a little late to reply, but yep. The original post was just to illustrate how easy it is to setup a botnet using an existing public P2P network. I would expect any bot herder worth their salt to use some encryption scheme to protect their command structure.
Since most P2P's can search Via file hash, it should be trivial to make a encrypted command disguised as a file hash in a public P2P, but Ideally the Public P2P network would only be used to link the bots together, and they would join their own encrypted private P2P network and disconnect from the public one once enough peers are established to maintain the private P2P, but considering that a public P2P is an excellent place to gather users (Ex: Try seaching for a random mashing of keys. Now explain to your average 12 year old why "New Hit Single sdjfhdjf Ft. Lady Gaga.wma" isn't a good Idea to download) I don't see why you would want to disconnect from the public one.
Domains and IRC are dead ends for current botnets anymore exactly because authorities can shut them down.
The newer botnets use Peer to Peer networks for command and control. Either a In House private P2P or (most likely since they're already established) a public P2P like Kademila or Gnutella. Then all you would have to do is search the network with a authorization string+botnet command string embedded in it(IE: randomhexspamtheworld). When the bot receives the search string, it validates against the authorization string (randomhex) to make sure it's your command and then does the action contained in the botnet commandstring (spamtheworld).
Lenovo has had bad batches of batteries in both their R60 and R61 line that were not subject to the explosion recalls. The R60's would go bad spontaneously and without warning, and the battery indicator would blink orange fast as well as Lenovo's battery manager would report a battery malfunction until you did a warranty replacement. Since they only warranty batteries for only 1 year, we had to buy tons more until we got rid of them at end of lease, then the first sets of R61's started showing the same signs. The R400's have been ok so far, but they have other issues (usually involving a motherboard replacement) These machines had XP and was way before windows 7 came out.
So far with windows 7, the only time I've seen the warning is when Lenovo's power manager confirms the issue. The only thing I wish Windows 7 had built in is a battery reset option like the Lenovo Power manager. After that is run, you can sometimes gain a few more minutes out of your battery, but not all the time and never if the battery reports a failure rather than a loss in battery performance.
Flash Player plug-in (7 vulnerabilities) -- Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 10.0.42
That's just one that could be exploited without user intervention through Safari, and you wouldn't even need to go somewhere malicious since most black hats target third party Flash Ad providers on a legitimate site (Google "Gawker Ad Malware"). I'm sure you'll tell me how Apple patched them (IE: Steve Bailed me out) but what about when I originally posted the exploit example two days before the patch?
The problem is that the average Windows user has a false sense of security because they think that if they run anti-virus they'll be safe whereas the average Mac user doesn't run anti-virus but they also know better than to click on any link sent to them or download and install any piece of software that comes their way.
The difference is that as long as the Windows system has an AV system that is functional and can get updates, it's going to tell the user somethings wrong at some point. The Mac user without the Virus scanner happily runs his infected box until either his ISP steps in and blocks his account.(Because he's spamming or DOSsing) or Apple sends a patch killing it. As for the point of not downloading or clicking on anything suspicious, Google "Gawker Ad Malware" Again.
What's Windows' track record been over the past ten years...yeah, I thought so!
Not once did I mention Windows Security. My point, and it's been my point all along now, is that it can happen to anyone, anywhere using any OS and any software on that OS. Windows and IE (and especially the older versions) are horrendous security wise, but going down the "Change your OS" or "Change your Browser" bandwagon is only a short term solution at best because eventually the Virus Inc's will start punching holes in whatever the next popular thing is. It's all about proactive protection (Anti Virus) and system hardening (User rights management and sandboxing) to protect your computer from yourself. Doing it right will make any system, Including Microsoft, rock solid. Ignoring it, or denying that it exists or is necessary, will get you hacked in the end.
First off, how do you know nothing happened? do you have a Virus scanner? Do you monitor all of your processes every time time you turn on your Mac? Did your Safari Browser pop up a warning. Would it even pop up one?
Let me tell you how a Black hat would write an OSX virus if they were smart. It would start as a malicious PHP script. It would detect your OS and what browser you were using and choose carefully scripted attacks based on the version of Safari You use (thank you Agent-String) and plugin exploits that you most likely have. (such as Flash, Adobe, Quicktime, ETC) From there I would exploit the hole to install a carefully written malicious package that would start as you login, not being a deep infector but a shallow one so it would be trival to remove and not prompt for an admin password, and then redirect you to another site so the user thinks it was harmless. (maybe a 404 site, maybe Google). This program would run at the lowest priority, so that it can take full advantage of your processor, but would easily give processes to other apps calling for it, so you would have no idea it was running unless you were monitoring performance. It would never prompt you, or show itself. From there, it would contact a server to tell the Virus Inc. that your infected. which adds it to a botnet, and then it would be used to do whatever the bad guys want; Spamming, DOSsing, cracking other people's passwords, and if it can without alerting you to it's presense, Spying, Keylogging, You name it.
