I haven't watched any TV with WotLK being released only this past week, but what I will say that I typically don't watch TV anymore now that I have found World of Warcraft.:P
I have shows I enjoy and I buy the whole season on DVD because commercials are for morons.
Unless there's one of those "things" going on. Maybe Google is perfectly capable of filtering them out, but they chose not to.
Claiming to do no evil since day one is more profitable than conceding a loss to Satan's forces and being honest. You have to tell the truth to get out of Hell. Remember, we're dealing with Double Click here, not just Google. They are one-and-the-same.
I live in Canada, but sometimes I'm not proud of our idealism. This is one of those times.
Calling this Draconian doesn't illuminate the bureaucratic essence enough. Machiavelli would be proud of the Ontario Transit Board. I heard they were planning to offer bounties on the heads of the webmasters involved, but only if they were impaled on 50' spikes and lined up in front of Capitol Hill, but that was just a rumor because the 40' spikes weren't long enough to confuse us.
Well thanks for the mod bomb. But I don't care if this also gets -1 Troll. Google rakes in cash and doesn't care where they get it from. They sell our information to THE HIGHEST BIDDER.
Most of the people interested in buying information from Google, use that info for nefariously shady dealings.
There is no coincidence that Double-Click and Google are one and the same.
Your story from 2004 was trumped by the discovery of a solar system that is very much like our own, as reported in the Slashdot article this is comment attached to. This is probably the reason I titled this thread "Amazing" -- because I'm totally amazed by this discovery!!
This is exhilarating news, that we are most likely not alone in the universe (and beyond). Our solar system is not unique!!
This whole galactic mess has some more meaning, today. We are like infants, opening our eyes for the first time -- how far we have to go (if we don't destroy ourselves soon).
The two companies take turns one-upping each other for the bleeding edge, but every time (10 years running) I've specced out a mid-range (home gamer, single CPU motherboard) to low-end (grandma's email/photo machine) machine, AMD's been the way to go. It's a lot like trying to decide which company's video boards to pick if you're trying to make a game machine without breaking the bank.
I have to agree. When the Quad cores shipped, I tested them and I compared the speed per dollar. AMD was half price for performance. If you understand that a decent graphics card, and having a nice power supply to run the show, then you are ahead of the game.
Value is what I look for when I buy things, not bleeding edge performance. Because money isn't a factor I could easily spend to get the best available but I have too much remorse wasting an extra thousand bucks on a slight increase. It's not worthwhile to me, considering the frame rates in games I get on my AMD system are good enough for 25man raiding in WoW, or world pvp.
I was speaking more from the perspective of the web admin whose site gets defaced, who won't get around some lessons on secure input handling.;)
I agree, but there are no number of lessons enough to teach an entrenched MSFT sysadmin or corporate purchasing agent how systems should work. They don't get it. They typically want more features because it makes sales easier, and they want the thing to work. Security is always a last-ditch concern for these guys. They don't know that security can come first if you start the project with inflexible security rules.
Instead of relying on protection from outside packages that you have no control over, it's always better to write that stuff yourself so you know what it can do and what it can't.
They definitely did intend to involve backwards compatibility, although you are correct in reminding us that MSFT did it wrong (as usual). That underscores my original point that they will try and keep things compatible, so they will not intentionally try and break a feature. MSFT has no qualms breaking a product's functionality, but they always resist trying to remove features.
Imagine proposing one-SQL-call-per-connection at a meeting and imagine how fast they would shut you down. "You mean to say that we could only have one call per connection? The door is that way."
Rating summary: Penny Arcade Adventures: On the Rain-Slick Precipice of Darkness, Episode 2 is a 'point-and-click' adventure game based on characters from the online comic Penny Arcade. Players battle enemies using a role-playing game style combat system, taking turns using fists and weapons to harm various robots and humans. Several cutscenes depict 'cartoony,' over-the-top instances of violence, including heads being blown off, characters sliced up by lasers, splattering blood and flying body parts. Humor is often based on bodily functions and 'by-products' (e.g., syringe injections full of urine) and sometimes sexuality (e.g., robots humping legs, testicles and taxidermy). The game also contains frequent use of strong profanity (e.g., "f*ck" and "sh*t").
Parents won't read these and if they do, it will only be after the kid has played it.
Neat idea, but this is MSSQL so you know that won't be the case by default. The number one reason people use MSSQL is so that businesses can support requirements from other online packages that drive websites as well as other functions... from hosting solutions to special funky elitist blackberry/email/IM/domain/remote access package type applications.
I worked for a place that was a Gold partner, and they had access to it all and very few of them really know what was under the hood in terms of security, protocols or potential problems. I mean these guys all used default settings.
