In past releases, it was completely voluntary, and it doesnt sound like that is going to change in the future. At the keynote, Jobs and Co. were beating up on Vista, and one of the things they pointed out is a disliked 'feature' called activation. So my guess would be that 10.5 wont be introducing any new form of activation. They may, however, introduce a product code to attempt to thwart piracy, but it hasn't been done in the past, from OS 6 all the way up to the latest OS X.
Yes, I am a dumbass, I mis-read the first page.. (as I prefaced- I may be reading this wrong, in my original message)
This still doesn't change the fact that what he is doing relies heavily on phishing/getting a user to go to his server first to gain initial access to the server, which, IMHO, makes this more than just a hack- it relies on social engineering/hacking/whatever you want to call it. It is just another form of playing off a user's lack of knowledge/ignorance, and letting unsterilized (sanitized, whatever you want to call it) data pass to the server. That being said, if you can get a user to fall for a "click here, come to my server to log in to your server", you can probably get a lot more out of them than just a session ID.
As I said- it is an interesting article, but what it really boils down to is what should have been pounded into every web developers head from the start- make sure there is no way to inject melicious code into your POSTS.
Sure, it is an interesting read.. that being said, nothing here is exactly shocking.
I may be reading this wrong, but, he gains access to the server by requiring a legitimate user to log on to the site, through a third party server of his (Might be done via phishing, etc..), then he nabs a valid php session id, via some injected javascript code. Why not just grab the users login and password when they submit the form through your server? If you already have them logging in via a proxy, this would be much easier, and more reliable- sessions expire, etc..
As with most of these articles on security- simply make sure you sterilize any incoming data. Again, its not exactly rocket science.
Heh.. just wait until they start changing the playing field on you.. advertise the next great phone (which is 7 generations in technology behind every other carrier) with 100 brand new features, then deliver 20 of those 100 features promising the rest will be enabled in a firmware release, which never comes..
Just wait until you have service problems with your cell phone, and it takes 2 hours on hold to get ahold of someone who can barely speak english, and is clearly reading off a script and does nothing to fix your problem.
Just wait until Verizon is the only DSL/broadband choice in your area, and it takes them 4 weeks, yes, 4 weeks to flip the switch to turn on your DSL.. Had the modem plugged in for that long, and they just took their sweet little old time to turn it on..
Just wait until your land line mysteriously goes out, and it takes them 2 weeks to send someone out to fix it.
Oh, and how about the old "this slip is pink, so you must have dunked your cell phone in the water" trick.. I hold up a piece of paper to the sticker, and it is as white as the white piece of paper..
Verizon- we never stop working for you (well, unless it isn't within our profit margins, or it will require us to have a competent employee do some work).
I'm not one to side with a "greedy" corperation, but this seems like a knee-jerk typical "stir the pot" title to me.
Half way down the article, an actual source (Jeff Battcher) from Bell South is quoted as saying that they are suprised that the city officials would claim this, as they are still working out the terms of the building, and that the offer is still on the table.
On the other hand, the article claims that "city officials", no specific source, claims that Bell South is withdrawing the offer. Seems kind of fishy to me. As usual, the truth is probably somewhere in the middle.
I gamble because I enjoy it- it is entertainment. My father bestowed some good wisdom on me when it comes to playing blackjack- if you go into it thinking you are going to win, you'll be sorely disappointed. If you look at it as entertainment, and budget it appropriatly, you will have a good time, and might even come out ahead. To me, sitting down at a hot blackjack table, with (gasp!) real people sitting beside me, and a good dealer who is having just as much fun, is entertainment. Sitting in at my computer, playing against what could be a person, or a bot, not holding the cards in my hands, etc.. is just plain boring.
Just as Verizon is lashing out against "spammers", they are doing the same to thier own customers. My wife recently recieved not one, but 3 text message, from Verizon, telling her that she can upgrade her plan. When we called to ask them to stop, their response was the her current plan "entitled her" to receive text message of plan upgrades. We asked them to stop, they said "No."
It wasn't until I spoke with a manager, and let him know that they would be losing my wife, myself, and my company (a few thousand dollars worth of service per year) if they did not "unentitle" her to receive text message ads.
Here is a link that will consume enough bandwidth to easily slashdot the heck out of their server.
If that isnt enough for you, here is another link that will consume enough bandwidth the slashdot, annihilate, then set it on fire for good measure.
