* Posts by Doug

105 posts • joined 24 Mar 2007


Malware forces Firefox to save passwords


Before the infection ?

How do you actually get 'infected', is there a working demo online where I can get infected by clicking on a URL ?

> "Before the infection, a default installation of Firefox 3.6.10 would prompt the user after the user clicks the Log In button on a Web page, asking whether he or she wants to save the password," Webroot researcher Andrew Brandt explains. "After the infection, the browser simply saves all login credentials locally, and doesn’t prompt the user."

Over half of all apps have security holes


software applications security

What OS do the vast majority of these bad-apps run on and shouldn't security be built into the Operating System.

Google's Microsoft browser outlives Wave nonsense


re: Rock < User > Hardplace #

> In my personal pantheon of nastiness Google sits even higher the MS. I can't see why anybody would want to install a Google plugin on an MS browser.

Troll the web, and trash anything Google ;)

Ubuntu man responds to GNOME 'coattail' claims


less is more

It isn't a only a choice between KDE and Gnome ..


IE9's Acid, speed and HTML5 trip to land lost surfers


Chrome Psychedelic at 565

I have Chrome Psychedelic running at 565 on Lubunto running off a USB device ..



iPad anti-virus shield guards against phantom threat


infected with malware ?

> Only jailbroken iPhones with default passwords have ever been infected with malware and even then only by a handful of high-profile worms, such as the Rickrolling worm in Australia and the D'oh bank credential stealing worm in the Netherlands, which both spread last November ..

Like, how did the Rickrolling and D'oh worms get onto the machines without using jailbroken iPhones and default passwords, and without any user action ?

Almost 2,500 firms breached in ongoing hack attack


computer botnets

What desktop Operating System is required for this 'botnet' to operate. How is the initial infection achieved on the computers. Is it by clicking on a malicious URL or opening an email attachment.

Doctor Who attempted to overthrow Thatcher

Big Brother

satire not noticed

> Sadly, Cartmel admitted the satire went completely unnoticed. He said: "Critics, media pundits and politicians certainly didn't pick up on what we were doing. If we had generated controversy and become a cause célèbre we would have got a few more viewers but, sadly, nobody really noticed or cared."

That's not strictly true, one of the best things about the series was the intelligent scripts aimed at the more mature audience. 'The Sun Makers' being another good example, where the entire solar system is privatised by the company. If the politicians didn't get it, we most certainly did.

The Collector of taxes being a sentient poisonous fungus type creature from the planet Usurius., Usurious, Usery .. get it .. eh ??



Femtocells wilt under attack


root achieved on cellular devices

"Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope"

Whoever designed these devices should be sent back to computer school. An authentication device that can be bypassed is a contradiction in terms. Or as some pen pusher would put it in a report: an unantipicate security excursion. Did not anyone check these devices for security vulnerabilities. What are they teaching them in college nowadays ?

"Uh you've reached stewie and brian, we're not here right now, uh and if this is mom, uh send money because we're college students and we need money for books...and highlighters...and.... ramen noodles...and condoms, for sexual relations with our classmates"

Firefox-based attack wreaks havoc on IRC users


a working demo

Is there a link to a working demo ?

Demon splurges details of 3,600 customers in billing email

IT Angle

user names and passwords

"A spokeswoman for Demon said the company had changed the passwords which were sent out and was in the process of changing user names too"

What were they doing storing passwords in the clear in the first place. What were they doing emailing this document around the company.

Troll blockers take Microsoft SGI patents


Microsoft patents and the OIN

This ..

"Microsoft has placed a clutch of Silicon Graphics patents in the hands of those trying to defend Linux and open-source against trolls"

Does not equate to this ..

"Microsoft didn't directly approach the OIN - one of the industry's largest buyers of patents - and went through the AST instead"

And there is no evidence that MS intended the patents to end up in the hands of the OIN

Firefox to warn users of insecure Adobe Flash


flaws in the program ?

"Flaws in the program are routinely exploited by criminals to install keyloggers and other malicious software on end-user machines"

Shouldn't that be flaws in the underlying platform allow for the installation of malicious software. That platform invariably being the WinTEL one. The one with the built-in buffer overflow feeture ?

