How easy is it to lock someone's account and access to all of their data in the cloud, by simply throwing 5 bad logon attempts at their account name? How would you feel if someone were to do that every hour, using a botnet, forcing you to go to an apple store, show your ID and have your finger print scanned just to unlock your account?
Yes, this may be slightly exaggerating the situation, but simply locking someone's account because someone else made 5 attempts to log on to it isn't going to work in practice. You'd be having to deal with oodles of users that got locked out of their stuff and tarpitting only slows the brute force attempts down.
Will it come with proprietary AMD graphics driver? Will they have a rescue mode for the live boot? Can they install on a partition without having to format it? Fedora 18 had all these useful features, 20 didn't have them anymore. Next thing you know, Fedora 22 won't even have Linux anymore, just logos and an installer that gives you wayland and a browser....
It will cost Apple 5 dollars or less on a phone that will cost over 500 dollars (without a contract) in the store to upgrade it to 32G. It's not a matter of physical space in the phone because they have 64G and 128G models as well. This is purely so they will sell more 64G phones to people that think 16G isn't enough.
While you may be right about the current use we have for DNA, it's very likely that medicine will have many more uses for it in the future. Prices on genome sampling are going down rapidly too, so it's reasonable to use this as an example why we might want to store data error free for at least a century.
There will be many more things we want to store. Remember all those old city records and paper books? The news paper archives? early 20th century cellulose film? All those data sources have their problems and we have already lost a lot of information that is valuable to us now. Your parents and grand parents color photographs have lost a lot of the color in them already. Not just the prints, but also the negatives. Those VHS video tapes of your dad growing up? They're turning into noisy images right now.
People have plenty of reasons to come up with a proper way to store data in such a way that it's still accessible for future generations, or themselves later in life.
I've read an article about the same sort of problem but then about ISIS/IS mass raping women and little boys in their war and the lack of public outrage about that. It seems that rape is a culturally accepted practice in the USA. Given the fact of unsolved and unreported rapes withing USA borders and their military, it's hard to find proof that rape *isn't" accepted, even if it's technically a crime.
It's not as if their excellent communication skills or competitiveness with professional programs has anything to do with it. They even got a reference in a Tarantino movie which I am sure was to honor their excellent contact with the graphics design professionals.
All of Europe has internet and it's faster and cheaper even in the most remote areas. Actually, you should try building out the infrastructure of *our* size and then get back to us.
Flickr made paying users regret paying for their service, since they suddenly gave away almost all of the premium features for free. Antiquated features aren't really updated (where's the password protected gallery?) and the forum/app that they have to request features is broken since months. At this sort of pricing/service, I'll get a VPS and use that for hosting my pictures before my subscription us up for renewal again...
Although a vulnerability to XSS isn't directly a hack of eBay, it *is* a hack of everyone visiting that page. *Every* visitor would be redirected to the malicious page automatically and their credentials would be stolen there if the user would re-enter them. Since eBay left their website vulnerable to this sort of malicious automatic redirect, abusing this vulnerability to place malicious code on eBay's website is technically a hack.
Yes they do, because ergonomics require decent keyboards, screen and mouses. They may not need fat clients and would be off just as well with thin clients, but laptops or that form factor do *not* replace desk top systems since they still need the keyboard, mouse and screen and will essentially be used as a desktop almost all of the time.
They need access to their individual applications and data too. While it may be possible migrate all those to web applications or some client-server model, I doubt Turin has managed to finalize that sort of thing yet. Most EU cities have over a thousand custom applications that often run on antiquated proprietary systems and they will still have a burden of those for a long time.
Getting people the cheapest computer possible sounds like an easy way to save money, but in the end the price of the hardware is only a fraction of the costs and often the extra costs incurred by buying cheaper will make it more expensive. Starting with migrating just the desktops to linux and running the proprietary cruft on things like Citrix servers will save them a lot of money without a significant down side.
