Feeds

* Posts by Entrope

91 posts • joined 3 Aug 2012

Page:

Google kills fake anti-virus app that hit No. 1 on Play charts

Entrope
Trollface

Re: Pretty easy

Hah. Anyone else remember the days from the Windows 95-98 era when applications costing upwards of 20 bucks would claim to "INCREASE YOUR COMPUTERS MEMORY!!!11!1!" (read: increase the size of the Windows page file which anyone could do from "Control Panel" -> "System".)

11
0

Windows XP still has 27 per cent market share on its deathbed

Entrope
Mushroom

Re: Lots of last-minuters out there.

From my experience even most small companies with staff who primarily use their systems for mail and web browsing have long upgraded from XP. Don't forget that these are typically companies with no fulltime administrator where the company owner simply buys off-the-shelf with whatever operating system said systems happen to have on them during the time of purchase.

Hence any such user who has purchased a system over the past seven years should already have Windows Vista installed (and believe me when I say that despite Vista's issues a lot of regular users simply didn't care as that's what the computer came with).

5
1
Entrope
Mushroom

Re: I don't believe it...

Some months ago I saw a photo on Reddit of a lost notebook someone had found. Fella tried to boot the system up and was greeted with the lovely sight of the Windows Vista smartcard logon screen...

...along with a US DoD Property notice.

Does that answer your question? :P

0
0

Torvalds rails at Linux developer: 'I'm f*cking tired of your code'

Entrope

Quite worth reading the rest of the LKML thread...

...as it seems that quite a few others are miffed at the systemd maintainers as well.

16
1

Hardwired crypto certificate FAIL bricks Juniper router kit

Entrope
Mushroom

This is rather mean.

I mean at least Microsoft gave everyone years of advance notice with respect to Windows XP's impending End-of-Live. Even then, though, it's technically still possible to use the Operating System.

If I were one of Juniper's customers and all of my kit suddenly died with zero advance notice what-so-ever I'd be rather miffed. Especially so if the fail-over routers were also old and thus also affected.

Routers especially tend to last rather long and for most part if you're utilizing nothing beyond core routing functionality it's not uncommon to be able to get away with not patching the router for years. I've seen tons of Cisco routers in the wild running on ancient versions of IOS. But hey, if it works, why not? Imagine if every single Cisco router in excess of five years old suddenly "deactivated" overnight... half the internet would probably collapse.

4
0

Red Hat plans unified security management for Fedora 21

Entrope
Linux

My reaction: Finally!!! Wait... god damnit!

"Finally!!!" because such a facility is awesome and couldn't come sooner.

"god damnit!" because considering this nugget of brilliance is only going to be released on Fedora later this year there is simply no way of it coming to RHEL 7.

(Small team here so it does help tremendously in the "update management" department if we simply stick to what's available on the standard RHEL repositories... especially since Redhat does an astonishingly good job (in our experience) in ensuring that patches don't end up borking our live servers (and of course replace RHEL with CentOS for our less mission-critical servers)).

2
0

Seattle pops a cap in Uber and Lyft: Rideshare bizs get 150-driver limit

Entrope
Thumb Up

Re: The same-old same-old

My sole purpose for logging in after reading this article was to make a comment about the unions along with the striking resemblance of this case to that of "New Jersey versus Tesla" but I guess that's been settled already.

Having said that however I do feel that I need to make a further mention that unions are nothing but a complete waste of oxygen. Their only purpose seem to be... well... how should I put this...

What's that old American saying again? "How many workers does it take to change a street light (bulb)?"

2
10

Not sure if you're STILL running Windows XP? AmIRunningXP.com to the rescue!

Entrope

Abacus? That's a little mean... no?

I mean yeah it might be a tad bit old...

...but at least it doesn't suffer from security vulnerabilities.

0
0

Mt Gox fielded MASSIVE DDOS attack before collapse

Entrope
Mushroom

Re: 850,000 Bitcoins worth hundreds of millions of dollars

Except that a very recent leak revealed that MtGox had over 950,000 Bitcoins?

Considering MtGox's "trustworthiness" then (oh who am I kidding, this is the same MtGox which had parsed usernames and passwords in plaintext through URL's when the site first launched) I wouldn't be surprised if MtGox DDoS'd themselves in order to portray a false image of MtGox being the victim.

3
0

20 Freescale staff on vanished Malaysia Airlines flight MH370

Entrope

Fake passports?

Apparently "five passengers booked on the flight did not board and their luggage was consequently removed" and "it has also been confirmed that two passengers were travelling on stolen passports."

