To be fair, I'd say he is about to get a major upgrade in prison conditions. You really don't want to go to prison in Eastern Europe. I can image he hopes to serve the rest of his sentence in the US instead of Romania.
Posts by pitagora
66 publicly visible posts • joined 2 Oct 2009
Hacker 'Guccifer' extradited to US
Ad-clicking bots predicted to rip US$7.2 billion from Mad Men
Domain registrar attacked, customer passwords reset
Re: Bad security?
They can't encrypt data the system actively uses in an automated way, such as emails, because then they would need to also keep the private keys in handy for the server to use. If the keys get compromised it's like you never encrypted the data at all. It would render everything pointless
'How I CRASHED my bank, stole PINs with a touch-tone phone'
Re: Is it just me...
seriously? I know people like to play devils advocate but this is silly. Why would anybody implement arithmetic (think how hard this is to do) on pins vs the very simple possibility that pins end up in a query such as:
select * from Accounts where PIN = 31337 * 1 *1 *1
For the record, when testing parameters for injection the first approach is indeed to use math operators and see if they get evaluated. There is no legitimate reason why these would be evaluated other then if they end up in a sql statement in raw form. The fact that it's a blind injection doesn't make it any less dangerous because you are very well known methods of obtaining table and field names using this boolean result. There are automated tools designed for this.
Trojan targets Mac's built-in security defences
Check your machines for malware, Linux developers told

Santa: the problem is a supposedly an uptodate Linux got rooted and nobody knows how? Doesn't this concern you at all? It's a disaster. This could mean every single Linux machine out there could be vulnerable. Until we know for sure that how we should treat the situation. Personally I don't have/run any Linux servers, but some of my contacts do and they are freaked out!
Pandemonium as Microsoft AV nukes Chrome browser

Chrome = spyware
Every 1-2 weeks I have to delete Chrome from my parents PC, and they swear they don't even know what it is. I'll tell you though: it's a nasty peace of spyware that installs it's self with other products and steals personal information without the users knowledge, and then legalizes this through a very long T&C.
Chrome is spyware, so good riddance. As for my parents PC, I wish MSE has some option like "permanently consider this program a spyware", because in the end this is what Chrome is.
Windows 8 to ship with built-in malware protection

I have a feeling that "productively" for you means office apps like wordperfect for DOS :)) You know so people's needs go beyond typing documents. I for instance need synchronization of documents with my coworkers and versioning (Office 2008), access to ERP and reporting software (powered by hopefully a fast database preferably not stored in a file on my DOS system but somewhere where my colleagues can access too - even those working in other locations then me), need some CRM software preferably integrated with our voip phone system. My colleagues at marketing also need a powerful image editing software, email applications (not text only!!!) to be able to send drafts of their work, etc.
As for other people, "productive" applications also tend to include engineering design applications (and please don't tell me AutoCAD R12 for DOS because at today's standards there isn't much you can do with it), architectural design applications, simulators, etc. Most of these tasks couldn't be done with the software or hardware available in that period. Without them we'd all just be living 80s-90s, without all the technological advancements done since. If we are at it, why don't we just give up technology entirely and live caves like we used to, right?
Linux.com pwned in fresh round of cyber break-ins
Much of the human race made up of thieves, says BSA

