Slashdot Mirror


User: symbolset

symbolset's activity in the archive.

Stories
0
Comments
9,127
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 9,127

  1. Re:Microsoft's APIs are world class on Microsoft Announces Windows Azure, Cloud-Based OS · · Score: 1

    The sentence has hidden API "interfaces". Isn't it ironic?

  2. Re:What are the best tools for detecting this? on Stealing Data With Obfuscated Code · · Score: 2, Interesting

    Most of the major antiviruses should be able to detect this, except maybe Norton. Kapersky adds detection code to their database for newly discovered variants within minutes of when they appear - 17 times on 10/24/2008 for example. With a metamorphic engine this advanced it's likely that you can find a variant that Kapersky will never see. Kapersky is now watching nearly 700 variants of this one threat to date. This is what makes the databases for a modern antivirus engine so huge.

    Removal is not hard for the "truly paranoid". Although you'll find a host of removal instructions on the internet none of them is reliable for this level of security threat. Your best option if you find you're compromised with this threat is to backup your data, use Darik's Boot and Nuke (DBAN) to completely erase your hard drive, and start over with a clean install using a good process for your installation. Be aware that DBAN can make your HDD firmware unrecoverable in certain rare instances, so be prepared to buy a new drive if you must. If you find yourself repeatedly compromised, you might reconsider your commitment to online banking and stock trading or to the software you're using to do it.

    For this sort of threat prevention is the best cure. For over a decade systems have been available that have a BIOS boot option to check the boot sector and refuse to boot if it has changed. Most of the Sinowal variants compromise the boot sector. Also, use a browser and/or operating system less susceptible to drive-by downloading.

    Although the focus in the article is about financial data it's fairly trivial to modify Sinowal to steal access credentials for other systems such as GIS databases, CAD databases, and other high value information targets not directly associated with finance. Data is money.

    Some Sinowal variants are compatible with Vista. I know of no Sinowal variants that are compatible with GNU/Linux OS-X or BSD.

    Good luck.

  3. Followup on Windows Azure Offers Developers Iron-Clad Lock-in · · Score: 1

    Apparently pentaho is even more slick.

    Hey, that's an interesting package. I wasn't interested in reporting before, but this looks nice. Thanks for sparking my interest in the field.

  4. If you really need < package > on Windows Azure Offers Developers Iron-Clad Lock-in · · Score: 2, Informative

    Slashdot has a sister site where people various open source products are presented, rated, provided and supported.

    This search for "reporting" should get you started. Apparently the JasperReports reporting engine is stable and well though of, and iReports is a popular interface to it. But I haven't tried them.

    Good luck.

  5. RAILs? on Google Book Search Settlement Receiving Criticism · · Score: 1

    Nice. A Redundant Array of Independent Libraries. Good idea.

  6. I think it's more like... on ASUS and Intel Launch Collaborative PC Design Site · · Score: 3, Insightful

    Hey! People are clever. Why don't we let them tell us what they like, rather than just pushing the stuff we want to give them.

    It's a more humanistic view. I like it. If you don't like it, you don't have to give them your cool ideas. If they actually see what people give them and say "hey, these are neat ideas" and actually implement them, that would be fantastic.

  7. It's too bad... on Windows Azure Offers Developers Iron-Clad Lock-in · · Score: 1

    That most enterprises can so reliably count on some essential in-house applications breaking on the second tuesday of every month that they have to opt out of automatic patching and remain vulnerable until they can rewrite their apps around the stuff that breaks. Every month. The exploits now so swiftly follow the patches that customers are vulnerable to a broadly circulating exploit for a significant period of time each month. Every year that period gets longer. Eventually it may be unacceptably long to be considered a viable platform for serious work.

  8. Great post on Microsoft Unveils Browser-Based Office Apps · · Score: 1

    Well reasoned and reasonable, rational and consistent. I look forward to your future stuff.

    Maybe you can help bring the level of fervor on slashdot back to a more reasonable level. I wish you luck.

