note to editors, IE8 is the second browser to protect from clickjacking the first is firefox with noscript extension.
While it may be in an extension, it is not implemented via the main program itself. Therefore IE 8 is the first browser to implement this (as opposed to taking FF's stance and implementing an extension interface).
I know this is the internet we're talking about, but Hulu went live ~1.5 years ago and has only been accessible to the general public for less than a year (March 12, 2008). They haven't been doing anything "for ages".
Fair enough, I just chose a website that does this and is widely used by the general public.
Seriously, this is no big deal. According to the article, "On average, people will hear a 15-second commercial about every two hours, Westergren said, adding that it is a targeted ad campaign and not everyone is hearing the commercials." Other 'free' services have been doing it for ages, most notably Hulu.com. Plus I agree with the above comments... fuck country-specific services on the Internet and fuck those royalty fees. And yes... I'm looking at you the most RIAA...
You would think that. I even went so far at one point as to write my answers down to avoid confusion (how they write the same questions multiple times), however, I still flagged on that test. The employer I had talked to couldn't even pass that "test".
As a teenager, I was always passed up because I couldn't "pass" the personality test on BestBuy.com (for The Geek Squad), despite the fact that I already had my A+ and was on my way to a CCNA at the time. I talked to the employer at that local store and while he recognized that I probably knew my field I 'HAD' to pass that personality test. Needless to say I never got hired by them.
I actually didn't mean private in a "security through obscurity" sense, I meant in the private sector. It just seemed that in modern times, the United States government wouldn't want to give anything to the community in terms of improving security for individuals. (These were just the thoughts at the time, I can see why now... just thought I'd throw it out there)
Why would they release this? Don't get me wrong, I, personally, am all for donating to the community and further advancing technology as a species; however, why would the NSA deliver something to the public that would, in the long run, possibly make life harder on themselves by possibly furthering the advances of private encryption? I'm not trying to play Devil's Advocate, I just genuinely don't understand why they would (possibly) make life harder for themselves.
Actually, I'm in the United States military at the moment and we don't call ourselves a "defense force"; we call ourselves the "armed force", which seems, (as you seem to have pointed out) a territorial neutral term.
They say that it has been translated into 7 languages in TFA, however, they provide an HTML link for the Deutsch version. Why are they not available on the installer? What good does a license do if it's not available to be viewed at install time? And if it's not available on the installer, then the time that someone took to translate that license into another language was for nothing.
I second this motion! I also bought the book Code (I won't lie, the fancy cover made me look), and it ended up being one of the best books I've read on the subject. It covers many topics, but for those who may need a little help being introduced to the subject, this book will definitely help to peak their interest. Although, it covers many aspects, it will help to introduce someone who may be interested in programming, but maybe has trouble grasping the idea of binary or trouble thinking like a programmer when debugging a program.
It's always traceable, but the answer in short is to use proxies. If somebody steals from a bank in the US and routes it through Sweden, some anti-US countries, and then China to boot, do you think everyone will be so willing to help the US government? Probably not. And of course, you could do the same to your IP address through proxies.
It never occurred to any of them to educate their users...
Both secure websites AND browsers have been educating users on security since the early days of the Internet. Nobody can stop a stupid and/or ignorant user from being redirected and not realizing that SSL is not implemented or invalid. SSL is properly implemented, however, the attack in question was redirecting the DNS. For instance, you create your own website and your own certifications and then trick the DNS into thinking your site is from Verisign and was created by them as well (since the source address would be the same according to DNS). Everything looks legitimate, but it's not. This is not something that someone could look at say... banks for and blame them for incorrect security implementations, it's how DNS is (was) widely implemented at a fundamental level by ISP's and such.
Or you could easily set up a proxy kind of webserver to make it look like everything is working as usual.
This possibility has always been there. The matter of a MITM proxy-based atttack is not what is in question here, it is the possibility of a DNS poisoning attack which would redirect the user to a non valid website, which is appearing as valid, and the additional verification questions on sensitive websites (i.e. banks and such) would prevent this from happening (at least from a DNS redirect of the email standpoint).
Also From TFA, "Or, for the sheer geeky joy of it, he could reroute all of.com into his laptop, the digital equivalent of channeling the Mississippi into a bathtub."... right.
The site linked in the article is indeed slashdotted, but the bug in question has been overhyped in the media and, although it must be fixed to prevent future problems, it currently does not present a big obstacle for the current Internet...
I'm partially color blind and on occasion I do have to tweak the background and/or text color to see them better (i.e. a dark background on Amarok is a must everytime). For those applications that do not do this, I will sometimes have to change something globally just for use temporarily (this actually happens quite frequently with the app in question... iTunes).
If you don't want an audio manager, then just use VLC. Or XMMS (If I remember correctly). Minimal interface, fully funcional player and no library management (thus low overhead).
I'm glad that they're helping out. It's not about the war... but keeping history alive. Especially being about the history of computing with it being/. and all (naturally).
How is this not a blatant abuse of the system in order to silence free speech? By this logic, it is perfectly within the legal rights of Google to shut down websites which oppose their ideals and corporation. Nice try Scientology... but ultimately an epic fail. Good job jacking up the PR (again).
Slashdot Mirror
note to editors, IE8 is the second browser to protect from clickjacking the first is firefox with noscript extension.
While it may be in an extension, it is not implemented via the main program itself. Therefore IE 8 is the first browser to implement this (as opposed to taking FF's stance and implementing an extension interface).
