If I disregard the fact that this is an obvious Slashvertisment for some obscure thing called "HackAlert", let me tell you that I don't care WHICH or HOW MANY sites serve malware. There will always be sites serving malware, damn it!
What I care about (and this was -- as usual -- NOT answered anywhere in TFA/Slashvertisments), are these questions:
1. Does the served malware exploit a vulnerability for which no patch exists? 2. If 1 is true, what browsers and operating systems are affected?
If any kind soul knows and posts this information, you are bound to get some positive karma. Thanks.
- Facebook CEO, who said that the meaning of the word privacy is changing thanks to Facebook and that the need for and expectation of privacy on the Internet should be and will be a thing of the past.
- Google CEO, who said that if you don't want other people to know about something you do, you shouldn't be doing it in the first place.
These people need to realize that respecting and protecting privacy of their users is mandatory, not a thing of the past.
When will people finally realize that Apple doesn't have huge sales thanks to any miraculous quality or innovation, but thanks to sheep-like following and buy-everything-they-make attitude of their fans?
The best "benchmark" I've found so far says that there will be "some little" slow down when browsing DNSSEC-enabled websites (in contrast to DNSSEC-disabled ones).
Anyone can englighten us as to what those words "some little" really mean?
By benchmarking it, you'll also help webmasters who are considering deployment of DNSSEC.
Seriously, isn't it time to stop overusing, abusing and misusing the term AI? Such primitive software doesn't come even close to the kind of intelligence people with IQ of 100 or higher have. Thanks.
If you want to use a hash alone, you only check integrity, but not authenticity. The attacker may alter the hashes published on your server and you won't detect that.
And again, if you meant signed hashes, then that is exactly what digital signatures are. Signed hashes of the files. The recipient hashes the file, compares the hashes, and verifies the signature of the hash. That's how digital signing works, my friend.
Your posts contain no suggestions for improvement, but they may even weaken your security.
the more efficient way is to sign the hash. Digital signatures actually ARE signed hashes. So I'm not sure what you're trying to invent there (and how it would be more efficient).
Yet another reason to digitally sign your packages. That way, even if your server is hacked, people will know it didn't come from the authors of the software.
They tested every obscure antivirus program out there, yet they did not test one of the most important ones -- Microsoft Security Essentials.
Seeing how obscure some of the tested AVs are, it's hard to believe their statement that "the only reason there are not more products in the following table is our time limitation."
Was MSE intentionally omitted because it is not vulnerable? Slashdot is more likely to reject such an article... It is actually very likely that MSE is not vulnerable, because Microsoft products do not patch the Windows kernel.
Judge for yourselves what they tested:
3D EQSecure Professional Edition 4.2 avast! Internet Security 5.0.462 AVG Internet Security 9.0.791 Avira Premium Security Suite 10.0.0.536 BitDefender Total Security 2010 13.0.20.347 Blink Professional 4.6.1 CA Internet Security Suite Plus 2010 6.0.0.272 Comodo Internet Security Free 4.0.138377.779 DefenseWall Personal Firewall 3.00 Dr.Web Security Space Pro 6.0.0.03100 ESET Smart Security 4.2.35.3 F-Secure Internet Security 2010 10.00 build 246 G DATA TotalCare 2010 Kaspersky Internet Security 2010 9.0.0.736 KingSoft Personal Firewall 9 Plus 2009.05.07.70 Malware Defender 2.6.0 McAfee Total Protection 2010 10.0.580 Norman Security Suite PRO 8.0 Norton Internet Security 2010 17.5.0.127 Online Armor Premium 4.0.0.35 Online Solutions Security Suite 1.5.14905.0 Outpost Security Suite Pro 6.7.3.3063.452.0726 Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION Panda Internet Security 2010 15.01.00 PC Tools Firewall Plus 6.0.0.88 PrivateFirewall 7.0.20.37 Security Shield 2010 13.0.16.313 Sophos Endpoint Security and Control 9.0.5 ThreatFire 4.7.0.17 Trend Micro Internet Security Pro 2010 17.50.1647.0000 Vba32 Personal 3.12.12.4 VIPRE Antivirus Premium 4.0.3272 VirusBuster Internet Security Suite 3.2 Webroot Internet Security Essentials 6.1.0.145 ZoneAlarm Extreme Security 9.1.507.000
What are you talking about? Apple is shipping to Europe. TFA is about eastern European countries that are members of the EU, NATO, etc. and have been out of communism for 20 years. The EU countries have the same laws regarding intellectual property.
TFA begins with this tag line: "What has Apple got against eastern Europe?"
The supporting scientific evidence that they provided (the psychological experiment) seems to me to be bogus (and its results misinterpreted).
The people who were offered money for solving the task may have been influenced in a way that made them subconsciously believe it was a difficult (perhaps even impossible) task to solve. Subconsciously, they may have been kind of PARALYZED by this very thought. Why would a psychologist offer dollars to me if this was easily solvable?
On the other hand, the other group, which was offered no money, must have been more RELAXED, less paralyzed and more positive-thinking. Simply put, the people in this group believed it was possible to solve the task.
