Posts by David Wilkinson

Secure your family and friends WiFi's

I recently found three of my family members had completely unsecured wireless routers, two of which were installed by their ISPs. Also several friends as well.

overwriting multiple times is good enough.

One pass of all zeros or 1 and you can probably figure out what the previous data was. One pass of random data and maybe with high enough resolution equipment you can tell one pass form another by minor variances in each paths alignment. That is one time the head might be a tiny bit high, next a tiny bit low....

Three random passes and the data is simply gone beyond any recovery.

The only reason to physically destroy the data is fear of human error or laziness. You tell a guy to erase a pile of HD's maybe he will switch to one pass to finish faster so can sneak a cigarette break.

You physically destroy the drive and you can tell at a glance the job was done right.

Where would the money come from if it wasn't lost.

I had a near 4.0 in high school, got scholarships, grants and worked two part time jobs while going to a state college and I still came out in debt.

I am not arguing about the ethics, just wondering how where they think all this lost revenue "stolen" by college kids would have came from?

Has anyone verfied that this is even unusual?

Sorry but this is a release from a company that makes money scaring people into buying their product.

It could be that at any given time it is normal that 15% comes from a few hundred sites?

Seems like criminal packages client exploit, criminal picks server vulnerability to exploit (usually old software for which a security updates has existed for month), criminal infects several hundred sites ......

Outbreaks like this could be the norm.

The only thing new or clever is maybe renaming the .js file so you just find all the sites with evil.js and then know they were infected as part of the same attack.

They don't have to offer eveything the customer wants

With a company as big as Dell things that seem simple get complex fast.

There probably isn't a way for an agent to put though an order with options that don't exist. They are under no obligation to offer every possible configuration. And people who complain about every worker not being a skilled technician are probably not willing to pay extra to get that.

If you want a personal experience and deal with skilled people you have to go small. Of course it will cost that small company a lot more to push the same hardware.

To me this is like getting fast food and complaining you don't have service and options you would get at a proper resturant.

I still like this kind of article because its in everyone's benefit for Dell's customer to complain. Maybe next time Dell reworks its ordering system they will decide to offer different options.

It also matters how closely the custom code integrates with the GPL code.

When you use GLP software as a component of a larger program then you may have to GLP the larger program.

For example if I write a program that uses MySQL and only MySQL as an engine then I have to either have to buy a commercial license or GLP the program.

Now if I write a program than can access a variety of databases including MySQL then I don't need to worry about those restrictions.

Now the LGPL license works the way the MPAA lawyers claim. You can use LGPL code in any way you want and never have to GPL the larger program.

Its a bit more complicated than that and better explained elsewhere.

8 bit encryption

Each bit doubles the time it tacks to crack the encryption. With only 8 it gets broken instantly. The only reason the demo is slow is because they are waiting for enough keys to be pressed.

Double that 120^2 times and suddenly it takes a super computer 10 years.

The scary thing is that I almost bought an MS wireless keyboard last week.

The scarier thing is everyone else is probably equally as bad at security :(

Either porn or he though the IT staff planted a keylogger

I always thought a 7 level wipe had something to do with too much 7 layer mexican bean dip.

---

Anyway his story makes sense to me. Just the other day I got drunk accidentally started a 12 hours scan of my hard drive with forensic recovery software, then accidentally disabled my antivirus, accidentally restored the virus then accidentally clicked on it.

However I never get so drunk that I accidentally disassemble the drive in a clean room environment then accidentally attach it to some NSA magentic scanner capable of recovering data thats already been over written.

But I suppose it could happen.

---

Seriously my first guess it its either 1) porn, most likely legal, but still embarrassing 2) gay porn 3) sexually explicit communications (email, IM) ....

My second guess is that he discovered a stealth keylogger on his system and he suspected the in house IT people were involved, so he had to go with an outside source.

Still my money is on porn or embarrasing emails

Is DRM Free downloads even an option here?

Do they even have the legal rights necessary to offer DRM free downloads?

My guess that the contracts involved necessitate time limited downloads which means DRM.

If thats true then the anti-DRM debate needs to either stop or be taken up a notch so that its aimed at the existing copyright laws rather then the BBC.

given what passes for real programming today (javascript)- Ada is difficult.

The old standard was that its not a real language unless you can write on OS with it.

Furthermore you weren't a "real" programmer unless you were proficient in at least one "real" programming language.

Now that scripting languages no matter how product specific/feature limited is a "real" programming language.

By that standard Ada is difficult...