Conficker borks London council

IT Angle

disable USB drive for security

"After all the lost data from government departments WTF was the counsel employee doing with a USB stick in the first place", John G Imrie

Look, the presence or absence of a USB drive does nothing what-so-ever to increase/decrease security. If I can get you to visit a certain web site or open a certain attachment, I can own your computer ...

UK Parliament website hack exposes shoddy passwords


the website reflects poorly on Parliament ?

No, the website reflects poorly on the people who designed and configured the web site. What are their names again?, just so as we can avoid them ...

Microsoft's Word patent case to hit appeal court next month

Gates Horns

the end of the world as we know it

Won't the entire worlds economy grind to a halt if they ban msWord in sixty days?


i4i suing Linux ?

"What next, i4i suing anybody else who dares infringe their loosely-worded "patent"? Guess that'll be bye-bye Apple, Linux and anything else that allows data to be used in multiple applications...", not.known@this.address

According to Groklaw ..

"No need for analysts' opinions and such. OpenOffice.org is clean, according to the i4i folks, and it's their patent. As for ODF, it doesn't use CustomXML, and it had no plans to do so, despite what you've been reading in the fuddy papers"


Old-school virus threatens Delphi files

Gates Horns

W32/Induc-A virus being spread by Microsoft software

| headline corrected |

'When a file infected with W32/Induc-A runs, it looks to see if it can find a Delphi installation on the current machine. If it finds one, it tries to write malicious code to SysConst.pas'

Does the original W32/Induc-A require administrator rights to infect the machine. Is SysConst.pas normally required to be writable by administrator. Notice how they managed to not one mention Windows in the body of that 'report'.

<insert payload>

"W32/Induc-A virus being spread by Delphi software houses"

"If you believe that you may be using software written in Delphi you would be very wise to ensure that your anti-virus software is updated. Actually, regardless of whether you use Delphi-written apps that's a good idea"

</insert payload>

Novell lands full-time staff on openSUSE


OpenSUSE support forum

I used to be an Open SuSE enthusiast but dropped out because of the very low activity on the forum. That, and they barred me for asking questions about the covenant with Microsoft. The one that says you can't even work on OpenSUSE in your own companies time. And you don't own your own code contributions. Now, I'm a Ubuntu enthusiast.

<a href ="http://i25.tinypic.com/2prisyg.jpg">Slashdot Advert</a>

Remote IT support tool hijacks customer webserver


who is to blame

"On Thursday morning, IT consultant Paul Nash received an urgent call from a client whose Apache webserver had crashed the previous night and inexplicably wouldn't restart"

The blame lies wholly with IT consultant Paul Nash, that he configured such a system.

Microsoft opened Linux-driver code after 'violating' GPL


insert GPL fud

"The spirit of the GPL, and its purpose, were pretty straightforward and in my view honourable. But beware - it's more than it looks. Large companies can use it to harrass small ones. Small ones can use it to harrass large ones", David Coveney

The 'spirit' of the GPL is hardly the issue as the terms have been explicidly laid down in the actual text of the license. What large/small companies harrass other small/large companies. Please point out where actual harrass took place rather than the requirement that the terms of the GPL be adhered to. GPL 3 was specifically designed to prevent anyone coming after you for patent royalties ..



New attacks exploit vuln in (fully-patched) Adobe Flash


the root of the problem is the OS

Wouldn't it be simpler to design on OS that is immune to defects in the applications that run on top of it.

Memory-hogging bug offers universal browser crash exploit


don't work on Firefox

Don't work on Firefox 3.5.1

NHS hospitals struggle to hold back the malware tide

Jobs Horns

insert bogus personal anecdote

"Until someone can come up with a way to stop employees from working against their companies, just so they can spend their working days goofing around on Facebook and Twitter"

You're kidding, since when were people allowed to twitter on NHS patent record systems. Any evidence to the contrary?

" I work for a company that works very closely with the NHS .. A patient faking illness just pops it in lets the malware off " SNORT !!!