how do you know how much is fair?
The problem is: what is a fair price? How does the user know what is fair? I mean yes, the development cost is the same when selling 100 million copies or selling 1 copy, but how do you know how much we sell? Did anybody bother to calculate how much it would cost to develop that software? Did anybody ever think that for each sale made there is a cost in support and in the sale it's self? Sometimes up to 50% goes to the person/company that sold the product, not to the one that made it. Did you know that? Does that go into your fair price too?
I have a software company in Eastern Europe (where price are considered to be small and everybody outsources). A programmer costs about 3000$ a month with salary/taxes/social security. Developing a small application (like dentist office management tool) needs a few months and a team of a few people to develop. For a 6 month of work and 4 programmers we already have 72000$ just in development costs.
Now what is a fair price for the application? What do you think is fair? 200$? Noooo....you'll scream....windows does more and costs less. Unfair! Lets steal it instead. Well it's all about volume. My case there is a small target audience, reached hard. We are not expected to sell millions of copies. In fact in order to break even (and not make any profit at all) we are going to need to sell 360 copies at 200$. But oh wait: the application doesn't sell it's self so put some marketing in it. Selling 360 copies requires finding 360 doctors and convincing them to pay 200$ (if they think it's fair), and don't already use another app. For each sold application you'll have a cost in marketing. Then you realize that with the cost of sale you need to sell about 500 copies to break even.
You sell your 500 copies and you notice that your phones are ringing all the time. There are 500 users that need support. You hire some support people to answer the phone and assign a developer or 2 permanently on dealing with bugs and issues, and offering patches to customers. Just supporting your small application costs about 10000$ a month.
In the end you realize you can't sell more then 500 copies because there aren't enough dentists around you that need it. Most of them already use a competitor product (or if your product is truly good - most of them will use a pirated copy of your product) or some simply use Excel (most likely pirated). Your own pirated copies become your competitor. You can't sell because they already have it for free.
Now the above is just hypothetical. It's just an example. We sell a different kind of application with a different (unfair) price. The hard truth is in our case that we know there are about 3 times more copies in use then we sold (we have some callbacks in the app). We are at the point where we haven't even broken even yet and I think it's unlikely to. We are about to discontinue the application ironically not because it isn't needed or used but because of people steal it instead of buying it.
As for difference between piracy and theft: is there any? If you shoplift a dvd/cd with my software from the store or download it from a torrent do you think it makes any difference for me? The dvd it's self only costed 50 cents. I don't even care about it. The real value was the software in wich I invested possibly hundreds of thousands of dollars. Why is it any different that you go shoplifting for software in a store or download from torrents? From my perspective the difference is 50 cents. Why does somebody go to jail for this 50 cent difference if he steals from the shop around the corner and just a file (perhaps) if he downloads it? I don't get it. I go out of business anyway....

theft (stealing a cd) = pirating + 50 cents for the cd
If you shoplift a dvd/cd with my software from the store or download it from a torrent do you think it makes any difference for me? The dvd it's self only costed 50 cents. I don't even care about it. The real value was the software in wich I invested possibly hundreds of thousands of dollars. Why is it any different that you go shoplifting for software in a store or download from torrents? From my perspective the difference is 50 cents. Why does somebody go to jail for this 50 cent difference if he steals from the shop around the corner and just a file (perhaps) if he downloads it? I don't get it. I go out of business anyway....
Twitter users charged with terrorism for false tweets

guy caused 26 accidents by sheer panic - how is it not terrorism?
I don't know about you but last time I had a family member in a hospital (for something unlikely to be life threatening by the way) I was speeding across town at night 130 km/h (with the obvious 50 km/h limit of course). Until you are in that panic situation you can't even image how it feels to be afraid for a loved one. If I though my family was being held hostage somewhere I probably wouldn't have even looked at the red lights anymore and just hit the paddle. No wonder there were 26 accidents because of this when everybody started to drive like in need4speed.
PS: I have a great prank idea. Lets tell everybody at a clinic they have HIV and lets see if any of them kill themselves over the news. Afterwords we can say: sorry, it was just a prank.
Mozilla cranks out Firefox 5 with cross-platform 'Do Not Track' feature
Mozilla to shift 12m surfers off 2-year-old Firefox 3.5

@The BigYin
Actually it's the "platform's" responsibility to keep some level of backwards compatibility. If you think about it what would happen if every time you change your windows version ALL your applications stopped working, like it happens in firefox? Lets be honest here, Microsoft has done a very good job keeping Windows backwards compatible. There are incredibly few applications that don't work (even windows 3.1 apps), and those that truly don't are the coders fault, for using undocumented features, that were subject to change.
I can't say the same about Firefox. I upgraded to FF 4.0 and I'm pissed that some essential plugins for my work no longer function!!! They are essential to me. I have to downgrade, or else.....
I don't see other options then downgrading, other then perhaps looking for a Chrome plugin that would do the same job I need....
Google sued over – yes – Android location tracking
McAfee recovers from Sesame Street email filter mix-up
Teens who listen to music a lot are at high risk of depression

new study!!!
I just made a scientific study on me and my gf. Apparently 50% of the people listen to hard rock and metal, watch only scifi movies and play Quake in their free time. The other half of the world listens to Enya and likes to talk a lot about their feelings.
Given that both studies have a similarly badly chosen sample they have pretty much the same scientific value.

