Posts by adnim 2081 publicly visible posts • joined 11 Apr 2007
£261,000 for a website that looks like a Wordpress template is taking the piss. Why doesn't the government actually use competent IT staff (presuming they have any) that are already on the payroll to create such websites instead of contracting such work out? As for infrastructure there are plenty of hosting companies out there that would charge less than £1K pa to host such a site dependent on traffic. (500Gb per month).
this looks like a good move. My only reservation is Adobes track record on security. I could be wrong but I expect that creating such web animations in a text editor and Gimp will be a much more secure alternative. Nice of them to provide this for free though.
I am sure that it will be just as easy to block this kind of advertising as it is to block flash, just block the ad servers. This is much more efficient that blocking individual ads anyway.
As anyone with an IQ in double figures would block any attempt by pirated software from connecting to any server over the Internet. I guess because they cannot see it they presume it doesn't exist.
I wonder if they believe that because gravity cannot be seen it mustn't exist either.
Big fail.
"It's now becoming increasingly difficult to differentiate between attacks on military, communications, financial, civilian or critical infrastructure targets,"
Seems to me if an attempted hack against military infrastructure is detected then it constitutes an attack on a military target. If an attempted hack against financial infrastructure is detected then it constitutes an attack on a financial target. If an attempted hack against....
I suppose many different systems could be targeted at once to hide a real attack amongst the noise. However, common sense tells me it would be wise to make any hack as quiet and as undetectable as possible. Unless of course the motive is to expose the inadequacy of security measures.
In and out without necessarily shaking it all about.
For me no such entity exists. Even though I haven't yet heard of any CD's, laptops or USB keys containing Facebook user data being left on a train.
"Moving to a model where the citizen maintains their own personal data...,"
I'd go with that idea but only if there is a delete button.
There have been weekly, sometimes daily directory traversal attacks against my web server since it went live almost two years ago.
"A lesser-known attack called directory traversal is the single most commonly used technique in real-world web application attacks."
Does this statement not seem a little contradictory?
Perhaps it is webmasters that know little of this attack vector, because hackers are certainly aware of it. Perhaps script kiddies are too, it's hard to say for sure as running pre-made scripts requires no knowledge of what those scripts actually do.
Possible mitigation:
When a request for a file/directory is made, build a full path to the file/directory, and normalize all characters. Make sure the document root is fully qualified, normalised and that the string length of this path is known. The start of any fully qualified path of any request should match the string and the string length of the document root. Any request that doesn't meet this criteria should be dropped.
I absolutely agree, data is data is 1's&0's. Differentiating usage by content should be illegal. As you have mentioned it requires that the provider spy on the user to determine packet content/sites visited. I see no problem at all charging per Mb, this would by fair and there is no need to spy on the user.
all these SPADS will be independent, honest and above reproach. They will also be free of interest conflicts, not have any way to gain financially from the advice given. They will have no hidden agenda nor links to any business that might be advantaged from the advice they impart.
After all it is not unreasonable to expect integrity from public employees and their advisors
As should all public employees in prominent roles. An independent PR consultant paid for out of the public purse and answerable to the public.
A PR consultant that is free to examine any documentation produced that relates to the job description of the public employee, and those that documents that don't if the prominent employee is using the workplace.
A PR consultant that then presents an image of that public employee to the public, his/her employer, in a truthful light.
Public accountability for public employees, nothing to fear nothing to hide.
for hackers.
Taking into account Microsoft's track record on security.
In the land of MS where the shadows lie.
One codez to rule them all, One hack to find them,
One codez to own them all and in the darkness bind them.
One exploit owns every Windows powered device, interesting times ahead indeed.
this is what official reports and statements usually cover. How systems are built, how they will work and how policy will protect that system. Systems and policies can be designed and implemented in such a way that they in themselves could be described as adequate, maybe even perfect.
The weakness lies in the humans that administer, access and update those systems. Electronic devices and computer systems are not susceptible to such things as greed, envy, hatred, egotism or indeed any negative emotion that may cause them to perform out of spec. Humans on the other hand...
Be it a police database or a cloud storage service, if a human can access that data, the data is vulnerable to theft or misuse. Regardless of the promises and guarantees of those who would be the custodians of your data, if anyone other than yourself can access your data it has already been compromised.
