Bryan Wagner of Littleton, Colo., allegedly used the last four digits of my Social Security number and my home phone number to set up an AT&T online account for my local phone service.
How is this different from the "social engineering" that Kevin Mitnick did? He phoned people and used pretexting to gain access to computer systems. Interesting that when someone rich and powerful does it, it is called "pretexting", yet, when an ordinary person does it, it is called "hacking".
If the trojan can be installed it can be sniffed out and discovered.
Which then raises the interesting question: how will anti-spyware vendors (including MS) respond to this? There really are no good solutions for an anti-spyware vendor in this case, since detecting it could be considered as hindering law enforcement, which would be illegal in many jurisdictions.
I think the better point is that at the end, even after screwing up IE 7 so badly, the author was able to remove all the toolbars with relative ease (save the Yahoo toolbar
This does look like MS has improved security in IE. IE7 made some of the installations sufficiently difficult that a naiive user would not be able to complete them.
The real question is how long will this situation persist? Will spyware vendors find means to disable the security features of IE7, or will IE7 continue to be resistant?
Comment above appears to be from a brand new user, who has only commented on this story. One might suspect that Sphonix is Patchou himself or someone closely related to Patchou.
That's why cable companies provide batteries for their eMTAs(phone adapters)
True.
for when the power goes out as well as UPSs for the CMTSs upstream.
Not True. I had an area-wide power cut recently and my Comcast phone stopped working. I called out a tech and explained that I expected the phone to continue working and his respnse was that the upstream boxes are not protected by UPSs.
Anyway, all of this is irrelevent because the original poster was talking about Comcast Digital Voice. Comcast has 2 offerings: Digital phone (phone over cable) and Digital Voice (VoIP).
I can understand that a law exists that prevents items that violate US patent law from being exported, but why does the US have such a law? All it does is harm US manufacturers. It only makes sense for patents to apply where the product is actually used.
Assume a product is used in country A. There are no patents in country A that affect this device. The only patents on this device exist in the USA. Now, every country on the globe can build and ship this device to country A, EXCEPT the USA. How does this law make sense.
Have you read the MTBF rating on that 200 gb Seagate drive? They claim 600,000 hours. That's like 70 years of continuous operation. "Mean" time between failure; that means that half of those drives should still work after 70 years.
No. That is not what MTBF indicates. MTBF does not measure lifetime, it measures random failure rates during the expected lifetime of the drive. A good explanation can be found here
Nevertheless, said Wolf, a large number of IT shops are investigating Microsoft's offering. "They are buying in to the future that Microsoft is promising."
When are people who control IT budgets going to see that MS always delivers less than promised, later than promised? OK, I know that many (most?) s/w development projects are late to deliver, but when comparing something that exists today with promises from MS, why would one believe the promise?
Here's an honest question: Ignoring the cost, just what is it that you think is so much better about Windows 2000 compared to XP? I've used both and I'll tell you what: Nothing.
One word: Activation. W2K does not have this, XP does.
Also, W2K does not have the broken implementation of access to shares that XP home has. I know that XP home to W2K is not a fair comparison, but the point is that MS took something that works and deliberately made it less functional. An example: a person in my office cannot access a SAMBA share from his XP-H machine. He then accesses his home directory on the same machine and now magically, he can access the share that was previously denied earlier.
At least at my University, anything you turn in for a grade becomes the property of the University.
I don't thik this is possible. Copyright laws have strict requirement over what constitutes a copyright transfer and it requires a specific conveyance of the copyrights. So, an agreement made at the beginning of your studies can't possibly convey something that does not exist, nor can a policy possibly be construed as an instrument of conveyance.
What might be possible is that you grant a license to the university that allows the university to do whatever it likes with your papers, but you still own the copyright.
It's going to be interesting to see what price they put on the phones without a service plan. I suspect that the phone companies inflate the value of the phones that they discount, leading to inflated sales tax payments in most states in the USA (for those who don't understand this, when you buy a phone with a service plan, because services are not usually subject to sales taxes, the state insists that the vendor collects and pays sales tax based on a nominal full price of the phone, even if the price paid for the phone is discounted, sometimes to zero).
If the price without a plan is less than the price that the phone company would normally quote for the phone, one could argue that less sales taxes are due on a new discounted phone.
You have given an example of how badly written laws can have negative consequences. Well, Duh! This applies to any law. Should Congress just give up now and go home?
It's up to you to show how NN laws can be written to avoid outlawing legitimate applications like the one I gave, particularly when my linked to JE, proposing the enforcement of minimum standards, also prevents such discrimination without preventing the legitimate scenario I presented.
