happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Well I can't give figures, but I know that SC Media UK which is owned by Haymarket Publishing has been doing well. I was hired as part of the new editorial team there a couple of years back now.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

How have the other online publications you write for been faring lately?

Niche is doing OK, or at least better than the norm. Most of the information security publications I contribute to have seen an upswing (in some case really quite considerable) in traffic over the last 12-18 months. General IT publications are finding it much harder.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Hmmm. Not exactly stellar views, but at least the exit rate is encouraging.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Let's be totally honest here: Wales vs England was a truly superb game of rugby from start to finish. Wales played with great flair, England defended like I have never seen them before. Possession was pretty much 50/50 (I think it ended up 49/51 to be precise) and the stats were well balanced across the board. Wales gave some silly pens, made some daft decisions (like not kicking to touch with 3 mins on the clock) but played at their absolute best for many years IMHO. England, and I've said this before, were not playing at their best yet they still managed to get the win over a quality international side playing out their skin. That is what gets me excited about this England side; the promise of what is still to come...

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

AssertNull: VPN usage can be secure, but that rather depends on how you are measuring security of course. I'd recommend using a VPN (be that your own router homebrew or a subscription service - NEVER a free service IMHO) whenever you are using the Internet on a public/insecure connection somewhere such as a hotel, coffee shop or airport. That's just common sense. Would I recommend using a commercial VPN service if you were participating in something that was borderline (or out and out) illegal and you didn't want to get caught or you were doing something that TPTB might have an interest in? Nope. Would I change that recommendation if you had done your research properly into the service you were using, and had taken into consideration factors such as payment tracing etc? Yep. As for the legal liability side of things, I rather imagine that has long since been laid to rest by the VPN service providers or they wouldn't still be in business. Those that don't retain logs, any logs, so they cannot be forced to hand them over get my vote...

rproffitt commented: No logs. Good idea. Especially here. +0
happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

rproffitt: Of course, the geo-location option is one reason many people use a VPN. Here in the UK, for example, a VPN that has 'home-router' exit points can avoid the media network VPN exit point blacklist and enable out of territory usage. Horses for courses. Which is kind of the point of my article: a VPN isn't a privacy tool, although it can be, and it isn't just a security hardener either, although it can be :-)

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Stefan_1: "I run my own VPN - What language is written in?"

To clarify, I have a router upon which I have installed my firmware of choice (DD-WRT) and I then run a hardened OpenVPN configuration over that...

I have also been known to run certain VPN services over the top of that, including double-VPN solutions, when connection speeds are less important than connection/data obfuscation :-)

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

I have to admit that for me, most of the time, anonymity isn't as important as encryption of traffic. I run my own VPN, but of the hosted services out there I have used Nord (they have a double VPN option and allow subs by Bitcoin, works OK on W10), F-Secure's Freedome (good on Android from the security side of the fence, and speedy as well) when I've needed them. The double VPN option from Nord, for example, is as simple as checking that configuration for your connection and then choosing the countries you'd like to hop between. The interface shows the current server load for each which helps in making an informed choice when it comes to likely connection speed.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

OK, back to the root of this thread: I'm going to try an experiment and start posting some 'long-form' discussions and see how they go. By that I mean ones that are a cross between a straightforward question/answer post and a tutorial/editorial post. Designed to both inform and hopefully encourage further discussion. The first of which can be found here: How much anonymity does a VPN really provide? Please let me know what you think, and whether this kind of thing might be useful in drawing more contributions from members or not. No point me devoting time and effort into posting these things here (and I have plenty of other well paid gig outlets for them) if they are a non-starter in your respected opinions... If it does work to any degree, maybe DaniWeb veterans could be encouraged to write similar long-form seeding posts in their own areas of expertise?

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

A VPN, or Virtual Private Network to be formal, is a method of creating an encrypted data tunnel across the Internet from your device to a destination server.

