This glyph thing is all very nice and all, but it CHEATS
Indeed, and why use glyphs at all? As jigsaws are basically grids it'd be far simpler just to print the row,column coordinates on each piece - and it'd take even fewer lines of code to do the recognition, this ain't solving a jigsaw at all.
They are convinced that nuclear power is unsafe, that radiation will kill us all, and they are playing a NIMBY game with nuclear waste disposal
You forgot to leave your address so we can send all the safe nuclear waste to your backyard - I'm assuming that the reference to "Not In My Back Yard" was an invitation to dump it in yours?
Its ironic indeed when someone trying to explain the meaning of irony is confused and mistakenly thinks that unexpected and incongruous are the same thing. Unexpected events are not ironic, unexpected incongruous events are - a black fly in your chardonnay is not ironic, as part of a greater chain of incongruous events it may well be, but in and off itself it definitely aint.
proof that alternate browsers are a form of security through obscurity...As the popularity increases you will see more attacks against Mozilla based browsers.
I've seen this argument a few times. "Microsoft has a large number of identified security issues because it has the largest market share so more people are looking for security holes". But this assumes that all software has the same number of flaws just waiting to be found - which is demonstrably false.
Like the silly old cliche "Give a man a fish, he has supper; Teach a man to fish, and he... er... knows how to fish."
I think you meant "Give a man a fish and he'll eat for today, teach him how to fish and he'll eat for a lifetime, teach a thousand men how to fish and they'll destroy an eco-system"
PS If you really want to teach someone make sure they are using the computer and not standing behind you - it may be as frustrating as hell trying to tell them what to do, but they'll never learn anything by watching you do it.
Maybe Global Crossing doesn't want to get involved in petty Internet politics
Except of course by reacting and blocking access to the lycos site they are getting involved.
it's much easier to come up with a conspiracy theory whereby Global Crossing is protecting those evil spammers
Except of course Global Crossing does provide international connectivity to many Chinese providers who host spammer sites and Global Crossing's abuse department specifically disowns complaints about these sites when the chinese ISPs are unresponsive.
Maybe Global Crossing is more concerned about people wasting their bandwidth on the latest cause of the day
If they were really concerned about this then they could simply block port 80 traffic TO the spam sites when it enters their network, not block access to the lycos site.
Your argument is really pretty flimsy, it aint no conspiracy, GBLX provides lots of backbone connectivity to spammer sites in china and GBLX blocked the lycos site - ever heard of occam's razor?
According to netcraft GLBX was/is blocking access to the lycos screensaver site. Is this because the majority of DDOS traffic to sites that spammers use in China was transiting GLBXs backbones - sort of telling isnt it? Is GLBX the most spammer friendly backbone now?
As a Singaporean if you drink tap water then you have been drinking "watered down" NEWater since March 2003. Here is the relevent quote from a speech by the then PM of Singapore:-
We will also use NEWater for domestic purposes. Last year, PUB mounted a public education exercise on NEWater as a source of drinking water. The support far exceeded PUB's expectations. I am told that responding to popular demand, PUB issued 1.5 million bottles of NEWater to the public in a short period of six months. An independent poll by Forbes Research in October 2002 showed an overwhelming level of NEWater acceptance among Singaporeans. 82% indicated that they were prepared to drink it directly, while 16% were prepared to drink it indirectly through mixing with reservoir water.
As announced by PUB in September last year, we are adopting the indirect approach for NEWater as a source of drinking water. Starting today, we are introducing 2 mgd of NEWater into our reservoirs. This is just under 1% of the amount of water that we consume daily . We will increase the amount progressively to 10 mgd by 2011, about 2.5% of our daily consumption then.
I have also drunk NEWater - the bottled unadulterated version - it doesn't taste good, its not offensive but its certainly not branch water.
The malware was hosted on a compromised parked server in the US at a company called Netfirms.com. I complained to them and they re-imaged the server. The exploit was patched in mid April so that particular malware is not going to work any more even if I had an active link to it. It installed various junk as well as a SDbot variant which Nortons recognised several months after I got it (I kept a copy and Nortons found it in my "samples of crappy spyware" folder after a definition update).
