techworld.com · Domains · Slashdot Mirror

Re:Harvest it all, figure out what it's good for l by Geoffrey.landis · 2017-09-19 05:38 · Score: 1 · on Why You Shouldn't Use Texts For Two-Factor Authentication (theverge.com)

It is just an excuse to harvest your phonenumber.

For what purpose?

To sell it to Rachel from Cardholder Services, I expect.

What organizations have 2FA that might do this? I'm not saying there aren't any, but I can't think of any.

I don't know where Rachel from Cardholder Services got my cell phone number, but she certainly got it from somewhere.

Basically, what you posted in this thread can be summarized "oh, just trust them with the information, they won't misuse it. And anyway, I can't think of how I would misuse it, so obviously some corporation couldn't think of a way either."

...All information about a consumer is also a liability. Lots of organizations haven't figured this out yet,

Right the first time: Lots of organizations haven't figured this out yet.

but I think pretty much all of them savvy enough to be implementing 2FA understand it.

The historical record does not back you up on this.

https://www.comparitech.com/blog/information-security/biggest-data-breaches-in-history/

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

https://www.csoonline.com/article/2130877/data-breach/the-16-biggest-data-breaches-of-the-21st-century.htm

https://www.techworld.com/security/uks-most-infamous-data-breaches-3604586/

List of secure browsers and plug-in by myid · 2017-08-24 23:06 · Score: 1 · on Ask Slashdot: How Much of Your Online Browsing Can Advertisers See?

This article has brief descriptions of six secure browsers and a secure plug-in. The article is pretty recent (August 1, 2007). The browsers and plug-in are
Epic Privacy Browser
Comodo Dragon/Ice Dragon
Brave
Tor
Dooble
HTTPS Everywhere (plug-in)
Yandex Browser

Re: most vulnerabilities != most vulnerable by cyber-vandal · 2017-01-04 10:19 · Score: 1 · on Android Was 2016's Most Vulnerable Product, Oracle the (bleepingcomputer.com)

How many of these have been fixed via Play or otherwise for all Android versions still in use? http://www.techworld.com/secur...

Re:Maybe folks have re-evaluated "value" by jon3k · 2016-12-31 03:05 · Score: 1 · on Apple To Cut iPhone Production By 10%: Nikkei (nikkei.com)

Four year old iphone runs great, not sure what you're referring to? What wear and tear, you put it in a $10 case and it's as good as the day you bought it four years later.

You get stability, ease of use, timely updates, excellent security,

You can't be serious? What are these $300 android phones with "ease of use" (ie non brain dead skins), "timely updates" that don't take 6 months to make it through the carrier, if ever (at least in the US) and "excellent security" ? you have to be kidding me. FWIW I'm sitting here with an iPhone SE and an LG Nexus, so I'm far from a fanboy, but let's be honest with ourselves here. My LG is a cheap backup that lets me play with Android. I didn't buy it because it runs great after a couple years or has "excellent security".

WINDOWS 10 ENTERPRISE LTSB by scumfuker · 2016-02-26 07:40 · Score: 1 · on Microsoft Telemetry Collection, Explained (theregister.co.uk)

Doesn't this seem the better option if you're able to get your mitts on it?

No Edge, Store/Apps, Cortana, and telemetry (even the extra bits) all stoppable. Essentially a clean desktop edition of Windows 10 that gets all major bug-fixes and security updates without all the extra cruft for a period of 3-5 years (depending on when they choose to integrate the current branch features and release the next LTSB).

Here's a couple links:

http://blogs.technet.com/b/ukt...
http://www.techworld.com/secur...

Now, I've looked around online and people seem to proclaim the end of the world if you would like to use this as a desktop OS: 'Oh you can disable all of that crap yourself and spend hours gutting and tweaking it to suit your needs. LTSB is meant for ATMs and nuclear subs and you won't get any of the new features, why wouldn't you want them? Blah blah blah'... Frankly in techminded circles that sort of reasoning flabbergasts me, it's spouting off of ideology on no basis of reality. (Though you see the same end-of-the-worlders rear their head when you talk about the pros/cons of disabling UAC.)

