Comodo Says Two More RAs Compromised

New Breaches? by WrongSizeGlass · 2011-03-30 01:41 · Score: 0

These two occurred after the discovered the first one. How does this stuff keep happening?

Re:New Breaches? by petermgreen · 2011-03-30 02:18 · Score: 1

The whole CA system is fundamentally broken, your browser trusts a huge list of CAs and further those CAs have the power to delegate their authority (either through signing a cert that delegates authority or by allowing those people to request certificates with little to know further checking). The result is a huge number of people who have the power to sign certificates that your browser will treat as evidence that a web site is who they say they are. Further the CAs don't really have much interest in security beyond doing the minimum nessacery to keep themselves in the browsers root certificate lists.
When you have a large number of people and/or entities with such a power there is a significanct chance that some of them will be corrupt, open to coersion, lax about security or some combination of those attributes.
Commodo claimed that there were no further mis-issued certificates as a result of this but I'd be very wary of such a claim.

--
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Re:New Breaches? by rtfa-troll · 2011-03-30 04:36 · Score: 2

There is nothing wrong with the fact that many people can sign certificates. What is wrong is that there's no easy way to mark that up and control it and there are no ways to have multiple independent signing bodies. E.g. for financial transactions I would only want to trust a bank signed by an extended verification certificate from at least two registries + the government regulatory body of the country where the bank is registered. When I'm browsing slashdot I would probably be happy just to have a self signed certificate and get warned if it changed. What is needed is essentially a web of trust like PGP with a pre-loaded set of trusted bodies which varies according to the configuration of the user. There is no reason for a Chinese user to trust an American bank or the other way round.
With sufficiently clever defaults this could add quite a bit of security without any interaction or thinking from the user. They probably have to learn more about the colours of the address bar or something however.

--
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();

Simple solution. by Timmmm · 2011-03-30 01:42 · Score: 5, Interesting

Store the certificates in DNS, and access them with DNSSEC.

http://blog.fupps.com/2011/02/16/ssl-certificate-validation-and-dnssec/

Re:Simple solution. by characterZer0 · 2011-03-30 02:01 · Score: 1

Right. Because nobody has ever hijacked a domain.

--
Go green: turn off your refrigerator.
Re:Simple solution. by Co0Ps · 2011-03-30 02:09 · Score: 1
Very, very, very interesting... and brilliant. This solves four major problems:
- Trusting CA's getting hacked
- Trusting CA's in china
- Having to pay for expensive certificates instead of signing them ourselves
With this solution you only have to trust your TLD authority and the root DNS certificate.
Lets hope this gets standardized and that DNSSEC get's rolled out for all TLD's as quick as possible.
Re:Simple solution. by Co0Ps · 2011-03-30 02:11 · Score: 1

Um. You realize that "hijacking a domain" is virtually impossible with DNSSEC right?
Re:Simple solution. by Anonymous Coward · 2011-03-30 02:12 · Score: 1

I wish. Verisign and others make too much money for that to ever happen.
Re:Simple solution. by Lennie · 2011-03-30 02:53 · Score: 1

It will take years for this to be rolled out.
Have a look at this recent post by me:
http://slashdot.org/comments.pl?sid=2051242&cid=35598706

--
New things are always on the horizon
Re:Simple solution. by Fastolfe · 2011-03-30 03:25 · Score: 2

Spoofing a domain is effectively impossible, but hijacking it is not. If you can convince the registrar that you are the owner of the domain, you can change the DNS servers *and* the domain's DS records.
Re:Simple solution. by Fastolfe · 2011-03-30 03:34 · Score: 2

Except you can't meaningfully have real-world identity validation without trusted third parties. The guy owning ebay-payments-this-is-real.com can generate a cert for his web server that says "eBay", but you can't trust such an assertion if the only trust you have is the DNS hierarchy.
Re:Simple solution. by jhoegl · 2011-03-30 03:34 · Score: 1

I believe that is what DNSSEC is supposed to solve.
Re:Simple solution. by Lennie · 2011-03-30 03:38 · Score: 1

They are already doing DNSSEC-services. Would it matter to them what services they sell to people ?

--
New things are always on the horizon
Re:Simple solution. by asdf7890 · 2011-03-30 03:39 · Score: 1

On the "having to pay" thing, there is at least one CA with a signing cert trusted by the majority of current browsers who use that signing cert to sign free server certificates.

See http://en.wikipedia.org/wiki/Startssl#StartSSL for details. Unfortunately under XP the certificate updates are not sent out marked as important so many people won't have them installed on that OS (and perhaps Vista too?) but this only affects IE users. So if you feel safe letting some XP+IE users get certificate warning messages and having to explain the messages to them, there is a free option.

IIRC none of the other free cert groups (like cacert.org) have this level of trust on common browser configurations, though if startssl gain a good chunk of market share out of offering the free certs maybe other CAs will start signing low assurance certs for nothing too (rather than, as several currently do, just giving you one year free as part of some offer linked to a registrar) - which would be nice as that way even the backwards XP+IE users will trust certs you can get signed for free...
Re:Simple solution. by sjames · 2011-03-30 07:39 · Score: 1

True enough for the most part. However, it can be an actually trusted 3rd party rather than one of dozens of companies I've never heard of in countries whose governments I don't trust.
If my friend buys something from someone and gives me rave reviews, if he also gives me their cert fingerprint with the link, I can KNOW for a fact that I am dealing with the same entity that my friend recommended. At that point, I don't know if his name is Joe Smith or Blusdfua Ykjfuiwqhfp for certain, but I don't care because I do know that he is most certainly "guy who my friend recommended".
This even applies to things like banking. All I need to know is that the cert matches the fingerprint printed on my bank statement and available at the local branch on the online banking brochure.
Cert fingerprints can also verify for me that this is the same site I visited last time, not a man in the middle who wasn't there before. That doesn't require a 3rd party.
Re:Simple solution. by Kalriath · 2011-03-30 09:06 · Score: 1

Just to correct that, Verisign sold off their CA operations to Symantec. They don't issue certs any more.
They just control the gTLDs.

--
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Re:Simple solution. by ericn32 · 2011-03-30 12:11 · Score: 1

No, It's supposed to sign the DS, A, MX, etc. records so that a third party or malicious service provider can't point users to other servers.
Re:Simple solution. by Fastolfe · 2011-03-31 05:45 · Score: 1

True enough for the most part. However, it can be an actually trusted 3rd party rather than one of dozens of companies I've never heard of in countries whose governments I don't trust.
Yes, but you're still only applying that to the second-level domain. If I were to register ebay-payments-this-is-real.com, and the .com registry says my real-world identity is "Scammer", that's great. But we're delegating trust, couldn't I just create a "no-really.ebay-payments-this-is-real.com" and say that its real-world identity is "eBay"? You'd have to create a whole new system that establishes the top-level domains and which levels are authorized to make assertions about real-world identity. If I were an ISP and wanted to give out domains of the form joes-widgets.example.com, do all of my customers' SSL certificates have to say "Example, Inc."?
Though, don't get me wrong: I'm all for having government entities establish identity, but IMO the issue of authenticating real-world identities is somewhat orthogonal to authenticating DNS "identities" (i.e. SSL public keys).

All I need to know is that the cert matches the fingerprint printed on my bank statement and available at the local branch on the online banking brochure.
Sure, that makes a lot of sense. But is it practical to expect your customers to manually inspect cert fingerprints? People click through cert warnings ("I don't care, just show me the damn page") all the time without realizing the implications. I think this would be a step backward.
"Have I seen this cert before" is already a feature of most major web browsers, it's just not obvious when this is or is not the case, so I don't know how useful it is in its current form.
Re:Simple solution. by Fastolfe · 2011-03-31 06:29 · Score: 1

You are mistaken. DNSSEC relies on each level of the DNS hierarchy vouching for the keys used to sign records in the child zone. The root zone signs keys for com, and com signs records for example.com, including the keys used by example.com to sign www.example.com. If the keeper of com believes the domain has rightfully changed hands (or maybe an attacker figures out your password), new DNSSEC keys can be provided and the com zone will dutifully sign them, effectively transferring DNSSEC-provable ownership to someone else.
Re:Simple solution. by sjames · 2011-03-31 08:26 · Score: 1

couldn't I just create a "no-really.ebay-payments-this-is-real.com" and say that its real-world identity is "eBay"?couldn't I just create a "no-really.ebay-payments-this-is-real.com" and say that its real-world identity is "eBay"?
Sure, but if you then scam my friend, instead of recommending the URL with the fingerprint of your cert, he will tell me this is a scam. You might fool Comodo, but you will not get a friend of mine to recommend your URL and fingerprint as a good place.

Sure, that makes a lot of sense. But is it practical to expect your customers to manually inspect cert fingerprints? People click through cert warnings ("I don't care, just show me the damn page") all the time without realizing the implications. I think this would be a step backward.
Those people cannot be helped. You could get them right now with a fake banking site and a self signed cert. As you say, they'll just click right through the warning. They will click through any warning on any trust system.
This doesn't have to replace the current CAs, just supplement them, so at worst, it would be as good as we have now.

Do you still have Comodo CA on your browser? by nereid666 · 2011-03-30 01:42 · Score: 1, Insightful

I have deleted all the CA from Comodo. I think it must be the end of his certification authority bussines. I want more responsible of that: -Ernest Young give them the WebTrust certification. Or the auditor or the certification is useless...

--
Damia

Re:Do you still have Comodo CA on your browser? by DriedClexler · 2011-03-30 02:10 · Score: 2

Didn't quite follow your third sentence there, but yeah, I'm de-listing Comodo and all Comodo-authorized CAs from my trusted list. We may not have perfect certificate revocation solutions, but that'll have to do for now.

--
Information theory is life. The rest is just the KL divergence.
Re:Do you still have Comodo CA on your browser? by fast+turtle · 2011-03-30 03:32 · Score: 2

Hell I'm removing all CA's from the browser as I don't trust any of them. Yes it creates a bit of an issue with some websites but all I have to do is add an exception for that site instead of blindly trusting the damn certificate.
What annoys me no end in Firefox is the fact that there is no simple way to disable all certs below a CA w/o having to disable each and everyone of them. This makes no sense. If I don't trust the Root CA then why in hell should I trust any of their subsidary CA's to be any better and why can't I uncheck a box for a Root CA and untrust the entire chain?

