We've have countless fantasy stories where the evil antagonist was somehow confined to a crystal/underground jail cell/dimension/etc only to later escape and wreak havoc on the earth.
Rightfully, they shouldn't be. A sensible configuration would be to have them connected to a TCP/IP network so that they can be plugged into a central monitoring system... and the network they are connected to would (ideally) be plugged into some sort of VPN appliance. You would then *only* be able to access the systems through that VPN connection.
However, if the network is somehow breached, then you have a problem. Or if the people you have setting things up are idiots and literally DO plug it directly to the internet, which is also distressingly likely.
They may owe 8 billion, but what's the chances they'll actually have to pay that? If this were the US, they'd end up just making a settlement for a tiny fraction of that. Since this is the EU, who actually make more of an effort to hold corporations accountable for their greed, the amount would be comparatively larger, but I still have trouble seeing them extracting the full amount.
Phone numbers are the universal mechanism that people can use to contact each other around the entire world, whether by voice or (now a days) message.
Can I use Facebook Messenger to talk to someone using ICQ? No. Can I use Skype to talk to someone using What'sApp? No.
As long as we have these idiotic balkanised bullshit systems run by companies for the sole purpose of harvesting your personal data first, and maybe money second, phone numbers will *never* be replaced, nor would I want it to be thank you very much.
As far as I'm concerned, it's *everyone's* fault. What we have here are a bunch of companies that are playing an immature pass the buck game.
Chrome's incognito is supposed to be secure. Wouldn't any reasonable person expect a wipe of used VRAM to be included as part of cleanup process when an incognito window is closed? I know I would. But they don't, because they expect it to be handled by the driver.
NVidia's driver should be wiping memory that has been released by the calling app. It's *their* driver. Therefore they also share responsibility, unless Apple wrote their own NVidia driver and kept NVidia out of the dev process,
OSX should be taking care to wipe any volatile resources in between passing them from one process to another. That's just basic security.
Microsoft probably already does this, because they've had to deal with idiot vendors for decades who don't do the right thing.
The real problem is that MongoDB is the Visual Basic of databases.
People have been flocking to MongoDB because they consider SQL databases "too difficult" and "require too much effort". They want something easy that they can just slap together and get up and running, and all other considerations be damned.
And this is the result. Databases are *not* hard, but they *do* require you to actually think things through. If you can't do that, you shouldn't be doing development to begin with.
Well admittedly, having to pay sudden exorbitant fees is something that Oracle users are not wholely unfamiliar with. They've probably already have contigency plans.
Is there a handbook on legislative tactics that specifically says, "If you can't get what you want any other way, emphatically shout THINK OF THE CHILDREN!!11eleventy!1!"
Or is this tactic really that effective, so people continue to use it over and over?
I had this whole post in my head about all the possible things that could be done, but then I realized it's pointless cause those things will never happen.
Nothing can or will ever be done until there is a desperately needed shift in US culture. Between rabid anti-intellectualism, and nationalism, and a "fear everything" approach, the situation will continue to get much worse before it gets better.
At this point I can't remember the specific events in history, but I would argue that it really doesn't matter. Both Macromedia, and later Adobe, had more than enough time to clean things up. They didn't.
No, Flash didn't ask to be the de facto scripting language. But it become so, all the same. And Adobe ran with it, making it more and more featureful, while giving not giving security any thought at all.
Saying that they didn't ask for it is a cop out. HTML's lack of progress was an opportunity for Adobe, and Adobe pushed Flash as hard as they possibly could, doing everything they could to make Flash utterly ubiquitous. Adobe is *absolutely* to blame for the shitpile that is Flash. They've had more than enough time and opportunity to clean things up. The fact of the matter is that they *chose* not to fix it.
The only requirement is that the attacker has port forwarding enabled on the same VPN network as its target. A phishing link or laced image file, for example, is then sent to the victim which leads the traffic to a port under the hacker’s control.
So... using a social engineering attack can expose the victim's IP address. Am I missing something? Cause to me this falls under the category of "Well no shit, Sherlock!" If you can convince a user to run a malicious payload, then having an IP address exposed is the least the victim's problems.
There isn't one? How can a bunch of cabbies all be running under the same banner if there isn't one? Otherwise there'd be copyright lawsuits flying over cab design, etc.
Then again, this isn't America we're talking about, so maybe people are actually able to be civil with each other without requiring contracts and money changing hands.
Slashdot Mirror
I think we already know how this is gonna end.
We've have countless fantasy stories where the evil antagonist was somehow confined to a crystal/underground jail cell/dimension/etc only to later escape and wreak havoc on the earth.
Think, man!
Rightfully, they shouldn't be. A sensible configuration would be to have them connected to a TCP/IP network so that they can be plugged into a central monitoring system... and the network they are connected to would (ideally) be plugged into some sort of VPN appliance. You would then *only* be able to access the systems through that VPN connection.
However, if the network is somehow breached, then you have a problem. Or if the people you have setting things up are idiots and literally DO plug it directly to the internet, which is also distressingly likely.