If you can legally acquire it, I'm really not seeing the downsides as you get many of the little quality of life updates from Win 8/8.1/10 (task manager, DX12, file copy dialogue) without many of the obnoxious ones (lockscreen ads, Candy Crush, 'helpful suggestions'). Not to mention nothing like the 'fall update fiasco' bulldozing your settings whenever MS pleases by providing and presenting an OS in-place upgrade as a normal Windows update.

Wake up: You've been drinking the pr koolaid by Anonymous Coward · 2015-10-26 08:47 · Score: 0 · on Despite Takedown, the Dridex Botnet Is Running Again (sans.edu)

New Malware Enlists Linux-Based Security Cameras For DDoS Botnet http://slashdot.org/submission...

XOR DDoS botnet launching attacks from compromised Linux machines http://www.net-security.org/se...

New Linux rootkit leverages GPUs for stealth http://www.itworld.com/article...

Unnoticed For Years, Malware Turned Linux Servers Into Spamming Machines http://linux.slashdot.org/stor...

New Linux Rootkit Emerges http://linux.slashdot.org/stor...

Linux servers turned into bots by IPTables http://news.techworld.com/secu...

---

* Want more? "Ask & YE SHALL RECEIVE"... & I've got truckloads of these as "evidences thereof".

APK

P.S.=> Top that off w/ what gaygirlie noted - routers using *NIX in them get suckered too... it's possible, on EVERYTHING - Windows & MS have 1 THING GOING FOR THEM - decades of experience in it vs. other OS'...

E.G. - Witness ANDROID (yes, it's a Linux variant using a Linux core & a STUPID java variant front-end largely), & for years around here the "std. FUD mantra" was "Linux = invulnerable" & Apple tried it too (We don't get viruses), well, time tells ANOTHER story:

You get used more? YOU GET TAKEN ADVANTAGE OF MORE (you now represent sufficient "ROI" to make the code to do it once you get more users)... apk

But google said... by Chrisq · 2015-08-19 20:11 · Score: 1 · on Lightning Wipes Storage Disks At Google Data Center

But google said that that it "....replicates data three times for redundancy. It can afford to be cavalier about hardware failures. So a drive fails. Log it, switch queries on that data to a replica and move on. It's all pretty instant".

Re:I'm not doing that anymore by Anonymous Coward · 2014-11-21 16:07 · Score: 0 · on Ask Slashdot: How To Unblock Email From My Comcast-Hosted Server?

Google doesn't make money processing your emails for marketing information?

Re:https is useless by hairyfeet · 2014-08-15 19:46 · Score: 1 · on Watch a Cat Video, Get Hacked: the Death of Clear-Text

how to write a Linux virus in 5 easy steps using the exact same tricks used to infect Windows. Say that is only hypothetical? How about some real world pwning like kernel.org and its not a fluke by any means. Oh and what happens when the "secure" Linux kernel gets used by a target worth hitting? A million plus infected systems that is what.

Linux "security" is security by obscurity, simple as that. The "many eyes" myth was proven false by Heartbleed which sat there for fricking years without being caught, the ONLY advantage having the source gets you is the ability to keep old versions alive after the devs move on....that's it,that's all. Hell by the time one was to do even a piss poor code audit of even a tenth of a single distro release it would have been abandoned for 5+ NEW releases that your audit wouldn't cover, see how Ubuntu is on track to have 20 mainstream releases in the same support window as Win 7 for example.

Source code isn't magic and considering how many thousands of people work on the code that goes into a single distro sticking a state actor in the mix would be trivial if the state desired it.

The German government thinks the same ... by MoserMichael · 2014-05-21 01:13 · Score: 0 · on China Bans Government Purchases of Windows 8

Now that's because of Trusted Platform Module ; in order to support this DRM feature , each new windows PC has a chip on it that can override part of the OS. Now the German government thinks that this DRM features is also a Troyan horse that allows some agencies unlimited access to the PC ; now the Chinese government thinks the same. Too bad for Microsoft. Also see this article here for more info: http://news.techworld.com/secu...