What you did was extrapolated to an extreme and showed how that could be bad. Neither you (I assume) nor I nor most (or all?) of/. posters have any experience in writing laws. However, just because we cannot write good laws does not mean that such laws cannot be written.
The commercial internet has existed now for over a decade, and the tools to allow carriers to shape traffic at will have existed that entire time. And yet, no one has attempted the kind of favoritism that "net neutrality" is concerned could happen.
It seems to me that market forces have been and will be sufficient to guarantee that the net is as neutral as the people want it to be.
You are being incredibly naiive. Why do you think that the telcos are spending lobbying dollars on trying to eliminate any regulation that would enforce net neutrality if they don't plan on doing traffic shaping that would not be neutral?
The telcos see a new source of revenue: charging Google, Yahoo, etc. to deliver "their" packets. Of course they plan to go after this revenue.
Market forces only work where there is a functioning market. For high-speed Internet, there are no functioning markets -- why do you think Internet access is far more expensive in the US than in many other countries? We have an oligopoly in high speed Internet access in most cities across the US.
'm tired of trying to talk people into Gentoo only to find out that the tree is half-f***ed all the time [like packages marked stable requiring other libs NOT IN THE F***** TREE YET].
This is simply not true. If there are problems, the parent has wildly exaggerated them.
I have been engaged in massive updates to my system recently, prompted by:
1. GCC update (and the effect on libstdc++)
2. OpenSSL (requiring a re-build of all packages depending on OpenSSL)
3. A large number of package updates recently.
Now, running the updates using revdep-rebuild for libcrypto and libssl has not got without any problems, but they have usually been solved by upgrading to the latest stable version of the package. So, I know from personal experience that the situation is simply not as bad as the parent claims. I have several systems, from servers to desktops, so I have a good range of packages.
Somewhere in the bug system is a YEARS OLD ticket, begging the tree maintainers to add one of the (otherwise very popular) alternatives to the horrendously bad etc-update tool. Numerous times people had "bumped" the ticket by replying to it, and asking what the hold-up was.
And a replacement has been there for years -- it's called "dispatch-conf".
I went through the same thing a week ago and gave up when it wanted me to set each parameter for the kernel (the auto configure kernel failed)..there we like 500 options and I have no idea which ones my IBM T42 supports or not. It was hell.
So use a distro that does not require you to configure the kernel: Red Hat, SUSE, Ubuntu, Linspire,... there are many from which to choose.
I built OpenOffice on my 1GHz Duron machine -- that alone took 10 days. Now I use OpenOffice-bin.
But seriously, Joe Barr: 1. Did not RTFM 2. Was impatient and gave up his first attempt while it was still running.
There are alternatives. I have used a chroot approach to building a system while running under another distro. This works well, is low risk and is documented.
At my organization's recent annual meeting, we had several sites on two different continents. PowerPoint (I know, yuck) presentations were shared between locations with GoToMeeting. The presenter moved to the next slide, and all the remote sites updated automatically, in almost real time.
Simple. My bank N E V E R sends an email that requires a logon. Most banks are the same.
If so, good. But I don't think this is universal. For example Paypal (I know: Paypal is not a bank) recently sent me an email with a link which results in a login page.
My point is that banks that don't employ good practices should be held liable for phishing losses, while those banks that do emply good practices might be less likely to be held liable.
Putting all PCs in a common room will strongly limit a child's desire to download dubious material. Do this both ways: use your own PC only in family areas of the house.
I really get sick of this sendmail bashing. There are problems with sendmail and they are trying to rewrite sendmail to solve them. There is no such thing as perfectly secure software.
Perfectly secure: no. But look at Secunia's reports:
Postfix 1.x:
Affected By 1 Secunia advisories
Unpatched 0% (0 of 1 Secunia advisories)
Postfix 2.x:
Affected By 0 Secunia advisories
in contrast, look at Sendmail 8:
Affected By 10 Secunia advisories
Unpatched 10% (1 of 10 Secunia advisories)
So, given that there are unpatched vulnerabilities in Sendmail, why should you wait for the team to finish re-writing the code? Now, it is possible that Sendmail has some advantages in very high volume situations (although there are some older benchmarks that show Postfix was faster), but why would you want to use an MTA that is more difficult to configure and has known vulnerabilities?
I believe the main reason that people use Sendmail is that, having gone to the trouble to learn how to configure it, they don't want to waste that effort (as well as it being the default MTA in many distributions).
Phishing? Man, I dunno -- seems to me that if you get suckered into giving someone your account information, that's kind of your own problem. It's not Paypal's fault if you actually believed that the poorly-worded email you got was actually from them because it had their logo someplace on it.