While not evidence of foul play, it is suspicious.

Condolences to all.

0
0

Microsoft to get in XP users' faces with one last warning

Entrope
Mushroom

Re: Woo hoo! Phishing opportunities galore!

I actually thought that Microsoft's popup did 100% resemble a phishing dialog.

Things are sure to become quite interesting in the near future.

All that's left to say is... Yipieee!

17
0

Government-built malware running out of control, F-Secure claims

Entrope
Mushroom

Re: Symantec and McAfee (among others) have not responded

Yeah. This is the same Symantec that has for quite some time now refused to participate in AV-Comparatives while just about everyone else has no issue with said participation.

That in itself should already be setting off alarm bells.

This however is just another reason for anyone to avoid Symantec at all cost.

10
0

The UNTOLD SUCCESS of Microsoft: Yes, it's Windows 7

Entrope

Considering VL Windows 7 SKU's are no longer available...

No shit?

We over here purchased a hundred Windows 8 licenses not long ago...

...to install Windows 7.

1
0

Credit card of PayPal PRESIDENT cloned by UK crooks

Entrope
Mushroom

Re: Wouldn't have happened if merchant accepted PayPal

What would have happened instead is that I would have walked out of the shop empty-handed because PayPal would have locked, suspended or otherwise denied me access to my funds in my account the name of "my safety" and whatever other colossal Godzilla dung.

Kinda a small little bit of detail missing eh Mr Marcie?

0
0

HP 'clarifies' firmware/support contract rules

Entrope
Mushroom

Double-U Tee Eff?

In the first place shouldn't HP be providing us with servers with non-broken firmware?

And if said firmware is broken shouldn't it be HP's responsibility to mend it at no additional cost?

Admittedly it has been a while since any firmware on any server has given me any major headaches. Having said that however we did shift away from HP ProLiant (to the delight of just about everyone in our company) many years back and we are now Dell PowerEdge exclusive.

I guess the one benefit I see of this is that it's now a lot easier for me to convince my clients to stay clear from HP. While it is quite rare for there to be critical firmware bugs three years after release it is always nice to get small performance bumps from time to time through firmware optimization.

5
2

Adobe goes out of band to fix frightful Flash flaw

Entrope
Mushroom

Aaand... updated.

Had this update in our repository within five minutes of receiving this particular advisory.

Have to say though... considering that Patch Tuesday is a week away this must've been pretty damned urgent for Adobe to release an out-of-cycle patch. Most of the time we'd be waiting another week. Or two. Or three.

1
0

Hacker backdoors Linksys, Netgear, Cisco and other routers

Entrope
Mushroom

Well...

...where I'm from I can certainly see this attack working extremely well.

The vast majority of ISP's here simply authenticate users by checking against the MAC address of their router/modem. To the ISP it's one less thing for the user to screw up and hence one less issue for the user to create and subsequently call the ISP to complain about.

It also makes it easier for everyone when a given user chooses to change their router/modem. Simply call the ISP up, give them the new MAC address (which more often than not is printed somewhere very obvious on the appliance), and let DHCP take care of the rest.

And as already mentioned, just about everyone isn't interested beyond getting their router up and running and as such most users will not notice much of a difference pre/post factory reset. Sure, WiFi might stop working... but they'll probably just try to log into their router with the default credentials which they never bothered change in the first place to set WiFi up again and all's well in this world again. In their view at least.

0
0

Mexican Cobalt-60 robbers are DEAD MEN, say authorities

Entrope
Mushroom

What a laugh and interesting read the comments in this article are.

Wasn't going to comment on this article originally. I now feel the urge however to mention that this is one of the big reasons I read The Register. The comments section in articles are often filled with both insightful and outright humorous posts which can go on to make my day.

I've long had an interest in reading up on disaster-related incidents of various types and there was at least one story linked which I hadn't had heard before. Thank you for that, Dan Paul.

(One of the original reasons for my interest was from back when I was a rather young chap when I noticed that everyone keeps banging on about how everything nuclear is the root of all evil. Yeah, radiation can be bad. We get it. It's stupid however that even the smallest of incidents involving any form of radiation often over-shadows much larger incidents of other types. I, for one, have noticed that while just about everyone has heard of Chernobyl almost no-one I know is aware of the massive chemical incident in Bhopal. And the two incidents weren't exactly far off from one another.)

This bit though made me spend the next half hour cleaning my monitor;

Daniel B.: "Indeed, all radioactive stuff has explicit labels like the all-known fan-shaped one and "MATERIAL RADIOACTIVO" stamped on it."

