I hope not, I use winamp on my job. But after rereading the article, it says that it only launches the webpage. The problem is, the default browser is set to be IE (job policies, go figure). What happens if the webpage in question exploits a browser vulnerability?
I hate Windows. It's like a long chain of installations and executions without asking permission to the user. Everything's broken.
A lot of people share music and download them P2P around the world. Considering that most of those users are Windows users, the disease - er, virus - will spread quite fast.
Now we'll have to be careful not only about executing files on the machine - but also about playing mp3 files. A USB collection with *one* infected "mp3" file and your machine's screwed.
The researchers found that Windows Vista shortcuts can give away the existence of a hidden file. Vista, which automatically creates shortcuts to files that get used, then stores the shortcuts in the Recent Items folder. And the auto-save feature in Word, meanwhile, saved versions of the hidden files.
"An attacker can use information gleamed from these files - as well as other information leakage from the primary application - to not only infer that a hidden volume exists, but also recover some of its contents," the researchers wrote in their report.
Google Desktop is another culprit that exposes hidden files in TrueCrypt versions below 6.0, according to the report. The Google app's lists of recently changed documents and logs of recent file actions can reveal the existence of a hidden file.
In other words, it's the applications that exposed Truecrypt, when the hidden files were VISIBLE.
The moral of the story: If you have something to hide, turn off the damn logs or put them where they'll be destroyed (encrypted temporary partitions, for example). And don't depend on closed source, proprietary software.
However, recently the first sale right was upheld by the court in the Softman v. Adobe case - Softman was the guy who wanted to sell an Adobe Product via e-bay. Technically, they said, if the license is "forever" it can be considered a product being sold.
"The Court understands fully why licensing has many advantages for software publishers. However, this preference does not alter the Court's analysis that the substance of the transaction at issue here is a sale and not a license," Judge Pregerson writes. If you put your money down and walked away with a CD, you bought that copy, EULA or no EULA.
The problem with your car analogy is that you can still buy a Jag XJ220 used. It is illegal to resell old copies of Windows XP for use in new computers.
cell phone services(pay to receive calls? You all are nuts to swallow that)
Here in Mexico, since a few years ago, it's mandatory that the one who calls, pays.
Re:One thing Google could do about incoming spam..
on
Spammers Choose GMail
·
· Score: 1
Personally, I believe that computers will never become as smart as human beings. We just have to find the right questions that computers will never solve.
Perhaps they will involve some kind of interaction. Maybe in a few years we'll end up with VR-based captchas so you'll have to tell a virtual cab driver to take you to the 5th avenue, getting an envelope from your professor, opening it and then typing the contents in the textbox below the VR screen. I just hope we don't have to resort to that.
Re:One thing Google could do about incoming spam..
on
Spammers Choose GMail
·
· Score: 1
Not quite, my dear AC.
The purpose of CAPTCHAs is to differenciate humans from spambot machines. If another human is filling the captchas for your botnet, then that's an additional problem, but the "bot posting spam" problem has been succesfully solved.
Unless the problem is incorrectly formulated. How about this - make Gmail ask you a captcha for every e-mail addressed to a person not in your contacts (which is not a reply-to, either), or for every 5 contacts that you want to add.
It's tolerable that you don't read TFA, but at least read TF comments. The article itself is misquoting Linus.
Otherwise, ask yourself why it takes less than 5 minutes to pwn a Windows computer, but it takes nearly forever to pwn a Linux computer. It's not Linux security that sucks. It's your Redmond-brainwashed mind.
Linus is entirely correct - a bug is a bug and must be fixed.
It's not a bug, it's a feature. - Bill Gates.
Re:One thing Google could do about incoming spam..
on
Spammers Choose GMail
·
· Score: 0
CAPTCHA is broken: it's not just various implementations that are compromised, but the entire theory.
The turing test theory to identify humans from machines is broken?
Nay. It's the implementation that is broken. Image analysis and pattern recognition do NOT make artificial intelligence.
My solution is to make entire phrases out of captcha'ed characters. Decyphering a single character can be difficult, but it's much easier to deduce the meaning of an entire phrase even if some characters were wrong (except the numbers):
"Please add the numbers except the one with purple dots behind it, and then substract from the result, the second digit of the one with an orange background: 723, 934, 21, 5".
Note that the questions don't have to be math related.
"Alice broke up with her boyfriend James. She was so mad that she forgot where she left the car keys, and got late to work. If only she hadn't seen him kissing the other girl, she wouldn't have had a bad day.
Question:
What did Alice lose that made her arrive late to her job? (three words)"
This goes well beyond the scope of SPAM. Once they match your real name with your e-mail, they can start finding out what you do online, what sites/forums you visit, etc (Google knows everything).