Oh, because they're not running windows, they can probably use their older systems a bit longer too, if electricity costs don't make it cheaper to upgrade anyway to more energy efficient devices.
You are describing how either Boeing or Space-X would get sub-contractors to compete so they can get good quality components for a decent price. If you take the creativity out of the current bid phase, you'll never get innovation and "new" designs going up in to the sky. Oh and don't forget, it just may be that whoever wins this, might have to comission things from the losing party just to fullfill the contract.
Why do you think this would be your ISP and not some malware on your computer or a neighbor phishing you? Have you bothered inspecting the traffic to see what gets sent back and forth?
Can we please make sure that this talk is well mirrored and universally known? We don't want any patents to be put on this technology to make a few people filthy rich and the rest pay through the nose if this ever succeeds.
FireFox thus far have refused to implement a configuration feature where they themselves limit the amount of memory they use. They say it's already built in and auto-tuning based on the amount of memory the OS reports. It's about time that FireFox stop being so arrogant and just let me set a limit, because I don't want them to eat all memory that I want to use for other applications that now have to resort to swap because a browser eats over 2G of my ram.
Why would these "Russian criminals" be the ones behind this attack? Sure, some company that used the argument that there seems to be a list of over 1 billion accounts floating around on the internet to sell their services some time ago. It may even be that this list was found for sale on a Russian market place. It may even been that there are actual Russians selling this list. The accounts could even be mostly real, although probably most of it will be relatively dated.
But why would that same group of people that are actively selling this list be the same group that is using it? It makes much more sense that some group that bought part of this list, or bought some other list, or has their own trojan to steal passwords is now attacking namecheap. Unless there is substantial evidence that the same group is behind it, this is just FUD and sensationalism.
Namecheap is under attack with what's most likely a brute force list with accounts that were compromised in some yet unknown way. I think those are the facts and the rest is purely speculation.
You are trusting your ISP to deliver you a router that has all these things properly configurable and not leave back doors for their own remote admin and whatnot still open. ISPs don't do that, they always leave themselves a backdoor and often are lax in upgrading firmware. If at all possible, let your ISPs router do only the minimal required to let your network connect to the internet and do the rest (firewalling, NAT, WiFi) on your own trusted devices.
While you have a point, you shouldn't forget the Raspberry Pi. It is probably the most popular internet facing non-mobile ARM platform today. Literally millions of these run glibc and at least hundreds of thousands are in some way or form directly connected to the internet. While I don't believe that this bug can be exploited without first gaining RCE on the raspberry pi, once an attacker gets access to the rpi, this bug should be able to get them to escalate to root privileges.
There are quite a few people that put a full debian (or other) distribution on their NAS server. I own a zyxel NSA 325 and it is possible to install a full debian release on this and some other NAS boxes. These might be a limited amount of systems overall, but it's significant enough to deserve mentioning because they too often are internet facing.
I doubt this would be cheaper than a fast 15Krpm 4TB 2.5" drive to manufacture and the 4TB drive would probably be faster overall. Sure it'd work on a 3TB consumer drive and probably be a good tradeoff, but on "the largest capacity drive in the world" I have my doubts it'd be economical and most certainly not double the speed.
Sendmail is historiy just as bind is history. Sendmail uses m4 for it's configuration files (you shouldn't edit the "compiled" stuff), so it's not sendmail that is culprit here. Bind is history because there's powerDNS now. Exim and samba aren't a mess, but they do use "text files" for configuration.
Anyway, they all use a standard, since it's human readable ascii. It may be obscure since there isn't much if anything that uses their format apart from themselves, but it's a standard. You could argue that all these apps should standardize on XML, but then you'd have all the tags that need to be standardized too. Going for binary files means humans will need extra software just to edit that and machine generating those will be harder too. The Windows Registry is a mess if I ever saw one and after about 20 years it's such a myriad of patches and additions that it's hardly managable.
