Posts by happygeek

Comment from Lamar Bailey, Director of Security Research and Development at nCircle on the latest patch/fix:

Oracle has taken a beating this year on Java. It is good to see they are fixing critical vulnerabilities in a code base they want to quit updating but it is past time for them to get serious and do a deep dive on Java to fix the security issues. I hope Oracle will assign a team of their best security engineers to Java to squash any of the remaining security issues. Until then many users will be updating Java as often as they update AV signatures.

<diafol> I hate saying it but, as much as like the spirit often shown by both the Scots and the Italians, the technical side of the game just isn't up to scratch and shows no real evidence of getting up to scracth either. Something needs to change before either side could be truly said to be ready not only to play with the big boys but to beat them game after game.

<MICHAEL> it means that someone has been a 'member of the month' in the DaniWeb Digest, and so gets a 'Freatured Poster' badge.

well they may have done three years ago, yes. Not so relevant now though...

You need to take your medication mate.

Scotland have no chance, absolutelty none, zilch and zip, of winning the 6N. Now, or in the foreseeable future...

When Oracle fixes it, really fixes it rather than keep using sticking plasters to try and stem an arterial bleed, then I will be the first to write a news story saying so. That said Peter, don't hold your breath :)

...and worth reporting, no doubt about that! :)

The world may not be all negative Peter, but security problems usually are. Would you rather people were not warned, in a timely fashion, of real world threats out there that could impact upon their data? Some things just cannot be sugar coated...

FireEye security researchers are warning that they have detected a new zero-day vulnerability that is being used successfully in the wild against browser clients with both Java 6u41 and Java 7u15 installed.

Given that the Java 7 update was only released a couple of weeks ago, this is yet more bad news for Oracle and for users of the Java browser plug-in. bad news, but not exactly surprising as security researchers have been finding flaws in the update since it was made available. The difference here is that this isn't just a lab-based, theoretical, vulnerability: this is, it would appear, a fully-blown in the wild exploit.

FireEye researchers state that:

...this vulnerability leads to arbitrary memory read and write in JVM process. After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero.

At the moment the exploit doesn't appear to be all that reliable, which is something, as the amount of memory being overwritten fails to execute and causes a JVM crash. Hopefully a more reliable update will be made available by Oracle soon, in time to prevent the bad guys from tweaking this exploit and making it work reliably. FireEye is working with Oracle to this end, but in the meantime advises users to disable Java in the browser until such a time that a patch becomes available.

Similar advice is being …

There is no such thing as a 'good' injury in any sport, and therefore there can be no 'best' injury.

And, yes, it was a very stupid question...

The endorsement system works best if you only endorse people in those forums where they have demonstrated skills worthy of being endorsed. In my opinion. If it just becomes a 'personality meter' then it is devalued.

I did, and the games are not every two weeks:

Round 1 - 2nd/3rd Feb
Round 2 - 9th/10th Feb
Round 3 - 23rd/24th Feb
Round 4 - 9th/10th March
Round 5 - 16th March

Apple, Facebook and Twitter have all been the target of hackers recently, and now Evernote has admitted to a potential breach that has forced it to reset the passwords of approximately 50 million registered users. Evernote, a kind of web scrapbook that enables you to take notes, save web pages and web page content, sync files across devices and share ideas with friends and colleagues, did the right thing in notifying users and resetting passwords. However, it did the right thing in the wrong way; and here's why.

I received an email last night informing me that:

Evernote's Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.

This immediately sought to put my, and the 49,999,999 other people who were reading the communication, mind at rest by assuring me that Evernote was taking this seriously enough to implement an across the board password reset. This despite there being no evidence, as yet, that any of my Evernote content had been accessed, changed or stolen. Evernote also told me that no payment information for 'premium' or 'business' customers had been accessed. So far so good you may be thinking.

The bad news is that the breach investigation does reveal that the hackers were able to gain access to usernames and the emails associated with them (sound familiar yet folks?) and, yes, those …

So you link to a site which has a GREAT BIG BUTTON saying 'find out more' which when clicked tells you all you need to know about the dedciated server options on offer, yet you say you want to know more about dedicated servers? Odd. Anyway, I've deleted the link as it appears just a little bit spammy from where I am sitting. Assuming you really want to know what a dedciated server is then how about the most basic of descriptions which pretty much sums it up: a dedciated server is one that you lease/hire in entirety and is not shraed with anyone else.

Automagically has been around for ages, I use it all the time myself and would be amazed if it was a typo.

No...

Have you contacted Dell tech support?

