* Posts by Sitaram Chamarty

84 posts • joined 30 Aug 2008

Page:

Don't worry about those 40 Linux USB security holes. That's not a typo

Sitaram Chamarty
FAIL

Re: Wasn't that the primadonna maintainer project

the "IoT crapware DDoSes" (if you're talking about Mirai) were due to default passwords. Not much Linus can do about that -- it's on the vendor and/or the customer.

13
1

Official: Perl the most hated programming language, say devs

Sitaram Chamarty

the example code in the article...

...is a perfect example of how Perl is *unjustly* vilified.

All the line noise in that example is due to regular expressions -- a distinct sub-language that is nevertheless supported (though usually very badly and/or reluctantly) by all other languages.

Since perl supports regexes as first class citizens, it gets a bad rap because of how regexes look.

As for the $, @, {}, etc -- I've never understood this angst about perl's syntax. You expect a mathematician to use special symbols to mean special things to them. Heck, an electrician has to learn almost as much special stuff to get a license to wire your home (India excepted, heh!). Yet people think perl's using the character set a little more than other languages (which mostly stick to a-z for syntax) is a problem.

3
0

Twitter: Why we silenced Rose McGowan after she slammed alleged sex pest Harvey Weinstein

Sitaram Chamarty

Re: I think Linehan has it right

wow; I did not know this. Just deleted the dilbert feed from my RSS reader. I absolutely love Dilbert but not at this price -- supporting someone (however indirectly and ineffectually) who supports the "racist toddler".

18
13

Did ROPEMAKER just unravel email security? Nah, it's likely a feature

Sitaram Chamarty
FAIL

block HTML or block remote access

I switched back to mutt about 2 years ago but I just checked Thunderbird and it has a "block remote content" setting, which was even enabled by default. The help text leads to a link that explicitly mentions CSS also, so I'm pretty sure this attack won't work on a default installation of TB.

As for webmail, I had to laugh at the claim that this attack will "fool even the most security savvy users". Sorry, but I find it hard to apply the phrase "security savvy" to people who use webmail directly on a browser (i.e., instead of via IMAP/POP3 on a proper mail client).

And if you're using an email service that does not allow IMAP or at least POP3, you should switch as soon as possible.

6
0

Indian telco Reliance Jio denies claims of 100m record data breach

Sitaram Chamarty

Re: biometrics target?

update: sample size upped to 2, got confirmation from the other one also!

5
0
Sitaram Chamarty
Big Brother

biometrics target?

Disclaimer 1: I am a strong opponent of Aadhaar (UIDAI) and I see Aadhaar issues everywhere so this may be some sort of bias on my part.

I know two people who took a Reliance Jio sim. Both were issued on the basis of India's new "papers please" card. In one case, the person was asked to submit his fingerprint to verify. (The other I could not reach in time to write this comment).

Disclaimer 2: As you can see, the sample size is ONE. Caveat reader!

That said, I strongly suspect that whoever snarfed the data (possibly our 'friendly" neighbour to the north) was after the fingerprint details, because everything else is already easy to obtain from other channels.

If the bank accounts (now forced to be linked to Aadhaar by our "papers please" government) of any of these people start seeing "action", we'll know for sure.

(The only defense Reliance will have if this happens is "there are so many other places people could have got these details". Sadly, that is also true!)

5
0

Create a user called '0day', get bonus root privs – thanks, Systemd!

Sitaram Chamarty
FAIL

invalid user? then ABORT, you moron!

Subject line says it all.

I can imagine disagreement between the OS and systemd about what a valid user is -- can happen, though it should not.

But I can't imagine *continuing to run* when you find an invalid user!

58
0

Ta-ta, security: Bungling Tata devs leaked banks' code on public GitHub repo, says IT bloke

Sitaram Chamarty

apparently not even auxiliary data

Disclaimer: I am a TCS employee.

It appears that the filenames were more like the names of the customers the presentations were made for, rather than *data* pertaining to the customers themselves. I therefore suspect a lot of the content may have been the same (i.e., present to customer A, modify slightly, rename, present to customer B).

It's still a pretty stupid thing to do, but thank God it wasn't stupidER, I guess!

Unfortunately, I was one of the people shouting from the rooftops (a few years ago) that we need unfettered github access, so I'm getting a wee bit of -- good-natured, don't worry! -- ribbing for this!

But then, I couldn't do without this access. I estimate that a good percentage of the commits for gitolite are made at work and I push them from my work laptop, simply due to how I divide my time.

