44 posts • joined 6 Jul 2007
Re: Time to get worried when this app requires:
Time to get worried when this app requires:
and you forgot pops up saying:
I'll be back
firewall is the way forward
Until Google put together a proper plugin approval process for application creation I would recommend you all install android firewall.
If you have rooted your phone then go for andorid firewall - which works really well and stops any app from sending info out, if not then go for the non root f/w which is as good but a little more annoying.
Google need to employ developers that looki at the potential result of plugin and permissions set by developer. Deny any badly written plugin.
the answers are all very simple the bloody time it is taking to sort this mess out is ridiculous,
Re: Erm, OK..
I presume this is all due to cash no longer being accepted -
Riddled I tell you - the entire London Transport System
Coming soon near you a Degree in how to use London Transport, two tier course:
1. How to work out the ins and outs of travelling without being fined
2. How to be a success in the krypton factor aka your journey in / journey home.
Good luck to these loosers
All that money should be wasted on mutating the male gene
I been reading some book Freakonomics and it talks about some ancient civilisation and a theory, the story went like this.
They did a study and found the town with the most Doctors had the most illnesses. The ruler had all the Doctors in that town shot the next day....
So since it seems the terrorist of today all seem to have a beard, surely study into wiping out the beard gene and mutating humanity is the answer and not spying on one another...
Having read all the posts and the reasons given so far that give any pro support to this agenda.. Well here is one for you ....
It would be as effective as the current measures...and if KFC can have hairless chicken why can't we have beardless men ? comeon GCHQ/NSA you have failed big time to resolve the actual issue starring us all in the face...
no beard = no terrorist = ahh we are all safe now
Re: most of them in Internet Explorer
err a choice to make more muckery of rendering content ?
The problem is not choice, the problem is forward thinking/planning. Considering the other mentioned browsers are open source whilst microsoft works away closed off from everyone else and then you come on blasting away about ? IE had supported SVG ?
Thats all good and well but do 100% of the users who actually buy a pc to use for basic interaction need this feature or is that more suited to a specific business model that if needed could install IE and use it internally to work with SVG files.
"t would be nice if Firefox supported MIME documents without an extension, or if Chrome supported them at all"
I think it would be nice what type of documents you are trying to render in those browsers since they actually support most of the standard formats, As in wooo hold your horses you are using a browser and you want it to stream a specific type of video format that windows or a windows app has saved the file in.
No I am afraid the problem stands in having an awful browser dictated on top of the default OS sold to most people.
Considering the whole browser and development model is based on html and currently HTML5 i really don't think you are one to be critising what alternatives and further more somehow trying to blame the support of alternatives to html being any form of an excuse of windows having to patch their OS due to mainly faults within IE. IT IS LAUGHABLE HAHA
You are right people do need the choice, the choice to choose what OS it comes with and for Linux to be made available as an alternative by the manufacurers as an extra CD.
RE: my posts and most of the patches related to IE - my consultancy advice is..
Deleted my posts and decided to write a decent response. It seems the IE patches is the usual cause for these updates and the reason being as per its lawsuite. The browser is too embedded (inbeded) with the actual OS. For what ever good it serves it seems to serve 10 times more evil.
I just think this whole browser thing needs a rethink, since the average user will only really be installing their machine and going to the ususal suspect places such as facebook and google and probably a few other gold mine places that is lurking to get them whilst their weak.
The current installation (not that I have touched it in years) but I presume still installs IE as per standard on the user's machine. I really think it should give the user the choice and put something that is so closely knitted with the OS as a higher choice. Not because to rank lets say firefox any better but to ensure when these weaknesses turn up it impacts less of the population. It would also be wise to alternate the top choice thus making the whole marketing of sitting there finding a vulnrability and then hoping to capture loads of users out with the trap goes out of the window(s).
On the other point I made if anyone has ever dabbled in website creation CSS etc well the problem you come across quite instantly is the variations in how things look when comparing IE to chrome/firefox. The other interesting aspect is all the different results depending if it is IE6,7,8,9 and so on. Meaning each one behaving like a totally different browser when it comes to the rendered output. http://www.quirksmode.org/dom/w3c_cssom.html this gives a good idea as to why this sort of thing happens.
I can see there are things such as activex that would be a useful feature etc but honestly if people wanted that they could then install IE by clicking an install icon in the menu most likely placed right next to shutdown so people can't miss it lol.
most of them in Internet Explorer
Why don't they just scrap it. It is a rubbish brower with nothing but flaws so why continue pumping it out, it has caused them nothing but issues. From law suites over unfair competition to having to update OS due to having a badly written browser.