Although savvy home users and enterprises will operate their own VPNs (business-grade routers provide this functionality) for most folk, a VPN comes by way of a dedicated service provider.

In theory, and as far as many of those VPN users are concerned, this provides them with both security and secrecy. People think that a VPN keeps them anonymous while online. People are more often than not wrong.

What a VPN, any VPN, can actually offer is a method of securing your connectivity and making it much harder for an attacker (be that a hacker or the government) from intercepting your data whilst in transit.

Some VPN services do offer user anonymity as a selling point, but how honest are they being? OK, so the word 'private' in the expanded VPN acronym suggests privacy. But privacy and anonymity are different things. Certainly when talking about VPNs, we should be thinking in terms of the interconnection of private networks rather than the privacy of end user identity.

When it comes to services that claim to provide anonymity, I certainly wouldn't recommend taking them on their word. In fact, I would argue, it is beholden of the prospective customer (that's you) to fact check everything before handing over any money.

And handing over money, funnily enough, is right there at number one in …

rproffitt commented: Showing VPN some love.... +11
Eliza_4 commented: for anonymity you need to create your vpn +0
happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Is Woj Polish for Trump?

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Here's what the rules say: 'Do provide evidence of having done some work yourself if posting questions from school or work assignments' which explains the DaniWeb community expectation pretty well I think.

So show us how far you have got yourself, with your code, and where you are getting stuck. Then I'm pretty sure you will find the community much more likely to point you in the right direction here.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Well there you go, I was 99% sure that 'Anna' was 'Woj' and now I am 100% sure. Both from Poland, both with the exact same attitude and rudeness. Now we know, and as creating new accounts to circumvent bans is against the rules Anna will soon be no more. So, until the next Woj account announces itself to the world, and let's face it he cannot help but be rude and arrogant so it won't be long, goodbye...

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Like it. Especially on mobile (well, on my Android - Nexus 6P - it looks and works a treat)

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Italy is Parisse, without him they are nothing and with him they are one star and a bunch of others. Italy has trouble playing as a team in my humble opinion. When they do that, and don't rely upon Sergio for everything, they look OK.

England. Average performance. However, even so it was still enough to beat a much better, re-generated French side. Says a lot for England, not so much for France.

Wales. Still can't seem to wake up for the first 60. You can't keep on winning matches when you do that. See England in years past.

Ireland. A shadow of the side that dismantled New Zealand. Maybe they need more people to die. Or at least find some reason to want to win enough to play like it.

Scotland. Now the Scots could be the surprise winners this year. Currently they look like the only side that might beat England.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

There's no denying that DaniWeb has been on a downward curve for some time now, but I'm not sure how much of the 'blame' for that can be on your shoulders to be fair Dani. I think it's more a case of external factors, in particular the power Google can exert simply by deciding it will wander off in a different direction without any warning. As for you, you will always be loved by the DaniWeb faithful; it's just that the faithful are becoming a rarer breed these days.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Go on then, I dare you, write it...

Or were you demanding someone else write it for you for some strange reason known only to yourself?

If you need help, then show us how far you have got and where you need help. Then, and only then, will others step forward and do so.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Or, to put it another way: do my homework for me as I'm too lazy to bother doing it myself.

Seriously brother, you need to show us what effort you have made, how far you've got with your code and where you have got stuck. Then, and only then, can we help you.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

C'mon, I am sure you can do better than that? Read what you have written back, and ask yourself how you would respond to that? Would you immediately think "oh, I must spend my time writing code for someone who has demanded it of me to save them doing their own assignment" or would you think "how rude, I'm not helping them if they cannot be bothered to put any effort in themselves"???

Quite apart from anything else, we have rules here which clearly state you should "provide evidence of having done some work yourself if posting questions from school or work assignments."

So, sit back down, take a deep breath, rewrite your question (rather than just copying your assignment verbatim) to explain where you are stuck and show us your code so we can help point where you have gone wrong.