Sitaram

PS: gitolite is a fairly popular access control system for git that is used by Fedora, kernel.org, Gentoo, and several other open source projects, and probably thousands of others

And yes, I intentionally mentioned it, in a shameless and blatant attempt to suggest that if you've heard of it, or even better, used it, then *you* at least won't generalise about TCS :-)

7
1

India makes biometrics mandatory for all e-gov projects

Sitaram Chamarty

Re: Catastrophic failure

It will fail, sooner or later. People (including myself) thought faking iris was going to be hard, would require consent, etc. Turns out... nope! I'm sure you saw the articles yesterday or the day before about CCC cracking Samsung 8's iris recog.

Biometrics is an arms race. I find it funny that people worry about quantum safe asymmetric crypto, which is much much further away than a biometrics fail, but maybe that's just my opinion.

Speaking as an Indian, I am worried sick about these things, especially if they ever start force-linking it to bank accounts. There **WILL** be massive theft of lots of money from lots of people.

I only hope they hit the really rich people, and not us poor bastards.

2
0

135 MEELLION Indian government payment card details leaked

Sitaram Chamarty

Re: Indian IT at it's finest

Why is it not an option? I am **pissed as hell** that the Indian government now wants to make Aadhaar mandatory even for paying taxes, which effectively means it's mandatory period. (The original idea was that it was mandatory only if you needed government benefits -- subsidised stuff for instance).

As a protest, I have now stopped using my credit card for anything less than 2000 rupees (an arbitrary limit I set; could vary depending on circumstances but that's the general idea).

Yes, ATMs have been (slyly, without any announcement or explanation, by the way) mostly dry for months now, but I go to my bank and get cash once in a couple of weeks or once in a month, and that works out fine. So far.

Am I at risk of being mugged or robbed, since this is cash? Maybe. I don't use public transport so I should be mostly OK. Does this form of protest actually register? Surely not -- its not as if Modi is worrying himself at night thinking "OMG, Sitaram is going against my cash-less dream". Is it any use then? Yes -- my own psychological satisfaction, plus the opportunity to talk about Aadhaar and explain its problems to everyone who asks me "why are you carrying so much cash".

I was a solid supporter of his anti-black money initiative last November, but Aadhaar is where I draw the line; I am now an ardent Modi- and Jaitley- hater.

But don't read too much into that -- Aadhaar was created by the corrupt crooks who are currently in opposition -- the Congress (spelled c-o-r-r-u-p-t-i-o-n) party. So, unless the Supreme Court does the right thing, all Indians are royally screwed in terms of their biometrics and other data being essentially public. Forever.

0
0
Sitaram Chamarty

Re: Indian IT at it's finest

Probably not, actually. The projects cited are all government projects, AFAICT. Sad to say, government employment does not attract good people.

That said, "privacy and security" are still "unknowns" for most developers.

0
0

1.37bn records from somewhere to leak on Monday

Sitaram Chamarty

Re: why would you believe a government "statement"

Governments have very little shame; the fear of ridicule is often an "individual" thing, not a collective thing.

Also, looking at the statement linked in the article, except a couple of points, the rest seem to be hinging on *regulatory* protections, (as opposed to, say, *technical* protections). This is akin to saying "murder is a crime". Sure it is, but it still happens, and it's not always caught either.

11
0
Sitaram Chamarty
FAIL

why would you believe a government "statement"

it could well be Aadhaar. In fact I hope it is -- better it happens now, when it has not yet taken root in all sorts of unrelated life (seriously, they want to make it mandatory for even buying TRAIN tickets online!) than a few years later, when the damage would be much much worse.

And the sooner the morons in charge realise this is a bloody landmine (or gold mine, depending on how you look at it), the better.

The security crowd has been screaming about "identification, not authentication" (or the less accurate but more understandable "biometrics are a userid, not a password") but no one has been listening.

Now they have (or will shortly have) an app that can draw money from your bank account with just that one factor -- a finger swipe. I'm advising friends and relations who have an Aadhaar linked bank account to keep only a minimum of money there, and put the rest in a completely different account -- preferably in a different bank -- without Aadhaar linkage. The sad part is that the lowest strata just don't have enough money to do this kind of thing, and they're the most at risk from a mass biometrics leak and misuse.

(Oh and I've also been told that the biometrics are safe and can't be faked; words like "liveness testing" have been bandied about. To which my response is "that's today's tech. It's an arms race and tomorrow the scene may be quite different, someone may figure out how to beat it".)

