Ouch
I didn't know some of these things about Kaspersky. Nevertheless, I've never really liked it as a feasible product. It sounds too fishy to me. But they have a track record far worse than McAfee!
Posts by David Eddleman
217 publicly visible posts • joined 20 Jun 2007
Compromise turns Kaspersky site into malware hub
Man enraged by sagging pants pops cap in teen's ass
Apple censors shut down BitTorrent app client
Google's 'instant' search springs keyboard controls
Monday 4th October 2010 15:12 GMT
Friggin' yes!
The first time this came out and I tried scrolling up and down the page with my arrow keys, I wondered why the page wouldn't scroll. Then I noticed the blue arrow and how it reacted.
This is probably the worst 'improvement' Google's made to search. Not everyone uses one window and one tab for anything. With the prevalence of tabbed browsing, I often open multiple tabs of the same search results just in case the first isn't what I was looking for.
Symantec HackIsWack contest packs in
Friday 1st October 2010 19:20 GMT
What?
"surfers are entitled to expect higher standards of website security from Symantec-branded sites than from your average mom and pop website"
Anyone remember how the "Hacker Safe" logos did absolutely nothing for security? In fact, for the longest time, XSS wasn't considered a security problem, and some 10k sites went exploited by XSS while still wearing the Hacker Safe badge? Give me a break.
Battle of the US super-soldier robot suits hots up with XOS 2.0
Wednesday 29th September 2010 00:09 GMT
Better for civ applications
Honestly, they need to focus on the civilian applications of these objects first. Once they get them perfected to civilian standards (not too hard), they can focus on the up-armoring, mount points for gear, mobility issues, etc. Military standards are way more exacting than civilian ones, why not try to get a base market for it going then work on improvements and gain more interest that way?
Wait, that would make sense.
Iowa police mugshot exposes world's worst tattoo
Prosecutor resigns over sexting spree to crime victim
Google mounts attack on penis-pill pushers
Thursday 23rd September 2010 15:18 GMT
No power otherwise
"The account suggests that Google is going after the lowest level offenders, the narcotics equivalent of the corner dealer selling nickle bags."
That's because the higher-ups are operating outside the US or using 'bulletproof' hosting to get away with it, so those takedown notices sent by Google get laughed at. Also, they're probably poisoning the search results to include their wares, exploiting the flaws in the Google search algorithm that's been a game of cat-and-mouse since day 1.
Steve Jobs in iPhone bitchslap to creationists, Tea Party
Wednesday 22nd September 2010 23:59 GMT
It's a shame
That despite having some really bright minds in this country, we have people who still believe -- and try to force others to believe -- in antiquated notions. Back when I lived in San Diego, an area that's heavily Catholic due to the influx of Hispanic immigrants, I could proudly openly exclaim that I am an atheist. No one would really care. But here in the midwest...there are times I think that if I state as such, I might get a lynch mob formed for hinting at it.
I am a little disappointed at El Reg for using the word "monkeys". There's a notion used by Evolution bashers and more that describe evolution as claiming that we're related to monkeys, which is simply not true. Our closest common relative in the modern primate world via evolution are Chimpanzees, not 'monkeys'.
"Christine O'Donnell, has stated that evolution is no more than a "theory""
As someone's no doubt said, so is gravity. So are a lot of things that we take for granted in the world. So is creationism, if you want to get down to it.
I'd be more than happy to allow creationists to teach in classrooms as long as they A) Keep religion out of it (as much as possible, trying to keep a neutral environment in schools) and B) Properly inform students of what it is (a theory, just as much as evolution) and C) Give the facts and evidence of each. Any student who will question and show the slightest shred of critical thinking and logic will pick the obvious choice.
Google data center links shot down by 'bored' riflemen
Google dismisses engineer who violated privacy policy
Email worm wants to party like it's 1999 (almost)
Friday 10th September 2010 15:55 GMT
Excellent point, Bob
I made the same comments about the iPhone, back when it was first coming out (the very original), and within a week, someone had found an exploit or was circulating malware. I said, over and over, the more popular a system is the higher the liklihood of having viruses and other forms of malware written/introduced for it.
If Mac or Linux were taking up 80% of the market suddenly, I guarantee you they'd be found as an insecure OS due to the sheer number of vulnerabilities that people would be finding. Hell, if you want to think Linux is secure completely, go look at a patching list, like Red Hat's. See how many patches are released each month to cover vulnerabilities within the OS and subsystems that are installed by/come with the OS.
Texan cooks up deep-fried Guinness
VW to eliminate worst road hazard: drivers
Drunken employee pops cap in server
Inmate-frying microwave pain blaster turret installed in US jail
Tuesday 24th August 2010 15:11 GMT
No.
"You'll be talking about exposed core or "dumdum" rounds"
You're talking about hollow-point rounds, I think. I haven't heard anyone use the term "dumdum" rounds in a long time. They have a divot in the center of the bullet, nose-first, along with cuts down the sides to adjust how they expand.