The only reason I got this malware was because I was looking for it - some of my user's machines had been infected with junk and I was interested in how this had happened. I checked the squid logs and tested the same URLs and hey presto my machine was suddenly in dire need of a re-image.
After this I tightened up squid to actively deny access to lots of bogus sites and to scan all content for viruses and malware using current patterns - this helps but it is not an ideal solution.
If you really want to test out malware I would suggest that you use google and also look in the various spyware chat boards. The other place is full disclosure and other mailing lists which discuss exploits as many people helpfully post links to POC code for new exploits.
That's funny, I've used IE without getting any malware.
That's funny earlier this year I got malware all over one of my machines because I was using IE. The exploit the malware used was not patched at the time and standard (and up to date) personal firewall and antivirus software didn't help. You are kidding yourself if you think that a lack of ignorance is reasonable protection against flaws in any software. Especially when that software has proven itself to be riddled with holes, has complete access to all the resources on your machine and is constantly used to download untrusted content from untrusted sites on an untrusted network.
Yeah my comparison is somewhat bogus, but no more so than "the Macs are so overpriced" rhetoric. If you can honestly say that comparing a Dell Dimension to an Apple is a fair comparison then you've already blown it. A mid range Dell like an Optiplex maybe, but their low end, crappy, fall to pieces junkbox? In fact an IBM is a better comparison - start spec'ing up one of those and look at the total price.
As I said I am looking for a machine to do video editing on (for home). I purchase PCs at work, I use an IBM Thinkpad at home. I looked at the price our suppliers offer for something comparable to a G5 iMac and it just doesn't stack up. I assumed the Mac would be much more, but its less. You really should do a comparison and see how it stacks up - if the PC was cheaper I'd buy it and I wouldn't bother posting to Slashdot. I was amazed that Apple's price was cheaper.
My mouse hovered over the link for a second, but I couldn't click on it, just thinking about what horrors lie at the other end of that link brings tears to my eyes and cold shivers run up and down my spine.
Most Mac users are completely disconnected from the larger PC market. Apple's prices have been the same since the mid-90s, so they assume that's how the rest of the world works.
This is completely wrong. I am looking for something to do digital video on and the new G5 iMac is very competitive. With 1GB Ram, 250GB HDD, DVD burner, 20" LCD and Final Cut it is $2300 and this includes a high end graphics card, TV out and some nice software. For comparison a Dell Precision with 1GB Ram, 250GB HDD, DVD burner, 20" LCD, Adobe Video Collection and graphics card is $3940
Of course the Dell Precision is extensible which makes it more attractive but if you can get a machine with the same spec as the G5 iMac for less, good luck. Its easy to say that Macs are crazy expensive and Apple is still in the '90s but the facts don't bare this out at all.
I've come to conclude that uptimes much greater than 100-200 days represent an admin who's really not doing his/her job.
A transformer in our building exploded a while back and the backup generator on our UPS didn't start properly so we had a total blackout in our data centre. Now all my Solaris and Linux boxes have uptimes of 93 days, 4 hours and 58 minutes (this really is the actual uptime as I type this!). Thanks to my broken cutover switch I have the uptimes of a competent admin who's really doing his job.:-)
I've found sending mail to abuse@ doesn't help much, if you have the time and inclination (and the attackers ISP is a local call away) its much more effective to call them and complain. But as others have pointed out, why bother? Just ignore the attempts unless they are particularly nasty or obviously targeted at specific sensitive hosts.
Did you look at the HTML source? They simply changed the links so that when you clicked a link the original one was shown in the status bar - yeah mousing over the link showed a link to their site, but clicking it or looking at the source showed the original link. Their stupidity was having code that only works with IE - then again most phishing frauds are directed at IE.
Does not looking at the source count as losing your geek licence?
http://secure-ebay.com/aw-cgi/eBayISAPI.php AND ITS STILL UP!!!
secure-ebay.com = [ 208.42.94.181 ]
Domain Name.......... secure-ebay.com
Organisation Name.... Jose C. Hernandez
Organisation Address. 302 Joelson Rd
Organisation Address. Umpqua
Organisation Address. 97486
Organisation Address. OR
Organisation Address. UNITED STATES
Admin Email.......... secure01eby@yahoo.com
Admin Phone.......... 1.5416724954
Admin Fax............
