Only Ubuntu left standing, as Flash vuln fells Vista in Pwn2Own hacking contest A laptop running a fully patched version of Microsoft's Vista operating system was the second and final machine to fall in a hacking contest that pitted the security of Windows, OS X and Ubuntu Linux. With both a Windows and Mac machine felled, only the Linux box remained standing following the three-day competition. Shane …
Not a driver problem. It was a problem with the acquisition app that came with it. And try to gain focus long enough to type anything while the crazy box is opening 20 windows a second. Good luck. As for the system restore and all that, I had no idea about when the thing was installed.
As for the full-screen terminal, I always thought it was just hiding the (still running) graphic server? Never checked though. But in that case, it wouldn't have helped, as in less than 10 secs the machine would have been unusable anyway.
BTW, I seem to remember that when you kill it a couple of times in a row, KDM (or GDM or whatever) shuts down. Not sure though, as startx is good enough for me.
And I agree that it wasn't a huge problem, more like an irritating thing (On a Friday afternoon!). Anyway there's something wrong if this is allowed to happen. Cross-session. On the Admin account too.
bah only one decent OS ever - VAX/VMS. Lovely command line where you didn't need to memorize random sets of consonants to get things done.
I have fond memories of my first VAXCluster, every machine named after a character from the Lord of the Rings, natch.
I also remember the slight issue on 4.x systems where as an operator I could send a notification to my mates containing control codes, allowing me to reset their terminals at will bwahhhahahahah
Now I feel justified in my decision to remove the big MS bloatware OS from my Dell and put on Ubuntu as the sole OS last year.
Now I also feel nice installing Flashblock, NoScript, AdBlocker Pro into my Safari and never installing any Adobe Flash/Shockwave software ever when web pages nag and refuse to work.--- I simply never visit those web sites again.
As details of the CanSecWest exploit come out it seems it was due to a bug in the open source PCRE regular expression library which was found by someone carefully scrutinising the source. You could argue that had it been in closed source it would have been harder to find :-)
This whole competition thing is all a bit silly though. I don't think anyone claims that ANY operating system or piece of software can ever be absolutely secure, in and of itself. The real question is how quickly vendors issue patches once a vulnerability comes to light - and how many undisclosed vulnerabilities are there out there that people are busy maliciously exploiting.
When people claim Mac OS X is more "secure" than Windows that's not an absolute claim about theoretical security (as we've seen, any piece of software can and often does have bugs that lead to security vulnerabilities) but a simple empirical observation. There are literally millions of owned servers and home machines out there in huge bot farms sending out spam emails and hosting phishing sites. Currently the percentage of them running Mac OS X is approximately zero. Could this change? Certainly. Anyone would be a fool to claim otherwise but that is the current situation, as it is now. 0%.
Security has to be measured relative to the threat. An analogy might be a marine patrolling the streets of Baghdad. He may well be wearing body armour and be armed to the teeth but how much safer is he than you walking down your own street in nothing more than shorts and a tee shirt?
I don't know about you but I know where I'd rather be. Sure, I might be mugged tomorrow, but so what? I take sensible precautions, like not wearing flashy jewelry or looking too much like a victim, but really, life's too short to spend it worrying. I'd rather live a little and enjoy life. If that makes me a complacent fool or a smug git, so be it.
As an Umbongo user myself, I'm wary of getting into a fanboy frenzy over this result.
I think the real lessons are to beware sloppily written proprietary apps (in this case Flash) and that no OS is 'secure' if lusers don't patch, harden and exercise caution and commonsense.
Still can't help a thinly veiled smirk, though ;)
Yep, full screen DOS window is just the same as a normal windows DOS window, everything is running in the background. You can however in that window bring up a list of running tasks with 'tasklist' which lists all running tasks and their pid, then 'taskkill /PID [pid number] /F' that will force the task to die, the same as the Linux pidoff and kill commands.
So if the badly running app was called "badapp" with a pid of 123, it would be taskkill /PID 123 /F which *should* kill and force the death of the badly running application, you can also use /T to kill and child processes started by the poorly running application. It does what task manager does, only in DOS.
@ the M$ comment by Kwak, quite true, MS are a very profitable company, and I'm sure you give away, as a percentage, as much money to charity as Bill Gates does every year, yes? No?