Their reason for selling MSFT was to make money by delivering a value-added service, and while security always sort of played into things, they didn't have the people to make it happen really and that's one of the reasons I left... being overworked and under-appreciated.
And MSFT will pamper you if you're a Gold partner, until you have a real question... they give you a URL and smile... but the answer is never 100% what you want or need to know unless you know somebody who is an expert at the jargon, the design, the implementation and the focus behind the whole system... good luck!
So what you need to realize is that this company like most other MSFT customers, and there are so many, all want the same thing -- rich features. You can't possibly expect SQL packages to only allow one SQL call at a time. MSFT conforms to customers while limiting certain things, but you can't put Pandora back in the box. Now that it's allowed, it must be backwards compatible and therefore that could never happen.
Oh sure you could invent an attachment that interfaced with MSSQL to check against it, but then you'd have to open a channel to the other feature-ridden facets of each application. You would drive yourself nuts -- not to mention how long it would take to process your data, one call per line.
They'd find a work-around, IMHO.
No the best bet is to keep it simple. Use trusted products, and keep an eye on securityfocus for patches and exploits so you can catch stuff ahead of time.
MSSQL and all the supporting packages available is a huge system, really, and there are many different ways to create unexpected results (which is the cornerstone to any good exploit).
Devil's advocate... once you have access to the database, you could have root. With root you could host the JS off in the rhubarb on the victim server, where it could be called from within rewritten field data wherever HTML would be expected. On sites like travelocity (one of the targeted websites) this could be anything from the CMS story/article fields to the ad banner code... sky is the limit and that also explains one possible avenue for repeat attacks, post-patch.
Therefore while in SOME CASES, Noscript keeps you safe -- it's not 100%.
Okay keep using Noscript. I don't have a problem with that, but be warned that you are not fully protected by Noscript when the website you TRUST is attacked by an exploit like SQL injection, because YOU TRUST THAT WEBSITE.
White-lists are better than no-lists, but they aren't perfect.
I was just about to buy a new monitor for WotLK so I could quest easier (having quest info from wowhead on monitor A while gaming in windowed mode on monitor B).
Now I'm gonna definitely go with Samsung, because they are not involved in this lawsuit and therefore they must be rewarded for not getting caught. Anyone can tell that Samsung also does not pad their contrast ratios like LG obviously does. Who could believe a 10000:1 contrast ratio? That's ridiculous! Samsung has decided to only push their padding to 8000:1 which respectfully identifies with the company's obvious higher level of integrity.
I think I understand it better than you do. The SQL injection is the tip of the iceburg.
You have your run of the mill garden variety SQL injection that can bypass security and get user passwords on a website, which GRANTED have little to do with anti-virus.
But the most robust and versatile attack using SQL injection is to gain access to visitor computers via Javascript executed trojan horses and malware being hosted in the databases. Kaspersky protects you from... the activity of those types of security risks.
No matter where malware comes from, suites like Kaspersky track and disable the aftermath of how bad stuff got on the internet.
SQL injection is just the method in which people bypass server security, but the RESULT is that people who haven't updated windows or who don't run a good anti-virus (ie: kaspersky instead of AVG) will possibly become infected with some really NASTY rogueware that was downloaded from reputed sources.
Chances are if you run Noscript, you allow these trusted websites, and therefore you could easily get pwned if the site in question suddenly becomes a launchpad for malware/spyware/trojans/keyloggers.
So perhaps that sheds some light on my original comment, which has been mod-bombed because mods don't think before they mod, and at times they tend to get overwhelmed to the noise from users who also forgot to think before responding.
Phase 1: Kaspersky can't protect you against, but the attack isn't directed at end users, only databases. Phase 2: Kaspersky protects against all kinds of nasties that could be pushed onto your system by the original SQL injected/compromised website and that truly is what matters as a last and final line of defense.
Well if you consider that Moot only gives you 10 pages of it at a time, a service like Deepdyve will aggregate all that hard to reach stuff. Not that you'd want hard-to-reach porn... Whatever floats your boat!
And to be fair, there are two attacks going on. #1 is getting the SQL on the server (which is impossible to detect unless your code is ok) and then there are the aftermath attacks that the SQL code launches when a browser executes Javascript when browsing, WHICH KASPERSKY PROTECTS YOU AGAINST.
Unless you run a website, you won't care about the first attack, and the second one you ARE protected against if you have a decent configuration.
It's a bloody SQL injection attack. I'd like to see your virus checker automatically rewrite your web application to use input filtering.
This is going to sound like a little bit of double speak but I'll remind you that Kaspersky found these attacks were happening. Also, they are studying the behavior. Furthermore, Kaspersky protects systems from nefarious things that attackers will do, regardless of how they get on the system. Nothing is perfect with Windows, but if you look at the options, Kaspersky is the best out there.
