Slashdot Mirror


User: jimicus

jimicus's activity in the archive.

Stories
0
Comments
7,388
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,388

  1. Re:Well on Informing a Company of a Security Discovery? · · Score: 1
    Nor can you pay them.

    From the question:
    what is the best way to go about informing the company and agreeing on an appropriate fee for my services
  2. Re:Lack of Data Protection laws? on UK Has Become a "Surveillance Society" · · Score: 1

    Firstly, the DPA is seldom enforced that strongly. (Though it's often used as an excuse by businesses looking to avoid doing something, when the real reason is "we can't be bothered").

    Second, the DPA was carefully written with enough loopholes (anything law-enforcement related is effectively exempt) that as far as the government is concerned, it's a non-issue.

  3. Re:Watching Yourself on UK Has Become a "Surveillance Society" · · Score: 1

    If there is a camera on the street (which you can never know is in use or not), or even if you think there might be a camera on the street, you won't do it.

    You might. Because you're acting rationally.

    But a lot (an awful lot) of crime isn't committed by people acting rationally. Attacked by someone for no reason? Well, if they were drunk then they probably weren't thinking "ooh, better not, there's a camera up there". (And with 4.2 million of them, it doesn't take long to forget that it exists in the first place).

    Burgled? If all they pinched was the TV, let's face it, they're hardly hardened criminals making a living out of pinching someone's grotty old telly. Far more likely they're drug addicts hoping to get enough money for their next hit. Again, not exactly the most rational members of society.

  4. Re:even the linux experts get tired. on Why the World Is Not Ready For Linux · · Score: 2, Insightful

    This should not just be by "chipset" (Atheros, ACX100), but rather, should be by actual box packaged versions of the hardware (D-Link so and so version 2, Linksys so and so versions 3-5, Logitech QuickCam Pro, etc. . .).

    Except the whole problem is that there's thousands of parts. It's simply not practical to catalogue them all, or even just the ones that work - hence why it has to be a "suck it and see".

    To compound this problem, it is not unknown (indeed, it's relatively common) for two products which do the same thing but internally are totally different to be given the same model number and packaging by their manufacturer. (ADSL modems, I'm looking at you here).

    Most Linux installs are not home users with Frankenstein boxes, and there's no need to target the Frankenstein box.

    There is. Because there's no such thing as a standard PC - they're all Frankensteins. Just as it's not unknown for two totally different ADSL modems to have the same model number and can only be told apart by cracking open the case, the same is true of off-the-shelf PCs. Dell are particularly good at this.

  5. Re:Did the keylogger work with OSX? With Linux? on Spam That Delivers a Pink Slip · · Score: 1

    WHY don't all these moron CTO's and VP's of IS get their asses canned, paying MS for their shit?

    Because they're infinitely more likely to get sacked for refusing to provide & support a platform on which the company can run the software it feels it needs to than they are to get sacked for providing it and it so happens that it's not terribly secure.

    Business drives IT, not the other way around.

    Besides which, with a suitably locked-down network and a suitably paranoid mail relay, it's not really a problem. If, however, neither of those exist - yeah, someone does deserve at least a little talking to...

  6. Re:Sue on Sony Warns of PS3 Scams · · Score: 1
    there are certain even more seedy individuals out there who unfortunately will do anything they can to scam you out of your money completely.

    Why doesn't Sony just sue them out of business. They're good at that.


    Because it's rather hard to sue yourself out of business?
  7. Re:The unit will also on Pentagon Reveals News Correction Unit · · Score: 1

    They did a damn good jobof keeping negotiations secret. Note how 90% of the bombings were under Tory rule. Sure, there have been some explosions since Blair came to power, but significantly fewer - and none since 2001.

  8. Re:The unit will also on Pentagon Reveals News Correction Unit · · Score: 0

    Corrent the misunderstanding that there are not hordes of rabid terrorists queueing up to kill each and every last one of us

    The rate they're going, there will be hordes of rabid terrorists.

    The sad thing is watching Blair jump on this bandwagon, when it was Blair's party which has brought the closest thing to peace Northern Ireland has had for years. Prior to that, the Tories were the best recruiting officers the IRA had ever had.

  9. Re:"New?" on New Windows Attack Can Disable Firewall · · Score: 1

    Saying this is news is like telling people AIDs is linked to death.