Hence, in this particular context, the conclusion that money decreases motivation might be incorrect. And the biggest mistake was to generalize that conclusion and apply to any business.
Rightfully so. Security patching a rootkit-ed OS is mildly amusing and also a bit redundant. The only way to secure such an OS starts with reformatting the system partition.
How did they explain the out-of-body visions experienced by people who were born blind (and then actually saw things when their heart stopped beating)?
I don't know why some knee-jerks tagged this article as "Java". It's not running on Java. It uses JavaScript. It doesn't use Flash either. It's pure browser code.
Also read this part of the developers' blog post:
What this means for the Web
For years, people have assumed the browser was a poor platform for this kind of thing, and that you'd need something like Flash, Silverlight, JavaFX, or native code. While it is true that you should not expect the browser to rival triple-A titles like Far Cry or Call of Duty in the browser, there is no reason why lots of casual games that used to be implemented in Flash, or are now implemented in Objective-C on the iPhone/iPad can't be done using similar techniques we've used.
In other words, goodbye Flash and Java applets. And die already.
You're missing a very important difference. The address bar and the search bar are unified in Chrome (not in any other browser). They are a single text field.
The consequence is that when the user types a domain name or URL in Chrome, Google sees everything he types there. Any site he visits is logged on Google servers by default. That's spying by default.
Firefox and IE only send search queries, which are sent to search engines when you hit Enter anyway (there is very little negative impact to privacy here).
"However, the attack presented only applies to a specific network card model (Broadcom NetXtreme) whenever a remote administration functionality (called ASF for Alert Standard Format 2.0) is turned on (it is off by default) and configured. According to vendors, this functionality is far from being widely used. As a consequence, this vulnerability is really likely to have a very limited impact in practice."
Does anyone have any link that would confirm that Microsoft actually did anything besides allowing a third party to use an API? The summary tries to make it sound like Microsoft uses (integrates) some Secunia stuff now.
The article certainly does read like a Secunia ad.
Slashdot Mirror
If I disregard the fact that this is an obvious Slashvertisment for some obscure thing called "HackAlert", let me tell you that I don't care WHICH or HOW MANY sites serve malware. There will always be sites serving malware, damn it!
What I care about (and this was -- as usual -- NOT answered anywhere in TFA/Slashvertisments), are these questions:
1. Does the served malware exploit a vulnerability for which no patch exists?
2. If 1 is true, what browsers and operating systems are affected?
If any kind soul knows and posts this information, you are bound to get some positive karma. Thanks.
Send this link to the following people:
- Facebook CEO, who said that the meaning of the word privacy is changing thanks to Facebook and that the need for and expectation of privacy on the Internet should be and will be a thing of the past.
- Google CEO, who said that if you don't want other people to know about something you do, you shouldn't be doing it in the first place.
These people need to realize that respecting and protecting privacy of their users is mandatory, not a thing of the past.
A friendly warning to all Windows 2000 users out there, your OSs will remain vulnerable (unless you have a private agreement with MS).
Support for you ended two weeks ago.
http://support.microsoft.com/lifecycle/?LN=en-us&x=17&y=3&p1=3071
When will people finally realize that Apple doesn't have huge sales thanks to any miraculous quality or innovation, but thanks to sheep-like following and buy-everything-they-make attitude of their fans?
The best "benchmark" I've found so far says that there will be "some little" slow down when browsing DNSSEC-enabled websites (in contrast to DNSSEC-disabled ones).
Anyone can englighten us as to what those words "some little" really mean?
By benchmarking it, you'll also help webmasters who are considering deployment of DNSSEC.
Use responsible disclosure and not only Microsoft, but above all the users of Windows will like you.
Expose them to an unpatched vulnerability and they will love you, uh, less.
The first thing that came to my mind was: "What a group of immature jerks."
Seriously, isn't it time to stop overusing, abusing and misusing the term AI? Such primitive software doesn't come even close to the kind of intelligence people with IQ of 100 or higher have. Thanks.
If you want to use a hash alone, you only check integrity, but not authenticity. The attacker may alter the hashes published on your server and you won't detect that.
And again, if you meant signed hashes, then that is exactly what digital signatures are. Signed hashes of the files. The recipient hashes the file, compares the hashes, and verifies the signature of the hash. That's how digital signing works, my friend.
Your posts contain no suggestions for improvement, but they may even weaken your security.
the more efficient way is to sign the hash.
Digital signatures actually ARE signed hashes. So I'm not sure what you're trying to invent there (and how it would be more efficient).
Yet another reason to digitally sign your packages. That way, even if your server is hacked, people will know it didn't come from the authors of the software.
See gnupg.org
Don't forget about hardware.
Oh, wait...
But they don't have the same distribution rights agreements
Citation needed. Seriously.
They tested every obscure antivirus program out there, yet they did not test one of the most important ones -- Microsoft Security Essentials.
Seeing how obscure some of the tested AVs are, it's hard to believe their statement that "the only reason there are not more products in the following table is our time limitation."