Firefox / Chrome are absolutely fine and go ask any developer they absolutely hate IE so for the sake of a better life for developers/consumers and even MS developers. JUST SCRAP THAT SHIT
I dunno Don Dumb, maybe if windows removed windows and installed Linux Kernel removed DOS and replaced it with bash then it be in line with the cool kids.
Maybe when we get to see proper Windows servers doing something other than being scanned for weaknesses with equivalent uptimes running bash and a Linux Kernel then the tune will remain the same.
In short - fdisk drop c
install Linux and pay nothing with a good stable OS vs install poop pay for it and get shafted with updates and reboots
genuises at MS
Take a look here does it look like it has been ripped off yet another existing concept from Linux
Please don't take then slate
also to point out - this is not picking on MS product
If they had done it properly they could have encrypted the content on SD card - related to their local storage - but hey
Re: <title goes here but will it be encrypted?>
New York-based Include Security pointed out that .........
....., which has chalked up tens of millions of downloads, stored user data on the removable SD card that could be read by other applications.
but singled out Outlook, I assume because it makes good press to have a dig at Microsoft who some still see as the bad guys rather than any Android developer
Read the story BOD - its a redmon app developed by Microsoft -
nothing much going on in the redmond basement today?
no scientist but thought it was due to sun spots rather than climate change
The current cooling pattern is due to fall of sun spots, they tracked this down on some CH4 program the other week.
This caused Britain to go in a 50 year freeze the last time it occured in the 1640's and there was another one in the early 1900's in Charles Dickens times but not as prolonged as the 1640 mini ice age.
So don't believe all the headlines hard to believe any headline that quotes Britain to be as warm as the caribean as they so claimed back in the earlier days of what was then known as global warming !
Look here is the reality Man is ommitting green house gases but what to do ?
Should we all stop living ? that would be one way of fixing it
The truth is also that the third world and countries such as China/India have taken over the western world's manufacturing role, thus they are the ones actually omitting most green house gases
The truth is also that Diesel cars are worst when compared to Petrol cars but hey we live in a society where the governments double tax us (when we work and as we get to work) so for most to pay for a petrol car that consumes more of our wages than diesel is not a wise decision when considering how must most people are left at the end of the month afterinng paying off their burdens.
So as humans do we really want to fix this so called Climate change?
if so lets get real
Lets promote working from home (driving down the green house gases that is used to warm up large offices) the commuting fumes from cars/buses/trains.
Lets focus on the actual countries causing green house gases and help them
Lets do this from a superier level rather than yet more taxes on the average jo
@ LAMP lol
I take it you have had lots of job specifications from agencies which state LAMP and they were after
Lazy Ar$e Meh Programmers
Likely ASPX Microsoft Puppets
Look At My Page
err @ ip and LAMP holes lol
PING d.hpc.gtm.fti.net (184.108.40.206
What makes you think hacking a front page of a company gives insight or access to such details?
If I have a Linux machine that hosts my site and then I have actual complex systems that store user phone details outside of the box hosting the website
how would LAMP holes have any form of implication on such an attack....
Surely such an attack would comprise the actual box hosting the site and show information related on this box
telnet 220.127.116.11 80
Connected to 18.104.22.168.
Escape character is '^]'.
GET / HTTP/1.1
HTTP/1.1 400 Bad Request
Date: Thu, 08 May 2014 09:01:21 GMT
Content-Type: text/html; charset=iso-8859-1
Infact how can you be even sure it is LAMP ? it is Linux Apache
can you please confirm where you got Mysql Php from before we proceed to take these comments seriously !
Further more if you click a link it appears as aspx
Maybe it was that underlying crusty IIS Windoze stuff that was not patched ... so unless you have full details of the comprise no point in making such wild accusations
I am unsure the extent of interbindings from a given advert. Unsure if your read that entire article on the top ofy first post.
So far as I understand to the ss an android is a gold mine.
I presume using the adverts combined with other meta data from your other running applications helps trace you where ever you go.
The game maker's have totally denied working with nsa etc.
Personally I think there is a wide gaping hole in app policing on androids. Why does a game require privlalages to all aspects of my phone? If their not using those privalges are the third party adverts inheriting same privileges and doibg their dirty deeds using the cunning loophole.
