On BuySellAds you can pay up to a few hundred dollars for a paid tweet. However, some of the sites that appear to have thousands of followers have little traffic. No doubt there is one or two sites on there with fake followers offering Paid tweets.
This is not BSA problem really, but I would recommend being mindful and researching the site in question before coughing up the dollars.
I did this analysis of the Alexa Top 1 million before World IPv6 day.
* 1.1% of sites in the top 1 million had AAAA records
* Only 4 of the top 50 tech companies websites were IPv6 capable
I did this analysis back in March, here is a quick summary of sites found with AAAA records:
* 1% of total sites
* ~5% of sites in Germany and Russia
* 0.38% of sites in the USA
* 90% of sites are running Apache or Nginx
* 4% of sites are running IIS
Adding a phone based PIN via text to the authentication of Google accounts increases the complexity of an attack against the users authentication. It is not perfect but phone intercepts vs keyloggers are two very different levels of attack.
Whether its Gnome or KDE, Unity or Metro - if the desktop bling gets in the way of a smooth user experience then the deskop is not doing its job.
From time to time I try the latest and greatest desktop environment and perhaps I will go to a "heavy" desktop in the future but for now Fluxbox serves its purpose and will stay as my default desktop.
Great work to Fyodor and the dev team. Another quality release. The new NSE scripts are great, as is the speed improvements.
For those who have not used ncat - I urge you to check it out. With the portable windows version, you can drop this on a box and build encrypted tunnels. You can bring up a HTTP proxy in the time it takes you to type "ncat --proxy-type http -l 127.0.0.1 9090" It is a very handy little tool. When it comes to features ncat blows nc away.
Now to plug my service.
Online port scanner that uses Nmap, now updated to version 6.0. Allows port scanning of IPv4 and IPv6 addresses.
Interestingly in February 2011 I did a survey of the Alexa Top 1 Million sites. The idea here was as opposed to the large sample that Netcraft uses I focused on the more established web sites.
Alexa Top 1 Million (February 2011)
IIS:: 17.9%
Nginx:: 7.9%
Apache:: 69%
Slashdot Mirror
Yes I received calls, 3 in about 3 months, they did not stay on the phone long.
1st time - Caller: "You have a problem with your Microsoft Windows".
Me: "I run Linux"
Caller: Hangs up
2nd time - Caller: "You have a problem with your Computer".
Me: "How do you know which one, I have 6"
Caller: Hangs up
3rd time - Caller: "Your computer...."
Me: Hangs up
It is good they have been taken down, after working on helpdesks in the past I imagine many non-technical users would fall for a scam such as this.
On BuySellAds you can pay up to a few hundred dollars for a paid tweet. However, some of the sites that appear to have thousands of followers have little traffic. No doubt there is one or two sites on there with fake followers offering Paid tweets.
This is not BSA problem really, but I would recommend being mindful and researching the site in question before coughing up the dollars.
Lets hope NASA read the research by HDMoore back in 2010, where he identified security mis-configurations with the VxWorks software.
http://www.metasploit.com/modules/auxiliary/admin/vxworks/wdbrpc_memory_dump/
http://www.darkreading.com/vulnerability-management/167901026/security/application-security/226100011/researcher-pinpoints-widespread-common-flaw-among-vxworks-devices.html
So were the passwords salted or only encrypted? Do we have yet more passwords in the wild?
The use of secret questions are a weak form of password retrieval. Finding someones home town or mothers maiden name is not exactly difficult.
I did this analysis of the Alexa Top 1 million before World IPv6 day.
* 1.1% of sites in the top 1 million had AAAA records
* Only 4 of the top 50 tech companies websites were IPv6 capable
http://hackertarget.com/ipv6-in-top-sites-infographic/
Post World IPv6 day version to be released soon.
Why use the web at all? Gopher rocked.
For the kids : http://en.wikipedia.org/wiki/Gopher_(protocol)
I did this analysis back in March, here is a quick summary of sites found with AAAA records:
* 1% of total sites
* ~5% of sites in Germany and Russia
* 0.38% of sites in the USA
* 90% of sites are running Apache or Nginx
* 4% of sites are running IIS
In July, I am planning on a follow-up to see if there is any major change in the numbers.
http://hackertarget.com/ipv6-in-top-sites-infographic/
Read this as "Do solo BLACKHATS roam the universe". I have been doing security for too long....
Adding a phone based PIN via text to the authentication of Google accounts increases the complexity of an attack against the users authentication. It is not perfect but phone intercepts vs keyloggers are two very different levels of attack.
Whether its Gnome or KDE, Unity or Metro - if the desktop bling gets in the way of a smooth user experience then the deskop is not doing its job.
From time to time I try the latest and greatest desktop environment and perhaps I will go to a "heavy" desktop in the future but for now Fluxbox serves its purpose and will stay as my default desktop.
Recent analysis of the Top 1 Million websites: http://hackertarget.com/ipv6-in-top-sites-infographic/
The analysis will be repeated after world ipv6 day (http://www.worldipv6day.org/) to determine if there is any significant increase. I am not hopeful.
Great work to Fyodor and the dev team. Another quality release. The new NSE scripts are great, as is the speed improvements.
For those who have not used ncat - I urge you to check it out. With the portable windows version, you can drop this on a box and build encrypted tunnels. You can bring up a HTTP proxy in the time it takes you to type "ncat --proxy-type http -l 127.0.0.1 9090" It is a very handy little tool. When it comes to features ncat blows nc away.
Now to plug my service.
Online port scanner that uses Nmap, now updated to version 6.0. Allows port scanning of IPv4 and IPv6 addresses.
Interestingly in February 2011 I did a survey of the Alexa Top 1 Million sites. The idea here was as opposed to the large sample that Netcraft uses I focused on the more established web sites.
:: 17.9% :: 7.9% :: 69%
Alexa Top 1 Million (February 2011)
IIS
Nginx
Apache
Web Server Survey Summary February 2011
Web Technology Report February 2011
A new report will be prepared in the next few weeks, it will be good to see if Nginx has indeed gathered a larger chunk of the established sites.