"new biz models to deal more effectively with the demand for data services and phone apps"
I think he meant find slimier ways of overcharging the customers. Remember text messaging was free until they realised people would pay for it...
52 publicly visible posts • joined 18 Apr 2007
I used to do that with Yahoo! email accounts in the mid 90's (distributed brute forcing) but it has huge drawbacks - especially seeing as they were smart and added multiple layers of security such as number of attempts per username coupled with number of attempts per I.P. That way even if you distribute an attack on one particular username it locks that account for an hour which hinders the attack tremendously. Sometimes the simplest of solutions is the better for all.
Why don't they limit the amount of attempts per IP address like every other login page? It seems absurd that brute force attacks are still possible, what, 15 years after they first surfaced??
abigsmurf: Brute forcing tools can attampt anywhere between 50 and 1000 passwords per second depending on the speed of the site. It's called Socket Threading :)
You know when you open 20 tabs in Firefox, well imagine they were all to the same page and you've got your brute forcer.
This isn't true, RapidShare et al are not searchable repositories and the links for each file, which is generaly split into many rar files, must be posted somewhere for Joe Public to get his hands on. This, in the case of 99.99% of these links, is done by posting them to warez forums...
Sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad, sad.
I've been around a while now and this is the sadest thing I've ever seen. I don't believe for one second that someone is going to pay a fine for 'impersonating' a 'monikor' on twitter. What is the world coming to.
You get 3 texts per month and then the person with the most points each month wins a prize, won't the total always be 3?? Or are the crimes rated on depravity/savageness? 1 point for a doggy poop, 2 points for a mugging, 3 points for a stabbing and the jackpot of 4 points for a murder? Either way the prize system can't be realistic if you've got a total of 3 texts per month unless....
a) Each valid text which was a crime is then added back as another text
b) I missed something?
These, and many, MANY more vulnerabilities very similar to it have always existed on Yahoo!
When I started programming 12 years ago it was simply as a means to utilise these ‘backdoors’. Yahoo have hundreds, even thousands of alternative login methods and front-ends that all a guy has to do to attempt a brute force attack is play around with their sub domains until you find one that doesn’t either a) produce a captcha after one wrong attempt, b) doesn’t lock the account for an hour after 5 attempts and also, and almost more importantly c) doesn’t ban your IP for an hour after 10 attempts (which the regular login page does).
Their Messenger program also has many different servers with which you can login, and finding one of those that doesn’t stop working after 5 attempts is as trivial as finding a whore in a whorehouse.
12 years and they still haven’t changed the basic foundation of their credential access and still leave it up to each front end developer to add their own security measures.
If you ask me I'd imagine all of your Blogger FTP problems are probably coming from that. I've used Yahoo! hosting in the past and found it one of the most unreliable services I've yet to encounter on the interwebs. Use a company whose sole business is hosting and hosting you shall receive. Pay a company who really don't know what they're doing or where they are at the moment and bullsh!t is what you get.
I watched a documentary on Discovery about 8 years ago which was all about how in Europe we use this 'Real Time Transmission' kit, the same as the US Airforce use, but in the US they refuse to upgrade the commercial airlines due to cost. How come it's taken 8 years for somebody to see that black boxes are stupid??
Thanks again for the Monday morning chuckle again Ted - brilliant.
To all the _outraged_ commentards above, you really need to lighten up a bit. The funniest comments are the ones talking about the o and the other obvious misrepresentations in the piece, I'm laughing harder at them than I did while reading the article! The guy sweats satire for gods sake, he's a developer taking cheap shots at other developers and he does it in an easy-to-read-on-a-monday-morning kinda way.
As for this piece of dirt they're calling a revolution - have any of you knumbnutz actually considered leaving this stuff running on your parents/grandparents/daughters/sons machines constantly? IIS comes with Windows yet none of you are using it, the question begs why not if this Opera bullcrap is getting you so aroused? You turn off the computer for a week while you go on vacation and all of a sudden you're New Zealand relatives can't see your cute puppy doing summersaults.
Then there's the biggest reason your mom shouldn't be sharing files: http://www.theregister.co.uk/2009/06/19/copyright_victory_rich/
Sarah, are you suggested taking LSD and smokine weed are going to reduce the amount of cancer? They both produce very high melatonin levels...
I've an idea - let's leave on the lights at night and make night workers smoke reefers to combat their breast cancer!
I'm with Leigh Smith actually - people throw the words 'cancer' and 'global warming' into anything they want to draw attention to these days - then the following day all the tabloids make their own version of the story with headlines such as "Street lamps cause breast cancer."
Keep it up Ted, your articles make my Monday mornings that little lighter than usual (",)
As for the idiots above, would you like some cheese with that whine?
And, Anon Coward, upgrading to IE 8?? Shhhhh! I did that a long time ago and had to wind back all of my windows machines to 7 because they crash and burn on simple things like Google Maps and js automation. When they bring out a real upgrade that doesn't cost half a gig in memory then it'll be worth upgrading to.
Here in the Emerald Isle it's 20 flippin yoyo's a bottle! Although I did get some a week ago - I was wondering aimlessly around the chemists waiting for a prescription and found myself staring at the big white box and had a read and couldn't resist.
