C'mon now. How is this better than SourceForge? I mean SF.net has its problems (CVS servers in the gunk babeeee!) but they've been honing this thing for years. How long is it going to take Google to get to the level of domain knowledge SF.net has? The folks at Google are smart, but they're not experts at everything.
Call me a cynic but I think this is just a way to get more ad revenue. Kudos for them and all, but their offering better be *far* better than Berlios, GNU Savannah and SF.net for people to sign up.
This is an Outlook/IE "virus" who's payload is a keylogger and crap that hooks into Firefox.
This is an user-executed email attachment with a trojan. It will happily be executed from Outlook Express, IE, Eudora and Thunderbird. McAfee mentions they've seen one version trying to exploit a three year old IE vulnerability. If you haven't patched that, well then you deserve to get nailed.
This does not exploit any vulnerability in Firefox
It is a vulnerability in that FF will happily load and execute any plugins dropped into its profile directory. The only time you are warned about installing someone is at download time. FF will never check for a signature or otherwise go "oh, a new plugin I've never seen. Hmmm, maybe I should ask the user about it?". Vulnerability.
If your OS is not secure, no app running on it can be secured.
If your OS is being operated by a user that executes attachments from "WalMart" that read "helo, teh attcachements for yuo pleasures" then your OS is not secure.
BTW, this progression is interesting. When FF came out just installing it would make the world safe, because it was invulnerable and impervious. Now I also have to switch operating systems? And when someone finds another exploit in SSH
Unfortunately for your point, it is bias if it comes from Symantec. It is bias if it is applied to a beta product. It is bias if the Slashdork headline reads "Windows Vista Still Rife with Insecure Code" where if this was Symantec talking about another OS it would read "Symantec claims Linux Rife with Insecure Code".
I don't know how this is relevant. Would you expect Google to share something like this with Microsoft? When was the last time you saw Google or Overture sharing propietary search algorithms with their competitors?
Twitter, you are absolutely amazing. Why don't you go read this, gain some basic knowledge about the topic and come back to us, OK? I'm sure there are a lot of people who would like to see you take back your pointless insulting FUD. Thanks!
Since I've seen 12 year-olds capable of structuring far more impressive replies I must assume you are in disagreement with something I said? Please point out wherever I've misconstrued what you posted. Every single one of those links represent something you said. You can't escape that fact.
Is this going to be the extent of your "rebuttal" at this point? You're just going to sort of "fade away" and hope this whole thread disappears quickly from your posting history, as you seem to always do?
So again, please indicate where something you said has been misrepresented. Otherwise all you're "laughing" at is yourself.
Really? Well there's quite a few. I quite liked this one, because it shows you getting your ass handed to you after some "M$ sux" bluster. Never did give the guy your IP address, did you? Hah. This one is nice, too. It shows the depth of your ignorance (but then so many of them do!). This one is a good example of that "let me tell you how it is" 'tude with nothing to back up your petulant "arguments". Good heavens, there are so many of those threads where you've just sort of disappeared when someone called you on your "arguments". Let's not forget this one, which stands alone as proof that there is no intelligent life in... wherever it is you're from. Oh, and Microsoft "hates" Google. As is usual with people like you, anything that does not conform to your POV is "hatred". Witness your question about my "hating Slashdot". That word comes to you very naturally, doesn't it?
But it goes on. Microsoft "charges for everything". More ignorance, holy crap. Then there's this one, which scores a 100 in the "please take away my computer, I don't know what I'm talking about" meter. You sure seem to be quite the hacker.
Oops, not a good day when you decide to blame things on "M$" and are promptly "shot down", as you say.
You seem to be a racist as well. Do the wonders ever stop? "You must work for Microsoft if I don't like the tone of your post". Oh my. Oh, and gentle reader, that's a classic. You really don't know anything.
Microsoft is to blame for someone banning Skype, of course. And I like this one about "sucky code", as if you could tell the difference. Oh, and I love how you posted the same thing twice because the first try was rightfully modded as the troll it was.
