to right: Mastodon, mammoth, gomphothere. Credit: Sergio de la Rosa"
I suspect that El Reg did not reduce the resolution of the image and instead just went with what they happened to find first. Just a hunch.
Re: now it makes sense
...anything else was categorised as undecided
I suppose that's as good a way as any to record a response of "@#$% off!" followed immediately by an abrupt termination of connection.
Re: Note to self:
I always assumed the business centre computers or any public computers were riddled with malware.
I was a member of a group that held meetings at a local university. There were PCs and overhead projectors in all the classrooms. I wanted to use the overhead as part of a presentation I was giving. I had loaded the presentation on a thumb drive with a variety of portable apps (I did not know what the computer would have installed) and ran the portable AV product when I plugged it in. It had its work cut out for it. It seems that installing an AV product or using any sort of common sense was right out on those systems.
I know to treat these systems as the infected cesspools they are, but it surprises me that hotels don't take better care than they do. They only offer "free" computer access to their customers, meaning it isn't really free and might open them up to liability issues.
Re: Pluto Energetic Particle Spectrometer Science Investigation
I’d hazard a guess at zero.
It's "Coke Zero," not "Pepssi Zero!"
...like a sudden bout of creative swearing or perhaps going to a window and leering at pedestrians on the street below can give a useful jolt to our own grey matter.
It would be interesting to see how this is optimized for performance. How much random info leads to better results? What kind of "random" stuff would help? Sports scores? News sites? FaceBook? What is the neural network equivalent of cat pictures? Wait, that one already been done...
Yes, but you can't have lower case stars to simulate the loss of sound with the air running out of the environmental enclosure:
Re: Gifts From Above
All of that lovely Friday prose can be summed up in one word: predictable! Still, the gift card idea has some merit. Perhaps Amazon can shift from a sales model to one financed by ads...
Re: "Disney and Lucasfilm are, of course, saying nothing about the plot"
You left off:
Dancing aliens in bars with space jazz playing and funny colored drinks!
Retro screen transitions!
Inside jokes referring to movies that have nothing to do with Star Wars!
and Droids (running KitKat)!
Re: Our Mission
I just got a great deal on some prime real estate! It's a bridge. You might have heard of it...
From the linked abstract: ...BrutPOS... uses thousands of compromised computers to scan specified IP address ranges for RDP servers that have weak or default passwords in an effort to locate vulnerable POS systems.
It uses the simplest of methods to break into PoS systems and makes enough money for renting one or more botnets to scan for exploitable systems to be worthwhile. This was low hanging fruit, both for the researchers and for the crims. I agree that there is no need to tar the whole industry, but only because it seems obvious that same industry is doing the job well without outside help.
I am in the process of putting a PoS system together and had to browbeat the db developer into using basic security principles in the design because "It's going to be a closed system. How could any info possibly be stolen?" This simple check only shows the tip of the tip of the iceberg.
Re: What is the 'shockwave' made of?
"Sorry but I don't rate the clarity of the article much."
Thanks for the explanation. It was quite helpful. Some of the article goes beyond not being clear, though.
Once the hydrogen is all gone and no more energy can be extracted from the fusion process, the star dies and giant clouds of gas....
No, there's still hydrogen left at that point and fusion is still producing energy, just not enough to maintain equilibrium with gravity. What are those "giant clouds of gas" mostly made of?
You can't call a planet 'Bob'! I'm never calling it that.
The... man allegedly had a weather app which appeared innocuous until one searched for the weather in New York, at which point the app allegedly opened an encrypted communication channel.
So much spycraft - at least what is reported - seems to be rather pedestrian stuff. I wonder, when the "encrypted communication channel" opened, was it in the form of a holographic pop-up with a 3D spinning CIA logo followed by a direct link to his handler who appeared as a dark-cowled figure with a raspy voice?
Re: don't rendition in Italy
Funny you should bring that up. Is the difference between kidnapping in these cases and making an arrest simply that the capture took place outside the arresting party's jurisdiction (in possible violation of a sovereign nation's laws)? Is it ever OK to do this under international law? Would defendants convicted in absentia be given a trial in which they could defend themselves should they ever come into Italy's (in this case) custody? What makes the second action (trial without the defendants present) more acceptable than the first (extraordinary rendition) from a legal sense?
Re: History repeating
So, the inverse of Star Wars trilogies, then.
Re: Krebs title is better
Re: I think the idea is that they could identify a studio
Another possibility would be to purposefully add noise to lines that could later be decoded and identified.
Re: No other law that I'm aware of works this way.
