That is what I gathered from the article. For instance, you pop your new software disc into the optic drive and are prompted with the installer. This will not happen, post update.
You pop in your external harddrive and are prompted with the installer for the manufacturers proprietary software... Parent was a bad example.
When I insert a USB stick, Windows XP opens an AutoPlay window asking me what action to take. If the autorun.inf file is found, the default choice in the AutoPlay window is to run whatever is in autorun.inf. What now? Does XP completely ignore autorun.inf with this update?
That is what I gathered from the article. For instance, you pop your new software disc into the optic drive and are prompted with the installer. This will not happen, post update. This loss of "functionality" also prevents certain attacks utilized by hackers and malware, think USB switchblades, Conficker, etc..., but also slightly decreases the usability that average users have grown used to.
Personally, I think this is a good call, provided there is a way to enable it. Features like Autoplay should, IMO, be disabled by default with an accessible option to enable it. I say that with a security mindset, mind you. My question is: Why only on XP and not Vista or 7?
I second this... If you have an Android phone and are technically inclined, chances are you already have it. You do not need a "real" Linux and root to use ssh. All you need is a terminal emulator and ssh client capabilities. ConnectBot (as well as others) has exactly that. With today's smartphones, there's an app (or 50) for everything, so that is a matter of preference.
All that is left is hardware. You don't need an uberninja-speed phone to open an ssh tunnel. Hell, my old G1 did this quite nicely. So you are left with the physical keyboard, as virtual keyboards really DO suck when used for too much more that a quck SMS or microblog post. As long as your physical keyboard is decent and you know how to use tha Alt/Fn keys, then you are good to go.
The point that security researchers have been trying (for years) to get across to developers and companies alike is that ALL software/protocols/standards/whatever should be developed with security in mind from the beginning. Granted, even with secure coding practices and rigorous application security testing, there will always be some vulnerability that gets overlooked by the developer or discovered by an attacker. The thing is that most companies tend to put functionality and features far above security, which is IMHO a completely ass backward way of doing things when it comes to technology in general.
King's got to be around to play himself, nay? With him being around 63, its hard to guarantee that he'll be around another 7 or so years to play his part in the films.
I don't think him getting to be 75 is terribly far fetched. Hard to guarantee, yes, but not impossible. Now, will he be coherent enough for cameos at 75? Tough to say.
By the rate that films are made and aired it could be another 12 years from now before we could see the final film.
While I must say that I am pretty stoked about this news, I must also say that, while I understand the point of using a TV series as a bridge between feature films, I am a little dissappointed with the decision to go this route. Call me old fashion, but wouldn't it be more epic to have like 6-9 full length films? There is more than enough material in the books for that and IMHO the film adaptations should not stray from the books like most others. This project should be as epic as the book series.
The ONLY phone shipping the "Google Experience" (i.e. Android as intended, more or less) was the Nexus One, every other phone out there has some sort of skin FORCEFULLY installed on it (HTC Sense, MOTOBLUR, TouchWiz, etc).
Not true. The Samsung Moment, though laden with Sprint's 'unremovable system apps' (i.e. NASCAR, NFL, SprintTV, etc) and tweaked for CDMA/EVDO, has a plain vanilla Android ROM on it. It offers much the same Google experience as the G1/DevPhone1 did. The only UI difference between the Moment and the Nexus One is that the N1 has the Advanced Laucher and Live Wallpapers (which have been ported to the Moment by the excellent community of Android device hackers, since day one.)
School is great for your resume: but so is experience with fields that are growing and likely to remain in demand.
Like INFOSEC!
Seriously though, yes... Try to find what it is you love and learn about any emerging trends/tech/what-have-you revolving around or related to that, then learn as much as you can about it. I work in a small business, supporting about 100 users, so my role in IT is broad (from break-fix to Sysadmin). I feel your pain, but I am actively pursuing knowledge of information security and programming to an extensive degree, including pursuing my BS in Information Security (yes, I only have an AS, ATM.). My point is this: Stick with what you do, as it is a good foundation for what you want to do (IT support provides critical problem-solving and analysis skills) and further your education throughout it all. When you are comfortable in you knowledge of what it is you want to do and your skills revolving around that path, then you will have no problem jumping on you chosen profession. Remember: It may take time, often years, before you land a job that makes you enjoy waking up in the morning, but when you do all the past will be worth it.
