Explore topic-wise InterviewSolutions in .

This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.

101.

Solve : 'Microsoft Mobile Mistake', Bill gates says.?

Answer»

The full title is:

Microsoft made a mistake with its mobile strategy, says Bill Gates.

By Ian Paul.    Feb 19, 2013 PCWprld

Ever SINCE the iPhone debuted in 2007, Microsoft has struggled to adapt to the quickly changing smartphone world—and company Chairman Bill Gates knows it. “There’s a lot of things, like cellphones, where we didn’t get out in the lead very early,” Gates said in an interview with Charlie Rose that recently aired on CBS This Morning. “We didn’t miss cellphones, but the way we WENT about it didn’t allow us to get the leadership. So it’s clearly a mistake.”
...
http://www.pcworld.com/article/2028716/microsoft-made-a-mistake-with-its-mobile-strategy-says-bill-gates.html

Quote from: Geek-9pm on FEBRUARY 20, 2013, 08:08:03 PM

“We didn’t miss cellphones, but the way we went about it didn’t allow us to get the leadership. So it’s clearly a mistake.” ...

No. "We" missed cell phones and did go about it wrong because he championed the touch or surface development. The problem is they started with huge screens thinking that was the future of touch. In one demonstration Bill Gates was suggesting that the surface table is something every home will have to have due to all of the cool stuff you can do. Why would he think that? Because he has a computer as a home so it made sense to him.

They were shooting for a broad market but ultimately the market was media outlets. You don't see that technology anywhere but on news sets and sports broadcasts. A far cry from the home user market. If they would have started out with phones or even tablets they may have had BETTER success. INSTEAD they started out with huge screens and there really is no home user market for that. Well unless you're Bill Gates that is.
102.

Solve : Twitter users: A guide to the law (UK)?

Answer»

People who tweeted photos allegedly of child killer Jon Venables are being charged with contempt of court. It's the latest in a long line of cases that suggest that ordinary SOCIAL media users need to have a grasp of media law.

Journalists from traditional media are used to going on COURSES and reading works like McNae's Essential Law for Journalists. Those regularly covering court may have another level of knowledge. But the final RESORT is always to the expert advice of a media lawyer.

Here are some of the categories of law on which social media users in England and Wales are coming unstuck.

Read more: http://www.bbc.co.uk/news/magazine-20782257What the Actual fudge.

Apparently the person in question dropped the charges against any twitter user with less than 500 followers. From what I understand they are targeting one person who's "Libel" amounts to this:

Quote

Why is Lord McAlpine trending? *innocent face*

I find it hard to see that as defamatory. Quote from: BC_Programmer on February 26, 2013, 02:46:16 AM
I find it hard to see that as defamatory.

I don't believe that is the actual tweet that caused the libel. But if the BBC re-posted up the tweet on there website then they would become libel too. It is certainly true that EVERYBODY using social media needs to have a grasp of, and obey, the law.
103.

Solve : Firefox Will Soon Block Third-Party Cookies?

Answer»

Kudos to Mozilla but I can't help but wonder how the advertisers will "strike BACK". Things could START getting ugly this YEAR.

>>Firefox Will Soon Block Third-Party Cookies

104.

Solve : So what’s an Ultrabook anyways??

Answer»

Have you wondered what an ultrabook is?  This ARTICLE provides some clarity: HTTP://www.digitaltrends.com/computing/what-is-an-ultrabook-anyway/Geek...it's a smartphone ! !

                  Quote from: PATIO on February 20, 2013, 09:14:35 AM

Geek...it's a smartphone ! !

                 
105.

Solve : Zynga plumbing new depths of deception??

Answer»

I must admit I have played Zynga Poker on facebook for a little lighthearted fun and a lot of my friends do also. But when I say I barely play it, it must be over 6 months since I went on there. I get the odd email here and there and just label the distributor as Spam so I don't keep getting bothered. But one today got past my spam filter and really caught my eye.

Have a look at this email image I cropped to show:



and then out of curiosity as it was a friend of mine I clicked on the link to send him some 'chips' back.

Then I'm faced with this fake Facebook login PAGE:
 


It would seem Zynga are now just confirming email addresses and mobile numbers for fun, there is no need to enter this info but it does have a button for login. I find this very underhanded as a lot of people won't UNDERSTAND that the 'login' button is merely a 'submit button'.
So they can sell there crap to you. This may be an old issue but I've only just received the email and never seen one like it.
I have checked the email addresses and the such it came from Zynga via Facebook.

Just to say I never gave my information and I would suggest nobody else does either. 'Log In to Continue' - Correct me if I'm wrong but you need to log in to send or receive the chips... right? Quote from: evilfantasy on February 26, 2013, 04:29:16 PM

'Log In to Continue' - Correct me if I'm wrong but you need to log in to send or receive the chips... right?

I'm always auto-logged in to places like Facebook like I am here due to the cookies unless I remove them. Zynga doesn't request my Facebook login details that would INCLUDE my email address and my password. They ask for my email address or my phone number. No password. To use a 'Facebook login screen' would argue that you should only give your details to Facebook. And as Facebook would ask for my password I fail to see how this is a genuine login?? I'm probably wrong I usually am. But hey after a few years I'm used to it. I agree as I question everything Facebook does. I don't use the 'Remember Me' option on Facebook so I can visit most pages but only log in when I choose to. I went to the Zynga Poker page through Bing search and I had the same email or phone option as well. I think it's Zynga up to some sort of shenanigan. Quote from: evilfantasy on February 26, 2013, 04:54:42 PM
I think it's Zynga up to some sort of shenanigan.

Indeed I agree. Just wanted to heads up people nothing more. See what happens when visiting this page (while logged out and logged in). https://www.facebook.com/Slacker/app_531209676909575
106.

Solve : Anti-piracy system to roll out to most ISPs next week (USA)?

Answer»

Full story at MajorGeeks. Controversial 6 strike anti-piracy system to roll out to most ISPs next week

Quote

Take note that this is not designed to go after large scale pirates, many who are overseas, but instead goes after the casual user. This means you. It will issue escalating punishments reducing your connection speed after the 5th or 6th offense.
So copyright owners are in cahoots with the PTP networks? Unless they are actively giving users the files via PTP protocols, they wouldn't know who's downloading which file. ISPs can recognize if someone's using PTP-type ports (and some ISPs have been known to throttle users for it), but not specific files. There will probably be a bunch of kids getting in TROUBLE for causing their parents Internet speeds to be restricted lol.

It's kind of irritating actually. Our ISP's obviously monitor traffic, bandwidth and so on but for this to work that means they are monitoring everything we download and upload. I don't like that.Sounds like in the the guise of attempting to do the right thing they have decided that infringing on personal freedoms is no big deal once again...
I don't recall any high Courts ruling on this giving them a green light to do so...
Don't mis-understand my point...i don't agree with anyone violating copyright infringement...artists should be paid for what they create...however i detest the abuse of powers to do this even more...The interesting thing about this is that, fundamentally, the Music industry and Software industries were fine with Piracy, it was when they became more available to the general population- rather than something more "underworldy" that they started to sit up and take action.

This is also why most of this focuses on punishing the End-Consumer, rather than those that Distribute it. Make no mistake that there are lots of people involved. There are Couriers- who basically work to get the software product to the Crackers. These people typically work in a Boxing factory or a factory that stamps the CDs or DVDs, if the product is on DVD. Other times they work on the distribution service that makes them available, such as Valve (Steam), and are able to push out a version of that digital copy  to the cracker. Couriers are generally well paid.

The Cracker does what one might imagine; they basically break any copy protection on the product.

Once a product is cracked, the distributors jump in. These are usually people that took control of a powerful internet backbone and can upload and download several gigabytes of files in a few seconds. They take the "finished" pirate copy and spread it around underground sites. These underground sites generally pay them based on how fast they get the 'release'. Payments on the order of several thousand were not unheard of in the mid-2000's.

Finally, a more "well-known" site, such as the Pirate Bay or another site that is available by searching for "torrents" grabs the data and somebody uploads a torrent.

There are a lot of ways to fight piracy given this, but the general consensus is that while they cannot really stop the underground piracy, they can try to put a stop to the rampant piracy of software (and music) that consumers have been partaking in more recently. To quote part of what you as usual illustrated with clarity and details as usual here is what i have an issue with...

Quote
This is also why most of this focuses on punishing the End-Consumer, rather than those that Distribute it.
Quote from: patio on February 26, 2013, 09:23:40 AM
To quote part of what you as usual illustrated with clarity and details as usual here is what i have an issue with...

Me too. It's something like if Book publishers had to deal with a ring of organized criminals copying their books and selling them on the street, and instead of dealing with the employees that leaked manuscripts, the people that transcribe them, or the people that are selling them on the street, they are instead targeting the people that have these counterfeit books, which feels like going about it the wrong way.The war on drugs - The US spent billions in creating task forces to go into South America and cut off the supply of drugs coming into the COUNTRY. It didn't take long to figure out that you can not kill a snake that immediately grows a new head every time you cut it off. The response? Instead of just shoveling money into a bottomless pit, build more prisons and go after the street level users and dealers. The war on drugs failed and will always be there. However there will always be the low level user/dealer to arrest and charge restitution (that they usually can't afford to pay) and send to prison. In turn it generates more revenue.

DRM - Failed!!! Off shore file hosts are the new drug kingpins. It's too costly to go after them because you can not kill a snake who grows a new head each time you cut it off. The compromise? Instead of just shoveling money into a bottomless pit, go after the home based supplier and consumer. The DRM laws failed and will always be an issue. However there will always be the low level citizen to punish and fine.

It's economics. It simply costs too much to go after the big fish and going after home users actually generates revenue/taxes through higher bills and the fines that are sure to come will generate revenue for the government either at state or federal level or both.But is it worth it to have ISP's have that kinda control because doin it the right way is too expensive ? ?
If they put all the money they spend yearly to stop piracy into a kitty and doled it out to the artists or Co.s crying foul there would be more than enough to go around...
Let MGM and Disney and all these extremely wealthy conglomerates HAVE to prove on paper what they think their loss of revenue is before they get a check at the end of the year..that'll keep 'em busy...put the onus and burden of proof on them and their silly bean counters...
Don't kick down one more freedom i have to lose at the expense of others who could give 2 shirts about the end user/little guy....enough is enough !And now that i've calmed down somewhat i have to say that both you B.C. and evilfantasy made excellent points illustrating the issue.
I'm just getting a tad bit tired of seeing personal freedoms dissipating in front of our daily lives for the so called expense of the common good...
I wasn't agreeing with them. Just trying to connect the dots as to why they would come after the consumer instead of the source. I don't like it one bit and my ISP isn't even on the hit list (yet, Cox).

Quote from: patio on February 26, 2013, 03:27:09 PM
If they put all the money they spend yearly to stop piracy into a kitty and doled it out to the artists or Co.s crying foul there would be more than enough to go around...

I thought about that last night. I'm sure the ISP's could legally slip in an add-on charge of $3 to $5 a month to repay the companies that can prove they have been loosing revenue. That would be a big cluster flock though. Invading our privacy is much easier and already being done so why not exploit us even more...No...no extra ISP charges.

My point was use the hundreds of millions already being spent to stop it...since the policies arent effective than use the existing monies being spent effectively...

And i didn't state that you were agreeing...i should have cooled off and been more literate in my Post...
Sorry...No offense was taken.

The thing is that the millions already being spent are being spent by those crying foul. I do believe that they started using those millions to lobby for new regulations and laws giving the ISP control and/or making them responsible. Straight up under the table deals being made IMHO.Part of my reason for the mini-rant...in the U.S. now the Gov't seems to think they NEED to REGULATE our every action in day to day life...each time they do so we lose another right or priveledge.
I had to explain to my 79 year old Aunt the other day why she had to pay a $80.00 ticket for not having a seat belt on going to the grocery store 3 blocks away...
Because it's the law was pretty much as strong as an argument i could come up with.

She stated well their crazy...and i agreed.
I paid her ticket the next day at City Hall.

And i don't want to steer too far into politics on an open Forum...but unfortunately it's becoming un-avoidable when discussing almost anything these days...again being part of my point.I had a nice short politically charged reply TYPED up but I think I'll just keep that thought to myself.
107.

Solve : Thunderstorms in MS's Cloud.?

Answer» Full Story...Went done Friday AFTERNOON. Big Time down.
Quote
According to this post in Microsoft’s Azure COMMUNITY forums, the SSL, or SECURE sockets later, certificate used by Microsoft had been SET to expire on Friday.
From the story in Patio's  LINK above.
108.

Solve : New PC website...?

Answer»

Some things to look forward to...

See Here...I like the Nixie Tubes showing 12:00, however wondering if its a functional clock or just stuck at 12:00 for looks.

I was thinking of taking a dead IBM 5150 and installing modern guts into it and make it look all original, but modern computing by modifying a 5.25" floppy drive to mount a slim DVD drive to the black floppy drive face and have what looks like a old 5.25" floppy drive that ACCEPTS CD and DVD's. I have a Toshiba Qosmio Laptop that has such a slim DVD Rom that ejects the disc out like CD players in car stereos eject them. I just haven't found an XT computer yet to do this to. I had a bunch of these XT's about 15 years ago when they were easy to find, but havent found one yet to alter. My one friend works at a non PROFIT computer recycle center and he has an eye open for one for me, but 99.9% of the stuff they get in there to rebuild or properly recycle are Pentium 3 and newer computers these days. He said he has seen them come through here in the past, but not lately.

So for now I am running modern guts in a 2003 Compaq case which is not as cool as a computer case that is 30 years old running modern.

