Well I am completely against the apparent weak encryption and their lack of shielding but I think the big brother concerns are a little overblown. I don't think this is part of some massive systems to track us. Unless the U.S. is setting up this massive trackng network on cruise ships and all over foreign countries... I don't think it will suck in much.. unless of course they enjoy getting receiving data from my passport that always reports that I am 1) at home or 2) on my way to the airport. Seriously.. what U.S. citizen carries their passport everywhere they go domestically?
Maybe but I don't think advertising ruins everything. Look at all of the sites that are more popular than Craigslist. Show me which ones don't have ads. Hell look at the top of the screen as you read this.. what's that? An ad! Just make it small/low key and do more with it. Not might site, so who cares but it would be nice with their amount of traffic.
One thing that has always baffled me is that they don't put up any web advertisements for the purposes of bringing in income. They are pretty low budget in terms of operating and only really charge for certain [commercial] listings. Why not put up some ads though? Even if you want to be modest and don't need the money, you could at least donate it to charity or build a big stack of 100 dollar bills, put two eyes on them, and tell people this is the money you could be saving with Geico. Come on!
This is great news and I am happy it was a successful sting operation. Bringing these guys down is something we all like to see and it helps make a lot of hard work of different people pay off. However, there is one item that has been mentioned a few times in other articles that blows my mind on this. From the Wired article:
The German report confirm rumors that have swirled around DarkMarket since late 2006, when uber-hacker Max Ray Butler cracked the site's server and announced to the underground that he'd caught Master Splynter logging in from the NCFTA's office on the banks of the Monongahela River.
In other words they were completely outed, although unsuccessfully, prior to the German report. They were actually hacked and exposed two years ago. That's pretty bad operations security. Never run/manage your sting site from where you really are.. well at least if that plays ties back directly to law enforcement. That's kind of like if a DEA agent showed up to a drug buy and parked his marked police car behind the dumpster nearby.::face palm::
It's always good news and encouraging to see progress like this. While it's certainly not a requirement for most parties to have software/websites that are compliant for people with disabilities, it's good to see when things are designed so they can readily use them. In the government public websites and software services are required to be Section 508 compliant -- meaning they work for those with disabilities. This has to do with colors, alt-tags, text placement, etc. One could make an argument that perhaps that same requirements should be levied on companies providing public services, however, I am not making such an argument. However, it would seem it might make business sense in many cases when you have a popular service to make it friendly to those with disabilities (i.e. the blind).
---
On a side note.. not to be insensitive... but I find it absolutely hilarious that as I am writing this response, the Slashdot Google Ads are:
"Next Day Blinds - Official Site of Next Day Blinds. Blinds, Shades, & Shutters" - coincidence? I think not.:)
Can someone name a bunch of these games that are failing and not making money because of piracy? There's a difference between the majority of people playing a game pirated it and your game blows donkey balls and the only people that -tried- it (and subsequently immediately deleted it) pirated it. I haven't bought/played a new computer game since Doom 3 personally. Haven't been a big fan of computer games in years. However, I think most people just aren't playing them, not that they're all being pirated. Maybe I am wrong.
Just an FYI: AOL has always allowed users on AOL to see if another AOL (or CompuServe..once upon a time) has viewed their e-mail. It would also tell you when they opened it. This is a default capability built into AOL since 2.0 or 2.5 (early-mid 1990's). All one had to do is check their sent e-mail and click to check the status. So long as it was to another AOLer, one could see the status. Keep in mind how large AOL used to be in user base and this was a standard practice.
What do they mean by "little known" here? I think probably every major federal agency probably has at least one Google Search appliances and they sell several other services. I think -every- company like this wants to work with the government, it's not some secret they're a big market. Hell, Google has space on NASA property and I here's an article from Slashdot from 2006 about them entering into a partnership with NASA:
They've also voluntarily turned over data to the feds before as made very public. Where's the the secrecy about working or wanting to work the government? Let's not forget their job posting for a Federal Sales person - http://www.google.com/support/jobs/bin/answer.py?answer=80784
Yes I used to be a Silver Powerseller once upon a time and I've only had a few transactions fall through. Fortunately two of these people contacted me immediately after and I just let it go. The third I did exactly as you described. However, just judging by the amount of negative feedback I see on many people for not paying, I'd say the vast majority do not file this or eBay doesn't delete/block them so easily - or perhaps they do these in rapid succession?