study is amaturish
The study involved 106 adolescent participants, 46 of whom were diagnosed with major depressive disorder...
WTF? What kind of idiot make a statistic like this? The sample is good, only if almost half of the teens worldwide are depressive. Otherwise the whole study is bent.
Doing a study on a group of depressive teens has a different meaning: the statistical conclusion they should have taken is that depressive teens don't like to read books (perhaps it's even more depresing to do so) and listen to music. Not the other way around! Basic statistics!
How to slay a cellphone with a single text
Reduced growth forces Sophos to shed 80 jobs
Google illegally divulges user searches, suit claims
all do and none do
all do. In fact none do. Not even google. Your browser is the one that shares the referrer not google. It can't be changed by google and normally it shouldn't. Those experiments are more like hacks that have nasty side effects. One of them is that the search engine would not work for anybody that has javascript disabled or for browsers that don't support ajax.
Microsoft gives temporary fix for info leak in ASP.Net

ScriptResource.axd is the key to download any file
IIS will serve it through ScriptResource.axd. All you have to do is encrypt the arguments with the machinekey. ... the same machine key you can steal with this exploit. Ups...there goes your DB connections strings :) And if you have an shared host like most people do, you might have a sql server that is accesible from the internet (hosts do this so they allow you to connect with SQL Server Management Studio). In this case your database just got really public. All your sensitive database, and possibly admin accounts get shared with dog + world. Nice eh?
Dell warns on spyware infected server motherboards
1,000+ webpages poisoned in latest mass malware hack
The title is required, and must contain letters and/or digits.
the reason is how easy php is. Anybody can learn it and think he masters it in less then a month. Imagine the websites he creates, the scripts etc.
Second reason open source....when a large application like wordpress is open source hackers can analyze it to find bugs. It a lot quicker then black box testing. Proprietary solutions are harder to crack, provided that the developers test it properly first, or hire some pentesters.
Quit Facebook Day flops
Siphon Wars: Pressurist weighs into Gravitite boffin

Check out Bernoulli's Equation
Guys! Check out Bernoulli's Equation, and look at the terms that it uses to calculate a siphon. Gravity is not a factor! density is, P is pressure, h is height.
And by the way...siphons work in 0 gravity too :) The gravity however does create air pressure which in term drives the siphon, but it can work in the absence of gravity as well as long as the air pressure exists (i.e. artificially created)
Hackers crack Ubisoft always-online DRM controls

will never buz ubisoft games ever
My last experience with ubi soft so quite bad :( The game didn't work because I have an emulator installed (which for the record I use only with legal ISOs - I have a MSDN Pro Subscription and the only way you download the software from it is as ISO).
Anyway why buy a game if in the end I still need to find a cracked version to be able to play it? I refuse to pay them money just so I end up looking for cracks and warez and exposing my self to viruses because Ubisoft tries to dictate what I can and can't have installed on my PC? If they would say all these restrictions on the box, so I can see them before I buy this piece of crap yes, but I just hate surprises and no refunds! No more buying from Ubisoft for me!
Jobsian drones shackle gamer with 'lifetime' iPad ban
Is iFlorist the greatest website in the universe, ever?
Microsoft's web privacy push: 'We're the anti-Google'
Don't blame Willy the Mailboy for software security flaws
The title is required, and must contain letters and/or digits.
it's the other way around: internal variables in functions are not kept, but function names are. All class and member names are kept in the byte code. This byte code can be fully decompiled to a working java program.
As for you suggestion of naming variables A, B and C: that's called obfuscating and it's a very common practice, except it's done directly on the binaries using some expensive software :) Basicly that software will rename all your classes and methods to things like A.A.A and A.A.B and overload methods to the absurd. You would end up with 20 unrelated methods A in class A. Good luck to anybody trying to reverse engineer it.
'Smart roof' coating made of old takeaway fryer oil
Virgin Mobile fined for pushing mobile spam
Cybercrime's bulletproof hosting exposed