"Meanwhile, the world's military have moved en masse to usiing deformable nose or "tumbling" bullets"
No, most of the militaries out there use either regular FMJ (full metal jacket) rounds or steel-core rounds. "Deformable" noses would be soft-point bullets, which are mostly used by hunters. Steel core rounds are for extra stability to the round as well as imparting a mild armor-piercing effect (although true AP rounds have hardened steel penetrator cores and a steel jacket).
Facebook broadcasts your location in meat space
Shopping mall mulls Supreme Court bid to back no-speaking ban
Rise in Latvian botnets prompts Spamhaus row
Friday 13th August 2010 14:40 GMT
Precisely!
My own servers & networks have large chunks of addresses blacklisted due to a high chance of crap coming from them. For example, China and Korea. I used to maintain a forum for my first employer and I set up large banlists there because of bots. I only had 1 legit user come out and ask why he couldn't register, and I added an exception.
Junk mail kingpin held on child abuse charges
Turkish groom accidentally sprays wedding guests with bullets
Tuesday 10th August 2010 17:57 GMT
And...
Even if it doesn't, it's designed to kill tanks, not people. Shaped-charge + copper disc means a precise hit. Despite what you see in movies and video games, the standard AT warhead on an RPG-7 has a very limited blast range. Now, the OG-7V warhead, which is a long tube designed to fragment and spray shrapnel on the other hand...
Monday 9th August 2010 20:34 GMT
Precisely!
"This is why you train in the use of a weapon before you go around shooting it."
When I've taught people how to shoot, I show them all the features on the firearm and shoot a few rounds off first to show them what it's like, plus teach posture, form, etc. If you start firing any round on automatic, even the low-recoil .22LR, you might get spooked and drop the weapon which could cause a slam fire.
Monday 9th August 2010 20:34 GMT
Wrong!
"you should at least set the thing in "semi-auto" (3-round bursts) or single shot"
Semiautomatic is NOT burst-fire. Burst fire is fully automatic, but with a reset after a certain number of shots have been fired. Semiautomatic is one cartridge expended per trigger pull. Single shot would likely encompass any weapon that requires manual reloading between shots, like a pump/lever/bolt action firearm or a single-shot firearm (like a breech-loaded shotgun).
Saudi Arabia beats UAE to BlackBerry ban
Wednesday 4th August 2010 16:42 GMT
Killer feature? Not really.
"Push email, long the killer feature for BlackBerrys, is standard smartphone fare these days,"
Fuck no. Push e-mail is a moronic idea. Especially when you have some person who has their e-mail hosted on a third-party source and all of a sudden it stops working and the fault -- surprise, surprise! -- is on RIM. And now you have to go and push RIM to convince them, yes, it is their fault, and to fix the problem. Which is not an easy task.
Adobe confirms remote code-execution flaw in Reader (again)
Hack uses Google Street View data to stalk its victims
Tuesday 3rd August 2010 20:54 GMT
Not compelling
The two requirements for this are major 'if's. For starters, it would require someone to be on a network that is completely open (either with default credentials, which is the more likely scenario, or on a router that doesn't require authentication to get to the admin page (of which I've seen none)). Given how I'm seeing fewer and fewer open wifi networks out there there's very little chance for this to take root. It also requires Google Maps to have cached the area. That means only someone with a wifi signal strong enough to be broadcasted to a Googlecar or more likely, living in proximity to a street where a Googlecar would be bothered going through, is at risk.
Sorry, buddy. Not very likely.
Fake Firefox update used to sling scareware
Friday 30th July 2010 15:55 GMT
Seems to be some confusion
El Reg should fix the article since it's not clear.
There is a completely legitimate page that appears very similar to the one the VXers use that also informs you to upgrade Flash. However, it DOES lead to Adobe's site and goes through the regular channels to update Flash. What this fake version does is appears to give you an upgrade, but when you attempt to use the 'upgrade flash' link, it has you download a payload.
Read the F-Secure article, folks.
Also: "In related news, McAfee warned earlier this week that VXers were offering a Trojan disguised as trial versions of its VirusScan anti-virus software."
So it's going to perform like regular McAfee - slow, bloated and does no good at all?
TalkTalk turns StalkStalk to build malware blocker
Monday 26th July 2010 21:37 GMT
Wrong
Reading any information not destined to you is intercepting communications. Imagine if TalkTalk stumbled upon some sensitive data that's not to be released to the public (confidental private/company docs, gov/mil/edu docs that are nocirc, etc.). They'd be accountable for it as the logs would plainly see and could easily be sued or have criminal proceedings on them for it. It doesn't matter if that agency or entity's security is poor, it would easily stand up that TalkTalk used an exploit (since I doubt their system does any error checking to see whether or not the URL is "followable", using blind logic).
Monday 26th July 2010 21:37 GMT 
Charges?
As someone who's worked in the web hosting industry before, I have to wonder how much scraping TalkTalk is doing on sites it "checks". Does it just grab the page and scan, or does it download the entire shebang and run it through some heuristics engine? If it's the latter, I have to wonder just how much they're costing webmasters in bandwidth fees.
