it doesn't attempt to smash the door open but rather attacks in a fashion that this particular security software was not designed to handle.
No security software can "handle" attacks when the attacker has admin privileges or physical access to the machine (i.e. root access), which is the case here.
In case you thought TPM would help, then, no it wouldn't.
This is nothing more than stupid nonsense created by a random teenager, who obviously knows nothing about security.
If you can modify the MBR (which this guy has to), you either already have admin rights or physical access to the machine.
If you have admin rights, you can reset the TPM or do just about anything (save snapshots of RAM, where the decrypted plaintext, and master key are). If you have physical access you can do just about anything top (install a key logger, take snapshots of RAM, replace the Bitlocker bootloader with a fake one that will accept your password and false say it is incorrect, but then transmit it to the attacker.)
With this article I've stopped trusting the Slashdot editors and started ignoring the Black Hat conference (as they let in amateurs who know nothing about security present discoveries such as, hey see what I can do when I have root level access to your computer).
You're kidding us right? Look up the definition of the word "error" and compare it with the definitions of the words "willful", "deliberate" and "intent".
It's not a "problem" that can be "worked on". It's the character of the author. As any decent psychologist will tell you that character is inborn and cannot be changed or "worked on".
The character of the author of NoScript is that of the authors of
1) adware (redirecting to his ad-laden website with each meaningless update and preventing you from blocking these ads)
2) spyware/malware (changing configuration without the user's consent).
If someone from the EU stole money from your US bank account and transferred them to or via a bank in the EU, you would LOVE the EU to help the US police trace where the money went, right? And vice versa.
Then, suddenly, it would probably be all OK and your "trust" bs would silently disappear.
The fact that laws are enforceable is what distinguishes the US and EU from the countries of the third world. It's things like these that make that possible.
It may "sound like" they are subordinated, if the reader is misinformed or uneducated. That's the point and that's why it's misleading. These agreements have usually mutual benefits. For allowing them to access these international banking data, the EU will get something in return.
The tabloid title says "Most Companies Won't Deploy Windows 7". Whereas the article says they have [b]currently[/b] no such plans. That's quite a significant difference.
Or maybe NetApps just came up with a creative way to earn more money from ads by delaying the release and having people come back every day for one week to check if the data is already there...
Well, why not. It's ok. But let's not misinterpret that.
You're completely missing the point. There's no HTML 5 yet. If people start using this HTML5 draft and creating "HTML 5" web pages now, and the standard HTML 5 will be different from this draft, then we will have web polluted with non-standard-compliant web pages exactly as it happened with sites built for IE6 proprietary extensions.
So once again HTML 5 as a standard does not exist. It's a standard being discussed. The draft can change anytime. There's not HTML 5 to implement.
Well, the only thing the software needs to do is replace all < with < and > with >. That will render all scripts and tags inactive and will render them as intended in plaintext. We'll be able to mention HTML tags or post script code just like we can do in other plain text messages, such as emails.
trying to bring their behavior in line with a single unified goal instead of adding their own proprietary features to HTML itself.
I guess that's why Mozilla implemented support for the Ogg Theora codec with the tag? Because that's not in any standard. Firefox 3.5 added a proprietary extension that is not based on any existing standard.
Drafts can change any time. HTML5 is nothing but a draft now.
Since when are personal attacks, based on unconfirmed accusations by a convicted fraud, attacks on people who just died, moderated as Funny? Mod this post into oblivion, if you are still human beings.
> consumers only need to think about three versions
That's actually wrong. Unlike in Vista, the Starter edition is intended for Netbooks in fully developed countries. So the number of applicable flavors is still the same as with Vista -- 4.
By any chance, are you going to log and inspect internet traffic from and to your illegal Windows installation for the next following 3 or 4 years 24/7?
> comes in three flavours: Home, Professional and Ultimate
What are you talking about? There is the same number of flavors of Win7 as there is of Vista. The only difference is that Business was renamed to Professional.
> Microsoft actually wants me to leech this off of BitTorrent.
Man, I'd think twice before doing that.
10 years ago, when internet malware practically did not exist, I wouldn't worry. But, today? Almost any illegal software you download from the internet contains malware of some sort.
Or, if you want your credit card numbers and passwords sent to the authors of the crack somewhere in Russia, then by all means, download a pirated version of Windows. But it may cost you much more than a legal copy of Win7.
Treaty of Lisbon is not valid yet, and it is not sure that it ever will. Ireland has rejected and many countries are still analyzing it.
Your only chance for help from other European countries and/or the US would be NATO membership. It's a military defensive alliance where if one member is attacked, it's considered as attack on all members.
I'm not sure of the reasons why you are not in NATO, but you might regret not being in it.
Slashdot Mirror
People are choosing to get an alternative.
Nonsense. People even don't know what browser or Firefox is. Their geeky friends are installing it for them.
it doesn't attempt to smash the door open but rather attacks in a fashion that this particular security software was not designed to handle.
No security software can "handle" attacks when the attacker has admin privileges or physical access to the machine (i.e. root access), which is the case here.
In case you thought TPM would help, then, no it wouldn't.
This is nothing more than stupid nonsense created by a random teenager, who obviously knows nothing about security.
TPM will not help you in this case. At all.
If you can modify the MBR (which this guy has to), you either already have admin rights or physical access to the machine.