The title is required, and must contain letters and/or digits.
1. You can't fight a crime with another crime. It's illegal to infect somebody's PC, for whatever reason, even if you have good intentions
2. AV companies that could do this if it was legal (which it is not) would not benefit from this. Their goal as a company is to make money, to pay salaries and dividends to share holders. They have to bring money home to their families. Nobody can afford to work for free.
Feds use phony MySpace profiles to nab bad guys

The title is required, and must contain letters and/or digits
it was always like this. Undercover agents are supposed to infiltrate and if necessary do things that would otherwise be considered illegal. This was always the case. Besides, the intention is to catch pedos, not to drive a young girl to suicide. It's quite a different thing.
Windows Phone 7 - what's in and what's out

The title is required, and must contain letters and/or digits
Looks like windows mobile is about to take all the defects of Iphone, without any of the benefits. The reason I like WM now is that I can develop apps for it without being censored of the likes of Apple. This leaves room for open source, for custom software made for business use, etc.
If WM becomes an Iphone clone, then I don't want it anymore. If I have to chose the lesser of two evils, then I will chose the one with the most apps available (and that's iphone).
So message M$: removing the freedom in programming (all that control) will definitely loose me as a customer, and developer).
Microsoft's Internet Explorer 9 embraces - yes - HTML5

yeah.....
....it's confusing to have the two together. Developing for IE is a pain, but I have to admin that it's a lot better then Chrome. IE 7 and 8 complies with the standards a thousand times better then Google Chrome. At least M$ is doing steps towards compliance, while Google is going the wrong way.
'The LHC will implode the Moon or PUT OUT THE SUN'
Forgot your ThinkPad password? Get new hardware

I think the author is hasn't done his research
"a variety of password recovery tools will do the job for around $80"
The tools exist, but they don't do the job. Resetting the superviser password involves replacing an EEPROM chip on the motherboard, among others. This is very risky to do by hand even by a specialist. The board has a very high density and even the slightest mistake will destroy that board. There is also the question of resetting the TPM chip if one exists. Now these chips are designed so that they can't be reset. At least the procedure is a very close guarded secret. Can't say the superviser password can't be reset with the right equipment and expertize, but it would definitely cost more then a brand new laptop.
Ubisoft undone by anti-DRM DDoS storm

i would pay for a crack
considering that I don't have always have an internet connection and the only thing I can do on the PC to amuze me when I don't, is play single player games, this is going to be a problem for me. The only reason why I would buy a single player game is to play it offline. Multiplayer games are a lot more fun, but since I don't always have an internet connection I can settle for single player. Well apparently not in this case :(
I'll be very honest here: I will probably play the regardless if I pay the money to some guy that found a smart way to crack it, instead of UbiSoft. YES, I'm not willing to buy the game if can't use it offline, but I would be willing to pay the full amount for a cracked version, as I am sure others would too. So a message to anybody out there trying to crack it: you have at least one customer if you succeed.
Chinese schools deny Google cyber-attack links
Adultery website boosted by Christian publicity campaign
IE6 exposed as Google China malware unpicked

I test my websites on ALL browsers above 1% market share.
As a web designer I have to design pages to look great on all browsers. Yes, IE 6 is a nightmare as it doesn't comply with lots of standards. Second on the nightmare list is Chrome and then IE 8. Unfortunately when the client comes and tells me the page looks shitti on IE 6 I can't tell him to change the browser because it doesn't comply. He will ask me to fix the problem. He pays me for that, and since I can't fix IE 6 and I have to fix my page. And lets not forget that over 20% on the users still have IE 6. No way they can be ignored simply because you don't like that browser.
So yes, I test my websites on ALL browsers above 1% market share.
Judge awards Dish Network $51m from satellite pirate

same thing actualy
yes it's exactly the same, because producing that content costs money. That money was paid for, and it's not coming back in the form of revenues. So people do loose money! It's essentialy the same thing. Somebody steals the money from your back account, or they simply steal your salary even before it gets to your bank account. Either way you don't get the money you worked for, do you? Do you like working for free?
Kingston coughs to security flaw in 'Secure' flash drive

backdoor
The crypto key was stored on the disk, but encrypted with a universal key for all drives. This is obviously supposed to be a backdoor too allow them to decrypt any drive. They probably stuck a deal with the FBI or something. Unlucky for them, somebody discovered the backdoor.
My 2 disks go directly into the camp fire. I will never buy again from Kingston!