Bandwidth is NOT cheap, folks!
vBulletin vuln gifts admin credentials to unwashed masses
Judas Phone: more Photoshop tomfoolery
Raptor over Blighty: Watch the stealth fighter in infrared
Wednesday 21st July 2010 21:24 GMT 
Yet more
"Good guys: A $Bn fighter aircraft capable of evading any other $Bn fighter aircraft
Bad guys: A road side bomb that kills the pilot"
Exactly. You simply CANNOT compare the F-22 and the Typhoon at all. The F-22 is a 5th gen air superiority fighter, designed exclusively to combat enemy planes. It's best effort is a set of JDAM-equipped Mk83 (1000lb) bombs internally, which reduces how much anti-air power it can carry.
If you want to compare a US-made fighter to the Typhoon, compare the F-35. It IS a multi-role fighter, capable of carrying more firepower (internally AND externally) and capable of taking on many different targets. Hell, it can carry Mavericks and JSOWs, something that the F-22 can't. It has superior stealth and flight tech.
If you want a better aircraft to compare to the Typhoon in terms of tech and cost, look at the F/A-18 Hornet (or better yet, Superhornet).
Wednesday 21st July 2010 13:52 GMT
Raptor
"That's in the same price range as a Raptor (just 185 Raptors are to be made, which has pushed their unit price up)."
Well, the Raptor may not be made anymore. The latest 2010 funding has no space for them, and there is a law banning export of this craft (not so with the F-35 IIRC). They're great air superiority fighters, and are meant for that. Their primary armament is AMRAAM missiles, which are Air-to-Air (not Air-to-Ground).
"The F-22 does not have hardpoints"
WRONG. The F-22 and F-35 both have external hardpoints (F-22 has 4, 2 each wing, and the F-35 has 6, 3 each wing). However you are correct about diminishing stealthiness. As it breaks angles (and missiles have all kinds of right angles) it makes it have a much larger radar signature. Without external stores, the F-22 is described as having a "radar signature of a steel marble".
Google Chrome bug bounty ups Mozilla's ante
FBI hunt gun-waving, skateboarding bank robber
US data firm blows s**t out of server
Saturday 21st November 2009 07:38 GMT
Re: Dalen
It's not that hard, depending upon the state you live in. If you live in a state that doesn't prohibit the use of suppressors, you just fill out a form, send it to the ATF, pay a fee, and there you go, you get a tax stamp to transfer or construct a suppressor to you. That's it. It's expensive, sure, but not that hard.
Wednesday 18th November 2009 23:59 GMT
MP5?
I don't see a MP5 in there. I see someone with what looks like a GSG-5 (with a real suppressor over the fake can that comes with it) shooting at the equipment.
btw: most guns in the US are not suppressed or automatic. It takes a lot of paperwork and money to get automatic weapons. Most civilians who legally own weapons use simple semiautomatic or bolt-action/pump-action/lever-action weapons. It costs a lot of money (we're talking several thousands) to get a legal automatic sear or an automatic weapon and anywhere from a $200 to $400 fee to get approved by the ATF, not to mention requiring a Chief Law Enforcement Officer to sign off on it (or barring that, a trust, which is more money).
Those hicks/yokels/rednecks/etc. that you see shooting automatics and lobbing grenades/cannons/etc. constitute less than 5% of the lawful gun-owning populace.
Kanye West death prank used to sling scareware
Firms still struggling with data security standard
Monday 28th September 2009 09:16 GMT
PCI is crap.
"PCI compliance doesn't cost extra money/budget. Neither does it take longer to implement or more effort to maintain. To be PCI compliant all you have to do is follow best practices and stop being lazy with procedures and systems."
You've absolutely never ever done it before, have you? Next time you decide to talk shit, take a deep breath and pull your head out of your ass.
You have to pay a firm to become PCI compliant. And if you handle your website through a hosting company, they may have to make you compliant if you don't have an in-house team that can handle it. It becomes especially tricky if your site is being managed through a control panel, since there are tons of businesses that have them since there are TONS of tech-illiterate folks out there. And the hosting company will charge fees (likely) and take time.
Ask me how I know this. Go ahead, ask me. I used to work at a webhost, I've seen this far too often.
They go beyond "best practices". They check all kinds of asinine stuff. For example, if you run the Plesk CP, which listens on port 8443 (and uses a completely different HTTP daemon for the CP as compared to the one for serving web content, lighttpd vs. Apache), and the port is open, they'll detect an open port that has poor encryption even though it has 0 relevance to your site, and flunk you. And different firms will have different regulations. One of the customers at my last job had a firm that would give them things to fix every day, refusing to certify them until he finally told them enough was enough, certify or I go to the prosecutors. Some barely do anything, and will certify you on a whim.
PCI/DSS is utter garbage and does nothing to fix the problem.
Fraudsters add IM to phishing attacks
Monday 21st September 2009 09:41 GMT
Been like this for a while
I get an occasional call from "Verizon" wireless, claiming that I am on track to running overages. First thing I get with the foreigner on the line is a request for my phone number, my social and something else (can't remember what else it is they want), but basically with it they get free reign to use your account to buy whatever they want.
Biting the hand that feeds IT