My experience so far has taught me that while Many Windows and Linux users are aware of security issues, Mac users have No Idea, None whatsoever, When it comes to their security and literally expect Steve Jobs to bail them out when the going gets tough. The only thing I can think of why this is like this is because Apple for the better part of 10-20 years have been pontificating that Mac's don't have viruses and that your safe where Windows never claims this and Linux promotes safe practices. The problem with that is that there's this unpatched hole called a Human which is cross platform and tends to be exploited a lot these days.
Yes. Default Setup of XP using Default Setting using the latest and fully patched software. Primarily since this was a test of the Anti-virus vendors rather than OS Hardening.
The main reason I used Firefox is because that's what the students use on their laptops. Since we require a specific AV vendor to connect to our network and they can bring in their in home PC with them, we have to run the test considering a default OEM windows install.
On another note, I ran across a PHP file one time that under analysis did no less than 20 exploits ranging from current to old IE, Firefox, Java, Acrobat, Flash and Quicktime exploits. After all 20 exploits ran, it then popped up one of those "YOU GOT A VIRUS!!" message and attempted to hack YOU. That was the point of the PCWorld article; These Virus vendors are going past the browsers and are now attacking the plug-ins that 90% of browsers use.
I had to test security products. (since we're deciding to change antivirus vendors) So I got three machines (each with F-secure, Sophos and Vipre), went to my favorite site in the world (malwaredomainlist.com) and downloaded the first link in the list, infecting all 3 PC's with a virus in udner 5 minutes.
I've seen sites with these vulnerabilities, and they can cruise right through Firefox if written correctly. Why Firefox was crashing instead of loading Acrobat is either you may have a plugin that blocks malicious strings, (Like Adblock Plus - Which I highly recommend) Firefox already patched a hole that the malware was trying to exploit or they were exploiting an IE hole to start Acrobat and Firefox didn't like the way it was called. Also Consider that Firefox crashed, which can also lead to a possible code injection attack if it can be exploited in a specific manner.
Ultimately, The real Culprit here is the PDF File. Adobe in in general is the attack of choice anymore. Most likely it was a malicious Flash Ad delivered from a Third party service, which then called for a malicious PDF, which the browser will happily open up using Acrobat's plugin.
Finally. Always Update IE Even if you exclusively use Firefox and never ever use IE. There is a lot of improvements that were made in security in IE8, and I have seen Flash apps that in Firefox will start IE to attempt to exploit unpatched IE holes. If you can't (Because Ye Be A Pirate Matey!! ARRR!! or because your company won't let you.) Then turn IE6 security to high for all security zones and use Firefox exclusively.
Yeah. Because that MS search integration they put in place since IE3 has really worked for MSN Search, Windows Live Search, Live Search, and Bing.
Their Illegal Monopoly abuse will finally get them to a unbelievable 15% market share in no time flat. There's no way that they could have actually made a decent search engine for once. Nope.
A lot of that could be fixed with a Instant-on OS that bolts to the main OS, such as Splashtop. I find I use that often on my S10e for fast internet browsing, but can still boot into windows when I need to.
"So I Really liked Fern Gully (BUZZ) Pocahontas? (BUZZ) Atlantis: The Lost Empire? (BUZZ) Dances with Wolves? (BUZZ) Avatar? (DING) The Most original movie I ever seen in my life!!"
calling something with a cap "unlimited" should result in their whole marketing department fired and any manager who approved it receiving hefty financial fine.
They're call 'Skill Points' and they were first invented by Sony and Insomniac games all the way back in the late 1990s
From what I've seen of these skill points, Their pretty much the same thing as getting the hidden world stars in Mario 64, only you get a star instead of an extra life.
Sony had motion controls in games going all the way back to the early PS2 days
And it sucked. Just about all of the Eye Toy games were "stand in front of the screen and flail your arms around like a crazy man" since all it responded to was movement. Natal can sense depth as well as position and movement, so it actually knows where you are in 3D space. Regardless, the real question is can Microsoft capatalize on it in such a way to make a game compelling enough to play. Even the Wii is struggling here.
