Let me see if I got it right... when you're being sent emails from a particularly spammy entity, you go ahead and click on a link on their email that confirms that your email address is, in fact, active?
Yes. They already know the email address is active by virtue of the fact that their messages aren't bouncing, and they're already sending me emails. The worst that can happen is they send me more emails. I'll live with the risk.
Yes, exactly. I have the same problem with my Gmail account. Over the years many hundreds of people have mistaken it for their email address, distributed it far and wide, and entered it into all sorts of things. Sometimes I just let it go, especially if a site only sends one "thanks for registering" email. I hit delete and move on. But if the service is a particularly spammy one, I'll use the "forgot password" link, login, change the password, turn off all email-related options, etc.
I used to look for an option to delete the account entirely, but that invariably led to the same people signing back up for the same services again. Occasionally I'll try to do the other guy a favor and tell the sender that they have the wrong address. It usually isn't worth the effort. Someone has a Royal Bank of Scotland account registered to my email and no amount of emailing, filling out their contact form, or tweeting at them ever did any good so I just filtered that domain out.
Not much you can do about people sending random unsolicited communications, though. I've received some really interesting misdirected mail over the years, including some stuff from the European Space Agency, and being cc'd on an NFL player's contract negotiations with a new team.
Slashdot is often associated, whether rightly or wrongly, with being populated by many tech related users, it's within the realm of possibility of rogue scripts being served with Slashdot to scarf up clipboard data, passwords, etc in hopes of hacking well known websites that Slashdot users do work for.
No doubt. If the "good guys" target Slashdot users, you can bet the black hats do, as well.
That is nonsense. The IT guy that wiped her server, after the investigation began, posted on this very site asking for advice on how to destroy the evidence.
He posted on Reddit, not here, and his inquiry didn't read to me like an attempt to destroy evidence. He was trying to figure out how to redact email addresses from a large corpus of archived messages. This is standard practice during electronic discovery and document production, and isn't a sign of anything nefarious.
Low on the list, but certainly not nonzero. Given the increasing number of devices out there it's probably happening around the world with some regularity. There just isn't a way for most of us to properly measure or attribute the occurrences.
Say you're driving down the interstate and your cruise control shuts off, but you're sure you didn't bump the brake. Your $1.49 bag of chips rings up as $9.49 at the grocery store, but re-scans at the correct price after a void. A few pixels go blurry in an otherwise flawless TV broadcast. We tend to chalk these things up as "a glitch" and go on with life, but a few of them really are caused by tiny visitors from outer space...
I recall reading that most space probes are designed this way, due to increased exposure to radiation. Flipped bits are a serious problem in space, the hope is that only one event occurs at a time so that the other two processors maintain quorum.
My problem with AMP is that Google returns tons of those results for normal searches as well. It's supposed to be Accelerated Mobile Pages, but I'm not on mobile, I'm on a desktop. I don't want to see stripped-down AMP results, I want to go to the original page.
There's 100% chance that their "junk detection algorithm" tagged this as something that would offend uptight pricks in the suburbs. Those kind of people will insist on junk being covered on renaissance masterpieces.
Reminds me of the guy who lost an election to a dead man, but was still appointed Attorney General. Let the Eagle Soar! Just don't let any nipples show.
Digital books and e-readers, that's what. I want a book I can hold, feel, smell, turn the pages. A book doesn't need to be charged, it doesn't come encumbered by DRM, there's no glare reflecting back off its pages. And my eyes are compatible with every book, I don't need to worry about what format it's in and whether or not it works with my specific pair of ocular devices.
There was a site like this up several years ago called youhavedownloaded.com. There was a big to-do when people started plugging in IPs allocated to record labels and movie studios, and found that those people were pirating tons of shit.
After more than two years of public implementation and internal study, Google security architects have declared Security Keys their preferred form of two-factor authentication.
OK Google, then offer to ship these dongles out to your users at no cost. I'm not going to buy yet another little thing that's going to break, or get lost, or get stolen; I'll use it if it's free, though. I like PayPal's approach, they mailed out free SecurID dongles to anyone with a business account who asked for one. Mine still works fine on the original battery 10 years later.
Deleting those accounts as they pop up would make it kinda hard for intelligence services to keep tabs on them. It's more valuable to leave them active for awhile, see who's visiting and following, and then purge them in batches.