WTF??
The link has a bit of javascript which brings up the ebay logon screen, resizes it to full screen and then pops up its own window to ask for account details with this function:-
function popMe() { var iMyWidth; var iMyHeight; iMyWidth = (window.screen.width/2) - (400 + 10); iMyHeight = (window.screen.height/2)- (300 + 50); if (navigator.appName=='Microsoft Internet Explorer') {var pop = window.open("sys.php","ini","menubar,resizable,wid th=800,height=600,left=" + iMyWidth + ",top=" + iMyHeight + ",screenX=" + iMyWidth + ",screenY=" + iMyHeight + ""); pop.focus();} else {var pop = window.open("eBayISAPI.dll","ini","menubar,resizab le,scrollbars,width=800,height=600,left=" + iMyWidth + ",top=" + iMyHeight + ",screenX=" + iMyWidth + ",screenY=" + iMyHeight + ""); pop.focus();} }
Pretty strange that a publicly outed phishing site is still live. Doesn't security@ebay.com do anything about these sites?
I simply had my dns cache resolve verisign.com addresses through my local dns server... problem solved
The way sitefinder worked was that Verisign wildcarded the whole.com and.net TLDs so that instead of getting an NXDOMAIN response when doing a query for a non existent domain you got the IP of the sitefinder website. Resolving verisign.com addresses was not the issue.
Yes there was a way to patch BIND and many other DNS servers so that the wildcarding didn't work and the proper NXDOMAIN reply was given for non existent domains - but simply redirecting requests for verisign.com addresses to your local cache would not have helped.
The sitefinder service personally bit me when I wasted hours tracking down a fault after I mistyped a domain name into a system which was using port 20000. Instead of getting NXDOMAIN and a simple to fix problem I was getting connection refused - it was not until I put a packet sniffer on the link (after hours of stuffing around) that I noticed that traffic was going to the wrong destination - verisign's then two day old sitefinder "service". But I had no idea that the wildcarding had been done. After fixing the problem and typing in the correct domain I then tried to fix my DNS to see why it was returning this IP instead of NXDOMAIN. Further fault finding led me to discussion in some newsgroups about the wildcarding.
Needless to say this pissed me off no end and I immediately blocked access to the sitefinder IPs at the border router and then when a patch was available for BIND I installed it on all my servers.
Verisign needs to remember that PORT 80 IS NOT THE INTERNET.
So let me get this straight. You didn't pay for the product, you find a problem with the product, if you had the ability you could fix the problem yourself, but you don't and you can't fix it so you tell the people who gave it to you that there is a problem and ask them to fix it and to give you the fix. When they don't fix it as quickly as you'd like you rant in a widely read public forum that because of this "OSS doesn't stand a chance".
Even taking into account that there seems to be some e-penis competition about whether proprietary or OSS is more secure and who releases patches faster. BUT. Does the above strike you as being reasonable?
I'm sorry, but if it takes 24 days to get past the name calling when confronted with a security flaw deemed major, OSS doesn't stand a chance.
I don't understand what the problem is here. The OS in OSS means "Open Source". You have the source so (if you have the ability) you can fix the bug - and if you are civic minded enough you can submit your patch and give something back to the project. This is why OSS does stand a chance.
In '84 I was working in London and was visiting our main office. When I walked out the front door a delivery guy was trying to offload a brand new VAX-11 from his truck. This guy obviously had no idea what he was doing and was manhandling it like you would a fridge. Anyway he asked me to help and we got it onto his trolley in the back of the truck - the trolley was a little wooden thing with wheels on the bottom - a toy maybe designed for 100lbs max.
He then pushed the Vax (which was now on the rollable trolley) onto the liftgate on the back of his truck so he could lower it to the ground - it was about 3-4 feet off the ground. When he lowered the liftgate the little trolley started to roll and the Vax headed for the edge! He pressed the stop button but it still kept rolling. Knowing how much the Vax weighed I got out of the way but he jumped in front of it to try and stop it! Somehow he didn't get killed and it landed in the middle of Great Portland Street with an almighty crash.
