You really think "Average José" (remember, this is Argentina) checks for SSL when accessing Hotmail? Or the guy's GF, for that matter? Also, this happened quite some years ago (1999 or so, I guess... it was a dial-up ISP we're talking about) and people were even less security-aware than they are now.
I know the guy... I could as well disbelieve the story but have no reason to do so... the SSL bit doesn't make it the tiniest bit less believable for me.
The point is, precisely, that if you distrust your ISP your hope is SSL... but most people probably don't check it, specially when doing a routine mail check.
A guy I know used to be admin in an ISP here in Argentina. Once he wanted to read his girlfriend's e-mail... since his girlfriend was a user of the ISP he worked at this is what he did:
1 - Create a false Hotmail frontpage that would store username and passwords entered in a text file in his server and then redirect you to some type of error page, or something (perhaps redirecting to the real Hotmail).
2 - Modify the DNS to point to his fake Hotmail page.
3 - Leave it running all night.
4 - In the morning he removed the DNS entry and examined the text file... which listed not only his GF's password, but those of a couple hundred customers of that ISP.
So even if you never fall for phishing scams, browse with all scripting and ActiveX off, use virtual keyboards to enter e-banking passwords, etc. you may be easily pwned by a black hat ISP admin.
Robert Rodriguez did his award-winning film "El Mariachi" for U$S 16.000. He did it by using a minimum crew that worked for free, using stuff he already had at hand, using cheap lighting, university facilities, and some other technical money-saving techniques. Most of the money went to buying and developing film... so it could be argued that if he had access to a digital video camera at the time the movie would have cost almost nothing.
Kevin Smith did the award-winning cult-classic movie "Clerks" for U$S 27.000.
Hollywood doesn't know how to make movies for less than a couple of millions, and probably doesn't care... because throwing those millions around probably simplifies the process of getting the movie done on time, and they collect a bundle anyway, so it makes no sense to them to spend too little.
So actually... making a movie that would ordinarily cost 3-5 M for 1.75 M doesn't impress me.
Translate for me: doesn't having 3-4 times the number of fixes that 1.5 did mean 2.0 is 3-4 times more broken? Or does it mean that 1.5 has 75% of its bugs unattended?
Don't mean to troll... I really don't understand how that phrase says anything positive about FF2 (which I already installed this morning).
Mmm... my feeling was that at least the menus seemed a little slower to show. But it was just a sensation, since they're still fast.
What I sure can say is that the new default theme is AWFUL. I never cared much for custom themes, but it wasn't more than ten minutes using 2.0 and I had already installed a "Firefox 1.5" lookalike theme.
I THINK that the system you describe would have many possible solutions, specially if you don't know the size of the room and position of the screen, to be of any use.
I don't know about the rest of Slashdot, but I can't wait for the day when I have my very own Robo Puente to play along with
Can somebody explain the pun to me?
To my best understanding it seems like a mixup between argentine comedian/actor "Rolo Puente" and musician "Tito Puente"... but that would be a mistake only an argentinian would make. Is there some other explanation for the pun?
I really don't get any of these arguments. I don't understand why OSS should be:
- Developed ad-honorem.
- Developed by individuals and not by companies.
- All developers considered equals.
- Fun to develop.
- Not a job to develop.
OSS is about Open Source... and all that implies. If some large OSS projects are handled like any other commercial software projects, more power to them... it's the "open" that matters. As long as the sources are open, volunteer groups will be able to apply a completely different approach and work philosophy to any commercially developed OSS product they want.
IE Only Sites. There's nothing more than I'd love than to put Firefox and remove IE from people's desktop. In fact, I do at every chance I get. But telling someone that if they come across a site that FF doesn't work with - the site isn't worth it for them, and it turns out their BANKING or STOCK site doesn't work... well your credibility just got shot down.
Worst part is, the sites I had problems with so far while using Firefox were all based on Flash. It seems that IE and FF handle screen coordinates differently... so cursors, pull down menus and buttons implemented in Flash might not work OK in FF depending on implementation. This has nothing to do with poor CSS or DHTML implementations.