Standards are great, which is why everyone invents at least one new one. Pushing very different requirements into one standard usually makes it either too crippled to be useful or too bloated to be maintainable. Maybe it's you that needs to find something else to do if you can't muster up the energy to deal with these inconveniances anymore. There will always be incompatibilities and annoyances if you have to deal with technology so either put up or move on.
There ought to be a law where any citizen can force a prosecutor to prosecute people that are suspect of committing a crime. Any prosecutor that gets too much cases where this law has to be effected should be subject of a research into his true loyalty. I wonder what party would dare to come up with a federal law to make this happen....
We find plenty of this sort of setups at our customers. Customers set up VPNs, have a password policy and a virus scanner. They have firewalls and keep user policies restricted. Then we come and we trojan someone, or find a weak WiFi password or whatever we use to get a foothold inside their network all it takes is one little mistake and we're "in". Once we get there, we log keyboards, get password hashes from network or system memory and start to pivot all over the place. Usually, our software will trigger virus alerts, but staff doesn't react to those "in a timely fashion" and we get to keep going even though alarms are going off on several computers. We could cloak our malware and sometimes we do, but usually it's too much trouble and we get domain admin passwords within a few days and rule the network in such a way that admins wouldn't be able to get rid of us if we would rootkit and backdoor properly.
It takes more than some policies and a VPN these days. You need IDS, proper procedures, layered security and skilled, motivated staff that knows how to deal with security incidents. You need properly trained and aware users that aren't afraid to admit they messed up and that have no problem reporting others doing wrong either. Don't trust on a single technical measure, but implement them all and make sure you test and train on a regular basis. Get a data classification policy and protect data according to that policy. That means that stuff like SSNs and anything that can be used for identity theft should get extra layers of protection and alerting implemented. If you don't do all this, a serious intruder will usually get what they want.
Slashdot Mirror
How easy is it to lock someone's account and access to all of their data in the cloud, by simply throwing 5 bad logon attempts at their account name? How would you feel if someone were to do that every hour, using a botnet, forcing you to go to an apple store, show your ID and have your finger print scanned just to unlock your account?
Yes, this may be slightly exaggerating the situation, but simply locking someone's account because someone else made 5 attempts to log on to it isn't going to work in practice. You'd be having to deal with oodles of users that got locked out of their stuff and tarpitting only slows the brute force attempts down.
Will it come with proprietary AMD graphics driver? Will they have a rescue mode for the live boot? Can they install on a partition without having to format it? Fedora 18 had all these useful features, 20 didn't have them anymore. Next thing you know, Fedora 22 won't even have Linux anymore, just logos and an installer that gives you wayland and a browser....
It will cost Apple 5 dollars or less on a phone that will cost over 500 dollars (without a contract) in the store to upgrade it to 32G. It's not a matter of physical space in the phone because they have 64G and 128G models as well. This is purely so they will sell more 64G phones to people that think 16G isn't enough.
While you may be right about the current use we have for DNA, it's very likely that medicine will have many more uses for it in the future. Prices on genome sampling are going down rapidly too, so it's reasonable to use this as an example why we might want to store data error free for at least a century.
There will be many more things we want to store. Remember all those old city records and paper books? The news paper archives? early 20th century cellulose film? All those data sources have their problems and we have already lost a lot of information that is valuable to us now. Your parents and grand parents color photographs have lost a lot of the color in them already. Not just the prints, but also the negatives. Those VHS video tapes of your dad growing up? They're turning into noisy images right now.
People have plenty of reasons to come up with a proper way to store data in such a way that it's still accessible for future generations, or themselves later in life.
I've read an article about the same sort of problem but then about ISIS/IS mass raping women and little boys in their war and the lack of public outrage about that. It seems that rape is a culturally accepted practice in the USA. Given the fact of unsolved and unreported rapes withing USA borders and their military, it's hard to find proof that rape *isn't" accepted, even if it's technically a crime.
