Yep. It's clear. If there's no public discussion of a flaw, the likelyhood of an exploit is lower because the would-be hacker has to discover the flaw on their own.
Some of the worst viruses have come from already-patched flaws that users have just neglected to apply said patch.
The dumb-user flaw. All MyDoom does is send an excutable file as an e-mail attachment. Doesn't matter what e-mail client is involved, if the user insists on running the program they're doomed.
Fox News Channel reported that there was a serious flaw in Windows during their 4pm ET news burst. Mainstream media as usual leaves out tech details on stories like these, but this is just an indication of how serious this flaw is.
Any form of physical evidence can be tampered with. That's why the chain of custody is such an important concept. Everybody who had control of that evidence from the point it was discovered to the courtroom needs to testify that they didn't nothing funny, and they saw to it that nobody else did anything funny. That makes tampered evidence just as bad as any other lie to the court, somebody's on the hook for perjury.
If you're behind a firewall, you likely have an admin who has cleaned your machine up by now. Its those who haven't been cleaned this late in the game who are the real problems.
Anti-Virus software is great at catching yesterday's big virus... but now with a zombie-net that's so easily compromised, the "next big thing" will be able to go from 0 to 50,000 infected instantly.
Things are about to get worse before they get better.
MyDoom doesn't exploit any security hole beyond users double clicking an executable. There's nothing to patch, and the anti-viruses of the world are already catching MyDoom. The machines still infected at this point aren't going to run a fix... their "admins" don't even have an updated antivirus program there yet....
I don't know if this is a script kiddie. It's somebody who very deeply understands the MyDoom code because they were able to exploit the security hole opened by the original virus.
Tech: Hello? Is this the system administrator of the house? Dad: Jimmy? It's a call for you. Tech: Hello, are you the system administrator of the hose? Jimmy: Yes, but my friends in school call me Jimmy. Tech: Okay, Jimmy. We've detected that your house has a computer that's infected by a virus. Jimmy: Comuputers can catch colds? Tech:...
The original MyDoom proved that no matter how much we warn users not to run surprise executable attachments, they do any way. And also proved how many users aren't running any anti-virus at all.
Therefore, it's not a far stretch to assume that the 50,000 to 75,000 machines that are still infected by MyDoom.A or MyDoom.B will catch DoomJuice with a 100% infection ratio. Those machines by definition do not have an anti-virus program that's been updated recently enough to capture the original MyDoom virus, so DoomJuice will be able to walk in through the backdoor at port 3127 with nobody gaurding that door.
The author of MyDoom has basically created a network of zombies that he/she/it has full control of without the knowledge of any of the infected users. And now, this author has demonstrated the ability to send a patch-virus out with new updated instructions.
Right now, this patch seems to not have much of a payload. But, we don't know if we've seen its full payload yet, and there's certainly the possible of DoomJuice2 coming out with a worse payload.
To put it lightly... these 50,000 to 75,000 zombies need to be pulled from the Internet stat.
What "privacy"? The information is posted on the WORLD WIDE Web...
One person's blog topic is another's secret sometimes. There's a big diference to information to give to your family and information you should be leaving within view of Google... but some people don't realize that yet.
That's an interesting point. In order for the employer to take over a pre-existing one-person company, they have to buy it and all debts and problems that might come with it. They usually don't want to accidently own such a thing, and will gladly change their own contract when they realize it's not as one-sided in their favor as they thought.
The way I left the company was by e-mail the tech support address and flood the tech support voice mail with a ton of outside-my-area complaints about things that didn't work and impacted my workflow system. My boss couldn't stand that I had did that, and wanted to fire me... calling me late at night in rage just to upset me.
However, it all boomeranged back at him, because documenting system failures to the accounts marked for system failure reports is in no way of a violation of company policy, it's exactly what policy says to do. There was no legit reason to fire me, just the standard excuse of letting go an at-will employee for no reason at all. However, that entitled me to full severance, a cash-out of the comp days I was awarded for being forced to work weekends and overnights, and full unemployment. A golden parachute worth at total of $10,000 that I wouldn't have gotten if I simply said "I quit." It pays to know the rules and play by them...