--
Mod me up/Mod me down: I wont frown as I've no crown
Re:Do you still have Comodo CA on your browser? by Culture20 · 2011-03-30 04:09 · Score: 1

Hell I'm removing all CA's from the browser as I don't trust any of them. Yes it creates a bit of an issue with some websites but all I have to do is add an exception for that site instead of blindly trusting the damn certificate.
LOL. How do you verify them? Look up their phone numbers in the physical yellow pages, convince the phone monkeys that you need to talk to their CIO to have him read the cert to you letter by letter? ...for every https page every X years?
Re:Do you still have Comodo CA on your browser? by Anonymous Coward · 2011-03-30 05:25 · Score: 0

I think he meant that some responsibility should lay with Ernest and Young, the auditors that issued the WebTrust certificate.
Re:Do you still have Comodo CA on your browser? by DarkOx · 2011-03-30 08:14 · Score: 1

Ok but if you add that exception are you not blindly trusting the remote server is who it says it is? I guess you'll know if the cert changes but then what? Do you have someone at Amazon you can call ask why the cert changed before it expired or if it has really changed? Its not as if there are not plenty of totally legitimate reasons the certificate could change.
I am not saying you are wrong, I am just saying not trusting ANY CAs is not a practical option for most people.
Possibly you only use a small number of sites that you have contacts at, in which case it might be a good answer for you. When I was a Network Admin I always advocated my company and our parterres exchanged self signed certificates out of band whenever web service integrations were built etc. The CAs do a totally inadequate job of identity verification, but I don't know what joe enduser is to do about it other than not participate in any online commerce.
I mean really if you can get, or even just intercept e-mail at say root@,ssladmin@,hostmaster@,webmaster@,etc for your targets domain and determine their tax-id number (really easy) you can get a certificate in their name, from even the best CAs. I should think a low level engineer at just about any ISP could do that to at least his employers own customers without much trouble.

--
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html

Its not their fault... by Haedrian · 2011-03-30 01:43 · Score: 3, Funny

I mean, few systems can avoid being compromised by a person with "experience of 1,000 hackers"

http://it.slashdot.org/story/11/03/28/2159202/Lone-Iranian-Claims-Credit-For-Comodo-Hack

Re:Its not their fault... by fuzzyfuzzyfungus · 2011-03-30 01:51 · Score: 2

The world is truly lucky that the man with the experience of 1,000 hackers has not yet discovered steroids...
Re:Its not their fault... by GameboyRMH · 2011-03-30 02:16 · Score: 1

If you liked the "with the force of 1000 suns" meme, you'll love "with the experience of 1000 hackers!"*
*Be sure to stay behind 7 proxies when hacking, and exercise caution so you don't accidentally the whole thing.

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
Re:Its not their fault... by Anonymous Coward · 2011-03-30 02:38 · Score: 0

Still waiting for the person with the experience of over 9000 hackers.
Re:Its not their fault... by Anonymous Coward · 2011-03-30 05:32 · Score: 0

It's not the thousand coders or hackers that worry me.. it's the thousand Project Managers!
Re:Its not their fault... by Metabolife · 2011-03-30 09:28 · Score: 1

Make sure to do it over starbucks wifi from the safety of your bicycle and old man mask on. while you're at it, make sure to buy the laptop from craigslist and pick it up with old man mask still on. never connect it to any other network than starbucks. bounce through at least 30 proxies including those located in russia and africa. then brag about it on facebook and go to jail.
Re:Its not their fault... by jd · 2011-03-30 09:58 · Score: 1

I dunno. If all thousand were skript kiddies, it should be easy.

--
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)

Fuck... by fuzzyfuzzyfungus · 2011-03-30 01:49 · Score: 4, Insightful

So is "rolling out a new two factor authentication system" code for "our last two-factor authentication system consisted of 'something you know', your username, and 'something you know, your password; because, despite the fact that we are a fucking CA we just can't be bothered"?

Other than inertia, is there any reason to give these guys a second chance, rather than just drop them from the default trusted CAs list and let the company sell itself for scrap? Generating SSL certs is technologically trivial, anybody can do it at home with commonly available free software. Essentially, the only purpose of a CA is to be competent and trustworthy about who they generate certs for. CAs aren't really software or technology companies, they are much closer to the position of escrow services or trust companies. Generating certs is just the minor 'paperwork'. Generating only the right certs for only the right people is the job. If they can't do that, they are worse than useless.

Re:Fuck... by Anonymous Coward · 2011-03-30 02:20 · Score: 0

So if we all remove them as a trusted CA what happens to all the poor folks who legitimately paid them for certificates? Do we just say, "sorry dude, you happened to buy from the wrong company; go get another cert from someone we still like!"?

Because punishing the legitimate certificate holders doesn't sound like the best path forward.
Re:Fuck... by LordLimecat · 2011-03-30 02:25 · Score: 1

Honestly, that WOULD be the correct solution. Its not punishing them, but it does make them responsible for their choices, and thats pretty important to keep people from getting complacent or thinking they dont have to care who they choose.
Re:Fuck... by Kookus · 2011-03-30 02:31 · Score: 1

I work at an institution that widely uses Comodo certificates, and I still believe that the right solution is to un-trust them. Let the lawyers handle the recuperation costs with Comodo.
Re:Fuck... by fuzzyfuzzyfungus · 2011-03-30 02:33 · Score: 1

Probably about the same thing that happens to the families/friends/etc of people who get fired for serious workplace negligence, or who get sent to jail for some crime or other; only getting a new cert is easier and cheaper than replacing a person.

It is, unfortunately, true that nuking them as a trusted CA will have some negative effects on innocent parties. However, there is essentially no form of punishment/consequences, whether leveled against a corporation or a person, that does not affect some innocent bystanders. Somehow, given that the alternative would be the abandonment of consequences, we manage to accept that.
Re:Fuck... by Anonymous Coward · 2011-03-30 02:36 · Score: 0

So if we all remove them as a trusted CA what happens to all the poor folks who legitimately paid them for certificates? Do we just say, "sorry dude, you happened to buy from the wrong company; go get another cert from someone we still like!"?
Yes.
Re:Fuck... by Anonymous Coward · 2011-03-30 03:02 · Score: 0

> Because punishing the legitimate certificate holders doesn't sound like the best path forward.
The problem is that we no longer know which of them is legitimate.
Re:Fuck... by shentino · 2011-03-30 03:09 · Score: 1

Simple. Sue comodo for breach of warranty or something.
Re:Fuck... by ArsenneLupin · 2011-03-30 03:10 · Score: 2

Other than inertia, is there any reason to give these guys a second chance
You mean, a third chance?
Yes, they are too big to fail. Hey, it worked for the banks...
Maybe CaCert only needs to get 120.000 subscribers on board, and they shouldn't have to bother with that pesky audit either?
Re:Fuck... by trifish · 2011-03-30 03:14 · Score: 1

is there any reason to give these guys a second chance
Actually, a third chance. They had a similar problem a couple of years ago.
(That's why I've had their certs blacklisted since then. Once a CA loses trust, it can't be restored. And it shouldn't.)
Re:Fuck... by gman003 · 2011-03-30 03:36 · Score: 1

Maybe they're in a district where "can't be arsed" is a federally-recognized handicap?
Re:Fuck... by Lord+Ender · 2011-03-30 03:49 · Score: 2

This isn't just a CA problem. Failure to use proper authentication is everywhere. Here's the rule of thumb you need to know regarding authentication:
If the system or data is at all important, it should be virtually impossible to access it without real two-factor authentication. A CA is important. Financial systems are important. The Administrative interfaces to your company's core systems are important.
Comodo should have required this of its customers, but more importantly, YOUR company should be requiring it of itself. Is it?

--
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Re:Fuck... by TheLink · 2011-03-30 03:50 · Score: 1

Once a CA loses trust, it can't be restored. And it shouldn't
How about Verisign?
http://www.microsoft.com/technet/security/bulletin/ms01-017.mspx
Verisign owns Thawte, Geotrust (which owns RapidSSL).
--
- Too many replies beneath your current threshold
Re:Fuck... by fuzzyfuzzyfungus · 2011-03-30 03:56 · Score: 1

Yup. Users hate it; but that just gives my pitying stare some extra practice.
Re:Fuck... by tlhIngan · 2011-03-30 04:16 · Score: 2

If the system or data is at all important, it should be virtually impossible to access it without real two-factor authentication. A CA is important. Financial systems are important. The Administrative interfaces to your company's core systems are important.
Ah, but two-factor is also expensive.
That's why banks and other financial institutions have rolled out two factor abortions that are really just more passwords.
Wish it was Two-Factor shows how pretty much most North American banks have things set up. It's just another password, really, and both are "something you know". (And not "something you have" or "something you are")
Re:Fuck... by Anonymous Coward · 2011-03-30 05:18 · Score: 0

I just see one Verisign incident. Not three in two years, like in Comodo's case. (And they have been here for much longer and have issued many times more certs than Comodo and their affiliates). Are you a Comodo shill by any chance?
Re:Fuck... by Conare · 2011-03-30 07:28 · Score: 1

There are some pretty inexpensive ways to do this (grid cards) so like the article you linked, I don't buy cost as an excuse. Of course I did take a photo of my buddy's grid card once as a joke, but at least it isn't personal data I could harvest from his facebook page which most of those bank questions are. If people are willing to carry a "bonus" card for every flipping retail establishment in existence, they should be willing to carry a card to keep their money secure. And I can't believe that the added cost of the security wouldn't pay for itself in the long run.

--
Stop Continental Drift! Reunite Gondwanaland!
Re:Fuck... by BAKup · 2011-03-30 08:01 · Score: 1

I would have liked to seen your second link, but it appears that EFF uses Comodo for their SSL cert.
EFF, I'd think about suing Comodo for your money back on the Cert, and get one from another company.
Re:Fuck... by ArsenneLupin · 2011-03-30 08:15 · Score: 1

Sorry for that unintended piece of irony... when I copy-pasted that link, I had not yet removed the Comodo CA Certs from my browser...
here is a plaintext link.
... but I guess this explains why EFF thinks Comodo is "too big too fail", hehe...
Re:Fuck... by Kalriath · 2011-03-30 09:17 · Score: 1

Verisign? You mean Symantec right?