A few MONTHS back I saw that SOMEONE was making Modern C64's with modern guts as linked: http://www.commodoreusa.net/cusa_c64.aspxIf you clik the Home tab top of the page it lists a few other projects...

109.

Solve : Oracle to bulk up Java update on 19 February?

Answer» CREDIT to MajorGeeks.com: Oracle to bulk up JAVA UPDATE on 19 February
110.

Solve : Java news: Oracle taks on Google?

Answer»

This is from yesterday, Feb. 13
Quote

Oracle reignites Google battle by APPEALING Java API ruling
Oracle has appealed last year's DISMISSAL of its copyright claims on the Java platform.

In its appeal, Oracle argued against a US judge's ruling that Java application programming interfaces (APIs) can not be protected under copyright. Oracle contends that it is "decidedly unfair" to allow Google to use Java code in its Android OS.

"A commercial competitor may not copy verbatim crucial features of another's expression, depriving the original author of a potential market for the work," wrote Oracle's lawyers in the appeal.

"Google copied the SOURCE code upon which programmers most rely, incorporated that code into a competing mobile platform, and competed directly with Oracle which was already profiting from LICENSING the packages for mobile devices. That is decidedly unfair."
http://www.v3.co.uk/v3-uk/news/2243736/oracle-appeals-java-case-against-google
Stay tuned.
Best part?

The Java Class Library (which I presume is the API they refer) has been under the GPL for around 10 years now.

Additional? To my RECOLLECTION, Google's implementation is also licensed under the GPL- which is the only stipulation of using GPL code.
111.

Solve : China military unit 'behind prolific hacking'?

Answer»

A secretive branch of China's military is probably one of the world's "most PROLIFIC cyber espionage groups", a US cyber security firm has said.

Mandiant said Unit 61398 was believed to have "systematically stolen hundreds of terabytes of data" from at least 141 organisations around the world.

It traced the attacks to the doorstep of a non-descript building in SHANGHAI used by the unit.

China denied hacking and questioned the validity of Mandiant's report.
'Extensive cyber espionage'

"Hacking attacks are transnational and anonymous," said foreign ministry spokesman Hong Lei.

"Determining their origins are extremely difficult. We don't know how the EVIDENCE in this so-called report can be tenable.

Full story: http://www.bbc.co.uk/news/world-asia-china-21502088It pretty much cannot be "denied" or explained away since all the source tracking was done by the Governments cyber security arm...
I gotta believe they're kinda good at what they do." "Determining their origins are extremely difficult." True of COURSE but not impossible. Depends on the degree of stealth and the corresponding degree of COMPETENCE of equipment and knowledge/abilities of the sleuth i would say.truenorth

112.

Solve : This is an interesting article...?

Answer»

I found this on Wired.  It's interesting, but I don't know why Americans put up with these measures.

http://www.wired.com/threatlevel/2013/02/electronics-border-seizures/ Quote

“We also conclude that imposing a requirement that officers have reasonable suspicion in order to conduct a border search of an electronic device would be operationally harmful without concomitant civil rights/civil liberties benefits,”
...

wut? Quote from: BC_Programmer on February 09, 2013, 06:33:03 AM
...

wut?

In most democracies (certainly in Britain) a police officer must have "reasonable suspicion" that there are grounds to conduct a search of a person, building, vehicle, device etc. There must be some basis for the officer’s belief, related to you personally, which can be considered and evaluated by an objective third person. Mere suspicion based on hunch or instinct might justify observation but cannot justify a search.

However, reasonable suspicion can sometimes exist without specific information or intelligence and on the basis of some level of generalisation stemming from the behaviour of a person. For example, if an officer encounters someone on the street at night obviously trying to hide something, this clearly constitutes conduct that might reasonably lead the officer to suspect that stolen or prohibited articles are being carried.

The power must be used fairly, responsibly, with respect for people being searched and without unlawful discrimination. This would include discrimination on grounds of race, colour, ethnic origin, nationality or national origin. Accordingly, reasonable grounds for suspicion cannot be based solely on attitudes or prejudices towards certain types of people, such as membership of a group within which offenders of a certain kind are relatively common - for example, young football fans. Nor can it be based solely on your skin colour, age, hairstyle, mode of dress.

Whoever the "we" is in that quote (The US Department of Homeland Security’s civil rights watchdog) has decided that to impose such a requirement on DHS officers would HARM the operational effectiveness of the DHS without accompanying ("concomitant") benefits to the civil rights of potential searched people.

The European Court of Human Rights has held that such searches are in breach of Article 8 of the The European Convention on Human Rights. Article 8 of the ECHR says:

1  Everyone has the right to respect for his PRIVATE and family life, his home and his correspondence.

2  There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.In my opinion this is about as big a barn door as one could envisage and pretty much eliminates the constraints on item 1.
"2  There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others."
truenorth
Quote from: truenorth on February 09, 2013, 08:29:36 AM
In my opinion this is about as big a barn door as one could envisage and pretty much eliminates the constraints on item 1.
"2  There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others."
truenorth

The interference must be: (1) in accordance with the law and (2) necessary in a democratic society in the interests of national security (etc)

A court (the ECHR or a member nation court) can decide that a police or other government agency's action does not meet one of these and is therefore unlawful. Since Britain subscribed to the ECHR’s jurisdiction in 1966 a total of 357 cases have been taken to the EHCR. The number of judgments made against the UK government stands at 271, against only 86 that were successful. That is, in three quarters of British human rights cases taken to the European Court Of Human rights, the British Government has lost.
Good on your JUDICIAL system not sure the same interpretation would occur in the U.S. or Canada for that matter. Would like to think so but given the paranoia on this side of the pond i doubt it. truenorth Quote from: truenorth on February 09, 2013, 09:00:27 AM
Good on your judicial system

I don't think we in Europe are in a position to get on a high horse about this kind of thing. I think that it's bad that the British government needed to be taken to the European Court Of Human Rights all those times.
Surprised by the fact that the border is considered 100 miles in land. Should be more like 10 miles. 100 miles is a bit much for the 4th amendment free zone!!! This means that anyone living within the 100 miles could potentially be targetted even though they are not crossing borders. "Knock-knock, hand us your computer(s) without search warrant!"

God forbid your system was encrypted to keep important private info from the wrong hands if a laptop was stolen etc. Encryption could be seen as hiding something when your only hiding your info from people with wrong intent for your data. Also depending on whereever you are going if your encryption level is set too complex you can get into trouble according to statements read online, however I haven't seen anyone charged with any violations in using say 1024-bit RSA traveling to Mexico or Canada yet.

Also who is to say that they are not planting anything on searched systems to spy on your data later, UNDETECTABLE by modern antivirus and malware detection or making an exact copy of any data to keep the person for a shorter period of time and dig deeper into the gigs and potentially terabytes of data after released. One such way to hide its intent was if microsoft was working with DHS and this spy tool communicated with Microsofts domain. To anyone looking at packets etc if they are careful etc, it would look like the system is inquiring for MS Updates etc, when in actuality its leaking info by the military grade SPYWARE. Data duplication can be a speedy process depending on how much data is to be gathered. And even faster if selective to harvest e-mail info and credentials so that they can access your e-mail etc by harvesting stored passwords. Although they likely have a LIVE-OS that can boot on any PC or intel based MAC etc that runs systems outside of its natural environment tamperless to avoid tampering with evidence and to disable data destruction booby traps by operating outside of its natural OS environment, in which the owner of the laptop etc could have the system trash the data on the drive after so many failed logon attempts or if its booted as admin and no password which would be the case if a password crack tool was used on it etc to gain control as admin of the system no matter what the password is. This LIVE OS Customized for DHS could quickly sweep a drive for detection of content that is Questionable or Plainly BAD as long as the content to be scanned is not coded in nature to where "Sally is ready for the appointment" and "Sally" could be codename for anything else of evil intent. Names like sally wouldnt raise a flag unless the subject matter raised a flag.

Interesting read and thanks for sharing!
113.

Solve : Row blows up over ownership of 'space marine' term?

Answer»

UK toymaker Games Workshop has been criticised for asserting a trademark claim to the phrase 'space marines'.

The claim emerged when it was used to get an American ebook about the futuristic soldiers taken off Amazon.

Science fiction writers have called the firm "absurd" for saying it has a trademark to the use of the term in fiction.

A UK media lawyer said more and more firms were using trademark law to protect their creations.
Generic term

The row started in December 2011 when US writer Maggie Hogarth found out that her novel called "Spots the Space Marine" had been removed from the Amazon ebook store following a complaint from Games Workshop.

In emails sent to Ms Hogarth this week, Games Workshop claims that its entry into digital publishing gives it a "common law trademark claim" over the phrase.

Ms Hogarth wrote a blogpost about the row and expressed her fear that if Games Workshop started actively pursuing its claim, science fiction could lose one of its "fundamental" ideas. Ms Hogarth said a lack of funds meant she was unable to defend herself against the claim. However, she is now in touch with the Electronic Frontier Foundation, which campaigns on digital rights, about the case.

Full story: http://www.bbc.co.uk/news/technology-21380003


My take on this:
I'm sorry but I'm on the side of 'Games workshop' and not because I've been frequenting there shops for over 25yrs. It's because for once it's not the (and no offense to my American friends) the Americans flexing there copyright/trademark muscles but another country.

Just as an example check out apples trademarks   http://www.apple.com/legal/trademark/appletmlist.html

I hate companies that stifle new and forward thinking but for so long America told us 'NO, NO we own that' and I'm thinking well you reap what you sow.
Good luck 'Games workshop'. Quote

I hate companies that stifle new and forward thinking

An interesting claim since you seem to be rallying for silly copyright legal entanglements...

BTW GW was nowhere near being close to being the 1st to coin the term or use it...that's what makes this ridiculous.
Quote from: patio on February 10, 2013, 02:52:51 PM
An interesting claim since you seem to be rallying for silly copyright legal entanglements...

I did make the point clear that it was because Americans seem to think they own everything they think of and can shoulder charge everyone out of the way.

Quote from: patio on February 10, 2013, 02:52:51 PM
BTW GW was nowhere near being close to being the 1st to coin the term or use it...that's what makes this ridiculous.

There is a BIG difference between coining a term and actually trademarking it, as our American friends so fondly push on the rest of the world.

At the end of the day i have stated that I hate petty trademark arguments and copyright but as in my closing statement I said 'you reap what you sow'. It just seems that Americans are so quick to throw there arms up at the injustice done to American creativity when it's another country. Just try it from our side for a while and see how it feels.

Oh and hi Pottsi how's it going.. long time no chat. It's going well...however i dont think i ever let someone call me that ...I can sense this Topic is based more on emotion than logic so i'll just move aside...The term has been prevalent in fiction since 1932.

Also, even if we want to assign some sort of nationalistic pride to this issue, the term was used by Michael E. Briant long before, in the late 70's for Doctor Who.

Additionally, Games Workshop didn't file any trademark. They simply claimed they had it by right of using the term in a published work by Common Law; of course, Common Law doesn't really work in this case, since it doesn't generally give you a worldwide claim and at best is usually only valid within the same country.

This isn't even about patent disputes. It's about somebody with no legal basis abusing the Amazon Trademark claim system. Saying "oh, but the person being filed against is American, and the person filing the frivolous claim is in the UK, so clearly they are in the right" is pretty silly. Quote from: Mulreay on February 10, 2013, 01:36:37 PM
I hate companies that stifle new and forward thinking but for so long America told us 'NO, NO we own that' and I'm thinking well you reap what you sow.

Those laws were adopted by the US. Your Argument is Invalid.

- First trademark issued in the United Kingdom to Bass & Co Brewery - 1876
- First trademark issued in the United States to Samson (a rope-making company) - 1884

- First known patent issued to Englishman John of Utynam for a glass-making process previously unknown in England - 1449

- First copyright issued in the United Kingdom - 1710 http://en.wikipedia.org/wiki/History_of_copyright_law

Quote
The British Statute of Anne 1710, full title "An Act for the Encouragement of Learning, by VESTING the Copies of Printed Books in the Authors or purchasers of such Copies, during the Times therein mentioned", was the first copyright statute. Initially copyright law only applied to the copying of books. Over time other uses such as translations and derivative works were made subject to copyright and copyright now covers a wide range of works, including maps, performances, paintings, photographs, sound recordings, motion pictures and computer programs.

Quote from: Mulreay on February 10, 2013, 01:36:37 PM
I hate companies that stifle new and forward thinking.

I disagree. Copyright/trademark/patent laws force forward thinking, not stifle it.And yet:

Quote
Facebook sued over 'like' button

Facebook is facing legal action over its use of the "like" button and other features of the social NETWORK.

It is being sued by a patent-holding company acting on behalf of a dead Dutch programmer called Joannes Jozef Everardus van Der Meer.

Rembrandt Social Media said Facebook's SUCCESS was based, in part, on using two of Mr Van Der Meer's patents without permission.

Facebook said it had no comment to make on the lawsuit or its claims.

A lawsuit has been filed in a federal court in Virginia by Rembrandt Social Media.

"We believe Rembrandt's patents represent an important foundation of social media as we know it, and we expect a judge and jury to reach the same conclusion based on the evidence," said lawyer Tom Melsheimer from legal firm Fish and Richardson, which represents the patent holder.

Rembrandt now owns patents for technologies Mr Van Der Meer used to build a fledgling social network, called Surfbook, before his death in 2004.

Mr Van Der Meer was granted the patents in 1998, five years before Facebook first appeared.

Surfbook was a social diary that let people share information with friends and family and approve some data using a "like" button, according to legal papers filed by Fish and Richardson.

The papers also say Facebook is aware of the patents as it has cited them in its own applications to patent some social networking technologies.

