The reasons they give in the article for not pushing the patch make sense. If you have a plug and play patch that you need to push to that many workstations with plug and play devices to immediately push the patch would be gross folly.
The mention the real problem in the article, why is there a connection to this network from the public internet? They are just inviting problems like this. At the very least there should be some perimeter security with an IDS of some kind. Even a $40 linksys router with the "firewall" and NAT enabled could have stopped this.
IMO that is a much bigger concern than why they held back the patch.
In actual blind listening tests, and technical tests, ATRAC is actually rated as one of the worst compression schemes.
There is something in the criteria of that study that is messed up.
Me and two other guys in my office all have replaced our MDs in the last year, 2 with ipods and one with a Creative HD player. All of us think that the MDs sound much better, possibly it's the hardware. ATRAC might be horrible but MD players sound good, way better than my ipod, even using high bitrate mp4s
Okay well here's an example.
A while ago I called 911 because there was some moron driving around my very dense urban neighborhood in a Western Star truck (big ass tractor trailer). He was quite obviously giving his two buddies a tour around the place as he was screwing around with the horn and going in circles. There were several places in the area that he couldn't get the damn truck through and he came nose to nose with me in my g/f's Civic after turning a corner and barely stopped, he was within a foot. There was no way to pass as there were cars parked on both sides of the street, I probably couldn't have walked between the truck and the parked cars. I had to back all the way down the street.
I called 911, as I know damn well that the guy was just screwing around and he was endangering both lives and property. I was chastised by the 911 operator for calling when it wasn't a "real" emergency. Realistically it was only a matter of time before the guy took out something or some person (it ended up being a parking sign). Maybe I didn't make my case well enough or something but just because someone isn't hurt now doesn't mean that there isn't a situation that could develop that way. 911 services shouldn't be exclusively reactive.
The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition) though it could be avoided by turning off Active Scripting, as suggested by Microsoft Security Response Center blog.
Per the same blog, the 20 March release of IE7 Beta is not vulnerable.
So somebody notifies them of a problem 40 days ago and they have time to fix a BETA but not the actual released product?
The best solution I've found is using HijackThis to manually remove suspicious entries, but this is hardly a feasible solution for the average user.
This is part of the problem though. When someone finds an piece of malicious software they often fail to submit it the AV and anti spyware companies so definitions can be updated. I'm guilty of it myself in the past as well but we do need to be responsible community members.
So all your users are using dat files that are several days old? This just means that they have 3 extra days of vulnerability.
I do the same thing, you have to weigh the potential of a bad update screwing you over versus that extra couple days. There isn't an easy answer, sometimes I'll push an update right away. Virus defs, windows updates whatever, you have to evaluate them all on a case by case basis.
It wastes a lot of time sure but after I got screwed over by a Windows update a few years ago I'm very careful with this stuff.
I use Shaw so aparently I'm a "victim" of this traffic shaping. I can't figure out what everyone is so up in arms about his for. I'm not a heavy BT user but I use it to grab a couple TV shows evey week, it works fine, usually takes me a few hours to ge a BSG episode tops. I got the entire second season of the OC for my g/f in 2 days. It's not like BT doesn't work anymore, if nobody told me about this I wouldn't have noticed.
With cable you still share a certain ammount of bandwidth with the people on your trunk, espescially on the upstream. Unfortunately some people are bandwith hogs. I see this as protecting me from the guy down the street with the warez fetish more than anything else.
Has anyone found themselves unable to use BT because of this?
The United States was not a threat to Iraq until it began brutally murdering its own citizens en masse with chemical weapons and attacking its neighbors.
Maybe I just haven't been paying attention or something but that whole gassing his own people bit happened 15 years before the US invasion. Took your sweet ass time to do something about it didn't you?
Maybe that wasn't the reason for the invasion after all, I mean even people from the CIA say he didn't do it on purpose, they were probably attacking the Iranian troops in the town at the time.
