Posts by TheVogon
287 posts • joined Thursday 17th January 2013 14:47 GMT
Posted in Serious WPAD flaw in IE?
This was fixed back in 2007: http://technet.microsoft.com/en-us/security/advisory/945713
"When will they get around to fixing that WPAD flaw in IE that leaves user open to attack?"
Back in 2007: http://technet.microsoft.com/en-us/security/advisory/945713
Re: You're joking, right?
"Since when have FLOSS servers been the ones who have been most at risk"
Every year without fail since about 1984 when Bill Gates made Microsoft's #1 priority to be security. Possibly you are right about other closed source systems, but Windows has consistently had fewer and less serious vulnerabilities that were fixed faster with fewer days at risk than equivalent enterprise Linux based Open Source stacks....
http://www.zdnet.com/linux-trailed-windows-in-patching-zero-days-in-2012-report-says-7000011326/
http://blogs.technet.com/b/security/archive/2008/10/28/download-h1-2008-desktop-vuln-report.aspx
http://blogs.technet.com/b/security/archive/2006/07/13/441386.aspx
This is why server defacement statistics show that Windows Server is much less likely to be hacked than Open Source enterprise Linux based alternatives...
Re: Nook
Sounds like boring bollox to me. A 4 day wait is hardly earth shattering....
Re: MSFT the Value Destroyer
Microsoft has done well with Hotmail (400 million users now on Outlook.com) and Skype (250 million users)
Once Lync integrates closely with Yammer and Skype, Microasoft are going to make an even larger bundle from the corproates with that stack...
You know Microsoft just announced profits up 20%?
Re: Nokia cannot hide from their failure
"If Nokia brought out an Android phone, their fortunes would immediately reverse"
Yes, they would likely go from making a profit as they did last quarter to loosing money...
EE just gave me a free upgrade to 4G for my Lumia 920 if I took the next level up in data allowance! (+£5 a month - which takes me from 1GB to 2GB)
I knew I was wise to pass on the initial half the data?! for £5 extra 4G 'offer'.....
They are cold calling with this offer - good deal for anyone with Orange who declined the initial 4G tax...
Re: Nokia 920 ad
"Microsoft should ask Nokia who their Ad agency is".
Erm - that advert IS from Microsoft. Try watching until the end...
Re: Good
Unlikely, Blackberry market share is still dropping, and Microsoft are currently outselling them nearly 6:1 in the US with Windows Phone....
Re: Imperative
Blackberry had already had previous handsets certified so it is faster to get a new version certified than starting from scratch like Microsoft.
The reality is that from having a near monopoly, Blackberry now have to share this space with both Android and Windows Phone....This announcement is just bubbles from the sinking ship....
Re: Weasel words maybe?
Windows 7 does not require periodic check ins unless you choose to use a corporate licensing scheme that has key (KMS) servers....
Re: Imperative
+1
Microsoft already submitted Windows Phone for the same certification....Blackberry are dying.
Posted in Java applets run wild inside Notes
Re: One can't help but wonder...
Lucky almost no one still uses Notes then...
Re: Microsoft the Destroyer
7. 18% increase in profit != going bust. Not all of Microsoft's revenue is desktop. Microsoft are forecast to make over $8 billion form the technology they have in Android alone...
8. Actually you do: http://www.zdnet.com/au/me-bank-picks-cheaper-microsoft-stack-over-linux-7000014732/
LOL @ complete ignorance as to what .Net is. "Several runtimes" - actually max 2 installations - versus potentially dozens of seperate installations of Java. Many applications require specific Java versions so you can't even install the latest 'it hasnt been hacked yet this week' version...
Linux would need a virus checker if it ever gets over 1% market share on the desktop...Just look at the Linux malware mess on Android.
Re: Genuis of Apple when you think about it...
"Everyone else failed."
Actually Windows has taken 7% of the global tablet market in less than 6 months...Not quite on Apple or Android levels yet, but not exactly a failure either imo.
Re: I like my playbook
"by which point his firm will be the front runner in mobile computing."
At least he has a sense of humour.
Meanwhile, in other news, Windows Phone is outselling Blackberry nearly 6:1 in the US and hit 7% share in the UK, pushing Blackberry into 4th place in most markets.
Re: Problem?
"I believe modern installations of Linux cost the same as old ones"
Ye, they cost lots of time. I guess at least dole claimant might have some of that available....
Re: Good!
"the company is ordered to pay a fine of 800,000 ISK ($6,829) per day."
In real money that's £4,400.
Re: The acid test
Clarkson posted his bank account and sort code details - which someone used to donate £500 to a charity via direct debit. Just like with a credit card, if you didn't authorise the payment, you are protected.
Re: @Mongo
But Microsoft doesn't own the patents or licenses for 'other file systems'! There is nothing to stop a third party writing any such driver...
Re: Growing market...
Apparently they carved out 7.5% of the market! Pretty good going for a new product with an immature app market...
Re: Binary executables only
So downloading source code and compiling it on the phone is OK?
Re: Simpsons Tapped Out comes to mind....
So downloading another app is OK then, just so long it doesn't modify the original?