Google's vanity OS is Microsoft's dream


Chrome OS - a vanity project ?

> The idea of a desktop running a thin OS served by the cloud is fine - until you want to do image processing, or make music or videos .. Linux is a fine OS until you get to the applications - ah, yes... GIMP - and integration with the real-world,doing stuff your Mum needs to do.

Your Mum must be way cleverer than mine if she can do image processing, or make music videos videos. For most people the browser is the PC and a quick perusal of the specs tells us that Chrome OS does a lot more. Given that a number of hardware manufacturers have climbed on board, Chrome OS will make the desktop obsolete.

> Linux is a fine OS until you get to the applications - ah, yes... GIMP

Andrew, what planet have you been living on up to recently. Here are some Linux systems sophisticated enough for even your Mom to find interesting.




Microsoft promises no patent prosecution of open-source .NET


patent promise is *NOT* conveyed

"Microsoft is promising not to pursue patent claims against Linux and open-source software using the open-source implementation of .NET, Project Mono"

Except the do-not-sue promise is *not* passed on to downstream customers using the Open Source project Mono !!

McAfee false-positive glitch fells PCs worldwide


re: How long does it take some people to learn? #

"McAffee has been a terrible product for many years", Henry 9

What doesn't it do different than the others apart from scanning files for known patterns ?


insert free adveret for msOffice .. :)

re: Not their first epic fail, either

"Fortunately, Office had been installed from an Administrative Installation Point, so it repaired itself on-the-fly", mechBgon

SCO's lifesaver 'profited from Iraq war'


the politicians were clearly ill advised

@AC2 'the politicians were clearly ill advised'

No, the politicians concocted a fake dossier and pretended to believe it. As a pretext to invading Iraq. Which they had no choice in doing. At least the ones in this little ole US colony.

Beeb says sorry after iPlayer network fail


changes cause problems

'You make a small innocuous change to a minor component and something you thought was totally unconnected falls over. That's the nature of the game', Richard Porter

No it isn't, it's the nature of a badly designed agile Web 11 thingy .. :)

Microsoft architecture chief: Google Wave 'anti-web'


open source hard to implement fud

"if you have something that by its very nature...is very complex with many roles and the way you configure it...then you need open source to have many instances of it because no one will be able to do an independent implementation of it"

They speak a different language out there in Redmond, microspeak, where 'open source' and publically documented standards mean the exact opposite.

Xandros - the Linux company that isn't


it isn't about the desktop !!!

"Doing that general purpose operating system is a nightmare, and you lose your shirt on it," Smith explains. "At the end of the day, you have to do something that puts rice in the bowl", Jordan Smith Xandros

It isn't about the desktop, it never was, it was always about getting control of the customer experience. The battle for the desktop was fought and won, by Microsoft, a long time ago. MS, always late to the party, recognizes this, which is why it is moving to services based round the xbox and 'the cloud'. They realize that if you don't control the total stack, from the desktop to the server, then you're just the delivery people. Which is why Apple making money out of the iTunes on Windows is total anathema at Redmond. How dare Apple make a buck out of the Microsoft Desktop without paying the MS tax.

Digital Video Recorders, set-top boxes, subscription services and 'other tiny computing devices' will sell, but the real money is in subscription services. As long as the consumers are using your devices, else you're just the delivery people.

Turkish hackers breach US Army servers, says report


sophisticated Defense Department tools

"The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools"

No amount of tacked-on 'security' will secure 'webservers'. What is needed is embedded hardware providing a secure VPN and PKI infrastructure. That way you only have a single set of nodes to watch instead of multiple/differing Windows configurations. That way if a 'webservers' is vulnerable to an 'SQL injection attack', the hackers won't see it. Else you expend energy in futile solution such as above.

Microsoft fortifies Windows 7 kernel with overrun buster


pool overruns ?

I hadn't heard the term before, and I do try and keep up. Are there any actual examples of 'pool overruns', in the public domain, that can be successfully run on OS X and Linux

"Independent Security Evaluators has successfully exploited weaknesses in Windows, OS X and Linux. "I think they're trying to stay ahead of the curve"

“This simple check blocks the most common exploit technique for pool overruns,”


Like, where and how did MS come out with a fix so quickly and why not design a MMU that isn't vulnerable to 'pool overruns' rather than havign to check for them, after the fact.