I think it's obvious the data about the vindictive nature of many sellers may be accurate. However, being able to leave negative feedback for buyers is important and I think they need to find a way to make it work better. If you're selling a high priced item (or really any item for that matter) and you get some bozo that bids with no intention of paying, this can be pretty detrimental to a sale - especially if it's time sensitive (tickets, special event going on, motivated to sell, etc.). Sometimes these same people that are selling these items time sensitive or not, want to be able to look at their top bidders and know if they're serious. You might have a guy with 25 positive feedback, but when you see he has 35 feedback total with 10 negatives for not following through on his last 10 transactions, it's good to be able to cancel/block this guy.
There are obviously some flaws with the system (human flaws right?), but there should be a good remedy to make this work a little better.
Well I am not sure whether people should worry much about this. Why you ask? Well the TSA folks generally aren't that bright. This means one of two things will happen.
1) The TSA agents won't know what a Lithium battery is and people that have extra batteries won't be affected - should they forget about or ignore the rule.
2) The TSA agent won't know what a Lithium battery is and people that don't have Lithium batteries will have them confiscated/removed because they are idiots.
Which one is more likely and should we worry in either case?:D
Forget the U.K.: What happens here if the IRS loses our data? Hmm, I don't know, not a whole lot? Just using the number of publicly reported data breaches and privacy information losses, I would just work on the assumption someone has this data already. It's not like there aren't dozens of websites where someone can pay $15 and get all this same information anyway. What's the best you can really hope for? That they give you a free year of credit monitoring? Maybe they'll fire someone or penalize them? Who knows.. I just say work under the assumption someone has this data already. What are you doing right now to protect yourself?
So it making some changes to only 200 lines of code normally considered a major change? Sounds like you could get away with rewriting this in under an hour and not affect much.. but what do I know. Good luck.
Ok.. I don't see this having any effect what-so-ever on Nintendo or Microsoft. Hell, who really cares here? PS2? The PS2 slim is already super small, it can't get much smaller than it is now...will it really have that much value? Plus, wouldn't this hurt Sony as much as any other? You know.. spending $99 to buy a PS2 instead of $400+ for a PS3? What a waste of time and money.
This is something that has been known and announced for many months now. Additionally, the new variants of it do not seem to trigger DDoS attacks in quite the same way.
Problem: he could not unlock the computer he stole and without the necessary drivers, he couldn't use the printer. So um... how did he unlock the computer? I'm not quite following that part.
I have see a few posts that seem to zero in on RBN and SPAM. Unfortunately, if you read the article or at a slightly familiar with RBN, you would know it's a whole lot worse than that. An extremely large and extremely disproportionate amount of the hosts in the RBN ranges house malware, virues, trojans, command and control sites (for bots), and child pornography -- in addition to the SPAM issues. It really is a bad place on the Internet; one of if not he worst. If you are at an organization where you can block them, you should if not at least check your logs and see if your hosts are going there and why.
LOL.. what a tag this story has -- "unconstituational." Last time I checked the constitution didn't outlaw knowingly purchasing a vehicle with an additional feature that you pay for that has capabilities to disable your car if law enforcement gets involved. Then again I haven't read it over in a while, I could be wrong.
ARP attacks against websites like this are relatively uncommon but fairly easy to do. ISC (isc.sans.org) did a write-up not too long ago where someone's customer was attacked like this. Due to a lack of switch security and clients not using static ARP tables etc. this attack will exceed pretty frequently when hosts are on the same subnet/VLAN. I'm not sure the CSIRT website gets too much traffic to begin with, definitely more after being slashdotted. I don't think saying that their user-base doesn't use IE or is fully patched is accurate. Besides, from an attacker's point of view: who cares. It's hit or miss..and nothing happens when they miss. On top of that, who says they aren't arp spoofing this into every host and webserver on the network there? CSIRT might just be 1 of 100.
Btw the first exe is pulled from the domain mentioned which then pulls a second file (100.exe) from another domain. It appears to be a password stealer. What a sad bunch of people doing all this crap.
