Posts by Old Handle

Are you still sure?

I did read that, in fact. But it turns out there's something even more important that we both failed to read:

The original attack description

As I suggested, someone more skilled in batch found a better way to hide it. It turns out there's no need for folding, escaped backslashes or any of that. All you need is the & sign.

FN:John Doe & msg * Hacked

So there you have it. And please, if you're going to claim this is also invalid vcard format and "trivially discovered", explain why and how this time.

Re: Ummm

Not totally clear, but I think he's saying those files would be changed automatically when a user installed an emoticon pack. Or maybe replacing one of those files is how you install an emoticon pack. Either way, it's bad since this isn't something people would realize could be dangerous.

I hope that by now people understand that they shouldn't install EXEs unless they trust the source (and if not, they kinda of deserve what they get), but if you write your application in such a way that a file they would think of as "content" can pwn them, you've broken an unwritten rule of how computers are supposed to work.

Re: So this person

The odd fraction is different for every customer which helps to identify which customers have paid up.

Not according to the previous story. They used a unique address for each "customer" (as is the normal practice with bitcoin payments) so there would be no need for the amounts to be unique. Not to mention it sounds like they were bluffing and so didn't need to keep track of who paid anyway.

Re: @ nuclearstar Unsurprisingly, it seems someone has

Assuming the blockchain is duplicated in each online wallet and assuming it hits 1TB at some point then an online repository with 1000 users would require 1PB storage.

Sure, but there would be no need for that. If we're talking about general purpose "cloud" hosting being used for bitcoin, than I guess it would work out like you said (unless they used dedupe). But a purpose built bitcoin service would certainly not work that way. A "wallet" is really just a collection of private keys used to prove ownership of an address when spending coins from it. Mine weighs in at 96kb. Since the blockchain is the same for everybody, all the users could share one copy.

Re: How Many Men Actually used AM?

How about what percent of male accounts were paid?

Re: Makes sense

Depends on the type of business and how bad you want a shot at another million or so users. Facebook evidently decided it was worth it.

Re: "Reasonable"

I'm sure they're bring in expert witnesses to argue that point, but the really it doesn't require too much technical understanding. The fact that they were hacked at least twice using the same method is enough information to say they didn't take reasonable precautions. If your customers get robbed because you left a certain door unlocked, it's reasonable to lock that door so it won't again, isn't it?

I'm not saying "get hacked twice and it's automatically your fault", but when you allow exactly the same thing to happen again, yeah I'd say that's unreasonable.

Only if he paid. I imagine lots of people sign up but decide the site isn't worth spending money on.

Re: Ban them!! Ban them all!!!

Don't forget coffee and tea, those are recreational drugs too.

Re: I feel sorry for one or two women on there.

By my math that would be 3.6 million women... or "women" at least. I won't hazard to guess what fraction of accounts are real.

Re: This is just wrong

It's somewhat confusing, since it's already 15 weeks old, but apparently grew slower than normal, being only as large as the brain of a 5-week-old fetus. So yeah, I think they only meant grow it to the size of a 12 weeks gestation fetal brain, but it did say "possibly longer" which leaves the door open for getting into creepy territory.

Re: That Weird Sound You Hear

While I'm sure they love to see infighting in the open source world, I don't think MS has much to laugh about on this one. LibreOffice is has been one of the most successful open source projects in terms of replacing proprietary software on ordinary users' desktops. Second only to Firefox, I would guess.

Re: True - but unlikely

Oddly enough, just yesterday I got a whole bunch of emails from match.com (not quite as scandalous, I know), which I definitely never signed up for.I unsubscribed right away, but I suppose that didn't actually delete the account. So if they ever get hacked my email will be in there.

Hashes

The MD5 and SHA-1 hashes will be totally useless if the image is changed, but the PhotoDNA version is apparently designed to resist this. Of course that kind of fuzzy matching will necessarily have a greater chance of false positives.

Re: The Donald Trump of the AV world

He should run for president. He may not quite have the name recognition (though "his" AV software is known and feared world wide), but he's certainly has the crazy.

Re: How well does it mix with...

Apparently.

So this could be great news for the smaller porn sites.

Re: "Voluntary"

I'm not sure about "most sites", but honestly there are loads that give it away for free (with ads) including a number of large sites with "porn" and/or "tube" in their name.