Editing typographically complex languages was either impossible, or not WYSIWYG.
You make excellent points, but the above makes me thing back to how wonderfully simple and intuitive entering foreign characters was in Wordperfect for DOS.
"e" with a grave accent (and it may not have been the alt key) alt-e-/ An "a" with two dots over it: alt-a-: A "c" with cedilla: alt-c-, etc
I watched the video presentation which another poster linked to. One you MITM the http session, you can proxy the SSL login page using a modified https url for which you do have a valid certificate. The users get a valid https page, only not for the domain they think it is, but the url deception is so slick it's hard to imagine anyone spotting it.
This is an improvement over the older version which worked in the way you described (and which BTW he found to be 100% effective in fooling people based on a limited trial on a TOR network - which is also scary).
That will protect you from the attack vector he created FIVE years ago.
With this new attack, you do see an https://yourbank.com/blahblahblah URL and it comes with a valid certificate.
To protect against this attack, you have START your browser session by entering the correct https URL. If you start with http and only get to https by following a link or redirect, then you could already be 0wned.
Except there is no need for a/real_path_here. All the information the MITM needs to do the proxy is contained in the stuff to the left of the domain (ie the subdomain). He can manage the path any way he wants on his webserver using mod_rewrite etc. This is a wickedly nasty attack.
Still doesn't help if you can also find fake international characters to replace things like ?, & and =. Say the evil domain is 74h34.be, then your evil url could look like:
Thank you, but we all know what a flash mob is (except possibly the author of the article). The point is that what happened here was NOT a flash mob, and that calling it a "flash mob", or any kind of mob for that matter, is poor writing and poor communication.
I wonder if there is some efficient way of putting in three or more chips, running all calculations repeated in parallel, and apply majority-rule to the result. Even with that overhead, you could end up with something that is still many times faster and more energy efficient than a conventional chip, without sacrificing reliability.
Yeah, but any time people have to consult a dictionary to justify a writer's choice of words, then the writer has failed to do their job. Good writers choose their words very carefully, taking into account what the readers might read into it.
No matter what the dictionary says, if a significant number of readers believe you have chosen the wrong words to describe something, then you have chosen the wrong words to describe it.
True. But what people forget in an advertising-supported model is that you are NOT the consumer of a product. YOU are the product. The consumers are the advertisers.
If you don't like being a product then opt out and don't use the service. But don't go thinking that you are a consumer entitled to being catered to. All you are to Google is a pair of shrink-wrapped eyes and a clicking finger sitting on a shelf in a massive warehouse along with millions of others. Deal with it.
Just to play devil's advocate... maybe it's the results of the Pierre Auger Observatory and the like which is horribly horribly wrong. Maybe the energies of all these natural collisions have been grossly overestimated for some reason, and the HLC will in fact greatly exceed anything ever seen.
Just sayin'
Re:Or that history repeats itself
on
Less Is Moore
·
· Score: 2, Funny
Or in other words, All this has happened before and will happen again. I believe that's Ronald D Moore's Law
That's why a thought the whole Dolly cloning thing was highly dubious. Sheep all look alike! Clone something that is obviously rare and unique, then you've got something to brag about.
If this get resolved is there any chance the fix could get ported to Windows? I just had my Dad's XP laptop completely freeze after I plugged in a bog-basic USB thumbdrive. The desktop sprang to life only after I unplugged it. I wish some of the AC Windows fanboys who were hassling me here last week were around to see it. "Ready for the desktop" my ass.
Watching three seasons of House should have taught you that if doctors think it is cancer, then it's not cancer, unless it turns out to actually be cancer. Also, the first five treatments they try will probably make things worse, and ultimately the patient will only be cured because of some random remark.
If you want to test-drive a beta OS then I think a Live CD is a pretty fucking valuable feature. If you insist on a car analogy, then it's like a dealer offering a vehicle for test drive, except you have to bring and mount your own tires.
Your point on Virtual Machines is well-taken though. I have played around with some VMs in the past, but wasn't sufficiently impressed. Is there a technology you recommend?
There is no Live CD, right? So if I want to try this thing without endangering my existing install, I either have to get another computer, or buy another hardrive, open my case, swap the drives, do an install, then reverse the process when I'm done.
