Slashdot Mirror


User: jonwil

jonwil's activity in the archive.

Stories
0
Comments
5,010
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,010

  1. Re:Who gets who? on Microsoft Enters MMOG Deal with Marvel Comics · · Score: 1

    The entire Justice League and Justice Friends are all DC
    Superman is DC
    All of the various batman stuff is DC
    Wonder Woman is DC
    Green Lantern is DC
    Flash is DC

    Spiderman is marvel
    X-Men are marvel
    Fantastic 4 are marvel
    Hulk is marvel
    Dare Devil is marvel
    Captain America is marvel (I Think)
    I think Iron Man is also marvel

  2. Re:Look to England on Toshiba HD-DVD Player Planned to Enforce HDMI · · Score: 1

    I am from australia and I bought a DVD player which came unlocked out of the box.
    I recently took it back to get it replaced under warrenty and it seems as though the new one is unlocked too (although it doesnt say so anywhere)

    Most aussie DVD players I have seen these days come unlocked or have unlock codes somewhere. (although when you deal with computer DVD players and some wierd ones like car DVD players, portable DVD players and consoles with DVD playing like xbox and PS2, it gets more complex)

  3. Re:Misdirection on Flying the Wiretapped Skies · · Score: 1

    If you want a (fictional) example of this, watch Die Hard 2: Die Harder where a reporter on one of the planes is using the airphone to tell the world what is happening.

  4. Re:Important: Use a safe browser on Zlib Security Flaw Could Cause Widespread Trouble · · Score: 1

    The question is, why didnt microsoft (who have used zlib in a few places in windows like IE PNG handling and shell zip support) add zlib or the compression algorithim it implements as a dynamic library and make it a core part of the OS (i.e. with a zlib.h in the platform SDK)

  5. This is not just about the books on Old-Fashioned DRM Protects Harry Potter Book · · Score: 1

    But about the story too.
    Scolastic and Rowling are going to great lengths to make sure that story spoilers are not spread about before the official release date.

  6. Re:How about Shuttle landing strip at Vandenberg A on Commercial Use of Shuttle Landing Facilities Planned · · Score: 1

    Is there one anywhere near White Sands or is that something they made up for the movie Space Camp?

  7. Lease? on Fuel-cell Vehicles for Americans · · Score: 1

    Is this something thats peculiar to america, the idea that you would lease a car for long term use?
    I havent heard of that in australia, only hire cars for short term use (e.g. holiday etc)

  8. Measuring productivity on Keystroke Logging Declared Illegal in Alberta · · Score: 1

    All this stuff about keystroke logging, taking screen captures etc is stupid.

    The only things that should matter as far as empolyees go are:
    1.Is the employee doing things that are illegal or bad (e.g. accessing porn on company time, downloading illegal songs over the company network, running copies of Quake on the company PC etc etc)
    2.Is the employee doing things that are bad for the company (e.g. stealing company scerets, using company equipment to moonlight or to work for someone else)
    3.Is the employee doing their job (e.g. for programmers, are they writing the code they need to write in the time they have been told they have to write it in)
    and 4.Is the work satisfactory (e.g. for code, is the code good enough)

    As long as they do what they need to in the time they have been given to do it and as long as the work is good enough then the only things employers should be concerned about is things that are illegal or innappropriate and things that violate employee contracts (like stealing company scerets)

    Monitoring of internet access and email and group policies to lock machines down so they cant be messed with and good physical security measures (e.g. locked down USB ports, restrictions on taking devices into the office, security cards to keep unwanted visitors out etc) should be able to stop or detect illegal or inappropriate things.

    And detecting if they have done their jobs by monitoring things like how much code they contributed and how good it is is far better than trying to monitor via keystroke logs and screen capturing.

    Can anyone think of any situation where keystroke logging, screen captures etc would catch something that other methods (i.e. email/internet monitoring, physical security) wouldnt?