They may owe 8 billion, but what's the chances they'll actually have to pay that? If this were the US, they'd end up just making a settlement for a tiny fraction of that.
Since this is the EU, who actually make more of an effort to hold corporations accountable for their greed, the amount would be comparatively larger, but I still have trouble seeing them extracting the full amount.
As often as Microsoft screws up regular updates, why in hell would we trust them to update something that can brick our computers when it fails?
Fuck. That.
Phone numbers are the universal mechanism that people can use to contact each other around the entire world, whether by voice or (now a days) message.
Can I use Facebook Messenger to talk to someone using ICQ? No.
Can I use Skype to talk to someone using What'sApp? No.
As long as we have these idiotic balkanised bullshit systems run by companies for the sole purpose of harvesting your personal data first, and maybe money second, phone numbers will *never* be replaced, nor would I want it to be thank you very much.
As far as I'm concerned, it's *everyone's* fault. What we have here are a bunch of companies that are playing an immature pass the buck game.
Chrome's incognito is supposed to be secure. Wouldn't any reasonable person expect a wipe of used VRAM to be included as part of cleanup process when an incognito window is closed? I know I would. But they don't, because they expect it to be handled by the driver.
NVidia's driver should be wiping memory that has been released by the calling app. It's *their* driver. Therefore they also share responsibility, unless Apple wrote their own NVidia driver and kept NVidia out of the dev process,
OSX should be taking care to wipe any volatile resources in between passing them from one process to another. That's just basic security.
Microsoft probably already does this, because they've had to deal with idiot vendors for decades who don't do the right thing.
Somebody please mod up the parent post. This is an excellent explanation of the peer review process.
You know, so many problems with science could be solved if peer review was mandatory precondition prior to blabbing to the press.
Oracle? Helping someone who hasn't been forced into a multi-million dollar support contract?
Go on, pull the other leg too!
*blink* I'm obviously missing something, but heck if I can tell what that is. :P I probably shouldn't be slashdotting before coffee.
I think you're responding to the wrong article, however if you change "MacKeeper" with "MongoDB", your post still works.
The real problem is that MongoDB is the Visual Basic of databases.
People have been flocking to MongoDB because they consider SQL databases "too difficult" and "require too much effort". They want something easy that they can just slap together and get up and running, and all other considerations be damned.
And this is the result. Databases are *not* hard, but they *do* require you to actually think things through. If you can't do that, you shouldn't be doing development to begin with.
Oh good! Now Wordpress can be compromised even faster than before!
Well admittedly, having to pay sudden exorbitant fees is something that Oracle users are not wholely unfamiliar with. They've probably already have contigency plans.
Can this get any more formulaic?
Is there a handbook on legislative tactics that specifically says, "If you can't get what you want any other way, emphatically shout THINK OF THE CHILDREN!!11eleventy!1!"
Or is this tactic really that effective, so people continue to use it over and over?
I had this whole post in my head about all the possible things that could be done, but then I realized it's pointless cause those things will never happen.
Nothing can or will ever be done until there is a desperately needed shift in US culture. Between rabid anti-intellectualism, and nationalism, and a "fear everything" approach, the situation will continue to get much worse before it gets better.
Fox News is a symptom, not a cause.
A New Age Bullshit Generator
http://sebpearce.com/bullshit/
No, it has to be the Wi-Fi. It couldn't possibly have been the fact that the mother was a psychotic idiot who made her daughters life a living hell.
At this point I can't remember the specific events in history, but I would argue that it really doesn't matter. Both Macromedia, and later Adobe, had more than enough time to clean things up. They didn't.
No, Flash didn't ask to be the de facto scripting language. But it become so, all the same. And Adobe ran with it, making it more and more featureful, while giving not giving security any thought at all.
Saying that they didn't ask for it is a cop out. HTML's lack of progress was an opportunity for Adobe, and Adobe pushed Flash as hard as they possibly could, doing everything they could to make Flash utterly ubiquitous. Adobe is *absolutely* to blame for the shitpile that is Flash. They've had more than enough time and opportunity to clean things up. The fact of the matter is that they *chose* not to fix it.
ty
But... where? From Lenovo's website? Walters White Van Specials?
The only requirement is that the attacker has port forwarding enabled on the same VPN network as its target. A phishing link or laced image file, for example, is then sent to the victim which leads the traffic to a port under the hacker’s control.
So... using a social engineering attack can expose the victim's IP address. Am I missing something? Cause to me this falls under the category of "Well no shit, Sherlock!" If you can convince a user to run a malicious payload, then having an IP address exposed is the least the victim's problems.
There isn't one? How can a bunch of cabbies all be running under the same banner if there isn't one? Otherwise there'd be copyright lawsuits flying over cab design, etc.
Then again, this isn't America we're talking about, so maybe people are actually able to be civil with each other without requiring contracts and money changing hands.
Or the one that criminalizes porn actresses with A cups?
Dafuq? O_o Seriously?