Re:NoScript by hairyfeet · 2014-01-18 09:13 · Score: 1 · on Ask Slashdot: Are AdBlock's Days Numbered?

Are Linux users? After all they are even more trivial to infect than Windows and Android, so beloved and claimed by the Linux community hit the 1 million infected mark last year, a full 9 years earlier than it took Windows to reach the same number BTW, so are they gonna pay or bugger off? Excuse me "go write a Bash script" would be the more apropos line.

Don't mistake security by obscurity for actual security as they are VERY different. The *BSDs with the constant code audits and insane amount of hoops required to put anything in mainline? That is REAL security, whereas with Linux...well let me put it THIS way, you have over 700 projects in your average distro which 1.- they never talk to each other, 2.- they are each "doing their own thing" without regard to what the others are doing, and 3.- they have ZERO care for anybody's project but their own, so if Torvalds futzes with the kernel and breaks the wireless subsystem? Too bad so sad.

The only reason Linux lasted as long as it did was less than 1% on the desktop. and don't waste your breath trotting out the "Linux runs on servers" TMRepo meme, as servers are stripped to the bone, running an OS that may as well be embedded for how little it has, and are managed by guys that spent many years studying to learn how to run servers securely. you give those same Linux admins a Windows server and they'll be just as secure, you can even have a headless server with only what you require installed thanks to WinServer Core.

So before you throw stones next time you might want to look at the glass house you are living in bud.

Re: Price? by hairyfeet · 2014-01-17 11:22 · Score: 1 · on 95% of ATMs Worldwide Are Still Using Windows XP

Flag on the field, 15 yard penalty for "magical thinking".

Would you too like to know how to write a Linux virus in 5 easy steps icebike? Its trivial and uses the exact. same. methods. that the Windows viruses use, in fact it would be quite trivial to make them cross platform! Oh but "that wouldn't work IRL" you say? Might want to tell that to the owners of all these infected Android systems. BTW please note the date of the second article, last figures I saw now had the number of infected over the million and a half mark but since I couldn't find a reliable source for those figures and didn't want anyone saying I'm picking facts I went with the older article.

Go ahead and try the first article for yourself icebike, you ARE running Linux, correct? It has step by step instructions and works just like the "KDE Look" bug that spread through the KDE community did a couple years ago. When you do and see that they infect the system just fine maybe then you'll accept that Linux security is security by obscurity and realize these companies buy windows FOR A REASON and its because you have one company to call that is in charge of the whole stack. Oh and don't bring up servers, those are stripped to the bone, have nothing running that is not absolutely required AND locked way the hell down. I can do the exact same with Windows embedded and NOT have to rewrite a couple hundred grand to a couple million in code to work on an OS that is unsupported unless I write big checks per unit to Red Hat.

Sorry icebike but no matter how you slice it? Your math don't work. if it did these banks would be happy to switch, think they have ANY loyalty to anybody but their own bottom lines? But just as al the retailers large and small refuse to carry your brand in house because they have found it wanting so too has the financial sector tried your OS and with the exception of a few server roles its been passed on.

Re:It's true -- but only root can read them though by hairyfeet · 2013-12-31 04:21 · Score: 0 · on Linux Distributions Storing Wi-Fi Passwords In Plain Text

Except with it stored unecrypted they don't NEED physical access, they merely need you to follow a few simple instructions and download their "free codec" or similar trick.

Linux fanboys can scream bloody murder and waste modpoints but that won't change reality and reality is its almost never the OS that is the weakest link, its PEBKAC. Hell look at Windows from Vista on up, you have the user running as a user and requiring elevation for anything more than trivial changes (sound familiar?) and it goes even one better than Linux by having the browser by default run with the lowest possible privileges, yet systems STILL get pwned, why? PEBKAC.

Linux users, like the Mac users before them got away with not having to worry about such things thanks to security by obscurity, but just as MacDefender signaled the end of that perk in OSX so too has the million Android infections signaled the end of SBO for Linux. I've seen Linux machines pwned in a week (look up the "KDE Look" bug for just one example) and I've seen Win2K boxes go from RTM to EOL without a single bug because at the end of the day its not the OS, although storing passwords in plain text is just stupid, but ultimately whether a system is secure or not comes down to whether the user has common sense and follows best practices.

