Posts by Gordon Fecyk 395 publicly visible posts • joined 20 Apr 2006
"This attack chronology is another example of the rapid adoption of public exploits into widely deployed exploit toolkits," Symantec researcher Sean Hittel writes here.
So... why isn't Symantec doing something about it, hmmmmm? Don't we pay these creeps to protect our PCs from malware that exploits this?
Oh wait... we expect AV to fail here, don't we? http://www.vmyths.com/column/1/2003/6/11/
adnim, stop blaming the messenger. Again. It's trivially easy to curb ActiveX controls and still have them work as designed. Try turning UAC back on in your Vista PC, and using a nonadmin account like you're supposed to.
Dan, this is old, old, old news by now. You're blaming Microsoft for a bug they fixed already. You hold MS to a double standard compared to Symantec, who fixes their broken software far more often than MS has to.
"Well Microsoft is a good example of secure software, Apple should be more like Microsoft?"
Actually, yes. At least since Windows 2000 SP2 or so.
Some would argue they didn't do anything serious until Code Red hit. I submit that MS did more to fix Code Red and all of its incarnations with one release: URLscan. This is more than any anti-virus firm ever did. And looking past IIS5, even Windows 2000 pre-SP1 on the desktop could do anything Win9x could and still be secure.
That very, very few people bothered turning on Win2K's built-in safeties isn't Microsoft's fault.
Apple's had pretty poor turnaround time with regards to security updates compared to Microsoft. Case in point:
http://www.theregister.co.uk/2008/08/01/apple_dns_patch/
Since the original JPEG exploit in gdiplus, I've yawned at this repeatedly.
If you're still surfing the web as "owner" or "administrator" since December 2005, when Three Rings Design crippled their web site in fear over this thing, then you deserve to get infected with whatever malware comes through a GDI exploit.
Fool me once... etc etc
And Dan Goodin needs that hot clue injection. Still. Or maybe a clue intraveinous bottle. Or something.
Ahh, those halcyon days when McAfee AV would cripple a Windows 2000 system just by trying to uninstall it. Now we have Trend attacking the Windows OS.
All of you "Windows is a virus!!!!!111one" doomsayers can come out! A respected AV firm detected several key components of Windows as viruses. Too bad they don't specify if this happened on XP or on Vista.
Oh, and Dave Rand: You missed!
With credit to Rob Rosenberger.
"Two of the more common means for gaining unauthorized control include wireless access points and internet-facing controls designed to save organizations money by allowing employees remote access, according to Core Security, which discovered the bug early this year."
The only SCADA-related hack attacks I've read -- and I do pay attention to this sort of thing -- involve skilled insiders. The so-called disgruntled employees that PHBs fear day after day. They don't involve flaws in SCADA controlled systems, nor do they involve flaws in whatever subsystems it uses.
And when did ODBC, a decade-old technology, become fashionable as an attack vector? ODBC doesn't even use IP, so it's not at fault for "modified packets." An ODBC database driver may or may not use IP to talk to the host database, but ODBC isn't going to know if its host database is remote or local or on some dude's clipboard.
There are far more important problems for security experts to tackle besides killing another messenger.
After the lambasting Ted Dziuba gave to Google Chrome, I think Ted needs to sit in a boardroom with Dan Goodin here, and hand Dan a clue. He's needed one for several articles, now.
Microsoft seems to have this habit of calling patches in user-level code "Critical" because too many idiots use said code while logged on to Windows with full admin. Running the same unpatched code as a non-admin reduces the threat a vuln presents to "Negligible."
By comparison, an "Important" vuln that permits privilege escalation is "Critical" to me.
I don't worry about these kinds of vulns. Hell, if I had my way, I'd approve updates only once every six months, and I do. Machines under my care can't run unauthorized code. And yes, I check. This leaves Java and Flash, and while Flash isn't as picky about security, IE7 is regarding plugin behaviour, and Java's even more so.
Contrast to typical anti-virus software. This requires patching once every single day, and in Sophos' case they're demanding you apply patches once every hour. And AV will fail to catch a new piece of malware unless you do this. And yes, I call this patching.
I trust Microsoft over Symantec any day. At least with MS I'm paying once every five years for a new OS, compared to paying Symantec every year for the same old AV.
Now if only I could write an automated bot to post to El Reg's Patch Tuesday articles each month...
