People need to realize that pirated software really is a major malware distribution channel today, and has been for several years.
Tell your nephew that 90% of the cracks or keygens she downloads will also install a Trojan sending her passwords and credit card numbers back to the botnet masters.
And this is not a "genuine advantage" marketing fluff -- it is hard reality.
You're fixing the thing at the wrong level. Try the element sitting behind the keyboard.
(Hint: No matter how hardened your OS/browser is, there will always be unpatched security issues in them, and therefore 0-day exploits -- and yes, even in bare sans-Flash Linux or Firefox. The common element, the thing that always works for the attacker, is social-engineering, like in this case.)
.. for the all-present loophole known as FLUSH (and as Flash in your HQ) and also to MicroSoft for their mega-secure OLE, etc, etc
Sad part is trying to live without Flush and MS, is darned near impossible. The other massive and all-present loophole, also (hmm, note this) from ADOBE if PDF..... they should stick to writing PhotoShop and can all the other stuff they have tried and messed up.
You're kidding right? The attack did not succeed because of Flash or Microsoft. It succeeded because social engineering (phishing being the kind thereof) simply works. And it will work even if the employee is running Linux without Flash. Why? Because (wait for the suprrise here) -- drumrolls -- Linux has 0-day exploits too.
You didn't get what they did wrong. The knew about the issue 10 days before they disclosed it (and they were in fact forced to disclose it by a blogger). During that period, the affected unsuspecting people in Iran may have been exploited, snooped, arrested and/or executed. That's what they apologized for just now. But apologies won't help those victims (if there are any) a bit.
The article summary ends with the nonsense that "This should help end the recent FUD about the Android 'clean headers.'"
The FSF is nothing but a *biased* bystander. So their opinion is irrelevant at best (and misleading at worst). And it follows that their opinion therefore can't "help end the recent FUD".
You know what should make your scratch your head? The problem you have just described at the same time happens to be the very essence and fundamental principle of Wikipedia. That anyone, including stupid morons, trolls with hidden agenda (competitors), and outright psychopaths can edit it any and every second, repeatedly and infinitely.
It follows that Wikipedia is, and has inherently been from the very beginning, a fundamentally flawed experiment. Thanks god Google is starting to realize this and is moving the Wikipedia result to SERPS position #5, while the first 4 links point to the authoritative or official site (if one exists).
Primarily, lack of persistence to "fight" the trolls who have nothing better to do with their lives than to squat their pet articles to "preserve and protect" their versions of the articles forever.
First, everyone knows how much harder reading reverse-engineered code is compared to skimming a nice commented code.
Second, like it or not, but in some situations, security-through-obscurity actually works (i.e. increases the security). For example, on servers which the attacker can access only via the web browser and the web application UI.
Consensus means that everyone agrees. Otherwise, it may just be the case of the majority of the people (idiots) trying to argue with a lonely expert. Therefore, the analogy does not work whether it was meant sarcastically or not.
attitude of the admins, that they are the expert and even if 50 editors disagree, it doesn't matter Umm, if the admin is a real expert, and the 50 people are not, then it should not matter that the 50 people disagree with the expert. That's why we have experts. To educate the less knowledgeable.
It's my understanding that if you want to preserve your rights to assert a defense, you have to assert it up front.
Only trademark rights have to be asserted / actively defended (for example, Google opposing the verb "to google" being added to renowned English dictionaries, so as not to lose the trademark as Xerox or Kleenex).
However, copyright and patent rights do not have to be asserted or defended to remain valid.
It's a pity you posted this as Anonymous Coward. I'm sure lots of people would have wanted to add you to their friends list. Because this was one of the most well written posts I've seen on Slashdot in a long time. Thanks for taking the time to write it and thanks to the mods who modded it up, and not down (as one would have expected).
Obviously, if you're going to use pirated or [i]any[/i] other illegal kind of software, you are owned by the malware that comes with it 90%. (That's why I stopped using pirated Windows ten years ago when internet-aware malware became popular -- I didn't want to share my credit card numbers and passwords with the pirates.)
There is no way to "create" a work into the public domain.
I call bullshit. This is the first time EVER (seriously) I've read anything like that and I think I know quite a lot about IP and licensing.
Do you know of any US law that forbids the author from WAIVING his/her copyrights? What happens after he/she waives the rights? The work should be instantly in the public domain! Refute my arguments, please.
surveillance could (or should) be implemented across Europe
So how is it? Could or should? That is a world of a difference. If you don't know what you're talking about, don't talk about it. Otherwise, you're just another troll.
Slashdot Mirror
People need to realize that pirated software really is a major malware distribution channel today, and has been for several years.
Tell your nephew that 90% of the cracks or keygens she downloads will also install a Trojan sending her passwords and credit card numbers back to the botnet masters.
And this is not a "genuine advantage" marketing fluff -- it is hard reality.
You're fixing the thing at the wrong level. Try the element sitting behind the keyboard.
(Hint: No matter how hardened your OS/browser is, there will always be unpatched security issues in them, and therefore 0-day exploits -- and yes, even in bare sans-Flash Linux or Firefox. The common element, the thing that always works for the attacker, is social-engineering, like in this case.)
