It totally sounds like a trip to Di$ney world compared to having some guy drilling out the joints of my fingers.
... hehe
Tho between getting caught on the "it's a small world" ride for an hour and water boarding..
However, the advantage of "it's a small world" is that if the power goes out (to get you stuck for that hour), the music stops too... Btw, is there a "small world" in Eurodisney too, or is that one only in Florida?
Part of the hack was to exploit the unsecure procedures at the DNS registrar to add a new e-mail address for administering the victim's domain.
Any other company at the same registrar could fall victim for this, even a bank! And actually many registrars are this unsecure: not so long ago, it was possible to do similar things with just a faxed request with a (faked) signature. Not even necessary to know birth town and mother maiden name.
So, blaming this on lack of PHP (or other) coding skills of the victim is silly. Blame the insecure DNS registrar.
What would protect a brick and mortar bank against a similar hack would not be its coding skills, but rather its notoriety: a DNS registrar would hesitate if suddenly somebody asked to add a hotmail e-mail address to a well-known bank's registry information, and would try to confirm this by phoning back the bank during business hours before doing such change.
Set up a server somewhere with an IPv4 address, and then, on your home machine, set up a script that ssh's into it and establishes a reverse tunnel: ssh -R 2022:localhost:22 -oGatewayPorts=yes mypi.edis.at
You can call this script from/etc/inittab, so that it is relaunched automatically should the connection die.
Then, when on the road, to connect to your home network, just do ssh -p 2022 mypi.edis.at on your phone.
A suitable server may be a raspberry pi hosted for free at Edis, Austria. Just send them your pi, and they'll host it for free.
I agree that's perfectly fine, aside from the whole bit about security of saving a password (store it in a secure manner and each time check it against the secure form stored in the user database). How does it save that information in a persistent way that uniquely identifies the computer you're using?
I guess, in a hash table keyed by hostname and realm? Probably the first browser did it that way in any case, although nowadays it's probably in a more evolved data structure...
Without the data persistence, refreshing the page would just show you the page as if you weren't logged in.
That's why pages are sent with a Vary: Http-Authorization tag. This tell caches, including the one in the browser itself, that they should include authorization in the cache key for the page. This is to avoid that a cached unauthenticated page (or worse: authenticated for a different user...) would show up after the user has been authenticated.
So which computer are you at
Why would the server even care about this at all? As you pointed out in an earlier message, relying on this is fraught with security issues.
With a Web page, you're logging in, but there's no shell or other process that keeps your session alive, so you'd automatically get logged out if it wasn't for something like session cookies.
Wrong. The browser caches the user credentials until you exit the browser, or otherwise log out.
How does the server keep track of the fact that you're logged in and who you are?
By your user name and password.
Your time spent on that site is called a session, and the server sets a session cookie to say, "Okay, you've already logged in,
If you are logged in, the server sees your username and password, then why does it need anything else?
so I'll save you the trouble of doing it again."
Most (all?) browsers only prompt for a username/password a single time, and then keep in in memory for further requests from the same site and realm.
The only alternative I can think of is the server responding to your log-in action with "Okay, I got your IP address, so I'll just make a note in my database that you logged in from IP address [IPaddr].
thereby logging you out every time you want to make a forum post on the Web.
Why would that be? If you are logged in, you stay logged in, cookies or not. But then, if you are logged in you can already be tracked by your user credentials, so all this becomes moot...
Not even fixed constant factor. Rather, a fixed constant term (additivie constant, rather than multiplicative). Indeed, once the attacker has found the ssh port, he can start banging his list of username/passwords at that port, and he doesn't need to repeat the port-search sequence for each username/password that he tries...
You still need neutral in some types of automatic car washes (those where one wheel engages in a small sled that pulls your car through the washing device)
I'd rather experience my first seizure in the comfort of my living room playing a video game, than in a car while driving along a tree lined-road with the sun flashing between those trees.
You don't, however, generally drive 300 miles a day (or if you do, you know the location and hours of every gas station on the way),
Huh? Unless you're driving to a very remote location, you don't need to. Regular gas stations are plentiful enough that you can find one on the spot as soon as the needle gets close to empty.
However, with more exotic fuels (or electricity...), sure, you do have to plan for this in advance...
