* Posts by Coyote

49 publicly visible posts • joined 28 Apr 2009

Zombie PCs exploit hookup site in 4Square-for-malware scam


Doing things the hard way...

I don't know why malware would bounce a geolocation query off an "adult" site, which is bound to raise a red flag on a monitored network.

http://www.geoiptool.com/ works just as well and looks a lot less shady.

Jetting off abroad? Pack protection ... for your Wi-Fi


Re: funny

Why not, if it works?

Spear phishing is spear phishing.

Apple's cloud music service 'WIPES your iPHONE'


you sync with iCloud

From the device's perspective, iTunes match is really "sync with iCloud"

The point of replacing the library on the device is the same as when you sync with a different copy of iTunes: to prevent duplicates and confusion about what came from where.

When you turn iTunes match on, it disables syncing music with iTunes. It may or may not remove the music on your device, depending on where it came from: it will remove any synced tracks (including purchased ones) but not tracks that have been directly downloaded from the iTunes store or iTunes match (which are the same thing really).

Turning iTunes match back off will leave everything downloaded on the device. Turning it on again won't remove anything (because it all came from the cloud). If you sync after turning it off, everything on the device will be replaced.

iTunes match doesn't stream, it syncs (and pseudo-streams in that it plays while downloading). So if you are in the tube or on a plane, you still have everything that is already on the device, just like syncing with a computer.

Best case: you can get any of your music, anywhere. If you fill up your device you can always delete some music (swipe left and hit delete).

Worst case: Same as traditional syncing, if you have no signal and no computer, you are stuck with what's on the device.

TSA to revise nudie scanner software

Thumb Up

I've been through one of these at McCarran

Flying out of Las Vegas, I had the opportunity to go through one of these instead of the metal detector. Apparently, if I had been wearing a belt or other accessories with metal, I wouldn't have had to remove them. I'm guessing my shoes could have been left on as well, if I had known I was going to get the body scanner.

You step in, arms up, and the scan takes all of two seconds. Step out onto the yellow shoeprints (hence the shoes-on hunch) in front of the male or female screener (they motion based on the usual preference, but you have the choice) and they pat you down wherever the machine put the yellow boxes on a generic outline)

I had a chance to watch them for a few minutes: I got checked under the arms. The woman going through behind me got her underarms and ankles checked (we both had looser-fitting shirts/slacks on). The next woman had tight-fitting clothing, but big, puffy hair. She got the top of her head patted.

So they aren't jerks, and the new software is specific enough they don't feel you up all over. I patted down more thoroughly when I go to concerts or nightclubs. It does seem to need tuning as it thinks there might be something there if there's some space between your clothes and your body.

Bonus: It is by far quicker than the metal detector, especially if you know beforehand you don't have to remove/replace your belt and shoes.

30,000 Shreks besmirch BeautifulPeople


BP is a joke

About a year ago I submitted an application to BeautifulPeople just to see what would happen. I'm no Adonis, and I was accepted. I think something like 75% of the people who reviewed my profile approved me. And... that site has been of absolutely zero use to me. I'm convinced BP exists to advertise absurdly overpriced events and deliver Russian bride spam. There's no way I'd pay for whatever kind of "premium" features they are offering.

I'm guessing the "fuglies" that got added via this exploit must have been the most blatantly unflattering pictures some troll could find on the Internet. Most of the people on BP aren't really that beautiful. FWIW, it's very easy to take a photo that will hide weight/wrinkles/bad skin or hair/etc... and there are plenty such photos on BP and every other dating site.

Judge hands BlueBeat.com $1m bill for Beatles downloads


Psycho-acoustic simulation?

AKA psycho-acoustic modeling... isn't that exactly how MP3/AAC audio compression works?

they're not fooling anyone here. All they did was rip tracks to MP3 and claim the compressed version was no longer the original.

MS claims credit for Rustock botnet takedown


Since botnets started using P2P, that's when

If a botnet relies on something like round-robin or fast-flux dynamic DNS to find C&C servers, all you have to do is take down the domain name and the botnet is decapitated. P2P makes things a little harder, because once the bot knows a few P2P nodes the C&C server isn't required anymore.

Rustock did something like include a huge list of existing bot IPs every time the malware propagated. That kind of botnet is hard to stop once it gets going: If any of the IPs in the list are reachable, a new bot can bootstrap the whole list.

Router-rooting malware pwns Linux-based network devices


FAIL troll...