My verdict on the weekend, which was a stonker for rugby as the Tigers/Saracens match on Saturday night was a belter as well (given that Tigers were missing the entire first team due to 6N duty and injuries - to lose 27/32 against a very strong Saracens side was a decent result, although surrendering the 17/6 first half lead was a bitch).

Italy v Wales

Very boring game, the scoreline sounds like it was decent but it was poor. Halfpenny was the only standout player on either side. Italy looked like, well, Italy (from a few years back) with error after error anf an inability to do anything well but kick the ball badly.

England v France

Actually, a very good game. The French showed that, when given a team with decent players all in the right positions, they are still a threat to anyone. The French management showed that, almost as to be expected, they don't have a bloody clue. Making pre-ordained changes, against the run of play or without taking into account how well things were going, well, just crazy. England struggled to hold the French back for the entire first half, although the defence wasn't bad. Second half, different story, different game. Interestingly, the England bench proved that the entire squad is really strong. Man of the match should have been Manu, what a strong and disruptive back that man is. The Manu try should never have been, of course, thanks to the accidental offisde kick that …

Jahid.

1. You are in the community-introductions forum, a place where every new member can post an introduction and, indeed, is encouraged so to do when they join DaniWeb.

2. Being a member of the community does not include posting spam advertising some jobs board across the forums. Read the rules or your account will be banned. Just saying...

According to the network security team at Oxford University Computing Services (OxCERT) with the title of 'Google Blocks' the world famous seat of learning has decided to put a block, albeit a temporary one, on the use of Google Docs. Robin Stevens from the network security team at Oxford says that the "extreme action" was felt necessary in order to protect "the majority of University users".

While admitting that Google Docs is a "perfectly legitimate site" and one which is "widely used by staff and students as part of their work and personal lives" Stevens explains that it is "also frequently used for illegal activities... which threaten the security of the University’s systems and data". Of course, the same could be said of the Internet itself, or the students themselves, and neither of these have been banned.

It would appear that the IT Security folk at Oxford University are particularly concerned about phishing, and specifically phishing which is targeted at harvesting University email account credentials. If successful, and one has to assume they have been seeing as it has been felt necessary to take such drastic action, the phishers are then using these compromised accounts in order to distribute spam. The method of choice for the phishermen is linking to web forms hosted on Google Docs.

"Google Docs has many advantages. One significant one is that millions of people use it for perfectly law-abiding purposes. Another is that traffic is encrypted" Stevens says, …

OK, closing this thread now...

By revealing the base that you construct your password from, you have just weakened it considerably despite the use of mixed case, numericals and special characters (assuming that someone really wanted to crack your password, and that information regarding your past relationships can be found online).

Using the same thing for everything, no matter how strong it is thought to be, is never a good idea. If any one of the sites that the password is used for gets breached and that password exposed then it leaves everything else exposed as well.

Australia have looked very weak of late, and England totally dismantled the All Blacks in that last international.

As for South Africa, well the Boks are a pale shadow of their former selves as well: some of the more interesting scorelines from the past six months or so include
Argentina 16 - South Africa 16
New Zealand 21 - South Africa 11
South Africa 16 - New Zealand 32

Sure they won the internationals over here, but a big win against Scotland isn't a hard task, and that 16-12 against Ireland was hardly convincing not to mention the 16-15 win over England which was a scrape at best.

Yep, you do if you want to protect yourself against the potential for all sorts of fraudulent activity...

...says the chap with the sig full of links to ticket sales.

You are wrong, they kind of posts referenced in my article are not just advertising, many are malicious in that they end up redirecting the victim to a site which distributes malware and can often install it via a drive by exploit kit.

Internet security software that flags malicious URLs, along with decent AV protection, helps to mitigate the risk of these kind of threats. But other than the usual 'be wary' advice to end users (don't take everything at face value, don't asutomatically invest trust in your network of friends, don't click on crap, don't be a mug etc etc) there's not much that can be done, no.

The latest VIPRE Report from GFI Labs suggests that 2013 started off as a bad year for social network-based cybercrime attacks. The report, which analysed the ten most prevalent threats detected during the month of January, identified phishing messages on both Twitter and Facebook as well as malicious spam messages disguised as event invites on LinkedIn.

The report identified a substantial upturn in social networking-related phishing, with Twitter, Facebook and LinkedIn all being targeted with a variety of new creative attacks, a situation not helped by the announcement from Twitter that it had been hacked, resulting in over 250,000 user accounts and passwords being compromised.

LinkedIn, the site that mixes social and business networking to good professional effect, saw business owners in particular being targeted by spammers. The spam emails came in the form of notifications that a supposed employee had sent them an event invitation. Not unusual within the LinkedIn networking sphere, but these were malicious in that they redirected to sites distributing malware to exploit unpatched system vulnerabilities.

