Their thinking might be along the lines of "lots of people don't use email". And for a lot of people that is true. Most teens today that are glued to Facebook and/or Twitter don't use email. Over half the kids in my family have never even set up their email clients.
Actually, it is Slashdot that is redirecting connections made to https://slashdot.org/ over to http://slashdot.org/ effectively picking you up and plopping you down in to the hacker's lair.
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://slashdot.org/index2.pl">here</a>.</p> <hr> <address>Apache/2.2.3 (CentOS) Server at slashdot.org Port 80</address> </body></html> baldr/phil/home/phil 2>
Web sites need to open up their HTTPS service to providing the same content as the HTTP... or maybe even going so far as to always redirect HTTP over to HTTPS. A few sites like Google+ already do this (the link is HTTP but you get redirected to HTTPS).
Does anyone know if SSL solves the problem? Can a malicious endpoint act as a proxy so the SSL connection is between the endpoint and the real site and then serve you a different SSL certificate with the adverts included. (Although I doubt they can make a certificate look like the legitimate website.) Alternatively they could just drop everything down to HTTP...
The SSL layer already knows the hostname of where it wants to go. The signed certificate received from the connected server should have a cert for the Certificate Authority, identifying which public CA key to get from the collection the browser or SSL library has. The CA signature of the web site's cert is decrypted by that public CA key. If that works, it is then known the site cert is signed. If the site name also matches (maybe with wildcard enabled), and today's date is in the range valid for the signature, then the site cert is valid. Otherwise not, and you get that annoting security popup.
For the proxy to insert anything, it would have to act as the end point for the SSL stream. But that setup would fail unless the proxy has the web site's certificate signed by a valid CA. If you add a new CA the proxy server used (its own), then it could do that. Otherwise they would have to convince some CA to sign certs for ALL the major sites, for use in this proxy. A bad CA could do this. You can then defeat that by removing the bad CA cert from your browser. But the hotel could defeat you by convincing you to add their local CA cert to your browser (and then the proxy can dynamically generate a fake signed cert for any site you visit if they know the name in advance, which can be done with a name server injection). You can defeat that by not allowing any of their stuff into your computer.
If you have the means, a VPN to your own trusted network can help, though you then have slower responses. Test their network to see if you can access secured services you normally do have access to, like SSH, IMAPS, Submit/TLS. Also check to see if they have IPv6 and complain if not. Tell them "the FREE porn sites are on IPv6 only".
More than just porn sites do this. Many others, like LinkedIn, are more benign, just using your contacts list from your web email provider(s) to push you to find more people you know within LinkedIn. They don't spam or auto-add anyone. But it's still a concern. I use separate browsers for every signed-in site I visit, so LinkedIn can't get to my Gmail account, for example. I was prompted by LinkedIn to enter my password for those sites (I'd never do that). I don't know if they would prompt if the same browser instance was already logged in (I'd never do that).
Browsers should, and maybe FF now does, firewall JS code and data by hostname. Of course that would break using alternate servers for things like static images. But that's fixable by using the base name (remove the "www" part if that's on the name), and allowing access to hostnames that have name components added in front. So site slashdot.org could access images.slashdot.org. But tech.slashdot.org cannot access images.slashdot.org but can access images.tech.slashdot.org (so all sites just need to make their auxiliary servers named as child hostnames of the base hostname). The same wall should apply to Java and Flash, too (in addition to walls blocking access to the filesystem except as configured to be allowed into specific areas).
I've not done any tests of such security in FF, Chrome, or any other browser. Have fun.
Actually, no. I remember there were people on all extremes on a BBS I used way back then. What characterized these people of many different political opinions was they were all smart enough to actually make well thought out posts and arguments. And they actually read what other people are saying, too. Usenet also started out that way. The smaller size may have been some factor, but I think it was more because some combination of smarter people, and people that had not yet learned they can get away with being a jerk online.
So you mean, today's normal and yesterday's normal are not the same. Back then, our view of the world was focused on people who could pass the computer usage test. Today, our view includes idiots that run unsecured computers, tweeters, likers, spammers, and those really icky predators. But that is all normal either way because that is what those 23 chromosome pairs can generate.
If you think zmodem is bad, you should try xmodem. At least zmodem had something they could plausibly claim resembled something similar to error correction.
What was different about the BBS/Compuserve days was the computer itself was an IQ filter, letting in only those who could actually think, read, and write. If we could have an internet forum that was limited to that, it might actually be decent.
Notice that 16644 < 518466. I still use Linux. I don't use assembler much, anymore (but C is still my prime language... assembler was when I did mainframes). I was never a Libertarian, though. I do agree about Democrats vs Republicans (even though I have watched both change over the past 20 to 40 years). TBH, I was a registered Republican until they got so bad I had change to independent. Feel free to see what my politics today are like.