Perhaps the lesson we should be taking from this is that third parties have less interest in the security of the OS than the OS vendors.
The fault was in Macromedia Flash. You know, Macromedia, who dominate the copy protection market. The ones who sell Dreamweaver, which is cused for coding a lot of the web scripts running on the 'Net.
I'm left wondering if there's a way I can pwn a system by subverting the Macrovision copy protection checks.
You still fail to understand. As I said, every window was a separate process (and i have no idea on which app triggered the *.exe in the first place. It was maybe even not running anymore). Killing one wouldn't have be more usefull that just closing the window in the graphical environment (I tried, mind you, using the task manager). Your solution wouldn't have worked at all as they would have still been spawning "in the background", crashing the machine in ~10 sec. Not to mention that the DOS-like console couldn't have been opened anyway, as I wouldn't have been able to keep the focus long enough to open it (even scrolling down a window was a real pain). Don't try to justify Windows' lame management of separate users or process privilege, and lack of decent administration tools.
There was no easy solution given these flaws, unlike under any *NIX-like OS. Right I could have saved 1/2 hr by using an external booting medium to remove the *.exe file, but I would have had to uninstall the apps anyway, so I would have had to spend this time no matter what, even if later.
The fact is that this happened because the OS is badly thought. And it puts in light a major (major, like MAJOR) flaw in the system. This time, no consequences but if the rogue app hadn't been an utterly harmless legit one, it could have been very bad.
"I always thought it was the African word meaning "I can't use a real Linux distro"."
Wrong. Ubuntu is an African word meaning "Too lazy to install Debian". Same meaning for "Red Hat" (and derivatives), "Suse", etc ... "Debian", in turn, means "More shiney than Slackware". And Slackware mean "I'm too old to use Ubuntu".
or maybe it is that you haven't yet learned to read English ... The one line in this article which everybody so conveniently ignores is the one which renders all of you attention deficit sufferers' interpretations a la "x won, y is bad, z was worst" invalid, it is at the end of the article ...
"... Macaulay, who says with a few hours of tweaking, his exploit will also work on OS X and Linux."
that's the only line which really matters in the entire article. But you will sure continue to kid yourselves because you only read what you want to read.
The truth is though that no system will stand up to a determined attacker, thus there are only losers, no winners.
I use Slackware 12, I am not too old to use Ubuntu. I choose to use Slackware, it is my choice of distro. That's the good thing about Linux - choice. I did use Kbuntu, but it was not to my liking. I have heard Slackware described as the hardmans Linux.
I have also used SuSE (7.1, 8.1, 9.1 and 10.0, then ditched it, too bloated), mandrake (a long time ago), Gentoo (v fast performance, you learn a fair bit about Linux when installing it), Fedora (didn't stay on disk for long). And I still have my original Slackware CD's from '96 and '98. I remember compiling the kernel from source and editing a script to get my modem working.
And, yes I have used windows, various versions. Still do, at work. Have to.
Slackware should mean "for those who aren't afraid (to get their hands dirty)".
Paris - she probably gets dirty whenever she wants to.
"Although useful in raising security awareness in general and, more specifically, demonstrating that most systems can still be hacked even when fully patched, the contest doesn't show the aggregate risk of each OS/application suite. I'd wager that Mac OS X still presents lower exposure overall than Vista SP1, all things considered."
Uh and how did you come to that decision exactly, seen as you didn't appear to mention the "things" that you considered to come to your conclusion? To be honest, that sounds like that sort of line that I feed a manager to leave them confused enough not to argue, without actually stating any facts.
Oh and @ Ronny Cook - don't Adobe own Flash now rather than Macromedia?
"As of today, since the Vista and Ubuntu laptops are still standing unscathed, we are now opening up the scope beyond just default installed applications on those laptops; any popular 3rd party application (as deemed "popular" by the judges) can now be installed on the laptops for a prize of $5,000 upon a successful compromise."
"7:30pm PST Update - Vista Laptop was Won!: Congratulations to Shane Macaulay from Security Objectives - he has just won the Fujitsu U810 laptop running Vista Ultimate SP1 after it was installed with the latest version of Adobe Flash."
I appreciate it's a popular plugin, but I can't help feeling it's a little unfair to blame an OS for the lack of security in a third party application that wasn't installed by default.
And @Andy Worth, Adobe acquired Macromedia 3 years ago.
