1. If an update isn't applied, you don't need to review it. Turning off automatic updates seems to resolve your concern quite nicely, since you can then package any updates you have in any manner you like. Yes, even Windows SUS.
2. I'm pretty sure that you can disable automatic updating even if you aren't connected to the Internet. Why would that be a problem?
Now Blizzard has a tool that is encrypted and can run any type of scan, transfer any file or edit any document on your computer. That can't be right."
But, apparently, installing four CDs full of unsigned, unaudited third party code which can do anything on your computer is okay. And having third party software which is in constant communication with its authors is okay. And having it download and execute new code every Tuesday, with or without your approval, is okay.
It's only _now_ that it's becoming a problem?
If you don't trust Blizzard, don't buy their software and don't install it on your PC. How hard is that?
That's a pretty big assumption with no supporting data.
Let me clarify. Without providing access to the actual data or any dropping any hint of the methodology beyond revealing the alarmingly small sample size (Here's a tip: That 4% of SQL Server databases would correspond to six actual servers if that statistic were based on the 2007 survey discussed on page 1. 13% of Oracle servers which are running unsupported releases? That's also six.) there's nothing more to see here than a salesman screaming about how everybody in the world needs to buy his product.
David Litchfield's work could be as legit as it comes, but none of it is in the linked article. Until he actually releases his survey to the public, instead of just leaking a few sound bites to the media, the conclusions are worth nothing.
Let's read the article and see what that headline really means.
Litchfield took a look at just over 1 million randomly generated Internet Protocol [IP] addresses, checking them to see if he could access them on the IP ports reserved for Microsoft SQL Server or Oracle's database.
He found 157 SQL servers and 53 Oracle servers.
He found open ports on just over 200 servers, which correspond to the ports used by two popular database servers. That's all. The article doesn't say that he actually connected to them, confirmed that there were real databases running there, or even identified the owners. He found two hundred open ports out of a million randomly chosen addresses on the Internet. But "0.02% of Internet Connected Computers May Or May Not Be Running Database Software" just isn't the kind of headline that grabs attention.
Unless there is a lot more detail, preferably from someone who isn't in the business of selling firewalls for databases, then you'll have to forgive me for not being terribly concerned about this revelation.
3) Or is the headline total flamebait, and I'm a sucker?
Why don't you find out? Go to Babelfish and try translating some text into and out of Hebrew, just to see how well it does.
After looking closely at the language options presented, ask yourself if there is anything hard to believe about the/. headline, summary, linked article, and even linked article from the linked article.
Fortunately, I happen to have a contact at the Technology Support Centre who has offered to cut me in for a 40% share if I can help him get the money out of Nigeria. He contacted me personally on this highly confidential financial transaction after my having been recommended by an associate in confidence of my ability and reliability...
It should come as no surprise that a spokesman for the British Phonographic Institute would know a thing or two about engaging in illegal activity and hiding it.
[...] such a massive outage would be more likely encourage appropriate law enforcement agencies (of whatever nations) to get off their collective asses and actually solve the problem at its source.
Of course it would. Those guys are very good at finding the real sources of problems.
*knock knock*
"Yes?"
"Mr. Quietust? Of QMT Productions? We have information here showing that you employed a major bot-net to organize an ongoing DDoS attack against UUNET. Are you going to confess that you are the mastermind behind 'Storm', or will these two gentlemen behind me have to 'question' you for a bit?"
Well, it would have to sound professional and reputable. Let me see if I can write a quick draft for you:
Dear Sir,
Based on the recommendation made to me by a reputable
official of the abuse sector of a Major South African
Internet Service Provider who guaranteed me of your
reliability and trustworthiness in business dealings,
I wish to entrust important information with you believing
that it will be of our mutual benefit; this has to be
highly confidential. If I may introduce myself, I am
Dr Ben Oguejiofor of the Nigerian Network Operations Centre. I was the
former Director of Projects and engineering in the
Nigerian Army; I retired recently after Nigeria was
pwned by the Storm worm. I wish to crave your indulgence in this
business relationship that I will like to establish
with you...
Uh, well, like, when we first come in the bar lady never charged us for the first round so like we figured you know beer was like complimentary for the hackers, you know.
You're assuming that all web designers explicitly set fonts. If these are the default fonts for IE on Vista then clients who already have two strikes against them will also see more relaxed pages rendered in the wrong font.
If you believe that insult and injury really go together then by all means, download a whole new set of fonts so you can see what one in twenty browsers will do to your page.
Slashdot Mirror
:%s/You/I/
1. If an update isn't applied, you don't need to review it. Turning off automatic updates seems to resolve your concern quite nicely, since you can then package any updates you have in any manner you like. Yes, even Windows SUS.
2. I'm pretty sure that you can disable automatic updating even if you aren't connected to the Internet. Why would that be a problem?
Tools -> Options -> Advanced -> Update -> Automatically check for updates for:
[] Firefox
[] Installed Add-ons
[] Search Engines
Why is it that I know how to turn that off, but the entire Department of the Army can't figure it out?