I had this happen to me once on my 1988 Mercury Grand Marquis. The accelerator got stuck under the floor mat and the car took off. Know what I did? I Put it in neutral, Realized that was stupid (since the engine was redlining now) and turned the key to off. once I pulled over, I fixed the mat, started the car and went down the road.
These new cars, with no physical ignition cutoff is a bad thing. I swear to god the auto industry wants eX-Driver to happen, where we got teenagers running down freeways at breakneck speeds going after rogue cars with chaff guns because some idiot in R&D was too stupid to put a big red EMERGENCY STOP Button in the cab of the rogue AI car.
When windows 2000 was first released, at my old job we did a complete deployment of Win200 on an NT4 server domain not knowing anything about sysprep or SID's. Every once in awhile we noticed that machines would randomly freeze for no reason. Looking on the net we found other people running into the same issue and found that resetting the SID's would fix the issue. After running sysprep on all of the PC's in the labs, the freezing stopped completely. We then just used sysprep at image completion time to deploy and never had a problem since.
At some point, SID's may have been used for legacy domains. There is a chance that Active Directory Domain's removed SID importance and that's why it doesn't matter anymore.
First off, if you install Java even if you wanted to install it just for IE, or just to run a local program that runs java, it installs the Java Plugin for FireFox as well as ask you for the toolbar of the day. The same goes for Adobe Acrobat Reader if you just wanted to view a PDF, and is actually worse since the earlier installers would install Adobe AIR Without permission. Flash doesn't install to both by default, but the problem with Flash for FireFox is that it does not automatically update. (don't know why. The ActiveX Flash has an updater.)
Second. Again, I'm all for the blacklisting, Especially the 1.0 version since uninstall was not possible until 1.1. What I'm saying is that this needs to happen with other plugins with similar security issues and not just with Microsoft's because a few zealots are butthurt because they see a MS product in their Microsoft free FireFox.
In February,.NET 3.5 framework comes out and it has 2 verified exploits (See Here). In that period of time, Adobe flash has had 4 exploits and Acrobat Reader had 8 (See Here). Java had 15 (not too sure of this number See Here) Now considering that none of the affected Adobe or Sun Plugins were blocked (as they should have been) Is this more of a political move because it's Microsoft or is it because Firefox cares about the security of their browser? (which they should.)
You Don't see them blacklisting older versions of Flash or Java. The most they have done so far is tell you your flash is out of date, which granny promply ignroes and two days later calles her grandson asking why this newfangled Windows Enterprise Defender is telling her she got 50 viruses on her pc even though she paid $80 for it to remove them.
I don't have a problem with Firefox disabling plugins with security issues, but they sure as hell better be consistant about it. Especially when other plugins (Especially Flash) have a much more horrible security record and policy.
How many times must we hear about this plugin? This is at least the third time I've seen an article on it.
If you got 1.0 of the plugin and want to get rid of it, get the update here or Here, install it, and then uninstall it.
I'm saving this in my journal. That way, when they post the next.NET plugin story next month, I can just post the journal link. Maybe I can keep the story count there too.
However, you can't really claim that you are selling a TI calculator at a loss hoping to make the additional money from software sales, nor can you really claim that hacking the calculator makes you loose any money.
Actually they can. Althought they are definitly not selling the calc at a loss.
Although the OS key really doesn't hurt Ti, The Application signing key is the one they are probably most worried about, since they used to charge a fee to sign shareware/bought apps and bought flashapps use the key to protect from being copied from calc to calc. They also used to use the key to limit app size, but a lot of that was circumvented over time.
See here Although the information seems to be lacking on if there is still a cost involved to get a key.
Slashdot Mirror
a little late to reply, but yep. The original post was just to illustrate how easy it is to setup a botnet using an existing public P2P network. I would expect any bot herder worth their salt to use some encryption scheme to protect their command structure.
Since most P2P's can search Via file hash, it should be trivial to make a encrypted command disguised as a file hash in a public P2P, but Ideally the Public P2P network would only be used to link the bots together, and they would join their own encrypted private P2P network and disconnect from the public one once enough peers are established to maintain the private P2P, but considering that a public P2P is an excellent place to gather users (Ex: Try seaching for a random mashing of keys. Now explain to your average 12 year old why "New Hit Single sdjfhdjf Ft. Lady Gaga.wma" isn't a good Idea to download) I don't see why you would want to disconnect from the public one.
Domains and IRC are dead ends for current botnets anymore exactly because authorities can shut them down.