It's not as if their excellent communication skills or competitiveness with professional programs has anything to do with it. They even got a reference in a Tarantino movie which I am sure was to honor their excellent contact with the graphics design professionals.
Where are modpoints when you need them. This is an historic posting that needs at least 5 positive.
All of Europe has internet and it's faster and cheaper even in the most remote areas. Actually, you should try building out the infrastructure of *our* size and then get back to us.
Flickr made paying users regret paying for their service, since they suddenly gave away almost all of the premium features for free. Antiquated features aren't really updated (where's the password protected gallery?) and the forum/app that they have to request features is broken since months. At this sort of pricing/service, I'll get a VPS and use that for hosting my pictures before my subscription us up for renewal again...
Although a vulnerability to XSS isn't directly a hack of eBay, it *is* a hack of everyone visiting that page. *Every* visitor would be redirected to the malicious page automatically and their credentials would be stolen there if the user would re-enter them. Since eBay left their website vulnerable to this sort of malicious automatic redirect, abusing this vulnerability to place malicious code on eBay's website is technically a hack.
Yes they do, because ergonomics require decent keyboards, screen and mouses. They may not need fat clients and would be off just as well with thin clients, but laptops or that form factor do *not* replace desk top systems since they still need the keyboard, mouse and screen and will essentially be used as a desktop almost all of the time.
They need access to their individual applications and data too. While it may be possible migrate all those to web applications or some client-server model, I doubt Turin has managed to finalize that sort of thing yet. Most EU cities have over a thousand custom applications that often run on antiquated proprietary systems and they will still have a burden of those for a long time.
Getting people the cheapest computer possible sounds like an easy way to save money, but in the end the price of the hardware is only a fraction of the costs and often the extra costs incurred by buying cheaper will make it more expensive. Starting with migrating just the desktops to linux and running the proprietary cruft on things like Citrix servers will save them a lot of money without a significant down side.
Oh, because they're not running windows, they can probably use their older systems a bit longer too, if electricity costs don't make it cheaper to upgrade anyway to more energy efficient devices.
You must have an enormous collection of Linux Distributions at home to need that much storage.
You are describing how either Boeing or Space-X would get sub-contractors to compete so they can get good quality components for a decent price. If you take the creativity out of the current bid phase, you'll never get innovation and "new" designs going up in to the sky. Oh and don't forget, it just may be that whoever wins this, might have to comission things from the losing party just to fullfill the contract.
Why do you think this would be your ISP and not some malware on your computer or a neighbor phishing you? Have you bothered inspecting the traffic to see what gets sent back and forth?
Can we please make sure that this talk is well mirrored and universally known? We don't want any patents to be put on this technology to make a few people filthy rich and the rest pay through the nose if this ever succeeds.
FireFox thus far have refused to implement a configuration feature where they themselves limit the amount of memory they use. They say it's already built in and auto-tuning based on the amount of memory the OS reports. It's about time that FireFox stop being so arrogant and just let me set a limit, because I don't want them to eat all memory that I want to use for other applications that now have to resort to swap because a browser eats over 2G of my ram.
Why would these "Russian criminals" be the ones behind this attack? Sure, some company that used the argument that there seems to be a list of over 1 billion accounts floating around on the internet to sell their services some time ago. It may even be that this list was found for sale on a Russian market place. It may even been that there are actual Russians selling this list. The accounts could even be mostly real, although probably most of it will be relatively dated.
But why would that same group of people that are actively selling this list be the same group that is using it? It makes much more sense that some group that bought part of this list, or bought some other list, or has their own trojan to steal passwords is now attacking namecheap. Unless there is substantial evidence that the same group is behind it, this is just FUD and sensationalism.
Namecheap is under attack with what's most likely a brute force list with accounts that were compromised in some yet unknown way. I think those are the facts and the rest is purely speculation.
