Posts by happygeek

No. This is the introduction forum, that sort of advice would go in the relevant forum in the Internet marketing section.

This just hit my inbox from the ZScaler ThreatLabZ folk:

Within hours of the public disclosure of this vulnerability, the Zscaler ThreatLabZ research team started seeing incidents of attacks targeting this vulnerability in the wild to download additional malware. It appears that Nginx and Apache web servers configured to use mod_cgi are two potentially vulnerable services that are actively being targeted in the wild. The server involved was found to be compromised and hosting ELF binaries which belong to the same Linux Backdoor Trojan family with DDoS capabilities. Zscaler believe that the vulnerable Apache servers were resulting in the download of an ELF binary named "apache" whereas vulnerable Nginx servers were getting the ELF binary named "nginx". The only difference Zscaler saw in these two binaries was the hardcoded Command and Control server information. Upon successful exploitation of CVE-2014-6271 vulnerability, the attacker is able to download and install the malicious ELF binary on the target Linux system. The malware connects to a predetermined Command and Control (C2) server on a specific port and awaits further instructions from the attacker

Some interesting comments coming in from the ITSec industry:

Jaime Blasco, AlienVault Labs Director.

We have been running a Honeypot since yesterday that basically emulates a system that is vulnerable. We found several machines trying to exploit the vulnerability. The majority of them are only probing to check if systems are vulnerable.

On the other hand we found two attacks that are actively exploiting the vulnerability and installing a piece of malware on the system.
These pieces of malware turn the systems into bots that connect to a C&C server where the attackers can send commands.

We have seen the main purpose of the bots is performing distributed denial of service attacks.

Arse. I missed an echo, apologies... Now fixed.

A 22 year old vulnerability, yes you read that right, has been discovered which some security experts suggest could be bigger than Heartbleed. The bug, reported as 'CVE-2014-6271:remote code execution through bash' relates to how environment variables are processed: with trailing code in function definitions being executed independently of the variable name. This can be exploited remotely with code injected into environment variables across the network.

The GNU Bourne Again Shell (Bash) command interpreter is widely used, to put it mildly, and as such is being treated as a critical security risk to Unix and Linux systems. Which means it could actually impact upon routers, Macs running OS X, servers, websites etc etc. The Heartbleed reference comes courtesy not only of the potential widespread target surface, but also the length of time which this vulnerability has been present. Apparently the bug goes right back to version 1.13 of Bash, and hits all versions from then right up to (and including) version 4.2; which is, I repeat, a 22 year exploit window. On the plus side, it seems that the Dash alternative as employed by Ubuntu and Debian-derived systems is not impacted by the vulnerability.

You are advised to check if you are vulnerable by executing the following line in your shell:

env x='() { :;}; echo vulnerable' bash -c "echo start patching now"

If you see output of 'vulnerable - start patching now' then take heed and do just that. Or at least start doing that, because although …

Good to have you with us.

Welcome, but why the 'php' title to your post?

So let's get this straight, are you saying you want to replace a Windows 2000 PC/Laptop with an iOS iPhone/iPad?

If it hasn't been solved by now, FOUR YEARS AFTER POSTING, I would imagine that there's little point doing anything...

Would seem the obvious place to start, don't you think?

Erm have you tried http://www.embarcadero.com/

Or actually buying a genuine copy...

Apply for a place on a CCNA course?

Work hard and study?

The latter.

Welcome

See https://support.google.com/webmasters/answer/139066?hl=en

Windows 9 will lose menus altogether, you will have to dig for applications etc...

Welcome

Welcome

<mmmmpphhh> sooooo tempting to do just that...

That said, when someone working as a consultant for a network cable company and with a signature link to a netywork cable company asks the question, as this chap just did elsewhere of 'what is the best cable' then I'm afraid he has been outed as yet another (or quite possibly the same old banned time and time again) network cable spammer...

