# You'll have to deal with a lot of people who actually know the difference between "their", "there", and "they're". And you might even have to learn a whole new language to deal with those who don't.
I know you joke, but in my experience, this problem is a great deal more common in the US. I'm yet to see a non-native speaker committing such mistakes in written English.
With filesharing people do not agree they are committing a crime.
and in most instances, so think people who speed. I, for one, don't agree that 60km/h is the proper speed limit for a specific deserted, uninhabited, perfect conditions, three-lane each way avenue in my hometown. The only reason for it to be 60km/h is that it is maintained by the municipality (as opposed to state or union roads). And yeah, they love radar'ing people there.
I mean, they are paying for someone's idea or someone's implementation (equipment design and the like)? If the former, $500K sounds good; if the latter, $500K is pocket change: research ain't cheap.
Anyway, I have one idea: how about reverting back to the pre 9/11 era modus operandi? I mean, c'mon, it is not like a "hijack-and-ram-into-building" stunt is going to work again anyway... The only real worries should be bombs and guns on board, which we managed in an acceptable way back in the 90's.
Another idea is to stop messing with the political affairs in other countries. But that doesn't sound appealing to their prospective neocon customers, does it?
My point is that, while it may be interesting for honest/scared-of-being sued people, it will be of appeal to those "kids" (as GGP suggested - I read that as 18 youngters) who could not use a proper Credit Card for internet purchasing. They will simply stick to p2p methods.
oooh shuddup! It is not mandatory to have the work registered before the infringement. You are only required to register before actually filing the suit (i.e. possibly before the infringement itself). Registering will also give allow you to sue for statutory damages, as opposed to only actual damages. Handy faq.
Yeah, as opposed to simply downloading from the p2p networks. Or, god forbid, buy the CD itself and ripping it.
Also, I would risk saying Sony is likely to embed some tracking using steganography, allowing them to know who uploaded the mp3 files downloaded from this service (which will still be a violation, remember)
TFA guesses the exploit is a simple SQL injection where the injected code consists of calls to MS SQL Server's sysobject calls. I imagine this would give the attacker some file system access, allowing for injection of script tags pointing to the attacking javascript, and so on. This is a clever attack, once again allowed only by MS insistence in allowing things like an SQL Server to execute stuff not related to its task. Note that, while this is convenient and useful, it should never be allowed by default.
no. Not by itself, at least. You would still need a whole process to securely transport/exchange the keys/one time pad to make it both secure AND useful.
I also believe that's not the point of the "insecure" attribution either: they are likely talking about nasty stuff like buffer overflow, arbitrary execution, privilege escalation, as opposed to the security/privacy of data itself.
Moreover, PBF's author is a extremely capable, in terms of drawings. He has a good domain on a number of techniques and styles. Most online comics, on the other hand, create a single style and stick to it forever, increasing their quality in a more progressive manner.
You obviously ignore that, in the "real universe", computers could be completely reliable and data never would be subject to corruption.
The simulation resulted in Windows being invented merely by chance. The simulants (sp?) must be laughing their asses off right now. That is, if they have asses. And laugh. And have a time dimension where they could laugh "now".
Well, a website could fake this, but the attacker would still need access to the cyphertext containing the other passwords to do something useful. Presumably, this requires filesystem access on computer running that browser (either physically or remotely) and that alone is a much more serious problem. With file system access, one could perform evil instrumentation in a variety of points: replacing firefox executable, replacing DNS entries, or even keylogging.
Well, you could have it download the firmware image from the Internet (IRC or p2p) according to the device you are attacking. The worm itself would be just a little "hack" in the firmware image. And you don't have to bother with all brands and models: start with the most popular ones (Linksys' W54GL, and the like). Some of those already have open source versions of their firmware, meaning you don't really have to reverse-engineer everything.
My point is: it is not impossible. Wifi router will meet all the requisites in most cases: rewritable firmware, open-sourced os/firmware, unsecured APs, default password in administrative interfaces, a quite capable processing unit and an wifi antenna. Diversity may slow things a little but, although I lack data, I believe that the domestic and soho wifi router market (the best target - least security-minded) is dominated by few models.
If this hasn't been done yet (at least not that we knew), maybe the would-be-attackers haven't found a suitable, big, with lots of routers within range of each other. It could be already happening in a "silent" mode somewhere. It only becomes detectable if you use the full capacity of processor power and wifi output of the router, hindering the legitimate connections.
And also because HTTP authentication dialogs are quite "spoofable" anyway. You can make a phony dialog, whose style matches the system you're targeting. Of course, you can't make it modal like the real one, but most users can't really tell the difference.
Just like the "lock" on older versions of Internet Explorer. People were taught to look for the "lock" icon on the status bar to assure they are safe. However, if the status bar is disabled (IIRC, it is the bloody DEFAULT), you could fake a status bar with a fake icon.
Fortunately, IE7 moved the icon to the location bar (a sensible approach, probably learned from OSS browsers like firefox). But yeah, they still ship with a status bar that can be disabled. Go figure.
It is funny that they market "south american" keyboard with letters like , , ð and diacritics like and . AFAIK, there is no currently-spoken language in South America using those symbols.
oh snap, can't you read the very article you linked?