Re: Mae hyn yn wirion
"Nid oes unrhyw un yn siarad Cymraeg erbyn hyn"
Did you fall asleep on your keyboard?
Re: History repeates itself
The next big thing is touch and gesture control. Microsoft are already well ahead of the curve with Windows 8, Kinect, and their range of very large touch screens....
Just force encryption on. Then no amount of deep inspection will be able to identify it as P2P...
Re: Erratum
"Do you have a citation for that? Or perhaps some context?"
http://www.phoronix.com/scan.php?page=article&item=intel_windows8_ubuntu&num=1
http://www.hecticgeek.com/2012/11/windows-8-vs-ubuntu-12-10-file-copy-performance-comparison/
Re: @Richard Plinston (Maybe HTC could focus on)
"It may be mechanical, but the question is: is it 'stabilization' or merely 'damping'."
Damping is a form of stabilisation.
Re: "...pay a fine of 800,000 ISK ($6,829) per day."
"I'm sure they'll hasten to comply. I mean, that's almost an entire rounding error."
I'm sure that's just for starters. Judges generally start to get pissed off if their judgements get ignored...
Re: ratfox Makes sense to me
"Why, have Asda been party to the criminal distribution of US secrets?"
Which Icelandic law makes it criminal?
Re: Fascinating what people will go through to avoid IPv6
" Plus you are completely independent of external services. (which this proposal is not)"
What independent external services (other than the internet) are required then?
Re: @Sparticus: Maybe HTC could focus on
"Or, in this case, you can lead a horse's ass to water"
What does a horse's donkey have to do with anything?
Re: Just as Eadon predicted - iWatch COPY CAT FAIL
I think you missed a few:
DOS -> IOS
Address Bar -> Path Bar
Navigation Pane -> Mac Finder Sidebar
Back / Forward buttons in Explorer -> Back / Forward buttons in folder windows
Minimising document windows into app icon on task bar -> ditto
Remote Desktop Connection -> Screen Sharing
Control Panel / System Preferences -> System preferences
ALT-Tab -> Command-Tab
Command Prompt -> Terminal
Backup / Restore -> Time Machiine
Windows Tablet -> iPad
Windows Defender -> Various Mac antimalware utilities
Windows update -> MacUpdater
SPOT -> iWatch
IE -> Safari
Skydrive -> iCloud
MSN Messenger -> iMessenger
Skype -> Facetime
Re: Surely at least the Third time?
Microsoft should do well - Blue Screens look good on watches!
Posted in Amazon slashes Windows cloud pricing
Microsoft now offer similar for £0.15 / GB / month without having to wait 6 hours to start downloading your data....
http://www.windowsazure.com/en-us/home/features/recovery-services/
Re: "The Lumia 620 has been well-received, and deservedly so"
"Windows Phone sales have been steadily increasing. They already overtook Blackberry to be the 3rd OS in most of the world."
Yep - by miles: http://blog.laptopmag.com/windows-phone-sales-see-global-gains-while-blackberry-falters
Re: Upgraded to XP here
nb - guessing you are using Office 2010, please try installing the Excel 2010 Cumulative update referenced here:
http://support.microsoft.com/kb/2800779
Re: Upgraded to XP here
"I use linked lists because the Collection class is far, far too slow to contemplate for serious amounts of data bashing.
I make a pile of five dimensional linked lists and run up and down them all the time in my analysis"
nb - sounds like you should be using a pivot table as the fastest way to do that.
Re: AC 12:55
"Point 1: Traffic encryption means not much (even less considering the multiple points of failure in the SSL certificate generation process if someone really is out to get you), and is incidental if you encrypt before transfer."
Traffic encryption means the traffic is encrypted which you claimed it wasn't.
It is simple to check the settings of the certificates used by Microsoft, and their impressive processes and infrastructure around certificates are a matter of public record: http://secadmins.com/wp-content/uploads/2011/10/Public-Key-Infrastructure-at-Microsoft-1750_PKI_TWP.docx
"Point 2: This "Active Directory DRM" that you speak of, has its source code been verified by 3rd parties as having no recognisable back doors? Given Office 365 is supposed to be web based, will it work using Mac OS and Linux?"
Yes it has. Many organisation like banks and governments institutions have access to the source code. This is again a matter of public record.
I don't care if it works on Mac OS or Linux. Those are not supported desktop OSs in 99%+ of companies.
"Point 3: I did not say I trusted any of the other major players else instead (Google & Dropbox have the same or worse failings). That was my point about "verifiable client-side encryption" so I don't need to trust them."
That's what Active Directory DRM gives you.
"Point 4: Err, so just how do they access my encrypted data if I was using verifiable client-side encryption with a non-trivial password?
Almost impossible without demanding the key, and if they do then _I_ know they have asked."
They don't which is the point - you are slowly getting it.
As opposed to the keys being with the vendor in the cloud and you not knowing if you data has been accessed.
Re: AC 12:55
"Really? I get a copy of Office for my local PC and can keep it if I stop paying the Office 365 subscription?"
You get a copy of Office for your local PC, and you are no longer licenced for it if you stop paying your subscription...