I was torn between giving you an up-vote for catching my ridiculous usage error and down-voting for missing the obvious parallel between the judge in the ongoing MS/No-IP mess and the Hackensack Planning Board's use of eminent-with-an-E domain to attempt to take property from one group and give it to another based on it being blighted and in need of redevelopment. This unfortunately has been upheld in various courts as being legal (no prior convictions needed if I recall correctly), prompting various groups to attempt to change the law and to replace office holders. This last is obviously one of the areas where the comparison breaks down. Either way, while I am am not alone in comparing the two, your correction deserves acknowledgement: have an up-vote.
No other law that I'm aware of works this way.
Actually, imminent domain in various US jurisdictions has done just this sort of thing, though to to considerable outcry and ongoing efforts to have the law and office-holders changed.
Re: It is not only the images that are the problem
Context is all important.
So, to put it in context, someone points a camera at me while I am in a NSFW way and I allow it. Why would I have any expectation that this essentially permanent image would never be seen by anyone other than myself and the person taking the picture? What could possibly go wrong? Yes, posting of such a picture has great potential to detrimentally affect one's life. To me, this is analogous to posting one's most intimate details to a social networking site. You are quite naive if you think that just because someone else is telling you that it will never be seen by anyone else that you should have any expectation that it will be the case.
If it is predictable based on a very basic understanding of human nature that something will happen, then you should have no expectation that it will not. I am not defending the actions of individuals posting their exes' pics, but this really looks to me like trying to pin the blame for someone's bad decisions (allowing the picture to be made) on someone else (the person posting the picture).
As the AC pointed out above, the business version of the informed consent is the agreement each user agrees to when registering and most major companies preform some type of research. It makes me wonder if the user agreement would really cover this, at least in a legal sense. It's not as though in signing up for a service you are expecting to be experimented upon.
Also, academics have to put their experiments through a review process before going forward. Part of that process is an ethical determination of expected or possible harm to the subjects put against the expected gains in knowledge. From a business practice, I wouldn't be surprised if this came down to "Is this likely to cost us more money than it is likely to generate?" Just a thought.
...a Google security rep [said] the risk was a problem for web browser developers to fix, rather than a lone web app providers...
Perhaps someone can set me straight. Doesn't this amount to poor error handling on the part of the web servers? I would think that this is the sort of thing that mail servers have to deal with in handling attachments. Why can't cookies be filtered based on size, even if it is not by the web server itself? I understand that mail and web servers are not the same thing, but the issue has to have come up before. It would seem to me that the solution used in one case should at least be considered in the other.
Nothing was ever 100%
Nothing was ever 100% with EMET or Windows, it was just one more added precaution. Use throwaway VMs when needed for unsafe activities.
Nothing is ever 100%. Better to use throwaway VMs for all or most activities in addition to other precautions. Many enterprises are moving to a VD environment for this among other reasons. Qubes OS is another implementation of this idea, though for standalone workstation users. None of it is bullet proof - you still have to protect the data, for example - but it is a really good start.
Re: Mark my words...
Yes, it would be bad to miss out on the revenue stream that money laundering operations would take with them if forced to move to another state.
Just checking the pocket for cash.
Re: @Taylor 1
Yes, all very true, though it perhaps does not match my Top x List. However, the "new boss," same as the "old boss," has many of the same issues:
1) Lacks many security mechanisms, especially and most egregiously a meaningful way for users to grant permissions to applications based on informed consent rather than the all or nothing approach that is currently the norm.
2) Hold security as an afterthought - in as much as the app store is a part of the Android experience, even if not part of the OS, it is unusual for there to be any thought of security at all, after or fore.
3) Open source is no guarantee of security or flawless code, nor that it can be repaired if there are errors or vulnerabilities. It is a valid approach, but it is not the only valid approach. As far as overwhelming influence and monopolies are concerned, try breaking the internet by googling Google. For more Android flaws, try googling "android security issues"
Here's a question that is more to the point: When MS puts out a security patch, individual users and organizations have control of when it is applied. They can test it out before deploying it on a wide scale, wait to see how other people fare, or jump right in and trust MS with an automatic patching regimen. What choice to Android users have?
No, as it does not in fact represent the actual research being conducted. It is part of a larger, more elaborate study involved in getting people to count out loud in public restrooms.
Re: Irradiated electors
For a quick tutorial on zero-knowledge proofs, try "How to Explain Zero-Knowledge Protocols to Your Children."
Re: A similar exploit.........
Past exploits used FTP for similar purposes. Everything old is new again.
Re: "this writer's Apple Map app has started giving directions in a Welsh accent"
It couldn't possibly be as bad as Eve Myles trying to speak with an American accent... could it?
- iPad is an iFAD: Now we know why Apple went running to IBM
- Updated HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
- Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
- PROOF the Apple iPhone 6 rumor mill hype-gasm has reached its logical conclusion
- Black Hat anti-Tor talk smashed by lawyers' wrecking ball