26
0

Google Chrome 56's crypto tweak 'borked thousands of computers' using Blue Coat security

Sitaram Chamarty
WTF?

can anyone explain...

...how a *browser* update causes problems for the login screen?

Has Chrome become as essential to the working of an OS as MS used to claim IE was in the old days?

(This is a genuine question by the way; I'm not being snarky or something)

8
0

Balancing miners borks blockchains, say boffins

Sitaram Chamarty
FAIL

stopped reading at first line of abstract

this is against POW systems only.

I am yet to see any "enterprise" or "banking/financial" blockchains proposing to use POW.

As such, the first line of the El Reg article, ("The financial sector's enthusiasm for blockchain technology might be misplaced, according to a pair of Australian distributed computing experts") is total bollocks.

Blockchain has value. POW does not. And I probably will never understand why academics continue to focus on POW when industry does not (AFAICT) care.

1
1

Let's Encrypt in trademark drama

Sitaram Chamarty

Re: Comodo CEO (2011, same one now??) hilariously slammed in Moxie Marlinspike's talk

What planet do you live in?

"media pundit"? "[not a] real security professional"?

Moxie (and Trevor Perrin)'s Signal protocol is pretty much the only one that has been *proven* to be secure (at the protocol level at least). And that is the most recent one I can remember; I think even the cert pinning RFC was from them but I am not sure. Regardless, he *does* know his shit, and some anonymous coward saying it ain't so ain't gonna make it not be true.

0
0
Sitaram Chamarty
FAIL

Comodo CEO (2011, same one now??) hilariously slammed in Moxie Marlinspike's talk

https://www.youtube.com/watch?v=Z7Wl2FW2TcA

watch especially 05:19 to 06:52, then 07:45 to 11:30

heck watch the whole thing; Moxie is a very clear, articulate, speaker with a great sense of humour *and* knows his shit

9
1

Surveillance camera compromised in 98 seconds

Sitaram Chamarty

Re: disable UPNP and allow the mobile app to do everything

> And this is going to mitigate the problem, exactly how?

No direct connection from arbitrary external IPs to the weak device. The manufacturers leave upnp open because they want to talk directly to the device. Block that, because the app on the mobile (while in the same wifi network) should be able to proxy that traffic.

This also means you cannot control your home thermostat from your office, though. There's no easy way to allow that while disallowing attacks, unless you get into some kind of authentication dialog. With the *device*.

>> I'm pretty sure this is the most practical, scalable, solution for this.

> Oh, yes. Sure. If you say so.

a bit of uncalled-for hubris there I admit; mea culpa :-) Milord, I'd like that last comment of mine stricken from the record!

At least for the attacks we're seeing that caused krebsonsecurity.com and Dyn DDOS, disallowing external connections would have certainly stopped them cold.

0
0
Sitaram Chamarty

disable UPNP and allow the mobile app to do everything

the biggest failure is UPNP.

They should mandate disabling that. All communication to the "mothership" should go through a mobile phone which is on the same wifi network. Yes that would essentially be akin to XSS but in a good way.

I'm pretty sure this is the most practical, scalable, solution for this.

1
6

systemd free Linux distro Devuan releases second beta

Sitaram Chamarty
FAIL

You're over-reacting. That was just a figure of speech. How can I tell? The rest of his post is perfectly sensible and reasonable. He even started out obliquely defending systemd. Does not come across as a person who even remotely thinks of that statement as a personal one in any sense.

7
1

Gone in 70 seconds: Holding Enter key can smash through defense

Sitaram Chamarty
Thumb Down

Gone in 10 seconds...

...my good impressions of El Reg as a tech-savvy pub.

This attack does *not* give you anything you could not get by using a USB boot, CD boot, or PXE (network) boot.

The only situation where you *do* get more than that is in "kiosk" type situations (where the CPU/case/disks are locked away but the keyboard/mouse/monitor are accessible).

And even then, the statement "With access to the shell, an attacker could then decrypt Linux machines" is totally wrong.

16
4

Let's Encrypt won its Comodo trademark battle – but now fan tools must rename

Sitaram Chamarty

doesn't make sense

They could have licensed it to the other party. I run a small project called "gitolite" which has just such a licence from the SFC, which owns the "git" trademark. It's free and it's only purpose is to protect their trademark.

2
1

Yelp wins fight to remain morally bankrupt

Sitaram Chamarty

what he should have done

is to capture the page before, then pay for the advertisement, capture again, and then sue. That's proof that this is a racket if the bad review goes away when you pay.

A lot more tangible, IMO.

