| Tuesday October 21st 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

Riiiiiiiiiiiiiiiiight

When I’m programming and i need to view variable values in a program, I usually use a debugger – looks like I’ve missed out on the new-age-fangled approach where you code it so the values you are interested in get emailed to your gmail account. ugh…

What happened with G-Archiver?
It has come to our attention that a flaw in the coding of G-Archiver may have revealed customer’s Gmail account usernames and passwords.

It is urgent that you remove the current version of G-Archiver from your computer, and change your Gmail account password right away.

What happened was that a member of our development team had inserted coding used for testing G-Archiver in the debug version and forgot to delete it in the final release version.

We sincerely apologize and assure you that this coding mishap was in no way intentional.

We’ll be releasing a new version that corrects the flaw in version 1.0. The new version will be available very soon.

Link

Rate-My-Cop: New Website Has Police Furious

header_logo.png

SAN FRANCISCO (CBS) ― Police agencies from coast to coast are furious with a new website on the internet. RateMyCop.com has the names of thousands of officers, and many believe it is putting them in danger.

Officer Hector Basurto, the vice president of the Latino Police Officers Association, recently learned about the site. “I’d like to see it gone,” he said.

“Having a website like this out there puts a lot of law enforcement in danger,” he said. “It exposes us out there.”

Kevin Martin, the vice president of the San Francisco Police Officers Association, agrees. “Will they be able to access our home addresses, home phone numbers, marital status, whether or not we have children? That’s always a big concern for us,” he said.

Creators of the site say no personal information will be on the site. They gathered officers’ names, which are public information, from more than 450 police agencies nationwide. Some listings also have badge numbers along with the officer’s names.

Rebecca Costell says, in a statement, that the site helps people rate more than 130,000 officers by rating them on authority, fairness and satisfaction.

Read the rest of this entry »

Lawmaker’s Attempt to Criminalize Anonymous Posting Doomed

Election year grandstanding at it’s best…

house90.jpgKentucky lawmaker Tim Couch has proposed a bill that would criminalize anonymous Internet posting. Web site and forum operators would be forced to collect and publicly disclose identifying information about all of the visitors who post content on their sites. Failing to do so would lead to a fine of $500 for the first offense and $1,000 for each subsequent offense.

The bill, which extends Chapter 369 of the Kentucky Revised Statutes, would mandate collection of the complete name, mailing address, and e-mail address of all visitors who post Internet content. Web sites would have to display names next to all relevant content and establish procedures that enable anyone to obtain the rest of the information. The bill stipulates that mailing address and e-mail address only have to be supplied to supplicants in cases where someone has posted “false or defamatory” information.

Read the rest of this entry »

Wal-Mart shoves Linux PCs off store shelves, not web site

everex_gpc.jpgWal-Mart’s experiment with selling cheap Linux-based PCs in its stores has apparently come to a close. Starting last October, the retail giant stocked desktops from the Green PC line manufactured by Everex. That stock ultimately sold out, but Wal-Mart has apparently decided not to refresh it. The Associated Press quotes a company spokesperson, referring to the machines, as saying, “This really wasn’t what our customers were looking for.” The news isn’t all bad for Everex, however, as Wal-Mart’s online store will continue to carry the current Green PC desktop and the company’s compact, Linux-based laptop, the Cloudbook.

It’s tempting to try to read something about the public acceptance of desktop Linux here, but there are so many variables that enter the equation that a clear conclusion is going to be difficult to reach. Wal-Mart is notoriously tight-lipped about its internal sales planning or figures, so it’s impossible to know how the Everex machines fared compared to their Windows counterparts. In-store sales are influenced by everything from product placement to staff familiarity, a fact that ultimately induced Apple to sell its own wares.