The newer botnets use Peer to Peer networks for command and control. Either a In House private P2P or (most likely since they're already established) a public P2P like Kademila or Gnutella. Then all you would have to do is search the network with a authorization string+botnet command string embedded in it(IE: randomhexspamtheworld). When the bot receives the search string, it validates against the authorization string (randomhex) to make sure it's your command and then does the action contained in the botnet commandstring (spamtheworld).
It's not far from the truth.
Lenovo has had bad batches of batteries in both their R60 and R61 line that were not subject to the explosion recalls. The R60's would go bad spontaneously and without warning, and the battery indicator would blink orange fast as well as Lenovo's battery manager would report a battery malfunction until you did a warranty replacement. Since they only warranty batteries for only 1 year, we had to buy tons more until we got rid of them at end of lease, then the first sets of R61's started showing the same signs. The R400's have been ok so far, but they have other issues (usually involving a motherboard replacement) These machines had XP and was way before windows 7 came out.
So far with windows 7, the only time I've seen the warning is when Lenovo's power manager confirms the issue. The only thing I wish Windows 7 had built in is a battery reset option like the Lenovo Power manager. After that is run, you can sometimes gain a few more minutes out of your battery, but not all the time and never if the battery reports a failure rather than a loss in battery performance.
Despite all the people who like to quote Charlie Miller and your own "Let me tell you how...", it is not trivial to crack a Mac...period!
From Threatpost post about 12 serious OSX Flaws that were patched today
Flash Player plug-in (7 vulnerabilities) -- Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 10.0.42
That's just one that could be exploited without user intervention through Safari, and you wouldn't even need to go somewhere malicious since most black hats target third party Flash Ad providers on a legitimate site (Google "Gawker Ad Malware"). I'm sure you'll tell me how Apple patched them (IE: Steve Bailed me out) but what about when I originally posted the exploit example two days before the patch?
The problem is that the average Windows user has a false sense of security because they think that if they run anti-virus they'll be safe whereas the average Mac user doesn't run anti-virus but they also know better than to click on any link sent to them or download and install any piece of software that comes their way.
The difference is that as long as the Windows system has an AV system that is functional and can get updates, it's going to tell the user somethings wrong at some point. The Mac user without the Virus scanner happily runs his infected box until either his ISP steps in and blocks his account.(Because he's spamming or DOSsing) or Apple sends a patch killing it. As for the point of not downloading or clicking on anything suspicious, Google "Gawker Ad Malware" Again.
What's Windows' track record been over the past ten years...yeah, I thought so!
Not once did I mention Windows Security. My point, and it's been my point all along now, is that it can happen to anyone, anywhere using any OS and any software on that OS. Windows and IE (and especially the older versions) are horrendous security wise, but going down the "Change your OS" or "Change your Browser" bandwagon is only a short term solution at best because eventually the Virus Inc's will start punching holes in whatever the next popular thing is. It's all about proactive protection (Anti Virus) and system hardening (User rights management and sandboxing) to protect your computer from yourself. Doing it right will make any system, Including Microsoft, rock solid. Ignoring it, or denying that it exists or is necessary, will get you hacked in the end.
BTW, Thanks for Proving my other point.
First off, how do you know nothing happened? do you have a Virus scanner? Do you monitor all of your processes every time time you turn on your Mac? Did your Safari Browser pop up a warning. Would it even pop up one?
Let me tell you how a Black hat would write an OSX virus if they were smart. It would start as a malicious PHP script. It would detect your OS and what browser you were using and choose carefully scripted attacks based on the version of Safari You use (thank you Agent-String) and plugin exploits that you most likely have. (such as Flash, Adobe, Quicktime, ETC) From there I would exploit the hole to install a carefully written malicious package that would start as you login, not being a deep infector but a shallow one so it would be trival to remove and not prompt for an admin password, and then redirect you to another site so the user thinks it was harmless. (maybe a 404 site, maybe Google). This program would run at the lowest priority, so that it can take full advantage of your processor, but would easily give processes to other apps calling for it, so you would have no idea it was running unless you were monitoring performance. It would never prompt you, or show itself. From there, it would contact a server to tell the Virus Inc. that your infected. which adds it to a botnet, and then it would be used to do whatever the bad guys want; Spamming, DOSsing, cracking other people's passwords, and if it can without alerting you to it's presense, Spying, Keylogging, You name it.
