Posts by happygeek

I'm seeing 'Nearly a Posting Maven' here.

Welcome

Really?

Welcome

Welcome

Oh the irony. In what is starting to read very much like the script to a Hollywood movie itself, the latest twist to the Sony Pictures hacking plot took an unexpected turn yesterday. It would appear that at one stage yesterday access to the web across pretty much all of North Korea went down, with access to key sites such as the state-run Korean Central News Agency (KCNA) and Rodong Sinmun newspaper were down for most of the day. Not that most North Koreans would have noticed, of course, seeing as they are denied access to the Internet anyway.

The question now is who did it, assuming anyone did that is as a technical glitch is not entirely out of the question although highly unlikely truth be told. News sources online immediately seized upon the US as being the prime suspect, given that the FBI had officially blamed North Korea on December 19th for being behind the Sony Pictures attack. Retaliation of some sort was not a total surprise, with President Obama promising a 'proportional response' however a cyber-attack on the scale required to take down country-wide nation state access would be quite some undertaking. The finger pointing is prompted by reports that security outfits which monitor such things, such as Arbor Networks, had noticed that the Internet infrastructure in North Korea started to suffer from denial-of-service attacks from December 20th; the day after the FBI announcement. However, dig a little deeper and you …

See the thread here: https://www.daniweb.com/internet-marketing/search-engine-optimization/threads/487894/website-analytics

You will need to expand a little methinks.

What do you mean by 'live ads' for example, and what problems are you having posting ads to Craigslist?

I assume you have read this: http://www.craigslist.org/about/help/how_to_post

A day late due to illness, but Merry Yule/Winter Solstace to you all...

I would be very surprised if the Norton stories have any basis of truth in them at all. In 20+ years of being an IT security journalist I have not found a single piece of evidence to suggest it is the case. That's proper evidence, rather than hearsay, of course. Believe me, if this were the case then there are plenty of people who would be chomping at the bit to expose it; a real career builder of a story.

Welcome Ed.

Sounds like you should fit right in at DaniWeb, welcome!

Welcome Scott. You'll be fed up of all my welcomes, what with PM and in forum now :)

Google has been quick to blacklist domains implicated, most often unwittingly, in the distribution of what has become known as the SoakSoak malware campaign courtesy of soaksoak.ru being the first domain in the redirection path it used. With 11,000 domains blocked over the weekend, you might be forgiven for thinking that it's another WordPress hosting sites security problem sorted before it can do any harm. However, most experts I have spoken to would seem to agree that 11,000 domains is just the tip of this particular iceberg and the actual number of soaksoak impacts on WordPress specific sites is in the hundreds of thousands spectrum.

According to security outfit Sucuri, which has been leading the analysis of this outbreak, it would appear that the attack vector can be traced back to the RevSlider plugin vulnerability that Sucuri disclosed some months back now. Unfortunately, as is the way with such things, many WordPress site operators do not seem to have addressed the issue and continue to use premium plugin. This isn't surprising given, as Sucuri points out "it’s not something everyone can easily upgrade and that in itself becomes a disaster for website owner". What's more, the plugin is bundled with themes and so some owners won't even know they have it.

Whatever, the supersoaker effect is quite clear: this is a local file inclusion attack methodology which means that a remote attacker can download any local file they fancy from the target server. …

Tell you what, you show us what you have done so far, post some code, let us know where you are getting stuck and then we will start thinking about whether to help you or not.

We DO NOT do your homework for you.

See the rules mate: provide evidence of having done some work yourself if posting questions from school or work assignments

Google...

I prefer forums, some people prefer the old mailing list approach. DaniWeb offers both options, you chose the wrong one :)

An increasing number of my acquaintances seem to be in the habit of buying cheap Android smartphones when in China on business and, increasingly, from online auction sites. More often than not these will be clones of flagship models but without the flagship price tag; however, cheap is not always cheerful. I've seen some of these devices with their look-alike operating systems and their flimsy construction, and given a quick once over have to say I wouldn't trust them with my calls, texts and data. That level of mistrust appears to be well founded, not least because it would seem that some of these cheap clone phones are coming pre-loaded with malware called DeathRing.

