"I'll show you politics in America. Here it is, right here. 'I think the puppet on the right shares my beliefs.' 'I think the puppet on the left is more to my liking.' 'Hey, wait a minute, there's one guy holding out both puppets!'"
Completely wrong. It takes one line of javascript to open a link with no referer sent. Not rocket science.
If I were bofa, I would be looking at browser quirks, and using those to authenticate the HTTP_USER_AGENT environment variable. Browser says that they're IE? include a little activeX that only works in IE and examine output, or send some javascript. For each browser, set up a suite of these hacks and serve a few with each page. If the browser doesn't respond with the correct output of the quirk (pipeped into a form field via javascript, say), then assume browser is just a script with the UA set. That would kill about 90% of phishing attacks.
I would also look at login patterns and route all login page requests through an analyzing proxy that notes the IP address, User Agent, probable physical location and whether it has been used to access the account previously. Then, if a particular IP or User Agent requests a login that is suspicious, send an SMS message to the account owner (who would need their cell number on file fdirst, obviously:) explaining the access and where it is being made from. They will need to reply to the message before the login can continue from that IP. I mean, if I always access my online banking from 2 specific IP blocks, then one day try to access it from the other side of the country, I'd expect a red flag to go up - especially if I'd accessed it on old IP only 6 hours previously.
Not bulletproof, but damn close.
At my last job, we used a similar system to analyze FTP access to half a million accounts. It made catching script kiddies a hell of a lot easier:)
...(probably) between when this article was submitted and now (here).
But, because Trent GETS IT, it looks like they had a player already lined up, and you can legally listen to the album here (I bet Rob can't wait to get slashdotted:)
Of course the album will leak before it hits the shops. The RI(fucking)AA haven't a clue how to use this to increase sales, so they run around like a headless chicken. Trent decided that since it was going to happen anyway, he might as well be in control as much as possible as to what gets released and when. Makes perfect sense to me from a marketing perspective.
Not only all that, but this album is the best in over a decade (IMHO) - look out for "Vessel" and "The Great Destroyer" (complete with a token nod to The Prophet's Song by Queen:) I think that TGD can best be summed up by (stolen from ETS), "I AM THE GREAT DESTOYYYYYYYYEEEEEEEEEER-BOOOM-ZOING-BOOOOM-ZOING- BOOOM, CUURr OAOOOOWWW TING TING BOW!" - yep, the noise is back:)
Hey - this is Slashdot - don't think for a second there that I actually clicked any links or did any background reading. Or poofread my post for spelling errors.
"No other news outlet has picked up this story so far"
Wow. I feel honored. I can now tell my grandkids when I'm old and crusty that I actually saw a peice of news that was posted first on Slashdot - as opposed to the usual way of things being recycled from Fark, Digg or CNET. Or worse, a Roland Pickadoor submission.
Is that a tear forming in the corner of my eye? Sniff.
"Also make a photocopy of your passport and keep it in a hidden place,that can save your ass."
Alternatively, scan all your travel documents and store them in a password protected zip file somewhere (along with a copy of the FilZip installer - just in case). Then just remember / write down the URL of the file. Works for me:)
Other simple extensions that make life saner include copy as plain text (A life-saver in this "MS-we-know-what-you're trying-to-do" world) and the BugMeNot extension.
OK, word association exercise. Think about the meaning of iPot.
Now read this sentence:
4. iPot: mobile phone in granny's kettle so you can get an email if she doesn't use it for a day.
Hands up if you had to read it three times to get what it was actually about because on the first two reads you thought it was some kind of weird stoner talk?
Besides, no matter what they do, they can't stop me from creating a knoppix cluster from my coworkers pc's after they all leave for the day
Now your knowledge really shines through. What if they password protected BIOS settings and set things up so the box will only boot from the hard drive?
Not exactly rocket science.
There's a new Nine Inch Nails ARG based around the new concept albums (Year Zero and (possibly?) Year One). It's driving us crazy and the server's are periodically crashing under the load, so I thought I'd try and slashdot the ARG site to see if that helps:)
Slashdot Mirror
Or at least putting it on pause for a while and summing up where we're at. I'm 24.24.2.1251 btw :)
That's like saying we can raise sea levels by pissing in the sea. Just do the math ffs...
money talks.
"I'll show you politics in America. Here it is, right here. 'I think the puppet on the right shares my beliefs.' 'I think the puppet on the left is more to my liking.' 'Hey, wait a minute, there's one guy holding out both puppets!'"
- Bill Hicks
Completely wrong. It takes one line of javascript to open a link with no referer sent. Not rocket science.