Personalausweis (German Wikipedia): It is compulsory at age 16 to possess either a "Personalausweis" or a passport, but not to carry it. While police officers and some other officials have a right to demand to see one of those documents, the law does not state that one is obliged to submit the document at that very moment. Fines may only be applied if an identity card or passport is not possessed at all, if the document is expired or if one explicitly refuses to show ID to the police. If one is unable to produce an ID card or passport (or any other form of credible identification) during a police control, one can (in theory) be brought to the next police post and detained for max. 12 hours, or until positive identification is possible. However, this measure is only applied if the police have reasonable grounds to believe the person detained has committed an offense.
As a matter of fact, I tell ya an anecdote: a female brazilian was enjoying Köln's carnival with a pack of other brazilian female friends. As usual, girls have no space left in their clothing (i.e. no pockets) for wallets or such, so one of them had a purse and carried everyone else's IDs (not a wise decision, but anyway). During the usual mess of Köln's carnival, she begun hanging out with some guys and lost herself of the other girls. She decided to stick around with the guys, and they went for another neighborhood for more party. In the end, she had to return to downtown and risked taking the train without a valid ticket. Of course, Murphy does not sleep even in carnival and she was busted by ticket control. Trouble was, she had no money, no credit cards, no valid IDs and had committed an offense. But see, Germany is a country where people trust each other... she explained her situation, informed her name and received the fine by mail one week later.
As a rule, when I lived in Germany, as a resident foreigner, I never brought my passport along when in town. I only carried when needed (open bank account and the like) or when traveling. Most people do the same.
Funny. You wrote "papiers, bitte" obviously to mock ze germans, but you are not required to carry an ID at all times in Germany. One must have it (e.g. at home) but doesn't have to bring along at all times.
Ze germans do something amazing on their trains! There is a Ruhezone (lit. tranquility zone) where talking, listening to music, making noise in general is strictly forbidden. Something like that should be done in airplanes too.
In Japan, talking on the cell phone on subways is frowned upon (forbidden? I'm not sure), it is not uncommon for people to forcibly shut done your phone if you're yapping.
Bzzt wrong. You would be right if the GGP's sentence was "Looks like they're back to square one". He wrote, however, "their".
"they're" is a contraction of "they are"
"their" is the possessive for "they"
"there" is a locative (sp?) adverb
I really can't understand how you manage to get it so wrong sometimes. And you can't complain it is a difficult language either. You'd cry if you ever tried Portuguese.
Slashdot Mirror
- # You'll have to deal with a lot of people who actually know the difference between "their", "there", and "they're". And you might even have to learn a whole new language to deal with those who don't.
I know you joke, but in my experience, this problem is a great deal more common in the US. I'm yet to see a non-native speaker committing such mistakes in written English.yeah, because patent violation and copyright violation is exactly the same thing
and in most instances, so think people who speed. I, for one, don't agree that 60km/h is the proper speed limit for a specific deserted, uninhabited, perfect conditions, three-lane each way avenue in my hometown. The only reason for it to be 60km/h is that it is maintained by the municipality (as opposed to state or union roads). And yeah, they love radar'ing people there.
I mean, they are paying for someone's idea or someone's implementation (equipment design and the like)? If the former, $500K sounds good; if the latter, $500K is pocket change: research ain't cheap.
Anyway, I have one idea: how about reverting back to the pre 9/11 era modus operandi? I mean, c'mon, it is not like a "hijack-and-ram-into-building" stunt is going to work again anyway... The only real worries should be bombs and guns on board, which we managed in an acceptable way back in the 90's.
Another idea is to stop messing with the political affairs in other countries. But that doesn't sound appealing to their prospective neocon customers, does it?
fp?
My point is that, while it may be interesting for honest/scared-of-being sued people, it will be of appeal to those "kids" (as GGP suggested - I read that as 18 youngters) who could not use a proper Credit Card for internet purchasing. They will simply stick to p2p methods.
Or, you could just go to the the Panthéon and see the real thing =P (sort-of: the original iron ball was moved elsewhere in 1995)
oooh shuddup! It is not mandatory to have the work registered before the infringement. You are only required to register before actually filing the suit (i.e. possibly before the infringement itself). Registering will also give allow you to sue for statutory damages, as opposed to only actual damages. Handy faq.
Yeah, as opposed to simply downloading from the p2p networks. Or, god forbid, buy the CD itself and ripping it.
Also, I would risk saying Sony is likely to embed some tracking using steganography, allowing them to know who uploaded the mp3 files downloaded from this service (which will still be a violation, remember)
TFA guesses the exploit is a simple SQL injection where the injected code consists of calls to MS SQL Server's sysobject calls. I imagine this would give the attacker some file system access, allowing for injection of script tags pointing to the attacking javascript, and so on. This is a clever attack, once again allowed only by MS insistence in allowing things like an SQL Server to execute stuff not related to its task. Note that, while this is convenient and useful, it should never be allowed by default.
no. Not by itself, at least. You would still need a whole process to securely transport/exchange the keys/one time pad to make it both secure AND useful.