Also - how does one 'pre-install' web based apps? I suppose you can have a special mobile client app, but all you need is a browser.
If you are referring to the Android Market and the apps as being web-based, that would not be true (well, the market is heavily 'web-reliant'. The apps are downloaded from the web and installed locally. Pre-installing an app is as easy as including it in the custom source build.
And: w00t! More droids! MORE DROIDS!...Seriously though, I think that I will stick with the custom/rooted builds, myself.:)
Way to go, BBC. You have moved past bringing the populace breaking news stories to creating them! I am looking forward to the next headline, regarding this.
I think we all agree that gaining unauthorized access to another computer is, not only unethical, but illegal. I am surprised, being that this article is on slashdot, now, that the BBC is not already feeling the ramifications of its actions. I highly doubt they asked everyone in those chat rooms: "Hi, we are from the BBC, we would like to pwn your computer in the name of exposing cyber security risks. Is this okay, with you? Great, Thanks!"
I see a very bright outlook for Apogee Telecom's ISP business this year.
Indeed. It's just too bad Apogee only offers its ISP services to colleges and Universities. If they were a standard ISP, it would be even better for them (in some respects).
On that note... I think that their being a collegiate ISP is perhaps the reason (or one of them) that they did not just fork over the details, like all the others. There are pretty strict laws, when it comes to protecting the identities and information of students.
Only when the person is too much of a poser to not find the hidden SSID. Not everyone knows how, though it is incredibly simple. That is the reason why we have security through obscurity, to begin with.
Also, to comment on the topic, it does not take social engineering to find the MAC address for a router. Almost every stumbler does that, by default, out of the box. Many will show that there is a hidden SSID, but they may still show the MAC address. Even if they don't, the SSID can be found and the router cracked.
Note that the first detection for this was back in 1994, but still... it's proof that viruses can (and have) be written for Macs.
Now that OS X 10.5 is fully Unix (BSD) in the back end and most Macs are Intel-based architecture and not protected with more than the firewall, I say that it probably just is not noticed as much.
There are millions of Macs sold every quarter. If you could write a Mac virus you could have a huge botnet, but so far there has been no evidence that anyone has been able to.
I agree... especially considering the amount of Mac users who believe that OS X is immune to viruses and malware. We've all seen/heard it before... The infamous ignorance of the vast majority of Mac fanbois: "Problems with viruses? Get a Mac! The can't get viruses!"
I use a Mac daily and, though I have only seen (caught) 2 trojans, I have caught plenty of Mac/Unix targeted malware. It's only a matter of time...
Linux has been getting hacked since it started. Literally, considering it was a hacker who made the kernel. Just like M$ whatever, *nix, Novell, Apple OS X... they've all been hacked before and will be hacked again.
There is always someone willing and knowledgeable enough to own your box. Especially if the attacker can compromise a critical system, say one that is integrated into the distribution process of an entire operating system.
I would like to see the number of compromised Fedora/Red Hat downloads there have been before remediation, though.
TSA has been accepting 'approved' luggage bags for a while (as well as approved luggage locks). The new laptop bags only allow people to travel with their laptop without taking everything out of the bag, before putting it on the scanner. I fail to see how this would be an inconvenience or greater security flaw. It all gets scanned either way.
Also, as far as airport security and getting through the scanners without being arrested. This has already been done and is, no doubt, being done repeatedly. Independent security researchers test and/or assess physical security of most places they go. Think of Johnny Long, a no-tech ninja who has written and spoke of numerous security shortcomings of Airport (in)Security and the like.
Sorry, but I fail to see why there is an outrage over a new convenience option. How does speeding up checking times fall in the range of annoying to soviet!?
Slashdot Mirror
Sure... blame the users... /sarcasm
That is what I gathered from the article. For instance, you pop your new software disc into the optic drive and are prompted with the installer. This will not happen, post update.
You pop in your external harddrive and are prompted with the installer for the manufacturers proprietary software... Parent was a bad example.
