Posts by happygeek

Another potential problem. I've edited the June newsletter, but not had the test copy through email turn up for checking. Thought it best to mention in case there's a problem that might impact upon the distribution of the real thing next month.

Unbanned members not fixed though as far as I can see.

Here's a niggle: previously banned members now not banned and free to do what they will.

See: https://www.daniweb.com/members/1123654/rosina12 who has 30 active infraction points (given on the 26th May for spamming) and is now listed as an unverified member instead of banned...

Eeek.

Welcome.

Your mailbox should be fine, as we encourage people to both post questions and answers in the relevant forums so that everyone can benefit from the solutions offered.

Oh how the other half lives.

I just had a can of cold baked beans, at my desk.

I am surprised. Surprised that you know anything, given your posting history so far that is...

Nice one doc.

Now, I've been getting these headaches...

If someone I loved wanted to die, because they were in too much pain or knew that their illness would soon progress to the point that their life would not be worth living (in their terms) then I, for one, would be very happy if their wishes were carried out. Indeed, I would be happy to assist them in so doing. If you really love someone then you would not want to see them suffer.

I think your argument, goodtaste, has absolutely no substance at all...

Ask two dollar quick...

What is a Google search?

Seriously?

What is a Google search?

Another month, another flaw related to the historical US export restrictions on cryptography; this time in the form of LogJam. It hits SSL 3.0 and TLS 1.0 which supported reduced-strength DHE_EXPORT ciphersuites, restricted to primes no longer than 512 bits, meaning that a man-in-the-middle attack is possible to force the usage of the lower export strength cipher without the user being aware and which impacts something like eight per cent of the top one million web domains and all the major web browser clients. Well almost, because Internet Explorer has already been patched (nice one Microsoft) with Firefox expected to follow soon and Chrome after that although time scales are not yet confirmed. You can confirm if your browser client has been updated yet by visiting https://weakdh.org

I'm not going to go into huge depth about the bug itself here, mainly because it's been covered very well by lots of places already. If you have a technical bent, and as a DaniWeb member I'm guessing that's pretty likely, then I'd suggest reading the original disclosure paper itself which can be found as a PDF here.

Here's the abstract for a taster of what you will find:

We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, we present a novel flaw in TLS that allows a man-in-the-middle to downgrade connections to “export-grade” Diffie-Hellman. To carry …

Welcome from me as well :)

Meditation might help in reducing the size of your ego, and therefore your head... ;-)

While keen to point out that Microsoft's TechNet portal security was "in no way compromised" by the tactic, researchers with security outfit FireEye discovered that a well established China-based hacking campaign called Deputy Dog had managed to create profiles and posts on TechNet that contained embedded Command and Control codes for use with a BlackCoffee malware variant.

This method of hiding in plain sight is nothing new, but it can make detection problematical as the data (especially within a technical forum such as TechNet) is simply 'lost' in a sea of similar code from genuine users of a well respected and therefore assumed to be safe site.

The technique may, however, have backfired having been detected. The FireEye researchers have been working with the Microsoft Threat Intelligence Center to inject their own data onto some of those TechNet pages and use this to gain insight into how the malware, and the people behind it, operate. Ultimately, this will make both identification of infected forum systems and the cleansing thereof much easier.

Tim Erlin, Director of Product Management at Tripwire, warns that while using a legitimate website to distribute malicious data is nothing new "the addition of obfuscation here is a twist that makes detection just that much harder" and points out that "any website that allows for public comments to be submitted is already monitoring for abuse, but they can only detect what they’re actually looking for. Now that this technique has been surfaced, website administrators …

I use Facebook for fun, and I have an offline social life. The two are not mutually inexclusive you know.

I don't use Facebook for business, at least not in the accecpted sense. However, I do have FB friends who are publishers and editors and PRs and I do post links to my work in my timeline and I do get work offers as a direct result.

My having fun, being social, being political etc etc etc does not impact upon them offering me work.

I'd rather not be FB friends with folk who have absolutely no sense of humour or who live and breathe for work alone. Nor do I want to do business, particularly, with such people. Usually they are more trouble than they are worth as clients.

Just my tuppence worth, and I do appreciate the nature of the forum we are discussing this in of course - but felt I just had to respond :)

The button wasn't there five years ago, which may have something to do with it...

The best advice I can offer you is that if your computer won't let you hear Susan Boyle sing then DON'T TOUCH ANYTHING and be very grateful indeed.

I'll get me coat...

My fairly ecelectic most listened to artists, in alphabetical order and according to my computer playlists, for the last 3 months have been:

AC/DC
Avenged Sevenfold
Bert Jansch
The Clash
Dropkick Murphys
The Dubliners
Einsturzende Neubauten
Fields of the Nephilim
George Thorogood
James
Kings of Leon
The Levellers
Linton Kwesi Johnson
Nick Cave
Placebo
Rammstein
Rancid
Ry Cooder
Seasick Steve
Sex Pistols
Sisters of Mercy
Slipknot
The Velvet Underground
The Who

You talk about emails coming, which ones? Have you deselcted the "Receive Occasional Community-related Email?" option in your member profile, for example? Are you subscribed to watch any particular threads?