Remind me again why Windows is considered "ready for the desktop"?
Re:What we REALLY need
on
Using Drupal
·
· Score: 1
'Linux' has always been linn-uks. Torvald's accent, as heard in torvalds-says-linux.wav, made it sound slightly ee-like, and that managed to confuse many people (although I don't know how, as it has always been quite clear to me that he is saying linn-uks). Now that his accent has become more americanized, as in the video, it should be clear to everyone.
I have no great love of video games, but I really don't see the sense in spinning this story into an anti-gaming message. The kid learned something useful by playing video games. How is that bad?
Okay, six-years-old, not exercising the best of judgment, but what if the scenario was different? Say that his mom was unloading groceries when the car slipped out if gear and rolled back crushing and pinning her against a wall. The kid then uses his acquired skills to drive the car forward, saving her life. What would the spin be then?
That may be the theory behind it, but I just don't see it working. It doesn't scale like email, and you can't forge the return address like email. If I see that a friend's account has been compromised, then I warn the friend and they can reset their password or contact tech support. You've also got the Twitter tech people doing everything they can to stamp this out. and they have total control over the entire system. There is no central authority in charge of all email.
Maybe I'm wrong, and Twitter will soon be flooded with bogus "check out this cool link" tweets, but I doubt it. We'll see.
I don't get this scam at all. They use email disguised as a Twitter DM to drive people to a phishing site to steal Twitter logins, so they can do what exactly? The article says they they can then use Twitter to send messages to drive people to websites. Umm, aren't they already doing that with the email?
Twitter is a free service and holds no personal info that doesn't appear on your public profile, other than an email address. People routinely hand over their Twitter logins to third party sites so they can find out their twitter rankings and other such things.
I can understand phishing for bank and paypal logins, but this seems like a lot of effort to achieve very little.
Slashdot Mirror
Editing typographically complex languages was either impossible, or not WYSIWYG.
You make excellent points, but the above makes me thing back to how wonderfully simple and intuitive entering foreign characters was in Wordperfect for DOS.
"e" with a grave accent (and it may not have been the alt key) alt-e-/
An "a" with two dots over it: alt-a-:
A "c" with cedilla: alt-c-,
etc
I really wish openoffice could do that.
I watched the video presentation which another poster linked to. One you MITM the http session, you can proxy the SSL login page using a modified https url for which you do have a valid certificate. The users get a valid https page, only not for the domain they think it is, but the url deception is so slick it's hard to imagine anyone spotting it.
This is an improvement over the older version which worked in the way you described (and which BTW he found to be 100% effective in fooling people based on a limited trial on a TOR network - which is also scary).
That will protect you from the attack vector he created FIVE years ago.
With this new attack, you do see an https://yourbank.com/blahblahblah URL and it comes with a valid certificate.
To protect against this attack, you have START your browser session by entering the correct https URL. If you start with http and only get to https by following a link or redirect, then you could already be 0wned.
Except there is no need for a /real_path_here. All the information the MITM needs to do the proxy is contained in the stuff to the left of the domain (ie the subdomain). He can manage the path any way he wants on his webserver using mod_rewrite etc. This is a wickedly nasty attack.
Still doesn't help if you can also find fake international characters to replace things like ?, & and =. Say the evil domain is 74h34.be, then your evil url could look like:
https://mybank.com/bunch/of/paths/banking.jsp?bunch=of&arguments=here&session=0WjEc.74h34.bE
Now it just looks like an innocent session hash.
I had first post, and now it's gone!
Thank you, but we all know what a flash mob is (except possibly the author of the article). The point is that what happened here was NOT a flash mob, and that calling it a "flash mob", or any kind of mob for that matter, is poor writing and poor communication.
I wonder if there is some efficient way of putting in three or more chips, running all calculations repeated in parallel, and apply majority-rule to the result. Even with that overhead, you could end up with something that is still many times faster and more energy efficient than a conventional chip, without sacrificing reliability.
Yeah, but any time people have to consult a dictionary to justify a writer's choice of words, then the writer has failed to do their job. Good writers choose their words very carefully, taking into account what the readers might read into it.