ELF_Tsunami is an ELF trojan that attempts to exploit or brute force the DWL-900 series routers, presumable to open ports and allow connection to the backdoor on the compromised linux box.

It won't run on windows.

Apple accused of hushing up security update


hey jlocke

Haven't you heard? Windows doesn't let stuff just run 'as root' anymore. As far as trojans go, I can fake a 'sudo' dialog on OS X more convincingly than I can fake the UAC prompt on Windows Vista/7 ... UAC elevate dims and locks the screen in such a way other apps can't interact with it. OS X's prompt is a normal dialog box. And if they fall for it, I have the user's password for future use...

Jobs Halo

So let me get this straight:

Mac OS X has some built-in trojan detection. The signatures were updated. This is a problem?

Do we gripe every time MS updates the Malicious Software Removal Tool, or the signatures for Security Essentials update?

You know why Windows Defender isn't realtime protection, and Security Essential is a free but separate install? Because McAfee and Symantec would file antitrust lawsuits if MS dared to roll any kind of antivirus into Windows. It would kill the market for (overpriced, overrated) third-party protection.

Ironically, the reason OS X can get away with built-in protection against malware and Windows can't is the very same reason there is so much more malware for Windows: A bigger market share. Slipping under the radar is a good thing...

GCHQ imposes Whitehall iPhone ban


Ever heard of the iPhone Enterprise Kit?

"The app store as the only route to buy/install apps. So if you want to write (or comisssion) your own app for your own company, it is available to everyone?. If you want to roll out an app to 200 users, how do you do that, Individual ITunes accounts!. If you need to lock down phones to prevent people installing rubbish that may have malware, etc how do you do that?. If you sack an employee and need to wipe thier (your business) phone, how do you do that (I think remote wipe on mobile me is user owned not corporate control)"

Wrong. You can do all of those things: http://www.apple.com/support/iphone/enterprise/

... if remote wipe wasn't corporate controlled, how did Apple wipe the stolen iPhone 4?

For secure use, the iPhone has the same problem as Android or WebOS... they can be opened up by jailbreaking, rooting, etc.. try that with a Blackberry and you're just going to end up bricking it.

One thing RIM has is existing certification from the governments of the US, UK, etc... Apple, Google, Palm all might be just as secure (doubt it...) but they have to prove it first and that process has layers of bureaucracy and red tape.

Besides, when I hear 'secure" I think devices and networks that never touch the Internet, let alone being tunneled thru RIM. As far as I know, devices approved for such sensitive use are all based on WinMo with hardware crypto for storage and communication.

Google turns on SSL encryption for search

Thumb Up

Gmail on iGoogle is SSL

The requests made by the gMail widget on the igoogle page are https

Load up Firebug in firefox and use the Net panel to verify the requests if you aren't sure. That's what I did

Jobsian drones shackle gamer with 'lifetime' iPad ban


Grey Market.

This is to stop people from doing exactly what was happening here: Grey market exports.

If you really, really need to buy more than 10, I'd say either go the business account route, or place an order online. Not retail store.

Official: Apple iPhone is a chick magnet


Across the pond, maybe...

Here in the states the iPhone is just another phone... and very popular one. I was sitting at a bar the other week where literally everyone, guys and gals, including myself, had an iPhone. Yawn. I can get more looks by wearing a nice hat.

Around here, unfortunately, the iPhone is moving into the (personally despised) category of 'bling'. Everyone of a certain culture just has to have an iPhone in a blinged out case. Mine is naked and proud, despite having a few battle scars.

Now, let me be one of the first to get my hands on one of those just-leaked iPhone Pro (that's what I'm calling it) and I'm sure it will turn some heads.



"someone good with computers wouldnt be caught dead with crapple product"

I'm good with computers; I want a good computer. MacBook Pro FTW.

Thumb Up

<steve>One more thing</steve>

I love when a cute girl has an iPhone.

It's a topic to talk about right away.

My 3GS still has some wow factor to prev-gen owners (esp. when I demo the new camera)

Using Bump to exchange info is quite flirty.

Ten Essential... iPhone Accessories

Thumb Up

Griffin WindowSeat

It stays put, has an articulated arm, and lets you rotate the phone however you want.

Only disadvantage is that because the phone actually clips into the mount, you can't have it in a case. Even the invisible shield add too much thickness.


Stock earbuds are designed to be leaky...