6
0

Dropbox apologies for clunky administrator account access on Macs

Sitaram Chamarty

Condoleezza Rice

I have been boycotting Dropbox since they took on Condoleezza (sp?) Rice as a board member. Since I never had a dropbox account, for me,"boycott" means refusing document links that others send me that they want to share.

Of course I don't use Apple either so this specific issue doesn't bother me.

On another note, I'm curious what other apps do stuff like this; i.e., this one was found, how many more are hiding?

4
0

Speaking in Tech: Nope, sorry waiter. I won't pay with that card reader

Sitaram Chamarty

it's not the people...

I stopped listening because they concentrate so much on the storage industry, which is something I have zero interest in (not being an "enterprise" IT guy I suppose). Almost none of the companies they speak of are well known outside data center and similar operations folks.

On the plus side they give a decent breakdown of each episode with MM:SS timings so I do sometimes download and listen to segments.

On the minus side, I loved Sarah Vela's sense of humour, I loved her voice and I especially loved her laugh (like when she leg-pulled her cohorts), and she's now left the show. Sad...

2
0

Australian Banks ask permission to form anti-Apple cartel

Sitaram Chamarty

Re: Life's hard choices

Speaking for myself, I don't see anything wrong with millions of Apple users waking up to a zero bank balance... they're used to Apple robbing them blind anyway so this can only be a minor incremental pain.

2
2

Florida U boffins think they've defeated all ransomware

Sitaram Chamarty

my backup strategy

(I know you didn't ask me, but still...)

I have a simple strategy that consists of actually reviewing the files that my incremental backup program reports as having changed. (The backup program itself is "borgbackup" -- awesome stuff; look it up. Unix only though).

A modification of this could be to keep a trend of number of files in each top level directory that are changed per day, and if something unusual happens, alert someone.

An even simpler way that often works (for single desktops) is to count how many files changed today, and alert if it is at least 1.5X larger than the maximum number of files changed in the last N days (adjust N to taste). The alert should list the actual files that were changed so someone can quickly determine if there was a problem or "oh yeah those files, we know what all those changes are".

The assumption is that the malware (if any) has not borked my borgbackup software to produce false reports of what it is seeing. I suppose in theory that could happen with a more popular backup tool so YMMV.

3
0

Lenovo scrambling to get a fix for BIOS vuln

Sitaram Chamarty

Re: it's a backdoor, not a bug

I think he meant "as opposed to Lenovo installing it themselves". Probably referring to the so-called "free" apps that come with a laptop which caused some consternation recently (if something affects only Windows, I tend to not remember details).

8
0

North Korea hacks 140k computers in planned mass attacks on Seoul

Sitaram Chamarty

isn't south korea the place where...

you MUST use windows, and a government proprietary activex control, in order to do any online banking etc.? (I'm sure I heard something like that a few years ago, maybe someone can correct me).

0
0

Firefox 42 ... answer to the ultimate question of life, security bugs and fully private browsing?

Sitaram Chamarty

Stopped using FF for all but one or two fussy sites after the Pocket nonsense got in.

Qupzilla -- yeah I know, what a name! -- works great. It also has some serendipitous extras for me. For example, if I have many tabs from the same site, and I want to enable JS on one of them, in FF+NoScript, this touches ALL the tabs and they all start reloading. In Qupzilla it's only that tab.

Now if it could only do that for cookies also, that would be grrrreat!

1
0

Fedora 21: Linux fans will LOVE it - after the install woes

Sitaram Chamarty

lost me at "G" in Gnome.

I hate that POS. I especially hate their attitude to users, and the fact that you can never actually get used to something nice because they're likely to simply take it away next time.

0
1

Watch out, MARTIANS: 1.3 tonne INDIAN ROBOT is on its way

Sitaram Chamarty
FAIL

Re: Spending

as soon as you lot apologise for Gen Dwyer's https://en.wikipedia.org/wiki/Jallianwala_Bagh_massacre

Don't bring up such old stuff. It was very one-sided in many ways.

9
3

'Thousands of iPhone, iPad apps' vulnerable to simple redirect joyriders

Sitaram Chamarty

@Heyrick, @Happy Ranter, @AC "What am I missing"

AC: your question is "Surely if you can inject a 301 in the response, you can manipulate the rest of the response anyway?"

Sure, but a 301 makes it permanent. Your MITM may be temporary, but you are making a permanent change to the app now.

(heyrick: same...)