Therefore MAC address has the potential to identify the user.
The EPC in a barcode that is scanned at check out is unique to the device being purchased and identifies that particular device. Therefore there is a link between the device purchased and the customer's card information should the customer have used a card. If cash is used for payment, POS software records the time and date of transaction and if the store has CCTV, you best be smiling or have your good side facing the camera.
Manufacturers know which device has which MAC address/Serial No and to whom it was shipped and when.
So a MAC address leads to a manufacturer and then to the store in which the device was sold.
A search of sales records will show when and to whom the device was sold.
Whilst this trail maybe a little difficult for your average stalker to follow, authorities won't have any problem at all.
the only sensible application to use to interact with Facebook is Firefox with a few choice addons to block third party cookies and scripts, minimise data exposure and control script execution.
A black box, be it a software black box, that does what the employers of the developers think is best practice, regardless of what your position on data egress is, is not a sensible application.
How about a democratically elected dictatorship who farm the population?
"Where there is no consent, there is no power, and no right.". Ideally so but I see a problem here.
Your rights as you perceive them are irrelevant, it's how those rights are interpreted by a legal system that is either sympathetic or hostile to your position.
very much so, not only that, you have hit the nail on the head with the short memory or perhaps attention span of the public in general.
We are all slowly being screwed over by degrees. If it's not corporations and big business it's the antics of government and politicians. It seems once the umbrage from the latest outrage has subsided and the new status quo accepted, along comes something else that exploits the consumer, erodes liberties or just take the piss.
of advertisements with liberal pinch of salt, I expect that there was often more truth to be found in the Daily/Sunday Sport.
"Breaking consumer laws looks bad. Deceiving your customers looks worse. To do both could spell the end of your business."
To do either SHOULD spell the end of the business or at the very least lead to very public humiliation and a very large fine.
between this avoid all responsibility for the quality of this software statement and the EULA on most if not all other software is what exactly?
The results returned if in error would just be declared a false positive, I am not aware of any AV companies being sued for bricking an OS. Or MS being sued for selling product that is so flawed that it lends itself to being owned by unauthorised third parties.
It is a get out of jail free card and whilst I accept securing and ensuring the reliability of complex software systems is difficult, I would much more prefer a statement along the lines of "There is no guarantee that this software is fit for purpose" in an EULA rather than the weasel words that are usually employed.
is that if an omnipotent all powerful creator does exist, the whole Universe could be a few seconds old and everything that anyone believes, scientists and god botherers alike, all the memories of everyone on the planet if indeed we are on a planet, plus all the evidence for past events is complete fabrication or creation.
Alternatively 13.7 billion years ago the most powerful AI ever conceived by man was switched on for the first time.
But then again it could have been that quantum fluctuations in the void got a bit out of hand and after that conservation of energy/momentum, chance and entropy took over.
Everyone has a right to believe in what ever floats their boat. What I object to is any one belief system insisting its doctrine is absolute truth and that the believers in that system subjugate, ostracise, maim and kill others just to prove they are right.
consoles such as the XBox did not exist. This title was designed for PC and ported to the XBox. The problems that manifest themselves on the XBox are absent in th PC version.
I am rather pleased that console players get to understand what it is like to play a poorly ported game on their console systems, it's about time too, for six years that is exactly what PC gamers have had to put up with; Poor quality ports.
Yes the game is not cutting edge, but to me it's fun and not at all to be taken seriously.
£9.99 seems a fair price though.
"Email addresses in the batch reportedly included .mil and .gov users, some of who may have some serious explaining to do."
I don't think they should have to explain anything. Which holier than thou asshole has decided that an interest in pornography should be something to be ashamed of?
To me buying product from a company that exploits and abuses it's workforce is a far more heinous act.
Oh, wait a minute, I guess the two aren't exactly mutually exclusive...
don't any of the multitude of devices in use in my home interfere with each other?
Several P.C's 2 of which are always on 24x7. two laptops on and off at various times of the day, 3 mobile phones, one wireless router, one ethernet switch, a couple of external USB hard drives, one CRT monitor, a couple of LCD monitors, one LCD television, one freeview box, a portable media device, HiFi system, guitar amplifier, zoom guitar effects box, midi keyboard, wireless doorbell, several digital clocks none of which run backwards and one of which synchronises with a time signal from Rugby.