Remember folks no matter how hard you work to foolproof a system the world will always come up with a bigger fool.

Re:Dupe Plus Packs Two Articles into Same Subject by hairyfeet · 2013-12-29 17:58 · Score: 0, Troll · on PC Plus Packs Windows and Android Into Same Machine

Sorry, gotta throw a flag, bullshit on the field. if anything Linux (which the community is quick to claim Android as their own) is MORE vulnerable than Windows as Android has reached over a million infections a full decade faster than Windows reached that milestone BTW, and unlike Windows which has several damned good sandboxing antivirus packages, including some really good free ones, Google has made sure that antivirus on android is useless as they have no way to uninstall or even stop a malicious app.

Of course the whole thing just proves what many of us has been saying for years, that Linux is just as easy to infect if not more so than Windows and OSX and that once Linux gained any popularity, so that it was no longer benefiting from security by obscurity that it would pay the price. Oh and before anybody chimes in with the totally pointless tidbit about Linux servers? You see those are actually administered by these things called...wait for it..."server admins" that have had years of education and experience before being let loose on those systems. Linux benefited from security by obscurity in the consumer space because so few actually used it in that arena, Google ended that with android.

So ironically the act that Windows has functional sandboxing antivirus may actually help to keep these android systems from getting infected, instead of the other way around.

baren article by Gravis+Zero · 2013-09-13 21:48 · Score: 5, Informative · on Crooks Arrested Over KVM-Based Bank Heist Attempt

installed KVM as phony IT guy, were arrested and here are their names

this is all the information the article provides. no details of any kind. no picture of the (hopefully stealthy) KVM, how they were caught or anything of any interest at all!

Here's the real scoop:

A man dressed as a "maintenance engineer" (IT guy) claimed to be sent by a some company working for the bank. Then he goes to the bank branch's main server and plugs an external KVM-over-IP box connected to an ethernet to wifi adapter or at least that was the plan. The plan was thwarted at the last minute... no info as to why/how but I'm betting that the server either didn't have a PS/2 port or didn't have VGA output not that it matters without a username and password to login.

A spokesman for Santander insisted that the bogus engineer had not managed to install the device and no customer money was ever at risk.

We are pleased that we have been able, through the robustness of our systems, to prevent the fraud and help the police gather the evidence they needed to make the arrests. Santander operates multiple levels of controls to protect customers' funds and this attack would not have been successful.

Hours after the bogus engineer attempted to fit the device to the computer server, officers from Scotland Yard swooped arresting 12 men on suspicion of conspiracy to steal. As for how they were caught, I think someone just realized there wasn't supposed to be an IT guy there and then the cops got called.

Re:xp still works by hairyfeet · 2013-08-07 22:40 · Score: 5, Funny · on China Has a Massive Windows XP Problem

Uhhh...you wanna explain how a million infected devices is 0.1% Miss AC? because i REALLY want to hear the logic hoops you pull out of your behind to explain the evidence away, i REALLY do.

Like it or not Android, which every Linux advocate has claimed as their own from day one, proves beyond a reasonable doubt what so many of us have said for so long...OSes are some of the most complex code ever written and because man is fallible there IS bugs which WILL be exploited once a target becomes big enough which tada! Is EXACTLY what happened when Linux on mobile went mainstream with Android.

So welcome to the club, the coffee is in the back, ignore the guy rocking in the corner as that is Mac who felt like you he had magic armor and then he got a beatdown from macDefender and Guardian and is still traumatized. I don't know what they did to him but considering he's been like that for awhile and keeps muttering "You shore are purty"? Probably best not to ask.

Re: LibreOffice & Apache OpenOffice merge by hairyfeet · 2013-07-25 12:34 · Score: 0, Troll · on LibreOffice 4.1 Released

You know why you hate TMRepo, which BTW you should be fucking ASHAMED of comparing a JOKE SITE to Stromfront you douchebag, but you know why you hate it? Because like all good jokes its FUNNY BECAUSE ITS TRUE.