--
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Re:Fuck... by Anonymous Coward · 2011-03-30 14:53 · Score: 0

The OP said: "Once a CA loses trust, it can't be restored. And it shouldn't"

Verisign did lose trust (and did do other things to lose trust in the internet community too).

Are you an idiot by any chance?
Re:Fuck... by TheLink · 2011-03-30 15:01 · Score: 1

BTW Symantec owns PGP which owns "TC trustcenter" yet another CA with their certs in your browsers.

So there'll soon be no escape from them :).
--
- Too many replies beneath your current threshold
Re:Fuck... by BAKup · 2011-03-30 16:23 · Score: 1

I thought it was funny as hell. I did remove the s to read the EFF article. I have to agree, they seem to have a vested interest in keeping Comodo alive.

New version of my browser? by Anonymous Coward · 2011-03-30 01:56 · Score: 0

So, every few days when another cert is compromised there will be another version of my browser to update? Why do we need a new version of the browser, I thought revocation lists were maintained on a central server that browsers phone home to.

Re:New version of my browser? by Lord_Byron · 2011-03-30 06:16 · Score: 1

Unfortunately, OCSP has been defeated with the character 3.

Two-Factor by Spad · 2011-03-30 01:58 · Score: 2

Let's just hope they're not rolling out RSA Tokens :)

Re:Two-Factor by Archangel+Michael · 2011-03-30 03:10 · Score: 2

I can't wait till they roll out JRR Tolkien

--
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Re:Two-Factor by Nameisyoung007 · 2011-03-30 03:53 · Score: 1

I wouldn't trust them to quickly roll out a RSA product. With the speed, they are going to leave some holes open, and with the back-end source code probably out in the wild, it may just make the problem worse. (The source code is only going to hurt shoddy implementations of the RSA Server. People do shoddy work under time pressure).
Re:Two-Factor by Abstrackt · 2011-03-30 04:58 · Score: 1

I'd rather they didn't. Our server room smells bad enough with live bodies in there.

--
They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
Re:Two-Factor by jd · 2011-03-30 10:01 · Score: 1

That would be nine factor via eight species authentication. Should be quite effective.

--
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)

Removed by Lincolnshire+Poacher · 2011-03-30 02:02 · Score: 3, Insightful

I have now removed Comodo as a trusted CA on my systems, and have advised colleagues of the three known occasions on which they have failed to act as a responsible CA. The game is up.

The Mozilla inclusion policy for maintaining CAs in the default list states that:

We reserve the right to not include a particular CA certificate in our software products. This includes (but is not limited to) cases where we believe that including a CA certificate (or setting its "trust bits" in a particular way) would cause undue risks to users' security...

I hope that Mozilla now review the inclusion of Comodo's cert.

Re:Removed by Haedrian · 2011-03-30 02:05 · Score: 1

How about telling us mortals how to do that?
Re:Removed by Spad · 2011-03-30 02:09 · Score: 2

Well in Firefox/Seamonkey go into the security settings, Manage Certificates, Trusted Authorities and delete everything under Comodo. For IE you need to open the Windows certificate management via MMC and then do the same thing.
Re:Removed by L4t3r4lu5 · 2011-03-30 02:11 · Score: 1, Funny

Mere mortals have no place tampering with CA listings, especially when they are not far-sighted enough to tell us which OS they require instructions for without us asking.

Derp.

--
Finally had enough. Come see us over at https://soylentnews.org/
Re:Removed by DataDiddler · 2011-03-30 02:13 · Score: 1

In Firefox, Preferences > Advanced > Encryption > View certificates. Go to the "authority" tab, click on the Comodo servers, click "delete or distrust."

--
Working...
Re:Removed by gnasher719 · 2011-03-30 02:13 · Score: 2

How about telling us mortals how to do that?
Mortal Mac users: Open Keychain Access, click on "System Roots", type "Comodo" in the search box, Click to unlock the "System Roots" keychain, then delete the "Comodo Certificate Authority" certificate. You'll probably have to enter your login password at some point.
Re:Removed by IgnoramusMaximus · 2011-03-30 02:28 · Score: 3, Informative

You can't do that. Only user installed certs can be deleted. You have to use "Get Info" on the Comodo cert, expand the "Trust" section and set the drop-down to "Do not trust". The icon for the cert will get a red "x" indicating its untrusted.
Re:Removed by Eevee · 2011-03-30 02:28 · Score: 1

Here is Comodo's advice for removing certs from Firefox. The only difference is you would pick the Authorities tab.
Re:Removed by Anonymous Coward · 2011-03-30 02:33 · Score: 0

Mere mortals have no place tampering with CA listings, especially when they are not far-sighted enough to tell us which OS they require instructions for without us asking.
Ah, the "you didn't ask the right question so you're too stupid for me to bother with you" approach.
Or... You could realize in a tech blog that just about every system is represented by the readership and a generic question and multi-part answer is appropriate. Or would you rather see it clogged with "how about Windows 2000", "how about Windows 2003", "how about Windows 2008", "how about Unbuntu", "how about Linux", "how about Unix", "how about Solaris"... questions.
You should be able to tell from my post that I'm not familiar with certificate management. And from the responses given without the question being specific I now know how to check a couple of platforms and I didn't have to ask, but I'll never be as smart as you.
Re:Removed by Anonymous Coward · 2011-03-30 02:44 · Score: 2, Funny

Mortal Kombat users: Left, left, up, right, open keychain access, right, right, right, down, Comodo, up, down, left, right and "Finish him"...
Re:Removed by Anonymous Coward · 2011-03-30 02:49 · Score: 0

Make sure that you also contact comodo customers when you come across them to let them know why you can't [make a purchase/use their services]. Here's one example (that even got trumpeted in a comodo press release): http://www.hayneedle.com/
Re:Removed by Ben4jammin · 2011-03-30 03:51 · Score: 1

You may not have to do anything if you are on Windows 7. I had to do this manually for firefox. But after getting an OS update yesterday now when I go into IE I don't see Comodo listed as trusted, and I do see several listings under "untrusted publishers" for login.yahoo.com, mail.google.com, and a couple that were issued to MS and another for www.google.com all listed as "untrusted".

and for the mortals out there I checked this by going to Tools-->Internet Options-->Content-->Certificates-->Untrusted Publishers

Which you will probably find easier than using the mmc to do the same thing.

Can anyone else on W7 confirm/deny this?
Re:Removed by Lennie · 2011-03-30 03:54 · Score: 1

I have some doubts Mozilla will drop Comodo, I think Comodo is 'to big to fail'.
My guess is they issue 1000s of certs a day, most of them are valid for a year. Those would all stop to work.

--
New things are always on the horizon
Re:Removed by Anonymous Coward · 2011-03-30 04:03 · Score: 4, Informative

delete everything under Comodo
And the next time Firefox is updated (which happens frequently) the Comodo certificates will be back.
For each Comodo certificate you need to click on Edit and clear all the check boxes so the certificate won't be used for anything. This change survives updates. As I pointed out in a comment the other day (for which I received many flames) this user interface is completely inadequate for managing the hundreds of certificates that ship with Firefox.
Re:Removed by KozmoStevnNaut · 2011-03-30 04:18 · Score: 1

Select all of them and use the "Delete or distrust" button.

--
Eat the rich.
Re:Removed by asdf7890 · 2011-03-30 04:33 · Score: 2

Ah, the "you didn't ask the right question so you're too stupid for me to bother with you" approach.
No. The "you haven't provided information that anyone with half a brain might know could be useful" answer. It is like when our users raise reports along the lines of "I opened a form and got an error" to which we have to reply back with "which form?" (lest we have to test every single form for every record in the DB to see which one(s) report an error) and "what was the error?" (to which the response is almost always "I don't know" or "I didn't read it" which is bloody annoying especially in places where the app explicitly says "please report the code XYZ1234 when reporting this error as it will help us find information in the code and logs that might help us find the solution faster"). Another good one is "some of the counts in report B don't look right" when report B contains many figures rolled up over a large data-set. It is just lazy not to type one example when you know at least one.

Or... You could realize in a tech blog that just about every system is represented by the readership and a generic question and multi-part answer is appropriate. Or would you rather see it clogged with "how about Windows 2000", "how about Windows 2003", "how about Windows 2008", "how about Unbuntu", "how about Linux", "how about Unix", "how about Solaris"... questions.
What if the responder doesn't know how to do what you are asking in *every* browser on *every* operating system available? What if that one person doesn't have time to type out seven sets of instructions on the off-chance one of them might be the set that you were looking for?

If you are asking for help, give relevant details without asking. It helps us help you and reduces the chance that we'll just ignore you because the question is too generic and we don't have time to respond with a full article on the subject.

Sorry to come over so snarky, but I've spent too much time lately dealing with bad issue reports (some of them from people who claim to be developers so should damn well know better), I had some crap to vent, and you raised your "viable target" flag!

It isn't just people though, a lot of code does the same crap-condition-reporting thing. MS SQL reports "string or binary data would be truncated" when you have given it X thousand rows with YZ string columns. It *knows* at least one of the errant values, the first one it hit, so why doesn't it *report* the value as that might give massive clue as to what we have done wrong.
Re:Removed by Anonymous Coward · 2011-03-30 04:59 · Score: 0

I don't have a "Delete or distrust" button. Is it a FireFox 4 feature?
Re:Removed by KozmoStevnNaut · 2011-03-30 07:59 · Score: 1

I never checked in FF3 to be honest, but they probably added it in FF4.
Just another reason to upgrade :-)

--
Eat the rich.
Re:Removed by heypete · 2011-03-30 08:05 · Score: 1

Microsoft released an advisory about this subject, which also included an update to blacklist those Comodo certs (the blacklisted code-signing certs from Microsoft are from a separate incident from 2001). It rolled out over Windows Update as a critical update several days ago.
This shouldn't really be necessary, as the certs were also revoked by Comodo, and are available through their CRLs (which aren't queried by default) or by OCSP (which is). Nevertheless, the browser vendors (Microsoft in this case) are being a bit more thorough.
However, people are now discussing removing the Comodo root certificates, as they feel that Comodo has been too irresponsible in their issuing policies (or in their RA security policies) to warrant any trust at all.
Re:Removed by Anonymous Coward · 2011-03-30 08:34 · Score: 0

What about the Preferences > Advanced > Encryption > Revocation Lists item?
Does that survive updates?