I'm much more worried about ID thieves finding out about my life than about getting personalized spam.
see, that's the issue isn't it? is that the point of linux? to be a windows replacement? that ideology right there is what gave us ubuntu, linux for morons, and ushered in countless new linux users that will never "learn" linux.
frankly i like linux much better as a free stable unix like operating system. quit fucking up my good thing trying to water it down for easy consumption by retards./rant
Fine for me! Here's your new PC with Red Hat 1.0, no graphical interface (and no graphical nor printer drivers either!) for you to play with. Have fun with your little lego construction set for "pure linux users". As for me, I have to write these mails using gmail on Firefox 3, compare some data in spreadsheets with OpenOffice.org and burn this important DVD presentation with k3b (all of these installed not via the command line, but with Synaptic for Retards(TM) )so later when I have some free time, I can use WINE 1.1.0 to play Castlevania with NO$GBA in my "Linux for retards(TM)".
(Saves troll food branded "what we owe to Linux elitists" for later)
I have CAPTCHAs on my blog, but only deny posters who actually fill them in. Goes a long way to deterring spammers.
M
That's actually an ingenious solution: Leaving a field blank. Let's expand this a bit further.
Let the computer present a captcha, three images (each one with a textbox under it) and a text question to the user (the question will also be in graphic format).
Please fill in captcha under the image of a blue parrot. Under the image that is not a yellow cat, answer this question with a number: "How much is three plus seven?" Leave the remaining space blank.
So the bot will not only have to guess which image is the captcha, but will also have to identify the description, recognize the sentence, and then find out which images belong to the blue bird and the yellow cat. Adding to that, it will have to recognize that an arithmetic question has been asked, and then use its AI to answer the question in the appropriate slot.
Slashdot Mirror
I hope not, I use winamp on my job. But after rereading the article, it says that it only launches the webpage. The problem is, the default browser is set to be IE (job policies, go figure). What happens if the webpage in question exploits a browser vulnerability?
I hate Windows. It's like a long chain of installations and executions without asking permission to the user. Everything's broken.
A lot of people share music and download them P2P around the world. Considering that most of those users are Windows users, the disease - er, virus - will spread quite fast.
Now we'll have to be careful not only about executing files on the machine - but also about playing mp3 files. A USB collection with *one* infected "mp3" file and your machine's screwed.
I'm afraid this is the new "storm".
I think GP meant to say "OGG/Theora", and not just OGG.
Wrong. "Defective by design" means crippled by design (DRM). This is "Defectively Designed", which is a very different thing altogether.
Wow, that's evil, even for malware authors.
I think the summary missed a paragraph.
You're right. I only mentioned proprietary software because it can't be modified to protect your privacy. And it's not like it benefits them, anyway.
Shouldn't the title read 'Multiple experts try to define "Cloud Computing"'?
FTA:
The researchers found that Windows Vista shortcuts can give away the existence of a hidden file. Vista, which automatically creates shortcuts to files that get used, then stores the shortcuts in the Recent Items folder. And the auto-save feature in Word, meanwhile, saved versions of the hidden files.
"An attacker can use information gleamed from these files - as well as other information leakage from the primary application - to not only infer that a hidden volume exists, but also recover some of its contents," the researchers wrote in their report.
Google Desktop is another culprit that exposes hidden files in TrueCrypt versions below 6.0, according to the report. The Google app's lists of recently changed documents and logs of recent file actions can reveal the existence of a hidden file.
In other words, it's the applications that exposed Truecrypt, when the hidden files were VISIBLE.
The moral of the story: If you have something to hide, turn off the damn logs or put them where they'll be destroyed (encrypted temporary partitions, for example). And don't depend on closed source, proprietary software.
Maybe because Mac OS isn't FREE?
... I didn't download Firefox 3 when it came out. In fact, I'm still on Firefox 2, and I'm sure a good percentage of fellow /.ers are as well.
Um... the carpet bombing vulnerability also affects Firefox 2. It looks like someone is in trouble :)
However, recently the first sale right was upheld by the court in the Softman v. Adobe case - Softman was the guy who wanted to sell an Adobe Product via e-bay. Technically, they said, if the license is "forever" it can be considered a product being sold.
From http://www.linuxjournal.com/article/5628 :
"The Court understands fully why licensing has many advantages for software publishers. However, this preference does not alter the Court's analysis that the substance of the transaction at issue here is a sale and not a license," Judge Pregerson writes. If you put your money down and walked away with a CD, you bought that copy, EULA or no EULA.
More info in the wikipedia entry.
The problem with your car analogy is that you can still buy a Jag XJ220 used. It is illegal to resell old copies of Windows XP for use in new computers.
What happened to the first-sale doctrine?
cell phone services(pay to receive calls? You all are nuts to swallow that)
Here in Mexico, since a few years ago, it's mandatory that the one who calls, pays.