Also cited in the same legal claim was another social media company called Add This.

Pretty sure 'Like' and 'Add this' have been around in the English language for quite a while. You do realise there are entire Law Firms that are devoted to copyright suit "mining" don't you ? ?
Their sole purpose is to get rich doing so...even if they only hit 2 out of a hundred they still carry on...

P.S. There are probably just as many of these outfits per Capita in the U.K. as the states...
Do some research...If a LARGE or successful company has not been sued then they are doing something WRONG. It's part of being large and successful.

Mo money, mo problems... - Puff Daddy ~ 1997Tis a weird world in which we dwell... Quote from: Mulreay on February 11, 2013, 03:05:55 PM
Tis a weird world in which we dwell...

Would be pretty boring if we all thought and acted the same way.
114.

Solve : Microsoft Surface Pro Tablet PC?

Answer»

Is this really News?
Quote

Up Close with the Microsoft Surface Pro (Video)

http://blogs.cio.com/hardware/17774/close-microsoft-surface-pro-video
I don't know...you posted it..."It's too big, too fat, and too reliant on its power cable to be a competitive tablet, and it's too immutable to do everything a LAPTOP needs to do. In its quest to be both, the Surface is really neither."

David Pierce, writing on The Verge.

http://www.codinghorror.com/blog/2012/11/do-you-wanna-touch.htmlI particularly liked this part in the article "Unless you're required by God to hate all things touched by Microsoft, ". So true unfortunately there is that bias that does get in the way of credibility when "evaluators" endeavor to provide assessment. I SEE this particular product as a gateway to the further evolution of the "COMPUTER" it is not the end. It will serve as a stimulant to others that will innovate and further advance the experience. If someone out there in product development is listening what i would like is a device that is able to record my VOICE packet the speech and send it to a recipient like an e-mail and remove the onus on me to TYPE the data. By virtue of the joining of many technologies phones/tv/computers i suspect this will soon be coming down the pike.Interesting article.truenorth
115.

Solve : Dell computers to be bought back by founder Michael Dell?

Answer»

Michael Dell has said that he will buy back the world's number three PC manufacturer that he founded and that carries his name for $24.4bn (£15.5bn).

Mr Dell, together with technology private equity investor, Silver Lake, will offer $13.65 cash per share.

The firm said it offered a 25% premium over the Dell's valuation in January when rumours of the deal first broke.

The buy-out of the Nasdaq-listed firm will be FINANCED by loans from four banks, and a $2bn loan from Microsoft.

Mr Dell, who is also chief executive and chairman of the firm, already OWNS about 14% of the company. He and fellow senior executives will retain their existing stakes.

Dell's success over the last 29 years has made its founder one of the richest men in America. By buying his company back, he will be TAKING it off the stock market almost 25 years after it was first listed.

Full story: http://www.bbc.co.uk/news/business-21342632The Title is mis-leading...everyone who has a Dell is probably trying to call them now to SELL their PC's.     

He's wanting to take the Co. back to being private and not openly traded on the stock exchange...
Therefore he would have to buy out the shareholders....Right. The whole thing.   
Quote

Transaction valued at APPROXIMATELY $24.4 billion

What dos he have in mind?
Going back to being a Private Corporation...simple as that.
116.

Solve : Acer dumping eMachines line?

Answer» Story Here...SEEING as at the moment the big surge is in "tablets" over all other HARDWARE computer FORMATS i suspect the "product" produced will be another of those. Getting to be a lot of players chasing that market.truenorthBefore I read the article, I would have eMachines was going to be continued under some other corporate structure.  So, I was a BIT surprised to see they are apparently going to cease to exist, a bit surprised but not ... eh ... disappointed.
117.

Solve : 3D printed moon building designs revealed?

Answer»

Architects Fosters and Partners have revealed designs for a building on the Moon that could be constructed from material already on its surface.

An inflatable structure would be transported from Earth, then covered with a shell built by 3D printers.

The printers, operated by robots, would use soil from the Moon, known as regolith, to build the layered cover.

The proposed site for the building is the southern pole of the Moon.

It is designed to house four people and could be extended, the firm said.

In 2010 a team of researchers from Washington State University found that artificial regolith containing silicon, aluminium, calcium, iron and magnesium oxide could be used by 3D printers to create solid objects.

The latest plans are the RESULT of a collaboration between a NUMBER of organisations including the European SPACE Agency.

The consortium tested the practicalities of using a printer on the Moon by SETTING up a D-shape 3D printer, which are used to print very large house-sized structures, in a vacuum chamber with simulated lunar material.

Full story: http://www.bbc.co.uk/news/technology-21293258

118.

Solve : Google/Android Smartphone devices that can infect PCs?

Answer» http://www.securelist.com/en/blog/805/Mobile_attacks Quote
The APP is OBVIOUSLY quite popular and has a good rating:

23 downloads is quite popular?

Google was supposed to start testing all of the apps in the Play Store when it was discovered that some were not MALICIOUS until they were actually installed. The file is clean but once it is installed it "calls home" to download the malware.

Quote
This is the first time we have seen such an extensive feature set in ONE MOBILE application.

But as I mentioned, not the first of it's kind.
119.

Solve : Hackers target Twitter, 250 k maybe.?

Answer»

Yahoo news posted this headline.
Hackers target TWITTER, could affect 250,000 user accounts.
Quote

SAN FRANCISCO (Reuters) - Anonymous hackers attacked Twitter this week and may have gained access to PASSWORDS and other information for as many as 250,000 user accounts, the microblog revealed LATE on Friday.

Twitter said in a blog post that the passwords were encrypted and that it had already reset them as a "precautionary MEASURE," and that it was in the process of notifying affected users. ....
Read more...
http://news.yahoo.com/hackers-target-twitter-access-250-000-user-accounts-002758376--sector.html
120.

Solve : Anonymous hacker group: Two jailed for cyber attacks?

Answer»

Two men who carried out cyber attacks for the Anonymous hacking group have been jailed.

Christopher Weatherhead, 22, of Northampton, and Ashley Rhodes, 28, of Camberwell, London, were jailed for 18 months and seven months respectively.

The two men carried out distributed denial of service, or DDoS, attacks which paralyse computer systems by flooding them with online requests.

The ones they attacked included payment site PayPal, costing it £3.5m.

Co-defendant Peter Gibson, of Hartlepool, was given a six-month sentence, suspended for two years.

Another defendant, Jake Birchall, 18, from Chester, will be sentenced on 1 February.
'You're being stung'

The sentences were handed down at Southwark Crown Court and are thought to be the first convictions for DDoS in the UK.

Full story: http://www.bbc.co.uk/news/uk-21187632Thanks.
But what is 3.5 m GBP in $$ Did they really do that much damage? Is that not like robbing a bank?Kind of curious as to if 3.5 Million pounds is exagerated, if they TOOK a 3.5 Million Pound loss then they must be claiming that around 35 to 40 Million Pounds worth of TRANSACTIONS were interrupted that would not complete the transaction of after the DDoS ended. Thinking the 3.5 Million is not an actual loss but an estimated or guesstimated one thats exagerated.

Its probably more like 3.5 Million Pounds of transactions were unable to be processed for a short period of time during the DDoS, of which most processed later in the day when the DDoS attack was lifted and paypal is looking at a loss of around 350,000 pounds vs 3,500,000 pounds. Quote from: DaveLembke on January 26, 2013, 06:30:01 PM

Kind of curious as to if 3.5 Million pounds is exaggerated, if they took a 3.5 Million Pound loss then they must be claiming that around 35 to 40 Million Pounds worth of transactions were interrupted that would not complete the transaction of after the DDoS ended. Thinking the 3.5 Million is not an actual loss but an estimated or guesstimated one thats exaggerated.

Its probably more like 3.5 Million Pounds of transactions were unable to be processed for a short period of time during the DDoS, of which most processed later in the day when the DDoS attack was lifted and paypal is looking at a loss of around 350,000 pounds vs 3,500,000 pounds.

Yes of course a lot of the transactions would complete later, and perhaps they had to hire temporary staff to clear the backlog and unravel the MESS. As a Sophos blogger said, you need to take this sort of damage figure with a pinch of salt. It seems to include the cost of precautions taken after the attack by PayPal that were an investment to protect the company into the future, if so it is stretching things a bit to include this in the cost of recovering from an attack. If you had a fire you might spend money afterwards analysing where process changes were needed, paying fire consultants and buying the improved alarms, sprinklers, extinguishers, and emergency training you should have had in the first place, but is that money part of the "damage"?

But there is no doubt that the hacktivist quartet did, and intended to do, as much damage as they could. They're said to have bragged on IRC, saying:

    We have probably done some million pound of dmg to mc

(The word dmg, of course, means damage, while mc is shorthand for Mastercard.)

I should note that if they had actually stolen, or obtained by fraud, that sort of amount, or caused that sort of physical damage to equipment, the sentences would have been much bigger, so maybe the judge used that pinch of salt when determining the sentence. They have clear guidelines on sentence levels and actual monetary loss has to be proved.

A few things spring out at me from the BBC report:

The Ministry of Sound (a night club/concert/record company) estimated the cost of the attack on its sites as £9,000.

The judge noted that they had debated attacking a musician's web site but decided against it. He told the court: "They got themselves into a bit of an ideological twizzle. On one hand, they wanted to attack her because she had taken a stand against breach of copyright. But on the other hand, they didn't like the idea of attacking artists."

Crown Court (senior) judges pick their words carefully. Everything they say and do is potentially subject to review by the appeal courts and even more senior judiciary. They do not use gently mocking language like that about sex offenders, murderers and bank robbers. Clearly these OFFENCES (UK spelling) fall into the less serious end of the spectrum. However any criminal conviction will blight their careers. No job requiring a good character, e.g. in government service or in the FINANCE or banking industries is going to be open to them, potentially for a decade or more.




Quote from: Geek-9pm on January 26, 2013, 12:33:52 PM
But what is 3.5 m GBP in $$

$$$$$ 5.53 million USD (real money) at today's rate

Quote from: Salmon Trout on January 27, 2013, 02:52:21 AM
The judge noted that they had debated attacking a musician's web site but decided against it.

I forgot to say this was Lily Allen. I can quite see why they didn't want to attack her. (These are young guys remember)



Quote from: Salmon Trout on January 27, 2013, 04:13:40 AM
I forgot to say this was Lily Allen. I can quite see why they didn't want to attack her. (These are young guys remember)


LOL. 

I'm glad to see these arrests.  These Anonymous members think they can do anything and get away with it.  Their arrests showed them otherwise. Quote from: soybean on January 27, 2013, 10:05:49 AM
LOL. 

I'm glad to see these arrests.  These Anonymous members think they can do anything and get away with it.  Their arrests showed them otherwise.

The mindset of the entire Anonymoose group.
121.

Solve : Blackberry 10 handset to launch first in the UK?

Answer»

The first two handsets powered by the new Blackberry 10 operating system have been unveiled.

The Z10 is CONTROLLED via a 4.2in (10.7cm) touchscreen while the Q10 has a smaller 3.1in (7.9cm) screen and physical keyboard.

The UK will be the first to get the Z10 where it will launch on Thursday.

Its appeal could determine whether the firm - which has switched its name from Research In Motion to Blackberry - has a long term future.

The new operating system had originally been due for release last year. CANADA and the UAE will get the Z10 in February and the firm said it should go on sale in the US in March.

"Two years ago we had to make a very serious decision," chief executive Thorsten Heins told a press conference in New York.
"Adopt someone else's PLATFORM or build a whole new one from ground up for Blackberry. And we made the tough call to go it alone.

"Bringing an entirely new platform to the market and ushering this company through a really difficult transition took careful planning and we absolutely knew it was risky."

Full story: http://www.bbc.co.uk/news/technology-21261809Mr. Thorsten Heins did an excellent live interview this morning on the CBC program "The Current" wherein he laid out the future vision of the company. My impression of him was very positive. It seems their current 2 Blackberry offerings are being very well received. However given the ground they surrendered to the likes of Apple and Samsung (by relying on the same flavor when others were being inovative) may be hard to regain. The launch of the Z10 is today in Canada. Personally i question the logic of RELEASING the 2nd version which includes the keyboard (in Canada in APRIL ) as opposed to either releasing it 1st may contribute to a lack of momentum in their quest to regain market share.People may wait for the keyboard version.truenorth

122.

Solve : Google Maps back on iPhone after Apple software fiasco?

Answer»

Google has released its Maps app for the iPhone, in the WAKE of COMPLAINTS about Apple's software.

Apple CONTROVERSIALLY replaced the search giant's mapping service with its own when it released its latest handset, the iPhone 5.

The move was widely criticised after numerous MISTAKES were found in Apple Maps's search results.

Google's app introduces functions previously restricted to ANDROID devices.

One analyst said it would prove popular, but added that Nokia still posed a challenge.

The Finnish company recently launched its own free maps app for the iPhone.

Full story: http://www.bbc.co.uk/news/technology-20694028

123.

Solve : Came across this today?

Answer»

This is PROBABLY not a new phenomenon.It was published today as an alternative after a major CANADIAN internet provider went down for quite a few hours. I WOULD be interested to hear and learn what COMMENTS members with knowledge of this have to SAY pro and/or con.
http://www.opennicproject.org/configure-your-dns/
truenorth

124.

Solve : Aaron Swartz, internet freedom activist, dies aged 26?

Answer»

Aaron Swartz, a celebrated internet freedom activist and early developer of the website Reddit, has died at 26.

The activist and programmer took his life in his NEW York apartment, a relative and the state medical examiner said. His body was found on Friday.