I also believe that's not the point of the "insecure" attribution either: they are likely talking about nasty stuff like buffer overflow, arbitrary execution, privilege escalation, as opposed to the security/privacy of data itself.
Well, at least he will have means to pay for his hosting bill in the near future. At least for some hours :)
Moreover, PBF's author is a extremely capable, in terms of drawings. He has a good domain on a number of techniques and styles. Most online comics, on the other hand, create a single style and stick to it forever, increasing their quality in a more progressive manner.
You obviously ignore that, in the "real universe", computers could be completely reliable and data never would be subject to corruption.
The simulation resulted in Windows being invented merely by chance. The simulants (sp?) must be laughing their asses off right now. That is, if they have asses. And laugh. And have a time dimension where they could laugh "now".
Well, a website could fake this, but the attacker would still need access to the cyphertext containing the other passwords to do something useful. Presumably, this requires filesystem access on computer running that browser (either physically or remotely) and that alone is a much more serious problem. With file system access, one could perform evil instrumentation in a variety of points: replacing firefox executable, replacing DNS entries, or even keylogging.
Well, you could have it download the firmware image from the Internet (IRC or p2p) according to the device you are attacking. The worm itself would be just a little "hack" in the firmware image. And you don't have to bother with all brands and models: start with the most popular ones (Linksys' W54GL, and the like). Some of those already have open source versions of their firmware, meaning you don't really have to reverse-engineer everything.
My point is: it is not impossible. Wifi router will meet all the requisites in most cases: rewritable firmware, open-sourced os/firmware, unsecured APs, default password in administrative interfaces, a quite capable processing unit and an wifi antenna. Diversity may slow things a little but, although I lack data, I believe that the domestic and soho wifi router market (the best target - least security-minded) is dominated by few models.
If this hasn't been done yet (at least not that we knew), maybe the would-be-attackers haven't found a suitable, big, with lots of routers within range of each other. It could be already happening in a "silent" mode somewhere. It only becomes detectable if you use the full capacity of processor power and wifi output of the router, hindering the legitimate connections.
And also because HTTP authentication dialogs are quite "spoofable" anyway. You can make a phony dialog, whose style matches the system you're targeting. Of course, you can't make it modal like the real one, but most users can't really tell the difference.
Just like the "lock" on older versions of Internet Explorer. People were taught to look for the "lock" icon on the status bar to assure they are safe. However, if the status bar is disabled (IIRC, it is the bloody DEFAULT), you could fake a status bar with a fake icon.
Fortunately, IE7 moved the icon to the location bar (a sensible approach, probably learned from OSS browsers like firefox). But yeah, they still ship with a status bar that can be disabled. Go figure.
Wrong!
You only need one computer to begin the process.
It can be done. To avoid it, you should change your admin interface password and use WEP/WPA (prefereably WPA)
It is funny that they market "south american" keyboard with letters like , , ð and diacritics like and . AFAIK, there is no currently-spoken language in South America using those symbols.
oh snap, can't you read the very article you linked?
As a matter of fact, I tell ya an anecdote: a female brazilian was enjoying Köln's carnival with a pack of other brazilian female friends. As usual, girls have no space left in their clothing (i.e. no pockets) for wallets or such, so one of them had a purse and carried everyone else's IDs (not a wise decision, but anyway). During the usual mess of Köln's carnival, she begun hanging out with some guys and lost herself of the other girls. She decided to stick around with the guys, and they went for another neighborhood for more party. In the end, she had to return to downtown and risked taking the train without a valid ticket. Of course, Murphy does not sleep even in carnival and she was busted by ticket control. Trouble was, she had no money, no credit cards, no valid IDs and had committed an offense. But see, Germany is a country where people trust each other... she explained her situation, informed her name and received the fine by mail one week later.
As a rule, when I lived in Germany, as a resident foreigner, I never brought my passport along when in town. I only carried when needed (open bank account and the like) or when traveling. Most people do the same.
Funny. You wrote "papiers, bitte" obviously to mock ze germans, but you are not required to carry an ID at all times in Germany. One must have it (e.g. at home) but doesn't have to bring along at all times.
There is no such thing as "subject of the US Government". Not yet, anyway
well, to keep with the analogy, is not like most of our parts (ie. cells, atoms) are the same for our whole lifes anyway
Please turn in your geek id. They don't say "surrender your ships", they say "surrender your vessel(s)".
Yours truly,
The Nazi Geek-Quotes Patrol
ps.: and yeah, like them, I find the word "vessel" much cooler than "ship".
Ze germans do something amazing on their trains! There is a Ruhezone (lit. tranquility zone) where talking, listening to music, making noise in general is strictly forbidden. Something like that should be done in airplanes too.
In Japan, talking on the cell phone on subways is frowned upon (forbidden? I'm not sure), it is not uncommon for people to forcibly shut done your phone if you're yapping.
Bzzt wrong. You would be right if the GGP's sentence was "Looks like they're back to square one". He wrote, however, "their".
I really can't understand how you manage to get it so wrong sometimes. And you can't complain it is a difficult language either. You'd cry if you ever tried Portuguese.