My experience so far has taught me that while Many Windows and Linux users are aware of security issues, Mac users have No Idea, None whatsoever, When it comes to their security and literally expect Steve Jobs to bail them out when the going gets tough. The only thing I can think of why this is like this is because Apple for the better part of 10-20 years have been pontificating that Mac's don't have viruses and that your safe where Windows never claims this and Linux promotes safe practices. The problem with that is that there's this unpatched hole called a Human which is cross platform and tends to be exploited a lot these days.
Yes. Default Setup of XP using Default Setting using the latest and fully patched software. Primarily since this was a test of the Anti-virus vendors rather than OS Hardening.
The main reason I used Firefox is because that's what the students use on their laptops. Since we require a specific AV vendor to connect to our network and they can bring in their in home PC with them, we have to run the test considering a default OEM windows install.
On another note, I ran across a PHP file one time that under analysis did no less than 20 exploits ranging from current to old IE, Firefox, Java, Acrobat, Flash and Quicktime exploits. After all 20 exploits ran, it then popped up one of those "YOU GOT A VIRUS!!" message and attempted to hack YOU. That was the point of the PCWorld article; These Virus vendors are going past the browsers and are now attacking the plug-ins that 90% of browsers use.
Guess what I did today at work?
I had to test security products. (since we're deciding to change antivirus vendors) So I got three machines (each with F-secure, Sophos and Vipre), went to my favorite site in the world (malwaredomainlist.com) and downloaded the first link in the list, infecting all 3 PC's with a virus in udner 5 minutes.
Guess which Browser I was using?
(Hint. It wasn't IE)
I've seen sites with these vulnerabilities, and they can cruise right through Firefox if written correctly. Why Firefox was crashing instead of loading Acrobat is either you may have a plugin that blocks malicious strings, (Like Adblock Plus - Which I highly recommend) Firefox already patched a hole that the malware was trying to exploit or they were exploiting an IE hole to start Acrobat and Firefox didn't like the way it was called. Also Consider that Firefox crashed, which can also lead to a possible code injection attack if it can be exploited in a specific manner.
Ultimately, The real Culprit here is the PDF File. Adobe in in general is the attack of choice anymore. Most likely it was a malicious Flash Ad delivered from a Third party service, which then called for a malicious PDF, which the browser will happily open up using Acrobat's plugin.
If you really want to fix this, block the AD's (either with The Firefox plugin AdBlock Plus or with IE8's Inprivate Filtering and either get the latest Acrobat (which finally has some security in it) or replace it with Foxit Reader
Finally. Always Update IE Even if you exclusively use Firefox and never ever use IE. There is a lot of improvements that were made in security in IE8, and I have seen Flash apps that in Firefox will start IE to attempt to exploit unpatched IE holes. If you can't (Because Ye Be A Pirate Matey!! ARRR!! or because your company won't let you.) Then turn IE6 security to high for all security zones and use Firefox exclusively.
Yeah. Because that MS search integration they put in place since IE3 has really worked for MSN Search, Windows Live Search, Live Search, and Bing.
Their Illegal Monopoly abuse will finally get them to a unbelievable 15% market share in no time flat. There's no way that they could have actually made a decent search engine for once. Nope.
A lot of that could be fixed with a Instant-on OS that bolts to the main OS, such as Splashtop. I find I use that often on my S10e for fast internet browsing, but can still boot into windows when I need to.
The Bum review for Avatar got this dead on. (2:55 secs in)..
"So I Really liked Fern Gully (BUZZ)
Pocahontas? (BUZZ)
Atlantis: The Lost Empire? (BUZZ)
Dances with Wolves? (BUZZ)
Avatar? (DING)
The Most original movie I ever seen in my life!!"
Sweet, so you can sue them for any downtime?
Technically, Yes if you can prove they are cutting you off because they feel like it rather than a service outage.
What's the point in advertising something that basically everyone already has?
http://xkcd.com/641/ sums it up nicely.
calling something with a cap "unlimited" should result in their whole marketing department fired and any manager who approved it receiving hefty financial fine.
1) go to http://slashdot.org/journal/212295/
2) Replace Comcast with Verizon
Basically, When they say "Unlimited Internet", What they actually mean is "Always on Internet"
They're call 'Skill Points' and they were first invented by Sony and Insomniac games all the way back in the late 1990s
From what I've seen of these skill points, Their pretty much the same thing as getting the hidden world stars in Mario 64, only you get a star instead of an extra life.
Sony had motion controls in games going all the way back to the early PS2 days
And it sucked. Just about all of the Eye Toy games were "stand in front of the screen and flail your arms around like a crazy man" since all it responded to was movement. Natal can sense depth as well as position and movement, so it actually knows where you are in 3D space. Regardless, the real question is can Microsoft capatalize on it in such a way to make a game compelling enough to play. Even the Wii is struggling here.