Except they aren't testing (solely) in developing countries; this test and whatever anomaly ensued took place in Arizona. Not exactly the population center of the US, granted, but the tests are being done here at home.
Facebook isn't alone in this regard, either, as Google has its own fleet of experimental drones. N749G flew over my house in the Memphis suburbs last Monday night enroute from KSIK to KOLV. The FAA says it's an "Ashfloyd Hummingbird," whose manufacturer has essentially zero public presence, but the model has been tied to Google's Project Wing. I kinda wish they'd keep their testing a little more remote.
What the MPAA ought to do, then, is seize the site assets, anglicize (or internationalize) everything, and set up their own site that charges a couple bucks per stream without any advertising. Of course we know that will never happen, they'd rather bitch and moan about piracy than provide more consumer-friendly options.
Either this is a very confabulated story or someone at an NSA-level agency is talking.
Nah. Much of the world's DNS traffic is passively monitored by ISPs, IXPs, ccTLD operators, etc. to be compiled and analyzed for research purposes. DNSDB is one such effort, there are others.
It was a great success! The father went to jail and they threatened to deport the mom; last I heard, the kids are in some pop-metal band still trying to get on TV. And all of that was a better conceived plan than removing the ESC key...
If they were really taking things seriously, it would've recalled or patched these products a long time ago when the security problems were first identified.
They released a firmware update more than a year ago to fix the default credentials problem. Any devices manufactured after September 2015 require the user to set a password, instead of coming pre-configured with a default. The firmware update also addresses this, but good luck getting consumers to install a firmware update.
There's also the "Bored Teenager" possibility. Some people just want to watch the world burn. For all we know, this is the work of some kid with lots of free time, fucking around for no benefit and without any real motivation.
Slashdot Mirror
Yep, 3.0.4 came out on August 31. I don't see anything on their website or FTP server about a newer release.
The dev changelog does refer to a version 3.0.5, but the changes listed there don't include fixing this vulnerability.
FlashSessions, now there's something I hadn't thought about in 20 years.
Let me see if I got it right... when you're being sent emails from a particularly spammy entity, you go ahead and click on a link on their email that confirms that your email address is, in fact, active?
Yes. They already know the email address is active by virtue of the fact that their messages aren't bouncing, and they're already sending me emails. The worst that can happen is they send me more emails. I'll live with the risk.
Yes, exactly. I have the same problem with my Gmail account. Over the years many hundreds of people have mistaken it for their email address, distributed it far and wide, and entered it into all sorts of things. Sometimes I just let it go, especially if a site only sends one "thanks for registering" email. I hit delete and move on. But if the service is a particularly spammy one, I'll use the "forgot password" link, login, change the password, turn off all email-related options, etc.
I used to look for an option to delete the account entirely, but that invariably led to the same people signing back up for the same services again. Occasionally I'll try to do the other guy a favor and tell the sender that they have the wrong address. It usually isn't worth the effort. Someone has a Royal Bank of Scotland account registered to my email and no amount of emailing, filling out their contact form, or tweeting at them ever did any good so I just filtered that domain out.
Not much you can do about people sending random unsolicited communications, though. I've received some really interesting misdirected mail over the years, including some stuff from the European Space Agency, and being cc'd on an NFL player's contract negotiations with a new team.
LED Lights: Friend or Foe? was posted here more than 15 years ago. Everything old is new again (except me, I guess).
"Flooz" was pretty fucking bad.
Slashdot is often associated, whether rightly or wrongly, with being populated by many tech related users, it's within the realm of possibility of rogue scripts being served with Slashdot to scarf up clipboard data, passwords, etc in hopes of hacking well known websites that Slashdot users do work for.
No doubt. If the "good guys" target Slashdot users, you can bet the black hats do, as well.
That is nonsense. The IT guy that wiped her server, after the investigation began, posted on this very site asking for advice on how to destroy the evidence.
He posted on Reddit, not here, and his inquiry didn't read to me like an attempt to destroy evidence. He was trying to figure out how to redact email addresses from a large corpus of archived messages. This is standard practice during electronic discovery and document production, and isn't a sign of anything nefarious.
Jeb Bush performed the same scrubs on his email archives, after first releasing them unredacted and causing an uproar because they were full of constituents' personal data.
Low on the list, but certainly not nonzero. Given the increasing number of devices out there it's probably happening around the world with some regularity. There just isn't a way for most of us to properly measure or attribute the occurrences.
