I have to fire up opera and pretend to be MSIE to make anything happen.
I'm planning on changing banks soon. The final straw was when I showed them their publicly-accessible logs and a file upload vuln and they insisted that no such hole existed.
Seconded. The banks need to be responsible for their own systems (I havent' been hugely impressed by that either), but they have NO responsibility to ensure that your access point is secure.
Contradict yourself much? Either people should have these rights or they shouldn't. You can't say people should have some right for 20 years and then it should magically go away. The right is magically granted, why not have it magically go away?
I'm fully aware of that, trust me. I'm the Information Security Officer at a large hosting company, and I am that guy, who has to sort it out.
Though I wouldn't claim it is foolproof, it usually isn't hard to tell the difference in style of a malicious attacker and a harmless one- primarily because at one point or another, I have functioned in both capacities. If I hadn't done so, I wouldn't be qualified to do what I'm doing.
Yes, I do treat every breach like it was a serious one, and as my earlier post stated, I do think the "trespassing" on the site is reason enough to prosecute (particularly when sensitive information is compromised), but it definitely isn't as serious as tampering with a credit card processing script, for example.
I'm in information security now, but I studied illustration in college and CMYK is definitely a must, if you ever want to send your work to press.
Gimp is an extremely awkward UI. Photoshop is nice and clean.
You seem to be complaining about the fact that people have legitimate reasons not to use gimp. I'm one of 2 linux users in an all-windows shop, and I hate non-open software as much as any/.er, but Photoshop is one of the few examples of absolutely phenomenal closed-source software.
Do I wish it was open? Hells yes. I have no doubt it'd be a lot better.
You know, that's actually not an entirely bad analogy, but the way I see it, it proves the opposite of your point. A person who walks into a house and explores it is certainly guilty of trespassing and probably more, but if he hasn't taken anything, then he isn't guilty of burglary and shouldn't be tried for it.
People exploring networks often do it for no reason other than to see what's there. They may use illegal means to do so, and they should be held responsible for that, but the fact is, a lot of grey hats are harmless- they just want to see what they can do.
This is the problem that's been giving me issues lately too.
Every online payment application I have available to me, including my (very large) ISP's web interface, my student loan, my utility bill, my home loan, and my bank, has at least one serious xss, session fixation, or SQL injection hole. I've informed them about the problems, and not one has made an effort to fix the issue.
They have all, however, failed to remove the text from their respective web sites saying:
We have information systems that collect and store customer information in addition to systems that store our own business records. These systems have different types of security as appropriate for the information stored.
We maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your nonpublic personal information. What's a gray hat to do?
If I make such things public, they pursue legal action against me. Posting anonymously may or may not help, but they still know that I know about the holes, and it wouldn't be hard to put 2 and 2 together.
Somebody correct me if I'm wrong, but in my drunken nights of playing guitar hero, I never found a way to play notes whether the game prompts you or not. It's completely reactive, like DDR. It just makes nasty noises at you for choosing to play Anarchy in the UK with a ska rhythm.
I'm aware of the system, but the company loaning the money to the artists.
Maybe saying they funded it was the wrong word, but it is their investment that makes the whole recording process happen. Of course they expect a return on that investment, but they are still taking a risk on a new artist.
While I completely agree with you, it should be noted that the labels funded the recording process. That and advertising are what they're there for, though they're needed for each less and less every year.
There are still a few good labels out there, but they're certainly not the controlling majority of the RIAA, and most refuse to even be members.
Mod me troll, but you sound like you're talking out of your ass. Care to reference some of those 'facts', such as the need to send astronauts up to fix the registry, satellites running windows, and the satellites getting infected from a user browsing the internet through it...?
Slashdot Mirror
On mine, it just takes a username and password, which get submitted in plaintext if you have javascript disabled.
Not all banks are created equal.
Mine doesn't work, but it is complete shite.
I have to fire up opera and pretend to be MSIE to make anything happen.
I'm planning on changing banks soon. The final straw was when I showed them their publicly-accessible logs and a file upload vuln and they insisted that no such hole existed.
Seconded. The banks need to be responsible for their own systems (I havent' been hugely impressed by that either), but they have NO responsibility to ensure that your access point is secure.
i'd seen those before too. interesting.
Do you have a source? Not arguing, it's just an interesting idea and I'd like to see more about that.
The important thing is the cup- doesn't matter how much is in it.
Also, refills don't count, as long as there's still at least 1/4 of a cup at the bottom.