I can answer ALL of your arguments with the top 20 TMRepos, you know why? Its the SAME FUCKING EXCUSES the FOSSies have been using for a fricking decade, that's why! How do you think TMRepo came to be? a guy got tired of hearing the same old FOSSie bullshit and decided to just start listing them and tada! TMRepo.

So go back to your circle of loon, go back to pretending that the OEMs haven't all walked away from your broken mess because they got tired of the broken shit which even ESR can't make work while claiming that android is Linux.

Know what the definition of insanity is? Doing the same thing over and over and expecting a different result and that is Linux in a nutshell which is why me and every other B&M retailer and OEM have run away screaming from your mess, why even Dell hides it on a back page and gives you multiple warning before they will even sell it to you and just FYI unlike the Windows versions NO SUPPORT because even they know that shit is gonna break. I mean for the love of God fricking God Windows 8, the most hated windows since MSBob, got more users by its second month than Linux has in its entire history, what more proof do you fucking need that your current bullshit direction ain't working?

BTW know why I can produce so many citations and all you can produce is insults? because just like TMRepo I've heard the same excuses from FOSSies for so damned long i know EXACTLY what to type into a search engine to cut through your lies, but you hang onto your bullshit but if you have the balls take the Hairyfeet challenge, I dare you, double dare you to film it and upload it, you'll find that even giving Linux just HALF the support cycle of Linux it WILL fail, know why? Because the "let the devs do it" driver horseshit is just that,total fucking horseshit and IT DOES NOT WORK, it will NEVER work, and THAT is why even the other free OSes refuse to use his fucked up driver model!

Re:Looking forward to 1st August by hairyfeet · 2013-07-03 16:57 · Score: 4, Insightful · on Android Update Lets Malware Bypass Digital Signature Check

Does he get paid in cash or in Bing points? And do they get paid by the hour, by the post, is there a prime time that they get paid extra for? Meh I use Bing and all I get is Bing points but at least that gives me a small slice of the pie, the way i see it if these search engines are gonna make money datamining my searches the least they can do is give me a slice. Plus i like their animated search page and the image search is quite nice.

As for TFA...sigh, we already knew that android was gonna hit its one millionth infection by this summer so while the fact that somehow (wow does TFA suck when it comes to details) they bypassed the checks as the guy that gets called when the stuff breaks i can tell you...they honestly didn't need to bother, people will happily infect their phones and tablets without a thought in the world. I swear its the damnedest thing, its like the SECOND you put it on another medium? all the old rules no longer apply. I've seen email scams that haven't worked on PCs in years, lame "just download our player" scams which again haven't worked on PCs in years, its like the second the device is in a different form factor it ceases to become a "computer" and instead becomes "a magic screen which i push that does stuff" so for some damned reason all the rules they learned when running PCs just aren't even applied to the new medium.

And I'll get hate for saying it but truth is truth, and hopefully the huge number of Android infections will lay to rest the lie that "Oh this OS is different, it doesn't get bugs" bullshit. ALL OSES, be they Windows, Linux, or OSX are frankly some of the most complex software platforms EVER created by man, and since man is fallible there WILL be bugs and if there are enough users to make it worth the trouble it WILL be exploited.The reason Linux and OSX got away with so few bugs as long as it did was because they just weren't a juicy enough target, and before anybody screams "servers!" don't waste your breath, servers are highly stripped down,locked down, and controlled by VERY smart guys with a shitload of education. Servers are as different from a user oriented OS as a router is,other than the fact they both run on hardware they really don't have much in common.

But give it a few years and the users will begin to learn to show common sense with these mobile devices, the ones writing the OSes for these devices will learn to harden the shit out of them, then we'll see malware infections drop for awhile...until the next new thing comes out which users will treat like a magic box and we'll be back at square one all over again, sigh.

