3) Do not send SQL parameters to your page in GET statements!!!!!! Either use session variables or POST statements, session variables are best.
Using POST instead of GET doesn't make *any* difference. You can fake a POST request just as easily as a GET request. Please stop telling people that a POST is more secure...
My bank requires you to install some java software + some keys in your C:\ or/home/ before you can use online banking (and it's protected by a password).
It's a bit complicated to set up (especially in Linux, although the instructions were good enough to figure it out), but I don't see how phishing would work with this system. An attacker would have to trick the user into sending the 3 files with keys + entering his password.
You could get what you need easily with a trojan and keylogger, ofcourse (well, good luck tricking me into installing a trojan on Ubuntu), but sending e-mails with 'please enter your password' won't do a lot for a phisher. Besides, I don't even think my bank has my e-mail address, and I would find it very suspicious if I ever received an e-mail from them.
Phishing works because some banks apparently set up their online banking systems in the same way as slashdot, with just an username and password. That's fine for unimportant stuff, but when handling money, a login/password just won't cut it.
Unless you plan on not having any applications installed, you'll find that you'll end up with 2 'my documents' folders, which will confuse the hell out of any user. Some programs don't follow that setting and use the hardcoded path.
Nobody in their right mind would run his OS on fat32, but if you're planning on dual-booting, you probably already have made an extra FAT32 partition, in which you dump the stuff you want shared.
You can even mount it in your home directory for easy access. (And on Windows you just use X:\ as your 'my documents' folder).
And I don't get your ranting about the security of NTFS vs. FAT32. With NTFS, anybody can boot Knoppix with captive NTFS (or a Windows-based LiveCD, if those exist) and overwrite explorer.exe with anything he likes. You're screwed if somebody has physical access, no matter what the OS or Filesystem is.
The IETab extension can switch the rendering engine within Firefox. You can even add a list of websites that should always use IE's engine. This way your users won't have to start IE seperately (and probably won't even notice the switching of the engine).
I'm not sure if you can install it automatically (through sms or whatever it's called), so it might not be practical if you have to install it on a lot of computers.
I don't see eDonkey going down in the near future either, as there are still other servers, and there's kad in case somebody manages to shut down all servers.
So the completely decentralised networks that are hard to shut down are: -gnutella (the original, still going strong after 6 years) -G2 -Ares -Fasttrack (yes, that network is still running, despite being a heap of crap) -eDonkey (with kad, i don't see anyone shutting that down) -WinMX (used to rely on central servers, and when those went down, someone else just started running those servers) -All those anonymous P2P projects that nobody cares about (freenet,mute, ants,...) -and i'm probably forgetting some
And regarding legal use: I primarely use P2P as a source for free software, so I don't have to wade through badly designed websites that let you click 20 links before you finally get to the download.
It's just that people do fall into that trap of trusting their antivirus. Why would you pay for an antivirus application which will probably screw up your system more than an infection, if you can keep your computer clean by following some simple guidelines?
I see computers with P4's that run the speed of a PIII just because they're running Norton's crap. And those computers are infected with tons of adware too, because Norton won't do anything to stop those.
I just have Clamwin on my system as a regular application, it doesn't hook into the system, and doesn't do real-time scanning. It doesn't suck resources, I don't even let it start up with Windows.
Running an antivirus application is just not worth it. They suck resources and money out of you wallet, and it won't even protect you when the next worm hits because worms spread faster than anyone can produce antivirus definitions.
If this report proves anything, is that running antivirus software is not good protection. You have to educate users not to open suspicious attachments, not to run IE, and to keep their systems updated (every modern OS does this automatically! Windows also does this since SP2). A firewall and/or NAT router is always a good idea too.
I don't run antivirus (except the occasional ClamWin run if I downloaded something I don't trust completely), and I manage to keep my computer clean just by following the above rules. Antivirus won't protect you from ad/spyware anyway, and these things have become worse than viruses.
If the antivirus vendors can't keep up with new viruses, you might aswell stop paying for antivirus. After all, it won't protect you.
Infineon Technologies, makers of the xbox360 chips, can't deliver chips. Infinium Labs, scammers behind the most famous vaporware after Duke Nukem Forever, can't deliver console.
Not only because that would be supporting DRM peddling assholes, but you have to be even more careful with these files than with DRM'ed files. You are now liable AND tracable if an mp3 you bought somehow gets shared online. It doesn't take a whole lot for that to happen.
