Posts by happygeek

Welcome

According to BitcoinWatch the current market capitalization of the virtual currency stands at an incredible $10.4 billion. A single Bitcoin is now worth more than $800. In the ongoing aftermath of the Silk Road takedown many people wrongly assume Bitcoin is some kind of criminal currency, used to trade in anything and everything illegal online. However, be in no doubt that cyber-criminals are, indeed, attracted to Bitcoin: they are targeting it in virtual bank robberies.

Last month reports surfaced of an Australian Bitcoin 'bank' called inputs.io being hacked and the owner relieved of some 4,100 Bitcoins worth $1.3 million. Now we hear that the Danish company Bitcoin Payment Solutions (BIPS), another Bitcoin startup, has lost a reported $1 million worth of Bitcoins (1295 BTC) after an attacker managed to compromise the hosting account through fairly straightforward email account password resetting and server-side vulnerability that left the two factor authentication in place about as useful as a chocolate teapot.

This latest robbery is thought to have occurred between the 15th and 17th November, and word on the IT security grapevine is that the breach can be traced back to a Russian origin. The virtual-robbers used the increasingly common tactic of staging a Distributed Denial of Service (DDoS) attack on the site as a smokescreen behind which the real attack, the Bitcoin robbery, could take place. The smokescreen analogy is very apt, as when a site is hit by a DDoS attack then …

Best to shoot the barista in the head to prevent them from making such an abomination ever again. If that answers your question ;)

(No barista's were hurt in the posting of this message)

Maybe there is something wrong with your fingers? ;-)

Kind of does depend on what data you are trying to keep from prying eyes, of course, and whose eyes you think may want to be looking. For 99.99999% of people 99.99999% of the time, the shredding software, magnetic or nailing/scratching route is more than adequate.

Discount coupons are OK, but consumers consider drive-by location marketing an invasion of privacy. That's the warning message that research across four countries (US, UK, Mexico and India) by ISACA would appear to be flagging loud and clear to retailers wanting to maximise the marketing potential of customers with smartphones.

ISACA, which specialises in helping business get the most value while managing risk related to information and technology, asked more than 4,000 consumers about their holiday season shopping habits and their opinions on privacy. This revealed that shoppers in India and the UK were the most resistant to location-based marketing on smartphones, with more than 70% declaring tactics such as sending unrequested special offer messages when they walk past the store concerned would be considered invasive.

The 2013 ISACA IT Risk/Reward Barometer suggests that receiving a text message from a store as they walk by is almost as invasive for people as if they were to go inside and be greeted by name by the clerk despite never having met them before. In the UK, 69% of consumers said they would, however, be happy to be sent a discount coupon on their mobile device. Indeed, across all four countries surveyed people were generally more receptive to the idea of targeted discount codes by text rather than special offers arriving as they walk by that may not be relevant to them.

Mexicans were the most welcoming to the location-based SMS marketing, with more than …

I am actually not buying a new iPad until Apple adds TouchID, that's how much I like it. I actually find myself trying to access my iPad 2 using my left thumb on the home button :)

Seriously though, I'm surprised it's inaccurate for you; I've scanned both thumbs and a an index finger and all three were registered OK and are recognised under all circumstances in a flash.

p-)==

(Pirate smiley with beard plaits, innit)

A Channel 4 News investigation in the UK has revealed that in a 24 hour period just one smartphone made 350,000 requests to 315 different servers and made 30,000 requests to 76 servers when otherwise sitting totally idle for 45 minutes. Oh, and then there was the location data being sent to advertising agencies based overseas, and handset ID data heading to various apps. In fact, the investigation simply reiterated the fact that an average smartphone will send out hundreds of thousands of pieces of information every day, giving away its location and unique identity.

Channel 4 News commissioned IT security outfit MWR InfoSecurity to build a black box recorder, codename 'Data Baby' in order to enable the project to monitor the personal information through a mobile phone belonging to a fictitious young woman living in London with a healthy social media life. Producer Geoff White explains: "On this occasion we wanted to look at how information is sent from mobile phones automatically to a variety of websites. We approached MWR InfoSecurity and asked them to build a data interceptor that would track what the phone was doing and then analyse the results."