But, ultimately, if you want to leave us then as Dani points out above the proper link is there and that button certainly works. Go on, press it: I dare you :)

Pardon? Care to try again?

Nope, all part of the conversation and an interesting one at that...

Excellent. Welcome and welcome again then :)

!!!! !!!!!

Agreed. However, as The Doors quite rightly said, people are strange :)

It popped up at the top of the postings/activity list, for some reason I forget, and I didn't check the date before replying.

Go to your profile page and follow the links, you can delete your own account if that's what you want.

Oops! Totally missed the date on that one. Been ill this week, that's my excuse :)

Still, good advice is good advice nonetheless. It doesn't go off.

Read, learn.
Ask, learn.
Learn, share.

That about sums it up...

It's all too easy to think that spam is an old problem, and one that has largely been dealt with. Certainly, many people will tell you that they see very little evidence of spam in their mailboxes. This, however, has less to do with the demise of the spammer and everything to do with the effectiveness of spam filters.

The latest Kaspersky Lab analysis of the spam and phishing threat landscape for the first quarter of 2015 suggests that some 59.2 per cent of email traffic was actually spam, which is good news in as far as that number is six percentage points down on the previous quarter. It's also a pretty good reflection of my own incoming email, which currently sits on around 55 per cent spam. Not that I see it unless it's that time of the month when I pay my spam folder a visit to check for false positives, and they are rarer than rocking horse poop these days.

Interestingly, it seems that the raft of new generic top-level domains (gTLDs) such as .work or .science for example, have provided an impetus for the spammers. Kaspersky suggest that "new domain zones almost immediately became an arena for the large-scale distribution of advertising spam, phishing and malicious emails." Indeed, according to Kaspersky Lab’s email traffic analysis there was "a considerable increase" in the number of new domains that sent out spam content in Q1 2015. The spammers are targeting these new domains specifically as well, so .work …

Well, the real shafting will begin soon enough

Repeal of the Human Rights Act
Introduction of the Snoopers' Charter
Removing a further £12 billion from the social welfare system

If you look at the share of the vote, it puts a slightly different perspective on things, but I do get your drift.

CON  36.9
LAB  30.4
UKIP 12.6
LD    7.9
SNP   4.7
GRN   3.8

I think we were all shafted, personally...

My Magnavox Odyssey was manufactured in 1973 and it still works just fine. Can anyone beat a still working games console that is 42 this year?

I've been through a number of username phases in my online life. I started off as dwindera on a conferencing system in Europe (based on the same software as The Well) back in the late eighties because when I registered as dwinder (my name is Davey Winder) the first attempt barfed and on the second attempt it wouldn't let me have dwinder and suggested dwindera instead.

Then I sort of morphed into waveydavey which came about partly due to a character created by the comedians Vic Reeves and Bob Mortimer for a TV show they used to do, and partly down to me not being shy about whipping my, erm, 'gentleman' out and waving it around when drunk. I was known as Wavey Davey online and in print, on TV/Radio etc for many years.

About a decade ago I decided that I had outgrown Wavey Davey and had matured into something of a happy geek. Hence my current name and the one I use here on DaniWeb.

My van was built 15 years ago by Mazda in Japan as a multi-purpose 'people carrier' vehicle with the unlikely name of a Bongo. It has survived the years well, and I have now converted it into a camper van. Another 15 year old that travelled across the globe has not survived the passage time, and we can be thankful for that because I'm talking about the Love Bug. No, not Herbie the talking VW Beetle from those candy-sweet Disney films but rather a computer worm that spread like wildfire in May 2000. Also known as 'ILOVEYOU' thanks to the subject line of the emails it used as a distribution method, and 'Love Letter' because it self-propagated through the use of a Visual Basic Scripting (.vbs) file attachment with the name of LOVE-LETTER-FOR-YOU.txt.vbs, this particular malware threat was incredibly successful.

How successful you ask? Well how does more than half a million infected computers across twenty countries and damages exceeding $15 billion grab you? Just to confirm, that was no typo: $15 billion. The BBC first reported the Love Bug arriving in the UK on May 4th 2000 with estimates of one in ten UK businesses already being hit by the thing at that point. Even the House of Commons got disconnected from the outside world when the parliamentary network was switched off to prevent further infection. Security researchers at MessageLabs (which would later become part of Symantec) put the spread into context by comparing it to the …

Please share. If we,. as a team, can learn anything from those experiences then it can only be good for the community. Of course, more often than not thoise bitter experiences are simply being on the wrong end of a rule which has not been understood or accepted.

I live in the north west of England and we basically have nothing which could be considered a disaster

Halifax. I give you Halifax...

