* Posts by Andy Shaw

16 publicly visible posts • joined 19 Nov 2007

Romanian NASA hacker fights 'inflated' damage assessment

Andy Shaw

@Matt Bryant

"Are you saying that the gormless cretin, that vandalised her car out of petty spite and jealousy, should be let off because her classic car didn't have a modern proximity alarm?"

No, people are saying - to extend your analogy - that he should pay for the repairs, but *not* for installing a modern proximity alarm that wasn't there in the first place.

DDoS attack, sex warrant won't stop Assange's leaky discharge

Andy Shaw
Thumb Up

But what does she mean?


Clearly she's a closet liberal.

Internet Explorer info leak festers for 2 years

Andy Shaw

"By enlarge"

<rant type="pedantic">

I assume you mean "by and large". It's an old nautical term implying that a ship could sail into the wind ("by the wind") as well as when the wind was behind the ship (or "large").

It's a pretty common mistake, so as long as you don't say anything about intensive purposes I'll let you off.


IE 'Twitter rolling' attack trivial to launch

Andy Shaw

Jeff Williams wrong?

Granted I'm currently a dilettante in this field, but if I'm reading the blog entry you linked correctly, Mr. Williams is wrong. No javascript is being injected into Twitter, and whilst a small portion of text that looks like CSS is 'injected' (which is to say posted perfectly normally), escaping everything that looks like it might be CSS is going to be pretty hard and probably have some false positives - if it's not outright impossible. Notwithstanding, of course, that when viewed by itself in a browser it's utterly harmless. The posted text isn't in a "CSS context" as Mr. Williams put it until an attacker uses the twitter page as a stylesheet for his attack page. And the CSS doesn't have any javascript in it then, either.

The issue is that IE - when told that the twitter page in question is a CSS file - tries to parse the page, and despite any number of issues that should prevent it from doing so, sticks pretty much the entire thing into an easily-accessible CSS property. That property can then be parsed by javascript on the attacker's site.That's pretty clearly an IE bug to me.

Perhaps Mr. Williams should have examined the sample exploit more carefully before commenting?

'World's No. 1 hacker' tome rocks security world

Andy Shaw

I thought I recognised the name

...and not for any particularly good reason - Gregory D. Evans currently has pride-of-place at the top of attrition.org's charlatans list (http://attrition.org/errata/charlatan/gregory_evans/) and has been there for a while. The various claims compiled there make for interesting reading - basically, the guy appears to have serious truth issues.

UK jobs site suffers hack attack

Andy Shaw

Uh, what?

"3.5 million CVs exposed"

"no CVs or other personal information was accessed"

...so which is it?

Microsoft offers stickers to boost Windows 7 64-bit take-up

Andy Shaw


Er, not really, not since 2007 - these days it's just a command key. It doesn't have the apple logo on it.

Orange gets UK iPhone deal

Andy Shaw
Thumb Up

@Paw Bokenfohr

Interesting - I now intend to pay my O2 contract off and switch back to Orange as Orange provides significantly better converage in my area - O2 barely manage 2G, and it drops out frequently; Orange have blanketed the area with 3G.

Apple's panties in bunch over Microsoft ads

Andy Shaw

@Mectron, John Molloy, Geoffrey W

Oh for the love of Pete. I was going to stay out of this one, because Mac vs PC discussions always devolve into religeous flame wars, but really.

Geoffrey, you can't attack one side of an argument for making an ad-hom attack in response to an ad-hom attack. And yes, "idiots with a IQ in the lower single digit get a Mac" is an ad-hom attack, and it *is* grammatically incorrect. If (Mectron) you're going to insult me, please try to get it right.

John, he's right. And there's several better ways to point out the holes in Mectron's arguments; such as for example the fact that my Macbook's case is made of solid aluminium, presenting a rather more solid form-factor than the average Dell. Or the fact that a Mac *is* a personal computer, and is such is *part* of the competition.

Yes, I have a Macbook. However I'm typing this on my office desktop PC, which like my home desktop runs Windows. Vista here, W7RC at home. I'm also personally responsible for several Linux (mastly Debian, one Ubuntu) servers, so I feel sufficiently to say the following:

Windows historically presents a pretty bad user interface. This has been improved with W7 and Vista, although Vista screwed the pooch with UAC (which has been toned down in W7). The downside to that is that the old familiarity has gone away. Popular Linux window managers (both Gnome and KDE) make me grimace; other WMs tend to be insufficiently well-featured. OSX provides a wonderful UI - it is widely acknowledged that Apple are the masters at this - and being based on BSD it allows me to Get Shit Done(tm) in the same way that Linux does. However, yes, the hardware is overpriced.

Basically, it boils down to what you can afford. Windows is okay because it's familiar (up until recently, anyway) and is much better from a stibility perspective than it used to be; Linux is stable, powerful and very customiseable if you've got the time and inclination to learn; and OSX is stable at the cost of expensive hardware, powerful and very easy to use.

There. Now can we please learn to live and let live?..

Salesforce turns website host

Andy Shaw


"After that, there's an enterprise edition that provides 500,000 monthly page views for $50 per user and an unlimited edition that provides one million page views at $75 a user."

Presumably that's "unlimited" in the "actually, no, limited" sense then?

Pig plague and Twitter: The terrifying truth

Andy Shaw

Daily Mail journalists

"a barren wasteland inhabited only by cockroaches and Daily Mail journalists"

...I can't help but feel that some part of that sentence is redundant.

Linux to spend eternity in shadow of 'little blue E'

Andy Shaw

Accurate as far as it goes

Of course, with Microsoft pushing heavy changes to both the Windows and Office interfaces, a "Windows skin" on a Linux window manager and a copy of OpenOffice actually provide more familiarity than new versions of Windows do. It's an anecdote I know, but my mother (the only typical user I have to support) is much happier with this setup than she was with Vista and Office 2007.

Google takes aim at drunken messaging

Andy Shaw

Email? Pah

A proper drunkard types his late-night laments on IRC. And nobody understands them.

To wit:

<^RaK^> argh

<^RaK^> athiue giy who lkills em all?

<^RaK^> fgtmop the insiden and wqsway

<^RaK^> tsrust my self with you

<Turkey> WHAT?

Brits happy to hand over password details for £5 gift voucher

Andy Shaw
Thumb Down

Oh, for the love of Pete

Why on Earth are people still doing these studies? What has been proved - conclusively - by several studies before is that people will quite happily tell a researcher a word that may or may not be their actual password in exchange for a reward.

Hell, I'd be more than happy to tell a researcher that my password was "scr3wball" in return for £5 worth of loot. It's not, of course, but how exactly are they going to know that?

USAF Colonel goes on the offensive with botnet destroyer plan

Andy Shaw

@Peter Ford


Exploit broker aims marketing machine at Unix app crack

Andy Shaw

@Paul Brain - I run AV on UNIX

Paul, you've not considered that Clam AV is often used to scan emails that will be read by clients on Windows machines. Clam doesn't just scan for UNIX-targetted viruses, y'know.