Gotta add my own "Ner Ner Linux is the the best" :P
On a serious note, the old addage comes to mind: The only security measure which works is a 6-inch air gap (although I guess with the advent of wireless this is not strictly true... 6-inches of lead maybe?)
I would love to see a server version of this. Servers should not have flashy things (like flash :D or java) installed, but most Windows servers I have seen do. Would be nice to see a well set up version of each server OS (Linux/Windows/Solaris/FreeBSD...) made available for a Pwn2Own.
It seems very much from these results that this is no longer the problem... As usual, fingers are pointed and normally falls to the OS manufacturer... It's like saying it's Microsoft's fault if a piece of hardware doesn't install properly...
The fact that both these exploits managed to utilise bolt-on software and that no-one bothered to try and hack the base OS on the first day is surely a wake-up call? All this mud-slinging about which OS is less secure is dried-up in the face of this?
Paris, because I can't pick on any of the OS Mugshots in particular and because the majority of people are as clueless as her to hacking PCs, myself included. I just spend my life being paid to secure the systems I support... hmm... Roll on vulnerabilities!!!!!
"To this day I just don't understand why Apple does so well when it's in fact so crap, it's not like Apple hardware isn't made in a cheap sweatshop in China either, it's low quality tat, plain and simple. Stories like this just prove it further and further day by day yet the zealots persist.
Oh how I laugh at them. Heh. Hehehehe. Hehe. Hahahahahaha. Ahahahah. BWAHAHAHHAHAHAHAHAHA MAC OS X GOT OWNED FIRST."
To this day I don't understand why windows zealots do not read the article before posting such rubbish.
So, both the Mac and Windows machines were exploited by components not made by the OS manufacturer...
Webkit (the open-source browser engine) was the culprit in the Mac's case, and Adobe's Flash in Windows case.
As both Webkit and Flash are available for all three platforms no doubt with a little jiggery-pokery both exploits would work on all three platforms.
Clearly the Mac was targetted first because the prize was the most desirable and valuable - not just the MacBook Air, but the headlines it generated.
Who would really want to win a Windows or Linux machine?
Err... didn't the guy who hacked the Mac admit that he tried it first? Kinda makes sense he didn't hack the other two first when he wasn't on them!!
The only real even test would be the same person hacking the same machines and telling us how many actual hours of hacking it took. whole things a load of balls.
There's not bugger all to do with Linux desktops at all- you can use them for anything office-related, anything programming related, media manipulation software is getting better and more prevalent, and even gaming isn't impossible- loads of games are released for Linux (UT3 was a recent favourite), and those that aren't can frequently be played through Cedega or WINE. Even Stereoscopic gaming is- IIRC- possible now under Linux.
In fact given the software that's bundled with many Linux distros- especially Ubuntu from this article- you can do more with a Linux out-of-the-box install than a Windows out-of-the-box install (almost-Photoshop-grade graphics manipulation, full office suite, etc.)
Right, I'm off to play UT3 on my lovely Gentoo installation.
"And for those baiting the Apple users, go surfing with MS Internet Exploder and MS' standard "security" settings. But I suggest you make a full backup first."
I've spent the last 8 weeks using nothing other than Windows Firewall and Windows Defender to secure my system (i.e. the standard security settings). I got a little paranoid over the weekend (this competition had a little to do with that) and reinstalled Norton Internet Suite again. Patched it up and ran a full system scan and...
I had been infected! OMG!!!!!
One tracking cookie was identified as being suspicious. Norton recommended taking no action.
Now don't get me wrong, during the time I was using purely Vista for security with no other 3rd Party apps I would not have wanted to let anybody know what I was doing and certainly wouldn't have published my IP to let people try to hack my box, however, that's not changed since I reinstalled Norton.
No backup was necessary. My data hasn't been compromised. It's all good.
So Stizzleswick, your point seemed to be that Vista *with the standard security settings* was less secure than OSX (with no mention of standard security settings). In this test will OSX be using the standard security settings too (or would you prefer to turn the firewall on first)?
So, as I've already gone "surfing with MS Internet Exploder and MS' standard "security" settings" with no ill effects I claim my prize of being allowed to bait Apple users as often as I like for all eternity!
Deal with it!
(and LMFAO)
Paris because she's so used to having her box compromised.