I like crisps: "or MATERIAL......SCORCHIO!!!!"

And now for a suitable icon...

0
0

Think unpatched Win XP hole's not a big deal? Hope you trust your local users

Entrope
Mushroom

Re: "unless a BOFH opens a email containing rigged PDFs from a vulnerable server"

You'd be surprised.

Some months ago a friend of mine had made an urgent request for me to pop by her office to take a look at their failing Microsoft Exchange 6.5 on Server 2003. Apparently their outsourced IT "support" (and I use the word "support" rather loosely here) were too incompetent to solve the problem.

Anyhow. Dropped by her office. Asked for her to log into the server. My jaw hit the ground when I saw the desktop and then hit the core of the earth when I navigated "All Programs".

Chrome? Check. Firefox? Check. Thunderbird? Check. Adobe Flash? Check. Adobe Reader? Check. Silverlight? Check. Nero? Check. Antivirus definitions dated 2009? Check. Firewalls disabled? Check. And I could go on forever, frankly.

And this was on their corporate Exchange server.

0
0

Revealed: How Microsoft DNS went titsup globally on Xbox One launch day

Entrope
Mushroom

I lol...

I had, admittedly, performed a similar cockup many years ago.

While moving our firewall policies from one GPO to another I had forgotten to disable the destination GPO first before applying the new firewall rules. And because the base policy was to block all inbound and outbound connections by default (and also because I was rather slow in setting the new firewall rules up) quite a number of systems inherited the new GPO before it was fully configured and were thus left in a state where traffic in both directions were being blocked.

Fixing that wasn't fun as I couldn't automatically force all the affected workstations to acquire a new policy since I had successfully bricked their network connections.

Lesson learned though is that I now set up new GPO's as very-freaking-disabled, configure them, export to test environment, test, and then enable them if all goes well in test.

For Microsoft to have made a similar cockup though... hahaha.

3
0

AVG, Avira and WhatsApp pwned by hacktivists' DNS hijack

Entrope

Re: so far so good

I'm personally surprised that no one has commented on their use of NetSol in the first place.

Now I do admit that I haven't visited NetSol's site in years (and still refuse to even in the name of fact finding) but last I checked NetSol was still charging ludicrous mark-ups on domain name registrations claiming "superior support" over their competitors as justification of said ludicrous mark-up.

Yeah. Right.

If my other half (who is not IT savvy at all) is able to figure out on her own (and with ease) how to register a domain name and then forward said domain name to her blog then I think we can do without NetSol's claimed "superior support" and just go with a more affordable (and reliable) alternative.

0
0

Redmond slips out temporary emergency fix for IE 0-day

Entrope

Re: Why bash IE? This would be a non-issue if you configured your browser proper.

Are those facts or merely your personal opinions? I do not typically stay on top of which browsers have suffered the most security vulnerabilities but doing a quick search online reveals a number of articles showing that there was at least one year where both Chrome and Firefox had over two times more high risk vulnerabilities than Internet Explorer. Each.

Internet Explorer was an absolutely crap browser all the way till 9. Which was decent. But with 10 Microsoft has certainly gotten their act together. I used to use Firefox during the earlier days of IE until the release of IE9 as Firefox dev seems to have suffered a number of quality assurance problems during that time (plenty of crashes, infinite loops, memory leaks, and et cetera). Things have gotten better for Firefox recently, however. Just like how Microsoft has improved Internet Explorer.

My only criticism of Internet Explorer (or Microsoft, really) is that from 9 onwards it is no longer provided to users of Windows XP. I actually aggressively recommend Firefox to Windows XP users. For those on 7 however I simply say "well, it's really down to your personal preference".

0
0
Entrope

Why bash IE? This would be a non-issue if you configured your browser proper.

I'm probably going to down-voted quite a fair bit for saying this, but lets be honest here... your choice of an "alternate" browser doesn't suddenly make you "all so security savvy". What matters is how you browser is configured along with your browsing habits.

Based on Microsoft's advisory I'm pretty much unaffected by this vulnerability. My standard Internet Explorer configuration involves custom security zones configured with ActiveX very disabled, many other features I do not require also disabled, all default IE plugins disabled and Internet Explorer running in enhanced security mode (which forces 64 bit, ASLR and et cetera).

As already mentioned every browser encounters security vulnerabilities and bashing Internet Explorer exclusivity every time Microsoft releases a security advisory is childish. I could even go as far to say that Internet Explorer is actually FAR more customizable than Chrome from its user interface from a security perspective (primarily due to the decent amount of options offered when customizing a security zone though quite a few other security related options can also be found in the Advanced tab).