While they do leak out, they also let ambient sound leak IN. I wouldn't wear isolating earbuds while wandering or exercising... it's unsafe to not hear your surroundings.

Unfortunately, you do lose a lot of bass without isolation. That's what the Apple in-ear set is for. Outstanding sound. They're about $80 USD, and have separate bass/treble drivers, which is something you don't usually find for <$100.

Apple shrugs to iPad Wi-Fi problems


SSID hopping

Your $40 wifi card isn't what handles it just fine, it is your OS that handles it fine (or not)

WiFi is designed to roam across APs with different BSSIDs (MAC addresses) as long as they have the same ESSID (network name). That's why, for example, you can put 'attwifi' in your iPhone and it will auto-connect at any Starbucks.

the issue is when you have your 2.4 and 5 Ghz networks named the same, but with different WPA keys. The iPad (and OSX, and Windows..) associate WPA keys to network name unless told to do otherwise. The solution, again, is to name the networks differently.

The iPhone mostly didn't have this issue because it is 2.4 GHz only.

9TB in 20 minutes? Sign me up!


just pipe the input to /dev/null

...makes it run real fast!

Apple yanks Wi-Fi detectors from iTunes


unless you are Google.

Google did it with the proximity sensor in the voice search and got away with it. There's probably a public API for the prox sensor now, but there didn't used to be.

Apple bans iPhone hackers from App Store

Black Helicopters

I wonder if...

...they WERE trying some kind of funny business against the App Store.

Microsoft genuinely chuffed as judge drops WGA case


Can't complain

Unlike the wankers who filed this suit, I have two brain cells to rub together and never once thought WGA was either a security patch or spyware. I wouldn't even call it DRM, as it doesn't restrict you, it just nags you.

Yes, I paid for Windows. Not-so-happily with Vista, but happily with 7. My ONLY reason for keeping my desktop on Win 7 is Media Center. Digital Cable support is nice.

Laptop is a MacBook. OS X is wonderful, but don't try to tell me it's free as in speech or beer: Sure, you can pirate it all you want... But just try running it on a non-Apple box. Aside from the lack of drivers, Apple does encrypt certain binaries using a key in the "Genuine" hardware's TPM. Sure, the OSx86 guys cracked it for now, but my point is: Apple doesn't care about OSX sales, they care about Mac sales. MS enforces a genuine product key, Apple enforces genuine hardware.

Linux? Well, it's great at work, and it's great on my wireless router. But it just ain't there for my personal needs.


The P always exists between the K and the C

Haydies - It's actually quite hard to Trojan a Windows installation image and not have it immediately know something is wrong with itself. MS signs everything.

Now, all those activation hacks that WGA tries to eliminate? Those can have some very nasty code in them, and frequently do. Once you tell UAC they are OK, you invited it in.

Police cuff citizens for videotaping arrests


There ARE bad cops who don't want to be caught on film...

The real issue here is illegal surveillance of the person(s) under arrest.

On-duty police serve the public and are subject to any and all monitoring that doesn't endanger the officer. In other words, no surveillance of undercover cops, and it doesn't take a genius to realize why.

However, when it comes to recording arrests, persons in police custody still have rights, including the right to privacy. Quite often people who get arrested are not charged, the charges are dropped, or they are found innocent.

If you were arrested would you want a video of it floating around YouTube forever?

I can't believe no one has pointed this out yet.

In-depth probe fails to hit the G-spot


Oh really?

Then please explain to me why I have to get a mop and bucket when I have hit that spot on some women... Not that I'm complaining.

Mine's the one with the Rabbit in the pocket.

BeautifulPeople ejects post-Xmas fatties

Paris Hilton

I've always wanted to sign up there...

I'm fairly sure I would be accepted, based on the comments I've gotten on my profile pics elsewhere. And I'm fully aware of just how shallow and dull most of the women on there probably are... The point is to troll them until I get booted off.

Paris, naturally.

'Searched' web info hits harder than 'surfed' - shock


'Searched' info hits harder than 'surfed'?


Those researchers have obviously never seen what happens to someone when they accidentally surf to Goatse.

Early adopters bloodied by Ubuntu's Karmic Koala


agreed, 9.10 reeks of eucalyptus

- Clean install on a Dell Inspiron 14. Wifi doesn't work. Well, the wifi works as far as the interface coming up and scanning, but it won't associate with WPA networks. Haven't tried open or WEP. Other people with different wifi hardware are having the same problem, so i think it's a a higher-up kernel problem.

