One thing you are forgetting is fraudulent emails. For example, I have seen a bunch of emails from Earthlink recently which supposedly come from customer support stating that your credit card on file is invalid and you need to click on a supplied link in order to update it. The link text says support.earthlink.net but the underlying link is really spoofed and you end up on another site that looks like Earthlink but is not. The browser bar up top displays support.earthlink.net. This to me seems like a tremendous problem. I realize that most sophisticated users know to be wary of any unsolicited request for personal information, but as social engineers have proven over and over again, everyone apparently is not so reluctant.
As usual, the typical response here is 'Don't use windows/IE'. While I agree this is valid advice, I have worked at enough companies to realize that for the majority of corporate usere this is simply not a reality. And even for most home users that aren't also computer hobbyists they will just use what comes on their computer.
Microsoft really needs to be given a wake up call, but at this point no one, not even the federal government, seems to be able to deliver it.
Are you behind a firewall? If you are using a device such as a nat dsl router that is blocking the ssh port inbound then you are pretty safe. As always, the best bet is to disable services that aren't absolutely necessary. So if you have no need to ssh in to the lindows machine you can disable sshd and have no worries at all about sshd exploits.
As for Lindows, don't really know anything about it. Do they release patches? If so, and you really do need incoming ssh, then you might disable it until a patch becomes available.
Just my 2c, hope it helps.
Re:Let's make this a press release!
on
Back To SCO
·
· Score: 1
Well yes, you can issue a press release. But whether any publications will print it or write about is another matter altogether.
This is a great insight that I hope more people will read and take note of. Just because the initial expense is significantly less does not mean that the solution as a whole is a better solution. It's good to hear some real world examples of when linux on commodity hardware may not be the best investment, even if the initial price looks very appealing.
I have had similar behavior. I used to sit my Nokia 5650 phone on my desk near my monitor. I could always tell when a call was about to come in because my monitor would go bonkers a half second or so before the phone actually rang. Interestingly enough my new LG phone doesn't exhibit the same behavior.
Based on these observations, the amount of interference generated may be manufacturer and model dependent, which would make it very hard to test all the combinations for interference problems.
Re:Is this a C# or a .NET problem?
on
Hijacking .NET
·
· Score: 1
It's questionable whether this is actually a problem at all. Language access specifiers should never be used to enforce security, but rather, to try and enforce good design principles such as encapsulation. The fact that it is so easy to do in.NET may become a problem if it encourages developers to use undocumented private methods who otherwise would not do such a thing. Overall, though, it poses no more of a security threat than that which has already existed with C++. Basically, if you are using language access specifiers to enforce security, your security is already broken and open to exploitation.
The problem with this is that a company is allowed to determine on its own how much damage was done. So it is quite common to see exagerated costs that are hugely disproportionate to the actual incident.
Just out of curiosity, why do you have stored procedures that take 100 parameters? I've never run across a situation where I've needed anywhere close to this.
If this is the same sort of device I remember using in college for this purpose then it is simply an inline hi-pass filter that you can buy at radio shack for a couple of bucks. I always worried we would eventually get a GIGANTIC bill, but luckily that never happened. The worst that ever happend was during a boxing match the screen blanked out and a message came on saying 'We know you are stealing this broadcast' or something to that effect. Scared the shit out of us, but nothing ever came of it. We later speculated that maybe the cable company figured out a way to send the message to people with the filters (which were pretty rampant at the time) but couldn't necessarily tell who was using them.
Slashdot Mirror
Plus you run it with the windows open, right? So you basically get a cool open air effect. Very pleasant.
Actually, if ChoicePoint != CheckPoint, then !ChoicePoint.equals(CheckPoint) evaluates to true, not really what you are after.
One thing you are forgetting is fraudulent emails. For example, I have seen a bunch of emails from Earthlink recently which supposedly come from customer support stating that your credit card on file is invalid and you need to click on a supplied link in order to update it. The link text says support.earthlink.net but the underlying link is really spoofed and you end up on another site that looks like Earthlink but is not. The browser bar up top displays support.earthlink.net. This to me seems like a tremendous problem. I realize that most sophisticated users know to be wary of any unsolicited request for personal information, but as social engineers have proven over and over again, everyone apparently is not so reluctant. As usual, the typical response here is 'Don't use windows/IE'. While I agree this is valid advice, I have worked at enough companies to realize that for the majority of corporate usere this is simply not a reality. And even for most home users that aren't also computer hobbyists they will just use what comes on their computer. Microsoft really needs to be given a wake up call, but at this point no one, not even the federal government, seems to be able to deliver it.
What about the 28S? I used one of these all throught school and was very happy with it. Just curious if there was a specific reason it was left off.
Are you behind a firewall? If you are using a device such as a nat dsl router that is blocking the ssh port inbound then you are pretty safe. As always, the best bet is to disable services that aren't absolutely necessary. So if you have no need to ssh in to the lindows machine you can disable sshd and have no worries at all about sshd exploits. As for Lindows, don't really know anything about it. Do they release patches? If so, and you really do need incoming ssh, then you might disable it until a patch becomes available. Just my 2c, hope it helps.
Well yes, you can issue a press release. But whether any publications will print it or write about is another matter altogether.
This is a great insight that I hope more people will read and take note of. Just because the initial expense is significantly less does not mean that the solution as a whole is a better solution. It's good to hear some real world examples of when linux on commodity hardware may not be the best investment, even if the initial price looks very appealing.
I have had similar behavior. I used to sit my Nokia 5650 phone on my desk near my monitor. I could always tell when a call was about to come in because my monitor would go bonkers a half second or so before the phone actually rang. Interestingly enough my new LG phone doesn't exhibit the same behavior. Based on these observations, the amount of interference generated may be manufacturer and model dependent, which would make it very hard to test all the combinations for interference problems.
It's questionable whether this is actually a problem at all. Language access specifiers should never be used to enforce security, but rather, to try and enforce good design principles such as encapsulation. The fact that it is so easy to do in .NET may become a problem if it encourages developers to use undocumented private methods who otherwise would not do such a thing. Overall, though, it poses no more of a security threat than that which has already existed with C++. Basically, if you are using language access specifiers to enforce security, your security is already broken and open to exploitation.
The problem with this is that a company is allowed to determine on its own how much damage was done. So it is quite common to see exagerated costs that are hugely disproportionate to the actual incident.
Just out of curiosity, why do you have stored procedures that take 100 parameters? I've never run across a situation where I've needed anywhere close to this.
Ha ha! I thought the exact same thing. Sort of takes the fun out of looking at the model.
If this is the same sort of device I remember using in college for this purpose then it is simply an inline hi-pass filter that you can buy at radio shack for a couple of bucks. I always worried we would eventually get a GIGANTIC bill, but luckily that never happened. The worst that ever happend was during a boxing match the screen blanked out and a message came on saying 'We know you are stealing this broadcast' or something to that effect. Scared the shit out of us, but nothing ever came of it. We later speculated that maybe the cable company figured out a way to send the message to people with the filters (which were pretty rampant at the time) but couldn't necessarily tell who was using them.
Just to point out in the previous post that 10M is generally accepted as 10,000 in financial reporting, not 10,000,000. 10,000,000 would be 10MM.