Personally google needs to be policing android apps and ensuring its os restricts wild access rights
looks like i missed the top portion of the paragraph which explains that their money is not being made by genuine advertisement but simply by helping track you through innocent adverts back to nsa:
In December, The Washington Post, citing the Snowden documents, reported that the N.S.A. was using metadata to track cellphone locations outside the United States and was using ad cookies to connect Internet addresses with physical locations.)
In another example, a secret 20-page British report dated 2012 includes the computer code needed for plucking the profiles generated when Android users play Angry Birds. The app was created by Rovio Entertainment, of Finland, and has been downloaded more than a billion times, the company has said.
so yes none of it is really funny its all serious shit designed to snoop on all of us in innocent ways and that has truely got to be the darkest part of it all, knowing that those oblivious objects on your screen are actually part of a bigger thing
unsure what is funny these guys are serious about making money from our misfortune of ads being shown..
Rovio drew public criticism in 2012 when researchers claimed that the app was tracking users’ locations and gathering other data and passing it to mobile ad companies. In a statement on its website, Rovio says that it may collect its users’ personal data, but that it abides by some restrictions. For example, the statement says, “Rovio does not knowingly collect personal information from children under 13 years of age.”
The secret report noted that the profiles vary depending on which of the ad companies — which include Burstly and Google’s ad services, two of the largest online advertising businesses — compiles them. Most profiles contain a string of characters that identifies the phone, along with basic data on the user like age, sex and location. One profile notes whether the user is currently listening to music or making a call, and another has an entry for household income.
Google declined to comment for this article, and Burstly did not respond to multiple requests for comment. Saara Bergstrom, a Rovio spokeswoman, said that the company had no knowledge of the intelligence programs. “Nor do we have any involvement with the organizations you mentioned,” Ms. Bergstrom said, referring to the N.S.A. and the British spy agency.
Another ad company creates far more intrusive profiles that the agencies can retrieve, the report says. The apps that generate those profiles are not identified, but the company is named as Millennial Media, which has its headquarters in Baltimore.
In securities filings, Millennial documented how it began working with Rovio in 2011 to embed ad services in Angry Birds apps running on iPhones, Android phones and other devices.
According to the report, the Millennial profiles contain much of the same information as the others, but several categories listed as “optional,” including ethnicity, marital status and sexual orientation, suggest that much wider sweeps of personal data may take place.
A portion of the computer code in Burstly’s Software Development Kit — used by Angry Birds. This software was studied by GCHQ for intelligence value.
Twitter Facebook Link
Possible categories for marital status, the report says, include single, married, divorced, engaged and “swinger”; those for sexual orientation are straight, gay, bisexual and “not sure.” It is unclear whether the “not sure” category exists because so many phone apps are used by children, or because insufficient data may be available.
There is no explanation of precisely how the ad company defined the categories or how accurate the information is. Nor is there any discussion of why all that information would be useful for marketing — or intelligence.
@ Don Jefe
Very well put
send in inspector cludeo
ye a few of the possibilities outlined above, its worth trying to work out what the end users systems are, what browsers they are using. How many devices are used to interact with santander.
This at least may help identify if its specific to end users i.e. windows users using firefox/chrome/IE - then it be worth drilling into plugins used etc to see if some specific add on is causing this.......
This is all old news
https://www.youtube.com/watch?v=44edsh6_LUc remember seeing all this 4 years ago and not one media company paying the slightest bit of attention to it
What if the NSA has black boxes in all ISP's
what would changing from a source with a black box to a new source, whilst ISP has it achieve ?
chickens come home for roosting
Sorry this needs to be pointed out - wasn't it a few years ago there were threats made that any person in the uk found attempting to use tools such as port scanners etc - would be locked up ?
I mean you can not tell people not to do something then a few years later turn around and say we don't have any one with skills that can do such things....
Middle management will be able to hold meetings and discuss the way forward
@ Daniel B. Re: Ye gods
The Java 0 day exploit is related to user's PC running Java, this means if you are developing java applications that require the end user to run Java Virtual Machine then there could be issues.
If you are developing Java applications that run through tomcat/jboss etc that require the user to simply have a browser then this is not as bad as you think and certainly nothing like the ROR 0 day exploit
eh reg where is the edit feature
ok it was fulish of me since this could be on any or either platform, I admit I like insulting windows :) since it is trash take it from me
Ahem what OS
Very good report with no mention of the shafter of all Microsoft from the s/w list i presume they mean Firefox running on windows ?
as I have always said its not the software but the underlying OS thats most at fault here. keep on trolling
ahem correction of myself
You know what why am I re-inventing the wheel here ?