The population of Gander Newfoundland is about 10k people, on 9/11 there was about 10k people stranded there for a few days. Was that where your friend got stuck? Things were, naturally, a little messed up with trying to feed and shelter that many people. Sorry about that but do you really think some remote outpost in Alaska caould handle taking care of that many people much better?
Next time feel free to have all those planes circle over the ocean until they run out of fuel.
http://www.snopes.com/rumors/gander.htm
I worked for my friend's constuction compay for a fwe months this spring, I'm very familiar with the neiborhood crank scenario. Of course I'm also familiar with what sometimes happens on construction sites so I suspect the truth probably lies somewhere in the middle. It is impossible to not have things like this happen, at some point in a project somebody is going to spill a couple liters of fuel, a couple gallons of oil are going to get sloshed around when the concrete forms go in. Stuff happens, I'd have to see the pictures to say how bad it really was. The safety violations are something else though.
On the other hand, you should consider yourself lucky in your local crank, it could be much worse. My cousin's boyfriend and a kid I used to caoch used to rent a house, a couple of good kids, nver been in trouble. The guy next door, who was a retired RCMP officer, didn't like them for some reason. He decided that 2 young guys renting a house, friends comming over all the time etc = pot grow house and called some of his old cop buddies. A coule days later this poor kid is stting on the couch watching TV and a SWAT team beaks down his door and shoves a shotgun up his nose. They found nothing of course.
Not to pee on your parade or anything but I'm really wondering if say a PDF scan of your documents will be useful.
I can't imagine being able to submit a digital copy of a birth certificate if you want to get a replacemnt passport or something. I'm sure they will want the actual document.
Canola is the very definition of hearty crop. It is a 3 foot high plant with yellow flowers and once it is established in an area it is almost impossible to get rid of. One of my earliest memories is listeneing to my dad complain about what the canola field across the road did to our lawn. I have absolutely no doubt that this poor guy never touched "Roundup Ready" seed in his life, he didn't have to.
Well for me it would be the time I spent working on the frontend for a web app that marketing was pumping as our "new concept". This meant that the design was changing hourly. Not that it mattered much as I was trying into a custom report engine that was completely undocumented anyway.
For an entire month my project manager refered to me as her "Graph Bitch".
I got it done and it was sweet too. Never, ever, saw a single customer though, the project was canned at the last minute.
Yeah I got this with Call of Duty a few months ago, man was I pissed.I use virtual drives for a lot of stuff and I had to shut everything thing down just so I could play a game I paid for.
Try calling up Debian and getting them to answer some questions.
Try calling up Microsoft and getting support, I have, it sucks. They have some pretty bright people answering their phones at the business level but you still end up paying $400 to be helped with re-installing Exchange because it just did something rediculous and nobody can figure out why.
I have found that I get better support from the various mailing lists than I have from MS / Oracle / Sun / Whoever that I have shelled out big $ for. If you are buying support because you don't think you can get by without in in your business then you are a sucker. If you are buing it because you are covering your ass then you are a pathetic sucker.
A little while ago I was deciding what case to get for my PC and I settled on an Antec Lanboy. Now all I really wanted was an aluminum case and a good power supply and as it turns out the Lanboy had both of those for $75 less than I could get a normal looking case and Antec power supply. I went for it and ended up with a silly silver painted case that has a plexi glass window and a blue light.
I figured I could live with it but I'm going to have to tart it up a little. I've got a Type-R sticker for the non-window side and I'm trying to figure out how to make some sort lexan fin to stick on the top.
What you say is true but it would also have another side effect. Lets say that your average knock sequence is 5 ports long. This happens in a "keyspace" of 64000, now you are scanning 65000 ports 5^64000 times.
Scanning for open ports just got a whole lot more complicated, no? Almost to the point that it is useless.
Slashdot Mirror
The reasons they give in the article for not pushing the patch make sense. If you have a plug and play patch that you need to push to that many workstations with plug and play devices to immediately push the patch would be gross folly.