Talking of which, see also https://www.daniweb.com/members/1112875/jhon-donald

The Internet of Things (IoT) is something of a buzz-phrase right now, and locking down the IoT is certainly something that vendors across both security and hardware industries are talking up. The problem with the publicity surrounding stories of 'things' that have been hacked is that, well, they never really have much potential impact right here, right now, to you or your business. So someone managed to break into an Internet-connected baby monitoring device and make creepy announcements over it, or there's the potential to control an Internetified self-driving car in the future; neither of which fill me with dread about the security of my data as is, it has to be said.

However, maybe you and I are missing the point. Maybe we need to broaden our definition of what things this Internet of them actually comprises. How about printers, for example? Stand up if you have a printer which isn't connected to your network and the Internet beyond? I'm guessing there are lots of you still sitting down, I certainly am. There's part of the IoT right there which represents a very real threat to your security posture, and you probably didn't know it.

Researchers at Context Information Security knew it, and proved it. They remotely accessed a web interface on a Canon Pixma printer, they modified the printer firmware from the comfort of the Internet and then used this modified printing device to play a game of Doom on the built-in screen. If that's not scary enough …

What?

No. You write a program that reads a line of text, changes each uppercase letter to the lowercase, and places in a queue and onto a stack. When you've done that, show us what you have got and what help you need.

Nobody is here to do your homework for you, sorry to disappoint...

In that case the correct answer is Google is the father of SEO.

http://goo.gl/CUAUD2

But, to be honest, it looks like you have already done a Google search and just pasted the names from it. If you already know about the three principle players with a claim to the title, why ask here?

Hi Andrew - just click on your username and take it from there, setting up a profile is easy and quick.

Oh, and welcome :)

And that has what to do with this thread, exactly?

You might want to flag up that you work for/own one such network rather than just enquiring about the subject. Far more honest and open for everyone that way...

Many more than that here Rev.

Reports started circulating yesterday that Gmail had been hacked, with some 5 million logins at risk. This follows the publication, on Tuesday, of a plain text list of Gmail usernames and passwords on a Russian Bitcoin forum. Within 24 hours the 'hack hysteria' had taken hold and people were being advised to check if their accounts had been compromised, change their passwords etc. Trouble is, there appears to be absolutely no actual evidence that Gmail has been hacked at all, and plenty to suggest that this credentials list is just another composite; constructed with passwords taken from lists already published concerning other breaches. The Gmail connection is, at the most, that people whose credentials were exposed at those other sites and services had used a Gmail address to register their accounts.

Having spoken to a number of people who, at first glance, would appear to have fallen victim of the Gmail hack that wasn't, it seems that there are lots of very old passwords in play on that list. What's more, there are lots which were never actually associated with a Gmail account at all. Just to be clear, what I'm saying here is that the list itself seems to consist largely of instances where someone has registered with a service with a username of xxx@gmail.com and a password of yyyzzz and the inference is that yyyzzz is the Gmail account password. This is simply not the case in many instances that I've been made aware of, enough for me …

We long since reached the point where tech companies are selling us upgrades we don't need in order to replace stuff that is perfectly fit for purpose, does everything we need and lasts for many years. They have to, otherwise the revenue stream would dry up. Trouble is, we are (on the whole) stupid enough to fall for it. I am just as much a mug as anyone in this regard although I do manage to only replace my laptop every three years and my phone every other year. :)

About the only hardware which breaks the upgrade for the sake of it rule is printers, which are so crap that they tend to break easily and so cheap (it's all about the consumables) that they are not 'worth' repairing. I truly hate the printer hardware market, with a vengeance. Mainly becuase I hate waste.

I reverse my previous welcome, another spammer now banned...

Don't bother folks, the spammer showed his true colours and is now banned; the fate that awaits all spammers here at DaniWeb...

Thread closed.

Yet your signature link is for a UK-based classified ads site, and your profile states that you work for the same. Not just here for the spamming are you?

Some interesting research from security outfit Proofpoint was published this morning which reveals that unsolicited email heading towards users in the UK is three times more likely to contain malicious URLs than that destined for users in the United States, or Germany, or France for that matter.

