The statistics come from a large amount of web sites, I'm presuming Windows Update isn't one of the sites that provide their visitor details to this survey. They'd be fairly useless anyway, 100% IE.
The only way this could have made a difference is if people use IE to download the updates and then keep using IE and forget about Firefox afterwards, but I don't think that can account for any real numbers. As somebody has suggested earlier people using IE to access IE only sites and then never bothering to go back to Firefox may be more of a factor, or maybe the statistics just mean nothing:)
Worth noting that in this case it appears they are not running XP Embedded, they are instead just running a standard version of XP Pro on a Pentium M board, according to this page.
Tracking vehicles with RFID may not so bad - after all vehicles have licence plates...
Yep, it's also worth noting that in the UK we already have speed cameras that read and identify your license plate to take your average speed over two locations, and also a similar system used to identify cars without tax disks (I've seen these set up at the side of the road reading your plate as you pass).
Before somebody comes out with "But they can track you now wherever you drive!" or "Anybody could intercept the signal and track you!" - remember the car is already clearly labelled with a big easy to read code linking it to the owner anyway, this is just a more reliable way of reading it digitally from what I can see. As long as the chip itself holds no more data than the code linking it to the database that they already have, I don't see any new privacy problem with this.
And of course the first 'customer' has full rights to distribute the product for free as they wish. Hence why 'selling' a 100% GPL product is never going to be a wise business move.
If I'm reading this correctly, I can get on a flight from New York to Toronto. On the way there, I'll eat my passport. When I get there Canada will refuse me entry and send me back to New York. Then, and this is the great bit, they won't let me back in for not having a passport! This can only mean one thing - I'll live in "The Terminal"!
Then I can live my movie-dream of building myself a bed out of chairs in a conveniently quiet part of the airport that is constantly under construction, and I will live by collecting luggage carts and taking the money from the cart return machine in order to purchase food at Burger King.
And if what Hollywood teaches me is true, it is only a matter of time before a hot air hostess falls in love with me!
I really think the majority of replies to this thread have a very limited understanding of the current situation - we're seeing a classic example of what happens when you post the a story involving the 'UN' and 'China' to a mostly-American site.
I'll put this simply. I'm connected through a UK ISP, using UK bandwidth and networks, using UK owned equipment, and connected other than slashdot to mostly european sites/servers. All of this is being governed and controlled by a private registered company in the USA, and they have the power to make policy changes that affect my current happy arangement, without any kind of monitoring or regulation.
Do you honestly feel that your information, and the Internet, is safer in the hands of a private unregulated "not for profit" US registered company that is given it's power by the US government and gives most (if not all) of it's contracts for vital services to US for-profit companies?
Put aside your opinions on the UN and how they don't agree with everything the US says for a minute and realise that in an ideal world, an international democractic UN backed organisation to control the future of an international network is the way things should be. The UN is the best chance we have of this happening. Now I'll be the first to admit the UN aren't perfect, however run correctly (ie. by a team of technical-background individuals from multiple nations, who answer to the UN as a whole) this would be the best way to manage the worldwide Internet as we know it today. This would be infinitely better than the current US private company having full control over the world's Internet experience.
Of course, all of this is wasted, having browsed through the comments so far it it seems people are posting before thinking after seeing 'UN' on their lovely US site. And this is exactly why the situation will never change - after all, can you really see the US giving control of the web to an international organsiation? It's simply not going to happen, and nobody has the power to make them.
It doesn't matter what colour hat you classify them as, or whether you personally are glad that you know gmail is insecure - and you are also somehow happy that every script kiddie now knows how to attack your account.
There is no excuse whatsoever for releasing something like this to the public, especially without notifying the service and giving a long enough period for them to fix it (IMO even going public then doesn't achieve anything). All that this achieves is self-glorification for the people finding the exploits, they even go as far to ask for jobs at google in this case. If people could stop thinking about getting their name attached to an exploit, and thinking about the benefits for all users of the service/software affected, we'd have a lot less scripts floating around for the script kiddies to click and run.