- Speaking of, it was a pain in the ass to get the Broadcom STA drivers to load. The live-CD would show me the driver and let me activate it, but once karmic was installed to the machine the driver was absent. I had to manually install 3 .debs (patch, dkms, bcmwl-kernel-source) from the pool on the CD to get it back.


Oh, let me just add...

Everything worked just fine in 9.04.

Tesla Roadster travels 313 miles on single charge


Stop and go is what e-cars were made for.

Electric cars don't idle. A stopped motor = no charge used, and with the kind of torque motors can deliver, you don't need high drive RPM in low gear.

If all you did was 5-10 miles of stop-and-go city driving each day, you wouldn't need to charge it all week and then some.

Anti-filesharing laws revive crypto fears for spooks

Black Helicopters

No, it's just that...

the spooks just love to use their massive bandwidth to torrent stuff.

'Stop NASA bombing the Moon!'


@ LuMan

The moon is considered female in just about every mythology for precisely that reason. The lunar cycle is almost exactly the same period as, well... some women even synch to it.

Feminist flames that arising from said observation? Now that's amusing.

...mine's the fur (and claws, and teeth) that sprouts once a month.

Microsoft Security Essentials shakes up consumer antivirus


so...shane, is it?

Why bother commenting on something you have no interest in?

You feel all self-important now?

There's a term for ignorant, loudmouthed people like you, but it's often used as a racial slur so I'll skip it.

As for MSE? It does what I need, and it's lightweight. The SpyNet thing is used to develop definitions and the Malicious Software Removal Tool.

Palm Pre re-re-introduces iTunes synchronization


On the other hand...

The inevitable update to iTunes will hopefully fix a few of the many many new bugs introduced in iTunes 9. Playlist play order, what's that?

Apple iPod Nano 5G

Thumb Up

Of course it will stay paused...

Every iPod since the 1st generation has been able to do that... "Power off" on an iPod is really just turning off the screen.

Exceptions being the iPhone and the iTouch: if you do the "slide to power off" they have to boot when you power them back on.

In fact, audiobooks on the iPod can hold your place even if you play other tracks.

Apple yanks C64 emulator from App Store

Gates Halo

Commodore BASIC

was partly written by Bill Gates himself, and is still copyrighted by Microsoft, so there are legal issues when it comes to including it.

Lawsuit seeks to tag WGA nagware as spyware


Electronista seems kind of clueless..

...which makes El Reg clueless by association.

- IP address? You don't say! El Reg had mine the instant I read this article.

- For retail licenses, if WGA can't phone home, it doesn't care. As long as you're activated, you're good. It will not lock you out.

- For OEM licenses, WGA does a local check to see if the right product key is still in the firmware, and if so, it never phones home.

- Volume licenses do not permanently activate in Vista/Win7! WGA requires a check-in with a license server (@ MS or on a LAN) every 30 days. You can rearm this x3 for 120 max.

- The only think WGA phones home is a hash of non-personal stuff like your OS version and product key. Technically, the product key belongs to MS anyway. Yes, that info does identify your copy of windows, but not you or your computer... when someone else (or lots of people...) have the same hash, they have the same product key. That shouldn't happen ;)

You send more information than that when you activate windows, such as your hardware hash, but that info is only kept for a couple of months. After that, you can actually reactivate with the same key on another machine without calling MS.. but do it too much and WGA will notice.

Oh, and lots and lots of professional and shareware software phones home periodically, and did so long before MS used product activation. If you don't like it, use free/open software.

Post-Vista Windows flaw creates Blue Screen risk


Oh yeah..

WinNuke is back, baby!

Smoking iMac caught on camera


Any computer will do that...

If the power supply pops.

I've seen more than a few do it on the workbench, after being brought in for "randomly powering off"

It reeks.

Blighty customers see some Windows 7 prices halved

Gates Halo

It's the Betas that start expiring.

The RC doesn't expire until something far off like June 2010. Well after it hits retail.

Even after the RC is no longer offered for download... I'm sure you can find it somewhere... and it's been discovered the product key you're given for the RC is actually one of only six.... so there's apparently no limit or uniqueness to RC activation keys.

In fact, you could install the RC, activate it, upgrade it to RTM, and just not reactivate until it hits the shelves and you can purchase a copy for the key. That's what I did, and about as legit as you can get with RTM right now.