It's not, as you may think at first glance, just a matter of the UK getting more spam. The research conducted over the summer, using the US as a baseline, shows Germany getting more spam as a percentage than the UK, US and France. The prevalence of spam and malicious URLs in the total email traffic are not, Proofpoint conclude, therefore correlated. Instead, UK users are being targeted with less spam but with a higher volume of infected spam. Compared to Germany, as much as five times as high in fact. Which begs the question 'why are cybercriminals targeting the UK so relentlessly when compared to other nations?'

Kevin Epstein, VP of Advanced Security & Governance at Proofpoint, doesn't think the answer is all that difficult. If the evidence points, relative to other countries in the report, that there are a startlingly high number of targeted attacks against the UK then given the almost universal financial motivation behind them "this strongly suggests cybercriminals have found UK organizations to be an unusually lucrative target" he insists.

Not that Epstein thinks non-UK email users should be complacent about the level of risk as he says that lower phishing volumes do not appear to …

My main problem with the whole so-called 'smart' watch technology concept is that so far they have not been that smart at all. The core functionality of all these devices would appear to be able to alert you to things happening on your phone, without you having to look at your phone. Thing is, if I have to have the phone in my pocket anyway why bother adding another bit of tech to access it? Have we become so lazy that looking at your phone is now too much bother? I mean, c'mon, what is a smartwatch actually for?

All the best for a speedy recovery. My elderly mother has had heart failure for a few years now, and been through lots of surgery. Currently waiting to see if hospital think she is fit enough for further valve replacement surgery.

iWatch? Ugly as, pointless as, meh.

iPhone 6? Meh.

iPhone 6+? Meh+.

Thinking Apple has seriously lost the plot. Seeing no reason to upgrade from a 5s to a 6, seeing no reason to buy an iWatch (or any smartwatch for that matter - what a seriously overhyped technology) and seeing little reason to continue my investment in Apple when the time comes to change my phone.

What Karma said :)

You keep saying you cannot activate it, but you also say you have not tried to.

Which leads me to believe that you are using a pirated version and just want a crack code. That ain't gonna happen here.

So, what is your problem with activation exactly and precisely. Tell us and we will offer advice (in fact it's already been offered) otherwise there's nothing more to be said.

Same goes for both posters, by the way...

True, but an IT consultant specialising in networking would, you might imagine, know the basics about networking...

The iCloud fiasco was a combination of the usual user dumbass stuff and some Apple dumbass stuff (in not locking down password retries using the find my phone route in).

Linda, be sure to share your experiences with us. As a newcomer to the world of SEO I am sure that the lessons you learn will be of interest to others in the same situation.

I've always thought that the best way of looking at it is if, when you are writing a post, you would consider it spammy if you replaced your site/service/product with something else then don't post it.

As Dani says, you can get feedback about your website in the website reviews forum and you can shout about it to the world in the show off your projects one (as long as these are genuine posts and not just adverts in disguise of course.)

Make use of your signature file and link to your site from there, contribute to DaniWeb as best you can and others will be exposed to your signature and as your reputation grows so more people are likely to click on that link and see what it is you do.

Also, make use of your profile to the fullest extent so that if members click on your username they will see who you are what you do and where to find you.

It's still there at http://truecrypt.sourceforge.net/ just scroll to the bottom of the page...

<EDIT> Ignore that, see answer from Mike below...>

New? Duck Duck Go has been around for many years now. Nothing to do with Apple.

So why call yourself tommywilbert, just out of interest?

And if you are based in Alberta, how come I'm seeing Manila as your domicile from the user registration perspective?

Agree with The Rev; there's absolutely no reason why you should not continue using TrueCrypt if you were happy with it before, or even as a newcomer to such things...

And given that jazz is the musical equivalent of shoving random sharp objects into your ears until they bleed, probably a good thing.

Erm, can you tell I am not a fan of jazz? >;-)