It's only metadata we're interested in, not content
25 posts • joined 5 Apr 2012
Snaps include their own dependencies, a bit like a statically compiled binary.
To push them as a solution for software vulnerabilities is perverse. If a hole is found in an old-style unix library, it alone can be patched and all its traditional, dynamically-linked, dependencies are automatically protected (you may need a reboot). With snaps, you need every single snap that uses it to be updated.
Presumably a bug along the lines of
How could that even work? If a bug in Windows can decrypt the disk without the user's password, then obviously some malicious code or recovery tool could do the same thing.
Isn't this - backdooring Xcode - exactly what the CIA were planning?
Not trying to downplay the severity of this, but is it actually a C-style memory-corruption buffer overflow?
The patch to fix it just adds a maxLength to an XML file describing a screen layout. Maybe the lock screen just runs out of memory and is killed. There are plenty of badly written webapps that would crash if you put too long a string into an input field, but you're not exploiting a buffer overflow by doing that.
Input sanitization can only ever be a defence-in-depth measure. It cannot protect 100% against injection attacks (though you should sanitize anyway.)
The correct approach is to escape your outputs when mixing text into markup/SQL/whatever.
I think the old setting of click-to-play was the best.
Now if you're a developer you have to figure out whether chrome is going to relegate your flash to 'inessential'. This is the kind of thing Microsoft used to do with IE. 'Enhance' the user experience at the expense of standards.
"The other restrictions that had already been identified by Qualys ... are, Cisco says, quite unlikely in any real-world application."
Yeah I'm sure a hacker wouldn't dream of making up a hostname that fit those restrictions.
Reminds me of the time I was re-educating a developer on SQL injection, and asked him what would happen if there was a quote in a user-supplier input:
"Chances are less"
... sigh ...
That's why I have one of these
Here's one with a 3200x1800 13" display for around £650, depending on how you configure it. https://www.pcspecialist.co.uk/notebooks/optimusV-13/
A marked change in the tone of your coverage over the last few days.
Well done, I say.
It's their signing key that was used, according to the linked Comodo blog post.
...was lost a long time ago. Not to say antivirus is useless, it'll prevent maybe 50% of rootkit infections - but there are advanced nasties out there, and most of them don't play random audio, so you're never going to know you've been compromised.
Prevention is better than cure these days - run noscript, don't open email attachments, reimage regularly etc.
Windows 7 will be supported well beyond 2015, if you are happy to update to SP1. Similarly, XP support only ended in 2009 if you ignore SP3.
Unicode is a good standard and it was written by clever guys. There's nothing wrong with Unicode's approach of mapping each character to a code point, and adding an intermediate step requiring encoding it into bytes. Far better than the ugly mess of codepages that preceded Unicode.
UTF-8 is part of Unicode and it's a damn good encoding.
Although I haven't worn a digital watch for 20 years, I still have the muscle memory for how to switch off the hourly chime on a Casio.
Tim Worstall wouldn't be happy with this article. Mobile operators will charge high prices based on market demand, not based on what they paid for the auction. Failing to auction the licence is basically putting money in the pockets of the shareholders of the mobile operators.
If a single attack works against iPhone 4, 4S and 5 (for example - I'm not trying to single out Apple), then that's 30% of mobile users already. So it's actually quite dangerous.
The nearest equivalent is that ancient relic the PO Box - which is expensive and bureaucratic (min 6 months signup!).
"MD5, a cryptographic hash function that's known to be insecure."
MD5's insecurities are nothing to do with its unsuitability for storing passwords; it's failing to salt the password (and to iterate the hash function to slow it down) that's the problem. And the quoted guy is a 'security researcher'?
You need to change your SECURITY QUESTION, if that's what the hackers have. Bad luck if you used the same one on multiple sites.
The problem in Australia is politics - it's ten times worse than in the UK. 'Normal' water consumption (domestic, industry etc.) is dwarfed by consumption by farmers. There is no need for the dry south east of Australia to be growing that much food, when it could be grown and imported from the wetter north.
And of course, politicians there prevent the price of water from varying enough to put the farmers out of business, which it blatantly would if domestic users were allowed to compete in a free market for it.
0800 numbers are a ridiculous hangover from when people cared about the cost of landline calls - surely most people must be on an unlimited-landline-calls package by now. My £15/month mobile plan provides it all the time AND my basic Talk Talk package includes it on evenings and weekends.
Companies, PLEASE just give us an 03 or geographic number and forget about freephone!
Biting the hand that feeds IT © 1998–2017