The reason why is because he got money for that family car, and under the law he was still a car dealer for having sold too many cars in too short of a time. Therefore, it was still a car sale buy his... another reason to incorperate your business as soon as it starts making a profit.
What is really needed is an contract that says that 1. The company knows that X already exists even though you haven't started and 2. The company knows that it doesn't own X, and won't own any improvements to it. That clears up any questions over who owns X.
Any time there's an unspoken agreement, it's best to get it moved to paper. If it can't be moved to paper, there wasn't really an unspoken agreement to begin with.
The cross-out indicates a non-approval of that clause. They can't enforce a contract both sides didn't agree to, so their options are to either accept the contract without the striken clauses, or to not accept the contract at all.
It doesn't promise a win in a dispute, but it does make those clauses of that contract useless in such a dispute.
The same is true in MA. I started my own.com operation while collecting unemployment, and since it only made trace levels of revenue, I had very little to declare, and in no week did it ever reach the level that it had to in order to change the value of my checks. Even if it ever did cross that line, it would have simply postponed the payment to me and lengthen my unemployment claim. MA unemployment basically gives you 52 weeks to prove you can claim the 26 weeks worth of money in your account, if you work part-time you simply delay your payments, you don't kill them.
Even if company is offering an unenforable contract clause, you still shouldn't sign it without an agreement that it doesn't apply to you. Afterall, if they sue you or your next employer, it's going to be a messy lawsuit that'd become a whole lot quicker with that invalid clase taken out of play immediately.
Yep. It's clear. If there's no public discussion of a flaw, the likelyhood of an exploit is lower because the would-be hacker has to discover the flaw on their own.
Some of the worst viruses have come from already-patched flaws that users have just neglected to apply said patch.
The dumb-user flaw. All MyDoom does is send an excutable file as an e-mail attachment. Doesn't matter what e-mail client is involved, if the user insists on running the program they're doomed.
Fox News Channel reported that there was a serious flaw in Windows during their 4pm ET news burst. Mainstream media as usual leaves out tech details on stories like these, but this is just an indication of how serious this flaw is.
Any form of physical evidence can be tampered with. That's why the chain of custody is such an important concept. Everybody who had control of that evidence from the point it was discovered to the courtroom needs to testify that they didn't nothing funny, and they saw to it that nobody else did anything funny. That makes tampered evidence just as bad as any other lie to the court, somebody's on the hook for perjury.
If you're behind a firewall, you likely have an admin who has cleaned your machine up by now. Its those who haven't been cleaned this late in the game who are the real problems.
Netcraft is confirming this virus is having an impact on MS's website. However you feel about the company, that's news.
But you're cleaned up, so you're not one of the 50,000 to 75,000 zombies.
/.?
If you are operating a zombie... what are you doing on
Anti-Virus software is great at catching yesterday's big virus... but now with a zombie-net that's so easily compromised, the "next big thing" will be able to go from 0 to 50,000 infected instantly.
Things are about to get worse before they get better.
MyDoom doesn't exploit any security hole beyond users double clicking an executable. There's nothing to patch, and the anti-viruses of the world are already catching MyDoom. The machines still infected at this point aren't going to run a fix... their "admins" don't even have an updated antivirus program there yet....
I don't know if this is a script kiddie. It's somebody who very deeply understands the MyDoom code because they were able to exploit the security hole opened by the original virus.
contact sysadmins of appropriate networks
...
Tech: Hello? Is this the system administrator of the house?
Dad: Jimmy? It's a call for you.
Tech: Hello, are you the system administrator of the hose?
Jimmy: Yes, but my friends in school call me Jimmy.
Tech: Okay, Jimmy. We've detected that your house has a computer that's infected by a virus.
Jimmy: Comuputers can catch colds?