I think the issue is actually rather gray. The questions one has to ask are: what does a genuine email fromm the bank look like? Can it be easily distinguished from a phishing email? Does the bank embed links to login pages in their emails? How responsive is the bank to reports of phishing? For example, a bank could perhaps continuously move the URLs for images on the bank's site, so that a phishing webpage that pointed to images on the bank's site would have broken links, etc.. There are probably lots of other questions.
The real question is how long will this situation persist? Will spyware vendors find means to disable the security features of IE7, or will IE7 continue to be resistant?
Comment above appears to be from a brand new user, who has only commented on this story. One might suspect that Sphonix is Patchou himself or someone closely related to Patchou.
Anyway, all of this is irrelevent because the original poster was talking about Comcast Digital Voice. Comcast has 2 offerings: Digital phone (phone over cable) and Digital Voice (VoIP).
I can understand that a law exists that prevents items that violate US patent law from being exported, but why does the US have such a law? All it does is harm US manufacturers. It only makes sense for patents to apply where the product is actually used.
Assume a product is used in country A. There are no patents in country A that affect this device. The only patents on this device exist in the USA. Now, every country on the globe can build and ship this device to country A, EXCEPT the USA. How does this law make sense.
Also, W2K does not have the broken implementation of access to shares that XP home has. I know that XP home to W2K is not a fair comparison, but the point is that MS took something that works and deliberately made it less functional. An example: a person in my office cannot access a SAMBA share from his XP-H machine. He then accesses his home directory on the same machine and now magically, he can access the share that was previously denied earlier.
What might be possible is that you grant a license to the university that allows the university to do whatever it likes with your papers, but you still own the copyright.
Check out section 204 of the copuright code
Probably the university owns the physical copy of the paper that you turned in, but not the underlying copyrights.
It's going to be interesting to see what price they put on the phones without a service plan. I suspect that the phone companies inflate the value of the phones that they discount, leading to inflated sales tax payments in most states in the USA (for those who don't understand this, when you buy a phone with a service plan, because services are not usually subject to sales taxes, the state insists that the vendor collects and pays sales tax based on a nominal full price of the phone, even if the price paid for the phone is discounted, sometimes to zero).
If the price without a plan is less than the price that the phone company would normally quote for the phone, one could argue that less sales taxes are due on a new discounted phone.
Essentially, your argument is a strawman.
The telcos see a new source of revenue: charging Google, Yahoo, etc. to deliver "their" packets. Of course they plan to go after this revenue.
Market forces only work where there is a functioning market. For high-speed Internet, there are no functioning markets -- why do you think Internet access is far more expensive in the US than in many other countries? We have an oligopoly in high speed Internet access in most cities across the US.
I have been engaged in massive updates to my system recently, prompted by:
1. GCC update (and the effect on libstdc++)
2. OpenSSL (requiring a re-build of all packages depending on OpenSSL)
3. A large number of package updates recently.
Now, running the updates using revdep-rebuild for libcrypto and libssl has not got without any problems, but they have usually been solved by upgrading to the latest stable version of the package. So, I know from personal experience that the situation is simply not as bad as the parent claims. I have several systems, from servers to desktops, so I have a good range of packages.
I built OpenOffice on my 1GHz Duron machine -- that alone took 10 days. Now I use OpenOffice-bin.
But seriously, Joe Barr:
1. Did not RTFM
2. Was impatient and gave up his first attempt while it was still running.
There are alternatives. I have used a chroot approach to building a system while running under another distro. This works well, is low risk and is documented.
My point is that banks that don't employ good practices should be held liable for phishing losses, while those banks that do emply good practices might be less likely to be held liable.
Putting all PCs in a common room will strongly limit a child's desire to download dubious material. Do this both ways: use your own PC only in family areas of the house.
Postfix 1.x:
Affected By 1 Secunia advisories
Unpatched 0% (0 of 1 Secunia advisories)
Postfix 2.x:
Affected By 0 Secunia advisories
in contrast, look at Sendmail 8:
Affected By 10 Secunia advisories
Unpatched 10% (1 of 10 Secunia advisories)
So, given that there are unpatched vulnerabilities in Sendmail, why should you wait for the team to finish re-writing the code? Now, it is possible that Sendmail has some advantages in very high volume situations (although there are some older benchmarks that show Postfix was faster), but why would you want to use an MTA that is more difficult to configure and has known vulnerabilities?
I believe the main reason that people use Sendmail is that, having gone to the trouble to learn how to configure it, they don't want to waste that effort (as well as it being the default MTA in many distributions).