This perpetual Internet Explorer bashing is slowly becoming old.

4
3

Myst: 20 years of point-and-click adventuring

Entrope

No mention of Obsidian?

While Myst was and still is an astonishing game lets not once again forget about the existence of an equally as astonishing masterpiece named Obsidian (by Rocket Science Games).

Let me point out however that this company was appropriately named. Obsidian is infinitely more difficult than Myst. It took me months before I reached the FIFTH CD (yes, there were five CD's in total) and I eventually gave up. I have been gaming for 20 years now (with much experience in puzzle/adventure games) and Obsidian is the only game I have given up on (and I'm quite stubborn when it comes to not going online for walkthroughs as I enjoy the satisfaction of completing a seriously difficult game on my own).

Personally I did not find Myst difficult at all (completed it in about five hours a few months back and the last time I touched the game was in 1994). Myst had its plus points in many other areas however which have already been mentioned in the article.

Take my word though. If you enjoyed Myst... play Obsidian. It has an astonishing story. An absolutely unreal environment with concepts and ideas which are truly unique to this game. And its puzzles... my lord. Your problem solving skills and patience will be pushed to their absolute limits.

Trust me on this.

0
0

Server sales continue decline – time to bargain hard with your supplier

Entrope

Have said it before and will say it again...

...thank Intel for delaying 22nm E5/E7 Xeon's.

If you consider the fact that servers need to last a good many years it does make one hell of a difference in power and cooling costs when you compare 22nm versus 32nm. And even as we speak right now Intel's 22nm E5 Xeon parts are STILL not out.

Yes, I'm aware that they'll hit the market in Q3, but the fact is this delay has caused us to pretty much eradicate all server upgrades over the past 15 months. And I know I'm not the only one.

After all the primary benefit for me to upgrade my servers is to reduce power and cooling costs. Performance is a plus point, sure, but it's a secondary benefit for most part.

INTEL!!!

1
0

Wall Street traders charged with stealing company code via email

Entrope

Re: but experts say it is likely that they wouldn't have to serve any prison time at all

Of course... since the mishandling was not of US government information.

1
1

Google cripples Chromecast third party replay

Entrope
Mushroom

Re: Somewhat annoyed (Attn: rcorrect)

Back when I used to use Chrome (don't anymore for obvious reasons) I actually found a way around this (along with getting rid of the bloody annoying "New Tab" page in Chrome). I'm not sure if this still works, though. Give it a shot if you've got some time to spare.

In the registry and in HKCU navigate to "Software\Policies\Google\Chrome" (you will likely need to create these appropriate keys) and create a string named "IncognitoModeAvailability" and give it a value of "2".

"0" means "Available", "1" means "Disabled" and "2" means "Forced".

I discovered this as this feature was made available in the Chrome GPO Administrative Template. You will notice that it's impossible to "Always Force" Incognito in Chrome otherwise. Obviously, as it clears all cookies and browsing history and et cetera. And no cookies means no ad revenue for Google. For most part. This registry value (normally applied through the Chrome GPO Administrative Template) was obviously added as a way for Google to "please" enterprise administrators while keeping it out of sight of most other users.

Also, when using Incognito, the "New Tab" page is replaced with an Incognito notice and thus eliminates the "New Tab" page altogether.

Now, I'm aware that it's possible to add a command line argument to a Chrome shortcut to launch Chrome in Incognito. It's a half-arsed solution though as your Chrome shortcut isn't called when you open a link from your E-Mail client, for example.

BE WARNED however that Chrome is notorious for maintaining "browsing history" in its various caches and databases even after you have cleared it and even when using Incognito. As I no longer have Chrome installed I can't provide you with the details. However, visit any webpage in Chrome, clear your browsing history, and grep your local Chrome directory within your Windows user profile with the name of the site you've just visited. You'll get what I mean.

Again, I'm not sure if any of this has been "fixed" since I last used the browser. But you get my point.

4
0
Entrope

Ah...

Google shafting its "customers" again, you say?

*twiddles with thumbs*

Wonder how good the MK802 would be as an alternative, though.

3
1

Japan's unwanted IT workers dumped in 'forcing-out rooms'

Entrope

This has been part of the Japanese corporate culture for a long, long time now.

It is quite rare for a Japanese corporation to fire or otherwise lay off an employee and they instead resort to either boring you to death or making life such a misery with the hope that you will one day cave in and voluntarily hand in your resignation.

