I think not.. they just froze our business' account and the money contained in it because my boss' last name is Cuban... Never mind that he lives in Canada with resident status.
Many of the buisnesses we deal with have similar horror stories of paypal freezing money for months with no explanation. The worst case being $750 000 frozen for 8 months of a large processing company.
There are many reasons that it may be needed such as fraud control, credit backs etc.
One scenario is if you discover a card was false after you charged it. It's a lot cheaper to credit the card before the real owner generates a charge back since there is a signifigant fee (for the reseller) attatched. You can't do this if you don't have the number stored somewhere.
2 basic things can help keep the customers secure though.
1: not storing more info than you have to. On this point there is NO excuse for keeping the CVV2 info yet I see people doing this a LOT.
If they don't have the CVV2 codes the card will be harder to use as more credit card companies demand it's use. Use the code to verify the card then forget what it was. (yes I've seen buisnesses store it in the db)
2: properly secured servers with up to date patches/daemons. If the server isn't secure it won't matter how much you use encryption they can simply grab the data as you process it.
Unfortunatly links caches dynamic pages and that makes a lot of sites completely unuseable.
When I asked the author about this he said it was supposed to do that for speed reasons.
I actually had all 3 of the major text based browsers on my system and between the 3 of them was able to browse most sites.. that was until I gave up and went back to Mozilla after I discovered that a simple php game I wanted to play wouldn't work with any of them.
You mean SUID root and you need to be root to write to those files in the first place... so the original statement was correct: not running as root will limmit the possible damage.
Although AMD really did get burned by the motherboard makers this round. It looks like they learned from their mistakes on the Opteron by simplifying things to a design not even VIA can screw up.
His whole rant about Bitkeeper is just wrong. According to Linus himself you DO NOT need bitkeeper to track kernel changes. Lnus has made every effort to make life easy for non bitkeeper users, in fact, several top level contributers don't bother with it and send the old style patches.
Well you have that anyways.. the warrant asks for a specific type of info and if the information doesn't fall within the required scope I'm guessing they just made competing lawer's day.
What a load of crap.. the case in question actually had an issued warrant so it wsan't circumventing anything.
Picture what your proposing for a moment.. instead of the system admin handing over the required information he has to instead hand over the root password?
If you think having a police officer present wil fix this you are sadly mistaken. Any ISP would be able to alter the evidence prior to or even during a search.
What isn't mentioned in this story is that a lot of schools have just been told to sign to the new plan or be forced to drop everything and audit their software in the middle of finals.
The problem is that it's extortion. They know very well no one will have time to do a changeover so that's at least one year of bulk licencing.
Or go to top100.org/altlist.com and wonder why your searches are all now going to 2ksearch.com and MSN search is now completly inaccessable. They helfully overwrite c:\windows\hosts and redirect auto.search.msn.com for you.
One really has to wonder what sort of idiot thought that having the abillity to overwrite any file from any random website was a good idea.
Personally I blame both sides.. on one hand you have some idiot taking advantage but on the other MS should have considered the security implictions before a lot of those features were shown the light of day.
Slashdot Mirror
Reputable??? PAYPAL?
I think not.. they just froze our business' account and the money contained in it because my boss' last name is Cuban... Never mind that he lives in Canada with resident status.
Many of the buisnesses we deal with have similar horror stories of paypal freezing money for months with no explanation. The worst case being $750 000 frozen for 8 months of a large processing company.
There are many reasons that it may be needed such as fraud control, credit backs etc.
One scenario is if you discover a card was false after you charged it. It's a lot cheaper to credit the card before the real owner generates a charge back since there is a signifigant fee (for the reseller) attatched. You can't do this if you don't have the number stored somewhere.
2 basic things can help keep the customers secure though.
1: not storing more info than you have to. On this point there is NO excuse for keeping the CVV2 info yet I see people doing this a LOT.