Read the rest of this entry »

Society of Automotive Engineers kills DRM on its journal following MIT boycott

MIT dropped its subscription to the database of past articles from the Society of Automotive Engineer because SAE had was using anti-copying DRM technology on the papers that made them less useful for scientists and researchers. After a presentation from an MIT professor about the boycott, the SAE publication board eliminated DRM for its papers:

Professor of Mechanical Engineering and SAE fellow Wai Cheng presented MIT’s concerns at the SAE’s Publication Board meeting in April 2007, which resulted in an immediate stay of DRM implementation on university campuses, and ultimately (November 2007) in a changed policy: FileOpen would not be required for university access to the SAE Digital Library.While the MIT Libraries have not been able to get all the assurances we would like regarding SAE’s plans for implementing other DRM tools in the future, after consulting with faculty we have decided, as Professor Cheng put it, to “work with SAE in good faith,” reentering what we hope will be a productive partnership.

Source

Montana Governor explains why Real ID sucks

Here’s interview with the governor of Montana on the Real ID that’s being forced down states’ throats by Homeland Security.”This is the funniest interview I’ve heard with an elected politician on a security-related issue. He completely calls the Federal Government on their bluff, and completely dismantles the usefulness of this act. Please, start with the first minute. It gets better from there.”

“We’re putting up with the federal government on so many fronts, and nearly every month they come out with another hare-brained scheme … to tell us that our life is going to be better if we just buckle under on some other kind of rule or regulation. And we usually just play along for a while. We ignore ‘em for as long as we can. We try not to bring it to a head but if it comes to a head we found that it’s best to tell ‘em to go to Hell and run the state you wanna run your state.Unfortunately this time around they’ve really got a hare-brained scheme… almost all those hijackers on 9/11 would have qualified for a Real ID.”

Source

BBC drops DRM from iPlayer video on demand service

bbcdrm.jpg

The BBC appears to have inadvertently removed the controversial DRM from its iPlayer video-on-demand service. Now, all BBC programs are broadcast across the country in digital form without DRM, literally diffused at the speed of light in all directions without any restrictions, but the Beeb somehow believes that there’s a new risk of piracy created by letting those same digital files out on the net.

Glyn sez, “The BBC have just launched a version of their iPlayer that works with the iPhone (and iPod Touch). Instead of streaming Flash, it streams an MP4… but they don’t let non-iPhone users know it’s an option. To gain access to it you need to set your browser up to claim to be a iPhone. The User Agent Switcher plugin on Firefox will let you do just that. Now you can download files on Linux from the iPlayer website.”

Source

SEGA updates Dreamcast.com for DC’s 10th anniversary!

dreamcast_logo.gif It seems that SEGA of Japan just updated Dreamcast.com. By clicking on the banner, you’ll be taken to:

http://www.dreamcast.com/apps/ucp.php

This is where Dreamcast users can register here with a user account for their console’s serial number and will get an account @user.dreamcast.com. Seems that SEGA is preparing for the DC’s 10th anniversary…

Ugh, the Dreamcast is 10 years old!?! Now I feel old… We can only hope for DC2 on 09.09.09. *crosses fingers*

Dreamcast.com

UK Readers: Major ISPs to start injecting targeted ads into web pages

emot-britain.gif The links to the dirt are below but here’s the points in review:

  • Former spyware company 121media (now called Phorm) sets up a targeted advertisement network. Nothing to see here, please move along. Until…
  • Afformentioned spyware company persuades 3 major ISPs (BT, Virgin Media and Carphone Warehouse) that they are legit, and that they should sell their subscribers’ browsing logs to them, in return for which the ISPs can then…
  • Inject highly targeted adverts into any website which has signed up to be in the advertising network, and get a share of the profit.
  • Oh and all of this is on an opt out basis, and the first any subscribers hear about it is on some tech blog. I’m with Virgin Media and haven’t heard anything yet.