Why should any ISP or infact any content provider change their ways?
Why do we even need another fat cat minister yet again to overlook and be the overseer of yet another thing?
Its quite simple and the solution is already out there its called AOL - They do parental control with kids accounts who go through content filters.
Rather than having a minister surely it makes sense giving parents the initiative to sign up and use aol (evil muhahahahaha)
I mean I for one as an adult with no kids have no use for their service but hey it look there is market its the whole of the UK with kids lol
Seriously if this is what they want nothing negative for the kids it would make more sense rather than trying to wipe out the internet slowly invest that money in companies such as BT muhahahahahaha to have this service.
Kids are now safe you can put out the light and go down the tappas bar......
Lets not forget what we are talking of here !
we are talking of kids searching on youtube and google for things like suecide..
If there was a dual network 1 for kids which filters for bad things then in theory no need to worry /touch the adult side of things.
I am going to be honest here - this as per usual is nothing to do with root cause if it was my solution would work 100% its more to do with monitoring and knowing your every move
so roll on phorm and all the imaginary middle management positions created to monitor the internet PFFFT (only in the UK)
once you have finished please ensure you tell us all I will be a planning a flight plan ticket = 1 way
Yep UK heads showing its understanding of the internet lol
The issue here is the internet is a large database full of good and bad, the UK wants to rewrite the internet (lets assume its oxford dictionary) and take out all the things that mean bad things (sex, drugs, gun ) so kids are safe... hmmmmm lots of points to argue about here but its not the issue
The issue is what the UK needs is two internets
Internet for adults and internet for kids
What you UK bods need to figure is really simple
Rather than harrasing adults and contents on the internet
1. You need to approach ISP's making two layer accounts
1.1 adult accounts
1.2 kids from the adults that will be adults soon
1.3 Define IP ranges for 1.1 and 1.2
2. Send these IP ranges to all the market hoggers Yahoo and rest of them
3, Get them to block normal internet from the kid ips
4, Get Yahoo and msn and youtube and rest to create new websites KID FRIENDLY (like youtube) i.e.
kidstube.com so when a kid from ip 10.0.0.1 hits youtube.com - they are redirected via policies to kidstube..
5. Leave us adults alone and rather than harrasing adults try to THINK.. OPEN YOUR MINDS
If you can not open you mind offer people with a more technical understand the jobs
You have to be an idiot to use insecure RF technology on something as important as passports.
Yep its like using your credit card on http (without the s)
Hacker could potentialy read all your Passport/Creditcard info just by sitting on the same train carriage as you ! (anything with RFID)
You do not need to plug it into anything its Radio Frequency ID....
@ all over 65
sorry no offense was made. It was just an example for people who think on a professional level and comment on this level rather than looking at the problem from someone who has basic knowledge :)
@ By Nuno trancoso & @ AC about windows install
You do not need a licencse to use a computer
You do no sit a test of compitency to use a computer
You do not break any rules by getting hacked .
AC about windows install when making your own Partition for documents and settings
What if you purchase pc from a shop with windows? does it come with seperate partitions ?
or how about when you do an install does it come up with clear consise questions about partetions etc a sepearte slot for boot seperate for swap seperate for home etc ? last time i installed windows this was not the case but then it was donkey years ago....
@ AC about my comment
"The risk is even less if you run your box as an ordinary user not as an admin, i've been running like this for three years with few issues (non secuity related), "
my experience from a windowsinstall the initial user is admin ! there is no requirement to put in a root password to install anything...
"ALL of them caused by poor software not Windows."
Ahem thats why ubuntu debian and all the rest of them have central repositories so there is no need to go to http and download 3rd party software which is the source of a lot of the issues...
Two main flaws in windows if you ask me.. This is not evident in Linux
Also 1 last issue - FS partitions Linux install ok if your a noob all goes in one but for me its always been things like home get own parition - so sure format OS partition as much and as often as you like - your data is safe unlike c:\Documents and Settings\Blah
"spaces in folder names is not clever either by the way"
Old windows techies backing windows again i see
I would like all of you techies to step back with all your advices comments on without firewall and NAT and all that nonsense.
Just imagine you are 65 computer illiterate and want to go online with you new pc.