As far as Twitter users were concerned, GFI Labs uncovered a direct message phishing campaign targeting them. These claimed the user was, somewhat ironically, being targeted by a Twitter user spreading false accusations on 'nasty blogs' and, of course, containing links to those postings. The links sent the victim to a cloned Twitter login screen where account information entered was harvested. The site first sent them to a 404 error message, and then redirected them to the real …

I agree 101% with deceptikon on this one, not least as I think the answers given were helpful, polite and addressed the issue he had (the flipped screen).

There are two DaniWeb rules which might apply to any discussion involving pirated software, namely:

Do not ask about obtaining pirated software, nor link to it
Do not ask for help to pursue any illegal activity including, but not limited to, hacking and spamming

This particular post breached neither, which is why it remains intact. However, that does not mean that the community at large should not point out that using a pirated OS is Not A Good Thing.

Usually it will be a matter of needing to verify who you are before being able to access the account again. Jumping through identity hoops, basically. No biggie, even if you've forgotten certain information, as Facebook support will help getb you back up and running again more often than not.

Try: https://www.facebook.com/help/132243923516844/

There are far too many BBC channels these days. Off the top of my head we have: BBC 1, BBC 2, BBC 3, BBC News 24, CBBC (Children's BBC) and CBeebies (Very Small Children's BBC).

i don't even know what the England team is called

I hope you are sitting down <MICHAEL> as this may come as something of an eye-opener.

The England team is called.....

..... erm, England :)

The English Premiership is on ESPN/ESPN HD here in the UK - at least for the rest of this season. The matches are shared with Sky Sports - at least for the rest of this season. Next season the rights to broadcast the Premisership have been won by BT and it's all up in the air as to what deals will be done with Virgin/Sky etc regarding who covers what. Sigh.

As for the Six Nations, that is broadcast by the BBC.

@happygeek, so Scotland is going to win? I don't watch rugby to begin with...

We can tell that...

And, no, Scotland will not win the 6N. However, at least they will not get the wooden spoon this year...

You are giving England too much of a credit.

Nope, statement of fact: England are the only unbeaten team left in the 6N, therefore they are the only side that can pull off the Grand Slam.

The 'World's Greatest Anti-Malware Software' is the spurious claim being made by Malwarebiter, which just so happens to sound an awful lot like Malwarebytes which could perhaps justifiably lay claim to that accolade. Take a look at this forum and you will see that Malwarebytes is a very valuable tool for discovering just what nasties are present on your computer, and for getting rid of them. Malwarebiter, on the other hand, is most certainly nothing of the kind.

Malwarebiter, if you hadn't guessed by now, is a prime example of the Rogue Anti-Virus genre, identifying perfectly legitimate files as malware and ignoring those malware files that do exist. Indeed, the Malwarebiter website (which DaniWeb advises you not to visit, for obvious reasons) will distribute a Zeus-family Trojan by way of a drive-by exploit that is delivered in either Java or PDF format. According to Malwarebytes researchers who looked around the site from within a sandboxed labs-based environment "traffic analysis from our visit revealed “roe.js”, a file containing javascript. Upon further inspection the file revealed an embedded iFrame object that links to a rogue IP hosting the Blackhole Exploit Kit, a somewhat funny outcome to visiting a supposed anti-malware site".

Malwarebiter is still showing up in Google searches, although Google does helpfully suggest you might be searching for Malwarebytes instead, but the Facebook page which had more than 25,000 'likes' has been closed down.

Security vendor Malwarebytes has reported that a new variation of an old password stealing Trojan is out in the wild, but all is not as it may seem. Notably, this particular Trojan is signed with an apparently 'genuine' digital certificate that authenticates the file. Which rather prompts the question: "say what?" Or to put it another way, if the billion-dollar digital certificate and encryption market can't actually guarantee squat, then what's the point of it?

The Trojan, it appears, evades many security barriers by a system of spoofing that involves the criminal enterprise behind the scheme setting up a bogus company which in turn has obtained genuine , legitimate and otherwise perfectly valid digital certificates of trust from Digicert. "This allows the cybercriminals to slide an infected PDF file into a large number of organisations, since the certificate is the equivalent of the baggage checked tag on luggage as it is carried by an airline to its destination" warns Calum MacLeod, a director at security vendor Venafi, who continues "in this case, everyone in the electronic chain takes the certificate - as they should – at its face value and the legitimate certificate authenticates the Trojan". MacLeod blames the trust management rather than the certificate authority schema in this case, explaining that "it is management and control flaws like this that undermine confidence in the structural status quo of Internet security – and this is not good for anyone, or any user, of the World Wide Web, email and other …

If you buy stuff online then the choice of shipping handler is limited to whatever the seller is offering .