Read the rest of this entry »

Russian ATM Skimmers

We leeched these skimmer photos off a Russian kiddie-hax site. Skimmers are old news in Europe, but I read stories about them every once-in-awhile here in North America. Be careful. Study the photos below and be on the lookout for these devices whenever you use the ATM. They are usually double-sided taped to the card slot and the keypad, as well. BE SUSPICIOUS! These cons are getting better and better every day. I remember, a few years back the con-men had cameras mounted to grab your PIN, but now they just place an overlay over the keypad instead. Genius!

skimming before after

More photos after the jump…

Read the rest of this entry »

The Great ICMP Debate: Disable ICMP echoes or leave them on?

dos-ping.png

This one should be pretty self explanatory. If you have any sort of position regarding network security, do you allow ping requests from external IPs, or do you block them at the firewall/router level, and why?

My own personal choice, for home, is to leave them on. On for servers I use a firewall rule to deny any > 128 bytes. Also, a bot running on a box in China isn’t going to care if it can ping a box or not. Any nmap or vulnerability scanner can probe ports regardless of whether or not it’s responding to ICMP echoes. Disabling ICMP echoes will just cause a networking diagnostic headache later on. Am I wrong or missing something else? What do you guys think?

THIS IS NOT ANY SORT OF OS DEBATE! This is simply to discuss how some admins feel about best practices on the subject.

Programming the LOL way…

lolcode.jpg

This site is a hoot. Check it out for a lighthearted laugh.

HAI! This site provides community documentation of the emergent LOLCODE language. It was the creator’s original hope that the examples could grow in a way that is both internally consistent and suggest a real, feasible computing language.

HAI WORLD:
HAI
CAN HAS STDIO?
VISIBLE “HAI WORLD!”
KTHXBYE

LOLCODE

More FBI privacy violations confirmed

us_security_usa_waterboarding.jpg

WASHINGTON – The FBI acknowledged Wednesday it improperly accessed Americans’ telephone records, credit reports and Internet traffic in 2006, the fourth straight year of privacy abuses resulting from investigations aimed at tracking terrorists and spies.

The breach occurred before the FBI enacted broad new reforms in March 2007 to prevent future lapses, FBI Director Robert Mueller said. And it was caused, in part, by banks, telecommunication companies and other private businesses giving the FBI more personal client data than was requested.

Testifying at a Senate Judiciary Committee hearing, Mueller raised the issue of the FBI’s controversial use of so-called national security letters in reference to an upcoming report on the topic by the Justice Department’s inspector general.

An audit by the inspector general last year found the FBI demanded personal records without official authorization or otherwise collected more data than allowed in dozens of cases between 2003 and 2005. Additionally, last year’s audit found that the FBI had underreported to Congress how many national security letters were requested by more than 4,600.

Read the rest of this entry »

Just in case you missed the memo: Tracking you with torrents

Good video for Torrent beginners…

Aiborne Settles Lawsuit

airborne_original-orange.jpgI love this stuff and for me it works great. When I feel like a cold is coming, I down these like crazy. Nine out of ten times I don’t get sick. I’ll probably continue to buy it. But I did make a claim on six boxes, this stuff is expensive.

“Airborne – the herbal supplement company that once claimed to help fight off colds – will pay $23.3 million to settle a class-action lawsuit brought against the company for false advertising, according to one of the groups that joined the suit.”

To file a claim:
You must have receipts for any claim of MORE than six boxes.
If you claim LESS than seven boxes *hint hint* you do NOT need proof of purchase.
http://www.airbornehealthsettlement.com

Source

IE8 To Come In “Standards Compliant Mode” By Default

We’ll see about that. Would be nice when Microsoft stops abusing us devs though…

internet_explorer_logo.jpg Microsoft’s Interoperability Principles and IE8

We’ve decided that IE8 will, by default, interpret web content in the most standards compliant way it can. This decision is a change from what we’ve posted previously.

Why Change?

Microsoft recently published a set of Interoperability Principles. Thinking about IE8’s behavior with these principles in mind, interpreting web content in the most standards compliant way possible is a better thing to do.