Hard to comment without knowing more

Was the company negligent in their safety and environmental practices, were the employee's properly trained, properly warned.

Are the chemicals in question show to cause the side effects mentioned.

Were the companies HMO doctors pressured to downplay the risks or where they giving the same advice they would to any patient.

As for waiting to file a lawsuit, the mother probably thought the birth defects were completely unrelated, then at some point something changed her mind.

Quit blamming the victim.

I repair computers after human trash like this infects their machines. Many of these people are highly intelligent and very successful in their chosen careers.

The sad fact is you have to be a serious computer geek (or have one advising you) to keep a Windows computer safe.

As far as never storing passwords. I store mine encrypted within firefox. With the master password needed a program can't just steal them, but then there are keyloggers. Also ever run a password intercepting program on your computer?. Its amazing how many programs send your password out via plaintext even when the rest of the communication is using secure encryption. IF THEY CONTROL YOUR SYSTEM - THEY CAN GET YOUR PASSWORDS.

As far a boot CDs, they will never be popular. The web is constantly evolving, which is why we need a constantly evolving platform to surf it. Now maybe a web browser which actually ran in a virtual machine might work.

A remotely managed virtual appliance with pushed upgrades, whitelists for optional installs, manditory antivirus and antispyware scans before downloads can leave the sandbox .....

Let some linux geeks build that. Can't trust big business. It would be AOL, Norton AV.. - spyware would be defined by who gets a cut like at most of the download sites.

A step in the right direction, but the backup needs to improve.

They just need to add the ability to do a full disc/partition image to any system device while the OS is running.

On the PC I keep my personal data and OS on separate partitions, and backup my OS with True Image while windows is running.

I can restore using a boot CD and it always works.

I used retrospect to backup my documents. There you want to keep track of multiple file versions....

Both types of backup are needed.

Also RAID 1 is hardware redundancy not backup. I have my documents on a RAID 1 array, but that won't help if I screw up my financial spreadsheet and need to consult last weeks version.

Of course I use True Image and Retrospect which didn't come free with my OS.

Anyway step in the right direction for OSX they just need to get the bugs out and add some live drive imaging options to the mix.

eBay could improve their security if they felt like it.

Maybe they should implement a proper escrow service to hold funds prior to shipping, then released after delivery.

Maybe sending snail mailing sellers a letter with some one use codes needed for purchase over a certain amount. Sell something for over $500, enter password & scratch off a code.

Fraud would be a lot harder if you had to hijack a sellers account and steal their mail.

I am just saying there are a lot of things they could do.

Anyone remember the drug from the fallout game?

The drug "jet" turned out to be manufactured by gaseous emissions from the brahmin (two headed cows).

Anyway this reminds me of the banana peel drug myths.

You just pick something no one will actually do and then claim you can get high from it.

Real headline OSX not perfect!

The only thing I hate about the Mac is all the hype.

Not talking about Mac users or Mac Fans, just the Fanboys.

You talk to certain Mac users and they will tell you with religious furor who every single computer problem is solved by switching to Apple.

When my uncle bought his first Mac he was bitterly disappointed. Not because his laptop had any real problems, but because of certain minor annoyances and problems which he was repeatedly told only happen to Windows users.

Macs are far from perfect just like any other computer.

PS after I installed XP in a virtual machine (for two Windows only Programs), and gave him some OSX training videos my Uncle now loves his Mac.

You can change and restore a password

They are just numbers in a database.

Record the original value of the encrypted password.

Replace it with the encrypted value of a temporary password.

Restore it to the original encrypted value.

Create a interface to automate the procedure, give the required database privileges to an account that can only connect via internal IP addresses.

Tech support can then gain temporary access to any account by temporarily changing the password. The customer gets to keep his old password, which remains a secret.

You can do the same thing for under $30.

Buy a cheap "mobile rack". It fits in a 5.25 bay and has a caddy that fits 3.5" drives.

Whole think costs $10-$30. Depends on whether you are ok with plastic or want aluminum.

Get a SATA version and it will be hot swappable.

Or you can get an IDE controller that supports hot swapping (they exist).

Or get an IDE to SATA adapter that supports hot swapping.

---

Or even better pop all those drives into a RAID 6 array and do your backups over a network.

How about some arrests?

How about instead of 5,000-20,000 lawsuits against people trading mp3's we have that many investigations into those trading stolen credit cards.

I just find it strange that is more dangerous to trade in mp3's than in stolen credit card numbers.

Blame the voters.

