Just so it's clear to everyone, you don't need a "genuine" version of Windows to download and install critical updates. And honestly, SP3 is over 3 years old. It's hard to hold Microsoft or even Windows XP accountable for users refusing to upgrade.
But if you got a MyDoom message in any modern software you'd get tons of warnings, and many e-mail programs would strip the attached executable as a matter of policy.
People who had opted into HTTPS in all these countries could still use it. It's just that other users couldn't opt in. And they fixed it quickly when it was brought up. Why would anyone suppose it was intentional?
And the Bahamas, Cayman Islands, and Fiji were also affected. I suppose Microsoft was sucking up to their dictators?
In January this year (2010), Gmail switched to using HTTPS for everything by default. Previously it had been introduced as an option, but now all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy no additional machines and no special hardware. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.
If you stop reading now you only need to remember one thing: SSL/TLS is not computationally expensive any more.
Dude is basically right. The definition of a republic is one where governmental power is exercised by representatives elected by the public. There was a time when a "democracy" was a government where power was exercised directly by the people, but "representative democracies" such as our own are fairly called democracies now.
I would still prefer the word "republic" for the USA because it's such a hybrid of the republican model. There are 2 models of representation in Congress, the president is - technically - elected by a body of electors voted for by the people of the states, and the courts are independent, but chosen by the other 2 branches, Most states have models based on the national model.
IIRC, this is the version in which they will no longer deliver a Java VM. This alone will drop the vulnerability and patch count significantly.
Can anyone with the preview confirm that it is/is not included?
Now that I think about it, my father went on antibiotics at the least little thing because they were worried about an infection (is it "seating"or "seeding"?) in the metal valve.
I've never heard this as a concern for artificial joints. My mother's got a knee, an elbow and both shoulders.
About 20 years ago my father had his aortic valve replaced (due to plaque buildup). He got a mechanical valve. While they were in there they did a bunch of bypasses for which they had to take venus grafts from his legs.
I asked his cardiologist why there weren't any synthetic grafts. Harvesting the veins just seems like an opportunity for infection to me. He just said that there weren't any and seemed uninterested in the question.
BTW, Mehmet Oz, Dr. Oz from TV, did the surgery. He had just done Frank Torre's heart transplant the year before.
In fact there was an actual rootkit in the SCADA systems themselves. That's what TFA is referring to when they say "2-level explosive" or something like that. The SCADA rootkit hid itself in part by first monitoring the data flow and then, while in attack mode, feeding fake data back to the monitoring PC.
Stuxnet has to win 1st place in the malware hall of fame.
There are a few important aspects of the story that didn't get covered by the NYT. One is that there was no mention of the origin of the 4 zero-day Windows vulnerabilities and another is the insertion method.
Obviously Stuxnet wasn't just blasted out on botnets. Someone got it very close, probably into a facility or more than one facility, or perhaps into a government office or contractor. That's one of the aspects of this that always told me it was a state actor with quality human intelligence capabilities.
Actually, my wild guess before is that a contractor from Siemens or someone like that spread it. Which brings up another aspect of this: This story can't be good news for Siemens's customer relations, especially with their government customers.
The idea that you lose privacy when you're under arrest is not a hard one to grasp. They can search your pockets, they can search the bag you're carrying, etc.
First, this article is basically a dupe of one from a couple days ago.
Second, Zalewski was working on his own and MS asked him, in his personal capacity, not to release the tool. I had all this in my PCMag article referenced in the previous/.
Slashdot Mirror
Or download the standalone SP3 image first. That said, Microsoft should do more rollup updates.
Just so it's clear to everyone, you don't need a "genuine" version of Windows to download and install critical updates. And honestly, SP3 is over 3 years old. It's hard to hold Microsoft or even Windows XP accountable for users refusing to upgrade.
Just goes to show how few people really give a shit about this stuff.