We think that acting in accordance with principles is important, and IE8’s default is a demonstration of the interoperability principles in action. While we do not believe any current legal requirements would dictate which rendering mode a browser must use, this step clearly removes this question as a potential legal and regulatory issue. As stated above, we think it’s the better choice.

The rest of this blog post provides context around the different modes, the technical challenge, and what it means going forward.

Read the rest of this entry »

Windows NT UNICODE Vulnerability Analysis

It can be argued that the main purpose for computer systems is fast and reliable communication from one system to another. How is that accomplished? What allows a computer running an English operating system to communicate with one running a Russian operating system? Both have different human readable alphabets. Both have different character representations for numbers. The answer is Unicode.

Unicode is a platform independent solution instituted by many major computer vendors to standardize character representation. What this means is that the English letter “A” can be mapped to its Russian, Japanese, French, etc. equivalent. A code is used to represent the alphanumeric digit. This code can be read by Unicode compliant software and converted to the proper character.

wnt-unicode-3.jpg

Internet Information Server 4.0/5.0 has the ability to interpret UTF-8 (Unicode Transformation Format 8-bit {encoding form}) into the character base being requested. UTF-8 allows for a Unicode scalar value (the Unicode representation of a character) to be formatted in a one to four byte sequence.

A vulnerability exists wherein a malformed URL (Uniform Resource Locater) containing malicious commands can be sent to an IIS server and be executed with the privileges of the IUSR_[machine_name] account. This is accomplished by issuing out a malformed URL containing a Unicode representation of “../../”. While IIS will perform a literal check to determine if a packet has “../../” embedded within the URL a packet containing the Unicode representation of “../../” will be passed as it does not match the comparison signature.

Read the rest of this entry »

HOWTO: Block Bots and Cheaters From Your Website

nano_iphone.jpg

So there was an online poll set up on a website I help admin and noticed one contestant’s votes going up by 300 votes overnight. In comparison, other contestants would go up 100 votes in a whole day. This person was obviously cheating by using proxys and/or intercepting/modifying the HTTP headers, as the IP addresses in the IP log were all different and reversed back to Vietnam, Brazil, and China. Except, all the votes came from the same browser and OS. sneaky…

Read the rest of this entry »

When will we be able to tell IE6 users to jump off a bridge?

internet_explorer_logo.jpgAnother afternoon spent coming up with CSS hacks for .png transparency and other nonsense for IE6. On Feb 12, Windows Update supposedly began forcing IE7 updates on people and that’s super duper great. Now when someone calls Microsoft about IE6, they can properly get chewed out and hung up on.

But what about the rest of us career Internet jerks? Will there ever be a time when we’re not supporting retired versions of everyone’s mom’s favorite browser?

Read the rest of this entry »

Owner of Network Solutions Shuts Down Murray Sabrin’s Money Bomb

For those of you who don’t know Murray Sabrin, he’s running for Senate in New Jersey. He has been endorsed by Ron Paul and is a strict Constitutionalist. I really don’t like NetSol now… First this now this?!? Below is an Official Press Release from the Sabrin Campaign…

Democratic Private Equity Firm Halts Ron Paul Revolution!

Jersey City, NJ – A $17 billion private equity firm, managed by major Democratic donors, General Atlantic, shut down Dr. Murray Sabrin’s website last night immediately after Dr. Ron Paul sent out a nationwide email asking his supporters to participate in his online fundraising drive (commonly referred as a “money bomb”). General Atlantic owns Internet service provider Network Solutions which was hosting Dr. Sabrin’s website. Network Solutions refused to turn the site back on and shut down all of Dr. Sabrin’s email accounts as well. This online fundraising event coincided with Dr. Sabrin’s “Legalize Freedom” Rally this afternoon in downtown NYC against the Federal Reserve.

Read the rest of this entry »

 Page 140 of 152  « First  ... « 138  139  140  141  142 » ...  Last »