and this is why I've switched to Firefox (actually I switched when they announced they were gimping the network APIs for addons and removing the https indicator from URLs, this is just yet another nail in the coffin.
88 posts • joined 4 May 2010
Just because you have a group that handles security doesn't mean you'll never have security issues in live code. Bugs happen, no matter how careful you are.
Also I just checked and first statement is also true -- https://blog.documentfoundation.org/blog/2018/07/25/how-libreoffices-quality-has-improved-thanks-to-automated-tools-and-the-volunteer-contribution-of-security-specialists/
“The combination of Coverity Scan, Google OSS-Fuzz and dedicated fuzzing by security specialists at Forcepoint has allowed us to catch bugs – which could have turned into security issues – before a release,” says Red Hat’s Caolán McNamara, a senior developer and the leader of the security team at LibreOffice.
DRAM, that's cold: Overclockers squeeze out extra Micron DDR4 performance with liquid nitrogen system
Guess who's addicted to GitHub, busy on Slack, stuck in 2015? No, not another hipster: It's the Slub backdoor malware
It's interesting that such a professional and targeted attack would use such old exploits to infect its victims. That it was successful at all is yet another sad reminder of how piss-poor non-technical user's patching processes are.
I hate the way Windows 10 forcibly updates itself but in the grand scheme of things it's probably doing more good than harm if attacks like these can succeed due to lack of patching.
Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints
Wanted – have you seen this MAC address: f8:e0:79:af:57:eb? German cops appeal for logs in bomb probe
Re: Technical Details
As per the article the blackmailer doesn't appear to have been using a randomised MAC address.
Also everybody suggesting that they should just destroy/dispose of the device with said MAC address is probably missing a trick also. The police aren't just looking for someone whose device has that MAC address they want logs indicating when and where the device with that MAC address has been.
With both date and location they can then look through existing CCTV footage in those areas and apply a process of elimination to whittle down the list of people who are present in all/most of the CCTV footage. The blackmailer is likely to be in most if not all of them but random people who happened to be in the area at the time are less likely to appear in all the footage.
There's a lot of moralising going on in this article as though the attacker in question specifically singled this site out knowing full-well it was a charity for seriously ill children when in reality it's likely the entire thing was largely automated. The only thing they'd really care about is that it's vulnerable and it has high traffic.
This is quite literally one of those 'think of the children' type articles you normally make fun of. Quite disappointing really.
The real news of course is the stuff the adults did. The 11-year-olds hacking websites set up as replicas really doesn't show anything beyond kids can hack poorly secured web servers. It's not actually got anything to do with the voting results because they're just replicas no doubt with intentional not very hard to exploit bugs.
Paying for a license is optional
The only TV I own is an old fashioned CRT monitor that can't receive live TV without at least a freeview box that I use to play retro console games (bought it mainly so I could use the old light guns)
I don't watch live TV of any kind and especially not the BBC and I never will. Those who find the content worth watching can of course pay the license whilst grumbling about it. I chose to vote with my wallet.
At the last place I worked a colleague and I used to play pranks on each other. One night after everyone had gone home I unplugged his keyboard and mouse from the back of his Mac (dirty front-end developer) and the same to his nearest co-worker, then plugged his into his co-workers Mac and his co-workers into his Mac. I wasn't in the next day but apparently it took them about half an hour before they figured out what had happened.
I'm confused by your comment.
Firstly, your calculation looks wrong to me it should be (248/260) * (247/259) which comes out to 0.909652 which rounded to two decimal places is indeed 0.91
Lastly, when I read the author saying it was 0.91 with greater precision I naturally assumed he meant with all calculations up to that point using greater precision. I don't know how else you could read it since he obviously isn't adding extra precision to the result of 0.95 * 0.95.
Sounds interesting, I can definitely see a use for this to track rogue employees and the like. Though on the downside, I suppose, it could make life difficult for whistle blowers too.
In terms of unsecured S3 buckets being breached though, I'm not so sure. Putting aside the fact that companies that tend to have S3 leaks aren't the kind of companies that would make use of this, it does kinda feel like an automated tool for closing the stable door after the horse has bolted.
Re: Call me petty but...
Your analogy falls down in a few places:
1) Toshiba aren't trying to kick WDC out of the JV. They'd just have new 'house-mates'
2) Toshiba would probably have been fairly happy to sell to WDC if WDC could afford to pay a fair price but as has been reported on a few occasions now, they're too leveraged to make a decent bid
3) Not related to WDC/Toshiba but I have a friend whose dad is forcing their mother to sell the house so apparently that's perfectly legal.
The bar has been raised again
It's cool that they've added decent support for taking advantage of the GPU oriented instances in AWS. That said AWS have just announced that they're going to provide instances with dedicated Xilinx FPGAs connected to them (https://aws.amazon.com/about-aws/whats-new/2017/04/amazon-ec2-f1-instances-customizable-fpgas-for-hardware-acceleration-are-now-generally-available/).
I know before it went to ASICs people used to mine bitcoin using FPGAs so I'd say it's a fair bet you could get some pretty serious hashes/sec out of that for password cracking. Not sure it'd work well against things like bcrypt but would probably be great against SHA-X.