I forget. Is the Evil Flash Barry Allen, or is it Wally West?
But, apparently, installing four CDs full of unsigned, unaudited third party code which can do anything on your computer is okay. And having third party software which is in constant communication with its authors is okay. And having it download and execute new code every Tuesday, with or without your approval, is okay.
It's only _now_ that it's becoming a problem?
If you don't trust Blizzard, don't buy their software and don't install it on your PC. How hard is that?
"Obviously"?
That's a pretty big assumption with no supporting data.
Let me clarify. Without providing access to the actual data or any dropping any hint of the methodology beyond revealing the alarmingly small sample size (Here's a tip: That 4% of SQL Server databases would correspond to six actual servers if that statistic were based on the 2007 survey discussed on page 1. 13% of Oracle servers which are running unsupported releases? That's also six.) there's nothing more to see here than a salesman screaming about how everybody in the world needs to buy his product.
David Litchfield's work could be as legit as it comes, but none of it is in the linked article. Until he actually releases his survey to the public, instead of just leaking a few sound bites to the media, the conclusions are worth nothing.
Let's read the article and see what that headline really means.
He found open ports on just over 200 servers, which correspond to the ports used by two popular database servers. That's all. The article doesn't say that he actually connected to them, confirmed that there were real databases running there, or even identified the owners. He found two hundred open ports out of a million randomly chosen addresses on the Internet. But "0.02% of Internet Connected Computers May Or May Not Be Running Database Software" just isn't the kind of headline that grabs attention.
Unless there is a lot more detail, preferably from someone who isn't in the business of selling firewalls for databases, then you'll have to forgive me for not being terribly concerned about this revelation.
What i's even wor'se i's that they are 'slowly forgetting how to u'se apo'strophe's.
You should have doubts. It's impossible to do what any of the articles claimed.
Why don't you find out? Go to Babelfish and try translating some text into and out of Hebrew, just to see how well it does.
After looking closely at the language options presented, ask yourself if there is anything hard to believe about the /. headline, summary, linked article, and even linked article from the linked article.
It couldn't have possibly been Babelfish, since Babelfish doesn't support Hebrew.
It may have been babylon.com, but this hasn't been confirmed.
Pizza. With pineapple on it.
The sneaky bastards even refer to it as 'Hawaiian' just to cover their tracks.
So what is going to happen to all of the money?
Fortunately, I happen to have a contact at the Technology Support Centre who has offered to cut me in for a 40% share if I can help him get the money out of Nigeria. He contacted me personally on this highly confidential financial transaction after my having been recommended by an associate in confidence of my ability and reliability...
It should come as no surprise that a spokesman for the British Phonographic Institute would know a thing or two about engaging in illegal activity and hiding it.
Obviously that would be all of the _other_ games made by Blizzard.
You know, Ultima Online, Everquest, Dark Age of Camelot, Asheron's Call, Anarchy Online, Horizons, City of Heroes, Star Wars Galaxies...
After this I think I'm going to go out for a pizza at Taco Bell.
I'm sure there's a special version of Godwin's Law that only applies when Mussolini's name comes up.
I'm not sure which one applies here. Perhaps I should just apply Godwin's Law but credit it to someone else.
"...And besides, maybe my dog did it!"
If I had points I would moderate this "-1, Citation Needed".
Well, for starters, there's the fact that you already spent it all for a night out at a nice restaurant.
Of course it would. Those guys are very good at finding the real sources of problems.
*knock knock*
"Yes?"
"Mr. Quietust? Of QMT Productions? We have information here showing that you employed a major bot-net to organize an ongoing DDoS attack against UUNET. Are you going to confess that you are the mastermind behind 'Storm', or will these two gentlemen behind me have to 'question' you for a bit?"
Well, it would have to sound professional and reputable. Let me see if I can write a quick draft for you:
Dear Sir,
Based on the recommendation made to me by a reputable official of the abuse sector of a Major South African Internet Service Provider who guaranteed me of your reliability and trustworthiness in business dealings, I wish to entrust important information with you believing that it will be of our mutual benefit; this has to be highly confidential. If I may introduce myself, I am Dr Ben Oguejiofor of the Nigerian Network Operations Centre. I was the former Director of Projects and engineering in the Nigerian Army; I retired recently after Nigeria was pwned by the Storm worm. I wish to crave your indulgence in this business relationship that I will like to establish with you...
Uh, well, like, when we first come in the bar lady never charged us for the first round so like we figured you know beer was like complimentary for the hackers, you know.
You're assuming that all web designers explicitly set fonts. If these are the default fonts for IE on Vista then clients who already have two strikes against them will also see more relaxed pages rendered in the wrong font.
If you believe that insult and injury really go together then by all means, download a whole new set of fonts so you can see what one in twenty browsers will do to your page.
Mr T. and Tattoo were in Star Wars? Man, I picked the wrong week to stop huffing glue.
Or start a nuclear war from a pay phone in jail?
Indeed. The message "urlopen error (111, 'Connection refused')" comes up in no time at all.