I work at a small company. We don't have a full time sys admin (I do the chores myself, while also working as a programmer). We have a single Linux server that runs:
- SMTP
- POP
- DNS
- Apache (hosting mediawiki, mantis, dotproject, phpMyAdmin)
- MySQL (for the mentioned web apps)
- A SAMBA fileserver
- DHCP
The only thing that's not in that server is the firewall... which I kept in a different machine with no services running whatsoever, except those that handle our aDSL connection (pppoe, and sshd to connect from inside the LAN).
Our setup is not great on redundancy... but we can afford a couple of days of downtime (we had to, once or twice over the years) more than we can afford doubling our setup. Our services are used by a small number of employees (six, actually) and none are critical.
If Microsoft wants to pull us away from Linux they'd have to offer a Windows Server with all they usual servers (like those you mentioned), even if they're somewhat limited to prevent being used in a large corporation (max database size, max number of clients, etc.), priced appropiately for the use we'd give it. This product sounds like what we'd need... despite some companies misusing it for some reason.
I think you missed the point -- I believe the idea of using a live CD was brought up as a suggestion for how you always run your system, not for how you perform maintenance on your system. Why, you ask? Because if the OS is on a CD in a non-writing CD-ROM drive, the OS can't be infected by malware, or at least only until the next time you reboot.
A system partition mounted as ro should be a pretty solid alternative to this approach, I guess. You can keep the image in a CD and just write over it if a hacker finds a way to bypass it (which shouldn't be easier than bypassing the OS in the CD).
Not really... a spammer once got inside my linux box at work through an Apache exploit (which, afaik, wasn't even available to outside IPs... though not properly firewalled, I'll grant you that).
Anyway, the thing is, the guy used a script-kiddie package to take control of the server and spam... the first signal when I came into the office next morning was the server severly trashing around, but not because of the spamming but because (as I later found out through google) every copy available of the package he used to seize control was infected with a linux virus.
Even when I managed to "fix" the machine, I still wasn't sure if the guy, package or virus had compromised any other part of my box, so I had to reinstall.
My mom and my dad used to play with our Intellivision (a console by Mattel) way back in the Atari days. Mostly simple arcade games like Burgertime. Neither paid much attention to the C=64 which replaced the Intellivision, nor to the NES that replaced the C=64, though by that time they played a couple of games (mostly Tetris) on the Mac.
By the time my brother and I became less interested in our Gameboy, my mom got hooked. Tetris and Shangai being the first victims of cartridge burnout, followed by Dr. Mario. She also played a bit of Puzzle Bobble in the Mac... but never took any interest whatsoever in the SNES, N64 or Playstation 1 we had at home.
When my brother bought an X-BOX, someone made the mistake of showing my mom how to load the Tetris DVD that camed bundled with the console, so she was back again at her game, despite the complex controller (compared to the gameboy).
What about an encryption/compression scheme where the cyphertext decrypts to one, two or more different plaintexts depending on the password provided? The scheme should actually fill the cyphertext with lots of random data, so no clues are given towards the number of encrypted payloads contained.
Encrypted data is much easier to hide than non-encripted data. Just like terrorists or paedophiles have "wised-up" and started encrypting, they might just as easily develop techniques for hiding their stuff.
A law like this might help them with a couple of cases, but ultimately will become less and less useful against the worst criminals.
A few ATMs are completely outdoors, but most are inside of the bank building, in a small area accesible through the street (size varies). That way, when the bank is closed you can still get in the ATM. We have lots of banks here, BTW.
What this criminals do, allegedly, is to match the swiped card with the captured PIN... so if you use a different ATM or credit card from the one you're about to operate with, you're safe. I myself have ATM cards for three different banks, and two different credit cards, so it's not much trouble. I sometimes swipe a pre-paid arcade parlor magnetic card, also common in Argentina (you can get them for about 1 argentine peso, which would be like 30 american cents)
Saboteurs install a small keycard reader right next to the keycard reader at the ATM's door, so when you slide your car to enter, both readers get it. Recommendation: open the door with any other card, since the reader only checks for a magnetic strip and not for a valid card.
As for keypads, they usually install a different keypad over the regular one, which logs key presses and also activates the regular keys, so you notice nothing. The newspaper once showed one of this keyloggers, which had some sort of memory (flash perhaps) and ran on batteries.
If you have the sheet music, you can play a song you never heard.
If you have chords (or even most of the tabs in this sites) you just can't play them unless you heard the thing first (usually you need to practice with the recording until you can properly interpret the chords).