Apple MacBook Air June 2009

Paris Hilton

White MacBook? Heavy??

At what, 4 or 5 lbs? My cheapo Dell Inspiron 14 is almost 6 and that's light compared to the boat anchors I used to lug around, ESPECIALLY the corporate slab o' Latitude I have for remote access.

For years, I've thought the MacBooks/PowerBooks were slim and lighter than most. The Air seems like a ludicrous expense and trade-off of functionality for a little less weight (and a lot more style, admittedly) Don't get me wrong, there's plenty of Apple kit worth the price. Most of the time I find myself not even needing a laptop 'cause I can do it all from my iPhone.

Paris, because she's thin and light but short on features for the price.



boltar - if you are relying on wired ethernet vs. wireless for your data security, you have bigger things to worry about.

No medium is secure, use good crypto.

Exploding iPod backfires on Apple



I thought Lithium Polymer batteries weren't supposed to "vent" like that, even if punctured.

All the exploding laptop incidents involved Lithium Ion batteries. Apple uses LiPoly in iPods , iPhone and now Macbooks.

Exploding iPhone injures French teen


Something odd is going on here...

It's unlikely, and I mean HIGHLY unlikely a drop or a bump would cause the LiPoly battery to explode like that. Lithium ION batteries have a well-known "venting" hazard, and all of the exploding laptop/phone/(older)iPod stories we've heard so far involved Li Ion.

Current generation iPods, iPhones, and now even Macbooks use Lithium Polymer batteries. One, that's the only way they can get the batteries small enough to fit in really thin devices. Two, Li Poly is supposed to eliminate that so called "energetic decomposition".

As for the "exploding when dropped"? I have personally seen iPhones that were squashed flat in a variety of ways, including backed over by a construction vehicle and dropped several stories. In some cases, the battery was the only part of the device that wasn't damaged. In most cases, just the glass and LCD are cracked. The plastic cases of the 3G don't fare so well either.

Even if you did damage the battery pack? Hell, there's a "will it blend" video of the iPhone. When the battery gets ground up, all you get is a lot of black dust from the carbon substrate. No smoke or flames, although some other devices with Li-Ion batteries combusted visibly in the blender.

My hunch? When it was Nokia phones exploding, the cause was determined to be 3rd-party batteries. These 'Apple' products that exploded because someone looked at them funny are probably knockoff devices. There's a lot of them out there, and the one thing they have in common is shoddy quality.

Microsoft releases Windows 7 to MSDN, TechNet today

Gates Halo

You don't have to activate it before the public release

a little 'alternative distribution' never hurt anyone, but there's no reason to crack it or steal a key.

We are less than 90 days from release, and the 'slmgr -rearm' trick gives you 3 rearms. That's a total of 120 days before you must either activate it or wipe and reinstall... so grab the torrent today, then buy a license when it's released!

However: If you are planning to buy an "upgrade" license: start with an ACTIVATED copy of Win7 RC/Vista/XP and do a "clean install upgrade" to the Win 7 RTM. (If you don't actually do an upgrade to Win 7 RTM from an activated copy of windows, you won't be able to enter an upgrade key.)

Firefox users flip out over sneak MS add-on

Thumb Down


"enables .NET apps to be installed with one click."

"easily and quietly"

easily, maybe, but requiring a click is not quietly.

Firefox passive-aggressives adjudicate Nerd Law

Thumb Up

NoScript ~= adblock

I can't use AdBlock @ work due to policies about software that auto-updates itself, but I can use NoScript, and I find that even in its most permissive mode, NoScript blocks most ads by blocking the 3rd party scripts that fetch them.

I see some ads, but they are hosted by the actual site I'm on, and therefore can't do rude things like keep a tracking cookies across sites.

SiliconDust HDHomeRun



The HDHomeRun is a network tuner in the purest sense. RF in, Ethernet out. It doesn't matter what encoding the video uses, that's up to the clients to decode. There are also special versions of the HDHR designed to be cable signal analyzers and/or data stream receivers.

That's also why it doesn't come with any software other than the utilities. As a general rule, if you can tune it and get it to play in VLC, you can find something that will DVR it.

Can't speak for DVB, but the HDHR works extremely well for me in the US, tuning the free HD channels from digital cable.

Brainiac because when I first got the HDHR, getting it to work with digital cable required an engineering degree. The drivers have improved substantially since then.