The crapolla deal. Yes. And OH MY GOD did you ever get your ass kicked here. Holy shit!
Another ass whopping. LOL, this is just painful. You can't even make a straight argument in favor of your religion because you don't even understand how anything works. Another
I'm thinking it was an admin bitchslap. I went back through some of his posts and there are more than five instances of this happening (AC replies and otherwise). So unless one of twitter's adoring fans in the GNU/Shitverse has more than one account with mod points, he or someone else probably went whining to Taco about it. Hard to believe but it's been known to happen. I think that "AKAImBatman" character once got Taco or Timothy to bitchslap a few weeks of replies to his posts. Troll or not, of course that's an abuse of their power... but then this is their website so who are we to complain? =)
In any case, it's always nice to see someone like dear twitter making an ass of himself, mods or not.
Heh. Your ridiculous claim that anyone who does not hate Microsoft must be in their payroll is legend around here so I won't even bother to dignify your hysteria. As for your analysis of my posting history... well, I might be tempted to look at yours (though I know exactly what I'll find there anyway) but looks like someone already beat me to it. You are one piece of serious work my dear zealot, even around here. But thanks for the chuckles anyway.
BTW, just in case you failed to notice (of course you didn't), I never attempted to "refute" what you said about the EFF. At all. You are still full of shit for claiming there's a relationship between "M$NBC" and the contents of the story, since they didn't write it to begin with. But you were obviously too stupid to realize that and just went ahead and did another one of your amusing "M$ is teh sux" pieces. Unfortunately someone actually modded you up. You think I "hate" Slashdot? You must hate it even more, since your bullshit makes it look even more stupid than it is.
They have a lot of battles to fight. "We" (as in those of us who care about these issues that are mostly not visible to the general public) need to support them. There are many ways to do it. Even buying a t-shirt helps, but I'm sure they'd appreciate a monthly donation even more.
Oh, twitter!! LOLOLOL!! Hey, by any chance did you happen to notice this was an AP wire piece? That's right, twitter! So you can also find the same story in places as diverse as PilotOnline and the Winona Daily News! Wow, talk about your little "M$" thing falling flat on its face!
But don't worry. Other than PilotOnline and the Winona Daily News I'm sure that if you use the search function in the AP site you can find a website with an 's' in the title so you can so wittily change it to a dollar sign to show all of us how hilariously clever you are! Shweet!
it is possible to get hit by a virus without the user doing something foolish
Yes, and how is that different from any other operating system? If I have a Linux box running SSH and I don't patch an SSH exploit then I'm going to get nailed, right? If I bought that computer from a store and it had the vulnerability I'm going to get nailed, right?
The fact that you didn't get hit by Blaster doesn't negate the point that vertinox was making
Let's not turn this into a discussion about anecdotal data points.
The problem here is that these problems are somehow considered to be the exclusive domain of Windows. That's absolutely not the case. Since the article at hand talks about migrating to another OS to be "safe" then it makes no difference. Imagine if Apple suddenly discovered a vulnerability like Blaster after it had already shipped a million boxes, and a lot of people got nailed when the brought their shiny new Mac home. What would be the likely reaction? It would go like this: "Well, you should have used a $25 NAT router you moron luser!!! What, do you expect Apple to patch shipped boxes sitting in a warehouse? No! It's your responsibility to make sure you're safe! OS X rulez!!"
Because it's harder to execute an attachment on OS X, and there's no such thing as ActiveX. OS X's attack surface is smaller because of that.
That doesn't mean the attack surface is non-existent, or that Apple (or anyone else) can engineer away user stupidity. Even with XPSP2, which complains every time you want to run a downloaded executable (and Outlook|OE which won't even let you) people still get infected. No amount of dire warnings and message boxes is going to stop a user from doing something stupid if they want to. Not unless you pretty much block them from doing anything meaningful with their computers.