Is EMF shielding too heavy for use in aircraft. Or is a scapegoat being sought for the diminishing quality of aircraft components designed to reduced cost?
As a mild attempt at humour; Most things can bring down a plane if thrown hard enough.
the mark has to enter login credentials somewhere for them to be phished. That somewhere is usually a compromised web server. It's cheaper and less likely to be tracked back to the perpetrators than if said perpetrators rent web space. You are right it doesn't matter which stack the server runs, but as the majority of web servers run the LAMP stack...
considering it is a lot easier to mis-configure and fail to update the LAMP stack than it is to secure it.
Then there are all those GUI's, themes, admin interfaces etc. that web admins install to make administration easier. What's more it is far easier to write insecure php code than it is to write secure php code.
I get several attacks a day on my LAMP server, usually they are scripted attacks looking for admin interfaces and directory traversal exploits.
My advice is install the bear minimum, use Vi and the sql command line tool to configure the stack and avoid using third party tools unless you know php and understand exactly how the code behaves and can fix any bugs or flawed validation routines. Using a simple text editor to configure a LAMP server forces one to learn how the components interact and leads to a greater understanding of the system.
I would recommend removing all the system commands that are not required to configure the server and make those that remain available to one user only (not necessarily root) and not every user of the system. I accept that this may not be possible in some deployment scenarios.
That the majority of dutch parliament members do not have shares in, are not on the board of and do not have friends who are CEO's of dutch telecoms companies. Either that or integrity rules supreme in dutch politics. Perhaps a mixture of both.
I am skeptical of the possibility that UK MP's will adopt the same stance.
I will never use cloud based storage for anything of any value. If I was guaranteed 100% availability, 100% reliability and the systems, that's the hardware and software, were 100% secure.
There is a human involved somewhere, hardly infallible are humans. Some of them are greedy for possessions and money, some get into debt, some do naughty things that leave them open to blackmail.
Basically human integrity can be bought. Each person has his price.
If this guy is a hacker and not a script kiddie, what surprises me is that he was smart enough to hack yet dumb enough to be traced. Perhaps he was a script kiddie after all. I can only presume he ran his downloaded tools from his own ISP account. Either that or he bragged about it to the wrong people or in the wrong place.
Maybe he is innocent and the real hacker used his unprotected wireless access point.
We are all misguided by bad advice at sometime in our development. If by the age of 35 one hasn't the faculty to recognise the difference between good and bad advice, tragedies like this will continue to happen.
This man believed burying himself would improve his luck, his faith in this belief was strong enough that he did indeed bury himself. We should be grateful his belief system was relatively benign, at least with respect to others.
Theres a joke here somewhere connecting pre-purchasing of future software releases and pre-burial for a future death, I just don't feel like finding it.
The core of the game is very good, exciting, entertaining and challenging.
The use of Windows live and needing to install Windows live id as service and have it running, the long load times and patronising commentary almost destroys what in essence is a very good game.
After playing for an hour with about 40% of that hour in loading screens, I am not particularly inspired to load the game again. I got some grief on my plate at the moment and I am not a happy bunny, I know this is affecting my patience. I will try the game again when my mood improves, perhaps my patience with the game will improve too. But at the moment the pleasure is not worth the pain.
This is my opinion and such things are subjective, but the use of Windows live in any game immediately annoys me and takes at least 30% off any rating.
"There is nothing wrong with your television set. Do not attempt to adjust the picture. We are controlling transmission. If we wish to make it louder, we will bring up the volume. If we wish to make it softer, we will tune it to a whisper. We will control the horizontal. We will control the vertical. We can roll the image, make it flutter. We can change the focus to a soft blur or sharpen it to crystal clarity. For the next hour, sit quietly and we will control all that you see and hear. We repeat: there is nothing wrong with your television set. You are about to participate in a great adventure. You are about to experience the awe and mystery which reaches from the inner mind to..."
our propaganda machine?
the pockets of our shareholders?
the delivery of our software?
our control of the airwaves?
all of the above?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