It doesn't just end there, either. Many Japanese companies practice "retraining" (or what most of us would call "reformative training") where employees are sent for "additional training" whenever mistakes (even trivial ones) are made on the job.

Many Japanese I know openly admit that they'd never return to Japan if they'd have to work there. It can be that bad... worse still if you happen to be female.

Interestingly though I did have one friend who was more than happy to be entertain himself on the job and he continued to draw his not-very-low salary for years until he managed to find a better package elsewhere. Such instances are supposed to be rare, however.

0
0

Screw you, Brits, says Google: We are ABOVE UK privacy law

Entrope

You know what? Screw you too, Google!

Glad I've ceased using any of your crap.

No more Gmail. No more Google. And DEFINITELY no more Chrome. Don't need any of your spyware-laden junk installed on any of my computers anymore.

I still recall about a year ago I had stopped using Chrome (kept it installed, however) in favour of Internet Explorer (lets ignore my choice of browser for now, eh). A week or two later I actually received a popup from Chrome while using Internet Explorer along the lines of "Chrome has been updated! Would you like to try it again?"... Seriously?

It was then when I decided to do some digging around and subsequently realized just how much junk a Chrome installation injects into ones computer. Windows services? Check. Scheduled tasks? Check. Internet Explorer plugins? Check.

WHY DOES GOOGLE CHROME NEED TO INSTALL INTERNET EXPLORER PLUGINS? OH WAIT, I KNOW! So it can continue to monitor how much I use IE versus its excuse of a web browser.

And you know what else? Screw all the Google apologists too.

2
0

Make or break: Microsoft sets date for CRUCIAL Win 8.1 launch

Entrope

Re: Level of craps not given: All of them.

"Its worse then crap its crap painted over with crap where the painter thinks that the crap on top of the crap is going to make the crap look better to people."

Just... LOL. Thank you for that, this made my day. Have an upvote.

3
0
Entrope

Windows 8/8.1... it is THAT bad.

Some weeks ago I had some time to spend and figured that it would probably be a good time for me to increase my level of familiarization with Windows 8 (or 8.1, rather). I had used the operating system briefly from time to time but I wanted to set it up from scratch and use it on my own for a bit.

Since the preview was already available by then and easily accessible too (since there was no requirement to register to acquire a copy)... off I went.

Now I have to point out that I went into this exercise with a very open mind. I continuously told myself "well, it can't be THAT bad now can it" all the way from when I was downloading the preview to installation. Boy was I wrong. So very, very wrong.

First off; let me begin by saying that the start screen isn't actually that bad. Once you've uninstalled all those bloody useless default apps (which can be easily and quickly accomplished) you can actually turn the start screen into a rather pleasant interface from where you can access commonly used applications and folders. And yup, the fact that you can actually create shortcuts of folders on the start screen helps a lot.

My problems begin surface once you move away from the start screen, however.

What Microsoft really should have done was take Windows 7, leave the entire interface as-is, add the start screen and increase support for tablets and call it a day. But nooo... they had to screw around with what already worked. The Task Manager for instance doesn't offer the same amount of detail (additional columns to select and view) in its process list compared to Windows 7... which is annoying.

Then comes the fact that even when you've decided to put the start screen away it still tends to make unexpected reappearances from time to time. If for example you go to the "classic" desktop and go to Control Panel and Network Center and subsequently click on "Manage Wireless Networks" you're given a bloody start screen view of all available wireless networks rather than the good old fashioned wireless network profile manager.

And while we're on the topic of the new wireless network "manager"... you can NOT remove a wireless network profile unless you are within range of that wireless network. What? And yes, this is verified. The only way to remove a wireless network profile when out of range of said network is through Command Prompt.

Even the start screen itself isn't exactly intuitive (namely its default apps). At one point I accidentally opened the Mail app. It asked me to enter an E-Mail login to link my Windows account to a Microsoft Live account, or some such. I did not want this. So I clicked on "Cancel" (one of two available buttons, the other being "Next") and was greeted with an error stating "You must enter an E-Mail address". Clicking on "Next" gave me the same error. WTF? There was no obvious way to get out of this screen other than to Alt-F4.

Such blatantly careless interface design decisions make me want to puke. Just what it's like for users who are unaware of the various Windows keyboard shortcuts is beyond me.

I could really go on forever about just how bad and unpolished Windows 8/8.1 is but I think I've already made my point. All this would be maybe even 1% understandable if the operating system was absolutely fan-fucking-tastic on a tablet but even those who own Windows 8 tablets aren't exactly satisfied.

