Well unless you have configured your *nix box to automatically privilege and run windows executables somehow, using a real OS is probably sufficient to stop this attack.
You are trying to say that users needing to type chmod +x./latest_flash_player_youtube.sh , is sufficient protection to prevent end users from running things they shouldn't....
Ransomware is not prevalent in Linux, but again, it is absurdly naive to think that it couldn't, or that the OS is doing much to prevent it. Again, end user education is key, regardless of OS. Implying to under-informed users that OSX is magically secure against cryptoware, is a recipe for disaster.
How is it you manages to not once mention Microsoft Windows in that whole article?
How does the Critroni ransomware get onto the victim’s PC in the first place?
Most of this shit is installed by tricking the user with phishing style emails and general social engineering to download attachments. Certainly zero day stuff is a goldmine for malware, but under-informed end users are much more consistently available. The stuff that cryto ransom software holds hostage is heavily concentrated in the user's home directory, so no privilege escalation is required. It is good to be proud of your operating system of choice, but it is smug to think that Linux/OSX/BSD/Solaris will do anything technical to protect from such an attack.
The problem is that most end users are suck being fucked by whatever broadband monopoly services their house. While this would enrage customers at Verizon, their voices would be of little consequence... everybody involved knows they are stuck.
Hiring workers that can read costs more. Considering none of the workers I dealt with at their plant in SC were able to read, of course they're cheaper. Hiring drooling moron six grade drop-outs is cheaper. Of course what isn't cheaper is all of the rework that is done. Because of the difficult job required due to the massive mistakes made by the idiots in SC, the rework must all be done by union workers. They are the only people in the world skilled enough to successfully fix the problems.
Sounds like they need to hire a Slashdot Anonymous Coward to be the CEO!
The MySQL PDO driver was not in active development until PHP 5.3. Existing code using proprietary database drivers is not magically fixed by the existence of PDO. I think a lot more respect would be gained by admitting there was a problem, and talking about why PHP will be good to use in the future.
Web languages are nothing without their libraries, so the lack of a unified database driver interface (until rather recently) is a noteworthy problem with PHP.
As a comparison, in the JDBC world, most databases do not even have non-JDBC drivers.... The existence of mysqli is a tribute to a long standing problem with PHP. In reality, development of the MySQL PDO driver started with PHP release 5.3, which was not even three years ago! PDO might be the future of PHP, but it is a pretty shitty defense of the language to this date.
hiphop/hack might not be pure PHP but if you're a PHP programmer, you can figure out and pick up hiphop and/or hack.
Running on something inspired by PHP is NOT the same thing as running PHP. Don't forget that everything at facebook is loosely coupled using webservices, many different languages being used in the back end, with Something Similar to PHP, but not, mostly running UX stuff.
Judging by the fact that most of Facebook is based on PHP, it sounds to me like it's pretty robust... It's also object oriented. The only drawback that I would find as a code-geek is weak typing, but that's a personal opinion, not a lacking feature.
Besides that Facebook isn't. They use a proprietary solution that started with PHP, but is really something else now.
Two of the ads are for the same thing with different branding. Whats worse, the products aren't even shipping yet! They stink of some kind of preorder-never-get-your-thing deals.
Nobody is debating whether current can be induced by a changing magnetic field.... It takes more than just doing to invalidate the first law of thermodynamics.
Mobile wifi is limited to 1w eirp (250mw with 6dbi antenna gain), not 4. In practice the transmitters are less powerful than the limit. Furthermore, they are not constantly transmitting at full power.
Passive RFID tags are powered directly by a reader that generates a high intensity RF field, specifically for energizing the tag. This is more akin to a wireless battery charging specification, where the device must be placed in a very specific location, than the RFID device being magically charged by whatever EM radiation happens to be around.
They probably were not even using the MFA provided by Amazon. It is kind of shitty to blame hosting providers for clients that do not even perform the bare minimum of suggested best practices.
I used an analog Tektronix scope in my younger years. It worked, and was cheep. At the same time, it made new scopes seem like small miracles. Just a thought.