Apple gets away with lies, damned lies and statistics in their Mac vs PC ads because the majority of viewers aren't holding them accountable for it. Microsoft doesn't have that luxury; everyone holds them accountable for everything even if it isn't their creation.
As for Mojave, no really, Vista isn't the evil creation that you all make it out to be. I go into further detail on antiwindowscatalog.com. Mojave attacks that perception head-on. Seinfeld doesn't do anything useful.
The largest SPA I remember was the AT&T @home snafu, where millions of e-mail addresses were lost.
Nice to see Sophos isn't immune to their own people. Though I wonder how soon the "attack" was really reported. Doesn't Sophos ask their customers to update their anti-virus software every hour?!
This is the same regime that loves to mess with South Korean heads routinely. It's also the same regime that has no visible lights at night time...
http://www.globalsecurity.org/military/world/dprk/dprk-dark.htm
As for spyware e-mail sent to South Korean officers, if the ROK military's computers are as woefully administered as this suggests, I think they have far worse problems than spyware.
I've never believed in job security by obscurity. I document everything, explain everything, because I want my bosses to know I'm doing the job they're paying me for.
To this end, if your boss thinks you'd steal data if you were fired, take the 'root' or 'domain admin' or 'enterprise admin' or whatever account -- you know, the account that can't get locked out from too many bad passwords -- make a nice long password for it, and put the username and password in a sealed envelope. Hand it to the PHB, and explain that if something bad happened, they could hand it to the next admin.
If they don't open the envelope right away, they trust you to do your job. You can check your server security logs for this. You might reconsider your employment there if they open and use it.
I generally don't use the built-in admin account for any actual administration. I just use it to create admin accounts that are subject to lockout rules, and I don't even use that for day to day use. Instead I use an account that's part of some kind of account operators or server operators group, so I don't need admin on my desktop to administer the network. But that's going off on a tangent.
Mine's the one with the envelope to hand to my boss.
Look out, GNUtards, your "safe and secure" Free (as in Freedom) OS is vulnerable to a Free (as in GPL v2) DIY rootkit! Now no one is safe from hackers! No one! hahahahahahahahahahah...
Now, I could take the sane and conservative path, and explain that adding a rootkit to a Linux PC would require administrator [root] access to the system, and that preventing such installations would be as easy as disallowing admin access by default. But that would be so Windows 2000/XP/Vista of me. After all, this is supposed to be an open (oops, wrong word, sorry RMS), um, Free (as in Freedom) system not subject to the same constraints as a proprietary system.
Do you run Linux as root, too? Welcome to the rest of the world.
Join the botnet. I am a timeless chorus, join your voice with mine and sing peace everlasting... or something Gravemind-ish like that.
Why oh why oh why do I smell a computer security vendor rat in this story?
Guess what? Every web server visible on the Internet has at least one vulnerability or more. The trick is in mitigating them. Anyone serious about "Information Assurance" knows the difference between a vulnerability and an actual threat, and can prevent threats.
Hitting a vulnerability in an IRS server might let you put in an extra web page or two, but would it let you commit gainful fraud somehow? And how many of those "unauthorized servers" are even remotely connected to sensitive data?
"...hackers or employees could exploit the vulnerabilities." Show me the proof, and stop wasting my time with anecdotes. The IRS employ some of the most paranoid people in the United States, and so much as sneezing on an IRS employee is dangerous... :-)
Isn't it their job to block junk e-mail like this? Haven't they proclaimed the death of their own company before, claiming in 2001 that e-mail would become unusable by 2007 / 2008?
Jesse has it right. This is a "duh" moment for an outfit that claims to block this garbage.
I know I kinda spoiled the party yesterday. Sometimes you all just need to run off half-cocked so you can let off steam. I mean, just look at the release of Vista - it took two months for a serious bug to come to light (Vista's Long Goodbye), and you all finally got to release that bottled anger. (angst?)
Anyway, serious possibility. Rob Rosenberger once asked why don't we have a TV series about computer professionals. We have hospital stories, construction stories, racing stories, cop stories with sometimes confusing technology, even crab fishing stories. Why not stories about IT pros fighting off hackers, cyber-terrorists, virus writers, saving the day from some freak bug in program code, and so on?