When I insert a USB stick, Windows XP opens an AutoPlay window asking me what action to take. If the autorun.inf file is found, the default choice in the AutoPlay window is to run whatever is in autorun.inf. What now? Does XP completely ignore autorun.inf with this update?
That is what I gathered from the article. For instance, you pop your new software disc into the optic drive and are prompted with the installer. This will not happen, post update. This loss of "functionality" also prevents certain attacks utilized by hackers and malware, think USB switchblades, Conficker, etc..., but also slightly decreases the usability that average users have grown used to.
Personally, I think this is a good call, provided there is a way to enable it. Features like Autoplay should, IMO, be disabled by default with an accessible option to enable it. I say that with a security mindset, mind you. My question is: Why only on XP and not Vista or 7?
ConnectBot...
All that is left is hardware. You don't need an uberninja-speed phone to open an ssh tunnel. Hell, my old G1 did this quite nicely. So you are left with the physical keyboard, as virtual keyboards really DO suck when used for too much more that a quck SMS or microblog post. As long as your physical keyboard is decent and you know how to use tha Alt/Fn keys, then you are good to go.
The point that security researchers have been trying (for years) to get across to developers and companies alike is that ALL software/protocols/standards/whatever should be developed with security in mind from the beginning. Granted, even with secure coding practices and rigorous application security testing, there will always be some vulnerability that gets overlooked by the developer or discovered by an attacker. The thing is that most companies tend to put functionality and features far above security, which is IMHO a completely ass backward way of doing things when it comes to technology in general.
King's got to be around to play himself, nay? With him being around 63, its hard to guarantee that he'll be around another 7 or so years to play his part in the films.
I don't think him getting to be 75 is terribly far fetched. Hard to guarantee, yes, but not impossible. Now, will he be coherent enough for cameos at 75? Tough to say.
By the rate that films are made and aired it could be another 12 years from now before we could see the final film.
Now THAT would keep it true to the books! Or perhaps more like 22 years? http://en.wikipedia.org/wiki/The_Dark_Tower_(series)
While I must say that I am pretty stoked about this news, I must also say that, while I understand the point of using a TV series as a bridge between feature films, I am a little dissappointed with the decision to go this route. Call me old fashion, but wouldn't it be more epic to have like 6-9 full length films? There is more than enough material in the books for that and IMHO the film adaptations should not stray from the books like most others. This project should be as epic as the book series.
The ONLY phone shipping the "Google Experience" (i.e. Android as intended, more or less) was the Nexus One, every other phone out there has some sort of skin FORCEFULLY installed on it (HTC Sense, MOTOBLUR, TouchWiz, etc).
Not true. The Samsung Moment, though laden with Sprint's 'unremovable system apps' (i.e. NASCAR, NFL, SprintTV, etc) and tweaked for CDMA/EVDO, has a plain vanilla Android ROM on it. It offers much the same Google experience as the G1/DevPhone1 did. The only UI difference between the Moment and the Nexus One is that the N1 has the Advanced Laucher and Live Wallpapers (which have been ported to the Moment by the excellent community of Android device hackers, since day one.)
all ur botz r belong to us!!
School is great for your resume: but so is experience with fields that are growing and likely to remain in demand.
Like INFOSEC!
Seriously though, yes... Try to find what it is you love and learn about any emerging trends/tech/what-have-you revolving around or related to that, then learn as much as you can about it. I work in a small business, supporting about 100 users, so my role in IT is broad (from break-fix to Sysadmin). I feel your pain, but I am actively pursuing knowledge of information security and programming to an extensive degree, including pursuing my BS in Information Security (yes, I only have an AS, ATM.). My point is this: Stick with what you do, as it is a good foundation for what you want to do (IT support provides critical problem-solving and analysis skills) and further your education throughout it all. When you are comfortable in you knowledge of what it is you want to do and your skills revolving around that path, then you will have no problem jumping on you chosen profession. Remember: It may take time, often years, before you land a job that makes you enjoy waking up in the morning, but when you do all the past will be worth it.
Rubin says: 'We want to abide by the law, but not rule with an open fist.'
I think he does mean to rule with an iron fist.