Generate it next to the power plant and then use that to fire the turbines. Return the produced water back to hydrogen. I hope this process is releasing oxygen, too, rather than tying it up with zinc. We could use that oxygen when burning the hydrogen to drive the turbine. Hope this is more efficient than a Sterling engine.
YOU should have sniffed around further just to get that customer's identity and contact info. I once found a big wallet left in a grocery cart in the parking lot. Rather than take it inside to the store where minimum wage people would fondle it and possibly keep it, I rummaged around to find the name of the owner. I caller her and we met at a Subway restaurant. Anyway, after YOU move to another hosting company, be sure to let the other customer know about it.
... if you don't give enough details like the name of the hoster, dates of events, what domains were transferred, yada, yada, yada. You know if you took this to a lawyer (the best thing to do, really) they need all this info and more. If you want us to help, we need it, too.
There are existing functions and methods to do these things in all variations of web programming, as well as backend server code, even in C. There is zero excuse NOT to do big salted hashes.
Of course, if the server is compromised, the malware can capture the plaintext passwords as users submit them. Passwords for inactive users generally tend to be of less value, anyway.
A bomb could actually be put together that way. So they were right to evacuate until it was determined to be safe. And you can't touch it until the evacuation is done for the risk that if it is a bomb, however unlikely, touching it could trigger it.
i am not saying they made a bad product, but they charge way too much for their products, i dont buy electronics to make a fashion statement, i buy an electronic product because it has a functionality that suits a purpose, and i find better value in alternatives to apple's products
People who buy from Apple ARE making a fashion statement. The rest of us buys something else that works.
It should be about CONSUMER CHOICE. But the consumer cannot make a proper choice without knowing whether or not the product is defective. If Apple makes things in a way that hide their defects, then they either need to disclose UP FRONT that the device is defective, OR sell it with a 2 year warranty... in every country.
Slashdot Mirror
And "distance yourself from the problem" doesn't prevent it from following you like a lonely puppy.
Have you tried this with Slashdot yet?
YOU sue them. Then the rest of us will have a legal precedent.
Their thinking might be along the lines of "lots of people don't use email". And for a lot of people that is true. Most teens today that are glued to Facebook and/or Twitter don't use email. Over half the kids in my family have never even set up their email clients.
Actually, it is Slashdot that is redirecting connections made to https://slashdot.org/ over to http://slashdot.org/ effectively picking you up and plopping you down in to the hacker's lair.
Web sites need to open up their HTTPS service to providing the same content as the HTTP ... or maybe even going so far as to always redirect HTTP over to HTTPS. A few sites like Google+ already do this (the link is HTTP but you get redirected to HTTPS).
Does anyone know if SSL solves the problem? Can a malicious endpoint act as a proxy so the SSL connection is between the endpoint and the real site and then serve you a different SSL certificate with the adverts included. (Although I doubt they can make a certificate look like the legitimate website.) Alternatively they could just drop everything down to HTTP...
The SSL layer already knows the hostname of where it wants to go. The signed certificate received from the connected server should have a cert for the Certificate Authority, identifying which public CA key to get from the collection the browser or SSL library has. The CA signature of the web site's cert is decrypted by that public CA key. If that works, it is then known the site cert is signed. If the site name also matches (maybe with wildcard enabled), and today's date is in the range valid for the signature, then the site cert is valid. Otherwise not, and you get that annoting security popup.
For the proxy to insert anything, it would have to act as the end point for the SSL stream. But that setup would fail unless the proxy has the web site's certificate signed by a valid CA. If you add a new CA the proxy server used (its own), then it could do that. Otherwise they would have to convince some CA to sign certs for ALL the major sites, for use in this proxy. A bad CA could do this. You can then defeat that by removing the bad CA cert from your browser. But the hotel could defeat you by convincing you to add their local CA cert to your browser (and then the proxy can dynamically generate a fake signed cert for any site you visit if they know the name in advance, which can be done with a name server injection). You can defeat that by not allowing any of their stuff into your computer.
If you have the means, a VPN to your own trusted network can help, though you then have slower responses. Test their network to see if you can access secured services you normally do have access to, like SSH, IMAPS, Submit/TLS. Also check to see if they have IPv6 and complain if not. Tell them "the FREE porn sites are on IPv6 only".
More than just porn sites do this. Many others, like LinkedIn, are more benign, just using your contacts list from your web email provider(s) to push you to find more people you know within LinkedIn. They don't spam or auto-add anyone. But it's still a concern. I use separate browsers for every signed-in site I visit, so LinkedIn can't get to my Gmail account, for example. I was prompted by LinkedIn to enter my password for those sites (I'd never do that). I don't know if they would prompt if the same browser instance was already logged in (I'd never do that).