Was MSE intentionally omitted because it is not vulnerable? Slashdot is more likely to reject such an article... It is actually very likely that MSE is not vulnerable, because Microsoft products do not patch the Windows kernel.
Judge for yourselves what they tested:
3D EQSecure Professional Edition 4.2
avast! Internet Security 5.0.462
AVG Internet Security 9.0.791
Avira Premium Security Suite 10.0.0.536
BitDefender Total Security 2010 13.0.20.347
Blink Professional 4.6.1
CA Internet Security Suite Plus 2010 6.0.0.272
Comodo Internet Security Free 4.0.138377.779
DefenseWall Personal Firewall 3.00
Dr.Web Security Space Pro 6.0.0.03100
ESET Smart Security 4.2.35.3
F-Secure Internet Security 2010 10.00 build 246
G DATA TotalCare 2010
Kaspersky Internet Security 2010 9.0.0.736
KingSoft Personal Firewall 9 Plus 2009.05.07.70
Malware Defender 2.6.0
McAfee Total Protection 2010 10.0.580
Norman Security Suite PRO 8.0
Norton Internet Security 2010 17.5.0.127
Online Armor Premium 4.0.0.35
Online Solutions Security Suite 1.5.14905.0
Outpost Security Suite Pro 6.7.3.3063.452.0726
Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION
Panda Internet Security 2010 15.01.00
PC Tools Firewall Plus 6.0.0.88
PrivateFirewall 7.0.20.37
Security Shield 2010 13.0.16.313
Sophos Endpoint Security and Control 9.0.5
ThreatFire 4.7.0.17
Trend Micro Internet Security Pro 2010 17.50.1647.0000
Vba32 Personal 3.12.12.4
VIPRE Antivirus Premium 4.0.3272
VirusBuster Internet Security Suite 3.2
Webroot Internet Security Essentials 6.1.0.145
ZoneAlarm Extreme Security 9.1.507.000
What are you talking about? Apple is shipping to Europe. TFA is about eastern European countries that are members of the EU, NATO, etc. and have been out of communism for 20 years. The EU countries have the same laws regarding intellectual property.
TFA begins with this tag line: "What has Apple got against eastern Europe?"
The supporting scientific evidence that they provided (the psychological experiment) seems to me to be bogus (and its results misinterpreted).
The people who were offered money for solving the task may have been influenced in a way that made them subconsciously believe it was a difficult (perhaps even impossible) task to solve. Subconsciously, they may have been kind of PARALYZED by this very thought. Why would a psychologist offer dollars to me if this was easily solvable?
On the other hand, the other group, which was offered no money, must have been more RELAXED, less paralyzed and more positive-thinking. Simply put, the people in this group believed it was possible to solve the task.
Hence, in this particular context, the conclusion that money decreases motivation might be incorrect. And the biggest mistake was to generalize that conclusion and apply to any business.
Rightfully so. Security patching a rootkit-ed OS is mildly amusing and also a bit redundant. The only way to secure such an OS starts with reformatting the system partition.
I'd like to meet your daughter when she's an adult. (I am serious. She should be really pleasure to be around and really interesting.)
You call it a "genetic disorder", I call it the "evolution".
How did they explain the out-of-body visions experienced by people who were born blind (and then actually saw things when their heart stopped beating)?
I don't know why some knee-jerks tagged this article as "Java". It's not running on Java. It uses JavaScript. It doesn't use Flash either. It's pure browser code.
Also read this part of the developers' blog post:
What this means for the Web
For years, people have assumed the browser was a poor platform for this kind of thing, and that you'd need something like Flash, Silverlight, JavaFX, or native code. While it is true that you should not expect the browser to rival triple-A titles like Far Cry or Call of Duty in the browser, there is no reason why lots of casual games that used to be implemented in Flash, or are now implemented in Objective-C on the iPhone/iPad can't be done using similar techniques we've used.
In other words, goodbye Flash and Java applets. And die already.
You're missing a very important difference. The address bar and the search bar are unified in Chrome (not in any other browser). They are a single text field.
The consequence is that when the user types a domain name or URL in Chrome, Google sees everything he types there. Any site he visits is logged on Google servers by default. That's spying by default.
Firefox and IE only send search queries, which are sent to search engines when you hit Enter anyway (there is very little negative impact to privacy here).
Or am I missing something major here?
Yes, sir you are. You're missing the major fact that the default settings is what the vast majority of uneducated masses use.
I guess that's why Microsoft is trying to educate them (and, believe it or not, by doing that, they actually help protect their privacy).
If you dig into TFA, you'll find this:
"However, the attack presented only applies to a specific network card model (Broadcom NetXtreme) whenever a remote administration functionality (called ASF for Alert Standard Format 2.0) is turned on (it is off by default) and configured. According to vendors, this functionality is far from being widely used. As a consequence, this vulnerability is really likely to have a very limited impact in practice."
Does anyone have any link that would confirm that Microsoft actually did anything besides allowing a third party to use an API? The summary tries to make it sound like Microsoft uses (integrates) some Secunia stuff now.
The article certainly does read like a Secunia ad.