Also - how does one 'pre-install' web based apps? I suppose you can have a special mobile client app, but all you need is a browser.
If you are referring to the Android Market and the apps as being web-based, that would not be true (well, the market is heavily 'web-reliant'. The apps are downloaded from the web and installed locally. Pre-installing an app is as easy as including it in the custom source build. And: w00t! More droids! MORE DROIDS! ...Seriously though, I think that I will stick with the custom/rooted builds, myself. :)
Way to go, BBC. You have moved past bringing the populace breaking news stories to creating them! I am looking forward to the next headline, regarding this. I think we all agree that gaining unauthorized access to another computer is, not only unethical, but illegal. I am surprised, being that this article is on slashdot, now, that the BBC is not already feeling the ramifications of its actions. I highly doubt they asked everyone in those chat rooms: "Hi, we are from the BBC, we would like to pwn your computer in the name of exposing cyber security risks. Is this okay, with you? Great, Thanks!"
... certain users are not yet ready...
...MOST users.
I see a very bright outlook for Apogee Telecom's ISP business this year.
Indeed. It's just too bad Apogee only offers its ISP services to colleges and Universities. If they were a standard ISP, it would be even better for them (in some respects). On that note... I think that their being a collegiate ISP is perhaps the reason (or one of them) that they did not just fork over the details, like all the others. There are pretty strict laws, when it comes to protecting the identities and information of students.
Only when the person is too much of a poser to not find the hidden SSID. Not everyone knows how, though it is incredibly simple. That is the reason why we have security through obscurity, to begin with. Also, to comment on the topic, it does not take social engineering to find the MAC address for a router. Almost every stumbler does that, by default, out of the box. Many will show that there is a hidden SSID, but they may still show the MAC address. Even if they don't, the SSID can be found and the router cracked.
Then way is "Ubuntu Satanic edition" Banned from Distrowatch? http://ubuntusatanic.org/news/
... because they didn't name it Saucy Satan, Satanic Sloth, Slutty Salamander or any other fitting name, maybe?
Krusty Krab... complete with SpongeBob Theme and loading wav. Think about it. What better way to get the younger generations to learn *nix? :)
Note that the first detection for this was back in 1994, but still... it's proof that viruses can (and have) be written for Macs.
Now that OS X 10.5 is fully Unix (BSD) in the back end and most Macs are Intel-based architecture and not protected with more than the firewall, I say that it probably just is not noticed as much.
There are millions of Macs sold every quarter. If you could write a Mac virus you could have a huge botnet, but so far there has been no evidence that anyone has been able to.
I agree... especially considering the amount of Mac users who believe that OS X is immune to viruses and malware. We've all seen/heard it before... The infamous ignorance of the vast majority of Mac fanbois: "Problems with viruses? Get a Mac! The can't get viruses!"
I use a Mac daily and, though I have only seen (caught) 2 trojans, I have caught plenty of Mac/Unix targeted malware. It's only a matter of time...
Linux has been getting hacked since it started. Literally, considering it was a hacker who made the kernel. Just like M$ whatever, *nix, Novell, Apple OS X... they've all been hacked before and will be hacked again.
There is always someone willing and knowledgeable enough to own your box. Especially if the attacker can compromise a critical system, say one that is integrated into the distribution process of an entire operating system.
I would like to see the number of compromised Fedora/Red Hat downloads there have been before remediation, though.
Not good business for whom? Isn't Android open source? I mean, I've been running it on a Sprint Touch for a week, now.
TSA has been accepting 'approved' luggage bags for a while (as well as approved luggage locks). The new laptop bags only allow people to travel with their laptop without taking everything out of the bag, before putting it on the scanner. I fail to see how this would be an inconvenience or greater security flaw. It all gets scanned either way.
Also, as far as airport security and getting through the scanners without being arrested. This has already been done and is, no doubt, being done repeatedly. Independent security researchers test and/or assess physical security of most places they go. Think of Johnny Long, a no-tech ninja who has written and spoke of numerous security shortcomings of Airport (in)Security and the like.
Sorry, but I fail to see why there is an outrage over a new convenience option. How does speeding up checking times fall in the range of annoying to soviet!?
Web-based, huh? Will it run under Linux?