Obvously it requires patching ? whats a patching asks the 65 year old ?
you the 65 year old phones provider gets on broadband and in the post is your USB dongle (since none of them are going to send you a broadband router unless you ar paying extra)
so the 65 year old goes online and in 4 minutes he is infected he spends another few months spreading infection deeper and further in OS.
MS should have done better than this by now.
for a start with all that profit (that don't go into no MS fanboys pockets) they could have created CD for online access so all people using the OS at all levels who sign up with a provider get this CD sent to them........
Secondly do they actually test any of their products before going live surely all thes excess open ports there should be a hardening package or go online utlitiy ? go through lock down ports not required..
No more advice for the bull of all OS's MicroShaft... sign up with us and we will shaft your day with lots of time spent on analysing why our OS sucks.
I have a dream and in this dream microsoft no longer exists. :)
Format the HDD?
Yep if you backup your game data to a usb stick you can safely format ;)
Easy fix for SQL Injection
Ok, I admit to writing bad code not fully verified and I have so many fields all over the place that it will be a really long winded thing to walk through all compiled code/perl code etc and lock it all down.
Easy fix is Run Apache with mod security enabled - mod security will catch out SQL injection and not return anything back to user.
I have made some docs on how to enable it here
Problem is now fixed get XP and SP3 now !
yep install XP and make sure you have SP3 now this will fix all your issues, since you will be constantly rebooting your hacker wont get a chance to run anything
get a proper OS you windows bible bashers.
DTLSL ... SSL UDP ?
Just a thought
(DTLS) is a protocol based on TLS that is capable of securing datagram transport (UDP for instance).
sure microsite is to blame
I never been a fan of billy goates and his fake software that he tries to enforce costs on you for running dodgy software in the first place..
but here is the thing.. if you go buy a car that ends up damaging your drive or the roads you would be up for compensation since its not doing what its supposed to be doing ie running on the roads and driving u from a to b..
If you move into a house and get broken into its not your fault that you moved into that house - insurance would pay back for costs and police would investigate the break in
so why is when microsoft produces badly written software that they have the cheeck to charge end users for it why cant they be held responisble for producing utter rubbish that should have been sent to recycle bin rather than production line.
Microsoft and its badly written system should ensure a badly patched PC can not do anything besides get the latest patches and get them installed prior to clicking on anything else !!
not flaming pointing out obvious here
David Eddleman I dont mean to start a flame war but FYI again
When you had Sobig and Swen (I presume unix spyware)
had you hardened your linux servers or was you running all ports and running as a server
you heard of lsof ? backtrack what app is using what port ? does windows have these nice utilities ?
further more did you try Se-Linux ? is there an equivalent on Windows ahh yes the new windows which will be MSDOS lol hahahhahahaha
Also Mr Eddleman and who ever else thinks its to with popularity
Lets take a step back lets look at an application
IIS Vs Apache
I know Apache is more used according to netcraft and yet most issues and site hacks are done on IIS even though apache is open source? (how is that rule apply here then ???)
Reality is you all make assumptions since oh windows gets attacked cos most people use it absolute rubbish - windows gets hacked cos microsoft produces absolute rubbish that they try to sell to you on a yearly basis if you dont buy it oh we dont support old version.
This is why they get hacked its their campaign of making money and their campaign to get the last pennies out of poorer people like the indians and chinese etc etc .. same goes for iphones etc
Its the hate they make for themselves
once upon a time
Google has lived out the good times its going down the evil route of MS and government..
Tracking what we all do
Easy solution :
1. clear all cookies and cache every closure or exit of gmail and use TOR to browse net
2. Stop using Gmail and google.
3. Use webcrawler metacrawler astavista the old search engines its time to revert lol
4. Let google loose its user so it can snoop the air that flies past their network
All snoopers are loosers and these so called amature terrorists gives the government and these organisations more reason power to snoop
So if you ask me yes the war is being won by the terrorist cos we have a little bit of freedom left and this is slowly erroding day by day
It might be soon to go and live in some caves afghanstan have no mobiles or electronic devices for them to snoop
Hey we might meet up with laden and all those billions of dollars he has in the caves and have lamb burgers for the rest of our lives lol
- Comment Renewable energy 'simply WON'T WORK': Top Google engineers
- Useless 'computer engineer' Barbie FIRED in three-way fsck row
- Game Theory Dragon Age Inquisition: Our chief weapons are...
- 'How a censorious and moralistic blogger ruined my evening'
- Amazon warming up 'cheapo web video' cannon to SINK Netflix