I'll happily admit there are some failings within the Windows environment, one which you pointed out, that 3rd party applications can and do cause annoying issues. Linux does lots of things, especially application managment, much better than Windows does, and is inherently more secure.
However, a failing in both Linux and Windows is the same issue you highlighted, installing software that is incompatible that will crash the system. Some Linux app's require sudo to install properly which elevates their rights, sure on Linux you may be able to log in and fix the issues, or even telnet in and fix the issues, but both systems can be prone to such 3rd party foibles.
Mac's just suck, can we at least agree on that? :P
Hi Pierre,
I had something similar on a friend's vista machine (not the 20 windows a second problem, but the administrator rights one) What I ended up doing was opening the Windows explorer tool by right clicking on it in the start menu and choosing "run as" and entering the admin details (even after logging in as the admin).
How about trying that and deleting the EXE from the system so that it doesn't start after the next reboot?
"Call me a cynic, but I'd imagine that the people hacking would *want* the open source version to win"
I can think of other more fitting monikers. This argument is pretty lame IMHO. Firstly it assumes the hackers were largely open source admirers, it then moves forward to suggesting that their individual love was stronger than the lure of a $20,000 prize, and finishes by believing that each trusted the others to altruistically not hack the open source box either. The same open source box that has all the code available for the world to inspect for months in advance.
"Well, do not underestimate Microsoft and Apple. I'm fairly certain that if they REALLY want to, they could release a patch within a couple of days."
Unfortunately if they did attempt to release a patch within a couple of days, it'd almost certainly break things. The reason is simple - these operating systems are so convoluted and interlinked and the source so badly written and badly controlled that a seemingly trivial and insignificant change in one place can take down the entire system in another.
MS tried this kind of rapid release fix at one point but gave up as they don't have the resources to test even the smallest of fixes that quickly. Apple just never bothered trying to do anything fast at all - but then that's probably based on seeing MS try, fail and get away with a much longer patch cycle.
Two comments apparently made by Webster Phreaky .. and both are completely contrasting. I've only been reading the comments about Pwn2Own for Webster's, frankly genius*, remarks.
I'm now starting to wonder if he has multiple personalities or something .. each one a fanboi of each platform.
* For a given value of genius, of course. And that value is 'i'.
Nice try, troll. Now, back to your cave, mommy is calling.
@Webster
Are you going bipolar? :-)
@Just some basic facts
Thanks for the explanation.
@Are you guys all dumb or what?
And you just believe the guy? Or you knew he was right, but so what? What's wrong with some discussion to enlighten we mere mortals who'd rather know whether there is merit to what the guy affirmed and the article (and you) promptly accepted, for whatever reason? (prior knowledge or otherwise)
"Well, do not underestimate Microsoft and Apple. I'm fairly certain that if they REALLY want to, they could release a patch within a couple of days."
I don't know about Apple, but Microsoft cannot do it because it is NOT Microsofts fault. It was Flash (made by *Adobe*) that was exploited.
And before you jump the "FF/Ubuntu would protect better" bandwagon, that is NOT the case. In FF plugins (like Flash) executes in the FF process, which started by you and which has all of your privileges. A Flash vuln. on Linux is just as devastating as on Windows.
In fact, if it were not for the stupidity of Adobe - who actively circumvented the extra layer of security of Vista+IE7 - the opposite would have been true. FF+Ubuntu would have been vulnerable, Vista+IE7 would not.
$ and prestige (AKA $ by reputation) was main reason these researchers were involved. Enough already with the ignorant "they did because of this laptop" - all involved would have loved to have hacked all 3 boxes. And even the Day 3 CASH prizes are enough to buy 2 of any of the laptops.
What many are not focusing on is that the contest did NOT allow KNOWN exploits. This is a very skewed contest, narrows it down to just "who can find a new exploit quickest" or "what researcher is sitting on a security vulnerability". Not by ANY means a contest to see which laptop is more secure.
Also it is a very different question to ask "which laptop as configured by the manufacturer is the most secure?" and "Which operating system can reasonably be locked down the most secure, by the majority of users?"
Not saying that either is a better questions, just very different.
I think with known exploits not being allowed, it is very safe to assume that if they had allowed them, ALL 3 laptops would have fallen over in a matter of minutes.