  9. The question is why... on Google Invests in Power-Line Broadband · · Score: 1

    Given all the bad things power-line-internet does (problems with ham radios etc), why are we still seeing people pushing for it.
    Who benifits?
    Does power-line-internet give the actual users anything that couldnt be accomplished with other technologies that DONT cause so many problems (like Cable, DSL, 802.11x WiFi etc)

  10. what is needed here is... on Non-Technical Users Talk Malware · · Score: 1

    An all-in-one package that newbies could run.
    Call it something like PC-Tune-Up or something.
    It would include a good anti-virus program.
    It would also include anti-spyware and other things to clean up peoples systems (i.e. registry cleaner like Norton System Works has, things that ensure that the windows firewall is configured properly and protecting your system, things that make it dead simple to download and install windows security updates and anything else that might help with securty.
    Also, it should include features like email scanning to check emails for viruses (and remove them before they even get to the inbox).
    Out of the box it could include 1 year subscription (for spyware and anti-virus defintion updates, new program code etc)
    Everything it does (including descriptions of anything nasty it finds) would be described in language that even newbies can understand.

    Many people understand that taking your car to the mechanic every so often to get the oil replaced, brakes checked and whatever else is essential to keeping your car running the way you want.

    So, use that metaphor to market the software. Tell people that running PC-Tune-Up (or whatever it is called) does the same thing for your computer as getting your car serviced does for your car.

    Also, market to OEMs to include the software on the PCs they sell (in this form, it could just sit there and do its work with very little user interaction required unless something nasty showed up). By including this, they get less calls to technical support.

    ISPs too could market this (since it would potentially reduce the number of machines infected with trojans spewing out spam or being used as part of botnets)

    But, above all else, make it so simple even grandma and grampa can use it. Most newbies dont know what a "Trojan" is.
    But if you told them that a program was running on their computer without their knowledge and that it was making their computer and internet slower, they would probobly understand. The program should be set up to remove viruses automatically. (not necessarily spyware but certainly viruses)

  11. Re:More details on Six Bomb Blasts Around Central London · · Score: 1

    no amount of legislation or action can stop a guy with a backpack or briefcase full of explosives getting onto the tube if they really want to.

    You could put metal detectors and x-ray machines (like they have at airports) on all entrances of every underground station and/or on every train but even that wont stop someone determined. Plus, the cost of doing it and delays to commuters that it would cause make it unfesable.

    Not to mention the bombs on the busses too.

  12. simple, just scan with multiple programs on Windows AntiSpyware Downgrades Claria Detections · · Score: 1

    I use Ad-Aware, Spybot AND Microsoft Anti Spyware for spyware detection.
    The chances of all 3 not detecting (and offering to remove) something are remote at best.

  13. Re:M*A*S*H on Star Wars Props Up For Auction · · Score: 1

    If I could own anything from the movies, it would be something out of one of the Police Academy movies... :)

  14. Do they tell you up front what the phone cant do? on Hacking the Motorola v265 · · Score: 2, Insightful

    If not, thats false and misleading advertising.
    Although I dont know if thats illegal in america (I know its illegal here in australia)

  15. What I dont get is why they cut ANIME on Cartoon Network Acquires Neon Genesis Evangelon · · Score: 1

    Even when its shown late at night (when all the kids are in bed) they still cut this stuff :(
    Why?

  16. Re:Coordination of Efforts on 11-Nation Raid on Net Pirates · · Score: 1

    Its simple.
    Once we catch Bin Laden and his cronies, the "War On Terror" would be effectivly over.
    Which makes it much harder for the US govermnemt to do things like invading foriegn countries in the name of the "War On Terror"

  17. Does Microsoft threaten hardware vendors? on Following Bill Gates' Linux Attack Money · · Score: 1

    I wouldnt put it past microsoft to tell hardware and software vendors that if they support linux, there would be repercussions...

  18. Too much of the net is in the hands of big telcos on Rats 'Cripple' NZ Web Access · · Score: 1

    This leads to problems where even though there is multiple physical lines from A to B (sometimes the backups go via C or D) that still doesnt gaurantee that things will be ok in the advent of a line dropout because the big telcos all over the world are greedy and will not implement the necessary links and setup to enable all these networks to talk to each other and use each other as a backup when needed.