It's even worse than that. The fact that Microsoft will discontinue support for XP in April 2014 was announced in April, 2009
But if you got a MyDoom message in any modern software you'd get tons of warnings, and many e-mail programs would strip the attached executable as a matter of policy.
Context Information Security has already tested WebGL implementations and demonstrated the sorts of bugs Microsoft warns about. In fact, it looks like maybe they got a tip about it from Redmond, but they do demonstrate it, and Mozilla has acknowledged the bugs for Firefox 4.
The national anthem of Fiji
I don't suppose this would impress you, but the CIA says that Fiji has a multiparty constitional democracy.
People who had opted into HTTPS in all these countries could still use it. It's just that other users couldn't opt in. And they fixed it quickly when it was brought up. Why would anyone suppose it was intentional? And the Bahamas, Cayman Islands, and Fiji were also affected. I suppose Microsoft was sucking up to their dictators?
Dude is basically right. The definition of a republic is one where governmental power is exercised by representatives elected by the public. There was a time when a "democracy" was a government where power was exercised directly by the people, but "representative democracies" such as our own are fairly called democracies now. I would still prefer the word "republic" for the USA because it's such a hybrid of the republican model. There are 2 models of representation in Congress, the president is - technically - elected by a body of electors voted for by the people of the states, and the courts are independent, but chosen by the other 2 branches, Most states have models based on the national model.
IIRC, this is the version in which they will no longer deliver a Java VM. This alone will drop the vulnerability and patch count significantly. Can anyone with the preview confirm that it is/is not included?
Beans could be used for methane fuel.
The attacks are on Windows so that's where they put the effort. Note that the sandbox is also only on Reader and not Acrobat for the same reason
The larger the ISP, the more they’re penalized by the more rural regions which are limited to DS3 45 Mbps circuits feeding a whole town.
Now that I think about it, my father went on antibiotics at the least little thing because they were worried about an infection (is it "seating"or "seeding"?) in the metal valve. I've never heard this as a concern for artificial joints. My mother's got a knee, an elbow and both shoulders.
So then the implant discussed here would be a major infection concern too?
About 20 years ago my father had his aortic valve replaced (due to plaque buildup). He got a mechanical valve. While they were in there they did a bunch of bypasses for which they had to take venus grafts from his legs. I asked his cardiologist why there weren't any synthetic grafts. Harvesting the veins just seems like an opportunity for infection to me. He just said that there weren't any and seemed uninterested in the question. BTW, Mehmet Oz, Dr. Oz from TV, did the surgery. He had just done Frank Torre's heart transplant the year before.
In fact there was an actual rootkit in the SCADA systems themselves. That's what TFA is referring to when they say "2-level explosive" or something like that. The SCADA rootkit hid itself in part by first monitoring the data flow and then, while in attack mode, feeding fake data back to the monitoring PC. Stuxnet has to win 1st place in the malware hall of fame.
There are a few important aspects of the story that didn't get covered by the NYT. One is that there was no mention of the origin of the 4 zero-day Windows vulnerabilities and another is the insertion method. Obviously Stuxnet wasn't just blasted out on botnets. Someone got it very close, probably into a facility or more than one facility, or perhaps into a government office or contractor. That's one of the aspects of this that always told me it was a state actor with quality human intelligence capabilities. Actually, my wild guess before is that a contractor from Siemens or someone like that spread it. Which brings up another aspect of this: This story can't be good news for Siemens's customer relations, especially with their government customers.
Governments should't be keeping secrets
The idea that you lose privacy when you're under arrest is not a hard one to grasp. They can search your pockets, they can search the bag you're carrying, etc.
I didn't write that title, the /. editor did
First, this article is basically a dupe of one from a couple days ago. Second, Zalewski was working on his own and MS asked him, in his personal capacity, not to release the tool. I had all this in my PCMag article referenced in the previous /.
I'm the author of TFA and I have made changes to include reactions from Microsoft and Zalewski. Larry Seltzer PC Magazine