How?
This might be a silly question, but why are the POS systems hooked up to the net, and how is it possible for the attackers to find them?
53 publicly visible posts • joined 2 Mar 2011
It's not just the fact that the salary is low compared to the private sector.
You've also got to factor in the personal risk that comes with such a job. You're instantly a more interesting target.
Then there are the additional restrictions placed on you - not being able to discuss your job, keeping a low profile etc, not to mention the travel restrictions you face that even last for a year after you've got sick of the pay and quit.
I haven't used Wordpress that much, but if I'm not mistaken it is possible to do a Wordpress backup (posts, comments) etc., bomb the WordPress directory, reinstall WordPress, theme and plugins and restore from backup. Seems like this would be safer than manually looking through files in an attempt to discover malicious code etc. It doesn't take that long to reinstall everything.
Perhaps I'm missing something though; if anyone knows any better I'd be interested in hearing.
I think it's such a shame that people like him, who obviously have at least some skill/talent/dedication, spend their time and effort on just causing mischief rather than doing something productive and beneficial. I know people bitch a lot about the infosec community, but I'm sure it can't hurt to have a few more white hats around. I've no idea what motivates people to join the dark side, but I find it rather disheartening.
I think what's really interesting is that people are just accepting friend requests left and right. What's the point of 'friending' people you don't even know? Is it to boost your friend count as though that holds some sort of social credibility? Are people really that insecure/lacking that much self-esteem that they want to 'friend' everyone?
Back when I used Facebook, I only ever accepted people whom I was actually friends with and spoke to on a regular occurence. Sure, I only had a few dozen friends on there, but I'd go for quality over quantity anytime.
"Ghioni said his "precise mechanism" would need the "collaboration" of operating system manufacturers such as Microsoft and Apple to log all activities on their systems, according to the automated translation of the report."
My interpretation of this is system logs that are then uploaded to some central store.
What's next? We all wear pinhole cameras on our coats to monitor what we've been up to?
How soon before Linux becomes outlawed by not following this requirement?
Give me a break.
"according to an email John 'Warthod9' Hawley, the chief administrator of kernel.org, sent to developers on Monday. It said a trojan was found on the personal machine of kernel developer H Peter Anvin"
It wasn't his machine that was compromised.
One thing I always wondered was if a source repository is hacked and its contents modified, what is there to stop them modifying the list of hashes too? What with all the (in)security issues with websites, it seems that it wouldn't be too farfetched for such an eventuality to occur.
I don't particularly like Facebook - I have an account that I log into once every few months just to have a quick look at what old friends are getting up to, but that's it.
That being said, I feel some are being a little harsh in the way they are expressing their opinion of the author for this article. It was not the author suggesting a $1tn valuation, rather citing a WSJ interview article regarding valuations and the 'tech bubble'.
One cannot rule out entirely that Facebook will not be as successful as Google in terms of revenue and worth, however personally I don't see it. Then again, if I could, I would probably be raking in the cash myself working for them.
My gut feeling, though, is that eventually Facebook will be superceded by the next best thing, whatever that may be.
As these are US artists, why aren't the pair being extradited to the US as with the British CS student
(Not that I want that to happen, though)?
The pair blackmailed, planted malware and went on a phishing rampage for financial gain by selling copyrighted material, yet the CS student merely linked to copyrighted material?
Some inconsistencies going on.
"if the currency were to become less attractive to pay for illegal drugs..."
Not too keen on that spin in the article, it sounds like that's all bitcoins are used for. Of course they *could* be used for such activities, including laundering, but as with everything else it's not the technology that's to blame.
The site was unavailable when I tried to access it, so I'm just going off the article. If they have actually published the user details (email, password etc.) then they have no credibility whatsoever. You don't start complaining about a lack of security and then just show the contents to the world. Karma - 1 for them.
I heard artists earn around 1% of each sale and the rest goes to the label. That's a whole load of BS in and of itself. Then you get these artists who, despite being *paid* to *work* at gigs, have a whole host of demands that go along with each one, such as tea made from leaves picked by blind Tibetan monks brewed with the tears of a child born by immaculate conception The entire industry is messed up, it would never slide elsewhere.
It's news because they have improved upon previous methods in such a way that the feasability of the attack is increased and the accuracy of which can be constantly improved upon through sampling and training. Also because Skype is the main target for such an attack (popular and thought to be secure).