Maybe you happened to leave a windows(Linux/BSD/Mac) share open on a hostile (college/company) LAN? Maybe you lost your iPod with those tunes you bought, and somebody else is happily sharing "your" MP3's on p2p networks? Maybe the PC repairman decides that he'd like a few of your mp3's for personal use when you brought your pc in (it's not like *he* could get in trouble, there's no way to trace it back to him)?
You have to keep an eye on your files, and your system constantly to make sure none of your mp3's gets away, or otherwise you can expect a huge fine in your mail when you least expect it. Buying those MP3's is even more risky than just downloading and sharing them online like many do now.
If you rely on webapps exclusively, you can't reach your information all the time. Your internet connection could drop out, or you could be someplace without an internet connection (wardriving might be easy, but I never find an open access point when I need one).
Webapps complement regular apps, they don't replace them. It's good that websites are finally feeling more like real applications, and it's nice to be able to reach your information from everywhere, but they'll never replace them completely.
Why does one technology have to kill the other technology? Both can coexist fine. I use Gmail, but I still use Thunderbird to read and send my e-mail when I'm at my computer.
now that I have RTFA, that wasn't the full quote, apparently.
Another product I'm proud of is IBM ThinkPads. If you have a technical problem and Windows won't start, there's a rescue system. That rescue system is running Linux and Opera. I'm kind of proud of that; if Microsoft fails, you have a rescue system with Linux and Opera.
Except that I don't see where Opera fits in there. Why would you get Opera if you can get Konqueror, Firefox/Seamonkey or any of the other browsers? Opera is not a necessity, it's just one of the choices you can make for a browser.
glop.org lists Trackmania Nations as containing starforce. Is this true? Trackmania Nations is a game that was released for free downloading by Nadeo, so copy protection on that seems like a weird thing to do...
Slashdot Mirror
Using POST instead of GET doesn't make *any* difference. You can fake a POST request just as easily as a GET request. Please stop telling people that a POST is more secure...
You only see them when posting as AC (when not logged in). There's probably one when signing up for an account too.
And here I was, thinking it was an ob. Futurama reference. But you had to ruin it by making it a French joke...
slashdotter does this? I thought it was just one of the changes that happened with the new css...
My bank requires you to install some java software + some keys in your C:\ or /home/ before you can use online banking (and it's protected by a password).
It's a bit complicated to set up (especially in Linux, although the instructions were good enough to figure it out), but I don't see how phishing would work with this system. An attacker would have to trick the user into sending the 3 files with keys + entering his password.
You could get what you need easily with a trojan and keylogger, ofcourse (well, good luck tricking me into installing a trojan on Ubuntu), but sending e-mails with 'please enter your password' won't do a lot for a phisher. Besides, I don't even think my bank has my e-mail address, and I would find it very suspicious if I ever received an e-mail from them.
Phishing works because some banks apparently set up their online banking systems in the same way as slashdot, with just an username and password. That's fine for unimportant stuff, but when handling money, a login/password just won't cut it.
That would be stupid.
Unless you plan on not having any applications installed, you'll find that you'll end up with 2 'my documents' folders, which will confuse the hell out of any user. Some programs don't follow that setting and use the hardcoded path.
Rightclick somewhere on your chrome (like next to 'file' 'edit' 'view', etc), select 'customize', and drag the search box off your gui.
Just in case you didn't know that yet, because I kinda like the search box myself (even though I use the address bar search too in some situations).
Heh, I just had this happen to me while reading the summary...
Nobody in their right mind would run his OS on fat32, but if you're planning on dual-booting, you probably already have made an extra FAT32 partition, in which you dump the stuff you want shared.
You can even mount it in your home directory for easy access. (And on Windows you just use X:\ as your 'my documents' folder).
And I don't get your ranting about the security of NTFS vs. FAT32. With NTFS, anybody can boot Knoppix with captive NTFS (or a Windows-based LiveCD, if those exist) and overwrite explorer.exe with anything he likes. You're screwed if somebody has physical access, no matter what the OS or Filesystem is.
The IETab extension can switch the rendering engine within Firefox. You can even add a list of websites that should always use IE's engine. This way your users won't have to start IE seperately (and probably won't even notice the switching of the engine).
I'm not sure if you can install it automatically (through sms or whatever it's called), so it might not be practical if you have to install it on a lot of computers.
it's because the coral cache doesn't work with https (for obvious reasons).
Obviously that is the thing causing the slashdot effect...
And to say CmdrTaco blamed it on us, the innocent readers with souped up Firefoxes and Reloadevery extensions...
Who can recommend a good book on IT 404?
I searched Amazon, but all I got was 'File not found'...
Yep, you're right.