Consider this too - you have a vulnerability, or virus that is currently undetectible.... If you are a hacker this data is much more valuable to you being sold as a hacker service on the black market (and not sharing your trade secrets) why would give up your magic key to everyone else, or worse to have corrected and no longer useable? Only security researchers are really interested in the fix being in place. Hackers are more prone to avoid this type of FBI infested venue and keep thier evil little secrets to themselves.
oh and M$ = Funny and appropriate. It is apt because everyone knows exactly what company is being discusssed and why.
M$ as a corporation have shown an unethical (and often illegal) business model of money over morals time and time again (anyone follow the DOJ trial here on el Reg? - M$ behaved dispicably).
And in regards to the charity donations, yes many people have given a larger % portion of their income than Bill. You also have to ask yourself the "why?" about this one as well. I have ready too many stories about 3rd world countries getting offered malaria and other disease assistance from the M$ (Bill&Melinda) charity - if and ONLY IF their government signs on to use M$ as their official government operating system. It appears to be being used as a sales cudgel to beat people with. I have also heard reference that the M$ charity at one point was making more money on the interest of their holdings (tax free mind you) than it was actually giving out.
And finally - he's just trying to buy popularity. I don't think there is a more hated person in the world (outside the BinLaden/Bush/Cheney circle of hate) it would not suprise me if Bill had to pay his dues so to speak before even his rich chronies would let him come "play" on their playground. And I'm sure his marketing deparment is aware that his negative personality was probably at one point on of the biggest hurdles for M$ marketing to overcome. What better way that to try and turn him into a likeable person. He could have spent the same amount of money buying favor in a lot of ways. I hope that some good does end up coming of it, but I am still waiting for the acutal donations to be spent in a good and unbiased manner. Even more scary is buffet seems to trust him to use his money as leverage as well......shessh!
I second that - Maybe there's nothing to hack on Linux, because there isn't anything to run on it? Much safer if all it does is shut all ports in and out and sit there humming along.
That said I do run Slack at home for my DIY crunching tasks. Everything still seems to be DIY of some sort which may have the side afffect of helping to obfuscate the OS and security holes to automated attacks.
Mine's the 1970's leisure suit with the breath mints and the pocket lint that never goes away.
@Are you all dumb?:
Yeah, he *said* he could hack it but why didn't he do so, even after hours of trying? What, did he just decide he'd rather not for some reason? "Oh, a free laptop and $5,000 is great, but TWO free laptops and $10,000? No way, I don't want people to think I'm gay or something!" Sure. That'd make sense.
@David Webb:
No, virtually all Linux apps require sudo to install (unless you're installing for one user, in his home folder) and it does not elevate their privileges when run. Only apps which require setuid (deprecated and dangerous) or sudo (much more secure) are run with higher rights than the calling user.
Now, running some binary blob self-installer with sudo is dangerous, but it's a rare occurrence -- normally you install apps with apt-get or dpkg, then the apps run as yourself, not root or anything.
@everyone saying "It's all Adobe's fault!"
It's partly Adobe and partly Microsoft's fault, if you actually read the article. The vulnerability in Flash alone didn't allow him to do anything on Vista SP1. (It allowed him to execute arbitrary code under the retail Vista, but the new IE security measures stopped that.) To get code running with elevated privileges now required him to work out a Javascript hack that allowed him to disable the new Vista SP1 security, a secondary vulnerability that should not have been possible, had Vista been as secure as it's supposed to be.
He was trying to do something similar on Linux, believing it possible, but failed to do so. This is why us Linux people are chuckling.
(Beating a dead vulture.)
Should have worked allright. If the "run as" box vever goes out of focus. Lame that you have to do that even when you are logged in as root, huh?
And the major concern, for me, wasn't not to be allowed to suppress the file (just a minor annoyance), but the fact that an app launched by an unprivileged user could go mad on EVERY user account. And even after a shutdown. I believe that it's because the privilege of a process in Win is given by the app itself, not by the rights of the user who launches it. Which is very bad. The only control is what the interface allows you to ask the app for, but if you find a way to feed an unlawfull command to the application, there's no way to stop it.
Ho, and yes, macs are annoying, too. I hate it when the computer prevents me from actually using it. (but MS seems to be catching up on this ground, as by default in Vista you have to click, on average, on 34.76 "yes" or "OK" boxes before the fsking thing actually does what you asked.) There are also a couple of things that I don't like about my Linux distro, but that's confidential.