Long long ago, I was assigned a school project- each person had to research a specific type of cancer. I decided to look into pancreatic cancer, and started looking through books, etc..
I went to speak with my doctor about it, and he was very hesitant to tell me anything. The problem with pancreatic cancer is 1) it is almost 100% fatal, 2) the initial symptoms are the types of things you experience regularly. Many people, when learning all of the symptoms, etc, find those in themselves, and automatically think the worst. Working a great deal with probablity now, I understand how this happens- people tend to assume that the probability of a high consequence, low occurance risk is much higher than it really is (look at post 9/11 United States- people tend to over estimate the risk).
So, when the info is out there, there will be those that over estimate the risk, see symptoms, and diagnose themselves with all kinds of crazy illnesses.
The telecom industry, selling our info for their profit?? Is anyone suprised at all by this?? My wife, who has a verizon phone, received a spam text message from verizon, asking her to upgrade her plan. We called to tell them never to do this again (or they would no longer have us as customers), and their reply was "tough luck." I wonder at what point the telecom industry will alienate their client base, to the point that people stop using their service?
I suppose it would be OK for passengers, but you know some jackass is going to start IMing, fragging, looking up pr0n and who knows what else, while driving. Which would be a worse driver? Soccer mom on a cell phone, or computer geek surfing the web.. thats a tough call!!
If you had tried to tell someone that any two objects have an invisible force between them, and that over small distances the two objects are attracted to each other, that person would probably think you were full of hooey as well.
I'm not saying this story is necessarily legit, but just because something doesnt fit into our known world, doesnt mean it is hooey. If that was the case, why do any kind of scientific investigation at all?
If Warriors of Freedom made these kids attempt a killing spree, we can also conclude, that spoons are what made Rosie O'Donnell fat..
This "blame everything else" mentality is going way too far.
Slashdot Mirror
Try clicking on the 3D view. The 3D view requires IE 6/7.
... by the time Vista finally hits store shelves, 32-bit CPUs will be a long forgotten antique.
In past releases, it was completely voluntary, and it doesnt sound like that is going to change in the future. At the keynote, Jobs and Co. were beating up on Vista, and one of the things they pointed out is a disliked 'feature' called activation. So my guess would be that 10.5 wont be introducing any new form of activation. They may, however, introduce a product code to attempt to thwart piracy, but it hasn't been done in the past, from OS 6 all the way up to the latest OS X.
Yes, I am a dumbass, I mis-read the first page.. (as I prefaced- I may be reading this wrong, in my original message)
This still doesn't change the fact that what he is doing relies heavily on phishing/getting a user to go to his server first to gain initial access to the server, which, IMHO, makes this more than just a hack- it relies on social engineering/hacking/whatever you want to call it. It is just another form of playing off a user's lack of knowledge/ignorance, and letting unsterilized (sanitized, whatever you want to call it) data pass to the server. That being said, if you can get a user to fall for a "click here, come to my server to log in to your server", you can probably get a lot more out of them than just a session ID.
As I said- it is an interesting article, but what it really boils down to is what should have been pounded into every web developers head from the start- make sure there is no way to inject melicious code into your POSTS.
Sure, it is an interesting read.. that being said, nothing here is exactly shocking.
I may be reading this wrong, but, he gains access to the server by requiring a legitimate user to log on to the site, through a third party server of his (Might be done via phishing, etc..), then he nabs a valid php session id, via some injected javascript code. Why not just grab the users login and password when they submit the form through your server? If you already have them logging in via a proxy, this would be much easier, and more reliable- sessions expire, etc..
As with most of these articles on security- simply make sure you sterilize any incoming data. Again, its not exactly rocket science.
Fear not.. on November 1st a new firmware is coming out that will also allow you to play a certain power ballad by Guns and Roses.
No no no...
They mean the kind of witches with wart covered noses, flying brooms, and bubbling cauldrons..
Heh.. just wait until they start changing the playing field on you.. advertise the next great phone (which is 7 generations in technology behind every other carrier) with 100 brand new features, then deliver 20 of those 100 features promising the rest will be enabled in a firmware release, which never comes..
Just wait until you have service problems with your cell phone, and it takes 2 hours on hold to get ahold of someone who can barely speak english, and is clearly reading off a script and does nothing to fix your problem.
Just wait until Verizon is the only DSL/broadband choice in your area, and it takes them 4 weeks, yes, 4 weeks to flip the switch to turn on your DSL.. Had the modem plugged in for that long, and they just took their sweet little old time to turn it on..