If they don't have the CVV2 codes the card will be harder to use as more credit card companies demand it's use. Use the code to verify the card then forget what it was. (yes I've seen buisnesses store it in the db)
2: properly secured servers with up to date patches/daemons. If the server isn't secure it won't matter how much you use encryption they can simply grab the data as you process it.
Unfortunatly links caches dynamic pages and that makes a lot of sites completely unuseable.
When I asked the author about this he said it was supposed to do that for speed reasons.
I actually had all 3 of the major text based browsers on my system and between the 3 of them was able to browse most sites.. that was until I gave up and went back to Mozilla after I discovered that a simple php game I wanted to play wouldn't work with any of them.
weve had that for awhile.. so the PHBs could have been happy for months. openantivirus.org for starters and there are plenty more.
Nice to run on Linux mailservers.
You mean SUID root and you need to be root to write to those files in the first place... so the original statement was correct: not running as root will limmit the possible damage.
being asked by the kid next door how to delete the porn before his parents see it.
It's a quirk of exim's setup so it's not allowing sends to numeric addresses. Some MTAs will accept it.
Because it's legal. "127.0.0.1" is a reserved number that indicates the local machine. It's commonly known as loopback.
So the mailserver tries to send it to itself, realises it's not supposed to recive addresses from there and spits back an error.
If you have control of a nameserver you can make a domain resolve that way and then the spammers can't detect it as easilly.(potentially more fun)
"but I don't know of a cellular phone contract that works out to being less expensive than a land line"
.. just take any job where your expected to own a cell phone so you can be on call.
Easy
I did the math when I needed internet access at home cable was cheaper than either land line+dialup or DSL.
tried a larger power supply?
Although AMD really did get burned by the motherboard makers this round. It looks like they learned from their mistakes on the Opteron by simplifying things to a design not even VIA can screw up.
Yes that's exactly who I was referring to.
Correct.. I meant Al Viro(thanks for pointing it out)
" No serious work is being done outside of Bitkeeper - if you can't see it in the LKML you're blind."
Right.. I suppose Larry Mcvoy's mass of changes to the FS layer doesn't qualify as "serious work".
Do you actually read LKML for yourself ?
His whole rant about Bitkeeper is just wrong. According to Linus himself you DO NOT need bitkeeper to track kernel changes. Lnus has made every effort to make life easy for non bitkeeper users, in fact, several top level contributers don't bother with it and send the old style patches.
even at 2 pricessers per 1u they aren't as dense as a blade.
Uhh no.. this has nothing at all to do with MP since i's a beowulf cluster and last I checked you can't to MP with transmeta.
Well you have that anyways.. the warrant asks for a specific type of info and if the information doesn't fall within the required scope I'm guessing they just made competing lawer's day.
It could have been account information of some sort.
What a load of crap.. the case in question actually had an issued warrant so it wsan't circumventing anything.
Picture what your proposing for a moment.. instead of the system admin handing over the required information he has to instead hand over the root password?
If you think having a police officer present wil fix this you are sadly mistaken. Any ISP would be able to alter the evidence prior to or even during a search.
my employer owns sackmail.com ... for some reason we have been getting a lot of spam to lickmyhairynuts@sackmail.com.
Submitted the day after the World Trade center terrorist attack?
....
Gee I wonder how that got lost
What isn't mentioned in this story is that a lot of schools have just been told to sign to the new plan or be forced to drop everything and audit their software in the middle of finals.
The problem is that it's extortion. They know very well no one will have time to do a changeover so that's at least one year of bulk licencing.
Or go to top100.org/altlist.com and wonder why your searches are all now going to 2ksearch.com and MSN search is now completly inaccessable. They helfully overwrite c:\windows\hosts and redirect auto.search.msn.com for you.
One really has to wonder what sort of idiot thought that having the abillity to overwrite any file from any random website was a good idea.
It's not even an exploit really.
Personally I blame both sides.. on one hand you have some idiot taking advantage but on the other MS should have considered the security implictions before a lot of those features were shown the light of day.