No, but real rootkits like that one are a step above what I'd consider "user intervention" anyway. I'm not sure I have the technical knowledge to get around a rootkit in any operating system, so my response to rootkits is completely reactive rather than proactive. In any case, we were talking about computers infected with worms/trojans. The number of machines that got rooted by Sony disks is minuscule at best and irrelevant other than to show Sony is not to be trusted.
Had a hardware/software firewall or NAT router
The fact that I have a router has nothing to do with my choice of OS. It's simple common sense. I'm as likely to put my Fedora box on the DMZ (or hook it up directly to the cable modem) than I am my wife's XP box. Which is to say none of them go there.
the Blaster worm outbreak
No, I applied the patch that was released a month before that. Router or no, I wouldn't have gotten nailed by Blaster anyway.
To invisibly and automatically install spyware, rootkits, or viruses without any yes/no/put in your admin password is what made Windows so insecure.
Please provide examples of this. I've been using Windows for more than 12 years and I've never had this happen to any of my boxes, and after all these years I've never had anyone I know ever be surrepticiously infected by anything that wasn't their fault. Also, if you will please dig up some statistics that prove that the vast majority of infected Windows boxes are in that state because of these types of mysterious events, as opposed to user intervention.
Other than that, you're right about social engineering.
Thus my advice to people running various Linux distros or OSX with this facility: if you don't know that what you just tried to do requires admin privileges, the correct button is the one labelled "Cancel". The times this advice is wrong are rare indeed.
I don't want to sound rude but you have absolutely no idea whatsoever how a typical user's mind works. They are alarmed at everything and they are not able to tell the difference between a "task" that requires admin access and one that doesn't. When in doubt they will click "OK" every time, because that's what they're accustomed to do to make messages go away as quickly as possible. If that involves typing a password then they will do that without hesitation as well.
Perhaps this is a result of problems with how UIs are designed, but all operating systems do it the same way anyway.
Certainly I'd like to say that the number of times someone has ignored my advice to never click something under certain circumstances are "rare", but of course that's not the case. The buttons on IE's ActiveX control installation warning dialog is the archetypal example of this problem.
Neither Linux nor OS X impregnate users with an extra 50 IQ points at boot time, no matter how much everyone wishes that were the case.
Most hackers don't need a huge number of installs to stroke their ego
Well, since cwgmpls said so I guess this must be absolutely true. Of course the problem with that truism is that is automatically makes OS X safer than Linux and *BSD.
aphor's "Grandma" needs another 150 million or so people to join her in order for someone to develop an interest in creating malware for her operating system. Then it's all just a friendly "Please provide your root password" dialog away.
Is OS X's attack surface smaller than Windows? Sure it is. Is it impervious to user stupidity? Absolutely not. No operating system is. Linux and OS X will probably eventually get there, and the complain we'll be hearing instead of M$ is teh fuxxorz will be well, what do you expect? users are stupid!!.
Just wait, and you'll get there eventually.
[This post is brought to you courtesy of the 300 million absolutely clueless Windows users who think it's OK to run executables in password-protected ZIP files that arrive in their inboxes with lead-ins such as "hello, teh info yuo requesteded is in the attachments". We can't wait for you to take them away]
Re:From the title...
on
PHP Hacks
·
· Score: 2, Insightful
Is it the fault of the language when a lot of open source applications are written poorly?
Why not? That's the reason why Visual Basic was considered "worthless", as if it were inherently impossible to create something useful (well documented, maintainable, stable, etc) with it.
Not that I agree with either view, but it seems to me PHP is no better than Visual Basic in this regard.
If you're referring to the GATOR mine emplacement system, the individual mines are set to disable themselves with a timer or after 40 days when their batteries run out. At least that's how the US does basic area denial these days. I don't know about other countries, but not too many have airborne dispenser systems anyway.
All mines are lethal and deadly. Even those designed to wound (yes, they exist) have an error margin (meaning they'll kill you anyway).
There is no such thing as a "humane" weapon, unless it's specifically designed not to kill. There's no difference between a.45 hollow point slug to the head or a fuel air explosive. You're still dead. Perhaps you were thinking of scale or lethality radius.