The results will probably shock anyone who isn't active in the field of IT security and privacy, although those who are will just be nodding their heads in that knowing way. This isn't new news, as such, rather just confirmation of what we already know. Smartphones cannot but help to …

iOS 7

It's just you :-)))

Well, maybe not, but I have to admit I think that they get the obtrusive factor about right: loud enough to be noticed, but not purple...

Hey, welcome back!!!

Yep, LastMitch left DaniWeb last week. We did get an email from him thanking the community for helping him and wishing us well, but as far as we are aware his departure is sadly permanent.

My favourite drink in coffee? That would be, let me see, erm, yes that's it, coffee...

Given the seed post sewn, and the link in the signature, the only crop (or should that be crap?) being fertilized here is spam methinks...

You can send a PM to members by clicking on their profile and then the 'send private message' button, or if they are online you can hit the 'launch live chat' button next above any of their postings for live chat if they have the option enabled.

You need to get out more ;-)

We look forward to getting to know you better as well...

Banana. Eat one for breakfast every day.

Define hardcore? I got to Prestige Master in Black Ops 2 on the Xbox, and am now working my way through the Ghosts ranks having completed the campaign over a couple of days. I completed GTA V in a week and am working my way to a 100% rating. Both games purchased on day of release, before 9am. I also have a custom modded Xbox 360 controller etc etc.

I do not consider myself a hardcore gamer though. Have no intention of splashing the cash on an Xbox One, have never owned a gaming PC, do have a life :)

And, another advantage that I kind of like, is that it enables you to click on the badge of the person who endorsed you and display their profile page - so becomes a quick way of getting a handle on those people who are reading your posts. Instant community building. Nice!

It may not be cool but it sure beats 'Rooms for rent in Lahore' or similar :)

Farmers raise cattle, like parents raise their children

Point of order. Most parents don't slaughter their kids for money though...

I think Dani has hit the nail on the head, and the entire problem can be summed up in one word: laziness. On both sides, student and teacher!

I use DDG for the anonymous searching, but also the fact that it's fast and relevant. Can't help but think Google will try and buy it, or rather employ the developer and close it as part of the employment contract. This has happened in the past with stuff that I have really liked (can't recall the name but there was an app that downloaded your gmail and provided a really good offline search facility some years back, Google offered the dev a job and then the app disappeared soon after).

Nothing. Waiting for a 'fasting blood test' in 2.5 hours time before having a 24 hour blood pressure monitor fitted. Deep joy.

Looking forward to my homemade spicy tomato and lentil soup with a bagel at lunchtime though.

Absolutely what Jorge said. Password reuse and cross-service sharing is one of the most exploited of attack surfaces. There is some merit in the argument that the same can be applied to usernames, in an ideally secure world, but certainly passwords should never be used more than once. A secure password vault application that is properly encrypted and uses a strong/complex enough master pass phrase is your friend here. Not only will it store the unique passwords for you but most will generate unique strong/complex passwords for your services as well. Check out LastPass and 1Password for starters...

The popular MacRumors Forums site has confirmed that it was successfully hacked on Monday this week. The vBulletin powered forums fell victim to what it describes as a similar breach that hit the Ubuntu forums earlier in the year. "Our case is quite similar" says MacRumors founder Arnold Kim who continues "with a moderator account being logged into by the hacker who then was able to escalate their privileges with the goals of stealing user login credentials." Unlike the Ubuntu breach, no site defacement appears to have taken place though.

In the case of MacRumors, that means some 860,000 usernames, emails and hashed passwords were potentially compromised. The official advice is to assume that your login is now known and passwords should be changed immediately. Amichai Shulman, CTO of security outfit Imperva, warns other forums that when "you use third party components you expose your network to the threats faced by all those applications, significantly increasing your attack surface." vBulletin was, of course, found to be vulnerable to an exploit that enables an attack to create a secondary admin account and effectively take control of the target site. DaniWeb used to operate on a heavily customised vBulletin platform but replaced this with a totally in-house developed proprietary platform last year.