Advert blocking software is thought to be used by something in the region of just five per cent of online users, or 150 million people of you prefer. It is, however, on the up; research conducted by Adobe and anti-adblocking campaigners PageFair suggests that ad blocking use rose by 70 per cent last year. Of the various options out there, Adblock Plus is one of the best known and most used. Which is why the company behind it, Eyeo GmbH, recently found itself on the sharp end of a court case in Germany seeking an injunction to prevent it from selling the software in that country.

A handful of publishers, including the Zeit Online newspaper, had asked the Hamburg Regional Court to rule that Adblock Plus was illegal because it interfered with the ad-based business model that those publishers rely upon. At the heart of this complaint was the Acceptable Ads mechanism which allows some adverts to be white-listed and so not get blocked, these have to meet certain non-intrusive criteria but also some large companies such as Amazon, Google and Microsoft pay for their ads to be white listed.

Adblock Plus users can disable this 'feature' easily enough: right click on the browser extension icon, select options, uncheck the box that says 'allow some non-intrusive advertising.' Anyway, the publishers effectively argued that this system was discriminatory and the software anti-competitive and even that it interferes with the freedom of the press.

As expected by most watchers of such things, …

Yep, but a proxy would account for that easy enough.

I did wonder if it was the Woj/Woz/Wonk back with a new account...

Can you please provide specific examples of the behaviour you mention.

As any fan of the The Matrix trilogy of films will tell you, the Keymaker is a character in The Matrix Reloaded who has the keys to provide Neo access to the system mainframe and by so doing hopefully save Zion from the ongoing sentinel attack. In the movie, the Keymaker was a little old Chinese man who held the keys to every door, every escape route, everything. In Apple OS X the equivalent is the Gatekeeper, a key technology which prevents malware from running on machines using that operating system. It does this by effectively locking the doors to applications which are not legit and digitally signed to prove it. Or at least it should.

Now a researcher reckons the Apple Gatekeeper isn't all that. Indeed, Patrick Wardle who is the Director of Research at Security-as-a-Service specialists Synack, says that it is "trivial for any attacker to bypass the security tools on Macs." An experienced vulnerability and exploitation analyst, Wardle has a string track record in uncovering exploitable 0-day vulnerabilities in major operating systems. At Synack he heads up the cyber R&D efforts and focuses on automated vulnerability discovery as well as the emerging threats of OS X malware. Wardle is obviously a man who knows his stuff, which is why this particular warning (given during a presentation at the RSA Conference) should be taken seriously rather than being dismissed as just another theoretical attack against the Apple security posture.

So what, exactly, is Wardle saying? Well …

Usually used just after they have done something so nasty and personal that the only way to attempt any kind of justification is to use the 'only business' line.

What?

Let me repeat that: WHAT???

Yep, Atari 2600 'woody' here myself. Used to rent the carts for it :)

OK, so you are studying for exams. Well done.

Now explain what problems you are running into and show us the code you have so far.

It depends on your definition of security, of course, and whether you factor in the third party access to data stuff. On-premise has the advantage in the 'much stronger' game in as far as at least you know when The Man has got a court order/warrant and been poking about in your data. The same can not be said about all in-cloud or outsourced systems. My beef is just with the dismissive and sweeping 'cloud is much stronger' statement, which is plainly incorrect in every case. Much stronger in many cases, would work for me, or can be stronger depending upon your current circumstances even - but it's not a black and white issue that can be dealt with by such a black and white statement IMHO.

Crowley was many things, but he wasn't a satanist despite what many media outlets and godsquadders would have you believe.

Actually, you've got the 'do what thou will' thing wrong Alan. It's from the Wiccan Rede (pagan) and the full motto is: an it harm none, do what ye will.

I have it tattooed at the base of my neck/top of my chest.

The 'an it harm none' part refers to self as well as others, so no horrid connotations apply.

Werner Vogel, Amazon Web Services (AWS) CTO, speaking at the AWS Summit in London yesterday has made the rather amazing claim that security in the cloud is "much stronger" than anything you can have on-premises. As someone who has been writing about information security for more than 20 years, and covering the cloud security beat for five, I can understand why he may say that. However, it doesn't mean that he was right; not for every customer, not for every implementation.

If you are talking about the smaller end of the SME spectrum then, for the most part in my experience, there's a very good chance that the kind of dedicated security know-how and infrastructure investment available from the likes of AWS is beyond the reach of the average business. If you are talking about larger enterprises, which do have dedicated security teams and have already invested heavily in the relevant infrastructure and processes, well sorry Werner but that's a totally different ballpark.

It's one thing for Vogel to dismiss hybrid cloud, and I think he's got that fundamentally wrong as well, but to make such simplistic and wide-sweeping statements concerning security in the cloud is pretty much unforgivable. It's the kind of thing I hear on a daily basis from marketing men and product directors, but would not expect to be coming out of the mouth of the CTO of such a large player in the cloud space. Sure, AWS thinks it is pretty clued up when …