Posts by happygeek

That Wales/Ireland match was, for great swathes of it at least, amongst the best I have ever seen. Truly brilliant from both teams, and what a win for Wales!

England did enough against Scotland, but oh so many chances thrown away. Without finishing stuff they are never going to be a great team just a very good one.

So, the final weekend: can't see Wales clinching it (unless both England and Ireland lose which is mega unlikely) courtesy of the goal difference, and think it's going to be very close between England and Ireland. I guess England have the nod for being in a position of knowing what they will need to do for their match, but Ireland could dismantle Scotland and run away with the goal difference to take it out of reach.

Looking forward to it already, I love these more open championship super saturdays :)

welcome

Please note, as per the forum description: "it is against our rules to actually solicit products and services in this forum"

Also, admins can see IP addresses so when two members using the same IPs start asking and asnwering questions in a thread where services are being promoted and linked to then our spammer alert alarms start going off.

Feel free to ask about ecommerce stuff in general, but let's not turn this into an advertising thing.

Welcome to DaniWeb Daniel.

You just did...

Now, all you need to do is be a bit more specific in what it is you need to know, where you are having difficulties etc.

Content Management Systems (CMS) may not be the most interesting topic on the tech table, but oh boy does WordPress liven things up in this sector. Not, it has to be said, always in a good way. I've lost count of the number of WordPress vulnerability stories that I've read over this last 12 months, and have even written a few myself. of course, more often than not it isn't WordPress itself that is the problem but one of the gazillion plug-ins that are out there and being used to customize it and add functionality. There was the SoakSoak malware linked to the RevSlider plug-in a couple of months back, and that's just the tip of the iceberg.

Now a new survey of more than 500 WordPress users by CodeGuard (http://www.CodeGuard.com) has revealed how they are just making things worse by not being properly educated regarding backing up their sites or updating software. According to the survey while 54% do update WordPress somewhere between once a week and every few weeks there were 21% who backed up only occasionally. Some 24% used a website backup plugin, but only 23% have any real training in the use of these tools while 47% had either none or very little idea of how to use WordPress.

Maybe that's not too surprising as the survey also showed that WordPress users are attracted by ease of use and tend to veer towards the less technically competent end …

Spring has been getting rather unseasonably hot for Apache users as far as security flaws go. First there was news of how the FREAK (Factoring Attack on RSA-EXPORT Keys) vulnerability could impact Apache. For more on FREAK see this excellent analysis by Matthew Green, a cryptographer and research professor at Johns Hopkins University. Green points out that "Apache mod_ssl by default will generate a single export-grade RSA key when the server starts up, and will simply re-use that key for the lifetime of that server. What this means is that you can obtain that RSA key once, factor it, and break every session you can get your 'man in the middle' mitts on until the server goes down." How serious the FREAK thing is open to plenty of debate in the IT security world right now, what with both clients and servers being patched and the technicalities of the attack less than straightforward for non state sponsored actors in the real world.

However, that still leaves the second bit of bad news on the Apache front: ActiveMQ LDAP Wildcard Interpretation. Researchers from MWR InfoSecurity Labs have identified two weaknesses in the way Apache ActiveMQ performs LDAP authentication. The vulnerabilities allow for leveraging the unauthenticated authentication mechanism, when supported by the remote LDAP service, or abuse an LDAP wildcard expansion weakness. The unauthenticated authentication mechanism may be used for performing unauthenticated Bind with an LDAP service. The wildcard interpretation weakness allows for brute forcing a password, for an unknown …

Why do you ask?

Addressing last weeks Securi-Tay conference hosted by the Abertay Ethical Hacking Society in Scotland, Stephen Tomkinson from the NCC Group detailed how Blu-ray players can do more than play videos; they can open up a new attack surface for the hacker. Tomkinson demonstrated a new tool that had been released in order to enable the investigation of embedded network devices, and used the network exposed features on a common Blu-ray player as an example. He showed how an innocent looking Blu-ray disc can actually circumvent sandboxes and present the hacker with control of the underlying systems. Of course, that innocent looking Blu-ray disc was anything but; it was highly malicious. The disc itself, by combining a number of vulnerabilities discovered in Blu-ray players, was able to both detect the player it was inserted in and then launch a platform specific malicious executable. It also played a movie, to do otherwise would be a tad suspicious. The full technical background is published here but essentially the rich features of Blu-ray interactivity are built using a Java variant called BD-J, this both user interfaces and embedded applications to be structured as Xlets which can be thought of as akin to web Applets. Tomkinson and his team managed to circumvent the JVM SecurityManager controls and gain access to the underlying OS.