Just wait until your land line mysteriously goes out, and it takes them 2 weeks to send someone out to fix it.
Oh, and how about the old "this slip is pink, so you must have dunked your cell phone in the water" trick.. I hold up a piece of paper to the sticker, and it is as white as the white piece of paper..
Verizon- we never stop working for you (well, unless it isn't within our profit margins, or it will require us to have a competent employee do some work).
Shouldnt this be listed under "Your rights online"
Why, because anyone who does anything remotely bad, is a republican..
I'm not one to side with a "greedy" corperation, but this seems like a knee-jerk typical "stir the pot" title to me.
Half way down the article, an actual source (Jeff Battcher) from Bell South is quoted as saying that they are suprised that the city officials would claim this, as they are still working out the terms of the building, and that the offer is still on the table.
On the other hand, the article claims that "city officials", no specific source, claims that Bell South is withdrawing the offer. Seems kind of fishy to me. As usual, the truth is probably somewhere in the middle.
And if it wasn't for you pesky kids and your LRAD, I would have gotten away with it too!
Is this a 3 year old article?? Or did we just pass too close to a black hole, bending time or something???
I agree, and have some other reasons.
I gamble because I enjoy it- it is entertainment. My father bestowed some good wisdom on me when it comes to playing blackjack- if you go into it thinking you are going to win, you'll be sorely disappointed. If you look at it as entertainment, and budget it appropriatly, you will have a good time, and might even come out ahead. To me, sitting down at a hot blackjack table, with (gasp!) real people sitting beside me, and a good dealer who is having just as much fun, is entertainment. Sitting in at my computer, playing against what could be a person, or a bot, not holding the cards in my hands, etc.. is just plain boring.
Just as Verizon is lashing out against "spammers", they are doing the same to thier own customers. My wife recently recieved not one, but 3 text message, from Verizon, telling her that she can upgrade her plan. When we called to ask them to stop, their response was the her current plan "entitled her" to receive text message of plan upgrades. We asked them to stop, they said "No." It wasn't until I spoke with a manager, and let him know that they would be losing my wife, myself, and my company (a few thousand dollars worth of service per year) if they did not "unentitle" her to receive text message ads.
Here is a link that will consume enough bandwidth to easily slashdot the heck out of their server. If that isnt enough for you, here is another link that will consume enough bandwidth the slashdot, annihilate, then set it on fire for good measure.
Long long ago, I was assigned a school project- each person had to research a specific type of cancer. I decided to look into pancreatic cancer, and started looking through books, etc.. I went to speak with my doctor about it, and he was very hesitant to tell me anything. The problem with pancreatic cancer is 1) it is almost 100% fatal, 2) the initial symptoms are the types of things you experience regularly. Many people, when learning all of the symptoms, etc, find those in themselves, and automatically think the worst. Working a great deal with probablity now, I understand how this happens- people tend to assume that the probability of a high consequence, low occurance risk is much higher than it really is (look at post 9/11 United States- people tend to over estimate the risk). So, when the info is out there, there will be those that over estimate the risk, see symptoms, and diagnose themselves with all kinds of crazy illnesses.
The telecom industry, selling our info for their profit?? Is anyone suprised at all by this?? My wife, who has a verizon phone, received a spam text message from verizon, asking her to upgrade her plan. We called to tell them never to do this again (or they would no longer have us as customers), and their reply was "tough luck." I wonder at what point the telecom industry will alienate their client base, to the point that people stop using their service?
I suppose it would be OK for passengers, but you know some jackass is going to start IMing, fragging, looking up pr0n and who knows what else, while driving. Which would be a worse driver? Soccer mom on a cell phone, or computer geek surfing the web.. thats a tough call!!
Dont "they" say that pr0n is ultimately what is driving today's technology? With only a 2.5m resolution, in this case, I sure hope not!
Heck, the non-camoflauged towers make the NJ landscape look BETTER.
If you had tried to tell someone that any two objects have an invisible force between them, and that over small distances the two objects are attracted to each other, that person would probably think you were full of hooey as well. I'm not saying this story is necessarily legit, but just because something doesnt fit into our known world, doesnt mean it is hooey. If that was the case, why do any kind of scientific investigation at all?
If Warriors of Freedom made these kids attempt a killing spree, we can also conclude, that spoons are what made Rosie O'Donnell fat.. This "blame everything else" mentality is going way too far.