You know it makes sense! :-)

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

It's really quite simple.

A trump is a fart, and a fart is gaseous shite.

Therefore, Trump = gaseous shite.

Sorry, I meant President Gaseous Shite, of course...

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

There are plenty of ways to 'learn hacking' and, as a student of information technology, you should be well aware of these. If not, then ask your tutors who will be glad to point you in the right direction.

To get you along your way, see https://uk.sans.org/courses/penetration-testing

However, if what you really want are pointers to places online where you can learn how to commit illegal acts then see my earlier post: that. ain't. happening. here.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

See: https://news.ycombinator.com/item?id=13315845 for an interesting discussion about this...

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

So, actually, you don't want to learn how to become a white hat/ethical hacker at all then. You just want to break into social media accounts.

Well, you ain't gonna get any help from DaniWeb. Read the rules: Do not ask for help to pursue any illegal activity including, but not limited to, hacking and spamming

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Davy, isn't this just a duplicate of your posting here which Dani also responded to?

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

So that's your problem, now how about showing us how you've gone about solving it and where you have got stuck? Or were you hoping someone else would just do this for you?

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

The left and righ hand paras in the header (highly curated etc and build an app) are different font sizes which looks very odd, the right hand side being bigger than the left, but otherwise displays OK here in Chrome.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

I've only just got into the office, but everything fine here at the moment.

rproffitt commented: Uh, had a slight weapons malfunction. But, uh, everything's perfectly all right now. We're fine. We're all fine here, now, thank you. How are you? +0
happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Is there any way of discovering who the initial hacker was and how it ended up being known about by the security people in the first place?

Discovering who hacked you is usually not an easy, nor inexpensive for that matter, task. Forensic investigation teams would need access to servers and logs to trace where and when the intrusion occured and work backwards from there.

You (DaniWeb LLC) will also need to go through the required (by statute) process of breach notification. See http://www.dwt.com/newyorkstate/ for a basic overview.

The security folk, such as Troy, monitor places like Github and dark web sites where breached databases (or part thereof) get dumped. This will be how the breach came to light, in the same way as other historical breaches which have only recently been disclosed.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Vigilante is showing a dump date of April 2016 for the DaniWeb breach (it also shows the hashing algo as corrupted)

LeakedSource is stating that the database (with an unknown date of breach) contains: username, hash, salt, email, ipaddress, City, birthday, Website, register_date, firstname, lastname, last_login

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

What I'm trying to desperately uncover is whether any people with malicious intent have accessed / distributed / sold the data.

You can assume that they have, yes.

The haveibeenpwned FAQ states that "All the data in the site comes from website breaches which have been made publicly available" as the source of the data the site refers to.

Further:

"The following activities are usually performed in order to validate breach legitimacy:

  1. Has the impacted service publicly acknowledged the breach?
  2. Does the data in the breach turn up in a Google search (i.e. it's just copied from another source)?
  3. Is the structure of the data consistent with what you'd expect to see in a breach?
  4. Have the attackers provided sufficient evidence to demonstrate the attack vector?
  5. Do the attackers have a track record of either reliably releasing breaches or falsifying them?"
happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

I think I'm going to go crawl into a hole and hide now.

Hey Dani, I think you are doing a brilliant job of being open and up front about disclosing what you know (and what you don't) about this breach. For that alone you should be congratulated!

That the system has undergone such changes in the time since the breach occured and since it then became know does, for a large part, mitigate the impact it might have. We are not talking financial information here whatever, and any login data that may have been exfiltrated is only of real value to the hacker, or anyone who may buy (or access) the database on the dark market, if that login were to have been reused elsewhere (especially for an email account or bankling accounts of course). That multiple rounds of salted, and peppered, hashes were used and not leaked further mitigates that risk. Again, something you should be congratulated for as many breaches of the million plus magnitude involve unhashed and even plain text passwords.