Here's that MacRumors Forum confirmation in full:

Yesterday, the MacRumors Forums were targeted and hacked in a similar manner to the Ubuntu forums in July. We sincerely apologize for the intrusion, and are still investigating …

I've PM'd you...

Even us admins have no idea who upvotes/downvotes. It is designed to be an anonymous voting system unless a member wants to add positive/negative reputation in which case a comment has to be left which identifies the member.

Anyway, I agree with Jorge; I'm not really sure what is going on in this thread and can only assume there has been a misunderstanding somewhere along the way. Making a donation is encourgaged as it helps us with the running costs of DaniWeb and, as it says when we offer members the donation option "You will receive better, quicker replies because featured discussions receive 1000% more views on average".

I'm happy that jonsan got his code sorted (nice one Jorge), happy that he donated (thanks jonsan) sorry that LastMitch feels bad (PM me if you have any outstanding concerns) but hopeful this can now be put to bed.

OK, here's a question for you: why are you posting all this here when it has nothing to do with the (already answered) original question?

What he said!

Did the FBI get the wrong man, or at least the wrong Dread Pirate Roberts (DPR), when it shut down the Silk Road darknet marketplace? Claims are being made that this is precisely what happened, and that Ross Ulbricht who was arrested took over as acting DPR from the real Silk Road founder before the FBI made its move. In a statement, reposted to Pastebin today under the title of 'Possible truths behind DPR and Silk Road', someone calling themselves Elthemor Sagewood and claiming to be a well known Silk Road vendor says "In a court hearing today, Ulbricht's lawyer claimed that Ross was, in fact, not the real DPR that the FBI was looking for. This only goes too perfectly with something that was posted on an I2P (Invisible Internet Project) eepsite just after Ulbricht's arrest, and is something I personally have been holding onto, afraid of releasing it into the clearnet for the sake of my strict "what happens in the darknet, stays in the darknet" rule, and how it would affect the case."

Whatever the truth of the matter, Silk Road has emerged in a 2.0 format with a welcome notice entitled 'we rise again' and signed off by Dread Pirate Roberts. Accessed in exactly the same way as the original Silk Road, using a Tor-connected browser and a URL (which goes nowhere unless that Tor connection is used) that is already readily available for those who want to look for …

help me plzzz

With what, in this thread?

Last week, the NoSQL database host MongoHQ suffered a breach which exposed customer files, email addresses and password data to the attackers. The ripples from that breach are still being felt, as users of the Sunrise calendar app on the iPhone found out this morning.

Luckily that password data was not only encrypted, but hashed using bcrypt. As security expert Paul Ducklin from Sophos explains: "bcrypt is a so-called keystretching function that ramps up the time it takes for a supplied password to be checked against its stored hash, by requiring various parts of the hash calculation to be repeated thousands or even tens of thousands of times, rather than just once. That means it takes thousands or tens of thousands of times longer to check each password - not much of an inconvenience when you are validating passwords one-by-one when customers login, but a giant roadblock when you are a crook wanting to try a dictionary attack using millions of likely passwords."

Jason McCay, MongoHQ Founder and CEO, has gone on the record to apologise which is good, but what's better is that he has also explained the processes being put in place to ensure the same thing cannot happen again. "In handling security incidents, MongoHQ's priorities are to halt the attack, eliminate the control failures that allowed the attack to occur, and to report the incident candidly and accurately to our customers" McCay says "As one of the founders of this company and a …

Erk, that sucks. I've had a headache every day for the last month (four weeks today in fact) - sometimes bad enough to require a day off work, mostly spent in bed in a dark room, sometimes just bad enough to interfere with my ability to work well. Often worse at night, can't remember the last night when I slept through. Saw doctor after a week who said 'tension headaches - take codeine' and that was it. Can't take codeine as we don't get along, and paracetamol doesn't touch it. Couple this with high blood pressure (discovered during the pre-assessment clinic for something else - which all went OK yesterday) and I think it's back to see a different doc next week...