"US" mines will kill just as effectively as British, Russian, Chinese or Indonesian mines.
Despite the much-publicized PR trips of famous people to victims of landmines in war-ravaged countries, landmines are still a valuable component of defensive warfare. There's a difference between using mines for clear military purposes and just sowing the countryside to see if you can kill a few kids. I'd really have the US continue to use mines in places like the DMZ than to have to rely on a larger deterrent force. Like it or not, landmines are very cost effective.
I don't know who taught you that minefields should be cleared with artillery barrages. This has been a mistaken assumption since WWI. In the first Gulf War the US Army gave up trying to do that because the overpressure from a relatively large artillery shell would not reliably detonate the mines but instead generate cratering that made navigating the minefield even more dangerous. They even tried MLRS volleys to no avail. I believe current doctrine relies on a type of shaped charge ("bomb on a rope") that is fired from a special "gun" on a carrier vehicle over the minefield and is then detonated to create the breach. Failing that there's always the trench tool and lots of cojones.
Slashdot Mirror
Call me a cynic but I think this is just a way to get more ad revenue. Kudos for them and all, but their offering better be *far* better than Berlios, GNU Savannah and SF.net for people to sign up.
This is an user-executed email attachment with a trojan. It will happily be executed from Outlook Express, IE, Eudora and Thunderbird. McAfee mentions they've seen one version trying to exploit a three year old IE vulnerability. If you haven't patched that, well then you deserve to get nailed.
This does not exploit any vulnerability in Firefox
It is a vulnerability in that FF will happily load and execute any plugins dropped into its profile directory. The only time you are warned about installing someone is at download time. FF will never check for a signature or otherwise go "oh, a new plugin I've never seen. Hmmm, maybe I should ask the user about it?". Vulnerability.
If your OS is not secure, no app running on it can be secured.
If your OS is being operated by a user that executes attachments from "WalMart" that read "helo, teh attcachements for yuo pleasures" then your OS is not secure.
BTW, this progression is interesting. When FF came out just installing it would make the world safe, because it was invulnerable and impervious. Now I also have to switch operating systems? And when someone finds another exploit in SSH
Bias. Not hard to spot. You just have to look.
I don't know how this is relevant. Would you expect Google to share something like this with Microsoft? When was the last time you saw Google or Overture sharing propietary search algorithms with their competitors?
Is this going to be the extent of your "rebuttal" at this point? You're just going to sort of "fade away" and hope this whole thread disappears quickly from your posting history, as you seem to always do?
So again, please indicate where something you said has been misrepresented. Otherwise all you're "laughing" at is yourself.
Really? Well there's quite a few. I quite liked this one, because it shows you getting your ass handed to you after some "M$ sux" bluster. Never did give the guy your IP address, did you? Hah. This one is nice, too. It shows the depth of your ignorance (but then so many of them do!). This one is a good example of that "let me tell you how it is" 'tude with nothing to back up your petulant "arguments". Good heavens, there are so many of those threads where you've just sort of disappeared when someone called you on your "arguments". Let's not forget this one, which stands alone as proof that there is no intelligent life in... wherever it is you're from. Oh, and Microsoft "hates" Google. As is usual with people like you, anything that does not conform to your POV is "hatred". Witness your question about my "hating Slashdot". That word comes to you very naturally, doesn't it?
But it goes on. Microsoft "charges for everything". More ignorance, holy crap. Then there's this one, which scores a 100 in the "please take away my computer, I don't know what I'm talking about" meter. You sure seem to be quite the hacker.
Oops, not a good day when you decide to blame things on "M$" and are promptly "shot down", as you say.
You seem to be a racist as well. Do the wonders ever stop? "You must work for Microsoft if I don't like the tone of your post". Oh my. Oh, and gentle reader, that's a classic. You really don't know anything.
Microsoft is to blame for someone banning Skype, of course. And I like this one about "sucky code", as if you could tell the difference. Oh, and I love how you posted the same thing twice because the first try was rightfully modded as the troll it was.