:) explaining the access and where it is being made from. They will need to reply to the message before the login can continue from that IP. I mean, if I always access my online banking from 2 specific IP blocks, then one day try to access it from the other side of the country, I'd expect a red flag to go up - especially if I'd accessed it on old IP only 6 hours previously.
:)
If I were bofa, I would be looking at browser quirks, and using those to authenticate the HTTP_USER_AGENT environment variable. Browser says that they're IE? include a little activeX that only works in IE and examine output, or send some javascript. For each browser, set up a suite of these hacks and serve a few with each page. If the browser doesn't respond with the correct output of the quirk (pipeped into a form field via javascript, say), then assume browser is just a script with the UA set. That would kill about 90% of phishing attacks.
I would also look at login patterns and route all login page requests through an analyzing proxy that notes the IP address, User Agent, probable physical location and whether it has been used to access the account previously. Then, if a particular IP or User Agent requests a login that is suspicious, send an SMS message to the account owner (who would need their cell number on file fdirst, obviously
Not bulletproof, but damn close.
At my last job, we used a similar system to analyze FTP access to half a million accounts. It made catching script kiddies a hell of a lot easier
Yep, it's so much effort to hold down the shift key when inserting the drive. I get tired fingers too, so I feel your pain.
Actually, yes, there is.
...(probably) between when this article was submitted and now (here).
But, because Trent GETS IT, it looks like they had a player already lined up, and you can legally listen to the album here (I bet Rob can't wait to get slashdotted :)
Of course the album will leak before it hits the shops. The RI(fucking)AA haven't a clue how to use this to increase sales, so they run around like a headless chicken. Trent decided that since it was going to happen anyway, he might as well be in control as much as possible as to what gets released and when. Makes perfect sense to me from a marketing perspective.
Not only all that, but this album is the best in over a decade (IMHO) - look out for "Vessel" and "The Great Destroyer" (complete with a token nod to The Prophet's Song by Queen :) I think that TGD can best be summed up by (stolen from ETS), "I AM THE GREAT DESTOYYYYYYYYEEEEEEEEEER-BOOOM-ZOING-BOOOOM-ZOING- BOOOM, CUURr OAOOOOWWW TING TING BOW!" - yep, the noise is back :)
...stole way too much of my childhood.
Where's Jack Thompson when you really need him?
Try The Bastard Fairies. And their album is free for download, too.
Hey - this is Slashdot - don't think for a second there that I actually clicked any links or did any background reading. Or poofread my post for spelling errors.
"No other news outlet has picked up this story so far"
Wow. I feel honored. I can now tell my grandkids when I'm old and crusty that I actually saw a peice of news that was posted first on Slashdot - as opposed to the usual way of things being recycled from Fark, Digg or CNET. Or worse, a Roland Pickadoor submission.
Is that a tear forming in the corner of my eye? Sniff.
He doesn't appear in a national search in National Sex Offenders Public Website.
Really.
"Also make a photocopy of your passport and keep it in a hidden place,that can save your ass."
Alternatively, scan all your travel documents and store them in a password protected zip file somewhere (along with a copy of the FilZip installer - just in case). Then just remember / write down the URL of the file. Works for me :)
Flashblock makes sites browsable again. Stop autoplay falls into the same category :) And No script is just plain sensible.
Other simple extensions that make life saner include copy as plain text (A life-saver in this "MS-we-know-what-you're trying-to-do" world) and the BugMeNot extension.
OK, word association exercise. Think about the meaning of iPot.
Now read this sentence:
4. iPot: mobile phone in granny's kettle so you can get an email if she doesn't use it for a day.
Hands up if you had to read it three times to get what it was actually about because on the first two reads you thought it was some kind of weird stoner talk?
And where would that be exactly? Surely, by convention the probe is above the planet - wherever it is in its orbit?
Sounds like you might want to read this.
need... more... coffee...
...have got it right. And they have a good sense of humor too. My fave is currently Whatever.
Besides, no matter what they do, they can't stop me from creating a knoppix cluster from my coworkers pc's after they all leave for the day
Now your knowledge really shines through. What if they password protected BIOS settings and set things up so the box will only boot from the hard drive? Not exactly rocket science.There's a new Nine Inch Nails ARG based around the new concept albums (Year Zero and (possibly?) Year One). It's driving us crazy and the server's are periodically crashing under the load, so I thought I'd try and slashdot the ARG site to see if that helps :)
"This means nothing to me, Ohhhhhh Vienna"
apt :)
He's been acting a little strange since he failed the screen test for Brokeback Mountain... cLive ;-)