If you have admin rights, you can reset the TPM or do just about anything (save snapshots of RAM, where the decrypted plaintext, and master key are). If you have physical access you can do just about anything top (install a key logger, take snapshots of RAM, replace the Bitlocker bootloader with a fake one that will accept your password and false say it is incorrect, but then transmit it to the attacker.)
With this article I've stopped trusting the Slashdot editors and started ignoring the Black Hat conference (as they let in amateurs who know nothing about security present discoveries such as, hey see what I can do when I have root level access to your computer).
I'm truly disgusted at the stupidity of people.
When you consider that they could still do all these things without XSS and simply host malicious code themselves
Sure but people are still more likely to click on URL containing a domain name that ends with ".gov.uk".
He admitted his error
You're kidding us right? Look up the definition of the word "error" and compare it with the definitions of the words "willful", "deliberate" and "intent".
as this problem was worked on some months ago.
It's not a "problem" that can be "worked on". It's the character of the author. As any decent psychologist will tell you that character is inborn and cannot be changed or "worked on".
The character of the author of NoScript is that of the authors of
1) adware (redirecting to his ad-laden website with each meaningless update and preventing you from blocking these ads)
2) spyware/malware (changing configuration without the user's consent).
If someone from the EU stole money from your US bank account and transferred them to or via a bank in the EU, you would LOVE the EU to help the US police trace where the money went, right? And vice versa.
Then, suddenly, it would probably be all OK and your "trust" bs would silently disappear.
The fact that laws are enforceable is what distinguishes the US and EU from the countries of the third world. It's things like these that make that possible.
It may "sound like" they are subordinated, if the reader is misinformed or uneducated. That's the point and that's why it's misleading. These agreements have usually mutual benefits. For allowing them to access these international banking data, the EU will get something in return.
and it appears likely that the European Union is going to comply
The word "comply" misleadingly suggests that the EU is somehow subordinated to the US. The correct word is allow (not comply).
You forgot the Silverlight (Flash), XPS (PDF), and ~OOXML (ODF).
One of the primary strengths of Python is being maintainable.
A language does not make a code unmaintainable. It's the developer who does.
The tabloid title says "Most Companies Won't Deploy Windows 7". Whereas the article says they have [b]currently[/b] no such plans. That's quite a significant difference.
Or maybe NetApps just came up with a creative way to earn more money from ads by delaying the release and having people come back every day for one week to check if the data is already there...
Well, why not. It's ok. But let's not misinterpret that.
I expect exactly that kind of moronic answer.
You're completely missing the point. There's no HTML 5 yet. If people start using this HTML5 draft and creating "HTML 5" web pages now, and the standard HTML 5 will be different from this draft, then we will have web polluted with non-standard-compliant web pages exactly as it happened with sites built for IE6 proprietary extensions.
So once again HTML 5 as a standard does not exist. It's a standard being discussed. The draft can change anytime. There's not HTML 5 to implement.
Well, the only thing the software needs to do is replace all < with < and > with >. That will render all scripts and tags inactive and will render them as intended in plaintext. We'll be able to mention HTML tags or post script code just like we can do in other plain text messages, such as emails.
Hmm, I posted the message as Plain Text. Yet Slashdot stripped the <video> tag from the sentence.
trying to bring their behavior in line with a single unified goal instead of adding their own proprietary features to HTML itself.
I guess that's why Mozilla implemented support for the Ogg Theora codec with the tag? Because that's not in any standard. Firefox 3.5 added a proprietary extension that is not based on any existing standard.
Drafts can change any time. HTML5 is nothing but a draft now.
Since when are personal attacks, based on unconfirmed accusations by a convicted fraud, attacks on people who just died, moderated as Funny? Mod this post into oblivion, if you are still human beings.
> consumers only need to think about three versions
That's actually wrong. Unlike in Vista, the Starter edition is intended for Netbooks in fully developed countries. So the number of applicable flavors is still the same as with Vista -- 4.
Could you be more specific?
By any chance, are you going to log and inspect internet traffic from and to your illegal Windows installation for the next following 3 or 4 years 24/7?
> comes in three flavours: Home, Professional and Ultimate
What are you talking about? There is the same number of flavors of Win7 as there is of Vista. The only difference is that Business was renamed to Professional.
http://en.wikipedia.org/wiki/Windows_7_editions#Editions
> Microsoft actually wants me to leech this off of BitTorrent.
Man, I'd think twice before doing that.
10 years ago, when internet malware practically did not exist, I wouldn't worry. But, today? Almost any illegal software you download from the internet contains malware of some sort.
Or, if you want your credit card numbers and passwords sent to the authors of the crack somewhere in Russia, then by all means, download a pirated version of Windows. But it may cost you much more than a legal copy of Win7.
Treaty of Lisbon is not valid yet, and it is not sure that it ever will. Ireland has rejected and many countries are still analyzing it.
Your only chance for help from other European countries and/or the US would be NATO membership. It's a military defensive alliance where if one member is attacked, it's considered as attack on all members.
I'm not sure of the reasons why you are not in NATO, but you might regret not being in it.
Finland is not a member of NATO. That might be a problem in the unlikely event of a Russian invasion to the country.
Yes, the most recent report is at http://www.av-comparatives.org/images/stories/test/ondret/avc_report22.pdf
Microsoft practically won it.