12 posts • joined Tuesday 3rd July 2007 21:26 GMT
No personal information?
If they stole the domain name, that means the users' browsers would be submitting their cookies to the attacker's server. That means that anything stored in the user's cookie (for example, session IDs) could be compromised, just not their stored data.
Null pointer refs
Buffer overflow flaws are the staple of most security bugs but experts warn that null pointer bugs could become fertile ground for hacking attacks. "Null pointer security flaws are exploitable and could quickly replace buffer overflows as the next big threat," said Geoff Sweeney, CTO of Australian-based net security firm Tier-3.
Not true. Null-pointer refs normally aren't exploitable, but, in certain cases, can be. It depends on how the null pointer is used.
I own that album
I actually bought that album a year or two ago, and love it! Granted, I knew I wasn't buying a duster.. :)
And, since this thread is already NSFW, here's the track list:
root@librarian:/data/music/Blood Duster/Blood Duster - 2001 - Cunt# ls -Q
"01-We Are The Word Police.mp3"*
"02-Big Fat Arse.mp3"*
"03-Another Slack Arsed Aussie Band.mp3"*
"04-Porn Store Stiffi.mp3"*
"06-I Just Finished Sucking Off Metalheads In The Mens Urinals.mp3"*
"08-I Love It When Joe Pesci Swears.mp3"*
"10-Lets All Fuck.mp3"*
"11-A Track Suit Is Not Appropriate Metal Apparel.mp3"*
"12-The Corpse Song.mp3"*
"13-Fuck You Scene Boy.mp3"*
"14-Is Killing Clones Illegal.mp3"*
"15-Don't Call Me Homeboy Ya' Cunt.mp3"*
"17-The Object Is To Shift Some Units.mp3"*
"Expect updates from Microsoft to address the apparent shortcomings of its file protection software, which hackers will continue to attack."
The awesome part is, based on the way DRM works, they'll never be able to fix the shortcomings. They're doomed to create something that'll be broken!
Re: Idiots on both sides
It may surprise you to find out that creating a simple virus or Trojan isn't a simple task. And you'd be awfully surprised about how skillful teenage American (or Canadian, UKian, etc) kids can be.
I won't argue that some malicious code is, indeed, written by criminals (be it Russian, Chinese, or American), but it's a mixture.
Re: One rule for one
Do you actually know what you're talking about? Just in case this is ignorance and not actually trolling, let me explain.
On Linux servers, each user has an account, and the files on their accounts have permissions. The Web server uses the data from those accounts to serve up pages.
Typically, the server will automatically switch to the proper user account (using the techniques mentioned in the article, including suExec) and grab the proper files.
On a badly-configured server, these user directories will all have the same owner (be it 'root' or 'nobody'), and, as such, they'll be writable by that account. Since they're all running as the same account, an exploit that hits one of them can make modifications to others. And I'm reasonably sure that that's the problem here.
Note that this isn't a problem with Apache, just like it wouldn't be a problem if it was IIS; the problem is allowing different Web sites to modify each other. In other words, it's a configuration problem, not a software problem. If permissions are set properly, this won't happen.
Hope that explains the problem, and if that was indeed a troll, I hope you enjoyed my response. Maybe somebody else will even learn from it, who knows? :)
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Exploits no more! Firefox 26 blocks all Java plugins by default
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Review Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16