After looking at it stunned, we tipped it back upright. It was all bent and bashed in and he remarked "its not too bad guv. we can just straighten it up a bit"! He even asked me if I'd sign for it. Needless to say at this point I made a hasty exit:)
Supposedly a simple rewrite of the exploit code allows it to work even after the patch is installed. Here is a link to a proof of concept exploit that was posted by "Jelmer" to the full disclosure list.
I checked my logs and worked out some stats and it actually does look like there is a decrease in spam from comcast.net! In the last four weeks I've received, 14658, 14057, 12535, 12209 and so far this week 7765 spams from the dynamic comcast.net address spaces.
It was actually instructive to do some log analysis and it looks like there are spam zombies basically everywhere, pacbell.net, swbell.net, ameritech.net, tpnet.pl, wanadoo.nl, giga.net.tw, axelero.hu, tiscali.fr, tiscali.il, sympatico.ca, rr.com, verizon.net, charter.com, ocn.ne.jp, bbtec.net, bigpond.net.au, optonline.net, dion.ne.jp, hiway.net.tw, hinet.net, netvigator.com, hkcable.com.hk, maxonline.com.sg, t-dialin.net, supercable.es, alkimnet.net, hispeed.ch, netvision.net.il, netvisao.pt, home.nl, rima-tde.net, chello.nl, btopenworld.com, cox-internet.com, veloxzone.com.br, brasiltelecom.net.br, prod-infinitum.com.mx, telesp.net.br, - just to name a few. These are in no particular order just places that lots of spam from IPs with dsl, adsl or ppp in their rDNS arrived from. The list goes on and on and on.:-(
I'll check my logs when I get into the office, but if Comcast has reduced the flood of spam from their netblocks then someone else has more than taken up the slack.
Normally I get between 2,000-2,500 spam a week in a mailbox I use as a spamtrap. In the past month this has ramped up and last week there was over 4,500 and since monday there are 2,485, um 6, um 7, spams in this particular mailbox. So in 4 days I've seen as much as I normally see in a week - and its not even the weekend yet when the real flood of spam kicks in.
Furthermore, IE makes it very easy for a user to be duped into allowing a plugin to be installed.
Yeah all you need to do is tell people that Internet Explorer will popup a security window and that they should ignore it and click the "Yes I want to install untrusted software" button!! sort of like this:)
Slashdot Mirror
This glyph thing is all very nice and all, but it CHEATS
Indeed, and why use glyphs at all? As jigsaws are basically grids it'd be far simpler just to print the row,column coordinates on each piece - and it'd take even fewer lines of code to do the recognition, this ain't solving a jigsaw at all.
They are convinced that nuclear power is unsafe, that radiation will kill us all, and they are playing a NIMBY game with nuclear waste disposal
You forgot to leave your address so we can send all the safe nuclear waste to your backyard - I'm assuming that the reference to "Not In My Back Yard" was an invitation to dump it in yours?
Its ironic indeed when someone trying to explain the meaning of irony is confused and mistakenly thinks that unexpected and incongruous are the same thing. Unexpected events are not ironic, unexpected incongruous events are - a black fly in your chardonnay is not ironic, as part of a greater chain of incongruous events it may well be, but in and off itself it definitely aint.
proof that alternate browsers are a form of security through obscurity...As the popularity increases you will see more attacks against Mozilla based browsers.
I've seen this argument a few times. "Microsoft has a large number of identified security issues because it has the largest market share so more people are looking for security holes". But this assumes that all software has the same number of flaws just waiting to be found - which is demonstrably false.
Like the silly old cliche "Give a man a fish, he has supper; Teach a man to fish, and he... er... knows how to fish."
I think you meant "Give a man a fish and he'll eat for today, teach him how to fish and he'll eat for a lifetime, teach a thousand men how to fish and they'll destroy an eco-system"
PS If you really want to teach someone make sure they are using the computer and not standing behind you - it may be as frustrating as hell trying to tell them what to do, but they'll never learn anything by watching you do it.