The mention the real problem in the article, why is there a connection to this network from the public internet? They are just inviting problems like this. At the very least there should be some perimeter security with an IDS of some kind. Even a $40 linksys router with the "firewall" and NAT enabled could have stopped this.
IMO that is a much bigger concern than why they held back the patch.
There is something in the criteria of that study that is messed up.
Me and two other guys in my office all have replaced our MDs in the last year, 2 with ipods and one with a Creative HD player. All of us think that the MDs sound much better, possibly it's the hardware. ATRAC might be horrible but MD players sound good, way better than my ipod, even using high bitrate mp4s
I was vulnerable but they have fixed it in the March release. Yes, they fixed the Beta version before they fixed anything else.
Okay well here's an example. A while ago I called 911 because there was some moron driving around my very dense urban neighborhood in a Western Star truck (big ass tractor trailer). He was quite obviously giving his two buddies a tour around the place as he was screwing around with the horn and going in circles. There were several places in the area that he couldn't get the damn truck through and he came nose to nose with me in my g/f's Civic after turning a corner and barely stopped, he was within a foot. There was no way to pass as there were cars parked on both sides of the street, I probably couldn't have walked between the truck and the parked cars. I had to back all the way down the street. I called 911, as I know damn well that the guy was just screwing around and he was endangering both lives and property. I was chastised by the 911 operator for calling when it wasn't a "real" emergency. Realistically it was only a matter of time before the guy took out something or some person (it ended up being a parking sign). Maybe I didn't make my case well enough or something but just because someone isn't hurt now doesn't mean that there isn't a situation that could develop that way. 911 services shouldn't be exclusively reactive.
So somebody notifies them of a problem 40 days ago and they have time to fix a BETA but not the actual released product?
Wonderful.
This is part of the problem though. When someone finds an piece of malicious software they often fail to submit it the AV and anti spyware companies so definitions can be updated. I'm guilty of it myself in the past as well but we do need to be responsible community members.
First line of the letter: Dear John Doe (SIN: xxx xxx xxx)
I was greatly pissed.
I do the same thing, you have to weigh the potential of a bad update screwing you over versus that extra couple days. There isn't an easy answer, sometimes I'll push an update right away. Virus defs, windows updates whatever, you have to evaluate them all on a case by case basis.
It wastes a lot of time sure but after I got screwed over by a Windows update a few years ago I'm very careful with this stuff.
Interesting point, what news server do you use?
I use Shaw so aparently I'm a "victim" of this traffic shaping. I can't figure out what everyone is so up in arms about his for. I'm not a heavy BT user but I use it to grab a couple TV shows evey week, it works fine, usually takes me a few hours to ge a BSG episode tops. I got the entire second season of the OC for my g/f in 2 days. It's not like BT doesn't work anymore, if nobody told me about this I wouldn't have noticed.
With cable you still share a certain ammount of bandwidth with the people on your trunk, espescially on the upstream. Unfortunately some people are bandwith hogs. I see this as protecting me from the guy down the street with the warez fetish more than anything else.
Has anyone found themselves unable to use BT because of this?
The United States was not a threat to Iraq until it began brutally murdering its own citizens en masse with chemical weapons and attacking its neighbors.
7 79.htm
Maybe I just haven't been paying attention or something but that whole gassing his own people bit happened 15 years before the US invasion. Took your sweet ass time to do something about it didn't you?
Maybe that wasn't the reason for the invasion after all, I mean even people from the CIA say he didn't do it on purpose, they were probably attacking the Iranian troops in the town at the time.
http://www.informationclearinghouse.info/article1
But hey don't let actual history get in the way of your arguments, your government doesn't.