Now of course, if you want to insist that the attacks happen whether Kaspersky is running or not, you will be correct. But what you're not saying is how LIMITED the attackers are when trying to get past Kaspersky after they get on a system.
Slashdot Mirror
I haven't watched any TV with WotLK being released only this past week, but what I will say that I typically don't watch TV anymore now that I have found World of Warcraft. :P
I have shows I enjoy and I buy the whole season on DVD because commercials are for morons.
I'd have to say that is someone who can't contain their laughter.... similar to the old fashioned "Bwhahahahahah!!!"
Claiming to do no evil since day one is more profitable than conceding a loss to Satan's forces and being honest. You have to tell the truth to get out of Hell. Remember, we're dealing with Double Click here, not just Google. They are one-and-the-same.
I live in Canada, but sometimes I'm not proud of our idealism. This is one of those times.
Calling this Draconian doesn't illuminate the bureaucratic essence enough. Machiavelli would be proud of the Ontario Transit Board. I heard they were planning to offer bounties on the heads of the webmasters involved, but only if they were impaled on 50' spikes and lined up in front of Capitol Hill, but that was just a rumor because the 40' spikes weren't long enough to confuse us.
Unless they paid Google to be on the top of the search results and they are evil. Do no evil? LLOLOLOLOLOLOLOLOLOLOL
Well thanks for the mod bomb. But I don't care if this also gets -1 Troll. Google rakes in cash and doesn't care where they get it from. They sell our information to THE HIGHEST BIDDER.
Most of the people interested in buying information from Google, use that info for nefariously shady dealings.
There is no coincidence that Double-Click and Google are one and the same.
Do no evil? LOLOLOLOLOLOLOLOLOLOLOLOLOL
At some point, Google is going to have to pony up for turning a blind eye on these shenanigans.
Your story from 2004 was trumped by the discovery of a solar system that is very much like our own, as reported in the Slashdot article this is comment attached to. This is probably the reason I titled this thread "Amazing" -- because I'm totally amazed by this discovery!!
This is exhilarating news, that we are most likely not alone in the universe (and beyond). Our solar system is not unique!!
This whole galactic mess has some more meaning, today. We are like infants, opening our eyes for the first time -- how far we have to go (if we don't destroy ourselves soon).
I can't wait for 261 megapixels. How long before we can download that at a relatively reasonable rate?
I think the way to go would be to adopt Google's map technology for speedier downloading of these larger images.
The detail on these pix will be so massively good, I wonder how much blurring would occur due more to human error than technology?
I have to agree. When the Quad cores shipped, I tested them and I compared the speed per dollar. AMD was half price for performance. If you understand that a decent graphics card, and having a nice power supply to run the show, then you are ahead of the game.
Value is what I look for when I buy things, not bleeding edge performance. Because money isn't a factor I could easily spend to get the best available but I have too much remorse wasting an extra thousand bucks on a slight increase. It's not worthwhile to me, considering the frame rates in games I get on my AMD system are good enough for 25man raiding in WoW, or world pvp.
I agree, but there are no number of lessons enough to teach an entrenched MSFT sysadmin or corporate purchasing agent how systems should work. They don't get it. They typically want more features because it makes sales easier, and they want the thing to work. Security is always a last-ditch concern for these guys. They don't know that security can come first if you start the project with inflexible security rules.
Instead of relying on protection from outside packages that you have no control over, it's always better to write that stuff yourself so you know what it can do and what it can't.
They definitely did intend to involve backwards compatibility, although you are correct in reminding us that MSFT did it wrong (as usual). That underscores my original point that they will try and keep things compatible, so they will not intentionally try and break a feature. MSFT has no qualms breaking a product's functionality, but they always resist trying to remove features.
Imagine proposing one-SQL-call-per-connection at a meeting and imagine how fast they would shut you down. "You mean to say that we could only have one call per connection? The door is that way."
Parents won't read these and if they do, it will only be after the kid has played it.
... has some quality control issues, because it's free.
Neat idea, but this is MSSQL so you know that won't be the case by default. The number one reason people use MSSQL is so that businesses can support requirements from other online packages that drive websites as well as other functions... from hosting solutions to special funky elitist blackberry/email/IM/domain/remote access package type applications.
I worked for a place that was a Gold partner, and they had access to it all and very few of them really know what was under the hood in terms of security, protocols or potential problems. I mean these guys all used default settings.
Their reason for selling MSFT was to make money by delivering a value-added service, and while security always sort of played into things, they didn't have the people to make it happen really and that's one of the reasons I left... being overworked and under-appreciated.
And MSFT will pamper you if you're a Gold partner, until you have a real question... they give you a URL and smile... but the answer is never 100% what you want or need to know unless you know somebody who is an expert at the jargon, the design, the implementation and the focus behind the whole system... good luck!