The last time I saw something close to this, where cops were chasing some insider employee who wrote a logic bomb to take down a power grid, their "logic bomb" code was some glitch in an old Amiga text viewer called MuchMore. When you loaded a binary file into MuchMore it displayed this garbage that, if you were geeky enough, almost looked like art.
And you know how the good guys stopped the logic bomb? By shutting down the system that the logic bomb was supposed to shut down, and then turning it back on after the countdown passed.
Sheesh. All to save the city from a glitch in an Amiga text viewer.
Trying to explain RFID to the average MythBusters viewer, while making it interesting to watch, was probably too hard for the producers to accomplish. No explosions, no Kari Byron getting catscanned, nothing visually appealing.
Adam Savage went off half-cocked, just like the rest of you did, and I'm sure he loved every moment. Great for ratings, because now you're all going to watch the show and edit their Wiki. Probably got more ratings than they would have airing the actual episode.
I've had outfits pitch online backups to everyone from Mom to multi-site Active Directory houses. Just what is so magical about this tech that has Joe User and PHBs so enthralled?
Mine's the one with the 72 GB tapes in the pockets. On the way to the deposit box at my bank.
Limited accounts on XP, Standard accounts on Vista, non-admin accounts on MacOS X, and so on. "Managed PCs" can include home PCs managed by parents of crafty kids, too.
Chrome's EULA sounds like the ultimate spyware EULA ever written by a company. Glad to see it's getting fixed, though.
From Adam Savage:
"There's been a lot of talk about this RFID thing, and I have to admit that I got some of my facts wrong, as I wasn't on that story, and as I said on the video, I wasn't actually in on the call," Savage said in the statement. "Texas Instruments' account of their call with Grant and our producer is factually correct. If I went into the detail of exactly why this story didn't get filmed, it's so bizarre and convoluted that no one would believe me, but suffice to say...the decision not to continue on with the RFID story was made by our production company, Beyond Productions, and had nothing to do with Discovery, or their ad sales department."
Blinders off, people. This was Savage overreacting, as he often does on his show for effect.
http://news.cnet.com/8301-13772_3-10031601-52.html
The right to use the best defence against what we hold evil: Viruses, spyware, rootkits, etc, especially from the game makers themselves.
Those of you who read what I write know what I mean, but you can take this amendment in whatever direction you want. It should cover all ways we can defend ourselves from abuse.
That thing's only permitted for companies whose products pass Windows Logo testing, and pay a premium to Microsoft. Seeing that logo on one of the screen shots constitutes copyright violation. Not to mention misrepresentation or whatever the landshark-friendly phrase is for that.
Where's Microsoft's landshark team when you really need them?
I knew there was a reason I don't permit administrator access to any PCs...
By the way, seeing BigFix on one of the doubleclick.net ads at the bottom of this suggests Jesper is the pot calling the kettle black. Better review your ad contracts, El Reg.
OK, how hard is it to use offline files and the built-in encryption on Windows XP? If you absolutely have to take your work with you, and work offline from a company network, this is a good choice.
Granted I had to do some fiddling to make sure the Group Policy settings enabling EFS and offline files encryption stayed on, but they stayed on and lusers couldn't turn them off. They also couldn't store stuff anywhere else. Including USB keys.
With this, a stolen and later returned laptop in my care didn't compromise anything. Lots of dumb password attempts in the security log and the battery was drained, but that was it. The luser that lost it got a replacement and kept working until it came back.
"Even when you turn off Javascript, they have other tricks up their sleeves that are much harder to foil, says wally of wally corp, who brought the tool to our attention."
The button did absolutely nothing on IE with Javascript turned off.
Standardized LARTmeter is hitting 11/10 on the BS index.
Sounds like turning off automatic updates in whatever you're using will prevent this. That, and turning off admin access while running an affected piece of software.
Oh, and once again, the imminent death of the Internet via DNS is predicted. Seems like I shouldn't be able to visit theregister.co.uk anymore.
Apple Remote Desktop is a major security hole, one that should be disabled by default on all new Macs.
Also, whoever invented AppleScript should lose their job, and Apple should immediately release a patch that disables AppleScript functionality in all Mac apps.
Apple has relied on security by obscurity for far too long! It's time they focused on security above all else, and bring their OS into the 21st century. And application writers that can't deal with such changes should stop writing Macintosh apps altogether, and go back to writing for Windows.