So... zzz...

13
0

Does Gmail's tarted-up tab makeover bust anti-spam laws?

Entrope
Mushroom

Google being Google.

Business as usual.

3
2

NORKS prepping glorious People's Smartmobe

Entrope
Angel

Re: Convenient for its user when that part of the phone is sensitive

Ooohh, aaahh. And ahead of western imperialist pigs!

1
0

REVEALED: Cyberthug tool that BREAKS HSBC's anti-Trojan tech

Entrope

Re: Hands up who trusts Trusteer.

"It should be part of your information security management strategy." In my organization, yes. At home, no. And even in my organization it is as you mentioned "PART" of the strategy... and not a very sizable one at it. Lee has already sufficiently pointed out some of the pitfalls of antivirus solutions (my personal complaint would be resource usage, especially if real-time file system scanning is enabled).

Extremely tight group policy restrictions (SRP/Applocker) on their own go an extremely long way in preventing most unwanted applications from running with hardly any performance penalty. And these days if something is sufficiently sophisticated to bypass any such restrictions (through a zero day vulnerability, for instance) then chances are it is going to be equally as proficient in bypassing an antivirus solution.

Yes, websites can be compromised to deliver malicious content. Happens all the time. If such content is delivered merely as an executable, it won't run due to SRP. If as a PDF/DOC/XLS/... chances are it would have to make use of a zero day and it must not count on JS in Acrobat (disabled) or any form of Macro (also disabled). Again, see point above with respect to zero day vulnerabilities.

Is my solution 100% airtight? No, it isn't. No solution is. I do employ a good many layers of security however (including antivirus, but with limitations) in order to make it as difficult as possible for any of my systems to be compromised by any form of malware. The key here is to prevent being compromised by "common" forms of malware. Targeted attacks are a separate story altogether.

Is antivirus 100% useless? No, it isn't. I still recommend antivirus products to home users and companies. Especially so companies with no dedicated IT security resources (personnel to maintain policies, audit said policies, perform rapid updates of deployed applications, and et cetera). Even for companies with dedicated IT security resources antivirus CAN have its place as an additional layer of checks.

Have firm policies in place. Restrict everything that isn't required. Run strictly as user. Limit the number of resources/applications (and plugins, if applicable) to the absolute bare minimum. Keep your software as up to date as possible. And you're likely 99% ahead of the vast majority of malware writers already who really prefer to target the masses rather than worry about the few who know what they are doing.

(P.S. I'm not claiming to know it all. But I'm writing based on experience. Again, I will never claim that my systems are 100% airtight and I will always welcome someone to proof to me that what I am doing is absolutely wrong/absurd. This is ultimately what security is about. Learn and keep learning.)

0
0
Entrope

Re: Lee D

I'm assuming here your bank doesn't force JRE down your throat then?

Still seems to be quite the "in" thing for a good many financial institutions.

0
0
Entrope

Re: Hands up who trusts Trusteer.

Good to know I'm not the only one. I don't even install Antivirus. My installations have become increasingly bare over the years. Less to maintain. Less to update. Less to exploit.

Even Ad Blockers have become a big no-no for me. Much prefer something which is easily auditable such as this simple little host file; http://someonewhocares.org/hosts/

3
1

Rotten hackers feast on mouldy Java flaws

Entrope

Re: The average enterprise has more than 50 versions of Java installed across its PCs and servers

LOL. I quite literally spat on my monitor when I read that. LOL.

1
0

Ad man: Mozilla 'radicals' and 'extremists' want to wreck internet economy

Entrope

Am I the only one who thinks this is all just a massive distraction?

It seems to me that all this moaning about with respect to Third Party Cookies is nothing but a colossal distraction to keep everyone's attention away from the countless other methods which can be employed to track a given user.

If I recall correctly there has been ways to track through plugins, for instance. Adobe Flash comes to mind though Adobe "might" have "addressed" it by now.

Also, read up on EFF's Panopticlick. It's a worthwhile site to check out if you haven't already. I found it quite interesting at least and wouldn't be all too surprised if similar methods are already (at least partially) employed in order increase tracking efficiency.

Also, doesn't Safari already block Third Party Cookies?

While I was fiddling around with a temporary OS X installation I decided to check Safari out and realized that Third Party Cookies were disabled by default in its preferences. This was a clean installation too. I might be wrong here but I'm quite confident that this is the case.

Now of course one might argue that Safari's "market share" isn't exactly up there (not on desktops at least) and even the most die-hard Apple fans I've come across outright refuse to use it for any purpose other than to download another browser but it still has to account for *something*.