Tech:
I can't beleve for a moment now, that it got moded (Score:5, Funny). Someone really needs to get a sense of humor -_-
Are there any real applications that use port 3127, or can we safely block that port at our firewalls?
Virus-writers don't get to name their viruses, the anti-virus companies do that.
The original MyDoom proved that no matter how much we warn users not to run surprise executable attachments, they do any way. And also proved how many users aren't running any anti-virus at all.
Therefore, it's not a far stretch to assume that the 50,000 to 75,000 machines that are still infected by MyDoom.A or MyDoom.B will catch DoomJuice with a 100% infection ratio. Those machines by definition do not have an anti-virus program that's been updated recently enough to capture the original MyDoom virus, so DoomJuice will be able to walk in through the backdoor at port 3127 with nobody gaurding that door.
The author of MyDoom has basically created a network of zombies that he/she/it has full control of without the knowledge of any of the infected users. And now, this author has demonstrated the ability to send a patch-virus out with new updated instructions.
Right now, this patch seems to not have much of a payload. But, we don't know if we've seen its full payload yet, and there's certainly the possible of DoomJuice2 coming out with a worse payload.
To put it lightly... these 50,000 to 75,000 zombies need to be pulled from the Internet stat.
What "privacy"? The information is posted on the WORLD WIDE Web... One person's blog topic is another's secret sometimes. There's a big diference to information to give to your family and information you should be leaving within view of Google... but some people don't realize that yet.
That's an interesting point. In order for the employer to take over a pre-existing one-person company, they have to buy it and all debts and problems that might come with it. They usually don't want to accidently own such a thing, and will gladly change their own contract when they realize it's not as one-sided in their favor as they thought.
Eh, that guy was stupid.
The way I left the company was by e-mail the tech support address and flood the tech support voice mail with a ton of outside-my-area complaints about things that didn't work and impacted my workflow system. My boss couldn't stand that I had did that, and wanted to fire me... calling me late at night in rage just to upset me.
However, it all boomeranged back at him, because documenting system failures to the accounts marked for system failure reports is in no way of a violation of company policy, it's exactly what policy says to do. There was no legit reason to fire me, just the standard excuse of letting go an at-will employee for no reason at all. However, that entitled me to full severance, a cash-out of the comp days I was awarded for being forced to work weekends and overnights, and full unemployment. A golden parachute worth at total of $10,000 that I wouldn't have gotten if I simply said "I quit." It pays to know the rules and play by them...
The reason why is because he got money for that family car, and under the law he was still a car dealer for having sold too many cars in too short of a time. Therefore, it was still a car sale buy his... another reason to incorperate your business as soon as it starts making a profit.
What is really needed is an contract that says that 1. The company knows that X already exists even though you haven't started and 2. The company knows that it doesn't own X, and won't own any improvements to it. That clears up any questions over who owns X.
Any time there's an unspoken agreement, it's best to get it moved to paper. If it can't be moved to paper, there wasn't really an unspoken agreement to begin with.
I suspect that they really don't want to deal with this stuff and it just gets shipped offsite somewhere.
Such as the local recycling center...
The cross-out indicates a non-approval of that clause. They can't enforce a contract both sides didn't agree to, so their options are to either accept the contract without the striken clauses, or to not accept the contract at all.
It doesn't promise a win in a dispute, but it does make those clauses of that contract useless in such a dispute.
The same is true in MA. I started my own .com operation while collecting unemployment, and since it only made trace levels of revenue, I had very little to declare, and in no week did it ever reach the level that it had to in order to change the value of my checks. Even if it ever did cross that line, it would have simply postponed the payment to me and lengthen my unemployment claim. MA unemployment basically gives you 52 weeks to prove you can claim the 26 weeks worth of money in your account, if you work part-time you simply delay your payments, you don't kill them.
Even if company is offering an unenforable contract clause, you still shouldn't sign it without an agreement that it doesn't apply to you. Afterall, if they sue you or your next employer, it's going to be a messy lawsuit that'd become a whole lot quicker with that invalid clase taken out of play immediately.