[There, that felt good. I suppose I could've borrowed a typical anti-Microsoft rant and swapped "JavaScript" with "AppleScript," and "ActiveX" with "ARDP" or something, but I wanted to see if I could write a rant all on my own. Microsoft-haters beware: You're not safe anymore!!!!!!!111one!]
"Firefox wasn't the browser that brought us ActiveX and therein lies the key reason it has stood up so well when compared to IE over the years. Last year, there were some 339 vulnerabilities in one or more ActiveX controls, according to security bug tracker Secunia."
Who wrote said controls? Did Microsoft actually produce all 339 of these?
Everyone likes to blame Microsoft for ActiveX destroying the Internet. ActiveX was in Windows long before it was called ActiveX, though.
My favourite complaint from a clueless luser: "If you enable ActiveX in ACCPAC you'll expose us all!" Meanwhile Sage Software uses ActiveX as part of ACCPAC's very design. You can't open a module in there without launching an ActiveX control. If I disabled ActiveX, I'd stop it from working, period.
Which, in hindsight, might have been a good thing. ACCPAC needs a lot of work yet if it's going to run with Least Privilege in mind.
Even Firefox uses ActiveX. Those little form buttons? They're ActiveX controls! In fact, every Windows application uses ActiveX, whether directly or not. I don't know what they're called on MacOS, but on Windows they're called ActiveX controls.
I secure my machines using Least Privilege. ActiveX controls are like most other software on current editions of Windows; it runs as the user that launched it. A hax0r using a bug in an Adobe Reader ActiveX control failed to exploit machines in my care before, and they'll continue to fail. Even the notoriously insecure Firefix (heh, um, Firefox) can work securely this way.
I've not seen one of these things before this week, when I had the fortune to see it in action on an older machine. Some unrelated forum site running PHP tried to push some malware on a machine I used. A handful of executable files in %temp%, but no further damage beyond that.
The machine wasn't mine, but I told its owner what happened and I later got to apply a tool I hacked together that prevents downloaded executables from running. Said tool removes execute permissions from new files in limited user-writeable areas.
Lockdown hack or not, it was amusing to see this thing try to do damage and fail miserably. Sure, an updated Adobe Reader fixed it permanently, but were this a zero-day exploit it'd have fallen flat right on day zero.
...there's commentary just waiting to come out of my mouth on this one, but I'll sum it up by saying I just subscribe to Messagelabs and turn the MAPS services off.
I've waited for the AV industry to say, "we suck," for the past twelve years. No further commentary needed.
First off, it's nice to see Symantec taking ScanSafe as seriously as they deserve to be taken. ScanSafe's "threat meter" reads 'high' right now, while Symantec's "ThreatCon" is 1, or 'normal.'
That says something about ScanSafe right there.
Once again John Leyden posts a scare piece that's deserving of a standardized LART. ScanSafe sells web filtering software, and ScanSafe is telling us that, "the web is under attack." That's a direct quote from the site John linked to. Umbrella manufacturers are, once again, predicting bad weather for the Internet.
As for how to avoid malware on legit sites, well, we already have an OS based on the principle of extreme paranoia, um, least privilege. Actually we have more than one; we have many. It's all a matter of using them in 'extreme paranoia' mode. Yes, this includes Windows. And these all still work with advertising systems that use scripting, like this one.
Ya know, after reading that XP is going to be available for "low end" PCs, I wondered just how different Vista is from XP, aside from the Aero interface.
Let's see... we have:
* DRM in Windows Media Player 9 and 11
* Windows Desktop Search
* Three different versions of the .NET framework
* Internet Explorer 7
* Windows Defender anti-spyware
* Windows Firewall
* And, if you dare, even a form of User Account Control (Run As...)
Aren't these the things everyone here is complaining about? Load all of these things onto a bog standard XP machine, and you have an XP that's just as bloated as Vista.
Mind you, I can make Vista work on a 512 MB machine quite comfortably. I just have to avoid unwanted software, which is something I do second-nature.
"I'd love to see how Windows 7 is going to support ultra-light PCs any better than Vista does..."
Think, "Windows Core Server 2008." That's how.
"Despite the proliferation of XSS attacks, McAfee's ScanAlert, which provides daily audits of ecommerce websites to certify them "Hacker Safe" gives clients the thumbs up even when XSS vulnerabilities are discovered on their pages."