Slashdot Mirror
Well I am completely against the apparent weak encryption and their lack of shielding but I think the big brother concerns are a little overblown. I don't think this is part of some massive systems to track us. Unless the U.S. is setting up this massive trackng network on cruise ships and all over foreign countries... I don't think it will suck in much.. unless of course they enjoy getting receiving data from my passport that always reports that I am 1) at home or 2) on my way to the airport. Seriously.. what U.S. citizen carries their passport everywhere they go domestically?
Maybe but I don't think advertising ruins everything. Look at all of the sites that are more popular than Craigslist. Show me which ones don't have ads. Hell look at the top of the screen as you read this.. what's that? An ad! Just make it small/low key and do more with it. Not might site, so who cares but it would be nice with their amount of traffic.
One thing that has always baffled me is that they don't put up any web advertisements for the purposes of bringing in income. They are pretty low budget in terms of operating and only really charge for certain [commercial] listings. Why not put up some ads though? Even if you want to be modest and don't need the money, you could at least donate it to charity or build a big stack of 100 dollar bills, put two eyes on them, and tell people this is the money you could be saving with Geico. Come on!
The German report confirm rumors that have swirled around DarkMarket since late 2006, when uber-hacker Max Ray Butler cracked the site's server and announced to the underground that he'd caught Master Splynter logging in from the NCFTA's office on the banks of the Monongahela River.
In other words they were completely outed, although unsuccessfully, prior to the German report. They were actually hacked and exposed two years ago. That's pretty bad operations security. Never run/manage your sting site from where you really are.. well at least if that plays ties back directly to law enforcement. That's kind of like if a DEA agent showed up to a drug buy and parked his marked police car behind the dumpster nearby. ::face palm::
It's always good news and encouraging to see progress like this. While it's certainly not a requirement for most parties to have software/websites that are compliant for people with disabilities, it's good to see when things are designed so they can readily use them. In the government public websites and software services are required to be Section 508 compliant -- meaning they work for those with disabilities. This has to do with colors, alt-tags, text placement, etc. One could make an argument that perhaps that same requirements should be levied on companies providing public services, however, I am not making such an argument. However, it would seem it might make business sense in many cases when you have a popular service to make it friendly to those with disabilities (i.e. the blind).
:)
---
On a side note.. not to be insensitive... but I find it absolutely hilarious that as I am writing this response, the Slashdot Google Ads are:
"Next Day Blinds - Official Site of Next Day Blinds. Blinds, Shades, & Shutters" - coincidence? I think not.
Unfortunately the owner of Nissan.com has been sued into the ground almost and has lost a ton of money. :(
Can someone name a bunch of these games that are failing and not making money because of piracy? There's a difference between the majority of people playing a game pirated it and your game blows donkey balls and the only people that -tried- it (and subsequently immediately deleted it) pirated it. I haven't bought/played a new computer game since Doom 3 personally. Haven't been a big fan of computer games in years. However, I think most people just aren't playing them, not that they're all being pirated. Maybe I am wrong.
Just an FYI: AOL has always allowed users on AOL to see if another AOL (or CompuServe..once upon a time) has viewed their e-mail. It would also tell you when they opened it. This is a default capability built into AOL since 2.0 or 2.5 (early-mid 1990's). All one had to do is check their sent e-mail and click to check the status. So long as it was to another AOLer, one could see the status. Keep in mind how large AOL used to be in user base and this was a standard practice.
What do they mean by "little known" here? I think probably every major federal agency probably has at least one Google Search appliances and they sell several other services. I think -every- company like this wants to work with the government, it's not some secret they're a big market. Hell, Google has space on NASA property and I here's an article from Slashdot from 2006 about them entering into a partnership with NASA:
http://science.slashdot.org/article.pl?sid=06/12/18/1640230
They've also voluntarily turned over data to the feds before as made very public. Where's the the secrecy about working or wanting to work the government? Let's not forget their job posting for a Federal Sales person - http://www.google.com/support/jobs/bin/answer.py?answer=80784
The super secured networks you are reading about are not accessible from the Internet and most likely haven't been penetrated.
Yes I used to be a Silver Powerseller once upon a time and I've only had a few transactions fall through. Fortunately two of these people contacted me immediately after and I just let it go. The third I did exactly as you described. However, just judging by the amount of negative feedback I see on many people for not paying, I'd say the vast majority do not file this or eBay doesn't delete/block them so easily - or perhaps they do these in rapid succession?