What's a Houston man doing in the Phillipines, Dave?

The worrying thing remains, that the secure enclave on the A7 chip may not be as secure as Apple has made out...

Just to clarify, as I have been asked already how deleted data can be a security threat (it can, it's the method of deletion that it is the weakness) I am concerned that in this case the data was lost when the device crashed, yet it is meant to be totally isolated from the system for security reasons - if it is not totally isolated, and this event appears to suggest that might be the case, then it opens the door to the possibility of other access...

If my iPhone 5s fingerprint data is walled off from the rest of A7 chip and the rest of iOS 7 in a 'Secure Enclave' and is never accessed by iOS or other apps, as Apple claims, then how come it all vanished when my iPhone crashed and I had to go through the entire fingerprint scan registration process again? Apple is remaining very quiet about it...

As regular readers will be aware, I was quite impressed with the new iPhone 5s which has set new speed records in the smartphone sector. I was, however, less impressed with how quickly it ate my fingerprint data and cast it aside never to be seen again.

Here's the thing, I cover IT security for a living. I've been writing about it, and consulting with companies regarding it, for the past twenty years. I am also a confirmed gadget nut, so when Apple announced it was going to release an iPhone with integrated fingerprint scanner there was no way one wouldn't be in my greasy palm as soon as possible. Sure, I know that fingerprints as a biometric isn't the authentication panacea that some of the more hype-struck media, along with the Apple marketing department itself, might lead us to believe. Some 'threats' to the integrity of fingerprint access technology are more credible than others, but even the likes of the Chaos Computer Club fingerprint cloning demo are in the realm of James Bond rather …

And the account in question set up for no other reason than to throw a tantrum, considering the contact email for the account starts 'DANIAREYOUDUMBPITYYOU' - sigh...

It has been officially confirmed that the php.net website of the open-source PHP programming language has been hacked and infected with malware. The successful breach of the site came to light yesterday morning when the Google Safe Browsing service started flagging php.net as serving up malicious scripts. This was, at first, denied by php.net which Tweeted claims that it was down to a false negative by Google. However, that position has changed and now it has been officially confirmed that two servers at php.net had been hacked and were, indeed, hosting malicious code in order to install malware on the computers of unsuspecting visitors.

It would appear that the breach occurred on Tuesday, and the infection window was open through until Thursday morning when spotted by Google. The site has now been relocated to a clean set of servers, and there is absolutely no suggestion that any of the PHP code itself has been compromised in any way so developers can breathe a sigh of relied there at least. If you have visited the php.net site during that attack window period though, it might be a good idea to double-check that your systems have not been infected.

It seems that the breach itself was surprisingly straightforward in approach, rather old-school in fact, with the use of an iFrame injection technique pointing to the Magnitude exploit kit and ultimately dropping a Trojan known as Tepfer onto the visiting computer. Up to date AV scanners …

See: http://www.daniweb.com/community-center/threads/465796/mobile-friendly-design

Which? magazine has revealed the new Apple iPhone 5s to be the fastest smartphone of all in the latest round of processor benchmarking tests, despite it having less cores that rival handsets. Not only was the 5s almost twice as fast as the iPhone 5 in testing, but also around 50% faster than the Samsung Galaxy S4. In fact, the iPhone 5s is the fastest smartphone Which? has ever tested.

According to the Geekbench-powered lab tests that Which? applied to a range of flagship smartphones, replicating real-world tasks and producing a weighted score measured against a Mac Mini with an Intel Core i5 processor with a baseline of 2500 points, the iPhone 5s truly is the sprint champion in terms of raw speed with a score of 2561. This despite it having 'only' a dual-core processor, albeit a 64bit one, compared to the quad-cores implemented in some of the competition.