If you are sell stuff online, then your question becomes a valid one rather than just looking, and smelling, a lot like spam...

(EDIT) Especially now that a link to the very same company you say has been recommended to you is your signature

PS, <MICHAEL>:

hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha

Italy or Scotland?

hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahaha!

Thanks <MICHAEL> for cheering me up this snowy morning here in West Yorkshire.

OK, my predictions:

England for the Grand Slam. Yes, sorry @diafol, that does mean I think we will beat Wales on Welsh turf.

2 = Wales
3 = Ireland
4 = Scotland
5 = Italy
6 = France

And, another yes, I really did say that France will get the wooden spoon. On the basis that they deserve it more than any other team the way they have been playing so far...

cereal:

Italy only looked a shadow compared to the France game the weekend before. To be brutally honest, the number 10 was back to normal Italian 10 form against Scotland as in couldn't kick for toffee.

Don't get me wrong, I'm not anti-Azzurri (they have the legendary Castro after all - I'm a long-time Tigers fan) but the team still has a lot of problemns when it comes to playing mature and consistent rugby.

LastMitch:

Scotland? Are You Serious? I'm guessing you don't actually follow the sport of Rugby Union much :)

If Scotland win I will eat your hat, and coat for that matter.

Well, have to say that was a much better performance from Wales to not only break the long run of losing internationals but to do so in Paris. The French looked like a shadow of their former selves, never really getting into the game at all.

Now, fingers crossed that England can continue with the good form and the record breaking stuff to beat Irelaand in Dublin for the first time in, what, ten years?

Please note, I am not holding my breath...

The real problem (well, one of the real problems) with the remake was that Rooney Mara was a very pale shadow of the Lisbeth Salander that Noomi Rapace brought to life in the original. It was nothing short of a travesty that Hollyhwood felt it needed to recast that part...

I just love World Cinema - especially subtitiled films - I'm a bit odd that way. Far better than dubbing - I can't get passed the awful lip-synching and the awful attempt at native accents

I used to be the same. Then my eyesight deteriorated to the point where it takes me too long to read the subtitles, so long that they are gone before I get past the first couple of words. I'm no fan of dubbed movies, and sadly it means that I no longer tend to watch world cinema stuff.

An interesting couple of Russian films that I did catch up on recently, courtesy of my wife, were Day Watch and Night Watch (they tell a story from two opposing sides in an angoing war between, for want of a better word, vampiric cultures) and they were dubbed. Not too badly to stop my enjoying them, but badly enough to make me think I probably won't bother with dubbed stuff again unless there's a really compelling reason. The original Girl With The Dragon Tattoo trio of films were actually not too badly dubbed, it has to be said, having watched them again recently - but still far better with the subtitles on. And, importantly, a zillio-percent better than the pile of poop that Hollywood came up with for the remake.

Even watching the rugby is becoming something of a bind: I have the TV only a couple of feet away so that I stand a …

Was it made in Wales? (runs and hides...)

According to new research from Kaspersky Lab, in the form of a report called Evaluating the threat level of software vulnerabilities, 72% of Java users haven't switched to the latest, safest, version despite highly publicised vulnerabilities and resulting security exploits.

And it's not just Java, the report also shows that users of older versions of Adobe Flash Player and Adobe Reader are also failing to upgrade to safer versions, leaving their systems and their data at potential risk of breach.

Researchers looked at the most dangerous vulnerabilities (those known to be actively exploited by cybercriminals) found in assorted programs during the last year, and analysed the enthusiasm with which users were upgrading to the safer updated editions once they were made available. The unsettling result was the discovery that for a large number of people the older, unsafe and often obsolete, versions of popular software applications remain installed on "a significant number of PCs" for "months and even years".

Here are the key points of the Kaspersky Lab paper:

Data analysis from more than 11 million users was used to reveal more than 132 million vulnerabilities, with an alarming average of 12 vulnerabilities per user.

In total more than 800 specific and different vulnerabilities were discovered, and of these a miniscule 37 were found to be present on at least 10% of computers for one week or more during 2012. Yet these same vulnerabilities incredibly accounted for a massive 70% of all the …

You could use 'damn kick-shit computer' instead :) Or how about going all British with kick-arse?

thread closed (again - it reopened after site redesign due to a bug) as once again acting as a spam magnet.