I have not had a chance (courtesy of the seasonal holidays and ongoing ill health) to investigate using my dark market contacts as to whether the database has been sold. However, the fact that the breach has come to light via haveibeenpwned is evidence that database content has been 'released into the public domain' otherwise Troy would not have become aware of it.

cereal commented: +1 +0
rproffitt commented: +1 +0
happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Troy over at haveibeenpwned is saying that salted MD5 hashes of passwords were amongst the leaked data, is this not the case then Dani? Might be worth pointing out his error if so.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Well, although it is very brief, I think the Wikipedia article (see: https://en.wikipedia.org/wiki/RankBrain) explains what it is pretty well. What, exactly, don't you understand from that description?

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Heh! Good to see you again. Well, we are still here but I think the word 'thriving' is something of a mahoosive exaggeration truth be told. Now that you are back that will all change though :-)

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Is there any rule of thumb to apply when it comes to determining which is going to be the best for product A, B or C Dani? Or is it, as I suspect, more a case of suck it and see? Indeed, taking DaniPad and DaniWeb as examples, might it be the case that if you tried AdWords and Facebook again you might get contrary results this time around?

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Definately Camarilla. It allows you to post things that are seen by 15 people max. Sounds like a winner to me. Or you could try Facebook if you prefer a potential reach of 1 billion I suppose...

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

I have absolutely no idea what you are asking I'm afraid. Care to try again with a bit more detail perhaps?

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Still broken. According to https://www.daniweb.com/stats/moderators I've not been active for a week.

https://www.daniweb.com/infractions/index/0 would seem to contradict that :)

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

[waits for responses to spam bait telling us which crapware is best for repairing Excel files]

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

I'M SORRY HAPPYGREEK

δεκτή η συγγνώμη

:-)

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Would you like anything else doing ? Cup of tea? Clean your room? Massage?

Is this the approach you take to everything, that someone else can do it for you?

How about you show us how far you have got on your own so far, and where you are getting stuck? How about you then ask for specific help with that part of your assignment, wthout demanding it by a set date?

rproffitt commented: I think you need to add these to your profile. Always like a good cup. +11
rubberman commented: I'd prefer a cuppa coffee. A massage would be nice. :-) +14
happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Surely Microsoft has now made available legit XP downloads and legit product keys now?

I was referring to when the question was asked, and when the error was produced, some 12 years ago...

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

I'll play along for a bit ;-)

Is/was the copy of XP a legit one or a pirated/cracked jobby? That's what usually causes such an error if my memory serves me well.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Do you still need an answer to this problem FROM 12 YEARS AGO? Are you saying you haven't been able to upgrade to XP Pro and still need help doing so? Really?

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Definately seems to be the minus signs. Good find. Something must have changed recently or this would surely have cropped up before now?

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Ended up working OK, so that's OK :)

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

And working again now - just tried again and the email was instant.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Have pressed the 'update upcoming issue and email test copy' button a couple of times now (maybe 10 minutes apart) and neither has resulted in the edit being emailed to me. Last couple of months the edit was arriving almostb instantly. Just flagging in case it points to something more serious in the mail servers your end?

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

For what it's worth, I thought that this had the makings of a really interesting thread. Let's face it, the root post was not overly serious in construction or intent (based upon it starting with a tinfoil hat wearing declaration) nor was it precise in what it expected the anwers to be. In other words it was loosely constructed enough for the membership to run with along various tangents. If the OP had a different intent then the question could have been constructed differently. My reply shows the direction I saw it heading in, and this was different to others in the thread. I agree with Diafol about thread ownership, by the way. This is something we all can get a little too precious over, when really we should treat it as being something that is largely out of our control once set free upon the membership.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Mathavan_1 I suggest you repost your 'one problem' whatever that may be as a new post. You have posted as a somewhat puzzling reply to a five year old thread, it's highly unlikely anyone will be able to help you if they don't know what help you are after and don't see your request for it...