"It doesn't mean pool overruns are impossible to exploit, but it significantly increases the work for an attacker."

BNP pleads for cash after reported DDoS assault

IT Angle

ex-commies would be pro-BNP

> Griffin writes that the "BNP website [was] taken offline in largest cyber attack in recorded history" .. The email .. claims that the assault originated from "eastern Europe and Russia" and was also directed against Clear Channel, a firm which reportedly provides billboard advertising to the BNP, as well as the party website.

I would have thought that the ex-commies would be pro-BNP as they would tend to undermine the current blair-bushite regime. Besides can we really believe him. A borked upgrade over the weekend being more likely.

I have personal knowledge of two such incidents. One was blamed on some fascist regime far-far-away. The other caused free long distance mobile calls for the entire weekend. They were both down to a flakey system, failed upgrades and incompetent staff.

Mozilla invites all comers on post-tab future


tree style tabs

This is good, now I would like the tab menu to disappear until I move the mouse to the left of the screen ..


"I use tree style tabs, It changes the tab layout to a tree style (hence the name), very good for using loads of tabs on a widescreen monitor"

By Anonymous Coward Posted Saturday 16th May 2009 06:59 GMT


I don't use tabs

I don't use tabs because I like a clean uncluttered interface. Currently I have FF open, at the top I have three 'bars', the title bar, displaying the name of the current web site (TheRegister), second bar contains the menus, File, Edit etc, the third contains the URL address bar and the back/forward buttons. At the bottom is a status line that says 'Done' and has the noscript menu tab. When I search, the 'Find' bar pops up above the status line.

All in all a bit of a waste of space. How about a single bar at the top containing the menu/address bar and a single status line at the bottom that duplicates as a search bar.

If you select 'new window' (ctrl N) any URLs clicked on become part of a group as if you selected new tab. A single item in the menu bar allows you to jump between tabbed groups. So you ctrl N, open a number of URLS, ctrl N again, click on a number of URLs and you now have to groups of tabbed files. A popdown menu on the top right allows you to jump between groups. The status line at the bottom indicated the number of groups, instead of cluttering up the screen with multiple tabs.

Unsafe at any speed: Memcpy() banished in Redmond


The Safe C Library

"The Safe C Library provides bound checking memory and string functions per ISO/IEC TR24731. These functions are alternative functions to the existing Standard C Library"

See safe_lib.h .. of Dr. Dobbs Feb 2009


This reminds me of when Microsoft patented SUDO ..


Call for heads to roll over failed spook IT system


scrapped last year for undisclosed reasons"

"SCOPE .. was scrapped last year for undisclosed reasons"

Conflicker Worm Invades Hospital Instruments


"Various Royal Navy warships and Royal Navy submarines, and hospitals across the city of Sheffield turned to be down under Conflicker’s attack"


"ATM virus that steals money from banks"


Moblin 2.0 Linux goes alpha (again)


Novell contributing code from openSUSE

Which begs the question as to why they didn't create their own Moblin type project and launched that on the low-powered mobile market, instead of advertising their competitors products on their own web site !

US air traffic faces 'serious harm' from cyber attackers

IT Angle

the solution is obvious

Create a network of VPN nodes with multiple redundan routes, that utilize end-to-end encryption and authentication and connect your 'computers' to that. Now don't tell how/why it can't be done, tell me how it can be !

"when hackers took control of Federal Aviation Administration computers in Alaska. By exploiting the administration's interconnected networks"

"Two separate attacks in 2006 hit the FAA's remote maintenance monitoring system and its air traffic control systems. The latter forced the FAA to shut down a portion of ATC systems in Alaska"

"The report went on to fault the FAA for employing woefully inadequate IDS, or intrusion detection systems. .. none of the IDS sensors monitor mission critical ATC operation systems"

IBM Warwick data centre has a lie down

IT Angle

One would be wrong

"One would think that a setup like this would run up its generators every few days to check all was well with the engine, alternator and transformers etc. and note if the damn thing works properly", rhydian

One would be more accurate to speculate that the maintenece was outsourced to a company that hired another company that outsourced to another company that hired on cheap east european contract labor. At least that's the way they do it round here.