Comodo is quite lax on paperwork requirements by Bloodwine77 · 2011-03-30 02:09 · Score: 2

I used to get my SSL certs through Verisign or Thawte, who were quite expensive and required a truckload of paperwork to prove your identity to them when being issued a SSL certificate. This was years ago, so they may be more lax these days for all I know. I jumped to Comodo several years back because they were cheaper and had a lot less paperwork hassle. Generally I could get SSL certs more quickly through them than I could through Verisign or Thawte. I then managed enough SSL certs to get in to OpenSRS and I could issue SSL certs immediately with no paperwork whatsoever. I believe the small print in OpenSRS shifts the burden to you, not Comodo, to prove the identity of the organization requesting the SSL certificate. All my clients were local businesses and were easy enough for me to verify. Long story short, is that there are numerous ways around the identity verification schemes when obtaining SSL certificates. Perhaps with these recent SSL incidents the registration authorities and SSL issuers will start going back to the old days of putting people through the meatgrinder when trying to obtain SSL certificates. It may be inconvenient, but I think we've gotten to the point where the scales are tipped way too far in convenience's factor to the detriment of security and verification.

Re:Comodo is quite lax on paperwork requirements by Lennie · 2011-03-30 04:02 · Score: 1

At the end of the day, most certificates can just be considered 'domain validated'. The 'green-bar'-certificates ('Extended Validation') ones are what used to be the what they did. Maybe they even do more with EV, but all the others are just 'domain validated'. Let's not kid ourselfs.
What does that mean ? You upload a certificate request on the site it downloads the whois-information does some automated checking from the addresses in the whois you choose which one to mail it to (or one of these: admin@domain.tld postmaster@domain.tld webmaster@domain.tld hostmaster@domain.tld ) and they send you an email and you click the link and they will do some generic checks and if it looks valid and a certificate is issues.
Really, that is all.

--
New things are always on the horizon
Re:Comodo is quite lax on paperwork requirements by jd · 2011-03-30 10:07 · Score: 1

There were typically three grades of certificate in the Old Days - personal certificates (which is what you're describing), level 2 (where there were basic background checks) and level 3 (where they made the NSA's Top Secret clearance look trivial).
These days, I'd extend the range but I'd say there should be an absolute minimum level for certain types of activity and that this should be enforceable in some way. (We know damn well that if it was voluntary, every bank and retailer would still go for the personal certs because they're dirt cheap, eliminating any real choice or any real security, with no alternative for consumers.)

--
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Re:Comodo is quite lax on paperwork requirements by Lennie · 2011-03-30 10:17 · Score: 1

Dirt cheap ? How about free: https://www.startssl.com/

--
New things are always on the horizon
Re:Comodo is quite lax on paperwork requirements by jd · 2011-03-30 10:49 · Score: 1

Dunno how expensive dirt is where you live, but it's free here. :)
Ok, yes, personal certs were offered free by Thawte and - I think - even Verisign for a bit.

--
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Re:Comodo is quite lax on paperwork requirements by Lennie · 2011-03-30 21:36 · Score: 1

You can use the startssl-certs for websites too btw. Not just for mail.

--
New things are always on the horizon

new two-factor by Anonymous Coward · 2011-03-30 02:11 · Score: 0

"rolling out a new two factor authentication system"? It's indefensible that they didn't use two factors since day one.

(Or, did they use RSA SecurId and they're replacing it with something that hasn't been compromised?)

Re:new two-factor by LordLimecat · 2011-03-30 02:26 · Score: 1

SecurID wasnt compromised, RSA was. Apparently the breach had no effect on the security of the dongles, according to RSA (and I havent seen any report to the contrary).
Re:new two-factor by Anonymous Coward · 2011-03-30 04:00 · Score: 1

http://en.wikipedia.org/wiki/SecurID#March_2011_system_compromise

In a March 21 email to customers, RSA essentially admitted that the information stolen from their internal network would allow an attacker to compromise a SecurID-protected system without having physical possession of the token:
"7. Have my SecurID token records been taken?
For the security of our customers, we are not releasing any additional information about what was taken. It is more important to understand all the critical components of the RSA SecurID solution.
To compromise any RSA SecurID deployment, the attacker needs to possess multiple pieces of information about the token, the customer, the individual users and their PINs. Some of this information is never held by RSA and is controlled only by the customer. In order to mount a successful attack, someone would need to have possession of all this information."

Barring a fatal weakness in the cryptographic implementation of the tokencode generation algorithm (which is unlikely, since it involves the simple and direct application of the extensively scrutinized AES-128 block cipher), the only circumstance under which an attacker could mount a successful attack having only information about (but not physical possession of) the token, is if the token seed records had been leaked. This is very strong evidence that the token seed records have in fact been stolen.

Let me google that for you by doomy · 2011-03-30 02:12 · Score: 1

Well, apparently Comodo systems are so secure that they are hacker proof.

--
...free your source and the rest would follow...

Re:Let me google that for you by Lennie · 2011-03-30 04:03 · Score: 1

Maybe Comodo is, but not their 'resellers'

--
New things are always on the horizon
Re:Let me google that for you by kumanopuusan · 2011-03-30 05:17 · Score: 1

Yeah, I think they bought dog curtains.

--
Use of the words "good", "bad" or "evil" is almost invariably the result of oversimplification.

Permanent Solution by Anonymous Coward · 2011-03-30 02:17 · Score: 0

Go into your browser's list of certificate authorities and disable/delete all the certificates listed for Comodo. Problem solved. If you run into a Comodo cert in the wild, just contact that website and tell them they need to buy a cert from a different authority.

If you are a website that uses their certs, replace them with certs from another authority and never look back.

And yet my pgp key from 1994... by Anonymous Coward · 2011-03-30 02:30 · Score: 0

Glad my pgp key from 1994 isn't compromised. Oh that's right I managed it myself.

Meaningless by ugen · 2011-03-30 02:33 · Score: 3, Insightful

The system of "certificate authority" on which SSL security ostensibly relies, has deteriorate to an essentially meaningless state.

This system is based primarily on trust. Trust requires at least a basic level of knowledge or understanding (this is a crucial difference between "trust" and "faith" :) ).

If you have not taken a look at your browser's "trusted certificate authority list" - now may be the time. I am a Firefox user, and I know that the list in Firefox contains numerous organizations with trustworthy names like "QuoVadis Limited", "TÜRKTRUST Elektronik Sertifika Hizmet Salaycs" and "XRamp Global Certification Authority". Do you know any of these companies? Do you personally have any reason to trust in their judgment, honesty or integrity?

For each company Firefox web site holds a document by some accounting firm (like the KPMG which has proven itself untrustworthy and unreliable even in matters of finance where they presumably have a clue) that purports to audit intentions and pracitces of said company wrt. issuance of said certificates. To put it simply that's worth as much as their audit of Lehman Brothers.

Bottom line - your browser essentially allows a random selection of highest bidders or politically connected entities to define what web sites are, in turn, to be trusted. It's pointless and there is little reason to believe that anything that say, sign or claim has any value whatsoever beyond the level of background noise.

Treat SSL the way you treat SSH - save specific certificates for sites, and watch for unexpected changes. Regardless of what the certificate or the "green location bar" say, don't trust them further than you can throw them.

Re:Meaningless by airjrdn · 2011-03-30 04:20 · Score: 1

Mod parent up. This isn't my area of expertise, but I did raise an eyebrow when I saw the "TÜRKTRUST" entry. I was glad to see someone else question it.

--

My Tech Posts on Twitter
Re:Meaningless by St.Creed · 2011-03-30 07:47 · Score: 1

They may be more trustworthy than Comodo or Verisign. Problem is, you can't tell.

--
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
Re:Meaningless by luizd · 2011-03-30 11:55 · Score: 1

That's the point! Just forget about omnipotent CAs. SSL certificates should be something like PGP. The trustness of it will be the result of a web of trust WOT. This would be very cool to see big companies doing campaign: sign my cert and get a discount/bonus/etc!

more info by Anonymous Coward · 2011-03-30 02:41 · Score: 0

The hacker has some interesting things to say: on twitter (the account seems pretty damn legit)

Drop them by medoc · 2011-03-30 02:50 · Score: 1

They are hopeless and should be dropped from the trust lists in browsers. Watching them go out of business will be a useful remainder to the remaining ones that they should work a little not just take the money.

Why does anyone care about the Comodos? by Anonymous Coward · 2011-03-30 03:28 · Score: 0

They totally went downhill after Lionel Richie left.

How do you do that in Firefox? by ArsenneLupin · 2011-03-30 03:30 · Score: 1

The UI let's me delete "Built-in tokens", but if I then leave and re-enter the list, there they are again!

Re:How do you do that in Firefox? by DriedClexler · 2011-03-30 04:32 · Score: 1

Oh, I don't actually know how to do it, I was just trying to sound elite.
Some of the other posters on this topic are giving more specific instructions, give them a try.

--
Information theory is life. The rest is just the KL divergence.
Re:How do you do that in Firefox? by Anonymous Coward · 2011-03-30 05:41 · Score: 0

If you "delete" them and they reappear (they're loaded from a binary, a DLL on windows), firefox unchecks everything under what the certificate is allowed to authenthicate (look under Edit Trust), so in essence it is distrusted and cannot validate anything anymore.

But what does it all mean!?! by herojig · 2011-03-30 03:58 · Score: 1

I looked in my certificate bag in FF, and I got all kinds of Comodos there. What does that mean exactly to me, my personal data, and my small biz? thx!!!

--
I think therefore I can't be ~TTNH

A SIMPLER solution for END USERS (HOSTS) by Anonymous Coward · 2011-03-30 03:59 · Score: 0

HOSTS file users can bypass using DNS altogether & let END USERS especially be:

---

1.) Safe(r)

2.) Faster

3.) More 'secure/anonymous' online

4.) SAVE MONEY/COIN$/DEAD-PRE$IDENT$

& more, FOR FREE! no less, & you already have one!