Maybe Global Crossing doesn't want to get involved in petty Internet politics
Except of course by reacting and blocking access to the lycos site they are getting involved.
it's much easier to come up with a conspiracy theory whereby Global Crossing is protecting those evil spammers
Except of course Global Crossing does provide international connectivity to many Chinese providers who host spammer sites and Global Crossing's abuse department specifically disowns complaints about these sites when the chinese ISPs are unresponsive.
Maybe Global Crossing is more concerned about people wasting their bandwidth on the latest cause of the day
If they were really concerned about this then they could simply block port 80 traffic TO the spam sites when it enters their network, not block access to the lycos site.
Your argument is really pretty flimsy, it aint no conspiracy, GBLX provides lots of backbone connectivity to spammer sites in china and GBLX blocked the lycos site - ever heard of occam's razor?
According to netcraft GLBX was/is blocking access to the lycos screensaver site. Is this because the majority of DDOS traffic to sites that spammers use in China was transiting GLBXs backbones - sort of telling isnt it? Is GLBX the most spammer friendly backbone now?
I have also drunk NEWater - the bottled unadulterated version - it doesn't taste good, its not offensive but its certainly not branch water.
The malware was hosted on a compromised parked server in the US at a company called Netfirms.com. I complained to them and they re-imaged the server. The exploit was patched in mid April so that particular malware is not going to work any more even if I had an active link to it. It installed various junk as well as a SDbot variant which Nortons recognised several months after I got it (I kept a copy and Nortons found it in my "samples of crappy spyware" folder after a definition update).
The only reason I got this malware was because I was looking for it - some of my user's machines had been infected with junk and I was interested in how this had happened. I checked the squid logs and tested the same URLs and hey presto my machine was suddenly in dire need of a re-image.
After this I tightened up squid to actively deny access to lots of bogus sites and to scan all content for viruses and malware using current patterns - this helps but it is not an ideal solution.
If you really want to test out malware I would suggest that you use google and also look in the various spyware chat boards. The other place is full disclosure and other mailing lists which discuss exploits as many people helpfully post links to POC code for new exploits.
That's funny, I've used IE without getting any malware.
That's funny earlier this year I got malware all over one of my machines because I was using IE. The exploit the malware used was not patched at the time and standard (and up to date) personal firewall and antivirus software didn't help. You are kidding yourself if you think that a lack of ignorance is reasonable protection against flaws in any software. Especially when that software has proven itself to be riddled with holes, has complete access to all the resources on your machine and is constantly used to download untrusted content from untrusted sites on an untrusted network.
Yeah my comparison is somewhat bogus, but no more so than "the Macs are so overpriced" rhetoric. If you can honestly say that comparing a Dell Dimension to an Apple is a fair comparison then you've already blown it. A mid range Dell like an Optiplex maybe, but their low end, crappy, fall to pieces junkbox? In fact an IBM is a better comparison - start spec'ing up one of those and look at the total price.
As I said I am looking for a machine to do video editing on (for home). I purchase PCs at work, I use an IBM Thinkpad at home. I looked at the price our suppliers offer for something comparable to a G5 iMac and it just doesn't stack up. I assumed the Mac would be much more, but its less. You really should do a comparison and see how it stacks up - if the PC was cheaper I'd buy it and I wouldn't bother posting to Slashdot. I was amazed that Apple's price was cheaper.
Improve your sex life - undo your circumcision .
My mouse hovered over the link for a second, but I couldn't click on it, just thinking about what horrors lie at the other end of that link brings tears to my eyes and cold shivers run up and down my spine.
Most Mac users are completely disconnected from the larger PC market. Apple's prices have been the same since the mid-90s, so they assume that's how the rest of the world works.
This is completely wrong. I am looking for something to do digital video on and the new G5 iMac is very competitive. With 1GB Ram, 250GB HDD, DVD burner, 20" LCD and Final Cut it is $2300 and this includes a high end graphics card, TV out and some nice software. For comparison a Dell Precision with 1GB Ram, 250GB HDD, DVD burner, 20" LCD, Adobe Video Collection and graphics card is $3940
Of course the Dell Precision is extensible which makes it more attractive but if you can get a machine with the same spec as the G5 iMac for less, good luck. Its easy to say that Macs are crazy expensive and Apple is still in the '90s but the facts don't bare this out at all.