The biggest shocker is when you open the big white box and find the tiny little bottle inside >.< And like all their other products, all the thing does is tingle warm and cool at the same time o.O
I think the fact it was such a big FAIL might have something to do with the choice of games. Their target audience, the real hard core gamers, don't play Fifa, Dead or Alive, or Project Gotham. Those games are PR games and nothing more, they look fantastic but play like an eighty year old granny.
FAIL FAIL FAIL.
...this bug is one of the less severe variety.
If you're idiotic enough to put your credentials into a page that has a "Below is the image in its original context on the page" banner at the top then you deserve to be scammed full stop. I really really wish El Reg would stop jumping onto the 'bug bandwagon' that's been going around lately and stop advertising these idiot "security researchers". They're bums!
Has been happening since records began, but there wasn't any 'vegan, former bus-dwelling New Age traveller, peace campaigner, hippies' around to blog about it back in the day.
Wake up, wait for a week and try again instead of complaining like a twat. Or try living in Ireland for a year and then complain about unseasonable rain.
Am I the only person who can't see anyone wearing any protective clothing??
I see one guy with a jacket over his head alright but I can't say I would class that as protective hahahaha.
Paris; cause even she wouldn't go out in that with only a jacket over her head for protection!
I got an email about this during the week, the thing was, the images and links were all spam related! I didn't click the links but after reading the 'almost legitimate' looking email and the link location (trend.rsys1.net) I did a quick search for rsys1.net and found it flagged as a spamhaven. Wonder which one of the mails came out first, Trend or the Spammers?
Way back in the late 90's I created an application that could view private Yahoo! Messenger webcams without asking the users permission, the default setup requires each new viewer to be granted access via a popup question to the person on webcam. Using my application you could just view without that popup and they would be none the wiser. This worked for many, many moons because no one I gave it to was stupid enough to try and blackmail the webcammers.
What a douche he deserves everything he gets.
Much like the pro-global-climate-change scientists websense's future relies on how dark they can predict it.
Maybe the findings should read FINDINGS of malware are up X% instead of incidents. If anything the web has been getting safer for the last decade and then you have this pose of fools trying to make everyone think the opposite.
Paris; because at least everyone knows her game.
The Reg is starting to look like the American Government more and more so every day. Because a trojan shows 'information freely available on a machine' does not constitute an "OMGWTF?" moment. The last five or six pieces on malware on the reg have been completely out dated, scare mongering, loose reporting. I hope granny isn't reading the reg on her windows machine.
This has been possible on Windows Vista and XP for quite some time using a simple CD. You insert the CD in the drive at boot time and select the windows account you want to erase the password to, it just erases the password so after a reboot you can login with the account and no password.
I have verified this on both a Vista Home and XP Pro installation and both worked flawlessly.
What the FUCK?
To be honest, if someone had called someone else a cunt, that's straight up offensive. If they use it, as the title of a play or scene or act or anything else, it's fair use.
Do the people at this stupid "Parenting Company" go to art galleries and try and shut down the nude exhibits? Then again, it was in the U.S. after all and we all know they're complete fools....
Paris - because this article is as foolish as she.
I disagree completely with your statement about uninstalling programs being only for freeing up hard drive space.
Compare a relatively new machine with one that's been chugging for a while, now it doesn't matter how clean the chuggers' been kept, it's still going to run like a tractor after a while unless the registry is properly cleaned from time to time, and I don't mean with one of those general registry cleaners either, you actually need to look through the results of those, including some and removing others from the delete list. This my friend goes hand in hand with uninstalling crud :)
That site is the worlds biggest scam, read up about it. You sign up and start getting like 20 mails a day from women who want to do anything from suck you at the movies to just calling round and having wild passionate sex sessions. The minute you pay them some dollars to reply to these lovely ladies the emails stop and no replies come back. They also own about 50% of the other dating sites on the net, all the "spam bot" profiles are definitely in-house too by the look of things, can they not do them for false advertising too?
"The World's Largest Sex & Swingers Bot Community"
'The land border between Northern Ireland and the Republic is however so complex and frequently used that it would be utterly impractical to operate border checks on it, even if these were politically acceptable.'
Are you forgetting they used to do just this on every single entrance to the north during the troubles? Or does that not count as a border check?
I don't know why when a bug is found on Yahoo! and publicly announced people are still surprised. Only a few years ago we could run around yahoo chat rooms without a care in the world, viewing webcams without permission, logging in as anyone we wanted, flooding people with millions of IMs all from different people. Their development team are pathetic and doesn't look like it's ever going to change!
SMS messages were free when I got my very first mobile phone about 8 years ago. It was only when the operators noticed they were on to something that they started charging for the service. Capitalisation is the enemy and the Mobile Operators sure know how to join that party.
A mobile operator whos motto is Free SMS's, I bet it would still make a hefty net profit.
Vodafone Ireland has had this service in operation for a couple of months now, it's called 'Vodafone IOU'. The deal is it's €2 when your credit runs out, you need at least 0.01c in your a/c to send the text which is a pain in the behind.
Then, when you top up next, they charge you 0.15c for the service they provided.
It's still 0.15 for nothin, but at least it isn't as bad as this Orange deal!