---

(ALL THAT, & far more (see url below) via hardcodes of your fav. sites in your HOSTS file, which makes you faster, offloads DNS servers (which even DNS admins of them MIGHT love even), & keeps you OFF their "DNS Request Logs" too (security/anonymity part)).

FOR an "end user" though? They make SURE, or can (via hardcodes of your fav. sites into HOSTS) you get to where you wanted to, legitimately, even IF DNS servers you use are compromised (say via DNS poisoning), & faster, or even if the DNS is down.

How? See above... & more detail, ESPECIALLY vs. DNS faults, are in the URL below, IN GREAT DETAIL with backing facts/documentation from reputable sources!

The added benefit is, that IF you also blockout adbanners you get more speed (and security too, because they've been hit TONS of times (see below) with maliciously scripted adbanners))

The DNS system acts as an online Certificate Authority - being compromised thus as this article notes? Makes DNS the WEAK point in the chain here partially...

HOSTS make you avoid DNS if you wish & "do it right" per what I noted above.

For the "FULL GAMUT" of what HOSTS can do for you, & how/when/where/why/how? Refer to the post of mine "everyone here hates":

http://tech.slashdot.org/comments.pl?sid=2038142&cid=35493238

(lol, plenty of users do users here (10 or so I can rattle off & supply data for, in addition to mvps.org's 1,000's) & like them here though as well, + more & more over time the more they become aware of it)

Yes, & my posts DO help them on that note (especially if they are unaware of it)...

I post it for "the good" of the masses, NOT the profiteers that use "the art of good business is putting people together" (advertisers & webmasters, literally USING users this way)!

However, I truly suspect the ONLY people that REALLY "hate" HOSTS files are, imo & experience @ least:

---

1.) Malware makers

2.) Hacker/Crackers

3.) WebMasters

4.) Advertisers

---

WELL, to they, I can only say 1 thing: TOUGH COOKIES, & "The times they are a changin'"!

TO webmasters &/or advertisers:

Simply because more & more folks (and even the U.S. Military recently here http://yro.slashdot.org/comments.pl?sid=2039242&cid=35512150 are cutting out adbanners because they're a KNOWN bandwidth hog ( to gain back bandwidth taxpayers PAY for & for speed/performance purposes to aid the poor Japanese peoples) are "wising up" to the fact it's YOUR MONEY online & your SPEED that adbanners 'cut into'

To END USERS: (vs. malware makers/hackers-crackers)

It's your systems security, your data, your record even (being framed by a malware making YOU appear to be doing 'wrong' online etc.) + again, YOUR MONEY & BANDWIDTH YOU PAY FOR, after all!

A fool & his money are SOON parted, but online vs. adbanners...? SO IS YOUR BANDWIDTH & SECURITY nowadays, unless you do measures such as I note here now... & FAR MORE gains in the URL above (especially considering phones charge by bandwidth use, and so do many ISP/BSP's moving to it)... & so is your online time YOU PAY FOR OUT OF POCKET!

*Think about it!* & IF you're unaware of HOSTS file benefits for speed, security, & yes... even some "anonymity" vs. logs or DNSBL (DNS Block Lists)? HOSTS ARE "4U" & FREE (with many good sources for good ones, such as MVPS.ORG's -> http://www.mvps.org

Re:A SIMPLER solution for END USERS (HOSTS) by hairyfeet · 2011-03-30 04:31 · Score: 1

Poster is known malware writer and troll who is advocating slowing your machine to a crawl with a 15Mb HOSTS file which will ONLY stop static ad banners.
Much better solution is to simply blacklist the Comodo certs if you aren't on Windows, and if you are on Windows you should have already been given the cert blacklist update, checkable by going MMC...add snap in...certifications and looking under untrusted certificates. Funnily enough if one is using the Comodo browser Comodo Dragon this is also not a problem, as the extremely short TTL they use on certs had these certs dead just a couple of hours after the hack and before the attacker could use them.

--
ACs don't waste your time replying, your posts are never seen by me.

Resident Advisor Compromised? by Anonymous Coward · 2011-03-30 04:48 · Score: 0

How do the residents of the dorm building feel about one of it's Resident Advisors being compromised?

Remove in Firefox 4 by Anonymous Coward · 2011-03-30 05:27 · Score: 0

It's under the "Firefox" menu dropdown, "Options", "Options", "Advanced", "Encryption", "View Certificates". Select the certificate, and hit the "Delete or Distrust" button.

Goodby Comodo by Anonymous Coward · 2011-03-30 05:28 · Score: 0

That does it. I just went into my Firefox config, selected all of Comodo's certificates, and clicked "Distrust."

Fingers crossed by sharkey · 2011-03-30 05:39 · Score: 1

Hope it's the RAs from my freshman and junior years in college. Those guys were both dicks.

--

--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.

Two factor authentication is compromised by Anonymous Coward · 2011-03-30 06:24 · Score: 0

Well, considering that RSA's master seed file was found to be stolen last week, I'm not sure that "two-factor" authentication means anything.
http://www.readwriteweb.com/enterprise/2011/03/rsa-breach-an-attack-that-used.php

Re:Two factor authentication is compromised by NimbleSquirrel · 2011-03-30 07:06 · Score: 1

So they're rolling out a *new* two factor authentication system? That implies that there was an old one.... Was it RSA? Could the two events be linked?

Defense In Depth by Onymous+Coward · 2011-03-30 07:32 · Score: 1

However much you decide to trust the CAs your browser comes with, you can add some checks to the SSL validation process.

1. Check that others are seeing the same cert that you are.
2. Check that the cert for a site has been consistently what you're getting now.

Tools for this: Perspectives and Certificate Patrol.

Example details from Perspectives check of an HTTPS site
Brief blog entry on Certificate Patrol

Re:FACTS, vs. your libellous fictions & MORE.. by St.Creed · 2011-03-30 07:36 · Score: 1

Errrr... did you forget your medication or something?

--
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)

Are "ad hominem" attacks the "best you've got"? by Anonymous Coward · 2011-03-30 07:42 · Score: 0

"Errrr... did you forget your medication or something?" - by St.Creed (853824) on Wednesday March 30, @03:36PM (#35670160)

See subject-line above, & the posts I made before it please (as they utilize facts, vs. your trolling + ad hominem attacks)... Here:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35667576

and yes, here (vs. another troll I have destroyed before, & on this VERY topic no less & I list why I suspect he's doing it, but... well, I'll leave it @ that):

http://it.slashdot.org/comments.pl?sid=2061048&cid=35668740

---

NOW - Additionally/Lastly?

Care to show us your PHD in Psychiatry, your license to practice it, plus your years-to-decades of professional experience in it, AS WELL AS A FORMAL EXAMINATION OF MYSELF IN A PROFESSIONAL ENVIRONS you have?

I'd wager you have "none of the above"... but, we'll see.

APK

P.S.=> /. 'trolls', lol... Man, just "too, Too, TOO EASY - just '2EZ'" to dispatch & show for their "true colors" (transparent, & obvious)... lol! apk

Re:Are "ad hominem" attacks the "best you've got"? by St.Creed · 2011-03-30 08:25 · Score: 1, Offtopic

I don't need a degree in psychology to see you have issues.
You post (and respond to my post with) an incoherent and rambling post that looks like a "stream of consciousness" posting from a consciousness that isn't very coherent. That's a warning sign for trouble if ever I saw one. Especially the use of bold and capitals.
If you want people to actually read your post and take it serious, stop using weird interpunction, bold, and capitalization. Try to write a few coherent sentences with a start, an end, and an actual point.
For instance, you could have replied to me like this: "Hey, you're not a licensed psychiatrist so leave your comments somewhere else, 'kay?". That's short, concise and to the point. Your post... is not.

--
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)

20++ mod ups for my HOSTS file posts (+5 to +1) by Anonymous Coward · 2011-03-30 09:31 · Score: 0

Specifically on HOSTS from others here on /. & their thoughts on HOSTS files posts I have done + being rated well on them (since that is the topic I introduced here):

---

---

Chew on that as well as my other reply, hairyfeet... & "argue w/n the #'s", because, as per usual? You are OutThought, Ou

Re:20++ mod ups for my HOSTS file posts (+5 to +1) by hairyfeet · 2011-03-30 21:09 · Score: 1

Get some help Petey and once again correlation != causation, and you have to show your work because I'm not the one making outrageous claims If someone claims they can stretch their dick into a giant slingshot and shoot themselves to Scotland it is not the readers job to prove them wrong but the posters job to back that up with real proof, not an anecdote that says "well my cousin Joey saw me do it last Halloween!".
I have also shown repeatedly that at the absolute reported minimum number of new pieces of malweare and infections, which you are free to pick whichever reputable website you like Securina, MSFT's malware reports, AVG, which ever, that at an absolute minimum we are talking about 1.2 million sites PER DAY with that number changing by 15,000+ PER HOUR which means even if you typed at 1 IP address PER SECOND, and never slept, and had a perfect list (which doesn't exist) you would be 14 days behind by the very first day with that number growing linearly every single day, making Petey farther and farther behind.
But if you weren't completely batshit insane Petey I wouldn't have to explain this, because this is why everyone makes fun of you. It is so obvious it is like someone arguing gravity is actually invisible pants gnomes trying to steal your underwear. It is the classic "default allow" which has NEVER EVER worked. Because if a piece of malware isn't in magical HOPES file Petey you are royally fucked, and yet again I have shown that it is simply a roll of the dice whether you get creamed or not, simply because you will always be behind. So it is all on you Petey and your magical HOPES woobie now. You made the extravagant claims, back them up with the math. If you can't? Well then you are full of shit, case closed. Notice how ALL YOU CAN DO PETEY is throw insults and trollbomb? Why is that? I'll tell you why, because math doesn't lie and you just can't show the math You just can't, it would be like trying to mathematically prove you are not an idiot. It just can't be done.

--
ACs don't waste your time replying, your posts are never seen by me.