Personally, I believe that computers will never become as smart as human beings. We just have to find the right questions that computers will never solve.
Perhaps they will involve some kind of interaction. Maybe in a few years we'll end up with VR-based captchas so you'll have to tell a virtual cab driver to take you to the 5th avenue, getting an envelope from your professor, opening it and then typing the contents in the textbox below the VR screen. I just hope we don't have to resort to that.
Not quite, my dear AC.
The purpose of CAPTCHAs is to differenciate humans from spambot machines. If another human is filling the captchas for your botnet, then that's an additional problem, but the "bot posting spam" problem has been succesfully solved.
Unless the problem is incorrectly formulated. How about this - make Gmail ask you a captcha for every e-mail addressed to a person not in your contacts (which is not a reply-to, either), or for every 5 contacts that you want to add.
Well, as you increase the level of intelligence meeded to go through the CAPTCHA, you start to leave humans out.
If a topic so simple such as reading comprehension gets beyond the average human's intelligence, then spam is the LEAST of our problems.
Unless we start making captchas ask you questions about the personal life of celebrities such as Britney or Paris.
"Welcome to CAPTCHEOPARDY!"
Great, now my mind's scarred :(
It's tolerable that you don't read TFA, but at least read TF comments. The article itself is misquoting Linus.
Otherwise, ask yourself why it takes less than 5 minutes to pwn a Windows computer, but it takes nearly forever to pwn a Linux computer. It's not Linux security that sucks. It's your Redmond-brainwashed mind.
Linus is entirely correct - a bug is a bug and must be fixed.
It's not a bug, it's a feature.
- Bill Gates.
CAPTCHA is broken: it's not just various implementations that are compromised, but the entire theory.
The turing test theory to identify humans from machines is broken?
Nay. It's the implementation that is broken. Image analysis and pattern recognition do NOT make artificial intelligence.
My solution is to make entire phrases out of captcha'ed characters. Decyphering a single character can be difficult, but it's much easier to deduce the meaning of an entire phrase even if some characters were wrong (except the numbers):
"Please add the numbers except the one with purple dots behind it, and then substract from the result, the second digit of the one with an orange background: 723, 934, 21, 5".
Note that the questions don't have to be math related.
"Alice broke up with her boyfriend James. She was so mad that she forgot where she left the car keys, and got late to work. If only she hadn't seen him kissing the other girl, she wouldn't have had a bad day.
Question:
What did Alice lose that made her arrive late to her job? (three words)"
(Yes, all the sentence was captchaed).
Your best bet is to have a healthy separation between your life on the internet and your real life.
Yup - and that's why I keep a separate e-mail account for each of my different online aliases. The problem is, not everybody is as paranoid as I am.
This goes well beyond the scope of SPAM. Once they match your real name with your e-mail, they can start finding out what you do online, what sites/forums you visit, etc (Google knows everything).
I'm much more worried about ID thieves finding out about my life than about getting personalized spam.
Perhaps Balmer might be able to make a modified version
Computerized voice: "Steve, get your dirty hands off my chair."
see, that's the issue isn't it? is that the point of linux? to be a windows replacement? that ideology right there is what gave us ubuntu, linux for morons, and ushered in countless new linux users that will never "learn" linux.
frankly i like linux much better as a free stable unix like operating system. quit fucking up my good thing trying to water it down for easy consumption by retards. /rant
Fine for me! Here's your new PC with Red Hat 1.0, no graphical interface (and no graphical nor printer drivers either!) for you to play with. Have fun with your little lego construction set for "pure linux users". As for me, I have to write these mails using gmail on Firefox 3, compare some data in spreadsheets with OpenOffice.org and burn this important DVD presentation with k3b (all of these installed not via the command line, but with Synaptic for Retards(TM) )so later when I have some free time, I can use WINE 1.1.0 to play Castlevania with NO$GBA in my "Linux for retards(TM)".
(Saves troll food branded "what we owe to Linux elitists" for later)
On warm sea-level areas (such as a caribbean beach), high RPM harddrives tend to fail rather quickly. SSDs would operate just fine.
I have CAPTCHAs on my blog, but only deny posters who actually fill them in. Goes a long way to deterring spammers.
M
That's actually an ingenious solution: Leaving a field blank. Let's expand this a bit further.
Let the computer present a captcha, three images (each one with a textbox under it) and a text question to the user (the question will also be in graphic format).
Please fill in captcha under the image of a blue parrot. Under the image that is not a yellow cat, answer this question with a number: "How much is three plus seven?" Leave the remaining space blank.
So the bot will not only have to guess which image is the captcha, but will also have to identify the description, recognize the sentence, and then find out which images belong to the blue bird and the yellow cat. Adding to that, it will have to recognize that an arithmetic question has been asked, and then use its AI to answer the question in the appropriate slot.