1
0

BlackBerry gives Indian spooks BBM and BIS access

Entrope

Re: Entrope Aaannd...

And do you honestly believe that with the level of corruption which exists within the Indian government that such "lawful interception" will remain "lawful"? I wouldn't be all too surprised if criminal gangs are able to bribe their way into receiving whatever information they deem the government is able to access.

And who knows what they'll be able to do with whatever they're able to retrieve.

0
1
Entrope
Mushroom

Aaannd...

...here goes the only reason to ever use BlackBerry straight out of the window.

0
1

HP admits to backdoors in storage products

Entrope
Mushroom

Re: Who thought it was a good idea...

Some baboon who wanted to report to upper management; "See! I've streamlined support!!!!!11!ONE!1!"

3
0

Ubisoft admits major hacking breach, advises password change

Entrope

Re: They still don't get it

Hah. Every time I see a website with such a ridiculous password limit I simply assume that the developers weren't bright enough to hash the password and at the same time decided; "Hey look! Lets show how awesome we are by making the database more efficient by setting our password field to varchar(8)!"

On a more serious note though; anyone who has even the slightest clue in basic security knows that passphrases really are the way forward.

Inevitable XKCD reference: http://xkcd.com/936/

2
0

Windows 8.1: 'It's good for enterprises, too,' says Redmond

Entrope

Re: Windows 8.1: 'It's good for enterprises, too,' says Redmond

Richard Gadsden: Thanks for your reply!

Actually, most hardware vendors (at least where I'm located) do sell PC's without Windows OEM licenses to enterprise customers. For non-enterprise customers it's a separate story altogether, though.

Also, with respect to being able to use Enterprise even after SA expires... according to Microsoft's Volume Licensing Brief; "Volume Licensing customers with Software Assurance may migrate from a lower edition to a higher edition software product while maintaining their Software Assurance coverage on a given product."

The phrase "while maintaining their Software Assurance coverage on a given product" has me worried. Am I misunderstanding something?

Cheers!

0
0
Entrope

Re: Windows 8.1: 'It's good for enterprises, too,' says Redmond

Charlie P: Here's the thing. Normally I'd fault my vendor because it really does sound pretty ridiculous that Microsoft would only have an "Upgrade" SKU for Windows 8 volume licensing... but all three of my preferred vendors (and one of them is supposedly a "Gold Volume Licensing Partner") tell me the same story.

That particular "Gold" vendor told me my only option was to make use of Microsoft's "Legalization Offering" which is used to convert all non-genuine Windows copies to genuine... but I was also strongly encouraged against using this option as a company is only given the opportunity to use it once.

I did inquire on less than 100 seats though but not too far off either.

If you have any other suggestions I'd be extremely grateful.

Cheers!

1
0
Entrope
Mushroom

Re: Windows 8.1: 'It's good for enterprises, too,' says Redmond

Last I checked Microsoft won't even sell Windows 8 to its enterprise customers.

Obviously then it must be pretty bad. Either that or I'm missing something here...

A month ago I was looking into the possibility of finally moving the remainder of our users from Windows XP over to Windows 7. A hundred licenses or thereabouts. Traditionally however our company has never actually purchased Windows (not directly at least). We simply tag on an OEM license with every system purchase as our corporate discount with our hardware vendor makes it extremely affordable versus volume licensing.

Typically then the only time we upgrade Windows on a system is when the hardware itself is upgraded. Our interest in upgrading to Windows 7 however is mostly due to Windows XP's upcoming End-of-Support.

Part of our problem is that bulk of our hardware upgrades were performed out of necessity about half a year before Windows 7 was released and as such the vast majority of our systems have Windows Vista OEM licenses on them. These are systems which won't be changed anytime soon either as desktops tend to last pretty long and we are projecting to keep these systems in commission for at least another three years.

Well, most of them at least. Our hardware upgrade exercise typically involves stretching the purchase through the course of multiple years in order to not wreck our budgets. Buying Windows 7 OEM licenses then wouldn't make much sense as OEM licenses cannot be transferred thus if we did buy Windows 7 OEM licenses we would eventually have to purchase them again every time a system is changed.

This was when I caved in and decided to give volume licensing at least a consideration.

I shouldn't have bothered.

Whenever Microsoft releases a new version of a given product they will always discontinue the volume licensing SKU for the superseded product. When Microsoft released Windows 8 then it was no longer possible to purchase Windows 7. Not through volume licensing at least. This in itself was never much of a problem as Microsoft continues to offer downgrade rights.