The worm is related to an issue in phpBB 2.0.10 as per the parent, nothing to do with any PHP issues.
I do wish mods would be careful when modding posts that they obviously no nothing about as 'informative' - to be 'informative' you have to give correct information, not just information that looks technical enough to be correct.
No, what you are saying is false. The phpBB 2.0.10 security issue is not related in any way to the PHP exploits discovered recently. And this worm uses the 2.0.10 exploits, not PHP.
As per the parent of this post, the post modded '+5 Informative' is false and includes the wrong announcement.
This is not caused by the php bugs, it uses an issue in phpBB 2.0.10 and below. 2.0.11 fixes this, and has been available for ages (over a month).
So in summary, if you use phpBB - upgrade to 2.0.11 now - not upgrading is not an option.
I feel the above needs to be clarified, as there are already numerous people posting false information. Upgrading your PHP version won't protect against this (but you need to do it anyway to protect against other issues) - upgrading to phpBB 2.0.11 will. Simple:)
How about ending the advertising? I wouldn't miss it.
There are a huge number of (non-commercial) sites out there that depend on adsense to keep running, generally speaking it is at least possible to cover server costs alone for a reasonably high traffic site with adsense.
This is why personally I've never understood why people run things like 'Adblock' to block out all adverts (other than in the case of annoying pop-unders etc) - these adverts are most likely what pay for the site you are viewing.
How the hell these people get modded '5, Insightful' is beyond me. There are a number of these comments modded high already.
This is Slashdot, News for Nerds. We like gadgets. We don't generally say 'I wish they'd stop adding new features to things, my calculator twenty years ago worked fine!'. We don't expect to see a review of an 80s style calculator making the slashdot frontpage, unless of course the editors are having a really bad day;)
If you want a phone that is just a phone, go to your local phone shop, head to the cheapest section, and there are many. There are a number of very good basic phones out there, popular as 'company phones' bought by employers. Infact, you probably don't have to buy one yourself - wait outside the shop and ask if you can have someone's old phone whilst they are on their way in to buy one with more features for the money than they got 5 years ago.
You don't find reviews on slashdot of brand new phones that are 'just phones' - they all came out years ago and we don't care anymore.
Are you blind, illiterate, or just plain lazy? It's a 1/2 page article for crying out loud!
Neither of the links were loading for me at the time I posted, I'm sure you're familiar with the concept at slashdot. Perhaps you'd care to comment on the subject at hand, like I did?
And having now been able to read the articles, it isn't mentioned anywhere how long google have had to resolve this issue. As per my previous post, going public without giving a reasonable amount of time for the issue to be fixed achieves nothing other than potentially more exploits.
Some might agree... others would say that if that was the case, Microsoft (and others) would never fix security holes if they are not known.
Yes - but the key is that you should give the company in question enough time to be able to get a fix out before releasing the issue to the public.
I haven't been able to RTFA however unless Google have not taken any action after a reasonable timeframe (say a week) posting the issue on slashdot is not going to solve the problem any faster, and hence is just making more kiddies aware of this.
Keeping an issue you discovered 'secret' for a reasonable timeframe is the much more sensible option, you only need to go public if the issue is not fixed promptly.
Slashdot Mirror
The statistics come from a large amount of web sites, I'm presuming Windows Update isn't one of the sites that provide their visitor details to this survey. They'd be fairly useless anyway, 100% IE.
:)
The only way this could have made a difference is if people use IE to download the updates and then keep using IE and forget about Firefox afterwards, but I don't think that can account for any real numbers. As somebody has suggested earlier people using IE to access IE only sites and then never bothering to go back to Firefox may be more of a factor, or maybe the statistics just mean nothing
Worth noting that in this case it appears they are not running XP Embedded, they are instead just running a standard version of XP Pro on a Pentium M board, according to this page.
Tracking vehicles with RFID may not so bad - after all vehicles have licence plates...