.. for the all-present loophole known as FLUSH (and as Flash in your HQ) and also to MicroSoft for their mega-secure OLE, etc, etc
Sad part is trying to live without Flush and MS, is darned near impossible. The other massive and all-present loophole, also (hmm, note this) from ADOBE if PDF..... they should stick to writing PhotoShop and can all the other stuff they have tried and messed up.
You're kidding right? The attack did not succeed because of Flash or Microsoft. It succeeded because social engineering (phishing being the kind thereof) simply works. And it will work even if the employee is running Linux without Flash. Why? Because (wait for the suprrise here) -- drumrolls -- Linux has 0-day exploits too.
Shhh. Terrorists should actually keep rolling their own crypto. Many innocent lives will be saved. ;-)
is there any reason to give these guys a second chance
Actually, a third chance. They had a similar problem a couple of years ago.
(That's why I've had their certs blacklisted since then. Once a CA loses trust, it can't be restored. And it shouldn't.)
You didn't get what they did wrong. The knew about the issue 10 days before they disclosed it (and they were in fact forced to disclose it by a blogger). During that period, the affected unsuspecting people in Iran may have been exploited, snooped, arrested and/or executed. That's what they apologized for just now. But apologies won't help those victims (if there are any) a bit.
The article summary ends with the nonsense that "This should help end the recent FUD about the Android 'clean headers.'"
The FSF is nothing but a *biased* bystander. So their opinion is irrelevant at best (and misleading at worst). And it follows that their opinion therefore can't "help end the recent FUD".
The FSF is NOT the copyright holder of the Linux _kernel_ (or most of it).
You know what should make your scratch your head? The problem you have just described at the same time happens to be the very essence and fundamental principle of Wikipedia. That anyone, including stupid morons, trolls with hidden agenda (competitors), and outright psychopaths can edit it any and every second, repeatedly and infinitely.
It follows that Wikipedia is, and has inherently been from the very beginning, a fundamentally flawed experiment. Thanks god Google is starting to realize this and is moving the Wikipedia result to SERPS position #5, while the first 4 links point to the authoritative or official site (if one exists).
What's stopping you from fixing it?
Primarily, lack of persistence to "fight" the trolls who have nothing better to do with their lives than to squat their pet articles to "preserve and protect" their versions of the articles forever.
First, everyone knows how much harder reading reverse-engineered code is compared to skimming a nice commented code.
Second, like it or not, but in some situations, security-through-obscurity actually works (i.e. increases the security). For example, on servers which the attacker can access only via the web browser and the web application UI.
andnothingofvaluewillbelost
(Plenty of karma to burn, so feel free, I don't care.)
...
Consensus means that everyone agrees. Otherwise, it may just be the case of the majority of the people (idiots) trying to argue with a lonely expert. Therefore, the analogy does not work whether it was meant sarcastically or not.
attitude of the admins, that they are the expert and even if 50 editors disagree, it doesn't matter
Umm, if the admin is a real expert, and the 50 people are not, then it should not matter that the 50 people disagree with the expert. That's why we have experts. To educate the less knowledgeable.
And why not integrate it with the decent Microsoft Security Essentials?
It's my understanding that if you want to preserve your rights to assert a defense, you have to assert it up front.
Only trademark rights have to be asserted / actively defended (for example, Google opposing the verb "to google" being added to renowned English dictionaries, so as not to lose the trademark as Xerox or Kleenex).
However, copyright and patent rights do not have to be asserted or defended to remain valid.
They bundled the spyware Google Toolbar with it (optional, but opted-in by default in the installation options).
It's a pity you posted this as Anonymous Coward. I'm sure lots of people would have wanted to add you to their friends list. Because this was one of the most well written posts I've seen on Slashdot in a long time. Thanks for taking the time to write it and thanks to the mods who modded it up, and not down (as one would have expected).
So what exactly is new here? I thought most ./ readers already knew that you have to trust the hardware you use...
Obviously, if you're going to use pirated or [i]any[/i] other illegal kind of software, you are owned by the malware that comes with it 90%. (That's why I stopped using pirated Windows ten years ago when internet-aware malware became popular -- I didn't want to share my credit card numbers and passwords with the pirates.)
Instead of skimming, you are forced to actually read every word.
Skimming is for getting an idea of what to expect to learn. Reading is for the actual learning.
There is no way to "create" a work into the public domain.
I call bullshit. This is the first time EVER (seriously) I've read anything like that and I think I know quite a lot about IP and licensing.
Do you know of any US law that forbids the author from WAIVING his/her copyrights? What happens after he/she waives the rights? The work should be instantly in the public domain! Refute my arguments, please.
surveillance could (or should) be implemented across Europe
So how is it? Could or should? That is a world of a difference. If you don't know what you're talking about, don't talk about it. Otherwise, you're just another troll.
What made me laugh in the Bloomberg article was this gem of irony:
"Assange is also disappointed that his name was released to the media, he said."
(!)