The Opera intrusion is only the tip of the iceberg by Camael · 2013-06-26 15:55 · Score: 2 · on Hackers Steal Opera-Signed Certificate Through Infrastructure Attack

Opera is not the first nor the last victim of certificate theft. There is evidence that the use of digitally signed malware is increasing since the Stuxnet incident gave this attack vector worldwide exposure.

Both Kaspersky Lab and BitDefender have confirmed seeing a steady increase in the number of malware threats with digitally signed components during the last 24 months. Many use digital certificates bought with fake identities, but the use of stolen certificates is also common, Craiu and Botezatu said.

Also, unless I'm mistaken, revoking stolen certificates do not prevent malware signed with it from running. Most casual users I think tend to trust certificates (that is what it's for, after all, to certify that its from a trusted source). Not many will bother to check the authenticity of the certificate.

1. I heard Microsoft and Verisign revoked the stolen Realtek certificate, does it mean I’m safe now?
Due to the way certificates work, a revoked certificate doesn’t mean the malware will not run anymore. You will still get infected by Stuxnet and the driver will still load without any warning. The only effect of the revoke process is that the bad guys will not be able to sign any further malware with it.

It might be premature to talk about its impact being limited until the full scope of the intrusion and loss of data is made known, and the number of users affected by the intrusion (not disclosed so far).

Re: Windows users are chumps. by hairyfeet · 2013-06-16 09:23 · Score: 1 · on Spikes Detected In Autorun Malware

I can 1 million Android malware infections by the end of this year and since Linux claim Android is Linux you have to claim the malware as well, if that isn't good enough here you go and its not a fluke by any means.

Anybody believes that "If I use X then I am immune" is employing "magical thinking" and is full of shit as ALL modern OSes are some of the most complex systems ever created and where there is complexity? There is vulnerability.

Re:someone's spying on you by hairyfeet · 2013-05-30 11:36 · Score: 3, Insightful · on Ask Slashdot: Is GNU/Linux Malware a Real Threat?

The simple fact is ALL OSes can get malware unless they are either so locked down on permissions that they are basically read only or are thin clients which are locked down at the server, but even the Linux community claims Android as Linux and its going to reach a million infections any day now so the argument over whether Linux malware is a threat? Pretty much over, that is what happens when somebody uses it for something popular, popular equals large target. Welcome to the club, the Mac guys that joined a couple of years back can show you the ropes, coffee and donuts are in the back.

As for this specific case? As somebody who works on systems 6 days a week? Yeah...smells like he has an infection. Guys here can have a shitfit if they want but anybody who switches from an OS they know the ropes on to something completely new, I don't care if its Linux or Mac or Windows whatever? They are ALWAYS gonna be at higher risk than where they were simply because they don't know the new system and don't know what to watch out for. Hell he probably doesn't even know what should and shouldn't be running on his system or what to look for if there is a hijacked program or a backdoor installed.

In this case, as much as I fricking hate to say it as I've found you have to wade through a LOT of shit and douchebags than run on pure smug and leetness in them places but in this particular case i don't see any choice, he is gonna have to go to the forums of his particular distro and tell them what is going on. They will have the most experience with that particular build, will know what is supposed to be running and what isn't on build blah blah whatever, and will be able to spot something that doesn't belong a hell of a lot faster than anybody here would.

Re:A good reason by hairyfeet · 2013-05-20 00:40 · Score: 4, Interesting · on Music and Movies Could Trigger Mobile Malware

Oh bullshit, malware is a billion dollar business for crooks and they have ALWAYS gone where the money is, period the end. In case you haven't kept up with current events, more clueless people than ever have smartphones and tablets that are frankly more powerful than Windows was when it first got malware, so guess what their next big target is?

Oh and just FYI but android will hit one million malware infections any day now so keep up with the bullshit, the article proves that Linux (which the community was quick to claim Android as their own) is just as big a haven for malware as everything else. Surprise surprise, a modern OS can get pwned, who would have thought.

Re:Bug, or exploit? by mcgrew · 2013-03-01 05:59 · Score: 1 · on HTML5 Storage Bug Can Fill Your Hard Drive

Hmmm... it appears that you are correct.