So what you need to realize is that this company like most other MSFT customers, and there are so many, all want the same thing -- rich features. You can't possibly expect SQL packages to only allow one SQL call at a time. MSFT conforms to customers while limiting certain things, but you can't put Pandora back in the box. Now that it's allowed, it must be backwards compatible and therefore that could never happen.
Oh sure you could invent an attachment that interfaced with MSSQL to check against it, but then you'd have to open a channel to the other feature-ridden facets of each application. You would drive yourself nuts -- not to mention how long it would take to process your data, one call per line.
They'd find a work-around, IMHO.
No the best bet is to keep it simple. Use trusted products, and keep an eye on securityfocus for patches and exploits so you can catch stuff ahead of time.
MSSQL and all the supporting packages available is a huge system, really, and there are many different ways to create unexpected results (which is the cornerstone to any good exploit).
Devil's advocate... once you have access to the database, you could have root. With root you could host the JS off in the rhubarb on the victim server, where it could be called from within rewritten field data wherever HTML would be expected. On sites like travelocity (one of the targeted websites) this could be anything from the CMS story/article fields to the ad banner code... sky is the limit and that also explains one possible avenue for repeat attacks, post-patch.
Therefore while in SOME CASES, Noscript keeps you safe -- it's not 100%.
Okay keep using Noscript. I don't have a problem with that, but be warned that you are not fully protected by Noscript when the website you TRUST is attacked by an exploit like SQL injection, because YOU TRUST THAT WEBSITE.
White-lists are better than no-lists, but they aren't perfect.
I was just about to buy a new monitor for WotLK so I could quest easier (having quest info from wowhead on monitor A while gaming in windowed mode on monitor B).
Now I'm gonna definitely go with Samsung, because they are not involved in this lawsuit and therefore they must be rewarded for not getting caught. Anyone can tell that Samsung also does not pad their contrast ratios like LG obviously does. Who could believe a 10000:1 contrast ratio? That's ridiculous! Samsung has decided to only push their padding to 8000:1 which respectfully identifies with the company's obvious higher level of integrity.
The Samsung even looks nicer!
I think I understand it better than you do. The SQL injection is the tip of the iceburg.
You have your run of the mill garden variety SQL injection that can bypass security and get user passwords on a website, which GRANTED have little to do with anti-virus.
But the most robust and versatile attack using SQL injection is to gain access to visitor computers via Javascript executed trojan horses and malware being hosted in the databases. Kaspersky protects you from... the activity of those types of security risks.
No matter where malware comes from, suites like Kaspersky track and disable the aftermath of how bad stuff got on the internet.
SQL injection is just the method in which people bypass server security, but the RESULT is that people who haven't updated windows or who don't run a good anti-virus (ie: kaspersky instead of AVG) will possibly become infected with some really NASTY rogueware that was downloaded from reputed sources.
Chances are if you run Noscript, you allow these trusted websites, and therefore you could easily get pwned if the site in question suddenly becomes a launchpad for malware/spyware/trojans/keyloggers.
So perhaps that sheds some light on my original comment, which has been mod-bombed because mods don't think before they mod, and at times they tend to get overwhelmed to the noise from users who also forgot to think before responding.
Phase 1: Kaspersky can't protect you against, but the attack isn't directed at end users, only databases.
Phase 2: Kaspersky protects against all kinds of nasties that could be pushed onto your system by the original SQL injected/compromised website and that truly is what matters as a last and final line of defense.
Well if you consider that Moot only gives you 10 pages of it at a time, a service like Deepdyve will aggregate all that hard to reach stuff. Not that you'd want hard-to-reach porn... Whatever floats your boat!
And to be fair, there are two attacks going on. #1 is getting the SQL on the server (which is impossible to detect unless your code is ok) and then there are the aftermath attacks that the SQL code launches when a browser executes Javascript when browsing, WHICH KASPERSKY PROTECTS YOU AGAINST.
Unless you run a website, you won't care about the first attack, and the second one you ARE protected against if you have a decent configuration.
No, they needed to get some luck for Windows, so they added the lucky number 7 to it. This bug fix was introduced to confuse us all.
This is going to sound like a little bit of double speak but I'll remind you that Kaspersky found these attacks were happening. Also, they are studying the behavior. Furthermore, Kaspersky protects systems from nefarious things that attackers will do, regardless of how they get on the system. Nothing is perfect with Windows, but if you look at the options, Kaspersky is the best out there.
Now of course, if you want to insist that the attacks happen whether Kaspersky is running or not, you will be correct. But what you're not saying is how LIMITED the attackers are when trying to get past Kaspersky after they get on a system.
Noscript also helps, but isn't perfect either.
Didn't you RTFA? This story is about how Kaspersky caught the attacks... :S