I know this is the internet we're talking about, but Hulu went live ~1.5 years ago and has only been accessible to the general public for less than a year (March 12, 2008). They haven't been doing anything "for ages".
Fair enough, I just chose a website that does this and is widely used by the general public.
Seriously, this is no big deal. According to the article, "On average, people will hear a 15-second commercial about every two hours, Westergren said, adding that it is a targeted ad campaign and not everyone is hearing the commercials." Other 'free' services have been doing it for ages, most notably Hulu.com. Plus I agree with the above comments... fuck country-specific services on the Internet and fuck those royalty fees. And yes... I'm looking at you the most RIAA...
Nobody cares about your pun.
That's why people invented add-ons for Firefox, such as NoScript and AdBlock. When more people adopt these the ads will stop... the ads will stop.
You would think that. I even went so far at one point as to write my answers down to avoid confusion (how they write the same questions multiple times), however, I still flagged on that test. The employer I had talked to couldn't even pass that "test".
As a teenager, I was always passed up because I couldn't "pass" the personality test on BestBuy.com (for The Geek Squad), despite the fact that I already had my A+ and was on my way to a CCNA at the time. I talked to the employer at that local store and while he recognized that I probably knew my field I 'HAD' to pass that personality test. Needless to say I never got hired by them.
I actually didn't mean private in a "security through obscurity" sense, I meant in the private sector. It just seemed that in modern times, the United States government wouldn't want to give anything to the community in terms of improving security for individuals. (These were just the thoughts at the time, I can see why now... just thought I'd throw it out there)
Ok, in that capacity it makes sense. I'm not sure why that didn't occur to me earlier. Thank you, Garridan.
Why would they release this? Don't get me wrong, I, personally, am all for donating to the community and further advancing technology as a species; however, why would the NSA deliver something to the public that would, in the long run, possibly make life harder on themselves by possibly furthering the advances of private encryption? I'm not trying to play Devil's Advocate, I just genuinely don't understand why they would (possibly) make life harder for themselves.
Actually, I'm in the United States military at the moment and we don't call ourselves a "defense force"; we call ourselves the "armed force", which seems, (as you seem to have pointed out) a territorial neutral term.
They say that it has been translated into 7 languages in TFA, however, they provide an HTML link for the Deutsch version. Why are they not available on the installer? What good does a license do if it's not available to be viewed at install time? And if it's not available on the installer, then the time that someone took to translate that license into another language was for nothing.
I second this motion! I also bought the book Code (I won't lie, the fancy cover made me look), and it ended up being one of the best books I've read on the subject. It covers many topics, but for those who may need a little help being introduced to the subject, this book will definitely help to peak their interest. Although, it covers many aspects, it will help to introduce someone who may be interested in programming, but maybe has trouble grasping the idea of binary or trouble thinking like a programmer when debugging a program.
It's always traceable, but the answer in short is to use proxies. If somebody steals from a bank in the US and routes it through Sweden, some anti-US countries, and then China to boot, do you think everyone will be so willing to help the US government? Probably not. And of course, you could do the same to your IP address through proxies.
It never occurred to any of them to educate their users...
Both secure websites AND browsers have been educating users on security since the early days of the Internet. Nobody can stop a stupid and/or ignorant user from being redirected and not realizing that SSL is not implemented or invalid. SSL is properly implemented, however, the attack in question was redirecting the DNS. For instance, you create your own website and your own certifications and then trick the DNS into thinking your site is from Verisign and was created by them as well (since the source address would be the same according to DNS). Everything looks legitimate, but it's not. This is not something that someone could look at say... banks for and blame them for incorrect security implementations, it's how DNS is (was) widely implemented at a fundamental level by ISP's and such.
Or you could easily set up a proxy kind of webserver to make it look like everything is working as usual.
This possibility has always been there. The matter of a MITM proxy-based atttack is not what is in question here, it is the possibility of a DNS poisoning attack which would redirect the user to a non valid website, which is appearing as valid, and the additional verification questions on sensitive websites (i.e. banks and such) would prevent this from happening (at least from a DNS redirect of the email standpoint).
Also From TFA, "Or, for the sheer geeky joy of it, he could reroute all of .com into his laptop, the digital equivalent of channeling the Mississippi into a bathtub." ... right.
The site linked in the article is indeed slashdotted, but the bug in question has been overhyped in the media and, although it must be fixed to prevent future problems, it currently does not present a big obstacle for the current Internet...
I'm partially color blind and on occasion I do have to tweak the background and/or text color to see them better (i.e. a dark background on Amarok is a must everytime). For those applications that do not do this, I will sometimes have to change something globally just for use temporarily (this actually happens quite frequently with the app in question... iTunes).
If you don't want an audio manager, then just use VLC. Or XMMS (If I remember correctly). Minimal interface, fully funcional player and no library management (thus low overhead).
Now I only have to escape 9 months after I blow up a school! And then they'll never know I searched google to make the bomb. Thanks Google!
I'm glad that they're helping out. It's not about the war... but keeping history alive. Especially being about the history of computing with it being /. and all (naturally).
You're absolutely right! First they hit Youtube... now Scientologists are gonna try to ban me on Slashdot too! Devious indeed...
So in other words, Microsoft single-handedly brought down a London Stock Exchange? That's way too much power. FIGHT THE POWER!
How is this not a blatant abuse of the system in order to silence free speech? By this logic, it is perfectly within the legal rights of Google to shut down websites which oppose their ideals and corporation. Nice try Scientology... but ultimately an epic fail. Good job jacking up the PR (again).