Word nerds trace the word bug to an old term for a monster - it's a word that has survived in obscure terms like bugaboo and bugbear and in a mangled form in the word boogeyman. Like gremlins in machinery, system bugs are malicious. Anyone who spends time trying to get all the faults out of a system knows how it feels: after a few hours of debugging, any problems that remain are hellspawn, mocking attempts to get rid of them with a devilish glee.
And that's the real origin of the term "bug." But we think the tale of the moth in the relay is worth retelling anyway. (TechWorld)

Re:I like Windows Phone by recoiledsnake · 2013-02-27 12:17 · Score: 1 · on LG Not Working On Windows Phone 8 Devices

I didn't know 13.9% of Italian smartphone buyers lived in Redmond.

http://news.techworld.com/operating-systems/3421936/windows-phone-triples-uk-market-share-in-a-year/

Re:What about security-paranoid companies? by Therad · 2013-01-29 18:37 · Score: 1 · on Office 2013: Microsoft Cloud Era Begins In Earnest

I had to start using Office 2013. I went to IT and made them reinstall Office 2010. It HURTS to look at the UI. There is no contrast to help determine what is a button. http://cdn4.techworld.com/cmsdata/products/3370360/Excel_2013.jpg

That's even less contrast than slashdot...

Re:What about security-paranoid companies? by Anonymous Coward · 2013-01-29 06:21 · Score: 0 · on Office 2013: Microsoft Cloud Era Begins In Earnest

I had to start using Office 2013. I went to IT and made them reinstall Office 2010. It HURTS to look at the UI. There is no contrast to help determine what is a button. http://cdn4.techworld.com/cmsdata/products/3370360/Excel_2013.jpg

Re:the only thing Microsoft and others can do is.. by hairyfeet · 2013-01-26 00:48 · Score: 3, Insightful · on Hacker Bypasses Windows 7/8 Address Space Layout Randomization

First of all a public service announcement: To everyone that writes "M$" in 2013...This...Is...YOU! and this is what everyone sees and instantly dismisses when you write that lame ass M$ in 2013. You could write the most brilliant post in the history of Slashdot but a good 80%+ will NEVER read it because they see M$ and think "douchebag" and move on. So don't waste your time unless you want people posting your group photo as the very next post.

Second of all lets get something VERY clear for those that don't seem to understand how these things work, okay? ALL OPERATING SYSTEMS that would be what we consider "modern" are some of the most complex pieces of software EVER written, we are talking millions of LOC in the kernel alone and thousands of little sub-programs that ALL have to work in concert to give the user the illusion that its all one program that "just works". Is Linux even close to immune? Not only is that a big NO but to even suggest it is is a symptom of what is known as "magical thinking" such as "If you buy (product X) then you will magically be safe!". We in IT have seen magical thinking used to sell everything from OSes to firewalls to routers and reality will blow holes in that lie every single time.

So if Linux is vulnerable why don't we see Linux attacks in the news? We do only they are called "Android attacks" and in fact its predicted that later in the year Android will reach the one million infected mark which considering that Android isn't even a decade old is pretty impressive.

Look its actually VERY simple, and evidence has bore this out time and time again. Criminals ARE LAZY and want to do the least amount of work for the biggest bang so they want to go after the biggest targets to yield the most infections they possibly can. I mean writing a OS/2 virus today would probably be the most trivial thing in the world yet you don't see anybody doing it, why? Because the fact is even though eComstation still sells OS/2 there are too few using it to make it a juicy target. But the malware writers WILL go where the targets are, used to be it was always Windows, then Vista bombs and everyone in the press starts talking about how Mac adoption is climbing, what happens? Mac Guardian and Mac Defender. Android phones and tablets explode in usage, what happens? Thousands of Android malware released weekly.