Browsers should, and maybe FF now does, firewall JS code and data by hostname. Of course that would break using alternate servers for things like static images. But that's fixable by using the base name (remove the "www" part if that's on the name), and allowing access to hostnames that have name components added in front. So site slashdot.org could access images.slashdot.org. But tech.slashdot.org cannot access images.slashdot.org but can access images.tech.slashdot.org (so all sites just need to make their auxiliary servers named as child hostnames of the base hostname). The same wall should apply to Java and Flash, too (in addition to walls blocking access to the filesystem except as configured to be allowed into specific areas).
I've not done any tests of such security in FF, Chrome, or any other browser. Have fun.
Actually, no. I remember there were people on all extremes on a BBS I used way back then. What characterized these people of many different political opinions was they were all smart enough to actually make well thought out posts and arguments. And they actually read what other people are saying, too. Usenet also started out that way. The smaller size may have been some factor, but I think it was more because some combination of smarter people, and people that had not yet learned they can get away with being a jerk online.
Also, there was no showing of Anonymous Coward.
Never underestimate the bandwidth of a station wagon on the freeway, loaded with mag tape.
That was the good old days. Now days we have 53 foot long truck trailers full of 3TB hard drives.
So you mean, today's normal and yesterday's normal are not the same. Back then, our view of the world was focused on people who could pass the computer usage test. Today, our view includes idiots that run unsecured computers, tweeters, likers, spammers, and those really icky predators. But that is all normal either way because that is what those 23 chromosome pairs can generate.
If you think zmodem is bad, you should try xmodem. At least zmodem had something they could plausibly claim resembled something similar to error correction.
What was different about the BBS/Compuserve days was the computer itself was an IQ filter, letting in only those who could actually think, read, and write. If we could have an internet forum that was limited to that, it might actually be decent.
Notice that 16644 < 518466. I still use Linux. I don't use assembler much, anymore (but C is still my prime language ... assembler was when I did mainframes). I was never a Libertarian, though. I do agree about Democrats vs Republicans (even though I have watched both change over the past 20 to 40 years). TBH, I was a registered Republican until they got so bad I had change to independent. Feel free to see what my politics today are like.
You were worried about predators back then at that age?
Why burn it. Just use it in a greenhouse. Isn't that what greenhouse gases are for?
Now if only you could find a way to do step 3 before step 2 you could re-use the oxygen from step 3 to make clean water in step 2.
Generate it next to the power plant and then use that to fire the turbines. Return the produced water back to hydrogen. I hope this process is releasing oxygen, too, rather than tying it up with zinc. We could use that oxygen when burning the hydrogen to drive the turbine. Hope this is more efficient than a Sterling engine.
YOU should have sniffed around further just to get that customer's identity and contact info. I once found a big wallet left in a grocery cart in the parking lot. Rather than take it inside to the store where minimum wage people would fondle it and possibly keep it, I rummaged around to find the name of the owner. I caller her and we met at a Subway restaurant. Anyway, after YOU move to another hosting company, be sure to let the other customer know about it.
... if you don't give enough details like the name of the hoster, dates of events, what domains were transferred, yada, yada, yada. You know if you took this to a lawyer (the best thing to do, really) they need all this info and more. If you want us to help, we need it, too.
There are existing functions and methods to do these things in all variations of web programming, as well as backend server code, even in C. There is zero excuse NOT to do big salted hashes.
Of course, if the server is compromised, the malware can capture the plaintext passwords as users submit them. Passwords for inactive users generally tend to be of less value, anyway.
My password "f00/.xyzzy/.b4r" is not even close to being like one of those on the list.
If it were a real bomb, it may have been programmed to blow up on the NEXT flight, after Anonymous Coward gets OFF the flight at this stop.
A bomb could actually be put together that way. So they were right to evacuate until it was determined to be safe. And you can't touch it until the evacuation is done for the risk that if it is a bomb, however unlikely, touching it could trigger it.
Well, that kinda rules out Apple.
i am not saying they made a bad product, but they charge way too much for their products, i dont buy electronics to make a fashion statement, i buy an electronic product because it has a functionality that suits a purpose, and i find better value in alternatives to apple's products
People who buy from Apple ARE making a fashion statement. The rest of us buys something else that works.
Quality? But these are made in China under slave labor. This is not some EU or USA product.
It should be about CONSUMER CHOICE. But the consumer cannot make a proper choice without knowing whether or not the product is defective. If Apple makes things in a way that hide their defects, then they either need to disclose UP FRONT that the device is defective, OR sell it with a 2 year warranty ... in every country.