Yep, it's also worth noting that in the UK we already have speed cameras that read and identify your license plate to take your average speed over two locations, and also a similar system used to identify cars without tax disks (I've seen these set up at the side of the road reading your plate as you pass).
Before somebody comes out with "But they can track you now wherever you drive!" or "Anybody could intercept the signal and track you!" - remember the car is already clearly labelled with a big easy to read code linking it to the owner anyway, this is just a more reliable way of reading it digitally from what I can see. As long as the chip itself holds no more data than the code linking it to the database that they already have, I don't see any new privacy problem with this.
I would hope that as a bartender you are aware of the concept of washing your hands :)
And of course the first 'customer' has full rights to distribute the product for free as they wish. Hence why 'selling' a 100% GPL product is never going to be a wise business move.
Are you kidding, this is awesome!
If I'm reading this correctly, I can get on a flight from New York to Toronto. On the way there, I'll eat my passport. When I get there Canada will refuse me entry and send me back to New York. Then, and this is the great bit, they won't let me back in for not having a passport! This can only mean one thing - I'll live in "The Terminal"!
Then I can live my movie-dream of building myself a bed out of chairs in a conveniently quiet part of the airport that is constantly under construction, and I will live by collecting luggage carts and taking the money from the cart return machine in order to purchase food at Burger King.
And if what Hollywood teaches me is true, it is only a matter of time before a hot air hostess falls in love with me!
If you ever been to Taiwan you'd know most girls there look absolutely great (it's not only me noticing this). I don't know how did they achieve it.
;)
How do you know he's interested in their looks? This is slashdot - he probably just wants a free motherboard
I really think the majority of replies to this thread have a very limited understanding of the current situation - we're seeing a classic example of what happens when you post the a story involving the 'UN' and 'China' to a mostly-American site.
I'll put this simply. I'm connected through a UK ISP, using UK bandwidth and networks, using UK owned equipment, and connected other than slashdot to mostly european sites/servers. All of this is being governed and controlled by a private registered company in the USA, and they have the power to make policy changes that affect my current happy arangement, without any kind of monitoring or regulation.
Do you honestly feel that your information, and the Internet, is safer in the hands of a private unregulated "not for profit" US registered company that is given it's power by the US government and gives most (if not all) of it's contracts for vital services to US for-profit companies?
Put aside your opinions on the UN and how they don't agree with everything the US says for a minute and realise that in an ideal world, an international democractic UN backed organisation to control the future of an international network is the way things should be. The UN is the best chance we have of this happening. Now I'll be the first to admit the UN aren't perfect, however run correctly (ie. by a team of technical-background individuals from multiple nations, who answer to the UN as a whole) this would be the best way to manage the worldwide Internet as we know it today. This would be infinitely better than the current US private company having full control over the world's Internet experience.
Of course, all of this is wasted, having browsed through the comments so far it it seems people are posting before thinking after seeing 'UN' on their lovely US site. And this is exactly why the situation will never change - after all, can you really see the US giving control of the web to an international organsiation? It's simply not going to happen, and nobody has the power to make them.
In this case, it's more a case of "I must make money from it".
The people using this exploit to get fake listings (just like all of the spam pages we see in search engines) aren't doing it for the fun of it.
This isn't £50,000 each - it's £50,000 total. To quote TFA:
The average compensation payment was £2,200 each, with one person paying £4,500.
It doesn't matter what colour hat you classify them as, or whether you personally are glad that you know gmail is insecure - and you are also somehow happy that every script kiddie now knows how to attack your account.
There is no excuse whatsoever for releasing something like this to the public, especially without notifying the service and giving a long enough period for them to fix it (IMO even going public then doesn't achieve anything). All that this achieves is self-glorification for the people finding the exploits, they even go as far to ask for jobs at google in this case. If people could stop thinking about getting their name attached to an exploit, and thinking about the benefits for all users of the service/software affected, we'd have a lot less scripts floating around for the script kiddies to click and run.
The worm is related to an issue in phpBB 2.0.10 as per the parent, nothing to do with any PHP issues.
I do wish mods would be careful when modding posts that they obviously no nothing about as 'informative' - to be 'informative' you have to give correct information, not just information that looks technical enough to be correct.
Don't spread FUD.. php?filemodule_id=28882
:
Sourceforge offers release trackers which the phpBB team openly point people to if they want mail updates:
http://sourceforge.net/project/filemodule_monitor
Or of course, there is the RSS feed
http://www.phpbb.com/rss.php
And, after 'popular demand' they are currently working on a special security mailing list that people can subscribe to.
No, what you are saying is false. The phpBB 2.0.10 security issue is not related in any way to the PHP exploits discovered recently. And this worm uses the 2.0.10 exploits, not PHP.
As per the parent of this post, the post modded '+5 Informative' is false and includes the wrong announcement.
:)
This is not caused by the php bugs, it uses an issue in phpBB 2.0.10 and below. 2.0.11 fixes this, and has been available for ages (over a month).
So in summary, if you use phpBB - upgrade to 2.0.11 now - not upgrading is not an option.
I feel the above needs to be clarified, as there are already numerous people posting false information. Upgrading your PHP version won't protect against this (but you need to do it anyway to protect against other issues) - upgrading to phpBB 2.0.11 will. Simple
My 4th Gen iPod charges on USB fine, both on USB 1.x and 2.x PCs/laptops.
OK, for the last time Mom and Dad...
Don't open email attachments from strangers.
-Your children
How about ending the advertising? I wouldn't miss it.
There are a huge number of (non-commercial) sites out there that depend on adsense to keep running, generally speaking it is at least possible to cover server costs alone for a reasonably high traffic site with adsense.
This is why personally I've never understood why people run things like 'Adblock' to block out all adverts (other than in the case of annoying pop-unders etc) - these adverts are most likely what pay for the site you are viewing.
How the hell these people get modded '5, Insightful' is beyond me. There are a number of these comments modded high already.
;)
This is Slashdot, News for Nerds. We like gadgets. We don't generally say 'I wish they'd stop adding new features to things, my calculator twenty years ago worked fine!'. We don't expect to see a review of an 80s style calculator making the slashdot frontpage, unless of course the editors are having a really bad day
If you want a phone that is just a phone, go to your local phone shop, head to the cheapest section, and there are many. There are a number of very good basic phones out there, popular as 'company phones' bought by employers. Infact, you probably don't have to buy one yourself - wait outside the shop and ask if you can have someone's old phone whilst they are on their way in to buy one with more features for the money than they got 5 years ago.
You don't find reviews on slashdot of brand new phones that are 'just phones' - they all came out years ago and we don't care anymore.
Are you blind, illiterate, or just plain lazy? It's a 1/2 page article for crying out loud!
Neither of the links were loading for me at the time I posted, I'm sure you're familiar with the concept at slashdot. Perhaps you'd care to comment on the subject at hand, like I did?
And having now been able to read the articles, it isn't mentioned anywhere how long google have had to resolve this issue. As per my previous post, going public without giving a reasonable amount of time for the issue to be fixed achieves nothing other than potentially more exploits.
Some might agree... others would say that if that was the case, Microsoft (and others) would never fix security holes if they are not known.
Yes - but the key is that you should give the company in question enough time to be able to get a fix out before releasing the issue to the public. I haven't been able to RTFA however unless Google have not taken any action after a reasonable timeframe (say a week) posting the issue on slashdot is not going to solve the problem any faster, and hence is just making more kiddies aware of this.
Keeping an issue you discovered 'secret' for a reasonable timeframe is the much more sensible option, you only need to go public if the issue is not fixed promptly.
Exactly the same issue here (on linux) - this is the first other report of the same problem that I've found, I'm not going mad after all ;)
Welcome to the joy of *nuke powered websites - not knowing where anything useful actually is ;)
You forgot 'Virgin Ware' stores, which sell lingerie. Or so I'm, er, told.
:D
'Virgin Ware' is the best name ever for a lingerie shop if you ask me
http://www.virginware.com/