So anybody who thinks their OS is gonna magically protect them from malware because "(product X) doesn't get bugs!" is merely deluding themselves with magical thinking. There are even articles that helpfully helpfully explain this and point out how switching platforms just for the sake of magical thinking (in the article OSX for Linux but you can insert any from and to in there and it still fits) just doesn't work. Be it Linux, Mac, or Windows you can find plenty of bugs, I could spend 5 minutes and cover this page in reports of bugs for all 3, I already listed the 2 biggest Mac bugs of recent memory, TFA is a Windows bug, and just off the top of my head there was the KDELook theme bug and the infected Quake 3 that was served up by most repos for a year and a half on Linux. NO OS is safe, NO OS is immune, and if you are gonna claim security by obscurity is actual security you might as well run Win95 or BeOS because hey, there aren't any bugs circulating targeting those OSes either.

Re:FDE by gl4ss · 2012-11-30 04:33 · Score: 1 · on Raided For Running a Tor Exit Node

My backup plan is to encrypt my Tor exit node with TrueCrypt FDE. Yes, it means I have to run Windows, since FDE support is not available for Linux yet. However, the FBI has not been able to defeat TrueCrypt. They can say the traffic came from your internet connection, but they cannot prove that you viewed any of it.

that's not a backup plan. all that will do in a case like this seem that you did stash the illegal material on your own machine and drag the case on forever.

the real backup if any is keeping a log about every packet, so you can pass the blame.

FDE by Sparticus789 · 2012-11-30 04:19 · Score: 0 · on Raided For Running a Tor Exit Node

My backup plan is to encrypt my Tor exit node with TrueCrypt FDE. Yes, it means I have to run Windows, since FDE support is not available for Linux yet. However, the FBI has not been able to defeat TrueCrypt. They can say the traffic came from your internet connection, but they cannot prove that you viewed any of it.

Re:Cancelled by Dupple · 2012-11-23 06:26 · Score: 3, Informative · on LiMux Project Has Saved Munich €10m So Far

I think you're thinking of Freiburg

http://news.techworld.com/operating-systems/3411884/openoffice-dumped-as-freiburg-plots-return-to-microsoft/

It was on /. but I can't seem to find the story

Linux users targeted by 'Wirenet' Trojan by Anonymous Coward · 2012-09-30 09:29 · Score: -1 · on WTFM: Write the Freaking Manual

-=-
Linux users targeted by password-stealing 'Wirenet' Trojan

Open source gets some attention

By John E Dunn | Techworld | Published: 12:58, 31 August 2012

http://news.techworld.com/security/3378804/linux-users-targeted-by-password-stealing-wirenet-trojan/
-=-
"Malware writers are interested in Linux after all. Russian security firm Dr Web has reported[1] finding a shadowy Trojan that sets out to steal passwords on the open source platform as well as OS X.

Technical details of Wirenet.1â(TM)s operation and technique for spreading are sparse for now, but the company reports that the backdoor program targets browser passwords for Opera, Firefox, Chrome, Chromium, and as well as applications such as Thunderbird, SeaMonkey, Pidgin.

Under Linux it copies itself to the ~ / WIFIADAPT directory before attempting to connect to a command and control server hosted at 212.7.208.65 using an AES encrypted channel. That at least offers a simple way of blocking communication and any further payloads.

Dr Web made a name for itself earlier this year reporting on the infamous Flashback Trojan[2] that hit Mac users on an unprecedented scale.

Itâ(TM)s not clear whether Wirenetâ(TM)s cross-platform capabilities extend to targeting Windows systems but it is possible that avoiding Microsoftâ(TM)s OS is a way of keeping off the radar of security firms.

Cross platform malware is rare but not unheard of, the usual technique being to hook into Java in search of victims using OS X.

Malware specifically designed to steal credentials from Linux systems is almost unheard of but might, on the basis of this new discovery, become a little less so in future.

Should Linux users be worried? Probably not. the details of how this malware might grab root mode on a Linux system are unknown. Atacking Linux users would also be a pretty rarified activity unless it was part of a highly-targeted attack.

"We do not have explicit evidence that it uses Java. To my knowledge it does not. This file was received from Virustotal," Dr Web analyst Igor Zdobnov told Techworld."

[1] http://news.drweb.com/show/?i=2679&lng=en&c=14
[2] http://news.techworld.com/security/3353152/flashback-trojan-still-on-650000-macs-security-company-discovers/
-=-