You fail to account for removals, LMAO! by Anonymous Coward · 2011-03-31 05:18 · Score: 0

"I'm not the one making outrageous claims" - by hairyfeet (841228) on Thursday March 31, @05:09AM (#35675892)

What's "outrageous" about 20 mod ups I can literally SHOW (see again below, for YOUR reference) that people on this website, one of the "top rated" tech sites there is, see here: http://www.topsite.com/best/tech , gave me on HOSTS files benefits?

Answer that... I use concrete data anyone can verify, unlike yourself!

---

"1.2 million sites PER DAY with that number changing by 15,000+ PER HOUR" - by hairyfeet (841228) on Thursday March 31, @05:09AM (#35675892)

Ahem: You're NOT accounting for the fact that many get removed, because the IP based ones (the ONLY ones I pull, static IP addressed ones, not domain/host name based, those are "recyclable") get downed. I also have to pull ones that validly cleanup too.

(This shows how much YOU know... lol, ALL YOU KNOW, is what you get off the web... & that' it, apparently - figures: You're from, lol, "ITT Tech"!)

Anyhow - I pick them up here automagically & en-masse, every 20 minutes & consolidate them (after the programs do the cleaning of them out of b.s. characters & such that many hosts providers make)!

It's doing so, even right now as I am writing this!

(All via the program(s) I wrote to do that very thing), lol... not raising a finger to do so (not once the program(s) were written).

I knew they were coming F A S T (much faster now than say, back in 2004, when they REALLY started coming faster), so, I automated it.

See - I can do that, I code... you don't.

I even have started another set of them, albeit this time done in Python this time so we can automate it from the web, my next project that's upcoming in fact once this is done & we setup a server for it!

(Co-writing that entire scenario with my nephew, who like myself, actually HAS actual programming experience & degrees in the computer sciences (since he is a senior in the CIS curriculum, with a computer security concentration no less, @ RIT (a prestigious school no less)), again, unlike yourself... "ITT Tech Boy", lol!)

---

"which means even if you typed at 1 IP address PER SECOND, and never slept, and had a perfect list (which doesn't exist) you would be 14 days behind by the very first day with that number growing linearly every single day, making Petey farther and farther behind." - by hairyfeet (841228) on Thursday March 31, @05:09AM (#35675892)

See above, I don't "type them in", you ITT Tech mere "techie", lol...

---

"But if you weren't completely batshit insane" - by hairyfeet (841228) on Thursday March 31, @05:09AM (#35675892)

LOL, care to show us your PHD in Psychiatry, your years-to-decades of professional experience, and license to practice (as well as a formal examination of myself in professional environs) that gives you the right to libel myself on that basis?

Oh, that's right: YOU HAVE "NONE OF THE ABOVE"... lol!

---

"Petey I wouldn't have to explain this, because this is why everyone makes fun of you." - by hairyfeet (841228) on Thursday March 31, @05:09AM (#35675892)

Funny, but if being "modded up" for what HOSTS files can do for you is "making fun of me"? I'll take it, gladly, see below again, for your reference:

---

HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1461288&cid=30273506
HOSTS FILE MOD UP FOR ANDROID MALWARE -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952
HOSTS MOD UP -> http://yro.sl

Oh, & on "math"? LMAO! by Anonymous Coward · 2011-03-31 05:50 · Score: 0

"You made the extravagant claims, back them up with the math" - by hairyfeet (841228) on Thursday March 31, @05:09AM (#35675892)

Here, I am GUARANTEED 100% protected now currently vs. 944,397 KNOWN BAD SITES/SERVERS (C&C & other types) that these hacker/crackers use, & because of a HOSTS file...

Can YOU say the same? No, certainly not. See below!

(Especially about the tools you "merely use" like the "trained chimp" (lol) that you are, as a mere TECHIE, "ITT Tech Boy"... lmao!)

Proof? Ok:

---

MULTIPLE EVIDENCES OF ANTIVIRUS &/or ANTISPYWARE PROGRAM FAILURES + SHORTCOMINGS:

http://www.theregister.co.uk/2007/12/04/win_2000_virus_tests/

http://www.securityfocus.com/infocus/1839

http://it.slashdot.org/it/08/11/07/1545238.shtml

---

From COMPLETELY VALID & RESPECTED SOURCES no less, as is per my usual!

APK

P.S.=> Hairyfeet: You came in here, as per your usual, libelling me & trolling me, OFF TOPIC as usual -> http://it.slashdot.org/comments.pl?sid=2061048&cid=35667932

& got yourself SHOT DOWN IN FLAMES on each "so-called point" you tried making, lol!

Why? Because unlike yourself, I am MORE than able to "run with the best"...

People like Dr. Mark Russinovich, who has also been called a "malware maker" unfairly as I have been, of which I showed the source in CA are a pack of criminals (busted for accounting fraud).

(Yes, that's right - ask him yourself! Dr. Mark Russinovich of MS, whose work I have even corrected before AND HAD TO TELL HIM how/when/where/why to do so no less, & yes, I have even gotten the best of in technical debates as well @ Windows IT Pro forums, shown in the URL above no less)...

We used to do work for the SAME company ITT Tech Boy... have you worked with the likes of he as a peer? No!

Suggestion: Get a better education than "ITT Tech" (you need it if you're going to try to "get the better of me" which to date, despite your constant trolling of myself, you have YET to do, and you never will - you aren't intelligent or educated enough to do so, period!).

Heck, on security, especially for the most attacked OS family there is, because it's MOST USED? For guides, I wrote the VERY FIRST ONE, highly rated no less, for Windows NT-based OS out there back in 1997-2001 in that edition:

PROOF:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text [neowin.net]

So, you're trolling a "source"/authority on the subject, & for more than 14++ yrs. now no less, per what others have done with my posts on that subject (see below, across 15/20 forums currently & more from the past) right here...

That's from 2001, but the original they took it from was from 1998 @ NTCompatible.com!

(more comprehensive by far, & for more current MS OS'):

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

At over 300,000++ views strong (actually near 400,000++ because 1 site it was on 'went down' & had 75,000++ views more than 1 yr. back in fact), that's usually:

---

1.) Made an "Essential Guide"

2.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID)

3.) Is in their TOP 10-20 MOST viewed posts

4.) Is usually 5

LOL, the "icing on the ITT Tech Boy's cake"! by Anonymous Coward · 2011-03-31 07:09 · Score: 0

"HOSTS file which will ONLY stop static ad banners." - by hairyfeet (841228) on Wednesday March 30, @12:31PM (#35667932)

Uhm, hey "ITT Tech Boy"? WRONG!

HILARIOUS - You have it "in reverse"... lol!

HOSTS stop DYNAMICALLY ADDRESSED AD BANNERS dumbo... the ones done by URL/hostname/domainname...

(IP Address based ones, STATIC IP ADDRESSED, are not stoppable by HOSTS files, stupid!)

That's WHY malware makers online use domain/host names more... they PAY FOR THEM, & recycle them too (down them temporarily, or forcibly from authorities, but they can re-use them again - which is what has been LITERALLY SEEN by the RBN, & currently by the ZEUS & SPYEYE botnets!)

Man - you're STUPID... worst part is, you came in here trolling & libelling me? You blew it on that too, and THE ABOVE!

Remember: This is /., one of the TOP RATED tech sites there is... people are watching, & WATCHING ME, "shoot you down", & easily (based on your screwups like the above).

APK

P.S.=> Parents - BASED ON "ITT Tech Boy" Pwuffesuh HaiwyPheet's POOR SHOWING ABOVE?

DO NOT SEND YOUR KIDS TO ITT TECH!

(Nothing against ITT Tech though really... just against idiots that *THINK* they "know what they're doing", like Hairyfeet, lol! Or, does the above show otherwise?)... ak

Part of WHY hairyfeet's libelling me, lol, inside by Anonymous Coward · 2011-03-31 07:29 · Score: 0

This is HILARIOUS! Hairyfeet, the "big talker", online stalker, & LIBELLER, sure "shows his stuff" here too:

How so? By attempting to rip others' work that he's NEVER done himself, but he sure "talks a big game" here:

http://slashdot.org/comments.pl?sid=2029850&cid=35450222

He says "automating McDonalds would be 'easy'" but he's NEVER DONE THAT... I have (one of the programmers for them, Boston Market, & Burger King's "bump bar" system).

Top that off with his stupidity in THIS VERY THREAD (and yes, others, so he cannot say it's a mistake) on STATICALLY ADDRESSED adbanners vs. DYNAMICALLY ADDRESSED adbanners, here:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35681060

(You SURE you want to keep stalking, trolling, & LIBELLING me, hairyfeet? There's more where these 2 came from... plenty more, lol!)

APK

P.S.=> Just "too, Too, TOO EASY - just '2EZ'", but then again? "Pwuffesuh HaiwyPheet" is only an "ITT Tech Boy" techie... lol! apk

2 reasons WHY hairyfeet's libelling me (hilarious) by Anonymous Coward · 2011-03-31 07:33 · Score: 0

http://it.slashdot.org/comments.pl?sid=2061048&cid=35681060

(Hairyfeet's SUCH a dumbass, he doesn't know the diff. between STATICALLY ADDRESS IP BASED banners & DYNAMICALLY ADDRESSED ONES using host/domain names!)

LOL, I mean, ok - listen to his b.s. ALL YOU WANT, but only AFTER you read the URL from this website above, lol!

(He sure is a "big talker" though, isn't he? Ripping others' work but he can't show he's done better... & he CERTAINLY SHOWED he is a fuckup in his "tech know-how" above!)

Another instance of his "big talking b.s." is here:

http://slashdot.org/comments.pl?sid=2029850&cid=35450222

He says "automating McDonalds would be 'easy'" but he's NEVER DONE THAT... I have (one of the programmers for them, Boston Market, & Burger King's "bump bar" system).

APK

P.S.=> Just "too, Too, TOO EASY - just '2EZ'", but then again? "Pwuffesuh HaiwyPheet" is only an "ITT Tech Boy" techie... lol! apk

Hairyfeet, try being THOROUGH too, ok? apk by Anonymous Coward · 2011-03-31 10:01 · Score: 0

See SUBJECT-LINE ABOVE, first:

"Much better solution is to simply blacklist the Comodo certs if you aren't on Windows, and if you are on Windows you should have already been given the cert blacklist update" - by hairyfeet (841228) on Wednesday March 30, @12:31PM (#35667932)

Second? POST A LINK NEXT TIME, ITT Tech Boy!