  19. Re:No Wimbeldon on London Turned into Giant Board Game · · Score: 3, Informative

    Of course, that is only on a British monopoly board.
    American boards, Australian boards, Star Wars boards, Star Trek boards, Simpsons boards and others have totally different stuff :)

  20. Re:They have the public.. on How the Phishing Biz Works · · Score: 1

    This scheme wouldnt require any special software (the "calculator" would be a physical device with a number pad, small solar panel for power and small LCD display a bit like a typical 4-function calculator today) and everything else would be browser based.

    And it wouldnt be locked to one machine. Basicly, when the bank gives you the random number to feed into the calculator, it associates that number in its database with the IP address of the machine that retrieved the login page. If the IP address it stored doesnt match with the IP address that submits the login form (or if the timeout of 20 minutes has elapsed since the login form was retrieved), it would reject the login.

  21. Re:Huh? This would have NO effect on phishing on How the Phishing Biz Works · · Score: 1

    no they wouldnt, the hash value (and results typed in by the user) would time out and be useless very quickly. Plus (as others have said) you would need to use it again to transfer money to people not on your "approved payee" list (or to add people to that list)

  22. Re:They have the public.. on How the Phishing Biz Works · · Score: 1

    When the phishing site retrieves the random number, that random number would only be useable for the IP address that retrieved it (the phishing site web server) and would only be useable for a limited time period (i.e. 20 minutes).

    Plus, as others said, you need to do another hash input when you want to transfer money to someone not on your "approved payees" list (or when you want to add someone to that list)

  23. Re:They have the public.. on How the Phishing Biz Works · · Score: 1

    no you dont.
    You wouldnt have it that you verify the recipient, just the amount.

    So if you want to transfer $100 to someone, you would input 100 and some other number from the "I want to transfer money" page into the calculator and then the results back into the "I want to transfer money" page.

  24. Re:They have the public.. on How the Phishing Biz Works · · Score: 4, Interesting

    If the bank sends you a letter asking for personal account information, most people would follow up (especially if it contained bank logos and stuff).

    And cluless people tend to associate email with letters. So its not unexpected that an email complete with official looking bank logos and graphics (and wording specifically designed to trick unsuspecting people into believing its genuine) would trick people into falling for it.

    Here is a scheme that (if implemented) would almost completly stamp out phishing (for the bank that has implemented it anyway):

    Each account that is enabled for online banking has a unique number generated for it, stored in the bank secure online banking database alongside the username and password. (call it S)

    The customer is given a little device that would probobly look like a little calculator. This device contains an embedded copy of the number generated in step 1 along with simple logic to implement a hash algorthim and a keypad.

    When you access the internet banking site, the bank displays the login and password prompt plus a randomly generated number and a box to put the output hash into.

    The number is stored by the bank systems in a way that directly links it to the IP address of the machine logging in and also so that it is no longer valid after a very short period of time (e.g. 20 minutes or something). Refershing the login page would get a new different number.

    You would input the number from the login page into your "calculator" thing which would combine it with the secret number inside the "calculator".

    Then you input your username, password and the resulting hash into the login screen.

    Assuming the hash generated by the "calculator" and by the bank (using the stored copy of the secret number) match, you would be allowed into the banking system.

    The hash algorthim (call it F) would be chosen so that there is no number X such that F(S,X) = S for any significant number of values for S

    If the "calculator" is stolen or lost or whatever, you could request a new one (with the old secret number being removed from the bank database for good)

    Even if the fake login page talked to the banks servers and retrieved a real "challenge code" (to enter into the "calculator") it wouldnt defeat the system since it (and the resulting hash) would expire long before the phisher would actually be able to make use of it.

    Another option would be one-time-use values that you get from your bank and use once to access online banking. Although this option would be less safe because of this:
    Philsher makes fake login page
    Bank customer goes into fake login page and types in username, password and one of their one-time-use values.
    Bank customer gets message back saying "system is down". Now phisher has one of the one-time-use values (error message can be written so as to convince bank customer that the one-time-use value he just used is now "used up") and can grab contents of bank account.

    Myself, if my bank (The National Australia Bank) implemented the "calculator" idea, I would accept it (even if it did mean more bank fees to pay for the "calculator" device)

  25. Re:Let it run it's course. on Shuttles Can't Finish Space Station · · Score: 2, Insightful

    The US government hasnt really cared about space (or manned space flight specifically) probobly since apollo 17 left the moon.