Mr Swartz began computer programming as a CHILD, and at 14 co-authored an early version of the RSS specification.

He later became an advocate of internet freedom, and was facing hacking charges at the time of his death.

He was among the founders of the Demand PROGRESS CAMPAIGN group, which lobbies against internet censorship.

Full story: HTTP://www.bbc.co.uk/news/world-us-canada-21001452

125.

Solve : Lenovo; business giant creates its own evolution.?

Answer»

OK, I made up the headline, but the news is real. And important.

Here is a quick summary
Quote

...PC giant Lenovo is considering potential acquisition targets, including BlackBerry maker Research in Motion, as part of an EFFORT to bolster its smartphone unit, according to a new report.

"We are looking at all opportunities - RIM and many OTHERS," Lenovo chief financial officer Wong Wai Ming, told Bloomberg yesterday in an interview at the World Economic Forum's meeting in Davos, Switzerland. "We'll have no hesitation if the right opportunity comes along that could benefit us and shareholders." ...
http://www.pcmag.com/article2/0,2817,2414722,00.asp


Here be  a LONGER story that is kind of stuffy, but gets the idea across.
http://gadgets.ndtv.com/mobiles/news/lenovo-considering-research-in-motion-as-takeover-target-cfo-322211

If they pull this off, expect to see products that will eat Apple.
But if they fail, yet another FOSSIL in the dust.  Interesting Article!   

Also the picture at the link http://gadgets.ndtv.com/mobiles/news/lenovo-considering-research-in-motion-as-takeover-target-cfo-322211 seems like the sign has been digitally edited, something seems wrong with its appearance and pixels in blue background of sign appear as if its been poorly edited, not smoothed over. If all pixels were like this it wouldnt stand out to my eyes. I figured if they were to edit this image to make the sign better ( more vibrant as it appears they are trying to do ), they would also have removed the guy walking to the right as well as part of a pooper scooper or whatever the pole laying on ground in front of sign goes to. Not a professional looking pic for this company IMO.  IN other news. Quote from: jason2074 on January 25, 2013, 11:44:53 PM
IN other news.
The title of that link is:

Why Microsoft should invest in Dell: It's all about tablets and the cloud

Cloud computer, at present, is FO' mobile devices. Which brings us back on topic.

 Think about it! Lenovo plus blackberry will give Del and Microsoft, or anybody, some new competition. The PC OS market will be splintered in at least five major groups. Stay tuned.
126.

Solve : Ex-Sony Wipeout veterans create new video games studio?

Answer»

A group of video games developers from Sony's defunct Liverpool operation have created a studio in the city.

Sawfly Studios told the BBC it planned to release its first game - targeted at smartphones and tablets - within the next couple of months.

About 100 people lost their jobs when Sony closed what was one of the UK's oldest games developers last August.

The unit was responsible for the Wipeout racing series, but dated back to 1984, when it was called Psygnosis.

Four of its former employees are involved in the NEW business - two designers, a programmer and an artist - but they said they might take on other ex-Sony Liverpool Studio workers once they had launched their initial title.

"Most people have already been hired, but there still a few that are looking for work," said Sawfly's managing director Mike Humphrey.

"The closure of the studio came as a bit of a shock and the artists in particular have had to SPEND time creating their portfolios and GETTING them out in the world to show what they are capable of doing.

"We WANT to grow our studio over the coming years and to take on experienced, talented people - and the workers at Liverpool Studio were exactly that. So if the opportunity arises we'll definitely be looking to grow in the city."

Full story: http://www.bbc.co.uk/news/technology-21177604

127.

Solve : MS Security Essentials Fails Antivirus Certification Test Again?

Answer» http://news.slashdot.org/story/13/01/17/2247245/microsoft-fails-antivirus-certification-test-again-challenges-the-results

Personally I have never had any issues with anything getting past MSSE, and I have had it detect bad content hidden in zip files etc prior to decompression and execution etc.

More here: http://www.ibtimes.com/microsoft-security-essentials-fails-antivirus-certification-test-second-time-row-microsoft-disputes

Quote
Out of the 25 programs tested by AV-Test, including security software from companies LIKE McAfee, Norman, Kaspersky and others, Microsoft’s Security Essentials was just one out of three that failed to gain certification.
  *Seems as though there is a typo in here Norman vs NortonThee is a lot more to be said about this. 
Quote
http://antivirus.about.com/od/antivirussoftwarereviews/a/antivirustesting.htm
... How should results be viewed?
Test results vary and are often confusing. For example, an antivirus scanner may fare very well in the VB100% Awards, but do poorly in the real-world testing of Hamburg and AV-Test.org. Indeed, such disparities are not uncommon, though there are products that maintain a respectable showing in all TESTS. ...
I have Zero issues with MSE....nothing has ever gotten thru to the 2 PC's i run it on.
One of those which  is Win7 is online 24/7 and is my main research and benchtest PC.

I would think that there were holes that this PC would be the most susceptible and after 1 1/2 years Zero threats.

Sometimes you have to temper so called "reviews" with real world experiences. Quote from: patio on January 19, 2013, 08:03:32 AM
I have Zero issues with MSE....nothing has ever gotten thru to the 2 PC's i run it on.
One of those which  is Win7 is online 24/7 and is my main research and benchtest PC.

I would think that there were holes that this PC would be the most susceptible and after 1 1/2 years Zero threats.

Sometimes you have to temper so called "reviews" with real world experiences.

Agreed, I've been using MSE for a good few years and nothing has infected any of the 3 LAPTOPS and 1 PC I run it on. I also run malwarebytes periodically and that never flags anything up that MSE may have missed. Sounds like scaremongering to me. These tests are more of worst-case scenarios, though, and that's what you people need to think of while reading this. What's really important is "Web Sense," street-smarts for the internet. Quote
*Seems as though there is a typo in here Norman vs Norton
It appears that Norman is legit.
Good to seeya Dave...hope all is well...I'm a MSE user and was sort of disappointed with Windows 8 security. Your suddenly back to Windows Defender which is the default AV for Win 8. Windows throws up warnings if you try to install MSE. The installation was pretty much blocked. While WD in Win 8 passed all of my tests I still don't like the fact that just like it always has it runs silent and in Task Manager it's listed as 'Antimalware SERVICE Executable'.

I'm surprised there has not been a big fuss over it yet.

MS says not to do it...the blogs i read have lots of fuss over it...
There is a way to sledgehammer it on there if you are interested...I'm going to ride it out unless it goes buggy or I get infected out of the blue. I do some risky web activity on a regular basis and nothing has gotten through in years unless I allowed it. And when I do run an AV scan it's never with what's installed. I'd rather get a second opinion from an online scanner.

I also have a Malwarebytes license so between the two I should be good to go. I do run an MBAM scan every other week or so.

The latest MSE "failure" just feels more like an attack on MSE rather than a true story. Who knows though. They all come and go throughout the year so being the top dog AV doesn't MEAN much IMO.
128.

Solve : Recent pronouncement by Wired re passwords?

Answer»

I am as i post this link listening to an interview with the author of this article. It presents a point of view that i think may add to ones knowledge when addressing the subject of "passwords". While listening live i have found the ACTUAL print version and include it now so that you may evaluate the position of the author.
http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/
truenorth
P.S. Should you wish to listen to the actual interview it can be found on CBC radio program "Q" of Jan 4th 2013 10 am.I read the article and I think the author blows the issue up to something larger than it is.  According him, my answers to security questions on my bank account can easily be found on the Internet because I've put it out there somewhere.  I disagree.  This may be true for many Internet users but I don't believe it's true for me and, therefore, surely not true for numerous others.  For example, if had chosen a security question about the name of the first pet I remember as a child, the author is saying it can be found on the Internet because I've stated it somewhere (facebook, a blog, etc.) on the Internet.  But, he's wrong.  I have not.

In other WORDS, I think the author exaggerates almost every point he makes.  If cracking usernames and passwords were as easy as he says, there'd surely be a lot more unauthorized accessing of banking and other financial ACCOUNTS.  Banking websites are generally tighter on security than non-financial accounts.  Typically, access will be locked on the 3rd failed attempt to enter the password.  So, that effectively blocks a computerized password-cracking program from successfully learning the password.  And, getting the password reset is not as nearly as simple as, for example, getting a forgotten password reset on an Internet discussion forum.

The author says everybody now has all their files in the cloud.  Again, this is an exaggeration.  All my photos are on my hard drive, with most backed up on CD; none are in the cloud.

On the plus side, the author mentions some of the basic flaws of many Internet users such as weak passwords, using their EMAIL address (assuming not required) as a username and using the same password for many online accounts. Soybean...
Tell Sparky i said hi.... Quote from: patio on January 04, 2013, 09:43:23 AM

Soybean...
Tell Sparky i said hi....
You guessed wrong.  And, I'm not going to say the CORRECT name here.    For security questions I don't even answer them correctly, I instead make another password. Even the most in-depth search of my history would not be able to discover that my answer for "What is your mother's maiden name" was something like "5%T_#34Nj"
129.

Solve : Portable Build Of FireFox 64 bits?

Answer»

What? A 64 b it Portable Fix fox?   
(In this context portable means can be put on a flash DRIVE.)
Here is the news:
Quote

This 64-Bit, Portable Build Of FireFox Is Fast
Updated 4. January 2013 - 23:12 by rob.schifreen

Although Windows has been WIDELY used in 64-bit flavours for a couple of years now, certain CATEGORIES of software have been SLOW to jump on the bandwagon and still don't work reliably in anything but 32-bit varieties.

Top of the LIST of culprits is web browsers.  If you find that a plug-in, add-on or a specific web site doesn't work properly in your browser, and especially if you're using Internet Explorer, the first thing to try is to run the 32-bit version rather than 64.
I have yet to try it, but I believe he is right. What say you?

All it means is  A) it's a portable version...and B) it's written for 64 bit.
130.

Solve : Elite video game reboot hits funding target?

Answer»

An ambitious plan to update classic space trading game Elite has hit its funding target.

The game first appeared on the BBC Micro in 1984 but one of the game's ORIGINAL CREATORS wanted to make a modern PC version.

David Braben sought £1.25m via crowd-sourcing site Kickstarter to fund the 21st century update.

A last minute surge of pledges helped it reach its goal less than 48 hours before Friday's funding deadline.
Funding squeeze

Elite: Dangerous debuted on Kickstarter on 5 NOVEMBER and set itself 60 days to raise £1.25m. In November, Mr Braben SAID Elite was a game he had wanted to come back to for a "long, long time".

Although some early work on the multiplayer title had been done at Mr Braben's game studio Frontier Developments, but needed the cash to turn the code into a finished playable product. If the game did not hit its funding target then development work would stop.


Full Story: http://www.bbc.co.uk/news/technology-20897768


I for one cannot wait, I still play Elite, and Elite Frontiers to this day.

131.

Solve : Schools' codebreaking competition winners announced?

Answer»

A team from City of London School has been named the winner of a national codebreaking COMPETITION.

In TOTAL 6,268 pupils from 725 British SCHOOLS took part in the National Cypher Challenge at the end of 2012.

Previous years have seen 200 teams TAKE part but this year 1,600 teams signed up to decode a series of cryptic codes released online.

The event was organised by Southampton University with support from GCHQ and commercial partners.

The competition was only for UK schools but teams from Tokyo, Bancock, Florida and Honolulu also applied to take part.

Full STORY: http://www.bbc.co.uk/news/technology-21121058

132.

Solve : Microsoft - Found this as a support bash, they don't have time for 7?

Answer» http://windows.microsoft.com/en-US/windows/downloads/personalize/gadgets

Because we want to focus on the exciting possibilities of the NEWEST version of Windows, the Windows website no longer hosts the gadget gallery.

Found this page earlier today when performing a fresh Windows 7 install and wanting to add a CPU and Network monitor gadget to the desktop.

I laughed when I read it because gadgets for Windows 7 are not outdated and to be considered legacy. What I saw when I read this was a RUDE STATEMENT OF .... "MOVE TO WINDOWS 8, We don't have the space available to offer 500MB of our web servers massive TB of storage to store and host for free download Gadgets for Windows 7".

Personally I feel that they should have remained hosting the gadgets for download and state that Microsoft is no longer developing and supporting the FOLLOWING list of gadgets. Download and use at own risk confirmation prior to download with reference to potential security vulnerabilities of using these gadgets, and allow the download of gadgets they once had offered here. MAKE a new page for Windows 8 and offer a link here for Windows 8 gadgets if there are any.

*Fortunately I saved a backup copy of my gadgets in my archive of software on an external drive and was able to find it and install it since they are gone from Microsoft.

I dont believe that these were removed just because of MS Security Advisory (2719662)
http://technet.microsoft.com/en-us/security/advisory/2719662
because they clearly state" Because we want to focus on the exciting possibilities of the newest version of Windows"That is in fact why MS no longer supports gadgets.The only way to "fix" the vulnerability within gadgets would require them to completely rework the entire FRAMEWORK on which they are designed.

Guess where they focussed that rewrite? The new Version of Windows. There isn't much point redoing it for Windows 7 because that means every single existing gadget would need to be rewritten. And since they would have to be rewritten for the win8 equivalent it doesn't make any business sense at all to rework the windows 7 implementation.The 'gadgets' were fairly useless anyways. One of the first things I did with Windows 7 was remove the Gadgets feature through Windows Components because it's so bad; actually installing or placing any gadgets at all uses unnecessary amounts of system resources.

If you actually want or think you need a gadget platform use Rainmeter or a similar customization toolkit. If you just want CPU and network meters Process Explorer can be setup with tray icons to report them. Networx is another good network meter that tracks and summarizes usage over long periods of time and can be used to generate usage reports.