John McAfee continues his tradition of after-the-fact security for at least twelve years. You have him to thank for convincing the media, and therefore the public, to use reactive anti-virus technology.
"Many thanks to Microsoft, who started the whole HTML-email crap, and persisted despite numerous warnings of security risks."
Mister Teapot, in the process of calling the kettle black, you forgot that you have Netscape Communications to blame for this one.
http://en.wikipedia.org/wiki/Browser_timeline
Netscape 3, complete with "Rich Text" e-mail as they called it, came out in 1996. Compare with IE3's release in January 2007. Further, Outlook didn't support HTML e-mail until Outlook 98, and Outlook Express / Internet Mail and News didn't support it until IE4 came out. You have Netscape Communications to blame for HTML e-mail, not Microsoft. You also have Netscape to blame for (shudder) Javascript.
I'd have taken the older scourge of winmail.dat attachments over HTML e-mail, brought to you by Netscape.
"Err that was a joke right. Why would making all routers rely on a different OS make any difference surely then you would be equally exposed to a single flaw?"
Next time I'll use teh j0k3 4l3rt butan, kthx.
Seriously, I don't understand why the Linux crowd isn't all over this, promoting Snapgear over Cisco, when they gladly do the same thing when some vulnerability in a Microsoft OS gets published. Cisco is more entrenched in the 'net than Microsoft is.
I would like to see, however, how someone could rootkit a Snapgear box.
Man the pumps, batten down the hatches, run for the hills, etc
To [mis]quote Robert Lemos from 2003:
"Exclusive reliance on _Cisco's IOS_ operating system could make companies vulnerable to greater damage during a cyberattack, according to an upcoming report from analyst Gartner."
http://software.silicon.com/os/0,39024651,10006340,00.htm
Or maybe I should use the Penguin tag and, um, ♫ rant like a Linux Geek... ♫
"...I know the perfect way to avoid Cisco IOS vulnerabilities. Just switch to Snapgear products, powered by Linux!!!!!!11!1"
"Gordon Fecyk - You're missing the point. HP dumped an Intel image on an AMD system. It's not Microsoft's fault that HP people are incompetent."
Nah, everyone else blames Microsoft for this kind of screwup. Why should we stop? :-)
Seriously, this is the first time I've seen someone else post on El Reg that very phrase, "It's not Microsoft's fault." If it's already posted somewhere else, don't worry, it's just the first time I've seen it. And how true it is. Expect MS to cover for HP's mistake, and potentially the mistakes of other OEMs, however, as pointed out in other posts.
Now if only some folks would consider that the next time we see a knee-jerk article on El Reg...
"If we accept the story that OEMs cut corners on their disc images, it still doesn't explain why WU didn't offer to repair the mis-match as soon as the machines were connected to the net."
Windows Update didn't do the update in this case. The downloader and updater in XP SP3 did. We're also talking about a processor update. Ever hear of downloading a new driver for your CPU?!
Microsoft made Sysprep's limitations quite clear -- oh, for those who don't know, Sysprep is the utility that permits mass duplication of an installed Windows 2000 or Windows XP machine -- and an important limitation is that the target machines' processors must be the same type. This was more obvious back in the day when Windows NT supported four unique processors, but it's still relevant today when switching between Intel x86 and AMD x86 processors.
And now we know why.
Come to think of it, I always wondered why my XP SP2 image wouldn't boot on an Acer AMD laptop. To think I blamed Acer, when the fault was mine. And this had nothing to do with SP3.
As for the SP3 ISO working better than the download, I'd believe Gary's story since the "full file" kit would contain the AMD driver code by default. The online version would only download updates for files it saw, and if there wasn't an amdk8.sys file, it's not going to waste time downloading it.
Sounds like the bug is in the online version of the SP3 installer. And it seems like a simple enough fix -- make sure it downloads all processor-related drivers anyway, regardless of what files it sees.
What about the full-file installer? We see that the ISO download works. What about the huge update you'd download to install to multiple PCs, without needing a CD burner?
Like, ZOMG, terrorists are using the Internet to recruit new members!
The Internet was great while it lasted, folks, but it's clear that this American-created network is the greatest threat to American peace since the American invention of the Atomic Bomb.
As patriotic Americans, I call upon you to disconnect your modems, cancel your America Online subscriptions, and turn back to the Glass Nipple of the 1970s. Dismantle the Internet one AOL user at a time, I say!