Starbucks coffee is shite, and to quote Dennis Leary, You can get every other flavor except COFFEE FLAVORED COFFEE!
I stopped buying the coffee shop coffee, now I'm sipping a cup of homemade before heading to the office.
One exception though- if you are ever in Park City, try the coffee shop at the lodge. It's amazing.
IIRC, Flash was pretty common for a while before Adobe aquired it.
In fact, the biggest difference that I've seen since then was the proliferation of punch-the-monkey-win-a-free-lappy ads
...which has the same structure as a P2P network.
Your point?
I'm fully aware of that, trust me. I'm the Information Security Officer at a large hosting company, and I am that guy, who has to sort it out.
Though I wouldn't claim it is foolproof, it usually isn't hard to tell the difference in style of a malicious attacker and a harmless one- primarily because at one point or another, I have functioned in both capacities. If I hadn't done so, I wouldn't be qualified to do what I'm doing.
Yes, I do treat every breach like it was a serious one, and as my earlier post stated, I do think the "trespassing" on the site is reason enough to prosecute (particularly when sensitive information is compromised), but it definitely isn't as serious as tampering with a credit card processing script, for example.
Hoorays! Now you use distortion effects to make that hole look even bigger.
You sicko.
I'm in information security now, but I studied illustration in college and CMYK is definitely a must, if you ever want to send your work to press.
/.er, but Photoshop is one of the few examples of absolutely phenomenal closed-source software.
Gimp is an extremely awkward UI. Photoshop is nice and clean.
You seem to be complaining about the fact that people have legitimate reasons not to use gimp. I'm one of 2 linux users in an all-windows shop, and I hate non-open software as much as any
Do I wish it was open? Hells yes. I have no doubt it'd be a lot better.
(2 * B) || !(2 * B)
Seems like that should always return true.
no question.
You know, that's actually not an entirely bad analogy, but the way I see it, it proves the opposite of your point. A person who walks into a house and explores it is certainly guilty of trespassing and probably more, but if he hasn't taken anything, then he isn't guilty of burglary and shouldn't be tried for it.
People exploring networks often do it for no reason other than to see what's there. They may use illegal means to do so, and they should be held responsible for that, but the fact is, a lot of grey hats are harmless- they just want to see what they can do.
Every online payment application I have available to me, including my (very large) ISP's web interface, my student loan, my utility bill, my home loan, and my bank, has at least one serious xss, session fixation, or SQL injection hole. I've informed them about the problems, and not one has made an effort to fix the issue.
They have all, however, failed to remove the text from their respective web sites saying: We have information systems that collect and store customer information in addition to systems that store our own business records. These systems have different types of security as appropriate for the information stored. We maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your nonpublic personal information. What's a gray hat to do?
If I make such things public, they pursue legal action against me. Posting anonymously may or may not help, but they still know that I know about the holes, and it wouldn't be hard to put 2 and 2 together.
Try turning off your lappy's monitor, and holding it up to the light. The apple logo clearly shines through and illuminates the darkened monitor.
It's not inconceivable that even with the light on, there's enough of a 'watermark' to subtly influence your creativity.
Also there's the little apple at the top left corner of the screen.
And 2 on the keyboard (with lights behind them as well), IIRC.
That said, I think it's all bullshit.
Somebody correct me if I'm wrong, but in my drunken nights of playing guitar hero, I never found a way to play notes whether the game prompts you or not. It's completely reactive, like DDR. It just makes nasty noises at you for choosing to play Anarchy in the UK with a ska rhythm.
I'm aware of the system, but the company loaning the money to the artists.
Maybe saying they funded it was the wrong word, but it is their investment that makes the whole recording process happen. Of course they expect a return on that investment, but they are still taking a risk on a new artist.
More important, does ikt run Linux?
For that price, it better
While I completely agree with you, it should be noted that the labels funded the recording process. That and advertising are what they're there for, though they're needed for each less and less every year.
There are still a few good labels out there, but they're certainly not the controlling majority of the RIAA, and most refuse to even be members.
Mod me troll, but you sound like you're talking out of your ass. Care to reference some of those 'facts', such as the need to send astronauts up to fix the registry, satellites running windows, and the satellites getting infected from a user browsing the internet through it...?
Considering the huge amount of commerce that goes on between the US and China, it will never happen. It's not exactly a tiny little island like Cuba.
That said, if it ever did happen, it would probably be very effective.