Bottom line: Gadgets for Windows 7 were insecure; they didn't want to spend the time rewriting the entire platform, bye bye gadgets. And  I say good riddance too! Quote
If you actually want or think you need a gadget platform use Rainmeter or a similar customization toolkit. If you just want CPU and network meters Process Explorer can be setup with tray icons to report them. Networx is another good network meter that tracks and summarizes usage over long periods of time and can be used to generate usage reports.

Thanks for posting this info... going to check into those. I used Process Explorer years ago, but wasn't aware of the ability to be setup with tray icons to report CPU & Network Meters, so its worth checking into it. Also I was using the network meter to keep an eye on network traffic and usage. So I will be checking into the Networx as well.

Also, as I type this on my Linux Mint 14 system, I find it interesting that their open source Widgets (similar to gadgets don't have the framework flaw in design), and being that its open source it would seem easy to port this to Windows 7 and Vista installation to fix what Microsoft refuses to put effort into fixing and give people this functionality back.

Yes they did tie up a small amount of resources to run, but when run on a system with plenty of processing power to spare, their impact on performance is too minimal to be observed to me. However I was only running 2 gadgets and if you were someone who had to have everything reporting everything and anything etc I can see it being a memory hog etc as well as slowing down an older computer. But on this Pentium 4  2.00Ghz with 1GB Ram running Mint 14, the 2 widgets I have on it don't seem to slow it down any and its surprisingly fast for its age and a modern distro of Linux. I expected this system to be unbearably slow with Mint 14 since its an early Pentium 4 before the better Pentium 4 CPU's with Hyperthreading. If widgets/gadgets were going to show an impact on performance I would expect this system to show that, but it hasn't, so the resources to run them is really quite small; or at least the 2 that I am using are resource sippers.


Quote from: DaveLembke on December 29, 2012, 11:51:47 AM
Also, as I type this on my Linux Mint 14 system, I find it interesting that their open source Widgets (similar to gadgets don't have the framework flaw in design), and being that its open source it would seem easy to port this to Windows 7 and Vista installation to fix what Microsoft refuses to put effort into fixing and give people this functionality back.

Gnome doesn't have "widgets". there are a variety of similar capabilities exposed via other packages. Screenlets, and GDesklets being two such packages. Plasma-Desktop also runs on Gnome, but has a lot of KDE dependencies.


I'm not really sure what you are driving at here, though. There are already other alternatives, such as the already mentioned Rainmeter, or something like XWidgets, or something like Object Desktop available for Windows. You certainly aren't suggesting they actually integrate a GPL product into Windows, I hope.

The resource usage of Widgets can easily be observed by watching the memory usage of sidebar .exe (on windows) or the appropriate process for your selected Widget Package on Desktop Linux. Windows widget's run through JAVASCRIPT for which the interpreter is generally a tad on the messy side as far as memory cleanup, and JS isn't particularly well-suited to long-running tasks as a result. A quick look at the Linux Widget's show that they are generally coupled with the Desktop Environment, and seem to only support C or C++; and in some cases things like TCL/TK- as the language for the widgets themselves. Screenlets is probably the best implementation, since it supports Python and HTML/JavaScript/CSS. I couldn't find any documentation on how to create a Widget in any of them, though. It's probably one of those Open Source Projects that pretends the Source code is the documentation or some drivel like that.
133.

Solve : Makers Of Minecraft Documentary Put It On The Pirate Bay, Despite XBox launch?

Answer»

Last week, I got an email from 2 Player Productions, the video game documentary FILMMAKERS who have done a documentary on Mojang (makers of Minecraft) and who are working on the documentary about Double Fine making their new adventure game, which was part of SUPER successful Kickstarter campaign (the Minecraft movie itself was also a successful Kickstarter project). The email was to talk about the RELEASE of the Minecraft documentary, and they promised that backers of the Double Fine project could watch a free stream -- which seemed like a cool way to thank those fans. Reports also came out that Gold Members on Xbox Live could watch the film debut for free as well.

But, then, they took lots of folks by surprise and announced that they had PUT a copy up on The Pirate Bay as well. Even though they're selling it as an $8 DRM-free download, you can also get a copy at The Pirate Bay, where the 2 Player Production folks left a nice note:

Fulls story inc note: HTTP://www.techdirt.com/blog/casestudies/articles/20121225/01410821482/makers-minecraft-documentary-put-it-pirate-bay-despite-high-profile-launch-with-xbox.shtml?utm_source=dlvr.it&utm_medium=twitter

134.

Solve : Microsoft's New Year Predictions .?

Answer»

Quote

    Microsoft's NEW Year Predictions for Itself

    Here are the areas where Microsoft will lead the industry, according to Ballmer's NOVEMBER 28 ADDRESS. 12/21/2012
    Sinofsky Lands Teaching Gig at Harvard Business School 12/20/2012
    Microsoft Issues Warnings About Windows Management Framework 3.0 12/18/2012
    Google Dropping Some Support for Exchange ACTIVESYNC 12/17/2012
    BeyondTrust Extends Privilege Management with Acquisition of Blackbird Group 12/17/2012
    Businesses Face Choices in BUYING Windows 8 Devices 12/14/2012
To see the links, go to:
http://redmondmag.com/blogs/it-decision-maker/2012/08/windows-8-missing-info.aspx
135.

Solve : Upcoming world conference on Internet?

Answer»

As many may be aware a conference is about to get underway in Dubai re the manner in which the internet should be regulated and accessed. There are a variety of positions being put FORWARD by various countries. There is a constant tug of WAR going on between those that would regulate more and those that believe less is better. Here is a link to Canada's position on the matter.
http://www.canada.com/technology/internet/Canada+opposes+governments+having+broad+control+Internet/7630069/story.html
truenorthRussia, China and Iran are the ones supporting the idea of controlling the Internet so what else is new, looking at these three countries and their reputations.......... Quote from: Cyclops on December 02, 2012, 02:16:44 PM

Russia, China and Iran are the ones supporting the idea of controlling the Internet so what else is new, looking at these three countries and their reputations..........

America is too. Quote from: Technoid on December 28, 2012, 04:33:42 PM
America is too.
Umm...no.

This is from the Internet conference that happened recently (RESULTS are in French, look for États-Unis) http://www.itu.int/osg/wcit-12/highlights/signatories.html Quote from: Helpmeh on December 29, 2012, 09:48:09 AM
Umm...no.

This is from the Internet conference that happened recently (results are in French, look for États-Unis) http://www.itu.int/osg/wcit-12/highlights/signatories.html

I didn't read the entire article, but aren't they the ones that made SOPA and CISPA and stuff? Quote from: Technoid on December 29, 2012, 10:26:22 AM
I didn't read the entire article, but aren't they the ones that made SOPA and CISPA and stuff?
SOPA and CISPA do not pertain to the regulation of the Internet, no matter which blowhard told you so. Neither has any RELEVANCE to the conference. Quote from: BC_Programmer on December 29, 2012, 10:42:10 AM
SOPA and CISPA do not pertain to the regulation of the Internet, no matter which blowhard told you so. Neither has any relevance to the conference.

Thank You...
136.

Solve : Instagram (Facebook) seeks right to sell access to photos to advertisers?

Answer»

Facebook's photo-sharing site Instagram has updated its privacy policy giving it the right to sell users' photos to advertisers without notification.

Unless users delete their Instagram accounts by a deadline of 16 January, they cannot opt out.

The changes also mean Instagram can share information about its users with Facebook, its parent company, as well as other affiliates and advertisers.

The MOVE riled social media users, with one likening it to a "suicide note".

The new policies follow Facebook's record $1BN (£616m; 758 euro) acquisition of Instagram in April.

Facebook's vice-president of global marketing solutions Carolyn Everson earlier this month had said: "Eventually we'll FIGURE out a WAY to monetise Instagram."

Full STORY: http://www.bbc.co.uk/news/technology-20767537Subject being discussed on Canadian media this morning and company's initial response has been to say basically that they are reexamining their process re Instagram. truenorthUhm..it's great, thank for news sir.

137.

Solve : MS Fails AV-Test Certification?

Answer»

Here is the link to the article.

http://securitywatch.pcmag.com/none/305401-microsoft-fails-av-test-certificationCoincidentally, MS is also the only company that doesn't give the German "AV Lab" 'Donations'. They mention Vipre protection app...thats where they lost credibility with me...

I use this Site...BTW...i have had zero issues since i switched to MSE on my VISTA 64 bit INSTALL 2 or so years ago...i now have it on my XP and Win7 rigs as well...

MSE
MalwareBytes
SAS
Win Patrol
and Stinger on demand trojan app...

Works real well for me...

P.S. approx once a month i do a rootkit scan just in case.I don't know why I didn't notice this before.

According to the article, MSE, like other AV suites, was scored in three areas. it got 64 out of 100, 100 out of 100, and 90 out of 100.

For some reason, this was totalled into.... 1.5 out of 6.

64 out of 100
100 out of 100
90 out of 100

The average of these three would in fact give it a 5.08 out of 6, not 1.5. Not sure what's up with that.

I'm also interested in how they would come up with the scores. How is 100/100 an "average" score for usability? How do they rate it, exactly? Of course those types of things- the things that make a test reproducible or reveal it as nothing more than a subjective viewpoint VEILED into an OFFICIAL sounding report- never seem to be shared by these "testing" companies/groups.

138.

Solve : Intel CPU shifts to BGA??

Answer» Intel rumored moving to non-upgradable desktop CPUs with Broadwell My brother told me about this the other day. Its a stupid move to make CPU/Motherboards a 1 piece upgrade. So much waste!

Laptops have been pretty much this way for years, even if CPU was removable unlocking it from the socket, very few people would upgrade a CPU in a laptop.

I have always liked the ability to use a motherboard through a few generations of processors, and this would kill that pro feature if both AMD and INTEL both went with this setup.

My current motherboard on my main system is a Biostar MCP6PB M2+ and it has lasted through "3 CPU performance upgrades", a single core AMD Athlon AM2 CPU, an AMD Athlon II x2 Dual-core AM3, and more recently a AMD Athlon II x4 AM3 Quadcore.

My system now can go with a faster CPU, but its not worth it because I am running DDR2 800Mhz RAM, and so the AM3 CPU with SUPPORT for both DDR2 and DDR3 is running on a slower memory setup, and the next upgrade should be an AM3+ to migrate my AM3 quadcore forward and have support for both DDR3 and newer CPU upgrade of the future is I decide to stick with this motherboard.

*To me it seems as though the smaller board manufacturers would be cut off and a monopoly would happen between Intel and the choice board manufacturers. And it would drive sales of computers from HP etc as for do it yourself upgrades might not be that affordable and as much of a bargain to save money as they once use to be since you are no longer just upgrading the CPU, but now also the entire motherboard. So on LOWER end CPU's your looking at a cost INCREASE of at least $100 per upgrade overtop what prior upgrades use to cost because the you are having to buy the pair CPU/Motherboard as 1 unit.

While I do think that the Atom processors coming on Intel motherboards make sense, I dont believe  this is a smart move for the future of Intel and its customers for their entire product line. Hoping AMD will stick with upgradability as they always have, as for if they do so, gamers and people like myself who have to constantly buy newer and faster, but want the best deal for their money will be flooding over to them and their sales would thrive as Intel will only be able to sell boards that business applications would use that plan on running them for 3 to 5 years and throwing them away even though they function properly. A serious gamer would have to throw away a motherboard and CPU out every 12 to 18 months to stay up with performance if they went with Intel and this hardware merger.

Lastly even though AMD is pushing APU's and i am not that excited about them as for I still like the seperation between CPU and GPU for upgradability and flexability of choice hardware combinations. I dont believe the APU is as bad as a CPU/Motherboard Merger/Monopoly! At least with the APU's you still have choices, Intel takes away your choices with this setup.

I use to buy only Intel until 2003, and made the move to AMD in LATE 2003 with Athlon XP 2800+ 2.08Ghz, and pretty much stuck with them. I have bought some Intel CPU's when the prices were a bargain etc, and got a lot of Intels for free from crashed systems, but I have stuck with AMD for 90+% of my computing because the price/performance comparison has always SEEMED like the best bang for the buck as well as I really liked when they went with AM2+ and AM3+ sockets that allow for upgradability without motherboard upgrades required. At the time of buying my AM2+ motherboard in late 2008 I paid $65 on a newegg deal, a single-core AM2 CPU and motherboard. I then got a cheap AM2+ dual-core 2 years later for like $40 and then lucked out getting a quadcore AM3 for free from a friend about 18 months ago when he cooked his integrated GPU on his HP and needed to replace his motherboard and even though I told him he could keep the same CPU, he decided he wanted the Phenom II x6, so I offered to buy this quadcore for ( $50 ) ... 50% of what it retailed for online and he said you can have it free since I helped him rebuild his HP with the new motherboard and CPU.

I can only hope that AMD sticks with removable CPU's!
139.

Solve : MS is telling us that we like Windows 8?

Answer»

Here is the link to the full story.

http://www.technologyreview.com/news/508546/microsoft-has-been-watching-and-it-says-youre-getting-used-to-windows-8/

I just LOVE this quote from the article.  "Referring to complaints from some quarters, Larson-Green says: “Even with the rumblings, we feel confident that it’s a moment in time more than an actual problem.”'Windows 8 SOLD as many copies in a Month as Windows 7 did in the first three months of Windows 7's release.

If you ask me the "scathing reviews" are by 'journalists' (and I use that term loosely) who are basically jumping on the BANDWAGON. A LOT of them hadn't even tried win8 before offering their "review" of the OS! (How does that work?). Many of the rest of them FOCUS on the Windows Store... and then get all their facts wrong anyway. Hooray journalistic integrity.