Ballmer disses Oracle's decision to buy Sun


why a software company would buy a hardware company

"I have no idea why a software company would buy a hardware company. We don't want to buy any hardware companies,"

Because they get to control the total stack. A good move for the new Sun division would be to partner with media and telecoms companies and sell a total solution for the next wave of online rich content. Sell the server hardware and software to the content providers and sell a high end multimedia computer to the consumer for the living room. They would make their money back on subscriptions.

Mac and Linux Bastilles assaulted by new attacks


restricting access to /dev/mem

"A set of recently discovered security holes in Mac and Linux platforms reminds those over-confident in their superior protection that no one is immune to vulnerabilities"

The flaw does seem to be have already addressed (at least since 1999) and relies giving USER write access to /dev/mem. And is specifically referred to in comments in the paper.

"only root has acces to /dev/mem ?", Sep 1999


"If this option is disabled you allow userspace (root) access to all of memory, including kernel and userspace memory"


"I'm having difficulty dumping the memory from a Ubuntu 6.10 PC. When I try and run it (yes both using sudo and as root) I get: dd: reading '/dev/mem': Operation not permitted"


Businesses will postpone Windows 7 rollouts


Ash: what did you see ?

"Unsurprisingly, we are one of the 83% that will be going straight to Windows 7", Ash Chapman

"A poll of 1,100 Windows customers has found 84 per cent won't be adopting the successor to Windows Vista during the next twelve months"

Ash: what did you see. I read it as saying 84% won't be going straight to Windows 7 ..

IBM-led Open Cloud Manifesto: Who's in, who's out?


lack of openness ..

'Steven Martin leaked details about the project last week, and complained about being “disappointed by the lack of openness in the development of the Cloud Manifesto”'

If the doc wasn't open, then how did Steven Martin get hold of a copy. And the writers do say this:

"is meant to start a conversation around standards and help clients ask the right questions about cloud interoperability. This document is not a contract with vendors or a position on what standards should be'

Now that the document is out; ather than attack the manner of it's aetology, what exactly does Steven Martin have to say about the contents. .

The Open Cloud Manifesto in full


why Microsoft objects ..

The reason why Microsoft objects is that they invented 'cloud computing' :)

Pink Floyd's Gilmour backs McKinnon protest gig


US military hacker

'self-confessed UFO evidence hunter turned US military hacker son over to the US'

For the umpteemed time, he logged in to Windows NT computers that all used the same passwordless admin account and installed a remote desktop application and sent msgs to the supervisors screen via wordpad ..




Did TomTom test Microsoft's Linux patent lock-down?


Not Microsoft's problem?

"I for one can't see why they should be obliged to ignore IP violation (if that is genuinely what has occurred here) simply because the other party *chose* to use Linux", anonymous coward

Tom Tom uses third party and GPL software in its products. Neither of which are owned by Microsoft. Therefore it owes nothing, nada, zilch to Redmond ..


re: Bias

Hey, I hate M$ as much as the next guy but come on.", Anonymous Coward

I don't understand how someone can hate a company. It's just a device for converting base matter into shiny objects .. :)

"Tom Tom is using an M$ patent that they have not licensed. What does this have to do with open source or linux?", Anonymous Coward

Tom Tom isn't using a M$ patent, Tom Tom is using third party and GPL software. The real question is what does an old long-file-names-for-fat patent got to do with Open Source. And since neither Tom Tom, the third party company or the Linux kernel team would have ever read this M$ patent, what has Microsoft got to do with Open Source.

"And since when was Tom Tom distributing linux anyway? If they didn't want to use a proprietary filesystem, they should have used a non-proprietary filesystem", Anonymous Coward

They used a mixed Linux kernel third party solution. Redmond is appariently upset that peopel are selling GPS devices without paying them for the 'innovation'.



Biting the hand that feeds IT © 1998–2020