In fact, THAT is one of your "other problems" in most of your posts here!

I.E./E.G. - You RARELY backup what you state, & don't give enough detail or locations of fixes! You're no expert, and you've NEVER even accomplished a FRACTION of what I have shown I have in this exchange in response to your trolling & libelling myself.

(Even I back myself up - it pays off, & validates your words)

I'll do it for you, since you omit detail & are RARELY complete:

---

Here is/are the fix(es), from MS, directly, & by Operating System type:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=2a2e5a30-bd96-4dc6-9c45-7eac1b4e0ad8

("Get them while they're HOT" - because they'll be "forced off the page" to the next one (not a HUGE problem, but worth being thorough & noting, imo @ least!)).

---

"checkable by going MMC...add snap in...certifications and looking under untrusted certificates." - by hairyfeet (841228) on Wednesday March 30, @12:31PM (#35667932)

That's "a way", & a valid one (for once out of you, lol)... I will "give credit where it's due", YES, even to YOU..

HOWEVER, I would like to see the person I replied to's take on HOSTS usage, and some more detail via discussion w/ he on HIS method... as it too, like MY method (which you NEVER SAID WILL NOT WORK, because it does, AND, that I posted a reputable source to a GOOD HOSTS FILE FOR, unlike you)?

Sounds pretty good!

YES - I am fair, & give credit WHEN it's due!

---

Even though you tried these trolling & libelling me here & trolling me, 1st:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35667932

---

Which I then "shot you down" here for, 'point-by-point' & INVALIDATED your CRIMINAL SOURCES (yes, really criminal in both Computer Associates & Arstechnica):

http://it.slashdot.org/comments.pl?sid=2061048&cid=35668740

---

AND, where I shot you down even further for trolling me, by pointing out your screwups in the past & big mouth (saying how "easy it is to automate McDonalds" when "the likes of YOU" haven't ever even DONE such a job & I HAVE):

http://it.slashdot.org/comments.pl?sid=2061048&cid=35681430

---

ALSO, where you FAIL on REMOVALS LESSENING THE # OF KNOWN BAD SITES/SERVERS & WHY (on accounting for the removals of "bad sites" because they DO get cleaned up, OR go down (sometimes only TEMPORARILY, domain name based ones)):

http://it.slashdot.org/comments.pl?sid=2061048&cid=35679634

---

ADDITIONALLY where I show the "tools you merely USE" techie user (ITT TECH BOY, lol) are NOT perfect & are shown FAULTY (just like you much of the time, shown above here no less):

http://it.slashdot.org/comments.pl?sid=2061048&cid=35679938

---

LASTLY (& this one "takes the cake" & LITERALLY IS THE "ICING ON THE CAKE" here for your trolling & libeling me here first?) Here:

Slow U to a CRAWL? Stop DNSClient service by Anonymous Coward · 2011-03-31 18:33 · Score: 0

Which one of "Dumb & DUMBER" are you? Jim Carrey OR Jeff Daniels??

Because you keep posting DUMBER AND DUMBER mistakes noob. To wit:

"who is advocating slowing your machine to a crawl with a 15Mb - by hairyfeet (841228) on Wednesday March 30, @12:31PM (#35667932)

You had best "Brush Up" on your basic services and IP know how, because even mvps.org notes that you HAVE TO STOP YOUR LOCAL DNS CACHING CLIENT with larger HOSTS files.

See here -> http://www.mvps.org/winhelp2002/hosts.htm

PERTINENT QUOTE/EXCERPT:

---

Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine.

To resolve this issue (manually) open the "Services Editor"

Start | Run (type) "services.msc" (no quotes)

Scroll down to "DNS Client", Right-click and select: Properties - click Stop

Click the drop-down arrow for "Startup type"
Select: Manual (recommended) or Disabled click Apply/Ok and restart. [more info]

When set to Manual you can see that the above "Service" is not needed

---

This entire exchange you brought on yourself is only caused by your OWN stupidity & ignorance technically, and for your stalking, trolling, & libelling of myself here.

Thanks though, hairyfeet... In the past, I have WARNED you, even NICELY before, not to troll, stalk & harass me here, but you never stop!

Well, now you paid for it... you like?

This time you libelled me and fell on your ASS the entire way here:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35668740

and here where you f' up on how malware works and removing bad sites:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35679634

and here with your "math" & tools you use being shown as not 100% effective even though you said they were before:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35679938

and here ON STATIC vs. DYNAMIC banners (which is as bad as your screwup here - VERY NOOB, lol!):

http://it.slashdot.org/comments.pl?sid=2061048&cid=35681060

and, here showing your motivations (geek angst at my beating you to pulp before technically after you trolled me yet again) AND why you tried to troll ME when you stalked me here and also many other times first:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35681500

and here on your incomplete information based posts:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35683280

AND of course, THIS screwup on the "slow your machine to a crawl" dumb ass

( LOL... & you CLAIM you know Windows?)

LMAO!

B.S. - this entire exchange here proves QUITE otherwise, & you mostly did it to yourself.

---

LOL, man... THAT's what YOU GET, for trying to libel me, and I turned that over as I always do, with SOLID verifiable facts (right after you came in here libelling myself):

http://it.slashdot.org/comments.pl?sid=2061048&cid=35668740

You only did this, to yourself... "sow the wind - reap the whirlwind" chump.

APK

P.S.=> OH, & of course, as is per my usual? I also showed your "opinion" of HOSTS files (which you never said did NOT work as I stated) is outnumbered 20++:1 with modded up posts I have done here, 1 of the TOP TECH S

HAIRYFEET 2nd BLUNDER ON MATH (a lie) by Anonymous Coward · 2011-03-31 20:18 · Score: 0

"HOSTS file can scale against a threat of over 1.3 MILLION infected sites with more than 200,000 being added or removed PER DAY has refused to show proof and instead throws insults." - by hairyfeet (841228) on Thursday December 30, @05:50PM (#34715872)

FROM -> http://slashdot.org/comments.pl?sid=1930156&cid=34715872

Hmmmm... 200,000 a day not long ago, vs. today's "SUDDEN DAILY INCREASE" below? Man, lol (his lie caught):

"at an absolute minimum we are talking about 1.2 million sites PER DAY" - by hairyfeet (841228) on Thursday March 31, @05:09AM (#35675892)

From this post today... lol!

Gosh - "EXAGGERATING A BIT ARE WE, HAIRYFEET?"

You said something about MATH?

Ok - LOL: 200,000 != 1.2 million per day!

(Yea, lol... just a "wee bit" (like many orders of magnitude, vs. what you USED to say not long ago THIS YEAR no less. Man - the magnitude of your screwups & lies is increasing just like your bloating figures has...)).

APK

P.S.=> Yes, "The reports of my death are greatly exaggerated" - Mark Twain, but... somehow, lol?

However - I don't THINK the ones for hairyfeet here will be, not after this!

(He "killed" himself with yet another LIE, in addition to the libel he tried to say about me here starting this WHOLE fiasco here on downwards in this exchange -> http://it.slashdot.org/comments.pl?sid=2061048&cid=35667932 and I disproved & vindicated myself of them, here -> http://it.slashdot.org/comments.pl?sid=2061048&cid=35668740 & more! Poor wittle "Pwuffesuh HaiwyPheet of 'ITT Tech'", lol! )... apk

LOL, hairyfeet MADE SAME MISTAKE BEFORE HERE! by Anonymous Coward · 2011-03-31 20:28 · Score: 0

"Not to mention on any machine before Vista it will seriously slow down the machine" - by hairyfeet (841228) on Thursday December 30, @06:50PM (#34715872)

LOL, yup... more STUPID mistakes on things even a NOOB knows about Windows DNS local client cache service, topping off what I originally posted before, here in this regards & hairyfeet screwing it up HERE, too:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35686054

Because MOST techies even? Not even going as high up as network admins?? KNOW THAT IF YOU TURN OFF THE LOCAL DNS CLIENT CACHE IN WINDOWS, you get no such slowdown (only with relatively "largish" (relative term) HOSTS files)...

(And Hairyfeet came in here "acting the great tech" & elsewhere ALL OVER /.? Puh-leese!)

APK

P.S.=> Talk about NOT LEARNING FROM YOUR MISTAKES... & that it is a HUGE mistake to try to libel, stalk, & TROLL me as he has here on downward in this thread -> http://it.slashdot.org/comments.pl?sid=2061048&cid=35667576 ... apk

What's THIS? Others @ /. have SUCCESS w/ HOSTS? by Anonymous Coward · 2011-03-31 20:36 · Score: 0

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

LOL, & the FUNNIEST part is, that post of mine? IT was modded up, and vs. HAIRYFEET too!

(Talk about your "past haunting you"... lol!)

APK

P.S.=> Running you into the GROUND hairyfeet... so, again, please (For your OWN good):

You're NOT IN MY LEAGUE - & do NOT ever stalk, troll, & LIBEL me here again, or this thread and ALL your mistakes in it will BURY you (and, you only did THAT to yourself, from here http://it.slashdot.org/comments.pl?sid=2061048&cid=35667576 on downward in this thread, only to your own dismay (for libelling me here and also, thank you, vindicating me @ the same time as well http://it.slashdot.org/comments.pl?sid=2061048&cid=35668740 ) - funny how you RAN & stopped posting when I started "firing back", eh?)... apk

Proof HAIRYFEET stalks & trolls me on HOSTS by Anonymous Coward · 2011-03-31 20:44 · Score: 0

http://it.slashdot.org/comments.pl?sid=1916240&cid=34607794

Hairyfeet started it, trolling & stalking me there too like he did here, w/ out provocation (funny how COMODO came up again THERE also, eh? What - do you WORK for them as some "paid shill", or what??)