Re: Fine if you don't care about privacy
"Sorry, but both the US Gov and the British Gov have laws in place that ensure that ANY agency can force decryption of data they wish to look at, so your encrypted data is still viewable by government agencies. Encryption would only stop some hacker from viewing it. Also check M$'s T's & C's for Office 365 - there is a "We can look at your data/documents/contents anytime we want to" clause. If you are storing confidential data, this leaves your company open to all sorts of legal headaches - especially if your are operating cross border (UK company, data centre in US/mainland EU for example). The data encryption would only protect your data for point to point communication (i.e. at transmission) - not actually at the static point of storage."
I suggest you look up on Google how Microsoft DRM encryption works. The US can have all the laws they want to requiring access to data, but if I am a UK company, and keep my DRM infrastructure in the UK, then the USA can demand all they like, but they are not going to get access to my data, unless they fancy spending a few trillion compute hours trying every key combination...Microsoft woudl never have access in this circumstances.
"For an SMB, 365 would cost £145 per year (www.office365advantage.co.uk) verses £170 for 2013 Home and Business (www.ebuyer.com). So, it would take less than 15 months for 365 to cost more than a retail box copy of Office 2013!"
You havn't allowed for the cost of the Exchange Server license, the storage, backups, infrastructure, the management of it....
"If you are storing ANY data that could be considered confidential (by any court of law), neither M$ or Google (or any others for that matter) would be a sensible place for storing data. The legal risks are just too great."
You just don't have a clue what you are talking about. It makes near zero difference where I store it if I control the encryption keys. If I was a UK company then the USA can't touch me. The only way anyone is getting that Data is via a UK RIPA order - which applies the same if the data is onsite or in a cloud in Timbukto...
"True, but if someone DOES find out, then you are legally liable for your confidential data being exposed to a 3rd party (even if it is a Government agency), NOT the cloud company! (Read the small print!)
Again - you just don't have a clue. You are not liable for anything for data access that was required by a law that you are subject to.
Re: Maybe Not..
I will consider upgrading to EE when it costs less per GB than my 3G Orange connection. At the moment on a service that can deliver more data faster, they want to charge me £5 MORE a month for the same data allowance that I have on 3G to upgrade.?! Good luck with that...
Re: Pulse is Infrare, So Silver Paint Probable Won't Make A Difference
"Basically if you think sunshine reflecting off mirrors, types of power levels - reflection doesn't work with lasers.
Even a super shiny chrome plated spanner will turn seriously hot in the strong sunshine in minutes.
There is an effect that operates on the surface, that silver reflects heat / energy, outwards, but it also reflects sidewards into it's self, at the atomic level, and under really, really enormous concentrations of power / energy, highly reflective surfaces basically offer no protection against lasers"
I guess you failed GCSE physics. Reflection certainly does work with lasers. In fact most lasers actually contain mirrors in the laser cavity!
The spanner you mention will likely heat up mostly by conduction. If suspended in the air it will certainly take a lot longer to warm up than they same spanner but painted black.
Reflective surfaces offer protection against lasers based on how reflective they are. As an example, aluminium foil would reflect ~ 88% of the energy received, and costs almost nothing, and reflectivity over 99% is relatively easy to achieve. Reflective surfaces are therefore a potentially effective countermeasure against this sort of attack.
Re: Upgraded to XP here
This issue occurs on Windows 7 computers with cheap network adaptors that don't properly support TCP Window scaling that are interacting with MS SQL 2005 or higher servers. To correct this problem perform the following steps:
A.
1. Run - C:\Windows\System32\gpedit.msc - Expand “Computer Configuration”
2. Expand “Administrative Templates”
3. Expand "Network"
4. Click on “DNS Client”
5. Set “Turn off Multicast Name Resolution” to Enabled
6. Select “File” then “Exit”
B.
1. From the command prompt Type “netsh interface tcp set global autotuninglevel=disabled” and press enter
You will need to reboot the computer after making the above changes.
If you are using ODBC DSN connections, make sure that you are using the "SQL Native Client" driver.
Re: Monetize
You can buy Galaga on Xbox Live Arcade.
Re: really!
"I just do not see how Microsoft can cease support."
They are not ceasing support. It just becomes very expensive and the cost increases exponentially year on year!
"From a practical point of view security of one third of PCs will be at risk and that simply is not acceptable."
XP has been out for 15 years at retirement! Try finding an enterprise Linux version (or any commercial OS) with that sort of lifecycle. Microsoft gave many years notice of the impending retirement of XP - just because you choose not to do anything about it isn't Microsoft's fault....
Re: Windows XP was considered a failure when it was first introduced
"Today's best Linux distributions (of which there are many) can do a good job of replacing Windows 7. They can replace Windows XP very easily indeed, and probably thrill users with all the new and better features they offer. "
Munich council tried that - ten year later and tens of millions spent and they still havnt finished - and the 'migration' largely consists of having to access Windows via Citrix when they need to get real work done....
Hence no corporates except very niche markets will touch Linux on the desktop with a shitty stick.
If it really was better or cheaper then corporates would be climbing over each other to get the better mouse trap....