The USA definitely needs some decent consumer protection laws.

Also national health care, and some strong new anti-trust laws to create a more independent media.

But I don't see big business paying for the TV ads that will tell people that they think those issues are important.

Pedophile, paedophile, sexual paedophile

Dictionaries are descriptive not normative and words obtain meaning by usage, there is no other linguistic authority beyond usage.

Natural languages are living languages that change over time. (Actually most of the artificial languages seem to change over time a well.)

Maybe at some point in the past pedophile meant something else, but today it is equivalent to sexual pedophile.

PS I am betting that before they went public with a name they had more a bit more than tips based on unscrambled images.

Also I am guessing that with that many photos there must be moles, scars, tattoos ... something to uniquely identify him once they have in in custody.

I also have to chime in against police brutality and vigilante justice, its very important that people get a fair trail, especially in these cases.

From what I hear people in prison have pretty much the same attitude toward these sick bastard so there is no need to rush things.

Also court cases tend to go better in these countries when the international press is paying attention. No judge is getting bribed in this case.

Drupal is more flexible than you think.

Drupal gives you all the control you need.

The theme system gives you complete control over every aspect of presentation.

The software design is amazing modular consisting of an elegant system of hooks and API calls. Your modules can step in at any point and replace default behavior with its own functions without having to hack the core Drupal modules.

Granted to write a sohpisticated module you are going to have to be a competent PHP coder and maybe read a 200 page book.

Simply creating a theme is a bit easier, but still the learning curve might be higher than with other CMSs.

However I found that studying Drupal's inner workings to be rewarding for its own sake. The code is so well designed that I it was almost like reading a text book on how to apply modern software designed methodology to the PHP programming language.

I am not saying Drupal right for everyone, or even for most. People have a wide variety of needs which calls for a wide variety of of feature sets and characteristics.

I wanted a PHP based CMS with well written code, and a highly flexible modular design can be easily extended.

So far Drupal is the best I found.

Useless for small projects essential for large ones

If you are doing something short and simple you can jump right in and start coding.

However once things start to get even the least bit complex, I find its good to start thinking about methodologies, design patterns, documentation, coding conventions ......

Even on something as simple as a one man two week project.

I am not saying you should treat everything like its the next space shuttle launch, but you should be able to go back a year latter and easily understand what you did and why you did it.

Sometimes you will even want to go a bit overboard on the short & simple projects if you see the potential for part of it to become a reusable component.

Makes you wonder

How often does this exact thing happen, but the criminals don't advertise?

---

I am also confused as to the criminals motivation.

A "white-hat" would do the deed to draw attention to security problems, but not post the hashes and passwords.

If there was a profit motive, I imagine you would probably want to quietly exploit the information without anyone knowing.

I am guessing then that the motive is either bragging rights or revenge?

Only how do you enjoy either if you can't tell anyone?

If you want to attack Microsoft, there are much better grounds than this.

If some OEM wants to standardize on Vista I can't think of a legal or moral argument against it.

Microsoft still sells OEM versions of Windows XP. If your favorite vendor decides not to offer XP, you can shop elsewhere.

I think the plan is to slowly corrupt China with our Western Ideas.

I don't think China's leadership is as much adamantly opposed to human rights and democracy, as they are pathologically fearful of disruptive change.

The more China is connected to the rest of the world, the more Western values and ideas from influencing their culture.

I think the best hope is for change in China is for it to happen gradually from within.

External pressure for change would at best only harden China's leadership and at worse would actually succeed in toppling their government through economic collapse (and probably lead to a world wide depression in the process).

When a government collapses it often results in something far worse taking its place.

Not so much bad movies as a marketing problem.

Hollywood is addicted to overselling. For them marketing is about raising expectations to an impossibly high level for a quick cash in.

People see a good movie, but because they lead to believe it was going to be one of the greatest movies ever, they leave profoundly disappointed.

The key to enjoying movies is not to buy into the hype.

Right now my expectations are for the new movies to provide nothing more than great action and greater special effects, but with a tired unoriginal plot.

I will probably leave the theater happy, while other people are complaining about how it wasn't as good as the first two.

I am a big fan of open source software for windows.

The Ballmer's don't deserve a reply, but I would like to say I definitely appreciate those who develop open source programs for Windows.

A couple times I year I review all the software I use on my Windows installation, and switch to use open source software whenever practical.

BTW Google doesn't do anything that isn't done by every other business out there including your credit card company.

Boycott everyone won't work. Better privacy laws might.