    You think that's bad? Recent research shows life is linked to death.

  10. Re:How do you know you've never gotten a virus? on New Windows Attack Can Disable Firewall · · Score: 2, Informative

    In theory, yes. But you'd need to reboot the OS into some kind of diagnostics otherwise you're asking the OS to attest to itself - and if it's been trojaned, you can't trust the OS because the first thing any sensible trojan will do is cover its own tracks.

    In practise, if you want a 100% guarantee that any malware has been eradicated, the only solution is a rebuild.

  11. Re:Mac Zealot Moderator Alert on How Encrypted Binaries Work In Mac OS X · · Score: 1

    precisely how does this benefit those who will use the system?

    It doesn't. It's not supposed to. It's supposed to benefit Apple, who are essentially a company which sells the whole system, hardware and all, as an "experience".

    If MacOS X was that easy to pirate, the "experience" would be damaged becuase people would be expecting it to work on any old POS hardware, so piracy wouldn't necessarily lead to better sales as the perception of Mac OS would be of a buggy, unstable OS.

    Even if this problem could be solved, Apple would then find themselves competing with Dell on Dell's own terms - as anyone could go out and buy a Dell and install a store-bought copy of OS X on it.

  12. Re:How hard is reverse engineering? on How Encrypted Binaries Work In Mac OS X · · Score: 1

    Reverse engineering makes security holes more obvious (does it not? Otherwise, how do hackers find security holes?

    Well, given the number of hacks which have been buffer overflows caused by not checking the length of input somewhere, I'd hazard that a significant chunk of security holes have been found simply by throwing very large strings which break RFCs in various interesting ways at the software to see what happens.

  13. Re:How hard is reverse engineering? on How Encrypted Binaries Work In Mac OS X · · Score: 1

    Trivial?! The Wine project has been ongoing for thirteen years and is still a long way from being perfect, and you consider that "trivial"?

    What do you consider "difficult"?

  14. Re:Wow, and accurate assessment! on Make Linux "Gorgeous," Says Ubuntu Leader · · Score: 1

    Most of the techies involved with Linux are using it because it suits them. Not because they want it to suit everyone else.

  15. Re:What Is He Smoking? on EMI Exec Says 'The Music CD is Dead' · · Score: 1

    Two minor issues there:

    1. Absence of the CD logo does not guarantee that the product is not a redbook CD.
    2. The record buying public does not appear to give a shit.

  16. WHAT major operating system vendors? on Joanna Rutkowska Discusses VM Rootkits · · Score: 1

    Seriously, what major OS vendors?

    Most architectures other than x86 in common use today either have supported virtualisation for years or don't at all. In either case, the "problem" as described is unique to the x86-64 architecture.

    And there's only one major OS vendor there. Almost everyone else is using a kernel which by its very nature is open to all - so as soon as the issue is addressed, it will be available to all.

  17. Re:Everyone else has a poor grasp of technology on Politicians Have Poor Grasp of Technology? · · Score: 1

    What ever our specialty, we trash everyone without that knowledge

    Speak for yourself. I have about 50 customers (only drug dealers have "users") and there's a wide range of technical ability in there, from software developers who write drivers in their sleep to marketing folk who understand that they have a computer but that's about as far as they go.

    Every one of those people brings something to the business in terms of expertise. I don't expect them to understand how to go about keeping systems running and safely backed backed up, and in exchange for this they don't expect me to understand the finer points of accounting law or spend months debugging drivers in VxWorks.

    I've worked with one person who trashed everyone who didn't have the same level of knowledge. Never again. It's a shame really, becuase other than that he was good at his job - if he could lose the attitude I'd happily re-employ him.

  18. Re:This will help others adopt Linux on Oracle Linux Explored · · Score: 1

    that will let the pussies in legal departments

    OT, but I always wondered why such people get called "pussies".

    Perhaps they're soft, warm, moist and surrounded by hair. Or they're soft, warm, hairy and go "Meow".

  19. Re:Thank god I feel so much safer now on BitTorrent Site Admin Sent To Prison · · Score: 1

    As far as I'm concerned, if you have no say so in the making of a law, then you have no obligation whatsoever to have to abide by it.

    I had no say in the murder laws in my country. They date back centuries. Does this mean I have no obligation to abide by them?

  20. Re:Explain the problem on How to Hack the Vote and Steal the Election · · Score: 1

    Not really.