APK

P.S.=> Again - YOU shouldn't have come in here libelling & trolling me hairyfeet... from here on down -> http://it.slashdot.org/comments.pl?sid=2061048&cid=35667576 I have ROYALLY "pwnd" YOU, yet again... & as per your usual? Well - you only brought it on yourself! apk

LOL, NOT Again: Hairyfeet "Changes his MATH" 3x by Anonymous Coward · 2011-03-31 21:02 · Score: 0

"All a HOSTS file does is put you in an endless race with malware writers, which since you are looking at around 100,000 new pieces of nasty a week, and around 2000-3000 infected websites, which changes constantly?" - by hairyfeet (841228) on Thursday March 31, @05:09AM (#35675892)

What is this? The "New Math" they're supposedly teaching elementary school kids??

LOL - @ least you're consistent (consistently a LIAR, because that's NOT what you claim in this thread here -> where that number got MASSIVELY higher, yet again, for the 3rd time now than what you originally said!)

LMAO - YOU CHANGED IT YET AGAIN, for the 3rd time now in the SAME year (I can probably find more too!)!

"1.2 million sites PER DAY with that number changing by 15,000+ PER HOUR" - by hairyfeet (841228) on Thursday March 31, @05:09AM (#35675892)

See here -> http://it.slashdot.org/comments.pl?sid=2061048&cid=35679634

ROTFLMAO - Next time you try THIS avenue of "attack" (which failed due to your LIES & exaggerations) it will be -> "3 Strikes YOU'RE OUT!"

APK

P.S.=> Boy, are YOU stupid... & don't ever TROLL & LIBEL me as you have here or elsewhere REPEATEDLY on this website's forums, NOT ever again, understand? That is, unless you want this entire exchange to be posted to HUMLIATE THE HELL OUT OF YOU, yet again... & above all else, based on your math - don't try to be a mathematician "ITT Tech BOY"... it's FAR from your "Strong Suit" alongside intelligence... lol! apk

Tell us about math not lying (BUT YOU SURE DO) by Anonymous Coward · 2011-03-31 21:18 · Score: 0

"That is the nice thing about math, it doesn't lie or believe in anecdotes." - by hairyfeet (841228) on Saturday January 01, @06:56PM (#34733612)

LOL, ok... SURE: Now, math may not lie, but YOU SURE DO, see below for proof of that, MULTIPLE TIMES OUTTA YOU (because you change your 'figures' with the wind it seems, lmao):

See here: http://it.slashdot.org/comments.pl?sid=2061048&cid=35686444

and here: http://it.slashdot.org/comments.pl?sid=2061048&cid=35686566

AND, lastly? Yes here yet again, shown above!

(There's REAL math, & then, there's LIARS math like hairyfeet uses!)

Here's some MATH for you I "think* you can handle (let's hope @ least, right?):

"3 strikes - YOU'RE OUT!

So - a QUESTION - Can you @ least COUNT TO 3?

(Because you sure don't live up to your words quoted above, vs. all the times I caught you "fudging figures" above in those URL's here, and yes, in the past, in regards to HOSTS files (where you always troll & stalk me on them - also shown in this thread for "proof thereof" -> http://it.slashdot.org/comments.pl?sid=2061048&cid=35686508 )).

(LOL, knocked the "F" out, as per usual, vs. myself!)

APK

P.S.=> You'd be a shitty salesman - Why? Because, you'd get caught fudging figures as you have constantly whenever you troll & stalk me on HOSTS files... as I show you CLEARLY do many times here (see above for proofs from many posts of mine you've hijacked & lost the same way on math & FAR MORE), & where ALWAYS start it first as you have here also yet again! apk

LMAO - Hairyfeet's "VIRUS THEORY" shot down by Anonymous Coward · 2011-03-31 21:42 · Score: 0

http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834

Like I said there, "Pwuffesuh HaiwyPheet": How on EARTH can viruses/malware affect me, WHEN I NEVER GET THEM AT ALL? So much for your "virus theory", eh?? LMAO!

Man - Even other slashdotters who uses HOSTS (and layered security of course) agree & find the same:

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122

APK

P.S.=> After that, I need to ask you a question:

WHAT IS IT LIKE BEING SYSTEMATICALLY "DISSECTED & DESTROYED" LIKE THE STALKING/TROLLING/LIBELLING INSECT YOU ARE, FROM HERE ON DOWN HERE -> http://it.slashdot.org/comments.pl?sid=2061048&cid=35667576 AFTER YOU LIBELLED ME AND WHERE I PROVE THAT FROM YOU WRONG AS WELL WITH DOCUMENTED FACTS -> http://it.slashdot.org/comments.pl?sid=2061048&cid=35668740 ?)....

"Inquiring minds WANT to know"... lol! apk

User tells hairyfeet APK is RIGHT?? LMAO! by Anonymous Coward · 2011-03-31 21:52 · Score: 0

http://slashdot.org/comments.pl?sid=1930156&cid=34718190

PERTINENT QUOTE/EXCERPT:

"APK might be a known troll, but you can't totally discount a lot of what he says." - by Anonymous Coward on Thursday December 30, @09:33PM (#34717990)
and
"That's the most frustrating thing about him. He's actually right." - by Anonymous Coward on Thursday December 30, @09:33PM (#34717990)

AND THE GUY CALLED ME AN ASSHOLE @ FIRST TOO:

"People like APK are assholes, to be sure." - by Anonymous Coward on Thursday December 30, @09:33PM (#34717990)

HOWEVER - HE later admitted he was only "placating you" on that note (ala "disarm trolls gently" written my Dr. David Burns -> http://www.google.com/search?hl=en&q=%22Disarm+Trolls+Gently%22&btnG=Search ) here:

http://slashdot.org/comments.pl?sid=1930156&cid=34718290

Recanting that... & WHY:

"To be honest, I was saying that mainly to appeal to hairyfeet. To try and get on his level and reason with him. I don't personally think you're an asshole at all. But sometimes you have to say these things to communicate on the same level as someone like hairyfeet. I hope it is clear?" by Anonymous Coward on Thursday December 30, @11:10PM (#34718290)

Hope you're happy now Hairyfeet...it's PROOF folks have to step "DOWN TO YOUR LEVEL" & placate you, just to get you to stop trolling/stalking me here!

APK

P.S.=> Remember hairyfeet: YOU STARTED IT HERE, and many other spots any time I post on hosts almost... you brought this ALL from here on down, on yourself, by yourself ->

Reg user says same today about hairyfeet? LOL! by Anonymous Coward · 2011-03-31 22:19 · Score: 0

http://slashdot.org/comments.pl?sid=2063786&cid=35686790

(NOT AN AC THIS TIME, but a registered user instead!)

---

LOL, the "infamous they" and iirc, EINSTEIN too, say/said respectively, that "repeating the same mistake over & over again is insanity"...

Well, how many times have I shown hairyfeet stalks me in this thread, & trolls me, + LIBELS me (over HOSTS files mostly no less, everytime, many times)?

AND HE SAID THIS LIBELLOUS THING ABOUT ME, CALLING ME "batshit insane" (along with many other lies too earlier)?

But if you weren't completely batshit insane" - by hairyfeet (841228) on Thursday March 31, @05:09AM (#35675892)

Please... lol! See above...

APK

P.S.=> Somehow, I do NOT think hairyfeet will ever stalk, troll, or LIBEL me ever again... not after this from here down where, as usual, he "starts up with me" on HOSTS files to his OWN dismay, hugely:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35667576

After all, as anyone can see? He "disappeared" long ago! apk

Opera and the COMODO CA by Anonymous Coward · 2011-04-01 07:07 · Score: 0

People are complaining about difficulties disallowing COMODO certificates.

It seems to be simpler with Opera (on Windows, anyway)

Tools > Preferences > Advanced > Security > Manage Certificates > Authorities
Select "COMODO Certification Authority"
View

Either uncheck "Allow connections to sites using this certificate"
or check "Warn me before using this certificate"
OK OK OK

Whether this works or persists after an update is yet to be determined.
--
The internet has no garbage collection.

Jeremy Reimer & Arstech impersonate me... apk by Anonymous Coward · 2011-04-01 08:07 · Score: 0

Jeremy Reimer had to PUBLICLY ADMIT he impersonated me on his own personal forums as well. A quote:

"Anyway the "APK" registered here is just an affectionate clone of the original. In fact I prefer him to the original." - Jeremy Reimer - March 25, 2005

FROM -> http://tech.slashdot.org/comments.pl?sid=1300193&cid=28685295

He's a "BattleFront" forums mod (or was, and wrote articles for them (spitting back what others already did which he plagiarized (e.g.-> On GUI history, Doug Englebart)))) but, not anymore - that DESTROYED him, badly.

(So, that "all said & aside": If HE impersonated me... don't you THINK that the rest of ars did in YOUR "sources" too? Yes, they did... so much for your "sources").

He also had LARGE portions of his website removed (only to move to a new one to try it again) & then his ISP/BSP (Shaw.ca - emails available on request to anyone who asks) put him on a tracking ticket & caught + stopped his email harassment of myself & his libel (childish edited photos of myself) & his "partner in crime" Jay Little had his ENTIRE WEBSITES ousted from CrystalTech.com AND petitiononline.com, where he made DEATH THREATS TO ME!

All because he came into Windows IT Pro with Reimer, stalking me there (after I NICELY asked Reimer to remove the libellous data noted above, which he @ first refused to do but was FORCED to be his ISP/BSP, hosting provider, AND a Det. Felton of BC Canada where he lives).

Jay Little came into Windows IT Pro forums saying, literally verbatim:

"I AM AN EXPERT ON EXCHANGE SERVER"

Apparently NOT that good of one, because I had to point out that Memory Optimizers STOP 32-bit EXCHANGE from lagging, & then freezing + halting, w/ sources from Microsoft themselves (I authored the VERY 1st one of those, many imitations later, & MS did the 1st console mode one, in clearmem.exe (defintion of purpose is FREE RAM)).

He stalked me to NTCompatible.com as well after humiliating himself, & was banned for stalking me + put away SO BADLY even another arstechnican, DosFreak (a pal of mine online for decades) even told him he was WRONG about IRQL_DRIVER_NOT_LESS_THAN_OR_EQUAL_TO on hardware driver interface errors, PLUS, on Ramdisks!

APK

P.S.=> This entire exchange where you have libelled me from here:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35667576

Downward, is YOUR downfall, hairyfeet... hope you enjoy it, you only brought it on yourself! apk

Slashdot Mirror

Comodo Says Two More RAs Compromised

144 comments