  9. The familiar is not an option. on Ubuntu 8.10 Outperforms Windows Vista · · Score: 1

    I think big IT shops are starting to understand that each version of Windows differs enough in interface and internals that "familiar" really isn't an option from one decade to the next. Continuous retraining of the IT workforce is always necessary. You can't get the familiar no matter what you do because even Windows varies so much from version to version, or people would not buy the next version. You can't get hardware compatibility either, or we'd all be using Vista already. The hardware just changes too much too fast. Since that's off the table we're down to:

    • What's more secure and capable?
    • What requires the least investment in infrastructure?
    • What requires the least retraining through multiple lifecycles?
    • What best preserves our investment in in-house applications from version to version?
    • What solution offers the most flexible methods of exchanging information with external partners?

    Since the answers to these questions are almost never Windows, it follows that more and more folks are looking around for another answer.

    I'm glad that systems like GNU/Linux, BSD and OS-X carry the torch for a legacy of solid information theory and engineering that has been with us far longer than Microsoft. They give me hope that the sound foundation of real science gradually accumulating can rise higher than the frivolous fad of the day, no matter how well marketed. In the end I have to believe Knuth will win out over Allchin because Knuth is in it to discover the Truth and share it with mankind, and Allchin was motivated to get his and flee with it.

  10. Re:The Marketplace on Ubuntu 8.10 Outperforms Windows Vista · · Score: 1

    When Mark Shuttleworth can invite the heads of corporate IT departments over to his waterfront mansion to kiss his ass.

    I think you meant heads of state.

  11. You may not know this... on Ubuntu 8.10 Outperforms Windows Vista · · Score: 1

    But almost all of the slot machines in Las Vegas use RedHat embedded in the slot machine. On my last trip I caught one cyclically rebooting because of a hardware fault.

  12. Re:I'm right more often. on Microsoft Unveils Browser-Based Office Apps · · Score: 1

    This is your wife. You are a paranoid twit. I can't believe it took you more than 3 hours tonight to craft this "brilliant" post - I'm disappointed. Furthermore, I hope this teaches you to never leave your slashdot account open on my computer. Twit.

  13. That just means on RIAA Litigation May Be Unconstitutional · · Score: 1

    You've never read a Heinlein novel.

  14. I'm right more often. on Microsoft Unveils Browser-Based Office Apps · · Score: 1

    Look, you were doing a fine job for your boss right up until you started to annoy me. I don't crawl the dark corners of the Internet any more so I don't have time to hunt up a nice exploit for you. I do however have a good reputation here. So here's my first slashdot comment with this account, a reply to the story "Yet Another Windows Worm". There have been 1600 of 'em since then and I've been right far more often than I've been wrong. I've posted so much insightful, forward looking, informative information (and some funny stuff) here that it is worthwhile to subscribe just to read it. This, for example is my fifth comment, my first read on the SCO debacle:

    So the idea is that if you pay millions for commercial software, some company you didn't even know you were doing business with can shut you down. But if you use the free software that works better, is more compatible and looks the same, you're good to go. And this is a problem. OK, thought I had it. Somebody explain this again.

    2003 was such a pivotal year. My contribution here is appreciated a lot more than yours. How many astroturf campaign ribbons do you have, anyway? I've never had that many highly moderated rebuttals, and I've posted when I shouldn't have. Maybe your arguments are unpersuasive. Or maybe you're not "with us"? Looking over your back posts I don't see anything to convince me you're an unbiased party. You probably don't want me to dig in there for material to post in response to your reply of this post.

    Back to the subject at hand:

    Maybe, if Vista ever gets 20% real share there will be enough exploits to waste a few on some bots that find Microsoft's honey pots. I could probably give some useful guidance here, but I won't because I have no interest in furthering your mission. The 20% share thing looks like outside odds anyway.