    You know why that is? Wilful ignorance. Let me explain what I mean in this context:

    To 95% of the population, computers are magic black boxes. You press a few buttons on the outside, magic goes on on the inside, a letter to your great Aunt Flo in Australia comes out of a beige box with paper in it. The most people know about things like computer viruses is that "they're bad". Why that is, and what the potential consequences are, are a complete mystery - and most people are happy for it to remain that way.

    What the masses do know is:

    - Generally speaking, it works.
    - When it does not work, it is normally pretty obvious very quickly. You'd soon know about it if letters to your Great Aunt Flo started including passages taken from the screenplay of "Deep Throat".

    Try to explain what's gone wrong with a computer, and most people don't want to know - they just want it fixed. But in the case of voting machines, it's not immediately obvious to the layman that something is wrong so nobody's paying much attention to the people saying "It is and this is why".

  21. Re:EnCase can read/decrypt PGP? on Laptops Searched and Confiscated at U.S. Border · · Score: 1

    AFAICT, it can mean one of only two things:

    1. That all these commercial products have backdoors for government use.
    2. That the people writing this software have access to encryption knowledge several years ahead of what's in the public domain.

    In the case of 1, probably the best thing you can do is use an open source product. However, if 2 is the case, then I think a VPN to a secure network where the actual data is is the best bet.

  22. Re:your all on crack on Lik-Sang Is Out Of Business · · Score: 1
    As you correctly surmise, I am in the UK.

    Thing is, we don't have a written constitution.

    What we have is:
    • Hundreds of years of case law and European laws which trump our own.
    • A non-elected second house of government, who must approve anything the first house try and put through before it may become law.

    Yes, you heard that last bit right. Thing is, until recently, members of the non-elected house (the "House of Lords") tended to be from well off (and therefore better educated and not having to pander to an electorate who sometimes frankly don't know what's good for them) backgrounds.

    While it sounds like a complete contradiction in terms, democracy-wise, the upshot is that the well-educated people who aren't looking out for the Next Big Vote Winner were generally reasonably good at toning down or outright dismissing badly written laws before they were passed. Most of the people in the first house (the "House of Commons", as we call it) I wouldn't trust to open a tin of tuna.

    Unfortunately, the current government is doing everything it can to obliterate anything which might stand in their way. I'm talking things like the loss of the automatic right to a jury trial, and replacing most of the people in the House of Lords with cronies who can be depended upon to vote in favour of the government.

    Myself, I don't see the point in a second house if it's going to be appointed by the people currently in power, but it seems that this minor issue has been glossed over.
  23. Re:your all on crack on Lik-Sang Is Out Of Business · · Score: 1

    Just as laws can't contradict the constitution

    OT, but what would be the point in a constitution if laws could contradict it?

  24. Re:clarification please on Lik-Sang Is Out Of Business · · Score: 1

    Is that so? IANAL, but my understanding was you can sell what you like, but if you don't have the permission of the trademark holder you can't use the trademark.

    Now of course, in the real world no trademark holder in their right mind is going to argue about Tesco's selling shedloads of their product by putting up a big poster saying "SPECIAL OFFER ON $PRODUCT" - unless it's someone like Levis who don't want their product "devalued" in the eyes of the UK consumer. It'd be rather hard for other shops to continue to sell Levi jeans at £50+ where Tescos are selling the exact same pair of jeans for £30.

    AIUI, Levis sued under trademark law and Tescos were in the interesting position of being free to continue to sell Levi's jeans - provided they didn't use any of Levi's trademarks in so doing. And it's rather hard to sell a pair of Levi's when the first thing you've got to do before selling them is remove any mark or label which identifies them as levi's.

  25. Re:Utter garbage, Redux on Web Surfing in Public Places Is A Way to Court Trouble · · Score: 1

    Not sure I quite follow you - you don't need the correct CA cert for the site, as your clients would be configured to already know about the root CA you're using on the proxy server, and it's a cert signed with that which is presented to the client.

    In any case, as I understand from what you say, all the dodgy cybercafe owner needs to do to make that much less of a problem is ensure his PC's are running a vulnerable version of Internet Explorer. Not exactly difficult, as they're his PCs.

    Though thinking about it, I reckon if the cybercafe is that dodgy, it would be about 100 times easier just to install a keylogger on every PC.