...)
I don't see eDonkey going down in the near future either, as there are still other servers, and there's kad in case somebody manages to shut down all servers.
So the completely decentralised networks that are hard to shut down are:
-gnutella (the original, still going strong after 6 years)
-G2
-Ares
-Fasttrack (yes, that network is still running, despite being a heap of crap)
-eDonkey (with kad, i don't see anyone shutting that down)
-WinMX (used to rely on central servers, and when those went down, someone else just started running those servers)
-All those anonymous P2P projects that nobody cares about (freenet,mute, ants,
-and i'm probably forgetting some
And regarding legal use: I primarely use P2P as a source for free software, so I don't have to wade through badly designed websites that let you click 20 links before you finally get to the download.
It's just that people do fall into that trap of trusting their antivirus. Why would you pay for an antivirus application which will probably screw up your system more than an infection, if you can keep your computer clean by following some simple guidelines?
I see computers with P4's that run the speed of a PIII just because they're running Norton's crap. And those computers are infected with tons of adware too, because Norton won't do anything to stop those.
I just have Clamwin on my system as a regular application, it doesn't hook into the system, and doesn't do real-time scanning. It doesn't suck resources, I don't even let it start up with Windows.
Running an antivirus application is just not worth it. They suck resources and money out of you wallet, and it won't even protect you when the next worm hits because worms spread faster than anyone can produce antivirus definitions.
If this report proves anything, is that running antivirus software is not good protection. You have to educate users not to open suspicious attachments, not to run IE, and to keep their systems updated (every modern OS does this automatically! Windows also does this since SP2). A firewall and/or NAT router is always a good idea too.
I don't run antivirus (except the occasional ClamWin run if I downloaded something I don't trust completely), and I manage to keep my computer clean just by following the above rules. Antivirus won't protect you from ad/spyware anyway, and these things have become worse than viruses.
If the antivirus vendors can't keep up with new viruses, you might aswell stop paying for antivirus. After all, it won't protect you.
Infineon Technologies, makers of the xbox360 chips, can't deliver chips.
;)
Infinium Labs, scammers behind the most famous vaporware after Duke Nukem Forever, can't deliver console.
Coincidence? I think not...
Not only because that would be supporting DRM peddling assholes, but you have to be even more careful with these files than with DRM'ed files. You are now liable AND tracable if an mp3 you bought somehow gets shared online. It doesn't take a whole lot for that to happen.
Maybe you happened to leave a windows(Linux/BSD/Mac) share open on a hostile (college/company) LAN? Maybe you lost your iPod with those tunes you bought, and somebody else is happily sharing "your" MP3's on p2p networks? Maybe the PC repairman decides that he'd like a few of your mp3's for personal use when you brought your pc in (it's not like *he* could get in trouble, there's no way to trace it back to him)?
You have to keep an eye on your files, and your system constantly to make sure none of your mp3's gets away, or otherwise you can expect a huge fine in your mail when you least expect it. Buying those MP3's is even more risky than just downloading and sharing them online like many do now.
If you rely on webapps exclusively, you can't reach your information all the time. Your internet connection could drop out, or you could be someplace without an internet connection (wardriving might be easy, but I never find an open access point when I need one).
Webapps complement regular apps, they don't replace them. It's good that websites are finally feeling more like real applications, and it's nice to be able to reach your information from everywhere, but they'll never replace them completely.
Why does one technology have to kill the other technology? Both can coexist fine. I use Gmail, but I still use Thunderbird to read and send my e-mail when I'm at my computer.
now that I have RTFA, that wasn't the full quote, apparently.
Another product I'm proud of is IBM ThinkPads. If you have a technical problem and Windows won't start, there's a rescue system. That rescue system is running Linux and Opera. I'm kind of proud of that; if Microsoft fails, you have a rescue system with Linux and Opera.
I guess that is quite nice.
Except that I don't see where Opera fits in there. Why would you get Opera if you can get Konqueror, Firefox/Seamonkey or any of the other browsers? Opera is not a necessity, it's just one of the choices you can make for a browser.
...he lists workarounds as 'Firefox'
Maybe he was going for the +5 Funny mod...
These 'workarounds' get posted here on any IE related story.
They just mix some vodka in the rocket fuel.
Replying on my own post: :(.
I did some research, and apparently they really did include it on that free game. I even had that crap on my system
glop.org lists Trackmania Nations as containing starforce. Is this true? Trackmania Nations is a game that was released for free downloading by Nadeo, so copy protection on that seems like a weird thing to do...
Does anyone know more about it?