According to mobile security outfit Lookout this is the second time this year that an outbreak of DeathRing has been spotted. The Chinese Trojan, Lookout says, is coming pre-installed on a whole bunch of cheap Chinese phones which are most popular in the Asian and African regions. The company does admit, it has to be said, that the volume when it comes to DeathRing detection is 'moderate' although it doesn't give any actual numbers. Lookout does insist that active detections are being picked up globally though, which makes the threat both viable and concerning.

DeathRing, as the name suggests, pretends to be a pre-loaded ringtone app but in actual fact is actually a malware conduit for content downloaded from a central command and control server. SMS content can be pushed to the handset, for …

?

Why ask about a free OS in the Windows forum? Windows isn't free...

Question: How to get help on DaniWeb?

Answer: Show us that you have done something more than just copying your homework question here. Show us your code, and where you are getting stuck, and someone will help you.

People in most other countries don't get so bored as to create such a game in the first place >;-)

Welcome both

Someone did pay me by cheque the other month, which I found really very annioying indeed :)

Very rarely these days, in fact I cannot remember the last 'letter' I sent via snail other than birthday cards etc.

A group describing itself as "DDoS kings" who "just want to watch the world burn" has claimed responsibility for taking the Microsoft Xbox Live network down for an hour or two earlier today. The Lizard Squad, posting from a Twitter account called LizardPatrol, published a message warning that "Microsoft will receive a wonderful Christmas present from us" and say that taking Xbox Live offline was "a small dose of what's to come on Christmas."

The downtime impacted upon users of both the Xbox 360 and Xbox One, returning an 80151909 error when trying to connect to Xbox Live. According to Microsoft support, this error code occurs when "Xbox Live profiles can't be downloaded" and indicates a temporary profile download failure. Seeing as there were no issues being reported on the official Microsoft site regarding the Xbox Live network, which is usually the case, it would suggest that a DDoS attack could have been the cause.

At the time of writing Xbox Live appears to be back up and functioning normally once more. Whether this was, indeed, a DDoS attack and if it is indicative of more to come is as yet unknown. If it does prove to be the case then the fact that the group claiming responsibility says it is doing it for kicks is a little worrying. Of course, it could just as easily be a group of bored kids jumping on an entirely unrelated downtime event for the kudos. Only …

welcome

Goodbye spammer...

Just another sig spammer, also posting under johnkennady31 account. Both now banned.

Please go away pointless question asking signaturespammer, and take your other ****kennady31 accounts with you.

That is all...

Find your code and post it here, then find the bit you are having problems with and ask about it here, then you will find people might want to help you...

What is Google and what is it used for?

There is also a feeling that the server overload is something of a marketing ploy to create an urge to buy ASAP. Thus can be backed up by messages saying you are in a queue due to excess demand which, when you disable JavaScript, vanish and you find yourself in a pretty normal running site.

Show us your code first, displaying at least some effort on your part, and then someone may help you with whatever bit you are stuck on. However, we're not here to do your homework for you!

Looks like Argos has gone down as well in the UK. Any big names in the US had/having similar issues this year?

The annual 'Black Friday' discounted shopping storm is no longer just an American event; it's hit the UK like a hurricane today. Last night police were called to four different supermarkets with heavily discounted televisions after large crowds started to gather for the midnight opening. At one Asda store (a Walmart owned UK supermarket chain) there was fighting as shoppers opted to get physical in order to secure that electrical bargain.

Then, both the Tesco supermarket and Currys PC World electrical superstore websites buckled under the pressure of would-be shoppers keen to get an online bargain. Next it was clothing retailer Topshop, and this morning the website of high street video game retailer 'Game' was down and out due to "the overwhelming response to our Black Friday offerings" apparently.

Of course, truth be told, the reason why these online sites were unavailable is a lot simpler. They underestimated the demand, and they under-budgeted for the resources required to keep their servers up. It's still only mid-morning here in the UK and I can confidently predict that more retail websites will be going down as Black Friday continues; and most likely into the Cyber Monday discount shopping continuation as well.