I've come to conclude that uptimes much greater than 100-200 days represent an admin who's really not doing his/her job.
:-)
A transformer in our building exploded a while back and the backup generator on our UPS didn't start properly so we had a total blackout in our data centre. Now all my Solaris and Linux boxes have uptimes of 93 days, 4 hours and 58 minutes (this really is the actual uptime as I type this!). Thanks to my broken cutover switch I have the uptimes of a competent admin who's really doing his job.
I've found sending mail to abuse@ doesn't help much, if you have the time and inclination (and the attackers ISP is a local call away) its much more effective to call them and complain. But as others have pointed out, why bother? Just ignore the attempts unless they are particularly nasty or obviously targeted at specific sensitive hosts.
Did you look at the HTML source? They simply changed the links so that when you clicked a link the original one was shown in the status bar - yeah mousing over the link showed a link to their site, but clicking it or looking at the source showed the original link. Their stupidity was having code that only works with IE - then again most phishing frauds are directed at IE.
Does not looking at the source count as losing your geek licence?
One of their fraud emails has a link to:-
d th=800,height=600,left=" + iMyWidth + ",top=" + iMyHeight + ",screenX=" + iMyWidth + ",screenY=" + iMyHeight + ""); pop.focus();}b le,scrollbars,width=800,height=600,left=" + iMyWidth + ",top=" + iMyHeight + ",screenX=" + iMyWidth + ",screenY=" + iMyHeight + ""); pop.focus();}
http://secure-ebay.com/aw-cgi/eBayISAPI.php AND ITS STILL UP!!!
secure-ebay.com = [ 208.42.94.181 ]
Domain Name.......... secure-ebay.com
Organisation Name.... Jose C. Hernandez
Organisation Address. 302 Joelson Rd
Organisation Address. Umpqua
Organisation Address. 97486
Organisation Address. OR
Organisation Address. UNITED STATES
Admin Email.......... secure01eby@yahoo.com
Admin Phone.......... 1.5416724954
Admin Fax............
WTF??
The link has a bit of javascript which brings up the ebay logon screen, resizes it to full screen and then pops up its own window to ask for account details with this function:-
function popMe() {
var iMyWidth;
var iMyHeight;
iMyWidth = (window.screen.width/2) - (400 + 10);
iMyHeight = (window.screen.height/2)- (300 + 50);
if (navigator.appName=='Microsoft Internet Explorer') {var pop = window.open("sys.php","ini","menubar,resizable,wi
else {var pop = window.open("eBayISAPI.dll","ini","menubar,resiza
}
Pretty strange that a publicly outed phishing site is still live. Doesn't security@ebay.com do anything about these sites?
I simply had my dns cache resolve verisign.com addresses through my local dns server... problem solved
.com and .net TLDs so that instead of getting an NXDOMAIN response when doing a query for a non existent domain you got the IP of the sitefinder website. Resolving verisign.com addresses was not the issue.
The way sitefinder worked was that Verisign wildcarded the whole
Yes there was a way to patch BIND and many other DNS servers so that the wildcarding didn't work and the proper NXDOMAIN reply was given for non existent domains - but simply redirecting requests for verisign.com addresses to your local cache would not have helped.
The sitefinder service personally bit me when I wasted hours tracking down a fault after I mistyped a domain name into a system which was using port 20000. Instead of getting NXDOMAIN and a simple to fix problem I was getting connection refused - it was not until I put a packet sniffer on the link (after hours of stuffing around) that I noticed that traffic was going to the wrong destination - verisign's then two day old sitefinder "service". But I had no idea that the wildcarding had been done. After fixing the problem and typing in the correct domain I then tried to fix my DNS to see why it was returning this IP instead of NXDOMAIN. Further fault finding led me to discussion in some newsgroups about the wildcarding.
Needless to say this pissed me off no end and I immediately blocked access to the sitefinder IPs at the border router and then when a patch was available for BIND I installed it on all my servers.