140.

Solve : Brute Force Password Attack...?

Answer»

Here is the link to the full story.

http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/Currently the page returns"service is temporarily unavailable" with Opera. May only be as stated--time will tell.truenorthTry 2 or 3 times...it loaded for me after that...Just tried the link again after about 2 hours and connected 1st go.If i understand the thrust it is emphasizing the current ability to recover lost passwords (lost through being forgotten).But surely the vulnerability of passwords being a protective device are also compromised by this ability. I wonder if this also has ramifications for the alleged security of data transmission on encrypted sites? Ah well the constant contests between the mice and the mousetrap builders continues.truenorth Quote from: truenorth on December 05, 2012, 10:45:00 AM

If i understand the thrust it is emphasizing the current ability to recover lost passwords
No. It is emphasizing the ability to crack them. Lost passwords should, by definition, be unrecoverable.

Most of it is rife with inaccuracies, even after the edit. For example the LM hash, to my recollection hasn't been used extensively since NT4. And being able to crack an NTLM password (or even LM, really) requires root level or physical access to the machine in order to read the SAM file, at which point you can simply remove said password anyway.

Quote
the quote regarding 14char passwords falling in 6 minutes was for LM encrypted

I always see articles and stuff referring to password security and how long it takes to brute force and so forth, and they always seem to use the LM hash. Despite what the article says, the last version to use LM by default was Windows 2000, to my recollection, if not NT4. 2000 and XP support LM hashes but only if they are networked with NT4 or 2000 machines that use the LM hash, despite what the article and the edit say (that it's used on XP)


The typical method of storing passwords is of course to never store the password at all. Instead, the password is sent through a one-way hash. The idea here is that you store the hash, and then when you want to verify a password you hash the input and compare it to the stored value to see if they MATCH. The idea here being to increase security in the event that the database of stored hashes is ACQUIRED by malevolent parties.

Usually, the passwords are salted in some way. This is done to essentially add entropy, and needs to be something that will remain the same. Some authentication systems designed only for use on one machine will use that machines network Mac Address. Others will salt the password hash using the username or userid as it exists in the system. etc. The purpose being to make it so even if two users were to have the same password, their hashes would not be identical for other reasons.

This is a cryptographically secure system, as long as the hash algorithm is cryptographically secure.


Most attacks of cryptographically secure systems are done via brute-forcing of the password, which is, essentially, checking every single possible password and Salt combination, and seeing if the hash goes through. In order for this attack to be feasible you the hashes, so the database of the website or service will need to be compromised. Otherwise, you're only way to check against them would be to use their API or service, and I've personally yet to see a service that doesn't lock you out from repeated attempts to login with the wrong password.

With access to the Hashes, they are still relatively safe, but it is possible to attack the hashed value of a password using rainbow tables. These are gigantic, pre-computed hash-values for every possible combination of characters. Each one has to be tailored to any individual salting method applied by the service on question, and they are often UPWARDS of 8GB in size. An attacking PC can calculate these hashes on the fly, but using a massive table of already-calculated information is helpful because hash algorithms are typically very processor intensive, so such a table allows an attack to proceed a lot faster, particularly if the machine in question has the memory to keep most of or all of said table in RAM.


There are already Rainbow tables available for the NT Hashes, making it possible to brute force a good percentage of peoples Windows XP, Vista, 7, and 8 Passwords.

However, the actual hash data is not something that Windows just gives to any program that asks for it. Usually you need to reboot into a LiveCD or other OS, or run a program with LocalSystem privileges to get read/write access to the files where the hashes are stored. So if a hash is in a position to be compromised using rainbow tables it's already a breach.

regarding SSL and encrypted websites: they use a Public/Private key symmetric algorithm, which means that in order to get the data needed to reverse-engineer the encryption using brute force you would need to perform a Man in the middle attack of some sort. The method of SSL connections however makes such an attack difficult because there are checks in place that try to determine if something is fishy (within the confines of TCP, that is)

When it comes to brute force attacks to find correct passwords, I thought this was detered by processes that monitor how many failed logons before consecutive attempts are rejected or how many times an account attempts to logon within a given period of time before attempts are rejected from being considered for authentication.

If you have physical access to their laptop etc, you already own it, to boot it off of Linux distro etc, but for non physical access in which you are making remote attempts, it would take forever I would think unless you are snagging the easy to crack accounts with bad/weak passwords.

Sure if you have a system that is willing to take any and all authentication attempts no matter how fast they inquire with a user/password combination its just a matter of time before its cracked depending on length and complexity of the password itself. But systems that block authentication for like 3 minutes after too many consecutive failed logins, I would think would take 10,000 years or more to crack since you would need to test say 3 logons, wait 3 minutes, test another 3, wait 3 minutes ......... a process that would take A LONG TIME vs throwing up to say 10 per second at it.

 I suppose if you had an army of computers, a hacker owning a bunch of zombies, or army of threads to the server all trying to authenticate at the same time with multiple user accounts, multiple passwords you might have better luck getting in since its like having a warehouse full of slot machines and being able to run them all at the same time with an unlimited supply of quarters to play. If you played just 1 machine you might hit a jackpot (777) in 2 or 3 days, but if you could play them all at the same time, your PROBABLY going to get a couple jackpots a day. Jackpot here would be cracking the users credentials with a team of computers/threads and only the easy ones to crack by dictionary attack or bad commonly used passwords would jackpot as a successful authentication and your odds at slot machines are way better than users passwords.

If the system tested 3 times and failed and moved on to another user and tried 3 times quickly, but yet kept a database of attempted passwords that failed in relation to users and moved onto the next from list or next random, I suppose this could be a brute force approach, but it wouldnt be targetting 1 specific user, because the 3 minute timeout that disallows further authentication would reject for at least that say 3 minutes for example, and if a 4th attempt is tried within the 3 minutes, the timer is reset and so its not like after 3 minutes the server would allow another 3 to be accepted, every attempt after the timeout is reached would reset the timeout counter so it would never count down to 0 and reenable the authentication for another 3 if 3 is the magic number of allowed attempts per timeout interval.

So in this case the more computers/threads and bandwidth you had and all able to interface with a common database among all to avoid redundant attempts is probably the only brute force i can see against a system that has lockout protection. Or is there another method I am not aware of?



Quote from: DaveLembke on December 05, 2012, 10:55:46 PM
When it comes to brute force attacks to find correct passwords, I thought this was detered by processes that monitor how many failed logons before consecutive attempts are rejected or how many times an account attempts to logon within a given period of time before attempts are rejected from being considered for authentication.
This is talking about brute forcing the hash value after it's been acquired. Website database leaks are quite common.
Went back to read it in full, and just saw that somone else also noted that there was a typo that this is NOT for online attacks, just saw this at the bottom when going back to read this a 2nd time ...

Quote
I think you are missing two “not”s in this paragraph:

“Tools like Gosney’s GPU cluster are suited for an “online” attack scenario against a live system. Rather, they’re used in “offline” attacks against collections of leaked or stolen passwords that were stored in encrypted form, Thorsheim said. In that situation, attackers are limited to a set number of password attempts – hardware and software limitations are all that matter.”

And the editor corrected it with this:
Quote
Tools like Gosney’s GPU cluster aren’t suited for an “online” attack scenario against a live system. Rather, they’re used in “offline” attacks against collections of leaked or stolen passwords that were stored in encrypted form, Thorsheim said. In that situation, attackers aren’t limited to a set number of password attempts – hardware and software limitations are all that matter.

Thanks for clarification BC, time for a cup of coffee to wake up and read the contents correctly. This graveyard shift is painful..LOL I have a few questions about this, and the ability to really secure a computer.

I use TrueCrypt to encrypt what I think are my sensitive DOCUMENTS, and I have a 31 character password to access it.  I don't do online banking, or enter personal information on the internet.  Is there a way to make it so that these passwords aren't stored on my computer? You know, even if they are encrypted.

I guess the second question is a little subjective.  I'm really not that fascinating with government or trade secrets, so to simplify it right down to basics, I have is this - How secure do I really need to be? Quote from: Quantos on December 06, 2012, 03:02:58 AM
I use TrueCrypt to encrypt what I think are my sensitive documents, and I have a 31 character password to access it.  I don't do online banking, or enter personal information on the internet.  Is there a way to make it so that these passwords aren't stored on my computer? You know, even if they are encrypted.
They aren't stored on your computer (as far as I know). TruCrypt doesn't work the same way, since it doesn't really use a hash that it keeps around.

Usually, encryption and decryption is more akin to SSL; when it saves a file, it uses the password and uses it to encrypt, in a reversible way, that piece of data before writing it; to decrypt, it uses the provided password and reverses the procedure. If the passwords don't match, the result will be garbage.

Quote
I guess the second question is a little subjective.  I'm really not that fascinating with government or trade secrets, so to simplify it right down to basics, I have is this - How secure do I really need to be?

Personally I just use a different, randomly generated password for all sites I visit. The biggest "danger" is with using the same password in various locations, because then a breech of security at one place could cause your other accounts to be compromised.

A personal Example is that until recently I used the same password for everything. Apparently, one of those things was a blog that ran on gawker, because the gawker blog network was hacked and all the passwords were acquired by hackers. My first clue was when my website cpanel was locked out because somebody was trying to brute force it, which prompted me to change my password on everything else. My cpanel didn't use the same password, it's password was randomly generated, so that was safe. Now all my passwords are randomly  generated.Thanks BC, I appreciate it.From BC's statement:
Quote
Now all my passwords are randomly  generated.

*This has got to make it fun logging on. I tried a similar randomly generated password generator which was like an output of: 5Gt8!Wb$29hP for 12 random characters upper/lowercase/numbers/ and special characters and I found that unless I had it written down somewhere's I'd be in trouble. I wrote a quick C++ program that had 12 randomly generated characters with a seeded timer for each character generated to make it as random as I possibly could by adding user random timing in when an input is processed to grab the next character. I didnt like riding the algorithm, since as you know rand without a seed will always spit out the same output in the same order if anyone else mimic'ed the generator for 12 digits concatonated without a seed. So definately had to seed it. Then concatonate the output from the 12 variables holding each character that landed on the input condition.

*Sure you could use your own randomness picking all characters off the top of your head, but I thought this C++ program would be a fun 25 minute time waster to code up and perfect for something that serves a purpose even if one is not really necessary.

At first this program was a neat way to create complex passwords, but it became a pain having to look at a sticky note tucked away in a hidden spot ( not under keyboard...LOL )

So while I still use complicated passwords like this for important stuff, I use lesser complex for my system logon which are easy to remember and secure enough for a system that is only online when I am at the computer.

If your remembering the randomly created passwords, is there a trick to memorizing them with the jumble that they appear as or like me you have a hidden sheet of paper and have to refer to it to get it correct? Usually I can remember it, but then get the cases wrong so 5Gt8!Wb$29hP would be 5Gt8!wB$29hP or something incorrect as such.

My wife hates when I have her logon on my behalf to check on something when I am on the road, she says my passwords are retarded... I laugh and say no they are strong.  Quote from: DaveLembke on December 12, 2012, 01:01:29 AM
From BC's statement:
*This has got to make it fun logging on. I tried a similar randomly generated password generator which was like an output of: 5Gt8!Wb$29hP for 12 random characters upper/lowercase/numbers/ and special characters and I found that unless I had it written down somewhere's I'd be in trouble. I wrote a quick C++ program that had 12 randomly generated characters with a seeded timer for each character generated to make it as random as I possibly could by adding user random timing in when an input is processed to grab the next character. I didnt like riding the algorithm, since as you know rand without a seed will always spit out the same output in the same order if anyone else mimic'ed the generator for 12 digits concatonated without a seed. So definately had to seed it. Then concatonate the output from the 12 variables holding each character that landed on the input condition.

*Sure you could use your own randomness picking all characters off the top of your head, but I thought this C++ program would be a fun 25 minute time waster to code up and perfect for something that serves a purpose even if one is not really necessary.
This is my program. For that purpose.

Code: [Select] class Program
    {
        static Random rgen = new Random();
        static String ValidChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890!#$%^&*()_";
        static string GeneratePassword(int length, string allowedChars)
        {
            return new string(Enumerable.Range(0, length).Select
                (a => allowedChars[rgen.Next(allowedChars.Length)]).ToArray());
        }
        static void Main(string[] args)
        {
            String RandomString = GeneratePassword(20,ValidChars);
            Console.WriteLine(RandomString);
            Console.ReadKey();

        }
    }
Quote
If your remembering the randomly created passwords, is there a trick to memorizing them with the jumble that they appear as or like me you have a hidden sheet of paper and have to refer to it to get it correct? Usually I can remember it, but then get the cases wrong so 5Gt8!Wb$29hP would be 5Gt8!wB$29hP or something incorrect as such.
I Have them as a text file on my hard drive. Normally I just have Firefox remember them for me. I do have my E-mail and webhost passwords memorized, though, simply because I've put them in enough times.  Other passwords are easier to remember but only because they are passphrases (sometimes I'm too lazy to use the generator even, so I just make up a phrase).


You might think having them in a text file is "dangerous", because malware could easily get at it. That's true. However, a piece of malware would have to specially configured to find where I keep the file, or be a special RAT with an actual person on the other end looking for them. But at that point you've already lost anyway. Quote from: DaveLembke on December 12, 2012, 01:01:29 AM
If your remembering the randomly created passwords, is there a trick to memorizing them with the jumble that they appear as or like me you have a hidden sheet of paper and have to refer to it to get it correct?
I don't use "randomly created passwords" due to the difficulty I would have remembering them.  For non-sensitive passworded websites such as forums, I use only 2 or 3 different passwords.  For sensitive websites such as any type of financial-related site, I create passwords that have some meaning to me, such as a mix of letters and numbers from the name and zip code of a city I have some connection with.  I keep these passwords in a PC file but I replace some of the characters with asterisks and keep just a few characters that are actually in the password to help me recall the full password.
141.