The problem here is that as of this moment there is ONLY ONE SKU for Windows 8 in volume licensing form (excluding special editions for government and academic use, at least).

Which is: Windows 8 Pro, Upgrade

And yup, you read that right. UPGRADE. There is absolutely no way to purchase Windows 8 outright in volume licensing form. It must be an upgrade from a previous edition. Plus you will also notice the glaring omission of Windows 8 Enterprise. Yup, that doesn't exist either. The only way to acquire Windows 8 Enterprise is to have your volume licenses on Software Assurance.

And Software Assurance means yearly payments. Stop paying? You're back to Windows Pro. Fun. And while we don't require Enterprise for Windows 8 we do require Enterprise for Windows 7 as BitLocker is a Windows 7 Enterprise feature and downgrade rights obviously dictate that you must own Windows 8 Enterprise in order downgrade to Windows 7 Enterprise. So this was the first major headache.

The second major headache was the upgrade requirement itself.

Microsoft's obvious response to me was; "Well, surely you're already running Windows, right?"

Right. I highlighted to Microsoft that my licenses were all OEM. No problem they enthusiastically claimed. Except that they forgot to mention that original OEM terms which prohibit the transfer of licenses continue to apply. That's right. Even if I upgrade my OEM license Windows XP to volume license Windows 8 I can't transfer the license to another system once I've decided that the hardware needs changing.

This of course was a problem. As previously highlighted, due to our hardware upgrade strategy we do intend on replacing a small number of systems at least two to three times a year.

The third headaches comes courtesy of Windows Activation 2.0 which was another one of the reasons for considering volume licensing: to acquire a KMS/MAK key so that we do not have to manually activate Windows every single time a system is cloned (and we re-clone our systems on every staff turnover in order to give every newcomer a fresh OS installation).

The fourth headache comes when we need to increase our hardware count. When I asked Microsoft what if I wanted to increase my workstation count by 10 they told me to simply put those systems on OEM license. What? Yeah, sure. If there's a Microsoft representative on-site 24/7 to activate the god damned product for me every single time I clone a box then sure. But that isn't going to happen, now is it.

So you can probably tell by now that I'm quite cross.

The only solution right now is to buy Windows 7 retail and manually deal with product activation. VAMT can make this a little less of a headache but it's still going to be quite an annoyance.

All that's left for me to say at this point is...

Microsoft: F**k you.

14
2

Report: Android malware up 614% as smartphone scams go industrial

Entrope
Mushroom

Seems Google is now experiencing a little bit of a Microsoft moment.

Having said that though you really have to admire how thorough the malware writers are on Android. You can find malware packaged into just about every single type of application.

Friend of mine had his phone compromised after installing an SSH client if I recall correctly.

It's not just your usual free games and whatever other equivalent there is to free mouse pointers and screen savers on Windows. Plus some of the malware actually make use of zero day exploits in order to circumvent security prompts and the like.

This is really the price to pay though once your operating system becomes popular. Apple gets away with it for most part thanks to their ludicrous app screening process.

3
6

ICANN puts Whois on end-of-life list

Entrope

Yup. Whois should definitely be going the way of the Dodo.

As mentioned in the article already the data is predominantly useless as there's no guarantee that it was ever correctly filled up in the first place and most people I know just throw garbage in as spam bots are very well known to harvest whois data.

Plus removing whois also solves the problem of individuals monitoring the expiry dates of domains hoping to steal a domain name and subsequently demand ransom.

There's really no reason for whois to exist. If they're adamant on keeping it the output should be limited to "IsRegistered? [Yes/No]". Done. Finish. There's nothing else anyone else needs to know.

As it is Geographic gTLD registrars are notorious for having whois servers which don't even work in the first place. So we may as well just pack up and call it a day for everyone.

Also, I don't see the additional income of "whois privacy" ever covering up the cost of maintaining a whois server. And in the first place most people will just opt to enter garbage information rather than genuine information and then subsequently pay for "whois privacy".

Nuff said.

2
17

HP StoreOnce has undocumented backdoor

Entrope

Re: If it's an unseeded SHA-1 hash...

Curiosity got the better of me and since I’m not at home with my GPU’s on hand to crack SHA-1’s I decided to Google the hash.

Didn't take long indeed.

2
0
Entrope

If it's an unseeded SHA-1 hash...

...it'll be cracked in absolutely no-time if the password is just 7 characters long.

My graphics card can crack unseeded 8 character (a-zA-Z0-9) SHA-1 passwords under a day.

3
0

Page: