We could convict someone in our country from another country for xxx crime, and find them guilty because they had no representation and no appearance in court(losing by default) which would then mean they would have to live a xxx term in prison, and once they set foot on american soil...they could not really say much other then sh*t!
My first reaction to this story was one of bafflement, as to how a country can prosecute other country's citizens on crimes they theoretically committed based on principal, or moral beliefs...yet I guess if the roles were reversed (Saddam Hussein) we would take a stand for crimes we thought were against humanity (which we defined ourselves) and then applied them to a citizen of another country. I have to say, i really don't like politics...i think it's pretty sad...
I can see by your tone, no matter what i explain or say it will be for nothing. I could clarify that my first post was talking about the previous post above mine/* This functionality you propose is available today, although not required (at least in Oracle where I'm familiar). Look into bind variables. in fact, let me google it for anybody reading this who wants to know how to prevent sql injection. http://www.lmgtfy.com/?q=bind+variables [lmgtfy.com] The positive side effect (again in Oracle) is that use of bind variables reduces the CPU cost of parsing SQL statements, so not only should you use bind variables, you should REALLY use bind variables. */...and most lazy programmers do not do proper sql injection verification on their websites, thinking that AJAX is what M$ proposes to help for post obfuscation, however you are completely right, someone with enough time on their hands could decrypt the encrypted ajax post from the hidden fields on the web page, and then reconstruct a sql injection attack that would pass no problem....however this would take some doing in cracking power, maybe a cluster of nvidia graphics cards running in parallel with that elcomsoft software for cracking...but then again, i know absolutely nothing when it comes to computers....
Really, you want to post this story on/. ok...what ever turns your crank...
>If only we humans could say the same for our poop, which really doesn't do much more than just sit there The fact that we never really studied our own feces for recycling or usage, means we just don't care enough to try. If someone were to study our poop, we would see a means of processing our dung to be used as car fuel, then we would stop flinging our crap all over/. and keep our gas money for better things...like finding better editors.
So the fact that M$ uses ajax (within asp.net) to support encryption of their data between page posts or self update to avoid any tampering is something I guess they know nothing about as well....
God if I had a nickel every time someone was trying to prove themselves by erroneously shooting someone else down....well let's just say I would be buying a few hotels down in Dubai.
I was given a task of trying to find a way to monitor pc usage time and what apps were being used, for how long, etc. I got my hands on spector 360 which is a great app, and the engineers there are very up to date with all the kernel hooks and such, so when you need a customized or specific task, they understand what you are about.
I also was asked to set up certain reports to show what activity was going on (spector does this on its own) So a chore that would have been a full time job became my bosses passed time, all i had to do was maintain the installations and the rest was so user friendly,my boss became his own policeman. Better the boss review any materials then any biased person at the company. He can also decide what recourse to take...in the end i found spector very good tool, except it always needed admin privileges to run, which i could not understand why they did that, but all in all very useful tool.
Being a brit myself, i guess i can see the humor behind this all, but my guess is pc users are missing some element of know how when it comes to being up to date with all the security issues of today. Up to date with your AV, not opening emails with attachments....scanning every file before opening, etc, etc.... seems to me too many users are security illiterate.
THANK YOU, about time someone saw the flaw behind M$ way of dealing with things...and this is EXACTLY why the guy did what he did. He showed that not only is M$ not responsible enough to say ah geez...thank you for spotting this, but now they can't prioritize themselves to push out a fix for the bug quick enough before others come up with attack vectors.
DON'T BLAME THE GUY FOR REPORTING THE PROBLEM, you would have been just as hacked by the guy knowing about this attack anyways, at least you are aware of it now...( I am talking to you...whoever modded me down for my last 2 posts about this)...no real hacker will ever tell you his attack vectors, and there are still many not OUTED.... does that make you more secure because no one has been telling the world about them, hell no!
You sir are a gem, able to discern that the onus does not fall on the guy reporting the problem, but the person who supplied the buggy application and then does nothing quick enough to fix it, once a problem is found.
Wish there were more like you!
ps- If this was to actually interfere with a meeting, or cause some stock option problems, it would have been resolved that same day. Because it is for the end user especially still using windows xp, guess what....we will have to wait a LONG time before getting this, my guess is until you get sick enough of waiting and buy windows7.... ; )
The plane's engine exhaust is hot enough to create a slight precipitation enough to destabilize the cloud and make it pop so to speak, whether it is hot air masses created by mother nature or by planes, the same result happens, but with planes it is small compared to the bigger mother nature kind, so technically will not rain or snow for that long...China used a sort of similar weather control system during the Olympics, to help maintain the raining season...what they did helped, but only a little...it still rained...just not as much.
This is hardly news worthy science, however does let most people realize that it is possible and not magic to control the weather, we just need a bigger delivery system and power source...maybe like a gigantic zeppelin....i wonder if the side of the zeppelin was made of materials that took the heat from the sun (solar panels???) and stored it to use for later, within a cloud mass.....if it would work....if only i had millions to research with.....ah well..
When i read quickly the headline, I saw kaspersky and injection, and thought, they have developed a new way to inject dlls running on windows in case they have been compromised, a new type of anti virus, if the dll is hacked, then hack it back...
Then i stopped and realised that the article had nothing to do with the AV company, and had this guy kaminsky talking about how to circumvent sql injection attacks...sort of...then i tried to go read the article, and got the blocked login page, which I have no log in for...and wont create one to just read a story...all said and done, i am not even sure if this has merit...can anyone post a link to a NON secured website where i could view the story as is...?
It sounds like he offers a way to go through code quickly to replace badly written code...but i could be wrong...
But Ajax is supposed to hold the info in encrypted format before sending to a POST for the html document model, and thereby avoiding such things as sql injection because you are getting your values from the synched up ajax model running behind the code (.net and others)...i guess you could try to manipulate the encrypted info, but from my understanding, you have part of a checksum included inside the code, and if it is off, the page does not post.... i could be wrong again.
I agree with your point 100%, although I got modded down as troll for suggesting this very same thing on another post...wonder why some people can suggest it and get a pat on the back, and others get burned, guess that's the joy of/.
Because he works for google and they will protect him, M$ can't use their massive amounts of money to sway him from talking or slap him with lawsuits....therefor the only thing to do is actually FIX THE BUG!....imagine we live in a world where when we tell a company their product is flawed and even offer a way to reproduce this bug, that they say thank you very much, and fix their product...right away....well I applaud his effort, and think that more people (from google) should all come out with these types of bugs to show that not only are we going to let everybody know about your bug and how to use it, but after giving you a small amount of time to fix it....so you might as well just swallow that pill, put on your coding caps and fix those bugs....
So many exploits come from M$ and have been around for so long that it is nice to see someone (other company) stand up for us and help bring about a safer web/internet for us to play in...
If they could make a product that was actually needed, then i would say ok, but all windows7 is is a prettier version of windowsxp...with a few more bells and whistles... If i really am going to bother changing my OS, i will think more about moving towards linux as that would be an excellent time to change, when you need to...instead of boxing myself in for another 10 years with a company that only thinks about their profit and not my well being.
Say what you will about all the zero day attacks over the last 10 years, but owning a *nix box has way less viruses then any other OS out there...and theirs is free....all I got to do is be smart enough to read up when i need to know about something made for linux.
In a company with about 100 users all not knowing linux, and having a full windows based server architecture, this type of decision however much I might agree with it, and many others.....is not always the best plan money wise...also hardcore admins are a lot harder to find (you need them for linux) where as intermediate consultant admins for windows are a dime a dozen....
I wish there was a plan with linux distros banning together to bring about more change, like setting up a user friendly package that not only quickly sets you up with all your equivalent softwares and conversion tools for transferring over, but also a quick course material complete with videos made specifically for those companies wanting to change and having a hard time because lack of proper UNIFIED documentation for such conversion.
I so agree and could not point this out often enough to any of my clients or users. Just because M$ says it is time to change your habits, does not mean it is time for you to...\they need more cash in their banks, of course they will tell you, and pay others to tell you the same....I just hope all the admins out there are able to force their company to stay with xp for another 10 years, then maybe M$ will get the message through their thick skulls!
I hope you really are joking, I see someone modded you informative, but seriously I fear that this type of thing is too flagrant in our government...and should be changed...but then again, I thought Obama was on our side.
funny, what i meant is if the boot cd is to replace the bootloader per se, as we would now not need the BIOS and force all boots to start at the cd-rom and eventually move to the hdd, we could ensure that the bootcd is our means of having a sort of virus free bios (almost)
Slashdot Mirror
>Karma: Poor (Mostly affected by lame karma-joke sigs)
Or just never knowing when to give up....
We could convict someone in our country from another country for xxx crime, and find them guilty because they had no representation and no appearance in court(losing by default) which would then mean they would have to live a xxx term in prison, and once they set foot on american soil...they could not really say much other then sh*t!
My first reaction to this story was one of bafflement, as to how a country can prosecute other country's citizens on crimes they theoretically committed based on principal, or moral beliefs...yet I guess if the roles were reversed (Saddam Hussein) we would
take a stand for crimes we thought were against humanity (which we defined ourselves) and then applied them to a citizen of another country. I have to say, i really don't like politics...i think it's pretty sad...
I can see by your tone, no matter what i explain or say it will be for nothing. /* ...and most lazy programmers do not do proper sql injection verification on their websites, thinking that AJAX is what M$ proposes to help for post obfuscation, however you are completely right, someone with enough time on their hands could decrypt the encrypted ajax post from the hidden fields on the web page, and then reconstruct a sql injection attack that would pass no problem....however this would take some doing in cracking power, maybe a cluster of nvidia graphics cards running in parallel with that elcomsoft software for cracking...but then again, i know absolutely nothing when it comes to computers....
I could clarify that my first post was talking about the previous post above mine
This functionality you propose is available today, although not required (at least in Oracle where I'm familiar). Look into bind variables. in fact, let me google it for anybody reading this who wants to know how to prevent sql injection. http://www.lmgtfy.com/?q=bind+variables [lmgtfy.com] The positive side effect (again in Oracle) is that use of bind variables reduces the CPU cost of parsing SQL statements, so not only should you use bind variables, you should REALLY use bind variables.
*/
good thing they abbreviated it for us....i got lost after the 2nd syllable...
Really, you want to post this story on /. ok...what ever turns your crank...
>If only we humans could say the same for our poop, which really doesn't do much more than just sit there /. and keep our gas money for better things...like finding better editors.
The fact that we never really studied our own feces for recycling or usage, means we just don't care enough to try.
If someone were to study our poop, we would see a means of processing our dung to be used as car fuel, then
we would stop flinging our crap all over
So the fact that M$ uses ajax (within asp.net) to support encryption of their data
between page posts or self update to avoid any tampering is something
I guess they know nothing about as well....
God if I had a nickel every time someone was trying to prove themselves
by erroneously shooting someone else down....well let's just say
I would be buying a few hotels down in Dubai.
I was given a task of trying to find a way to monitor pc usage time and what apps were being used, for how long, etc.
I got my hands on spector 360 which is a great app, and the engineers there are very up to date with all the kernel hooks and such, so when you need a customized or specific task, they understand what you are about.
I also was asked to set up certain reports to show what activity was going on (spector does this on its own) ,my boss became his own policeman. Better the boss review any materials then any biased person at the company. He can also decide what recourse to take...in the end i found spector very good tool, except it always needed admin privileges to run, which i could not understand why they did that, but all in all very useful tool.
So a chore that would have been a full time job became my bosses passed time, all i had to do was maintain the installations
and the rest was so user friendly
Being a brit myself, i guess i can see the humor behind this all, but my guess is pc users are missing some element of
know how when it comes to being up to date with all the security issues of today. Up to date with your AV, not opening emails with attachments....scanning every file before opening, etc, etc.... seems to me too many users are security
illiterate.
THANK YOU, about time someone saw the flaw behind M$ way of dealing with things...and this is EXACTLY why the guy did what he did. He showed that not only is M$ not responsible enough to say ah geez...thank you for spotting this, but now they can't prioritize themselves to push out a fix for the bug quick enough before others come up with attack vectors.
DON'T BLAME THE GUY FOR REPORTING THE PROBLEM, you would have been just as hacked by the guy knowing about this attack anyways, at least you are aware of it now...( I am talking to you ...whoever modded me down for my last 2 posts about this)...no real hacker will ever tell you his attack vectors, and there are still many not OUTED....
does that make you more secure because no one has been telling the world about them, hell no!
You sir are a gem, able to discern that the onus does not fall on the guy reporting the problem, but the person who supplied the buggy application and then does nothing quick enough to fix it, once a problem is found.
Wish there were more like you!
ps- If this was to actually interfere with a meeting, or cause some stock option problems, it would have been resolved that same day. Because it is for the end user especially still using windows xp, guess what....we will have to wait a LONG time before getting this, my guess is until you get sick enough of waiting and buy windows7.... ; )
The plane's engine exhaust is hot enough to create a slight precipitation enough to destabilize the cloud and make it pop so to speak, whether it is hot air masses created by mother nature or by planes, the same result happens, but with planes it is small compared to the bigger mother nature kind, so technically will not rain or snow for that long...China used a sort of similar weather control system during the Olympics, to help maintain the raining season...what they did helped, but only a little...it still rained...just not as much.
This is hardly news worthy science, however does let most people realize that it is possible and not magic to control the weather, we just need a bigger delivery system and power source...maybe like a gigantic zeppelin....i wonder if the side of the zeppelin was made of materials that took the heat from the sun (solar panels???) and stored it to use for later, within a cloud mass.....if it would work....if only i had millions to research with.....ah well..
When i read quickly the headline, I saw kaspersky and injection, and thought, they have developed a new way to inject dlls running on windows in case they have been compromised, a new type of anti virus, if the dll is hacked, then hack it back...
Then i stopped and realised that the article had nothing to do with the AV company, and had this guy kaminsky talking about how to circumvent sql injection attacks...sort of...then i tried to go read the article, and got the blocked login page, which I have no log in for...and wont create one to just read a story...all said and done, i am not even sure if this has merit...can anyone post a link to
a NON secured website where i could view the story as is...?
It sounds like he offers a way to go through code quickly to replace badly written code...but i could be wrong...
But Ajax is supposed to hold the info in encrypted format before sending to a POST for the html document model, and thereby avoiding such things as sql injection because you are getting your values from the synched up ajax model running behind the code (.net and others)...i guess you could try to
manipulate the encrypted info, but from my understanding, you have part of a checksum included inside the code, and if it is off, the page does not post.... i could be wrong again.
>This functionality you propose is available today
I think they call it ajax, but i could be wrong....
I agree with your point 100%, although I got modded down as troll for suggesting this very same thing on another post...wonder why some people can suggest it and get a pat on the back, and others get burned, guess that's the joy of /.
All this is nice to read up on, I still want to hear when the leak will be stopped and when BP will face charges for what they have done.
Because he works for google and they will protect him, M$ can't use their massive amounts of money to sway him from talking or slap him with lawsuits....therefor the only thing to do is actually FIX THE BUG!....imagine we live in a world where when we tell a company their product is flawed and even offer a way to reproduce this bug, that they say thank you very much, and fix their product...right away....well I applaud his effort, and think that more people (from google) should all come out with these types of bugs to show that not only are we going to let everybody know about your bug and how to use it, but after giving you a small amount of time to fix it....so you might as well just swallow that pill, put on your coding caps and fix those bugs....
So many exploits come from M$ and have been around for so long that it is nice to see someone (other company) stand up for us and help bring about a safer web/internet for us to play in...
And this is why I hate politics so much, no common sense what soever
Finally, somebody that gets me.....penguins unite!
If they could make a product that was actually needed, then i would say ok, but all windows7 is
is a prettier version of windowsxp...with a few more bells and whistles...
If i really am going to bother changing my OS, i will think more about moving towards linux
as that would be an excellent time to change, when you need to...instead of boxing myself
in for another 10 years with a company that only thinks about their profit and not my
well being.
Say what you will about all the zero day attacks over the last 10 years, but owning a *nix box has way less viruses then any other OS out there...and theirs is free....all I got to do is be smart enough to read up when i need to know about something made for linux.
In a company with about 100 users all not knowing linux, and having a full windows based server architecture, this type of decision however much I might agree with it, and many others.....is not always the best plan money wise...also hardcore admins are a lot harder to find (you need them for linux) where as intermediate consultant admins for windows are a dime a dozen....
I wish there was a plan with linux distros banning together to bring about more change, like setting up a user friendly package that not only quickly sets you up with all your equivalent softwares
and conversion tools for transferring over, but also a quick course material complete with videos made specifically for those companies wanting to change and having a hard time because lack of proper
UNIFIED documentation for such conversion.
I so agree and could not point this out often enough to any of my clients or users.
Just because M$ says it is time to change your habits, does not mean it is time for you to...\they need more cash in their banks, of course they will tell you, and pay others to tell you the same....I just hope all the admins out there are able to force their company to stay with xp for another 10 years, then maybe M$ will get the message through their thick skulls!
I hope you really are joking, I see someone modded you informative, but seriously I fear that this type of thing is too flagrant in our government...and should be changed...but then again, I thought Obama was on our side.
Too bad the whole limewire case can't be tried in this country!...would save them trillions...
funny, what i meant is if the boot cd is to replace the bootloader per se, as we would now not need the BIOS and force all boots to start at the cd-rom and eventually move to the hdd, we could ensure that the bootcd is our means of having a sort of virus free bios (almost)
Still doesnt mean we cant go in and clean up and stick them with the bill....come on...follow along here.