* Posts by Chris Savage

6 publicly visible posts • joined 23 Jun 2008

Laptop facial recognition defeated by Photoshop

Chris Savage
Happy

Re: Less Secure Than Text Passwords?

> So these guys suggest not using facial recognition because it's not entirely secure? I wonder how this facial recognition compares with the "standard" logins like text passwords.

I'd imagine it doesn't compare here in CCTV land, since your not flashing your text password at the government on every street corner.

What did you do on Emergency Services day?

Chris Savage

@Paul & Why 112?

>Or use the UK's 999, which I understand was the first such number.

999 isn't compatible with mobile phones. I read this ages ago, so forgive me if I'm mistaken, but the whole reason for bringing out 112 is because all mobile phones (I believe by law) must be able to call the emergency services while the keypad is locked, if there's an emergency and someone throws you their crazy phone with full on QWERTY keyboard flapping in your face, whats one to do? Find the user's manual?

Unfortunately, 999 is easily pressed in your pocket, being the same digit, on the edge of the keypad, if your constantly carrying stuff, it's easy to dial 999. 112 is less likely to result in accidental trouser rubbing emergency calls.

Although I'm quite shocked this in the news now, my old Windows Mobile 2003 phone has 112 support, and my newer iPaq 514 only allows 911 and 112 while the keypad is locked, not 999, so you'd get a shock if I threw you my phone in an emergency, not that it's particularly hard to unlock the keypad on it.

Scareware mongers hitch free ride on Microsoft.com and others

Chris Savage
Go

Re: Franklin

It's always the big corporations that screw up the simplest of things.

@Franklin: Donn is right, the referer cannot be trusted, either because some users have it permanently blocked/changed, and also that it can be easily forged.

The way I do "open" redirects, is to pass the destination, as well as the calling page to the direct script. Because the whole site is DB driven, the redirector simply opens the calling page from the DB, and checks the destination exists within the calling page. If it doesn't, get stuffed.

In the calling page, write the redirect URL like: "/redirect.php?from={CURRENT_URL}&to=www.somesite.com" then use PHP to replace all instances of {CURRENT_URL} with the current URL on page generation.

A self-maintaining white-list -- it's the way to go :-)

See here:

http://www.savagereactor.co.uk/posts/2008/12/14_safely_redirecting_with_a_url_parameter.html

Anatomy of a malware scam

Chris Savage
Thumb Up

Title

I found this particularly interesting, having removed XP Antivirus from my sister's computer a month or two ago.

I hadn't seen the process by which it infected, and it did have me a little confused, since I'd never touched her computer before, and she claimed she'd been infected by a virus.

She said she had AntiVirus software, but didn't know what it was called, after playing around a bit, I realised it was a fake anti-virus app and was sufficiently impressed, further interrogations of her boyfriend indicated he had removed Norton AntiVirus a week prior to the infection.

Unfortunately I didn't get to see the infection process, or how detailed it actually is, and am now wondering whether the fake "Security Center" is still on her PC.

She now has AVG Free on there, a full system scan reported no threats, so hopefully she is clean.

A very interesting and detailed article indeed.

Thanks for the effort to bring this to light.

AVG chokes fake traffic spew

Chris Savage
Go

Local Proxy

Can they not just set AVG as a local proxy service that IE/Firefox/Opera etc uses?

That way the page is only downloaded once, at the users request, but still scanned for malware etc before being given to the user/browser.

Virgin Media rubbishes P2P throttling rumours

Chris Savage

Play them at their own game

Maybe it's time the country, as a whole, together make a change to OUR end of the agreement.

I will pay up to £(enter price of broadband package here), the actual % of this I will pay will directly represent the % of the speed of the package I receive.

If I'm paying £20pm for 8Mb/s, and I only get an avg of 6Mb/s, then I shall only pay £15pm for my connection for that month.

An individual attempting this would fall flat on his face, and be disconnected, a large % of the ISPs customers doing this, at the same time, would give them something to think seriously about.