Solve : UK is a nation of data-hungry net shoppers, says survey?

Answer» INTERNET shopping is more popular in the UK than in any other major country, a SURVEY from regulator Ofcom suggests.

Consumers in the UK spend an average of £1,083 a year on internet shopping, compared with Australia which spends the second highest at £842, it said.

The UK's fondness for net shopping is, in part, driven by mobile devices.

UK consumers are also downloading more data from their mobiles than any other nation, ACCORDING to the survey.

The study also indicated that:

    In December 2011 the average UK mobile connection used 424MB (megabytes) of data, higher than Japanese users who averaged 392MBs.
    16% of all web traffic in the UK was from mobiles, tablets or other connected devices - more than any other European country.
    Four in ten UK adults now access Facebook, Twitter and others social networks via their mobiles.
    For 18 to 24-year-olds the figures is even higher, at 62%.

The FINDINGS form part of Ofcom's seventh International Communications Market Report, which looks at the take-up, AVAILABILITY, price and use of broadband, landlines, mobiles, TV and radio across 17 major countries.

Brits are also the most likely to watch TV-on-demand and use digital video recorders, the report suggests.

Full story: http://www.bbc.co.uk/news/technology-20700046
142.

Solve : Goodbye disc drives?

Answer»

It looks like it's inevitable. Check it out.  http://www.cnn.com/2012/12/06/tech/innovation/imac-disc-drive/index.html?hpt=hp_t2
I still want my optical storage drives, and believe others will also want an ability to store data in a manner that involves optical storage which is not susceptible to static, and aging electronic components leading to total data loss, and single point of failures.

As far as my computing today, I love SSD's for their speed for games etc, but I store my important data still on spinning platters, and my most important data that I never want to lose on DVD-R storage discs.

If I was forced due to obsolescence to go with flash storage for my most important data for long term storage, I would have to have multiple redundancy of it, and still I would feel like there is too much risk to lose it all due to Read/Write nature of Flash media. The Read-Only of CD-R and DVD-R's adds a level of protection that I enjoy, that a virus etc cant kill the disc, unless one had the ability to activate the laser and double etch the aluminum within the disc to cancel out the data and trash it. None have acted like that yet!

In the past, I have suffered total data losses. I LEARNED through this process to protect myself from total loss by implemention of redundancy, and when optical storage became available and affordable with CD-R's for 650mb and 700mb storage it was a blessing compared to the stacks of about 1500+ floppy disks I had prior, some of them spanned to store larger than 1.44mb files. When I got my first CD-RW drive about 13 years ago. I was so excited when i took my stacks of floppies and squeezed them all onto 4 CD-R's, then able to toss out 90% of the floppies and just keep the purchased software floppies and DOS 5, 6.22 etc sets and Windows 3.11.

I lost a tremendous amount of data in 1995 due to the Michelangelo/Stoned Virus as MSAV detected it. Back then I did not have redundant backups, and important data would remain on a single disk. I ended up infecting many disks before finding out I was infected and each floppy inserted was getting trashed. At the time I was running DOS 6.0 and Windows 3.11 which had MSAV and it detected the virus only because I ran MSAV, I had no antivirus installed to Windows 3.11, nothing monitoring for anything bad, but the damage was done. The point of INFECTION was buying a 386 computer which came with a box of disks at a yard sale for $20 and popping them in 1 by 1 looking for anything interesting on them, sometimes finding games etc on unlabelled disks, sometimes finding business info etc, which I had no interest in and deleted the data to make the disks blank for my use. I then implemented testing and scanning new disks with the 386 16Mhz computer as a quarantine area first before bringing them over to my faster 486DX33Mhz computer, as well as any important data I would make a 2nd copy of and store them in a box seperate from the frequently used disks to limit any future infection spreads. As soon as I got Windows 95 and AOL 3.0 in 1996, I installed Norton Utilities 2.0 with a background scanner. This protected me many times from infected files that I found for download of FreeWare & Shareware.

Quote

"As personal cloud services become ubiquitous and broadband speeds increase, there's very little reason for many consumers to use an optical drive on their computer going forward," Gartenberg said.

Here is an area that I have a BIG problem with. I have very little trust in Cloud Storage Services as for its out on the cloud "somewhere", likely stored on multiple SERVERS for redundancy to make your data safe from loss. BUT who can look at your data, who can steal your data, who can alter your data, and use your data in a manner to profile you based on the type of data is stored there. I am even more concerned over the FREE storage clouds more than the subscription ones. Companies are always evolving and while you may have agreed to terms and conditions initially that looked like a great idea, down the road they might change their terms and conditions and not necessarily have to notify you on this as for the initial agreement that you agreed to clearly stated, "* Terms and Conditions Subject to Change at Anytime. Also if the terms changed and you are no longer in acceptance to your data being stored there and want to remove your data, to your perception of the storage area it might look like the data is gone, but how do you know that the cloud storage provider is not shadow copying this data or keeping its own long term storage of this data offline for legal liability reasons. As well as what if they are sloppy in an upgrade process and ship out a blade servers bank of drives without scrubbing them first. Now your data is no longer in their control as for its usually sold to other companies who recycle the hardware to put it back into operation or parts it out and make a profit, or it goes to the local dump, or it gets sent back to the equipment manufacturer through a recycle agreement and is shipped to China or some other country where in any of these situations listed the drives are just waiting for someone with shady intentions to search the drives for anything good and to make money on it on the black market. Next thing you know your data was stolen, ( your Identity, your Money, your credit History... since they opened up loans in your name and ran off with the money leaving you holding the bag, your Inventions, Source Code, and any endless number of things that are important to you or your company that has data stored there.)

Also to mention that they state that Sony is pulling out of Optical storage ... Sony who lead us into Optical storage, is just 1 company of many that makes Optical storage drives. Sony pulling out just makes other smaller companies thrive.

Grimmest Home Computer Future:
Eventually we all have Thin Clients that boot through Microsoft.com's World PXE Service, Connected to the Cloud for storage, "these computers have to be online to function and are useless offline and are so proprietary and well protected that they cant be jail broken to run stand alone offline", computer useage is then taxed like gasoline on the selling ploy that it will reverse the national debt in the USA as well as assist other COUNTRIES in taxable revenues.

Myself in this situation:
This old guy playing on old offline computers, part of a group of computer hobbyists, possibly connected to our own Open-Source network protocol sort of like a BBS before Internet, and having a blast. 

I like the Internet, but I also like the Protection of Isolation!
143.

Solve : The hazards of GPS in some locales...?

Answer»

Here's the full story.

http://www.abc.net.au/news/2012-12-10/apple-maps-strands-motorists-looking-for-mildura/4418400Even Lewis and Clark were smart enough to hire guides for their expeditions...I am one of those rare males that has absolutely no hesitation in asking for directions in unfamiliar territory.However with the advent of the GPS hardware i find that an almost nonexistent REQUIREMENT now. From experience i have learned that it is a must to have a paper map as well. The number of times we have had to ignore the dogmatic insistence of the verbal instructions of the GPS unit to follow it's instructions are innumerable. I totally agree with the thrust of the article they could be dangerous in certain situations. However having said that i wouldn't be without one now.truenorth Quote

There are those who are ready to follow the GPS in their car to the ends of the earth - literally.
http://articles.latimes.com/2012/aug/23/nation/la-na-nn-whittier-harbor-alaska-20120823

I still find it interesting that some people put so much trust in them that they will follow the directions into bad situations vs using their own common sense to RULE out whats correct from obviously bad information to follow. As your initial post the driver unfamiliar with the area would end up stranded. I find it crazy that so many should weigh what is correct from incorrect information and dont. Heard about this guy a short while back and others before him of people driving into ocean water/lakes/ponds, off roads were no roads are located into trees etc, into guard rails due to offset between exit ramp and GPS 'glitched' location, wrong way down 1 way streets, down railroad tracks, etc.

I borrowed a GPS from a family member on the last trip to Boston and at one point it wanted us to turn down a 1 way street the wrong way. Seeing the signs and cars, I quickly assessed to drive up 1 block and turn the correct direction down the next 1 way which would send me in the correct direction to the destination. Then on the way back the GPS lead us into a construction area in which their were detours and the GPS was all confused. just had to follow the detour signs whenever visible in a car with vans/trucks in way of signs and make quick turns or miss the detour signs and turn around and try again. * Would be nice if there was a central database where construction etc was communicated to so that the GPS would follow the detour route when signs were not in view in a low to ground car among SUV's/vans/trucks all around you. Quote from: DaveLembke on DECEMBER 10, 2012, 10:02:42 PM
I still find it interesting that some people put so much trust in them that they will follow the directions into bad situations vs using their own common sense to rule out whats correct from obviously bad information to follow.
In this case there is nothing "obviously" wrong. The only time a person would know there is something wrong is if they had been there before, in which case they very well might not be using the GPS to begin with.

Quote
I find it crazy that so many should weigh what is correct from incorrect information and dont.

What they should have been seeing was a dusty plain. What they were really seeing was obviously a COMPLETELY different dusty plain. Should that have clued them in?

Quote
Heard about this guy a short while back and others before him of people driving into ocean water/lakes/ponds, off roads were no roads are located into trees etc, into guard rails due to offset between exit ramp and GPS 'glitched' location, wrong way down 1 way streets, down railroad tracks, etc.
Completely unrelated. That's being stupid. Obviously you aren't going to want to drive into a river or lake. But when the difference between the correct route and the incorrect route is not something a person unfamiliar with the area is going to notice, what details are they supposed to be going by?

Quote
I borrowed a GPS from a family member on the last trip to Boston and at one point it wanted us to turn down a 1 way street the wrong way. Seeing the signs and cars, I quickly assessed to drive up 1 block and turn the correct direction down the next 1 way which would send me in the correct direction to the destination. Then on the way back the GPS lead us into a construction area in which their were detours and the GPS was all confused. just had to follow the detour signs whenever visible in a car with vans/trucks in way of signs and make quick turns or miss the detour signs and turn around and try again. *
This is also completely unrelated to the posted article's GPS. the GPS was sending them to the completely wrong place and there was absolutely nothing obviously wrong.

Quote
Would be nice if there was a central database where construction etc was communicated to so that the GPS would follow the detour route when signs were not in view in a low to ground car among SUV's/vans/trucks all around you.
You should be watching the road and signs, not the GPS, if you are driving. In which case I don't SEE how you could possibly miss such signs.Quote
Would be nice if there was a central database where construction etc was communicated to so that the GPS would follow the detour route when signs were not in view in a low to ground car among SUV's/vans/trucks all around you.
Quote
You should be watching the road and signs, not the GPS, if you are driving. In which case I don't see how you could possibly miss such signs.

*Guessing you dont have a 2 door sports car low to the ground like myself or have one and never been boxed in, in traffic in an unfamilar area with a GPS and detours. No Signs in view when boxed in with a tractor trailer in front of you and a van on your left and a SUV Yukon on your right and you are in the middle lane and need to make a turn at some point, but dont know until you get to the intersection the truck pulls away and the sign comes into view, and have to make a split second decision to make someone mad by turning left or right ( 2 vehicles ) going for the same turn, when you should be going straight in the middle lane or miss the turn and hope to do a U turn ahead and come back to it. 

Agree with your other posts that they dont fit the poor people in the initial post who had no clue they were being brought a totally wrong route. Just thought people might find it interesting the other glitches the GPS's have been responsible for that have caused issues in relation to ( The hazards of GPS in some locales) subject. Some of them stupid on the part of a driver trusting them to turn right when the GPS states it and should be watching road etc.
144.

Solve : Get rid of Desktop Gadgets and Windows Sidebar ASAP!?

Answer»

Security blogs have lit up this week of a vulnerability in Windows Desktop Gadgets and Windows Sidebar.

If  you are using the Windows Sidebar there is new news going around about how new malware can easily exploit  the Windows Sidebar and everyone, including Microsoft, is advising to get rid of the Windows Sidebar ASAP.

More info…


The Fixit is offered part way down the page in this Sophos blog post. Disable Windows Sidebar and Gadgets NOW on Vista and Windows 7. Microsoft warns of security risk

Quote from:  Graham Cluley on July 12, 2012 | Sophos
Clearly Microsoft is worried about the security researchers’ findings, and has issued a “Fix It Tool” which will protect Windows 7 and Vista users by entirely disabling the Windows Sidebar and Gadgets functionality.
Here are some safe alternatives to replace the Windows Sidebar.

Thooseje is something I have used before (been many years ago) and it was probably the best alternative I could find at the time.



IMPORTANT! ALWAYS be very careful with Windows customization packs. Changing a Windows theme often also changes the Windows Shell. In other words. If something goes wrong, the only way out may be a complete re-install of Windows.

Be careful and no matter if you install custom themes or not. Always back up your important documents and pictures to another drive or online "cloud" service just in case!I think I shut off the windows sidebar first thing after I started using Vista.


To my recollection it's not even enabled by default with Windows 7, though I'm not sure about that.You're correct about Win7 BC...Are they actually disabled by default or just not visible.

I already ran the fix it so can't tell. If someone has not run the fix it then you can find out easily with a HJT log and let us know. Quote from: evilfantasy on July 21, 2012, 08:52:34 AM
Are they actually disabled by default or just not visible.


disabled. sidebar.exe is not in the process list.Cool. Thanks BC!After reporting the severe vulnerability in the Windows Sidebar they still are making available Sidebar Gadgets with no warning of the Microsoft Security Advisory to remove the Windows Sidebar.
 