I think it's obvious the data about the vindictive nature of many sellers may be accurate. However, being able to leave negative feedback for buyers is important and I think they need to find a way to make it work better. If you're selling a high priced item (or really any item for that matter) and you get some bozo that bids with no intention of paying, this can be pretty detrimental to a sale - especially if it's time sensitive (tickets, special event going on, motivated to sell, etc.). Sometimes these same people that are selling these items time sensitive or not, want to be able to look at their top bidders and know if they're serious. You might have a guy with 25 positive feedback, but when you see he has 35 feedback total with 10 negatives for not following through on his last 10 transactions, it's good to be able to cancel/block this guy.
There are obviously some flaws with the system (human flaws right?), but there should be a good remedy to make this work a little better.
Well I am not sure whether people should worry much about this. Why you ask? Well the TSA folks generally aren't that bright. This means one of two things will happen.
:D
1) The TSA agents won't know what a Lithium battery is and people that have extra batteries won't be affected - should they forget about or ignore the rule.
2) The TSA agent won't know what a Lithium battery is and people that don't have Lithium batteries will have them confiscated/removed because they are idiots.
Which one is more likely and should we worry in either case?
If anyone wants to save some time (like 30-60 seconds) with Base64 to Ascii:
eyAnOicgPT4gJycsICcgJyA9PiAnLScsICdzXG4nID0+ICdzLmNvbVxuJyB9 converts to { ':' => '', ' ' => '-', 's\n' => 's.com\n' }
Man this story would have never made the news or Slashdot if the part about there being a typo of 'transsexual' hadn't been included!
So it making some changes to only 200 lines of code normally considered a major change? Sounds like you could get away with rewriting this in under an hour and not affect much.. but what do I know. Good luck.
[+] security, apple, macosx, securitythroughobscurity, leopard (tagging beta)
:)
It seems to be missing the defectivebydesign tag that everyone likes to throw around.
P.S. I'm using OS X right now (not Leopard though).
Ok.. I don't see this having any effect what-so-ever on Nintendo or Microsoft. Hell, who really cares here? PS2? The PS2 slim is already super small, it can't get much smaller than it is now...will it really have that much value? Plus, wouldn't this hurt Sony as much as any other? You know.. spending $99 to buy a PS2 instead of $400+ for a PS3? What a waste of time and money.
This is something that has been known and announced for many months now. Additionally, the new variants of it do not seem to trigger DDoS attacks in quite the same way.
I have see a few posts that seem to zero in on RBN and SPAM. Unfortunately, if you read the article or at a slightly familiar with RBN, you would know it's a whole lot worse than that. An extremely large and extremely disproportionate amount of the hosts in the RBN ranges house malware, virues, trojans, command and control sites (for bots), and child pornography -- in addition to the SPAM issues. It really is a bad place on the Internet; one of if not he worst. If you are at an organization where you can block them, you should if not at least check your logs and see if your hosts are going there and why.
LOL.. what a tag this story has -- "unconstituational." Last time I checked the constitution didn't outlaw knowingly purchasing a vehicle with an additional feature that you pay for that has capabilities to disable your car if law enforcement gets involved. Then again I haven't read it over in a while, I could be wrong.
ARP attacks against websites like this are relatively uncommon but fairly easy to do. ISC (isc.sans.org) did a write-up not too long ago where someone's customer was attacked like this. Due to a lack of switch security and clients not using static ARP tables etc. this attack will exceed pretty frequently when hosts are on the same subnet/VLAN. I'm not sure the CSIRT website gets too much traffic to begin with, definitely more after being slashdotted. I don't think saying that their user-base doesn't use IE or is fully patched is accurate. Besides, from an attacker's point of view: who cares. It's hit or miss..and nothing happens when they miss. On top of that, who says they aren't arp spoofing this into every host and webserver on the network there? CSIRT might just be 1 of 100. Btw the first exe is pulled from the domain mentioned which then pulls a second file (100.exe) from another domain. It appears to be a password stealer. What a sad bunch of people doing all this crap.
Yea, hate to say it, but does this randomize button.. randomly put these checkpoints near a group of middle eastern people? :D