<blockquote>A spokesperson for Microsoft said it is difficult to predict the motives and actions of attackers but insisted the company is "watching round-the-clock" and actively encouraging customers to download the update immediately.
"We will mobilize if something does happen," the spokesperson said. </blockquote> They'll mobilize? Mobilize? As in "get the heck out of here"? Or are they calling the [GI]Joes?
Slashdot Mirror
You really think "Average José" (remember, this is Argentina) checks for SSL when accessing Hotmail? Or the guy's GF, for that matter? Also, this happened quite some years ago (1999 or so, I guess... it was a dial-up ISP we're talking about) and people were even less security-aware than they are now.
I know the guy... I could as well disbelieve the story but have no reason to do so... the SSL bit doesn't make it the tiniest bit less believable for me.
The point is, precisely, that if you distrust your ISP your hope is SSL... but most people probably don't check it, specially when doing a routine mail check.
A guy I know used to be admin in an ISP here in Argentina. Once he wanted to read his girlfriend's e-mail... since his girlfriend was a user of the ISP he worked at this is what he did:
1 - Create a false Hotmail frontpage that would store username and passwords entered in a text file in his server and then redirect you to some type of error page, or something (perhaps redirecting to the real Hotmail).
2 - Modify the DNS to point to his fake Hotmail page.
3 - Leave it running all night.
4 - In the morning he removed the DNS entry and examined the text file... which listed not only his GF's password, but those of a couple hundred customers of that ISP.
So even if you never fall for phishing scams, browse with all scripting and ActiveX off, use virtual keyboards to enter e-banking passwords, etc. you may be easily pwned by a black hat ISP admin.
Robert Rodriguez did his award-winning film "El Mariachi" for U$S 16.000. He did it by using a minimum crew that worked for free, using stuff he already had at hand, using cheap lighting, university facilities, and some other technical money-saving techniques. Most of the money went to buying and developing film... so it could be argued that if he had access to a digital video camera at the time the movie would have cost almost nothing.
Kevin Smith did the award-winning cult-classic movie "Clerks" for U$S 27.000.
Hollywood doesn't know how to make movies for less than a couple of millions, and probably doesn't care... because throwing those millions around probably simplifies the process of getting the movie done on time, and they collect a bundle anyway, so it makes no sense to them to spend too little.
So actually... making a movie that would ordinarily cost 3-5 M for 1.75 M doesn't impress me.
Translate for me: doesn't having 3-4 times the number of fixes that 1.5 did mean 2.0 is 3-4 times more broken? Or does it mean that 1.5 has 75% of its bugs unattended? Don't mean to troll... I really don't understand how that phrase says anything positive about FF2 (which I already installed this morning).
Mmm... my feeling was that at least the menus seemed a little slower to show. But it was just a sensation, since they're still fast.
What I sure can say is that the new default theme is AWFUL. I never cared much for custom themes, but it wasn't more than ten minutes using 2.0 and I had already installed a "Firefox 1.5" lookalike theme.
Will this mean the dissapearance of the Yatta video? What about Matrix Ping Pong?.
I can do without all the JPop though...
I THINK that the system you describe would have many possible solutions, specially if you don't know the size of the room and position of the screen, to be of any use.
Doing UML diagrams in OpenOffice OR Word makes baby jesus cry.
To my best understanding it seems like a mixup between argentine comedian/actor "Rolo Puente" and musician "Tito Puente"... but that would be a mistake only an argentinian would make. Is there some other explanation for the pun?
Well, being the devil's advocate here but... do they say they'll charge IN 5 working days or WITHIN 5 working days?
I really don't get any of these arguments. I don't understand why OSS should be:
- Developed ad-honorem.
- Developed by individuals and not by companies.
- All developers considered equals.
- Fun to develop.
- Not a job to develop.
OSS is about Open Source... and all that implies. If some large OSS projects are handled like any other commercial software projects, more power to them... it's the "open" that matters. As long as the sources are open, volunteer groups will be able to apply a completely different approach and work philosophy to any commercially developed OSS product they want.
All of those who belive in free energy clap your hands!