When $300 for Alibaba knockoff stuff seems like a great deal, we are talking about a very expensive thing. Newer Tektronix equipment costs orders of magnitude more. In this market, even though it is possible to buy something for $300, it is still a very tiny budget.
yeah u r right... 99% of aws customers need scale...? NO
Scalability is not just for the enterprise. In AWS you can feel safe starting with a $15/month setup, knowing that you can always move to the $100/mo plan if the workload changes. When buying hardware you do not have a similar liberty. It is either buy more than you need, or risk having to buy again.
Still, learning CIDR notation is nothing. We are getting high and mighty about a bitmask that starts with a certain number of ones, then ends with zeros. Realistically, most IT pros only need to memorize the specifics up to about a/16 network... that is 16 data points. And before you whine about the/4 that someone you know manages, realize that to be the god of the internet, you only need to remember 32. Spewing a bunch of CIDR shit to look intimidating is a joke.
Trying to intimidate people with technical jargon garbage does a disservice to real IT work. Knowing subnetting notation is not nearly as important as say, knowing how routing works. Knowing how to write a DNS zone file is not nearly as interesting as knowing what to do when the DNS server stops working. At least try to be smug about things that actually require skill, instead of talking shit about things it takes 20 minutes to learn on Wikipedia.
There's no pure theory CS curriculum I know of that includes specialized things that IT people have to know just to get started, such as: What a/27 is, and what Netmask/IP to configure the Windows machine with when I tell you I have assigned the VLAN a/28, and you need to give that computer the last IP address in 10.0.0.48/28, with.49 as default gw. What RAID10 is -- more importantly, how to set one up, how DNS works.... what file to edit and what changes to make to create a reverse DNS entry for X.Y.Z.W; the list goes on as much as you like.
Are you trying to say that it is important to know a lot of trivia, buzzwords, and jargon, to be an IT person?
Slashdot Mirror
Well unless you have configured your *nix box to automatically privilege and run windows executables somehow, using a real OS is probably sufficient to stop this attack.
You are trying to say that users needing to type chmod +x ./latest_flash_player_youtube.sh , is sufficient protection to prevent end users from running things they shouldn't....
Ransomware is not prevalent in Linux, but again, it is absurdly naive to think that it couldn't, or that the OS is doing much to prevent it. Again, end user education is key, regardless of OS. Implying to under-informed users that OSX is magically secure against cryptoware, is a recipe for disaster.
How is it you manages to not once mention Microsoft Windows in that whole article? How does the Critroni ransomware get onto the victim’s PC in the first place?
Most of this shit is installed by tricking the user with phishing style emails and general social engineering to download attachments. Certainly zero day stuff is a goldmine for malware, but under-informed end users are much more consistently available. The stuff that cryto ransom software holds hostage is heavily concentrated in the user's home directory, so no privilege escalation is required. It is good to be proud of your operating system of choice, but it is smug to think that Linux/OSX/BSD/Solaris will do anything technical to protect from such an attack.
The problem is that most end users are suck being fucked by whatever broadband monopoly services their house. While this would enrage customers at Verizon, their voices would be of little consequence... everybody involved knows they are stuck.
Hiring workers that can read costs more. Considering none of the workers I dealt with at their plant in SC were able to read, of course they're cheaper. Hiring drooling moron six grade drop-outs is cheaper. Of course what isn't cheaper is all of the rework that is done. Because of the difficult job required due to the massive mistakes made by the idiots in SC, the rework must all be done by union workers. They are the only people in the world skilled enough to successfully fix the problems.
Sounds like they need to hire a Slashdot Anonymous Coward to be the CEO!
The MySQL PDO driver was not in active development until PHP 5.3. Existing code using proprietary database drivers is not magically fixed by the existence of PDO. I think a lot more respect would be gained by admitting there was a problem, and talking about why PHP will be good to use in the future.
Web languages are nothing without their libraries, so the lack of a unified database driver interface (until rather recently) is a noteworthy problem with PHP.
Personally, I never touch PHP.
As a comparison, in the JDBC world, most databases do not even have non-JDBC drivers.... The existence of mysqli is a tribute to a long standing problem with PHP. In reality, development of the MySQL PDO driver started with PHP release 5.3, which was not even three years ago! PDO might be the future of PHP, but it is a pretty shitty defense of the language to this date.
hiphop/hack might not be pure PHP but if you're a PHP programmer, you can figure out and pick up hiphop and/or hack.