No matter what the dictionary says, if a significant number of readers believe you have chosen the wrong words to describe something, then you have chosen the wrong words to describe it.
True. But what people forget in an advertising-supported model is that you are NOT the consumer of a product. YOU are the product. The consumers are the advertisers.
If you don't like being a product then opt out and don't use the service. But don't go thinking that you are a consumer entitled to being catered to. All you are to Google is a pair of shrink-wrapped eyes and a clicking finger sitting on a shelf in a massive warehouse along with millions of others. Deal with it.
If I were you, I would phone Google and ask for my money back!
Oh wait...
Just to play devil's advocate... maybe it's the results of the Pierre Auger Observatory and the like which is horribly horribly wrong. Maybe the energies of all these natural collisions have been grossly overestimated for some reason, and the HLC will in fact greatly exceed anything ever seen.
Just sayin'
Or in other words, All this has happened before and will happen again. I believe that's Ronald D Moore's Law
That's why a thought the whole Dolly cloning thing was highly dubious. Sheep all look alike! Clone something that is obviously rare and unique, then you've got something to brag about.
If this get resolved is there any chance the fix could get ported to Windows? I just had my Dad's XP laptop completely freeze after I plugged in a bog-basic USB thumbdrive. The desktop sprang to life only after I unplugged it. I wish some of the AC Windows fanboys who were hassling me here last week were around to see it. "Ready for the desktop" my ass.
Watching three seasons of House should have taught you that if doctors think it is cancer, then it's not cancer, unless it turns out to actually be cancer. Also, the first five treatments they try will probably make things worse, and ultimately the patient will only be cured because of some random remark.
Wait. There are paper products you can use for that?! What a great idea. I just wish somebody had told me this sooner.
Thank you, from the heart of my bottom. My pet gerbil "Browny" thank you too.
Ah yes. Third party software. Thank you for reminding me. I knew it wasn't anything Microsoft did.
If you want to test-drive a beta OS then I think a Live CD is a pretty fucking valuable feature. If you insist on a car analogy, then it's like a dealer offering a vehicle for test drive, except you have to bring and mount your own tires.
Your point on Virtual Machines is well-taken though. I have played around with some VMs in the past, but wasn't sufficiently impressed. Is there a technology you recommend?
There is no Live CD, right? So if I want to try this thing without endangering my existing install, I either have to get another computer, or buy another hardrive, open my case, swap the drives, do an install, then reverse the process when I'm done.
Remind me again why Windows is considered "ready for the desktop"?
'Linux' has always been linn-uks. Torvald's accent, as heard in torvalds-says-linux.wav, made it sound slightly ee-like, and that managed to confuse many people (although I don't know how, as it has always been quite clear to me that he is saying linn-uks). Now that his accent has become more americanized, as in the video, it should be clear to everyone.
I have no great love of video games, but I really don't see the sense in spinning this story into an anti-gaming message. The kid learned something useful by playing video games. How is that bad?
Okay, six-years-old, not exercising the best of judgment, but what if the scenario was different? Say that his mom was unloading groceries when the car slipped out if gear and rolled back crushing and pinning her against a wall. The kid then uses his acquired skills to drive the car forward, saving her life. What would the spin be then?
Do not try this at home!
That may be the theory behind it, but I just don't see it working. It doesn't scale like email, and you can't forge the return address like email. If I see that a friend's account has been compromised, then I warn the friend and they can reset their password or contact tech support. You've also got the Twitter tech people doing everything they can to stamp this out. and they have total control over the entire system. There is no central authority in charge of all email.
Maybe I'm wrong, and Twitter will soon be flooded with bogus "check out this cool link" tweets, but I doubt it. We'll see.
I don't get this scam at all. They use email disguised as a Twitter DM to drive people to a phishing site to steal Twitter logins, so they can do what exactly? The article says they they can then use Twitter to send messages to drive people to websites. Umm, aren't they already doing that with the email?
Twitter is a free service and holds no personal info that doesn't appear on your public profile, other than an email address. People routinely hand over their Twitter logins to third party sites so they can find out their twitter rankings and other such things.
I can understand phishing for bank and paypal logins, but this seems like a lot of effort to achieve very little.