 Example: Windows XP End Of Support Countdown Gadget

Quote from:  "Microsoft Download Center"

 System requirements

 
 Supported operating systems: Windows 7, Windows Vista
 
 Windows 7 32-bit or 64-bit, any edition.
Glad you reposted in this. I missed it the first time around. I've been having issues with that Sidebar for a while. Time to just junk it.

Looks like they've pulled the Gadget Gallery and put this notice in it's place:
Quote
Because we want to focus on the exciting possibilities of the newest version of Windows, the Windows website no longer hosts the gadget gallery.

Which is read:
Quote
Because we screwed up and created a huge vulnerability, we're glad this isn't a feature for Windows 8, and we're just going to let this kind of disappear as a huge mistake, like Windows ME.
Quote from: quaxo on November 29, 2012, 07:22:12 PM
Which is read:
Quote
Because we screwed up and created a huge vulnerability, we're glad this isn't a feature for Windows 8, and we're just going to let this kind of disappear as a huge mistake, like Windows ME.

I'm reading the Specifics of the vulnerability as presented at the Black Hat conference for which Microsoft was responding pre-emptively.
I found the actual Video and am Watching it now. At least I think I did, it's definitely from defcon and they seem to be talking about sidebar widgets.

I started to fast forward and skip parts of the presentation, then I realized I was watching the wrong one after all. This is the actual one in question that prompted numerous "security advisories"... this was surprisingly difficult to find, I had to actually search on youtube because google was filled with crap posts that talked about "omg you need to patch dis" but not actually showing the video or the actual security vulnerability in question. Such a vulnerability- even one labelled "remote code execution" could easily be mitigated, some of them require a very specific set of options, too. So I watched this. Or rather, am currently watching it.

So far, I've noticed a few things. I'll post notes here as I watch it.

At one POINT they TALK about how Windows Desktop evolved. Their slide says "the technology and concept on which the sidebar widgets are based is based on the IDEAS from Active Desktop, introduced with Windows XP"... They say that "people have told them it existed in Windows 98 but they couldn't find any traces of it"... IMO this is pretty incredulous already... Windows 98 introduced Active Desktop and in fact a default install put a Channel bar on your desktop that was impossible to miss and you had to explicitly disable it. XP's implementation was disabled by default, I don't even remember if it worked properly, because a lot of DHTML related content was removed. Not sure why this is worth mentioning but I just found it a bit odd that such facts would be mixed up... Heck Active Desktop was on Windows 95 with the IE4 Update.

Continuing on....

Some of the points they make are that this vulnerability is not inherent in the sidebar, but is more a factor of the development model that the gadgets typically take, which is mostly that they are quick, one-off scripts designed for a purpose but not specifically with security in mind, particularly not using SSL for web queries. They explicitly say in the presentation that (not an exact quote, fwiw) "this isn't news, if you write bad code, you are going to get compromised. This type of thing will be far more useful for exploiting gadgets and other similar widget-based features on MOBILE platforms as well as on the web through container-based apps that are how smartphones typically approach application development"

Some further notes: The researchers (can we call them that? yeah, I think so, why not) note that they were impressed by both the security model documentation provided by Microsoft regarding how to properly secure gadgets, given what they found in third party gadgets.

The two things I have taken from this are that:

-the "vulnerability" is mostly social. In that most people don't bat an eye to installing gadget's anymore today than opening an E-mail or website, in that they don't really think of a ".gadget" file in the same way as a ".exe" file. Their "Proof of concept" of a malicious gadget should come as no surprise in that it did something malicious. Obviously, a precursor to such a malicious gadget doing malicious things is the installation of said gadget.

-None of the default Windows included gadget's have this problem. The one they demo'd, aside from their example of a malicious gadget, was a Man-in-the-middle attack on a "Piano" gadget that was part of the Windows Live gallery. It was particularly interesting since the MitM attack was able to leverage the Gadget platform and get a Powershell prompt that was controllable from the remote end.

-just having sidebar and gadget's running is not in and of itself enough to exploit this "vulnerability". the gadget itself needs to be coded with an ill-focus on security (the demonstration used the Piano App). Fundamentally they never really explained the "vulnerability" even in the Piano App; it seemed to rely on a MitM attack to work successfully at all, though I'm not sure about that. (They used a MitM attack to send crafted results to the Piano App when it was downloaded, which allowed arbitrary Javascript to run, download a powershell program, and then write a batch file to launch the powershell binary which worked around the default setting to not run powershell programs, and then launch said powershell script, with an active connection via ncat to a remote machine. This provides shell access at the user level to the remote user via a Powershell prompt. definitely not something you want.

It's the MitM thing I can't get around. The entire thing seemed to rely on that- even though they claimed it wasn't necessary, I don't see how you could intercept and change the HTTP response from a gadget's requests without either a MitM attack or otherwise already having control of the machine anyway, meaning you could probably perform the payload more directly since you have some modicum of control. Obviously gadget's can be vulnerable and exploited, but from where? I'm still skeptical this is really much of a security problem at all.

From what I could tell, the problems would lie with the gadget's themselves and how they don't use SSL to prevent a MITM attack from crafting responses. Since it is a problem with the gadget's themselves, Microsoft cannot really fix it. They provided (as the researcher's mentioned) a very well-documented set of security documentation on how to properly write gadgets, and the gadget' writers ignore it; can't be helped. The only real fix would be to disable the Gallery and that sort of makes gadget's pointless. (Though it's arguable whether they were much use to begin with, really).

This was the video, by the way. (41 minutes. I found it exceedingly boring, to be honest.):

http://www.youtube.com/watch?v=-Q8rDADin1s&feature=related

I figure the advantage from the malicious side is mostly that it's easier to get people to install a malicious gadget than a malicious application.I would VENTURE to say that most vulnerabilities addressed by MS Updates take a certain set of circumstances to actually be a vulnerability. Exploits/Malware takes a certain amount of user interaction to become "live".

Whenever Firefox updates and the add-on developers are not prepared then you get add-ons not working any longer. Mozilla patches holes, the add-on developers have to update their creation or be left behind. A theory of mine (strictly opinion) is that the Windows Sidebar was really just a fad and was abandoned as an attractive opportunity for developers years ago. Without developers developing, the gadgets are left open to exploit.

So instead of pulling abandoned gadgets and cutting the Gadget Gallery down to nothing they pulled the plug. The numbers probably don't add up to make the sidebar worthwhile. At least Google admits when an idea no longer constitutes time and money.
145.

Solve : Free Windows ? ??

Answer» Full Story... Quote from: http://news.softpedia.com/news/Microsoft-to-Release-Windows-Blue-the-First-Free-Windows-Ever-Rumors-310494.shtml
If rumors prove to be true, Windows Blue won’t be available as a standalone OS, so users would need an older Windows to upgrade.

But, for the many people with Windows XP, Vista and 7, this could prove to be a possible alternative to Windows 8... I guess we'll just have to wait and see how this "Windows Blue" thing pans out. Quote from: TechnoGeek on November 28, 2012, 05:28:55 PM


At this point, The only people that don't own a copy of a previous version of Windows aren't going to be using Windows even if it is free anyway. Quote from: BC_Programmer on November 28, 2012, 05:36:07 PM
At this point, The only people that don't own a copy of a previous version of Windows aren't going to be using Windows even if it is free anyway.
Good point.

The was partly because of the 'previous version of windows' part. According to past experience, UPGRADES like that replaced the OS and used/required the underlying product key to activate, which could in some cases lead to activation issues and annoying CALLS to microsft.I HAVE to wonder how crippled this version is.  Or maybe they learned something from ME...  It should be interesting to watch though.
If and when the "rumors" are proven to be true i would be interested to hear from our techies about what they find. An area of concern would be if you go can you come back if you don't like the ride or whatever? Given the number of computers that did not come with discs what would be the user's options if it didn't work?truenorth Quote from: truenorth on November 29, 2012, 08:15:04 AM
If and when the "rumors" are proven to be true i would be interested to hear from our techies about what they find. An area of concern would be if you go can you come back if you don't like the ride or whatever? Given the number of computers that did not come with discs what would be the user's options if it didn't work?truenorth

All versions of windows since 95 have had the capability to "uninstall" and rollback to the previous version if you PERFORMED an upgrade installation. I don't see a reason to think a future version would work differently.Agreed...
You're a format and a re-install away from any Win OS you try this on...

Windows starter PC's it probably won't even install on...so that would not be the RULE...but an exception.
146.

Solve : JAVA security problems?

Answer»

Does anyone out there know if JAVA has fixed the holes in their security?  I am presently not running it and fortunately haven't run into any websites that require it, but, I would like to know if it is SAFE to download it as there are a few games that I like to play on line that would probably require it.  Thank youThe only security loopholes that exist in java are from running older versions that have been exploited...
DLoad and INSTALL the latest version and you'll be fine.Thank you for your reply. Quote from: 02bin3 on November 28, 2012, 02:04:45 PM

Does anyone out there know if JAVA has fixed the holes in their security?

All software has Security issues. The question is whether they are known to the general PUBLIC and the developer. In the case of Java, it's common to see news articles saying that "oracle issues security fix".

People, HOWEVER, assume the worst. They think automatically that the security problem was something that means a person can send you to a page that uses Java and take complete control of the system. That is a security issue, of course, but even being able to read the Menu bar items from a Java Applet in a browser would be a security problem. The vast majority of such "Security issues" are not nearly to the level that they can be actively used to infect people with MALWARE without their knowledge. Other's only work in specific browsers, and still others only work across an intranet or local network.
147.

Solve : Android app reviews move to Google+ ID system?

Answer»

Google has made it OBLIGATORY for Google+ ACCOUNT details to be displayed alongside new reviews of Android apps on its Play store.

Previously posts could be submitted anonymously.

The move means the reviewer's name and profile photo - if they have one - will appear alongside their entry.

One developer said the change should help address the problem of fake reviews. It may also boost use of the search giant's social network.

When users attempt to post a review, they will be presented with a pop-up box notifying them of the new policy.

The NICKNAMES that used to appear alongside previous entries have all been deleted and replaced with "A Google User".

Facebook's app centre already requires users to reveal their "real" Facebook identity alongside entries.

But APPLE, Microsoft, Blackberry and Amazon's EQUIVALENTS all allow reviewers to use pseudonyms.

Google+'s terms and conditions state that profile names must match "the name your friends, family or co-workers usually call you".

Full story: http://www.bbc.co.uk/news/technology-20509076

148.

Solve : HP takes $5 Billion charge on Autonomy cooked books allegations...?

Answer» Full Story...It has gotta really hurt to pay 10.3 billion for something and then devalue it by 8.8billion,truenorthInteresting read... wouldn't want to be any of the people involved in the acquisition of AUTONOMY for acquiring it without a full audit of their PRACTICES to get stuck with a huge issue that CONTINUED even after the acquisition, and inherriting all liabilities as a result of. Curious as to how long it will take to correct for this expensive hit and be back in the black, when sales are down.

HP makes a good business product line for SERVERS and Corporate Workstations. Good Reliability and Price. Hopefully they will pick themselves out of the slump without making other bad choices/mistakes that PULL them under.
149.

Solve : Cheers! Now You Can Buy Booze On Facebook?

Answer»

Facebook is about to become more like the real world. Starting soon, USERS will be able to send each other bottles of wine through the SOCIAL network’s recently introduced Gifts feature. Two winemakers, Robert Mondavi Winery and Chandon, have signed on as PARTNERS, the company ANNOUNCED Thursday night.

Full STORY: http://www.forbes.com/sites/jeffbercovici/2012/11/15/now-you-can-buy-booze-on-facebook/?utm_campaign=techtwittersf&utm_source=twitter&utm_medium=socialIs this real wine or virtual wine?,truenorthReal wine.

150.

Solve : Call of Duty: Black Ops 2 and Halo 4 set to boost game sales?

Answer»

The release of Activision's latest Call of Duty will be closely watched for its effect on LAGGING video games sales.

Black Ops 2 is the sequel to a 2010 title which holds the record for the world's bestselling console game.

Microsoft has already revealed its rival first-person shooter, Halo 4, made more than $220m (£138m) in global sales on its launch day last week.

Game disk sales in the US were 25% down on the year in October, according to a study by NPD.

It reported that sales had fallen to $756m in what is the sector's biggest market, noting that several other new sequels had not performed as well as previous iterations.

Full story: http://www.bbc.co.uk/news/technology-20309130



I should add as my own humble opinion. Stop charging people £50/$80 for a game that is literally a fourth of the cost of the machine you play it on. And when you take into account the 'DLC PLC', games can cost up to £100/$160 a half of the machine it's played on.

They blame things like 'piracy' as the downfall, but would people need to? If you didn't charge 5 times the cost of a DVD for a game? It's there greed that is becoming there own downfall.
The DLC is killing us.. 'we have already got the over bloated price from the game now we WANT to ramp up the cost of the game in increments by selling you maps/packs/costumes that should have been in the game to start with. Oh and if you would just bend over we do have one last cost we would like to take.

I own a PS3 and have never pirated a game for it.. but over the years I must have paid at least £1000/$1600 on games. Stop ripping us off and we will buy more.

My rant is over. Fuel for your Rant...

Probably wasn't cheap...hahaha..

Quote

Anxious PLAYERS lining up for the game’s midnight launch in London

Really? REALLY?

NEXT time somebody TRIES to tell me I'm out of touch, I'll just point at these guys...