Say you're driving down the interstate and your cruise control shuts off, but you're sure you didn't bump the brake. Your $1.49 bag of chips rings up as $9.49 at the grocery store, but re-scans at the correct price after a void. A few pixels go blurry in an otherwise flawless TV broadcast. We tend to chalk these things up as "a glitch" and go on with life, but a few of them really are caused by tiny visitors from outer space...
I recall reading that most space probes are designed this way, due to increased exposure to radiation. Flipped bits are a serious problem in space, the hope is that only one event occurs at a time so that the other two processors maintain quorum.
My problem with AMP is that Google returns tons of those results for normal searches as well. It's supposed to be Accelerated Mobile Pages, but I'm not on mobile, I'm on a desktop. I don't want to see stripped-down AMP results, I want to go to the original page.
51.99 billion of those are probably just copies of this and these...
There's 100% chance that their "junk detection algorithm" tagged this as something that would offend uptight pricks in the suburbs. Those kind of people will insist on junk being covered on renaissance masterpieces.
Reminds me of the guy who lost an election to a dead man, but was still appointed Attorney General. Let the Eagle Soar! Just don't let any nipples show.
What's not to like?
Digital books and e-readers, that's what. I want a book I can hold, feel, smell, turn the pages. A book doesn't need to be charged, it doesn't come encumbered by DRM, there's no glare reflecting back off its pages. And my eyes are compatible with every book, I don't need to worry about what format it's in and whether or not it works with my specific pair of ocular devices.
There was a site like this up several years ago called youhavedownloaded.com. There was a big to-do when people started plugging in IPs allocated to record labels and movie studios, and found that those people were pirating tons of shit.
After more than two years of public implementation and internal study, Google security architects have declared Security Keys their preferred form of two-factor authentication.
OK Google, then offer to ship these dongles out to your users at no cost. I'm not going to buy yet another little thing that's going to break, or get lost, or get stolen; I'll use it if it's free, though. I like PayPal's approach, they mailed out free SecurID dongles to anyone with a business account who asked for one. Mine still works fine on the original battery 10 years later.
Deleting those accounts as they pop up would make it kinda hard for intelligence services to keep tabs on them. It's more valuable to leave them active for awhile, see who's visiting and following, and then purge them in batches.
Except they aren't testing (solely) in developing countries; this test and whatever anomaly ensued took place in Arizona. Not exactly the population center of the US, granted, but the tests are being done here at home.
Facebook isn't alone in this regard, either, as Google has its own fleet of experimental drones. N749G flew over my house in the Memphis suburbs last Monday night enroute from KSIK to KOLV. The FAA says it's an "Ashfloyd Hummingbird," whose manufacturer has essentially zero public presence, but the model has been tied to Google's Project Wing. I kinda wish they'd keep their testing a little more remote.
What the MPAA ought to do, then, is seize the site assets, anglicize (or internationalize) everything, and set up their own site that charges a couple bucks per stream without any advertising. Of course we know that will never happen, they'd rather bitch and moan about piracy than provide more consumer-friendly options.
Either this is a very confabulated story or someone at an NSA-level agency is talking.
Nah. Much of the world's DNS traffic is passively monitored by ISPs, IXPs, ccTLD operators, etc. to be compiled and analyzed for research purposes. DNSDB is one such effort, there are others.
If you look in the dictionary under "regulatory capture", it has a photograph of Tennessee's legislature
I think it's just a picture of Marsha.
It was a great success! The father went to jail and they threatened to deport the mom; last I heard, the kids are in some pop-metal band still trying to get on TV. And all of that was a better conceived plan than removing the ESC key...
If they were really taking things seriously, it would've recalled or patched these products a long time ago when the security problems were first identified.
They released a firmware update more than a year ago to fix the default credentials problem. Any devices manufactured after September 2015 require the user to set a password, instead of coming pre-configured with a default. The firmware update also addresses this, but good luck getting consumers to install a firmware update.
AT&T is really SBC + BellSouth + (SBC + BellSouth == Cingular) + PacTel + (Michigan Bell + Indiana Bell + Illinois Bell + Ohio Bell + Wisconsin Bell == Ameritech) + ATT.
Isn't it great we take our anti-trust and monopoly laws so seriously?
There's also the "Bored Teenager" possibility. Some people just want to watch the world burn. For all we know, this is the work of some kid with lots of free time, fucking around for no benefit and without any real motivation.