Verisign needs to remember that PORT 80 IS NOT THE INTERNET.
So let me get this straight. You didn't pay for the product, you find a problem with the product, if you had the ability you could fix the problem yourself, but you don't and you can't fix it so you tell the people who gave it to you that there is a problem and ask them to fix it and to give you the fix. When they don't fix it as quickly as you'd like you rant in a widely read public forum that because of this "OSS doesn't stand a chance".
Even taking into account that there seems to be some e-penis competition about whether proprietary or OSS is more secure and who releases patches faster. BUT. Does the above strike you as being reasonable?
I'm sorry, but if it takes 24 days to get past the name calling when confronted with a security flaw deemed major, OSS doesn't stand a chance.
I don't understand what the problem is here. The OS in OSS means "Open Source". You have the source so (if you have the ability) you can fix the bug - and if you are civic minded enough you can submit your patch and give something back to the project. This is why OSS does stand a chance.
"Use the SOURCE Luke"
In '84 I was working in London and was visiting our main office. When I walked out the front door a delivery guy was trying to offload a brand new VAX-11 from his truck. This guy obviously had no idea what he was doing and was manhandling it like you would a fridge. Anyway he asked me to help and we got it onto his trolley in the back of the truck - the trolley was a little wooden thing with wheels on the bottom - a toy maybe designed for 100lbs max.
:)
He then pushed the Vax (which was now on the rollable trolley) onto the liftgate on the back of his truck so he could lower it to the ground - it was about 3-4 feet off the ground. When he lowered the liftgate the little trolley started to roll and the Vax headed for the edge! He pressed the stop button but it still kept rolling. Knowing how much the Vax weighed I got out of the way but he jumped in front of it to try and stop it! Somehow he didn't get killed and it landed in the middle of Great Portland Street with an almighty crash.
After looking at it stunned, we tipped it back upright. It was all bent and bashed in and he remarked "its not too bad guv. we can just straighten it up a bit"! He even asked me if I'd sign for it. Needless to say at this point I made a hasty exit
Supposedly a simple rewrite of the exploit code allows it to work even after the patch is installed. Here is a link to a proof of concept exploit that was posted by "Jelmer" to the full disclosure list.
I checked my logs and worked out some stats and it actually does look like there is a decrease in spam from comcast.net! In the last four weeks I've received, 14658, 14057, 12535, 12209 and so far this week 7765 spams from the dynamic comcast.net address spaces.
:-(
It was actually instructive to do some log analysis and it looks like there are spam zombies basically everywhere, pacbell.net, swbell.net, ameritech.net, tpnet.pl, wanadoo.nl, giga.net.tw, axelero.hu, tiscali.fr, tiscali.il, sympatico.ca, rr.com, verizon.net, charter.com, ocn.ne.jp, bbtec.net, bigpond.net.au, optonline.net, dion.ne.jp, hiway.net.tw, hinet.net, netvigator.com, hkcable.com.hk, maxonline.com.sg, t-dialin.net, supercable.es, alkimnet.net, hispeed.ch, netvision.net.il, netvisao.pt, home.nl, rima-tde.net, chello.nl, btopenworld.com, cox-internet.com, veloxzone.com.br, brasiltelecom.net.br, prod-infinitum.com.mx, telesp.net.br, - just to name a few. These are in no particular order just places that lots of spam from IPs with dsl, adsl or ppp in their rDNS arrived from. The list goes on and on and on.
I'll check my logs when I get into the office, but if Comcast has reduced the flood of spam from their netblocks then someone else has more than taken up the slack.
Normally I get between 2,000-2,500 spam a week in a mailbox I use as a spamtrap. In the past month this has ramped up and last week there was over 4,500 and since monday there are 2,485, um 6, um 7, spams in this particular mailbox. So in 4 days I've seen as much as I normally see in a week - and its not even the weekend yet when the real flood of spam kicks in.
Furthermore, IE makes it very easy for a user to be duped into allowing a plugin to be installed.
:)
Yeah all you need to do is tell people that Internet Explorer will popup a security window and that they should ignore it and click the "Yes I want to install untrusted software" button!! sort of like this