That said - Every night, you park your car somewhere in the vicinity of conveniently available grid power. In exchange for five seconds of plugging it in every night
Except when on a trip away from home, where you might not have a garage or no easy access to a power outlet from a space where you can park your car...
One of the downsides to the decentralized nature of the net is that sometimes things just get lost.
Not lost, just delayed. After those 5 days, your e-mail will either have been delivered to its intended destination, or come back to you with an error message explaining what went wrong. And if delayed for more that 4 hours, you'll usually get an early warning message too...
Properly set up e-mail works surprisingly well these days. Lost e-mails are usually the result of sub-par providers who take shortcuts, or users who don't know how to use the tool.
When properly done, spam filtering doesn't make mail unreliable. Sender gets a bounce if his mail doesn't get through, so he will know what's going on, and to retry.
In Luxembourg (where those ponies were put into those boxes), horse meat ("Päerdsbüfftek") is actually a delicacy (... and usually more expensive than beef). Usually, you see scammers work the other way round: serving a beef steak as horse by just using horse steak gravy with it. So, it's really a mystery how this scam could even work from an economic perspective.
And in any case, a Romanian horse is probably much healthier to eat than a Bristish cow. Or maybe the scammers actually had too much British beef, and that affected their thinking process...
Wouldn't it be a matter of looking at the averages for slightly longer periods? I.e. if the downtime was 1 day, just look at the volume of the week's starting with the down day for example. If this week had noticably less sales then any other week, he probably did lose sales (if people waited, they would probably have waited less than a week,). If the average was roughly the same, people would have delayed.
Of course, all depends on how steady the volumes usually are. If there are usually large swings from one week to the next, he wouldn't be able to tell.
We even know your browser, screen resolution, OS, the color underwear you wear,
... and then you wonder why people are so mistrusting of javascript...?
(Technically, the browser and OS can be read from the user-agent header, and needs no javascript. But the screen resolution and color of underwear sure does need javascript!)
Slashdot Mirror
I don't think "have you ever been a pope before?" was part of the the interview...
I wouldn't be so sure about the "never" part...
nephews
A young pope can also change his mind, if he notices that the world around him changes...
Il n'y a que les imbéciles qui ne changent pas d'avis
He'd be the darling of all cardinals...
It totally sounds like a trip to Di$ney world compared to having some guy drilling out the joints of my fingers.
... hehe
Tho between getting caught on the "it's a small world" ride for an hour and water boarding..
However, the advantage of "it's a small world" is that if the power goes out (to get you stuck for that hour), the music stops too... Btw, is there a "small world" in Eurodisney too, or is that one only in Florida?
Any other company at the same registrar could fall victim for this, even a bank! And actually many registrars are this unsecure: not so long ago, it was possible to do similar things with just a faxed request with a (faked) signature. Not even necessary to know birth town and mother maiden name.
So, blaming this on lack of PHP (or other) coding skills of the victim is silly. Blame the insecure DNS registrar.
What would protect a brick and mortar bank against a similar hack would not be its coding skills, but rather its notoriety: a DNS registrar would hesitate if suddenly somebody asked to add a hotmail e-mail address to a well-known bank's registry information, and would try to confirm this by phoning back the bank during business hours before doing such change.
ssh -R 2022:localhost:22 -oGatewayPorts=yes mypi.edis.at
You can call this script from
Then, when on the road, to connect to your home network, just do ssh -p 2022 mypi.edis.at on your phone.
A suitable server may be a raspberry pi hosted for free at Edis, Austria. Just send them your pi, and they'll host it for free.
not one person has asked whether or not the Robosparrow ran/still runs Linux.
... and whether the python language is so concise that you need to "pad these python files out to 200 lines"...
I agree that's perfectly fine, aside from the whole bit about security of saving a password (store it in a secure manner and each time check it against the secure form stored in the user database). How does it save that information in a persistent way that uniquely identifies the computer you're using?
I guess, in a hash table keyed by hostname and realm? Probably the first browser did it that way in any case, although nowadays it's probably in a more evolved data structure...
Without the data persistence, refreshing the page would just show you the page as if you weren't logged in.