It's time for all Americans to return to the halcyon days of the Transistor Age! I think our national motto should be, "What's wrong with a number two pencil?" Albert Einstien didn't need a Casio FX-115M scientific calculator, and neither do we! Do The Right Thing!
(Credit where due: that last paragraph is a direct quote from Rob Rosenberger, Master Sargent, Retired, United States Air Force.)
It's taken seven years, but could this really be the Chinese cyber-war that the American anti-virus industry, and Richard Cluck / um, Richard Clarke, warned us about back in 2001?
Back when the Wall Street Journal exposed the US AV industry as tools of the People's Republic of China?
(ok, one more time: http://www.theregister.co.uk/2001/04/03/chinese_feds_demand_computer_virus/ )
And how very, very interesting that Goodin brings up Cisco. Didn't Cisco participate in the construction of The Great Firewall of China?
"They are actually disguised Windows Media files containing a script."
Hm... this is a recurring theme in so-called data file exploits, isn't it? Started with Word templates posing as documents, continued as Windows Metafiles posing as JPEG images, and now Windows Media scripts posing as MP3s.
Need I go into how to prevent getting exploited before the fact again? No? Good.
Back when the WMF fiasco happened, a certain site I hang out on banned all images from their forum. I suppose next they'll ban all MP3 links. Go on, tell your webmaster to ban MP3 links... I have my laugh track (in MP3 format of course) standing by.
In one client's logs, prior to implementing ML, I saw a massive number of dumb things like "12345_validuser@example" and "0validuser@example" and "aliduser@example" (missing first character) -- this was what I meant. I don't know about businesses outside my scope of influence, but no one I knew had addresses like that on their own domains.
Of the 95% of e-mail that Sophos claims is spam, how much of it is destined for addresses that never have and never likely will exist?
We used to stop these with a 550 Invalid User response, until spammers started using automated guessing bots against them. Then we started accepting them and bounced them later, only to cause a reverse flood to some hapless soul whose address happened to be in the MAIL FROM command. Now we're eating messages we'd normally bounce. I still don't want to include such messages that are "permanently undeliverable" in any realistic spam statistic.
Nowadays I'm fine with giving spammers a 550 response, because anything that gets past ML has to look so un-spammish that, if I deemed it to be spam, I could put the sender in the "go away and don't come back" list and have it work.
By the way, who in Hades is "Doron Pely" and why is she trying to sell me on Homeland Security related stocks? To a Canadian, no less?
And also in full disclosure, I don't consult for ISPs. I mostly consult for small to medium sized businesses with their own e-mail setups, one or more Exchange servers, for instance. I can say that the numbers I posted were consistent with those SMBs.
So, everyone who posted numbers supporting Sophos' claim: Good job. Thanks again.
Here are some other things to consider with these numbers: How much spam is for invalid addresses? I don't mean addresses that were valid at one point but then became invalid (such as a user rename or a user leaving), but rather, addresses that are, seemingly, intentionally invalid. This would include otherwise valid addresses with one character missing, or an extra character added, to the username.
I might have had numbers closer to Sophos' numbers if I factored in e-mail for invalid addrdesses. I don't see that e-mail anymore because ML doesn't accept mail for them.
Because this number doesn't show up on any real monitoring tools I have access to. I think one client peaked at 55% spam, where another never really got past 40%. My own domain never got past 60%.
My clients and I subscribe to Messagelabs, who provides actual statistics. I can't say the same for Sophos.
Not that Messagelabs is much better. In 2001, Mark Sunner claimed that one in ten (10%) of e-mail would have viruses by 2007/2008, and one in two (50%) by 2013. Their own tool identified, what, 0.32% (one in 312) e-mails to my domain had a virus in 2007/2008.
http://www.vmyths.com/column/1/2001/9/30/
Sunner's prediction was off by a factor of 31. And these guys supply realtime virus and spam data.
I'm sure not going to believe any predictions from Sophos, who only have pretend numbers, if the guys with real numbers make such outlandish predictions themselves.
That alone should stir up enough postings. Imagine if a cure for the common cold were really, really found, as in a broad spectrum anti-virus medication for human beings. Such a discovery would risk putting much of the pharmaceutical (sp?) industry out of business, in theory.
Now do a word swap of "common cold" for "kraken." Or, for that matter, for "storm worm."
I'm anxious to see the responses.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