The population of Gander Newfoundland is about 10k people, on 9/11 there was about 10k people stranded there for a few days. Was that where your friend got stuck? Things were, naturally, a little messed up with trying to feed and shelter that many people. Sorry about that but do you really think some remote outpost in Alaska caould handle taking care of that many people much better? Next time feel free to have all those planes circle over the ocean until they run out of fuel. http://www.snopes.com/rumors/gander.htm
I worked for my friend's constuction compay for a fwe months this spring, I'm very familiar with the neiborhood crank scenario. Of course I'm also familiar with what sometimes happens on construction sites so I suspect the truth probably lies somewhere in the middle. It is impossible to not have things like this happen, at some point in a project somebody is going to spill a couple liters of fuel, a couple gallons of oil are going to get sloshed around when the concrete forms go in. Stuff happens, I'd have to see the pictures to say how bad it really was. The safety violations are something else though. On the other hand, you should consider yourself lucky in your local crank, it could be much worse. My cousin's boyfriend and a kid I used to caoch used to rent a house, a couple of good kids, nver been in trouble. The guy next door, who was a retired RCMP officer, didn't like them for some reason. He decided that 2 young guys renting a house, friends comming over all the time etc = pot grow house and called some of his old cop buddies. A coule days later this poor kid is stting on the couch watching TV and a SWAT team beaks down his door and shoves a shotgun up his nose. They found nothing of course.
Not to pee on your parade or anything but I'm really wondering if say a PDF scan of your documents will be useful. I can't imagine being able to submit a digital copy of a birth certificate if you want to get a replacemnt passport or something. I'm sure they will want the actual document.
So one night a couple years ago I go out and get drunk. Really, really drunk.
The guy I do sub-contracting for calls me right at 7:00am, "uhh, I think an MS auto update broke Autocad at company X".
"Really", I say, "I told you that was in the mail."
So he asks me to go and fix it, aside form the fact that I've only had 2 hours sleep, on the bathroom floor, I say "OK, who's machine is it?"
"All of them"
There is 84 workstations. 84.
Don't worry the engineering was done by a British firm. The bridge won't collapse but it will leak oil.
Canola is the very definition of hearty crop. It is a 3 foot high plant with yellow flowers and once it is established in an area it is almost impossible to get rid of. One of my earliest memories is listeneing to my dad complain about what the canola field across the road did to our lawn. I have absolutely no doubt that this poor guy never touched "Roundup Ready" seed in his life, he didn't have to.
Actually you can do this with Citrix Metaframe as well.
FWIW neither of my Sony MD players have ever done this. One of them has been used every day for 3 years.
For an entire month my project manager refered to me as her "Graph Bitch".
I got it done and it was sweet too. Never, ever, saw a single customer though, the project was canned at the last minute.
Yeah I got this with Call of Duty a few months ago, man was I pissed.I use virtual drives for a lot of stuff and I had to shut everything thing down just so I could play a game I paid for.
Try calling up Microsoft and getting support, I have, it sucks. They have some pretty bright people answering their phones at the business level but you still end up paying $400 to be helped with re-installing Exchange because it just did something rediculous and nobody can figure out why.
I have found that I get better support from the various mailing lists than I have from MS / Oracle / Sun / Whoever that I have shelled out big $ for. If you are buying support because you don't think you can get by without in in your business then you are a sucker. If you are buing it because you are covering your ass then you are a pathetic sucker.
A little while ago I was deciding what case to get for my PC and I settled on an Antec Lanboy. Now all I really wanted was an aluminum case and a good power supply and as it turns out the Lanboy had both of those for $75 less than I could get a normal looking case and Antec power supply. I went for it and ended up with a silly silver painted case that has a plexi glass window and a blue light.
I figured I could live with it but I'm going to have to tart it up a little. I've got a Type-R sticker for the non-window side and I'm trying to figure out how to make some sort lexan fin to stick on the top.
If you can't laugh at yourself...
Scanning for open ports just got a whole lot more complicated, no? Almost to the point that it is useless.
I was thinking to myself, he can't be serious about this but I googled it and I will be damned. I have apnea trouble myself, I think I might try this.
Thanks.