I work at a small company. We don't have a full time sys admin (I do the chores myself, while also working as a programmer). We have a single Linux server that runs:
- SMTP
- POP
- DNS
- Apache (hosting mediawiki, mantis, dotproject, phpMyAdmin)
- MySQL (for the mentioned web apps)
- A SAMBA fileserver
- DHCP
The only thing that's not in that server is the firewall... which I kept in a different machine with no services running whatsoever, except those that handle our aDSL connection (pppoe, and sshd to connect from inside the LAN).
Our setup is not great on redundancy... but we can afford a couple of days of downtime (we had to, once or twice over the years) more than we can afford doubling our setup. Our services are used by a small number of employees (six, actually) and none are critical.
If Microsoft wants to pull us away from Linux they'd have to offer a Windows Server with all they usual servers (like those you mentioned), even if they're somewhat limited to prevent being used in a large corporation (max database size, max number of clients, etc.), priced appropiately for the use we'd give it. This product sounds like what we'd need... despite some companies misusing it for some reason.
Not really... a spammer once got inside my linux box at work through an Apache exploit (which, afaik, wasn't even available to outside IPs ... though not properly firewalled, I'll grant you that).
Anyway, the thing is, the guy used a script-kiddie package to take control of the server and spam... the first signal when I came into the office next morning was the server severly trashing around, but not because of the spamming but because (as I later found out through google) every copy available of the package he used to seize control was infected with a linux virus.
Even when I managed to "fix" the machine, I still wasn't sure if the guy, package or virus had compromised any other part of my box, so I had to reinstall.
My mom and my dad used to play with our Intellivision (a console by Mattel) way back in the Atari days. Mostly simple arcade games like Burgertime. Neither paid much attention to the C=64 which replaced the Intellivision, nor to the NES that replaced the C=64, though by that time they played a couple of games (mostly Tetris) on the Mac.
By the time my brother and I became less interested in our Gameboy, my mom got hooked. Tetris and Shangai being the first victims of cartridge burnout, followed by Dr. Mario. She also played a bit of Puzzle Bobble in the Mac... but never took any interest whatsoever in the SNES, N64 or Playstation 1 we had at home.
When my brother bought an X-BOX, someone made the mistake of showing my mom how to load the Tetris DVD that camed bundled with the console, so she was back again at her game, despite the complex controller (compared to the gameboy).
What about an encryption/compression scheme where the cyphertext decrypts to one, two or more different plaintexts depending on the password provided? The scheme should actually fill the cyphertext with lots of random data, so no clues are given towards the number of encrypted payloads contained.
Encrypted data is much easier to hide than non-encripted data. Just like terrorists or paedophiles have "wised-up" and started encrypting, they might just as easily develop techniques for hiding their stuff.
A law like this might help them with a couple of cases, but ultimately will become less and less useful against the worst criminals.
A few ATMs are completely outdoors, but most are inside of the bank building, in a small area accesible through the street (size varies). That way, when the bank is closed you can still get in the ATM. We have lots of banks here, BTW.
This is like trying to profit by charging money for something as simple as ringtones or cell phone wallpapers...
... oh, wait...
What this criminals do, allegedly, is to match the swiped card with the captured PIN... so if you use a different ATM or credit card from the one you're about to operate with, you're safe. I myself have ATM cards for three different banks, and two different credit cards, so it's not much trouble. I sometimes swipe a pre-paid arcade parlor magnetic card, also common in Argentina (you can get them for about 1 argentine peso, which would be like 30 american cents)
Here in Argentina ATM fraud is common.
Saboteurs install a small keycard reader right next to the keycard reader at the ATM's door, so when you slide your car to enter, both readers get it. Recommendation: open the door with any other card, since the reader only checks for a magnetic strip and not for a valid card.
As for keypads, they usually install a different keypad over the regular one, which logs key presses and also activates the regular keys, so you notice nothing. The newspaper once showed one of this keyloggers, which had some sort of memory (flash perhaps) and ran on batteries.
If you have the sheet music, you can play a song you never heard.
If you have chords (or even most of the tabs in this sites) you just can't play them unless you heard the thing first (usually you need to practice with the recording until you can properly interpret the chords).
From TFA:
<blockquote>A spokesperson for Microsoft said it is difficult to predict the motives and actions of attackers but insisted the company is "watching round-the-clock" and actively encouraging customers to download the update immediately.
"We will mobilize if something does happen," the spokesperson said.
</blockquote>
They'll mobilize? Mobilize? As in "get the heck out of here"? Or are they calling the [GI]Joes?