This is my best guess based on having previously read into the research this was based on (concerning VBR in VoIP).
The music would have to be loud enough and varied enough (e.g. DnB as opposed to classical) in order to make a significant impact upon the bitstream (such being the nature of VBR encoding) in relation to the voice. Not sure if that makes sense.
If you had two people speaking simultaneously with short pauses between words and they both spoke with the same loudness, it would be harder to separate the words. If one person said one word, and the other another, the resulting bits would be as if only one person had spoken, and what he/she spoke was a single messy mash of the two words.
Perhaps an analogy is in order... if quiet background music is represented by a drop of yellow paint, and loud voice is a pot full of blue paint, mix the two together and you get a very-slightly-green blue paint. The yellow wasn't substantial enough to significantly alter the result and anyone looking at the paint will say it's blue, despite there being some yellow in it.
If you have a *pot* of yellow paint (*loud* background music) and mix the two together, you have a completely green paint. You have no idea if this was the original colour paint, or a combination of a range of colours, and there is increased difficulty in determining what the original colours/shades were.
tl;dr - Music would need to be noisy and make your voice pretty indistinguishable to a machine
I'm no expert but I'm pretty sure a ping wouldn't work. Essentially, what you're actually referring to is the DNS lookup that takes place when you ping a URL. I'd imagine that if you were connected directly to the Chinese ISP, the DNS lookup would fail since their nameservers will not have any entry for facebook.com and therefore will not return an IP address.
I don't think the employee can be entirely to blame here.
Unless the company has a well-defined protocol for communication, how is an employee to know whether an email purporting to be from admin.hr@rsa.com is genuine or not?
Additionally, as the attachment contained a zero day exploit for a third-party app, I'm guessing that the email antivirus and system antivirus did not pick anything up.
Probably due to the extensive coverage in the media, one would assume.
If they just sat back idly and watched the events unfold, I'm sure people would have a thing or two (more) to say about our government.
One thing I didn't quite understand in this analysis was the remark about using so few Tornadoes in Libya. Surely this is a good thing as, as pointed out by the author, their payloads, running costs etc. are expensive.
Not that I know anything about military stuff though.
If hackers really did get to the crown jewels, thus compromising SecurID's security, RSA shouldn't hestitate for even a moment to reveal this information publicly. They cannot be taken seriously as a security vendor if the security of their customers is not their highest priority.
I would have thought the best option would be for them to assume the worst - yes, by all means refresh customers' memory regarding best security practices, but how about also telling them something along the lines of 'While we investigate, assume SecurID is broken and take necessary measures to mitigate its loss', as opposed to keeping quiet and hoping for the best.
I was under the impression that ANY amount of radiation increases your risk of health issues, similar to the mutations that occur from smoking a few cigarettes, being somewhat like Russian roulette where the bullet is a bad mutation - while some people can happily puff away for 30 years without cancer, others may develop it quickly.
Of course, we're all exposed to differing levels of radiation all the time from a multitude of sources.
However, surely it can't be considered ridiculous for people to prevent their young children from being exposed to yet another source?
If anyone has some knowledge on that, I'd appreciate hearing it.
You have to remember that not everyone knows what HTTPS really means, let alone that their data can be redirected to another ISP, rogue or otherwise. I'd hazard a guess at saying a large majority of those who do have at least some clue about HTTPS think it's to protect them in public/open wifi hotspots, libraries etc.
I think the reason why some people here, and people in general, think that it is not a 'minor incident' is for the fact that the incident at the power plant immediately proceeded the devastation caused by the earthquake and following tsunami, causing people to associate said devastation with the Fukushima incident.
Given all the footage of the damage and loss of life, it's easy for people to be a bit hysterical about the Fukushima plant.
I admit that I, myself, was roped into the media frenzy surrounding it, following it every day, not knowing what to make of the information coming out. I eventually stopped following it because I kept reading seemingly contradictory information - generally along the lines of "radiation levels raised but well below limits for concern to health" and "OH GOOD GOD HEAD FOR THE HILLSSSS".
If the nuclear incident had happened on its own, I would imagine there would have been less of a panic about it.
This is a good example of why it's important to secure your wifi. I know people who refuse to do so.
When confronted about loss of speed they might encounter, they say they only use the internet for browsing anyway.
When confronted about privacy issues, they say they have nothing to hide.
That may be true, but ignorance won't stand up well for you in court, after some bugger has essentially framed you by hopping on your connection.