The crapolla deal. Yes. And OH MY GOD did you ever get your ass kicked here. Holy shit!
More dumbness... well, it just goes on and on. LOLOL and all that. More pointless essays on "Windoze" and so on.
Another ass whopping. LOL, this is just painful. You can't even make a straight argument in favor of your religion because you don't even understand how anything works. Another
In any case, it's always nice to see someone like dear twitter making an ass of himself, mods or not.
BTW, just in case you failed to notice (of course you didn't), I never attempted to "refute" what you said about the EFF. At all. You are still full of shit for claiming there's a relationship between "M$NBC" and the contents of the story, since they didn't write it to begin with. But you were obviously too stupid to realize that and just went ahead and did another one of your amusing "M$ is teh sux" pieces. Unfortunately someone actually modded you up. You think I "hate" Slashdot? You must hate it even more, since your bullshit makes it look even more stupid than it is.
They have a lot of battles to fight. "We" (as in those of us who care about these issues that are mostly not visible to the general public) need to support them. There are many ways to do it. Even buying a t-shirt helps, but I'm sure they'd appreciate a monthly donation even more.
Oh, twitter!! LOLOLOL!! Hey, by any chance did you happen to notice this was an AP wire piece? That's right, twitter! So you can also find the same story in places as diverse as PilotOnline and the Winona Daily News! Wow, talk about your little "M$" thing falling flat on its face!
But don't worry. Other than PilotOnline and the Winona Daily News I'm sure that if you use the search function in the AP site you can find a website with an 's' in the title so you can so wittily change it to a dollar sign to show all of us how hilariously clever you are! Shweet!
The problem here is that these problems are somehow considered to be the exclusive domain of Windows. That's absolutely not the case. Since the article at hand talks about migrating to another OS to be "safe" then it makes no difference. Imagine if Apple suddenly discovered a vulnerability like Blaster after it had already shipped a million boxes, and a lot of people got nailed when the brought their shiny new Mac home. What would be the likely reaction? It would go like this: "Well, you should have used a $25 NAT router you moron luser!!! What, do you expect Apple to patch shipped boxes sitting in a warehouse? No! It's your responsibility to make sure you're safe! OS X rulez!!"
That doesn't mean the attack surface is non-existent, or that Apple (or anyone else) can engineer away user stupidity. Even with XPSP2, which complains every time you want to run a downloaded executable (and Outlook|OE which won't even let you) people still get infected. No amount of dire warnings and message boxes is going to stop a user from doing something stupid if they want to. Not unless you pretty much block them from doing anything meaningful with their computers.
Good luck on getting a few million people so well educated. You're going to need it.
Other than that, you're right about social engineering.
Perhaps this is a result of problems with how UIs are designed, but all operating systems do it the same way anyway.
Certainly I'd like to say that the number of times someone has ignored my advice to never click something under certain circumstances are "rare", but of course that's not the case. The buttons on IE's ActiveX control installation warning dialog is the archetypal example of this problem.
Neither Linux nor OS X impregnate users with an extra 50 IQ points at boot time, no matter how much everyone wishes that were the case.
Is OS X's attack surface smaller than Windows? Sure it is. Is it impervious to user stupidity? Absolutely not. No operating system is. Linux and OS X will probably eventually get there, and the complain we'll be hearing instead of M$ is teh fuxxorz will be well, what do you expect? users are stupid!!.
Just wait, and you'll get there eventually.
[This post is brought to you courtesy of the 300 million absolutely clueless Windows users who think it's OK to run executables in password-protected ZIP files that arrive in their inboxes with lead-ins such as "hello, teh info yuo requesteded is in the attachments". We can't wait for you to take them away]
Not that I agree with either view, but it seems to me PHP is no better than Visual Basic in this regard.
If you're referring to the GATOR mine emplacement system, the individual mines are set to disable themselves with a timer or after 40 days when their batteries run out. At least that's how the US does basic area denial these days. I don't know about other countries, but not too many have airborne dispenser systems anyway.
iThink tHis is aGreat iDea. iMean, yAy!