Running on something inspired by PHP is NOT the same thing as running PHP. Don't forget that everything at facebook is loosely coupled using webservices, many different languages being used in the back end, with Something Similar to PHP, but not, mostly running UX stuff.
And your insightful comment gave us exactly 0 examples of problems with PHP. If you're going to hate on it, give us a reason.
Tight coupling with database drivers seems to be a recurring theme in PHP, as one example.
PHP is relatively modern, robust
No it isn't
Thanks for your valuable contribution.
Judging by the fact that most of Facebook is based on PHP, it sounds to me like it's pretty robust... It's also object oriented. The only drawback that I would find as a code-geek is weak typing, but that's a personal opinion, not a lacking feature.
Besides that Facebook isn't. They use a proprietary solution that started with PHP, but is really something else now.
Two of the ads are for the same thing with different branding. Whats worse, the products aren't even shipping yet! They stink of some kind of preorder-never-get-your-thing deals.
His point is: learn to fucking spell "Oberyn"
That is an uncivil response to a simple error.
Nobody is debating whether current can be induced by a changing magnetic field.... It takes more than just doing to invalidate the first law of thermodynamics.
Mobile wifi is limited to 1w eirp (250mw with 6dbi antenna gain), not 4. In practice the transmitters are less powerful than the limit. Furthermore, they are not constantly transmitting at full power.
Passive RFID tags are powered directly by a reader that generates a high intensity RF field, specifically for energizing the tag. This is more akin to a wireless battery charging specification, where the device must be placed in a very specific location, than the RFID device being magically charged by whatever EM radiation happens to be around.
They probably were not even using the MFA provided by Amazon. It is kind of shitty to blame hosting providers for clients that do not even perform the bare minimum of suggested best practices.
One of those, "you wouldn't even know if the dynamite exploded", kinds of things.
I used an analog Tektronix scope in my younger years. It worked, and was cheep. At the same time, it made new scopes seem like small miracles. Just a thought.
When $300 for Alibaba knockoff stuff seems like a great deal, we are talking about a very expensive thing. Newer Tektronix equipment costs orders of magnitude more. In this market, even though it is possible to buy something for $300, it is still a very tiny budget.
Not an o'scope. Nice try though. Also, $300 != "microbudget".
For an oscilloscope, $300 is more like a nanobudget, or even picobudget.
yeah u r right... 99% of aws customers need scale...? NO
Scalability is not just for the enterprise. In AWS you can feel safe starting with a $15/month setup, knowing that you can always move to the $100/mo plan if the workload changes. When buying hardware you do not have a similar liberty. It is either buy more than you need, or risk having to buy again.
The Cancer will kill off the Rabies.
I think that people who have died of rabies probably would have wished that were true. It really is not a laughing matter.
Still, learning CIDR notation is nothing. We are getting high and mighty about a bitmask that starts with a certain number of ones, then ends with zeros. Realistically, most IT pros only need to memorize the specifics up to about a /16 network... that is 16 data points. And before you whine about the /4 that someone you know manages, realize that to be the god of the internet, you only need to remember 32. Spewing a bunch of CIDR shit to look intimidating is a joke.
Sadly, some people in IT do :/
Trying to intimidate people with technical jargon garbage does a disservice to real IT work. Knowing subnetting notation is not nearly as important as say, knowing how routing works. Knowing how to write a DNS zone file is not nearly as interesting as knowing what to do when the DNS server stops working. At least try to be smug about things that actually require skill, instead of talking shit about things it takes 20 minutes to learn on Wikipedia.
There's no pure theory CS curriculum I know of that includes specialized things that IT people have to know just to get started, such as: What a /27 is, and what Netmask/IP to configure the Windows machine with when I tell you I have assigned the VLAN a /28, and you need to give that computer the last IP address in 10.0.0.48/28, with .49 as default gw. What RAID10 is -- more importantly, how to set one up, how DNS works.... what file to edit and what changes to make to create a reverse DNS entry for X.Y.Z.W; the list goes on as much as you like.
Are you trying to say that it is important to know a lot of trivia, buzzwords, and jargon, to be an IT person?
And that is a good thing why, exactly? Our standards also change for a reason.
It used to be reasonable to burn someone alive for resembling, or supposedly resembling, a fictional character in literature.