Troy Gill, manager of security research at AppRiver, says that while exploits are interesting in as far as showing how seemingly harmless functionality can be leveraged to run malicious executables, …

How about you do your own homework buddy?

If you have some code to show us, post it and our members will help you (without actually doing it for you) understand where you are going wrong.

Simples.

Welcome aboard the good ship DaniWeb

Welcome

Ireland deserved the win, and look good for the 6N now. England just made too many handling errors.

The Scotland/Italy match was a blinder. Now that's what I'm talking about, with Italy not giving up and snatching victory in the last few seconds. That is why I watch rugby!

I notice that diafol is a bit quiet this year when it comes to the Six Nations. Can't imagine why :)

Saying that has probably just guaranteed a butt-kicking by Ireland for England now (actually don't mean that, think it will be a really tough and close game though). Ditto when it comes to France v Wales this afternoon, depending as usual on which French team turns up.

You cannot snore and dream at the same time.

I'm pretty sure my wife can.

Increasingly it would seem that the mode of choice for serious DDoS'ers is to attack on multiple fronts using multiple techniques. This is just another example of such a technique being thrown into the mix. Not better, not worse, just adding to the pain in the ass list.

Although the term 'reflection DoS' is nothing new, I recall reading something about it three years ago when a high profile security researcher used it to describe how malicious SYN packets were being reflected off bystanding TCP servers and the SYN/ACK responses used to flood his bandwidth. More recently, Garrett Gross from security vendor AlienVault recently wrote about the relatively new method of amplification Denial of Service (DoS), also known as a reflection attack, using SQL servers. This was actually first reported at the back end of last year when servers belonging to the City of Columbia, Missouri were hit by a multiple DoS methodology attack including this technique. However, my sources tell me that reflection attacks have been on the up for some time and in the fourth quarter of 2014 Akamai's Prolexic Security Engineering & Research Team (PLXsert) researchers reckon that some 39 per cent of all DDoS attack traffic were employing these amplification techniques.

Now Akamai is reporting that the reflection attack method has been used in conjunction with Joomla servers running a vulnerable Google Maps plugin. Akamai warns that, after a whole bunch of vulnerability disclosure across 2014, the Joomla content management framework is still being actively targeted by those with malicious intent. In conjunction with the PhishLabs Research, Analysis, and Intelligence Division (R.A.I.D), PLXsert observed traffic signatures from Joomla distributions with a vulnerable Google Maps plugin being used as a launch platform for DDoS attacks. These traffic …

Don't take on jobs for clients when you have absolutely no idea how to do them would be my advice.

@Ashleigh1: https://support.google.com/webmasters/answer/6083347?hl=en

The "provide evidence of having done some work yourself if posting questions from school or work assignments" rule kind of covers this, doesn't it? I mean, it's not like you are showing us any effort at all here, just asking for someone to send you a completed project.

People can only help you if you are clear about the help you are wanting. So take a breath and then try again but explaining exactly what it is you are after...

I have removed the link from the original post to prevent members downloading it and the potential for problems if they do...

Welcome to DaniWeb.

I haven't gone down the custom build route for so long now with lappies, mainly down to the affordable off the shelf stuff being pretty well specced these days.

Either join the Church of Scott McNealy (You have zero privacy anyway) or the Church of Ted Kaczynski?

See DaniWeb guide on 'How to check for and securely remove Superfish badware from your Lenovo PC'

Chinese computer manufacturer Lenovo has admitted that it installed an adware component called Superfish on 16 million PCs shipped between September 2014 and February 2015 in order to "help customers potentially discover interesting products while shopping" according to an official statement made by the company. Although there is some argument to be had as to the validity of the 'helping customers' idea regarding software which injects third party adverts into Google searches and websites without the explicit permission or knowledge of the user, where there is no debate to be had at all is in the bloody great security hole Superfish drives through any Lenovo computer it is installed upon. It is true that Superfish doesn't, as far as I can tell, monitor user behaviour or record user data and instead uses contextual and image-based methods; meaning that users are not tracked as such. However, it is also true that it does some things which have the potential to be very dangerous indeed and that potential looks like it could soon become a very tangible reality.

The problem being twofold: firstly there's the not so small matter of Superfish having a pre-installed root CA certificate on your brand new Lenovo right out of the box. This enables it to intercept not just some websites that the user visits, but pretty much any of them and that includes HTTPS-protected ones, to inject adverts. Yes, you read that right, a trusted root certificate that you …

Welcome both! :)

You are going to have to provide a little more information than that if you expect any kind of helpful answer.