Which leads me to John's comment... I'm not using Ubuntu. I despise this lame sub-Debian too much. Ubuntu has ONE quality: it is so "F(r)iend(l)ish" that it can be a good half-step in the migration from Windows to Linux. I would probably run Slackware if I was an old-timer (and if I liked to meet unexpected dependancy problems), but I like shiney things too much...Debian it is then. The HUGE collection of precompiled binaries also helped. I am not patient enough to recompile all the stuff (Gentoo, anyone?) and when I need specific compile-time options, well, I grab the code. I tried Ubuntu (just to know, never even bothered to install it), most of major Red Hat derivatives, SuSe, Slack, OS/2 (don't laugh), both major free BSDs, various Wins, Apple, BlueBottle (you know, written in Oberon -this one was a good laugh, try it if you can!), and even the HURD for a few weeks. Debian is just what floats my boat best so far (just had to take care not to install all the graphic bloatware that it will install if you say you want a "desktop environment -yes, the desktop is Gnome by default. Kills me. Why the heck? AARRRHH. I said it, I feel better now). Didn't try Gentoo though. Maybe I'm missing something here.
ANYway, Peach and Loze, Make FAP not warez, and all that stuff.
and, Debian soooo totally, mean, rulez.
"How long before people use this as 'proof' there are Mac Viruses?"
If it's not just a joke, try googling "first informatic virus ever" (or anything similar) (1).
Since Apple now prevents Mac users from doing anything with their "computer" (2), no wonder Apple-geeks (3) are not publishing proof-of-concept viruses and exploits anymore. Which actually weakens Apple, in the end.
(1)you bet, it was targeted to Apple OS
(2) quotes, as how would you actually _compute_ anything under Apple OS now? Ho, how I would happilly kill for an Apple][-like thing with a G5, huge RAM and good design! (4) ;-)
(3) does that still exist?
(4) "physically" (5) and also good API design (6)
(5) "good -though prolly a bit gay(7)- Apple designers. Pat pat pat"-style comment
(6) "no comment"-style comment (8)
(7) Not that it is a bad thing. I'm French after all.
(8) Tired of that lil game already?
My boxes are sooo asking to be pwned. But, mind you, I'd better have my shiney computers hacked than missing that:
http://www.taintedink.com/flash.htm
(warning: Flash (or similar) security risk has to be installed to view the things). I do like the cat. And yes, this should definitely go on a newsgroup and not here, but thanks to my sick humor I have to many enemies on that medium :-D
Idees
This event just proves that the overall security for all systems has reached a quite acceptable level. The problem is how user processes are trusted. Allthough os X was compromised through a user applications the os is built to qwithstand this kind of problems although apple is not using them nor promoting its use. But there are really good security howtos on hardening os X:s and even other bsd related materials are often usefull.
The real issue is if you use the user with previleges to administer the computer or if you use a normal user. The first user is allways administrative user and i discourage os X users from using this. Make a normal user and use that instead. The biggest risk then is your user data and thats another story(make backups!).
Just look at this as an example of using basic user account:
http://www.macgeekery.com/tips/security/basic_mac_os_x_security
I think you have to acknoledge that apple is two things separately (hardware manufacturer and software manufacturer) but also together in a shared symbiosis. As a longtime pc and linux user the things I like about apple are two things, premium hardware(even for linux/windows) and the os X operating system. Os X has loong been the only unix desktop os that you can buy with hardware and even comes preinstalled. This has been changing lately(even Michael Dell said that they would like to build os X hardware when apple was transitioning to intel camp) is not true anymore but has been for years, it took really long untill linux was supported by any pc manufacturers. Its also intressting to look at software for the platforms win/osx/bsd/linux. Even just other bsds and darwin (mac osx). Os X has a lot of comercial software adobe CS3(photoshop etc.), MS office 2008, as well as all bsd/gnu-license software that you can think of. This considered the other bsds: have just their own software with few comersial ones.
The hardware is much better whatever operating system it runs. I think its one of the better linux machines as well. The operating system is absolutely great. I like the opensource community for software and install all the programs that i like from linux/bsd tree, apt and ports to mention a few. Of course if you are a gamer then macs arent that good but Wii/xb360/PS3 does that much better anyway ithink
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