Happy Ranter: regardless of what their motivations are, the fact is that an *app* (as opposed to a real browser, even on a mobile device) does not have a URL bar, so the minimum protection we normally have when we get a 301 -- the fact that we can *see* the new URL in the bar -- does not exist here.

That is the issue, I think.

1
0

Schmidt preaches 'deep integration' desire with Facebook, Twitter

Sitaram Chamarty
Childcatcher

@Justin: I'm sure there are lots like me...

...who have refused to touch facebook (and in my case have even forbidden my daughter from having an FB account) because of the "everyone in one bucket" problem.

We don't have to be doing anything bad/criminal/shameful/naughty to want to segregate our social networks. Compromises like "don't invite your mum" or "don't invite colleagues as friends" are signs that you're letting a technology FAIL drive your social network. And making excuses for the failed tech too.

So much for the value you place on this medium I suppose.

(Oh and I have been told that FB does have such a feature but it is such a badly done, hard to use, bolt-on that it may as well not be there. Clearly if an FB fanboi like you did not mention "we have it too" it must be well hidden indeed so whoever told me this was correct!)

I have helped people (on request) to set privacy settings properly on FB and have come away appalled. Last such experience was about 6 months ago.

I now have sent a G+ invite to my daughter (yes the same one who can't have an FB account!), because I looked at the settings and they make sense. She will still have to exercise caution in what she says to whom but that's life. I'll watch what she does for a few weeks but by and large I'm OK with this.

Yes I'll still watch Google's policies closely but I doubt they'll ever do the amazing amount of facepalm statements and actions that Zuckerburg/FB managed to do over the last few months/years. Nor will they, after the Buzz debacle, take this issue lightly either...

0
0

Ruskie gang hijacks Microsoft network to push penis pills

Sitaram Chamarty
Paris Hilton

mind in the gutter

Domain Internet Groper? Are you sure that's what "dig" stands for?

0
0

Monty appeals Oracle's Sun merger

Sitaram Chamarty
FAIL

copyright assignment

your redhat comparision fails -- you realised it fails but you did not explain why.

Two words. Copyright assignment.

It's not the decision to sell that caused all this. It's the decision to have mandatory copyright assignment. Which allowed them to change the *client* libraries from LGPL to GPL for instance.

Tell me how that helps FOSS in any way, forcing the MySQL client libraries to be GPL? That was pure greed.

Now it's biting them, and they're running around crying about it...

0
0

Trojan armed with hardware-based anti-piracy control

Sitaram Chamarty
Happy

malware see, malware do

this post just about made my day/week/month.

I've always considered Windows to be the biggest piece of malware floating around, and MS to be of questionable legality in various aspects (and not just the anti-trust stuff), so it's nice to know they're inspiring "the next generation" so to speak...

1
0

Cheeky French hackers hijack Tata website

Sitaram Chamarty
FAIL

"fix had not taken"

just run "dig +trace www.tcs.com"

If you're piggy-backing on someone else's DNS, like your ISP or openDNS or the chocolate factory, and you get a different answer than 216.15.200.140, you know what to do.

But actually, if you aren't running your own DNS, and didn't flush your caches as soon as you heard this, you shouldn't even be commenting on the issue.

"still see the bad page" ==> **reporting** on the issue

"fix had not taken" ==> **commenting** on the issue

[Same disclaimer applies as in previous comment]

0
0
Sitaram Chamarty
Stop

tcs.com was NOT hacked....

please guys, I expected better from you lot...

[Disclaimer: I'm an employee of TCS, though naturally I'm posting this in my personal capacity]

tcs.com was NOT hacked yesterday. What did happen was that the DNS records that supply the IP were reset to some other IP.

Whether that was done by actually hacking netsol or by social engineering a valid change request I do not know.

I know the site was fine because going through the internal DNS got me the correct IP address and the correct content.

I believe the problem started sometime before 1am IST [this is a wild guess, from other symptoms; don't ask, heh heh!], and was resolved around noon or so [this guess is more accurate because I was semi-actively monitoring it].

In both instances, it would have taken a few hours for the bad data to expire from DNS caches. Depending on who your DNS provider is, you may have seen it "come back" at different times. If you were running your own DNS, you could have purged your DNS cache manually and would know more accurately when it came back.

At this point in time I am still receiving reports of other DNS servers still showing the bad data. Just tell them to purge their DNS caches if you know them, or switch to openDNS. They've got the right stuff, and have had it a lot longer than the chocolate factory's DNS :)

1
0

Monty's 'Save MySQL' mudsling gets 15,000 backers

Sitaram Chamarty
FAIL

what amazes me...