    It is my firm belief that there exists within a default install of Microsoft Vista and Microsoft Server 2008 a vulnerability which allows an anonymous attacker to achieve total control of such a system without user interaction. I further believe that such vulnerabilities are currently being exploited in targeted attacks against "high value" targets. I also believe that as time goes on these exploits will become more bold and be revealed. These are the trivial vulnerabilities that are absurd in that nobody uses the product this way. I also believe that with user interaction a Windows Vista system with a full suite of Microsoft applications or a common Windows 2008 server usefully configured with normal services contains sufficient vulnerabilities to make its use for normal business matters unwise and its use for confidential business matters or critical operations involving life and safety deliberately stupid . Further, I believe that as each vulnerability becomes common, is revealed, patched and repatched, others like yourself will continue appear to say "That was before! There are no more!" I offer no evidence and I have none. I do not assert that these things are true - I only state that I believe them. I really do believe this and there's nothing you could say or do to dissuade me from these beliefs. Perhaps it's foolish to believe things without evidence. I certainly won't encourage others to do so. But this I'm willing to take on faith and experience. I believed this on release of Windows NT (all versions) Windows 98 and SE, Windows 2000, Windows ME, Server 2003 through too many "security updates" to enumerate here. People who read here who value my oft-validated opinions will take note, now that you've drawn this statement out of me. I haven't been wrong yet. Time will tell whether I'm right now. Since Windows 7 relies so much on Windows Vista's legacy code (such a legacy!), it seems unlikely this will

  15. ... and I feel fine. on Discuss the US Presidential Election & the Economy · · Score: 4, Informative

    Lots of money moving around. If you're quick you can catch some of it - or lose everything.

    Me, I'm going to keep doing what I'm doing - go to work and pay my bills and tough it out.

    The election? I'll be glad when it's over and everybody can shut up about it. Whoever wins is in for a lot of stress.

  16. Security experts? on Microsoft Unveils Browser-Based Office Apps · · Score: 1

    ahem.

    Let's just agree we don't see eye to eye. Time will tell.

  17. The patch! on Microsoft Unveils Browser-Based Office Apps · · Score: 2, Interesting

    2. The patch was released before the exploit was available -- that's a win for MS.

    Bzzt! Wrong!:

    We discovered this vulnerability as part of our research into a limited series of targeted malware attacks against Windows XP systems that we discovered about two weeks ago through our ongoing monitoring.

    Microsoft developed the patch in response to targeted attacks. Therefore exploit code was in the wild before the patch. You are right about it dating back to XP, and all prior versions of Windows. Someone, somewhere, has been exploiting this remotely exploitable security hole in highly targeted attacks for an indeterminate number of years. Who knows what valuable proprietary data they've got so far? What corporate secrets were leaked? Every time this happens we get some idiot on here blathering about how things are better now. Well that wasn't true before, was it? It wasn't true last time, was it? Note the 10 XP vulnerability blurb footing the story. What convincing evidence do you offer that this time they really, really mean it?

  18. A couple decades more likely on Multiple Asteroid Belts Found Orbiting Nearby Star · · Score: 2, Interesting

    Research into ion engines is humming right along.

  19. Mods on crack on Microsoft Embraces AMQP Open Middleware Standard · · Score: 1

    And I have karma to burn.

    Parent is not "off topic"

  20. learn to use close your tags. on Microsoft Announces Windows Azure, Cloud-Based OS · · Score: 1

    Toddler on lap. Your <extraneous verb> excuse?

    /I like five. Five my favorite number.

  21. Re:Embrace, extend... on Microsoft Embraces AMQP Open Middleware Standard · · Score: 1

    Those who do not know history are doomed to repeat it.

    The most common lesson we learn from history is that we don't learn from history.

  22. Re:XMPP on Microsoft Embraces AMQP Open Middleware Standard · · Score: 1

    Thanks for the informative post.

    That Microsoft has Embraced AMQP will hasten its demise.

    A shame, that. Binary was more efficient. I guess we're still learning from Michael Hart that although it's less efficient in the moment, in the fullness of time it's the most efficient.

  23. The 'itsatrap' tag is on vacation today? on Microsoft Embraces AMQP Open Middleware Standard · · Score: 0, Offtopic

    Seriously.

  24. >I hope this turns into microsoft bob 2.0. on Microsoft Announces Windows Azure, Cloud-Based OS · · Score: 1

    Count on it.

  25. Re:It is NOT A NEW OS on Microsoft Announces Windows Azure, Cloud-Based OS · · Score: 1

    It is a new interface to a hosted platform for your .net apps, sharepoint, dynamics CRM and SQL server which will surely be running on clusters of good old server 2003 and 2008.

    Oh cool. Then I don't even need to look at it 'cuz I already know where the traps in all those products are and so I don't use them.