Here's the full results table:

Apple iPhone 5s - 2561
LG G2 - 2355
Samsung Galaxy S4 - 1939
HTC One - 1805
Apple iPhone 5c - 1281
Samsung Galaxy S4 Mini - 1135
HTC One Mini - 880

Of course, although there is a vast variation between the first and last scores in that results table, the truth of the matter is that any of those handsets, no matter whether they are powered by a dual-core chip or a quad-core one, no matter if it's an Android OS or iOS delivering …

From the Daniweb Digest newsletter this month:

We are very pleased to announce the winners of the API competition which was launched earlier in the year to help raise awareness of the new and very robust DaniWeb API available to developers.

Because both Coreyavis and Pritaeas came up with equally amazing finished products, we decided to make them joint winners and split the $300 Amazon Gift Voucher prize between them so they will be getting a $150 voucher each.

Coreyavis developed the excellent DaniWeb Birthdays app, a calendar that displays the birthdays of DaniWeb members! He tells us that future planned features for the app include the ability to add your birthday to the calendar if it's not included, to remove your birthday if you wish to not take part, a full list of members with birthdays on selected day and better search functionality amongst others.

Pritaeas developed a number of API apps including the following: DwArticleWatch which shows the 10 latest articles (which can filtered using a dropdown), DwRssDashboard which provides an overview of the newest five items per (sub)forum and DwWatchedArticles to show your watched articles.

Diafol and riahc3 also both spent a lot of time working with our API, and came up with some great code snippets and frameworks that lay the groundwork for others to build from. So we decided to combine the second ($125) and third ($75) prizes and split this between the two of them to give each of these guys $100 vouchers.

Congratulations …

Oi! :)

I appear to have shaved though...

Oh, and perhaps most importantly in my case, being able to look and dress how I want. This personal freedom is more than just a vanity thing, it's something I care about deeply. I have a tattooed head/neck/hands/fingers for example. I do not own a suit or a collared shirt or a tie let alone wear any of them. What I do is important, and NOT what I look like. Try telling that to most employers. When I first started my business twenty years ago I sported a 36" long red and black dreadlocked mohawk haircut, multiple facial piercings and multiple tattoos even then, oh and was rather 'unconventional' in my fashion choice. I have not changed much, apart from dropping the metal (apart from three ear piercings) adding lots more ink and growing a beard which I now choose to wear in beaded plaits. Do I give a flying **** about what potential clients think? Erm, nope. Sure, I might lose a bit of money, but I gain in the quality of life thing as I don't have the stress of working with shallow bigots.

I fear I may be in an overly ranty mood today. :)

I have had my own business for 20 years now. My earnings have not increased by 10% annually, or even 1% for that matter. Indeed, in real terms, my earnings have dropped by considerably more than 10% over the years. That said, I'm happy running my own business, setting my own working times, determining who I do and do not work with, deciding what I am and am not happy with and, ultimately, it really isn't all about the money as far as I am concerned. Quality of life is much more important, and that is what having my own business gives me.

Apple has, of late at least, oft been accused of following rather than leading when it comes to smartphone innovation. Perhaps the launch of the iPhone 5s with the somewhat controversial fingerprint scanner has changed that, just a little bit. HTC, the powerhouse in the Android smartphone hardware market, has announced the latest addition to the fleet: the HTC One Max. And guess what? Yep, it comes complete with a fingerprint scanner built in.

OK, the similarities to the iPhone 5s pretty much start and end there. Not least you only have to take a look at the One Max to realise where the name comes from, it is pretty damned huge with a 5.9" full HD1080p display. The super-sized smartphone, or 'phablet' as some are already calling it, doesn't come with a 64bit chip like the A7 that features in the iPhone. Not that it's short of power, the Qualcomm Snapdragon 600 processor in the One Max is a 1.7 GHz quad-core powerhouse that's perfectly capable of driving the device. However, it is an off-the-shelf processor and that could be problematical for those worried about the privacy of their scanned fingerprint data. Whereas the Apple chip was designed so as to store the encrypted data within a secure and separate enclave to prevent leakage or theft, the Snapdragon has no such safety zone.

HTC is at pains to point out that the fingerprint data (and one has to assume that this will …

And I really don;t know what you are asking for here. Care to try again?