...is how many sheeple there must be if he got 15,000 petitions.

Anyone who thinks for 2 seconds can see this guy's cries of "oh no the sky is about to fall on our open source heads" are all bull. A few more seconds and you can even guess why he's doing it (hint: if you force Oracle to sell it, who would buy?)

There *may* be damage from Oracle, but it will only be to commercial licensees. Not to open source.

0
0

US feds squeeze bloggers for posting TSA orders

Sitaram Chamarty
FAIL

why do we need a leak?

can't we just figure out the new rules from the details of the incident prompting them? I mean, surely no one still believes the TSA actually *thinks* before making rules do they?

I'm just waiting for the first guy to put both components of the bomb in his underwear, or two guys with one part each, and they combine them on board. TSA will have to ask everyone to take off their underwear.

Bruce Schneier, as usual, puts it very well. http://www.schneier.com/blog/archives/2009/12/me_and_the_chri.html says: I've started to call the bizarre new TSA rules "magical thinking": if we somehow protect against the specific tactic of the previous terrorist, we make ourselves safe from the next terrorist.

Listen up folks: the only reason more terrorism isn't happening is that the **bleeding terrorists are even MORE stupid than the TSA**!

3
0

Microsoft urges Flash makers to pay fat dollar for exFAT format

Sitaram Chamarty
Unhappy

"under the table"

...is the expression used in India for the kind of deal that I *very* srongly suspect has happened here.

The sdcard association has *standardised* on this format for their future cards: http://www.sdcard.org/developers/tech/sdxc. A format that they *know* requires money to be paid even by a consumer (since the terms prohibit a FOSS system from using it). In a day and age when awareness of FOSS has never been higher, so don't tell me they didn't realise this.

I refuse to believe this has happened without MS bribing people at sdcard.org. Either that, or gross incompetence/negligence at sdcard. No other explanation.

Sitaram

2
0

Former FBI agent slams defence tactics in McKinnon case

Sitaram Chamarty
Flame

I wonder how many...

... of their computers are currently getting hacked by people more competent and less reachable/vulnerable than Gary McKinnon?

It seem unlikely that they've spent any time fixing the *real* problem, nor the people who caused it, from the effort they're making to "shoot the messenger". Which is what this is, if you come right down to it.

0
0

Micron's new flash dies live longer

Sitaram Chamarty

"dies" "live longer"

nice pun, if intentional... :)

0
0

Thousands of sites loaded with potent malware cocktail

Sitaram Chamarty
Flame

ftp vulns can be fixed...

I've long maintained that any admin who uses (or requires the use of) normal ftp for authenticated access of any kind should be taken out and shot [*]

In the two cases of gumblar infection I have seen so far, the infected party's hosting provider had given them plain ftp access to their space.

Sitaram

[*] ok I was half joking there... you dont have to take him out

0
0

Security boss calls for end to net anonymity

Sitaram Chamarty
Flame

only way to hide his and his ilk's failure I guess

I seem to recall hearing, over the years, about lots of spyware and rootkits that were undetectable by most AV, including this bozos self-named product. They leeched off the insecurity of Windows for as many years as they could, never once pointing out or attempting to help come up with any real, long term, cure for all of Windows' security ills. Naturally.

Now MS has gotten into that game (took 'em long enough...) these leeches stand to lose most of their blood supply, so they come up with bone-headed schemes like this.

Yes, I know someone said the original article is more of a "what if". So here's mine: what if we banned the use of Windows to access the internet? Seems to me a lot easier to do, and no downsides either.

Killing off leeches like this would be just a bonus, not the main focus...

0
0

Trojan plunders $480k from online bank account

Sitaram Chamarty
FAIL

it *is* windows...

windows was (re-(re-))built from the ground up as a multi-user addon to an inherently single user system. A Linux desktop is going the other way, so there's a lot of security already in there in terms of separation.

@David W ("No need for a trojan if you've got root...") -- clicking on an attachment does not execute anything, and even if desktops become like that (some are, sadly) they won't execute as root.

@Charles9 ("malware that slips through even NoScript") -- can you show me an example of anything that slips through NoScript? I haven't seen one yet

0
0

T-Mobile takes on patsy role in Microsoft Sidekick fallout

Sitaram Chamarty
Gates Horns

I've stopped wishing MS any ill...

I've stopped wishing MS any ill.

I have now transferred all my ill will to organisations who make deals with MS. There's far more opportunities to gloat that way.

Serve t-mobile right.

0
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017