So that means, not only are they going to rip off Nintendo, There going to rip off Microsoft too?
So now the PS3 can tell you look like an idiot while swinging the lighted Bingo Dauber around. Nice.
I had this happen to me once on my 1988 Mercury Grand Marquis. The accelerator got stuck under the floor mat and the car took off. Know what I did? I Put it in neutral, Realized that was stupid (since the engine was redlining now) and turned the key to off. once I pulled over, I fixed the mat, started the car and went down the road.
These new cars, with no physical ignition cutoff is a bad thing. I swear to god the auto industry wants eX-Driver to happen, where we got teenagers running down freeways at breakneck speeds going after rogue cars with chaff guns because some idiot in R&D was too stupid to put a big red EMERGENCY STOP Button in the cab of the rogue AI car.
I ran into problems in the past.
When windows 2000 was first released, at my old job we did a complete deployment of Win200 on an NT4 server domain not knowing anything about sysprep or SID's. Every once in awhile we noticed that machines would randomly freeze for no reason. Looking on the net we found other people running into the same issue and found that resetting the SID's would fix the issue. After running sysprep on all of the PC's in the labs, the freezing stopped completely. We then just used sysprep at image completion time to deploy and never had a problem since.
At some point, SID's may have been used for legacy domains. There is a chance that Active Directory Domain's removed SID importance and that's why it doesn't matter anymore.
OK. If there's no "in the wild" viruses for OSX, then why does snow leopard have malware protection built in now?
http://blogs.zdnet.com/Apple/?p=4767
A demostration of the "Customer Appreciation Bat" works wonders.
Although since it's a corporate institution, the "Security Empowerment Bat" might be more effective.
http://slashdot.org/~Deathlizard/journal/238961
First off, if you install Java even if you wanted to install it just for IE, or just to run a local program that runs java, it installs the Java Plugin for FireFox as well as ask you for the toolbar of the day. The same goes for Adobe Acrobat Reader if you just wanted to view a PDF, and is actually worse since the earlier installers would install Adobe AIR Without permission. Flash doesn't install to both by default, but the problem with Flash for FireFox is that it does not automatically update. (don't know why. The ActiveX Flash has an updater.)
Second. Again, I'm all for the blacklisting, Especially the 1.0 version since uninstall was not possible until 1.1. What I'm saying is that this needs to happen with other plugins with similar security issues and not just with Microsoft's because a few zealots are butthurt because they see a MS product in their Microsoft free FireFox.
In February, .NET 3.5 framework comes out and it has 2 verified exploits (See Here). In that period of time, Adobe flash has had 4 exploits and Acrobat Reader had 8 (See Here). Java had 15 (not too sure of this number See Here) Now considering that none of the affected Adobe or Sun Plugins were blocked (as they should have been) Is this more of a political move because it's Microsoft or is it because Firefox cares about the security of their browser? (which they should.)
So Does older versions of Flash and Java.
You Don't see them blacklisting older versions of Flash or Java. The most they have done so far is tell you your flash is out of date, which granny promply ignroes and two days later calles her grandson asking why this newfangled Windows Enterprise Defender is telling her she got 50 viruses on her pc even though she paid $80 for it to remove them.
I don't have a problem with Firefox disabling plugins with security issues, but they sure as hell better be consistant about it. Especially when other plugins (Especially Flash) have a much more horrible security record and policy.
How many times must we hear about this plugin? This is at least the third time I've seen an article on it.
If you got 1.0 of the plugin and want to get rid of it, get the update here or Here, install it, and then uninstall it.
I'm saving this in my journal. That way, when they post the next .NET plugin story next month, I can just post the journal link. Maybe I can keep the story count there too.
However, you can't really claim that you are selling a TI calculator at a loss hoping to make the additional money from software sales, nor can you really claim that hacking the calculator makes you loose any money.
Actually they can. Althought they are definitly not selling the calc at a loss.
Although the OS key really doesn't hurt Ti, The Application signing key is the one they are probably most worried about, since they used to charge a fee to sign shareware/bought apps and bought flashapps use the key to protect from being copied from calc to calc. They also used to use the key to limit app size, but a lot of that was circumvented over time.
See here Although the information seems to be lacking on if there is still a cost involved to get a key.
Hey, breaking news! I found a patch for stupid! It works pretty well
Ok I Reiterate. There's no Legal way to patch stupid.