You are trusting your ISP to deliver you a router that has all these things properly configurable and not leave back doors for their own remote admin and whatnot still open. ISPs don't do that, they always leave themselves a backdoor and often are lax in upgrading firmware. If at all possible, let your ISPs router do only the minimal required to let your network connect to the internet and do the rest (firewalling, NAT, WiFi) on your own trusted devices.
There's another one in Congo that appears to be a different strain.
While you have a point, you shouldn't forget the Raspberry Pi. It is probably the most popular internet facing non-mobile ARM platform today. Literally millions of these run glibc and at least hundreds of thousands are in some way or form directly connected to the internet. While I don't believe that this bug can be exploited without first gaining RCE on the raspberry pi, once an attacker gets access to the rpi, this bug should be able to get them to escalate to root privileges.
There are quite a few people that put a full debian (or other) distribution on their NAS server. I own a zyxel NSA 325 and it is possible to install a full debian release on this and some other NAS boxes. These might be a limited amount of systems overall, but it's significant enough to deserve mentioning because they too often are internet facing.
I doubt this would be cheaper than a fast 15Krpm 4TB 2.5" drive to manufacture and the 4TB drive would probably be faster overall. Sure it'd work on a 3TB consumer drive and probably be a good tradeoff, but on "the largest capacity drive in the world" I have my doubts it'd be economical and most certainly not double the speed.
Sendmail is historiy just as bind is history. Sendmail uses m4 for it's configuration files (you shouldn't edit the "compiled" stuff), so it's not sendmail that is culprit here. Bind is history because there's powerDNS now. Exim and samba aren't a mess, but they do use "text files" for configuration.
Anyway, they all use a standard, since it's human readable ascii. It may be obscure since there isn't much if anything that uses their format apart from themselves, but it's a standard. You could argue that all these apps should standardize on XML, but then you'd have all the tags that need to be standardized too. Going for binary files means humans will need extra software just to edit that and machine generating those will be harder too. The Windows Registry is a mess if I ever saw one and after about 20 years it's such a myriad of patches and additions that it's hardly managable.
Standards are great, which is why everyone invents at least one new one. Pushing very different requirements into one standard usually makes it either too crippled to be useful or too bloated to be maintainable. Maybe it's you that needs to find something else to do if you can't muster up the energy to deal with these inconveniances anymore. There will always be incompatibilities and annoyances if you have to deal with technology so either put up or move on.
There ought to be a law where any citizen can force a prosecutor to prosecute people that are suspect of committing a crime. Any prosecutor that gets too much cases where this law has to be effected should be subject of a research into his true loyalty. I wonder what party would dare to come up with a federal law to make this happen....
Disclosure: I'm a professional Penetration Tester
We find plenty of this sort of setups at our customers. Customers set up VPNs, have a password policy and a virus scanner. They have firewalls and keep user policies restricted. Then we come and we trojan someone, or find a weak WiFi password or whatever we use to get a foothold inside their network all it takes is one little mistake and we're "in". Once we get there, we log keyboards, get password hashes from network or system memory and start to pivot all over the place. Usually, our software will trigger virus alerts, but staff doesn't react to those "in a timely fashion" and we get to keep going even though alarms are going off on several computers. We could cloak our malware and sometimes we do, but usually it's too much trouble and we get domain admin passwords within a few days and rule the network in such a way that admins wouldn't be able to get rid of us if we would rootkit and backdoor properly.
It takes more than some policies and a VPN these days. You need IDS, proper procedures, layered security and skilled, motivated staff that knows how to deal with security incidents. You need properly trained and aware users that aren't afraid to admit they messed up and that have no problem reporting others doing wrong either. Don't trust on a single technical measure, but implement them all and make sure you test and train on a regular basis. Get a data classification policy and protect data according to that policy. That means that stuff like SSNs and anything that can be used for identity theft should get extra layers of protection and alerting implemented. If you don't do all this, a serious intruder will usually get what they want.
In France it is illegal to have staff answer mail out of office hours. How's that for mandatory free time?