That's why pages are sent with a Vary: Http-Authorization tag. This tell caches, including the one in the browser itself, that they should include authorization in the cache key for the page. This is to avoid that a cached unauthenticated page (or worse: authenticated for a different user...) would show up after the user has been authenticated.
So which computer are you at
Why would the server even care about this at all? As you pointed out in an earlier message, relying on this is fraught with security issues.
With a Web page, you're logging in, but there's no shell or other process that keeps your session alive, so you'd automatically get logged out if it wasn't for something like session cookies.
Wrong. The browser caches the user credentials until you exit the browser, or otherwise log out.
How does the server keep track of the fact that you're logged in and who you are?
By your user name and password.
Your time spent on that site is called a session, and the server sets a session cookie to say, "Okay, you've already logged in,
If you are logged in, the server sees your username and password, then why does it need anything else?
so I'll save you the trouble of doing it again."
Most (all?) browsers only prompt for a username/password a single time, and then keep in in memory for further requests from the same site and realm.
The only alternative I can think of is the server responding to your log-in action with "Okay, I got your IP address, so I'll just make a note in my database that you logged in from IP address [IPaddr].
Why not simply use your login and password?
Nuke these trolls from orbit. It's the only way to be sure. There, I'm on-topic too.
No, just hurl a giant meteorite at them, after all they've 30 times more boom than the Hiroshima bomb.
thereby logging you out every time you want to make a forum post on the Web.
Why would that be? If you are logged in, you stay logged in, cookies or not. But then, if you are logged in you can already be tracked by your user credentials, so all this becomes moot...
A fixed constant factor higher in fact.
Not even fixed constant factor. Rather, a fixed constant term (additivie constant, rather than multiplicative). Indeed, once the attacker has found the ssh port, he can start banging his list of username/passwords at that port, and he doesn't need to repeat the port-search sequence for each username/password that he tries...
You still need neutral in some types of automatic car washes (those where one wheel engages in a small sled that pulls your car through the washing device)
Handbrake as well would have worked surely?
As any beginner driver who has ever forgotten to unset the handbrake before driving could tell you: no.
So, why does France issue Driver's Licenses to people subject to epileptic seizures?
How are those people know that they are subject to this? Indeed, in its infinite wisdom, the French lawmakers preferred tio eliminate all items that may trigger such seizures in relatively safe environments.
I'd rather experience my first seizure in the comfort of my living room playing a video game, than in a car while driving along a tree lined-road with the sun flashing between those trees.
At least he didn't make it to Zaghreb...
You could always squirt out some more ink, I mean, you are an octopus, right?
... and if you aren't, just use black paper...
You don't, however, generally drive 300 miles a day (or if you do, you know the location and hours of every gas station on the way),
Huh? Unless you're driving to a very remote location, you don't need to. Regular gas stations are plentiful enough that you can find one on the spot as soon as the needle gets close to empty.
However, with more exotic fuels (or electricity...), sure, you do have to plan for this in advance...
That said - Every night, you park your car somewhere in the vicinity of conveniently available grid power. In exchange for five seconds of plugging it in every night
Except when on a trip away from home, where you might not have a garage or no easy access to a power outlet from a space where you can park your car...
One of the downsides to the decentralized nature of the net is that sometimes things just get lost.
Not lost, just delayed. After those 5 days, your e-mail will either have been delivered to its intended destination, or come back to you with an error message explaining what went wrong. And if delayed for more that 4 hours, you'll usually get an early warning message too...
Properly set up e-mail works surprisingly well these days. Lost e-mails are usually the result of sub-par providers who take shortcuts, or users who don't know how to use the tool.
add in spam filtering and its unreliable.
When properly done, spam filtering doesn't make mail unreliable. Sender gets a bounce if his mail doesn't get through, so he will know what's going on, and to retry.
And in any case, a Romanian horse is probably much healthier to eat than a Bristish cow. Or maybe the scammers actually had too much British beef, and that affected their thinking process...
And that is going to help me how, exactly?
Of course, all depends on how steady the volumes usually are. If there are usually large swings from one week to the next, he wouldn't be able to tell.
We even know your browser, screen resolution, OS, the color underwear you wear,
... and then you wonder why people are so mistrusting of javascript...?
(Technically, the browser and OS can be read from the user-agent header, and needs no javascript. But the screen resolution and color of underwear sure does need javascript!)