Archie Roboostoff, Borland Solutions Portfolio Director at Micro Focus, reckons that research points towards some 44 per cent of CIOs being well aware of the precise events that drive such peak-traffic loads, yet relatively few perform any kind of performance load testing in advance of them. …

Ever wondered why the bad guys continue throwing malware in your direction? The obvious answer is the correct one: because they make money from doing it. On Thanksgiving Day, as all others across the year it would seem, they can be thankful for the high profit to be raked in from using readily available malware purchased within the dark market.

Kaspersky Lab researchers have been doing the math, and their figures suggest that when comparing the cost of the most common hacker tools with the cold cash stolen using them the profit is around 20 times greater than the outlay. By way of example, in order to set up an out of the box social network clone together with a spam mailing list linking victims to it would cost as little as $150 according to the researchers; with just 100 targets getting caught the phishing perpetrators could expect a return of up to $10,000 on average.

Or how about mobile Trojan which 'bricks' a smartphone until a ransom is paid? These are rather more expensive to purchase, about $1000 in fact. However, with unlocking 'fees' set at $200 (and victims are generally happy to pay to get back access to their photos, music and contacts which have not been backed up separately - let alone the problem of resetting a device for the kind of naive, technically speaking, user caught by such malware) it only takes 100 victims to realise a $20,000 return.

However, the Kaspersky research would seem to …

He's talking about DaniWeb. Doh! :)

Seriously?

There is no point. It's a toe in the water test before the full dive into the spamming pool :)

What games? Your graphics card requirements will be very different for Counterstrike compared to Solitaire...

Amazon as in the retail site or Amazon as in Amazon Web Services and resellers of the same? The latter has certainly happened; most famously see http://arstechnica.com/security/2014/06/aws-console-breach-leads-to-demise-of-service-with-proven-backup-plan/

welcome

You can look to see who is replying and determine whether they are to be trusted, in exactly the same way you do when interacting with anyone in the real world. Just as you would trust your professor to give an accurate answer (probably) and maybe not so much the drunk chap on the street corner (depending upon the question of course) so you will probably trust a developer on DaniWeb who has a high reputation and has been helping others for a long period more than you would a newbie with no rep called 'lovepotionsforsale' and a sig link pointing to a site selling witchdoctor services...

True dat...

Think that macro viruses written in VBA (Visual Basic for Applications) are just something that people using the Internet a couple of decades ago had to worry about? Think again. Word macro attacks never went away, they just went into decline. New evidence suggests they could be making something of a comeback though. Coupled with research showing how non-English speaking recipients are being targeted by phishers using this technique, it makes for worrying reading some 15 years after Melissa struck fear into the email using world.

Whenever I hear non-English and phishing uttered in the same breath, I tend to think the speaker is talking about the scammer rather than the attack message itself. The number of emails that appear in my spam and malware filtered folders which have patently obviously come from the keyboard of a non-English speaker far outweigh that have not. However, the language of phishing itself has pretty much always been English for one very good reason: it represents the largest attack surface for the least effort. Of course, there are always exceptions and targeted attacks (also known as spear phishing) are more likely to be crafted in whatever language is thought to be spoken by the recipient based upon the location of that target mark. One thing is for sure, most security researchers will agree that malicious URLs in email tend to be a lot more prolific in English language speaking recipient countries than elsewhere.

Which doesn't mean you are safe if, for …

Use the search box top right, or scroll through recent forum posts, or use Google and you will find your answer...

Closing this thread now before it turns into a sigspam fest.

Fingers, if not legs, crossed for you ;)

Actually, the 'fewer users' argument doesn't apply to PWN2OWN. As I said in the news story itself:

while it could be argued that the reason Windows Phone did so well was that only one team targeted it that would be a flawed assumption. Teams only target devices at the competition proper if they have been able to uncover working zero-day exploits in the lab. If they have not, then they don't enter as there is no point

Yes, there are fewer exploits out there for Windows Phone due to fewer users, but researchers have a financial incentive to find vulnerabilities no matter what the installed user base is. The fact of the matter is that they didn't, and for now at least that's good news from the security posture of the OS perspective.

Why are you asking when you are a web developer/design outfit which offers SEO services according to the page you link to in your sig? Surely you would know this stuff already, if not why would anyone hire you?