Yup.

No car is driverless if my mother-in-law is a passenger...

thanks for making me more firm

<shocked expression>

Thanks all, so we now have NathanOliver, Slavi and Tcll lined up for the coming three months - along with the restrospective ones as well of course.

You are in the minority then.

Well that's your homework question posted, now tell us what problems you are having completing the assignment and post your code so we can point you in the right direction.

I take security and privacy issues seriously, but sometimes I despair when news stories such as that regarding Samsung TVs eavesdropping on private conversation explode across the media as happened last week. The reason for my despondency has less to do with the data privacy debate and more to do with the human stupidity one. That said, let's get the technical bit out of the way first.

The privacy scare story kicked off after someone, eventually, noticed that privacy policy relating to Samsung smart TVs included the line: "Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition." This triggered a veritable tsunami of panic amongst the apparently easily panicked that their inane ramblings with the dog were being recorded by 'someone' and this data could somehow then be used to their detriment. Some particularly dense blowhards even made the connection between this statement and the Edward Snowden revelations, concluding that TVs were being used by The Powers That Be in the war against terror. I can only assume they were wearing tinfoil gloves as they typed their concerns across social media channels.

Here's the thing though, if you've bought a 'smart' television do you actually think it is a self-contained intelligent organism? How do you think it figures out what you are searching for when you use the voice search function, and returns recommendations for …

Why? Web 2.0 is long since dead...

OK, following on from the suggestion here I am now asking for your memories of Dave Sinkula which will be used to help create a kind of retrospective member of the month interview/memorial.

So fire away, and write as much or as little as you like. I'm really looking for those personal memories of what made Dave such a great person and valuable member of the DaniWeb community.

I'm liking that idea. Maybe we could put together a collection of quotes/comments from existing members with their memories of Dave first and then Melvin after. I'll set up a new thread... Here it is :)

Simplistic explanation would be that the public cloud is where servers at a data center (or centers) are converted to multiple virtual server instances which can be operated, via a third party provider, by different enterprises. A private cloud consists of servers managed only for a single enterprise, within the on-premise boundary or at a third party data center location. The hybrid cloud is, well, a combination of the two with the precise nature of the servers being used dependant upon workload/data sensitivity etc.

Oh absolutely. I don't think anyone seriously imagines it will stop the IS threat. That said, better some flies than no flies at all. :)

It's already there, look at the bottom of your posts!

Welcome. However, please read the rules before continuing - especially this one:

Do not sign your posts with 'fake signatures'; Use the signature facility from your profile editor

Oh, just to add: anyone with a 'Featured' badge next to their username has already been, er, featured.

It's that time of the year when I've run out of Member of the Month interviews for the DaniWeb Digest - our newsletter which goes out to over 850K double opt-in subscribers.

So, if you think there is a member who deserves to be featured as member of the month (which involves anmswering some questions via the DaniWeb PM system, and getting a 'featured poster' badge in return as well as the kudos of being in the member newsletter) or perhaps think that you yourself is that person, then start nominating here.

I will need to interview the first nominee within the next week or two, ready for the newsletter that goes out at the start of next month. So thinking caps on please...

Here's the way it works: you show us your code, tell us where you are having problems, then we try and help you solve those problems.

We don't do your homework for you.

Simples.

An updated list of accounts taken down, or at least some of them, can be found here: http://pastebin.com/d8ND4rvV

The hacker collective known as Anonymous first declared war on Islamic State (formerly known as ISIS) supporters back in the Summer of 2014 with Operation NO2ISIS which promised to target the online infrastructure of those countries sponsoring Islamic State militants. This declaration followed the hacking of an Anonymous Twitter account, @TheAnonMessage, which was then used to post photos of a terrorist assault near Baghdad. At the time, an Anonymous spokesperson stated that "these savages who have no religion or morality are bent on burning everything in their path, killing and pillaging as they go. They must be stopped." Because Islamic State itself had a pretty limited online footprint, at least in terms of infrastructure that might be vulnerable to a hack-based attack, the decision was taken to target the people and countries which supported them instead. Now things are different, with the terrorist group using social media to promote itself and to distribute videos showing executions of hostages.

Following the Charlie Hebdo atrocity in Paris, Anonymous declared war directly on Islamic State and promised to "track down and close all accounts on social networks related to terrorists in order to avenge those who have been killed." That threat, under #OpCharlieHebdo, was thought to have come from a specific branch of Anonymous, a group of Belgian activist to be precise, and seems to have largely focused on DDoS'ing ISIS recruitment sites. However, a new Anonymous video has now emerged which …