Ouch
I didn't know some of these things about Kaspersky. Nevertheless, I've never really liked it as a feasible product. It sounds too fishy to me. But they have a track record far worse than McAfee!
217 publicly visible posts • joined 20 Jun 2007
The first time this came out and I tried scrolling up and down the page with my arrow keys, I wondered why the page wouldn't scroll. Then I noticed the blue arrow and how it reacted.
This is probably the worst 'improvement' Google's made to search. Not everyone uses one window and one tab for anything. With the prevalence of tabbed browsing, I often open multiple tabs of the same search results just in case the first isn't what I was looking for.
"surfers are entitled to expect higher standards of website security from Symantec-branded sites than from your average mom and pop website"
Anyone remember how the "Hacker Safe" logos did absolutely nothing for security? In fact, for the longest time, XSS wasn't considered a security problem, and some 10k sites went exploited by XSS while still wearing the Hacker Safe badge? Give me a break.
Honestly, they need to focus on the civilian applications of these objects first. Once they get them perfected to civilian standards (not too hard), they can focus on the up-armoring, mount points for gear, mobility issues, etc. Military standards are way more exacting than civilian ones, why not try to get a base market for it going then work on improvements and gain more interest that way?
Wait, that would make sense.
"The account suggests that Google is going after the lowest level offenders, the narcotics equivalent of the corner dealer selling nickle bags."
That's because the higher-ups are operating outside the US or using 'bulletproof' hosting to get away with it, so those takedown notices sent by Google get laughed at. Also, they're probably poisoning the search results to include their wares, exploiting the flaws in the Google search algorithm that's been a game of cat-and-mouse since day 1.
That despite having some really bright minds in this country, we have people who still believe -- and try to force others to believe -- in antiquated notions. Back when I lived in San Diego, an area that's heavily Catholic due to the influx of Hispanic immigrants, I could proudly openly exclaim that I am an atheist. No one would really care. But here in the midwest...there are times I think that if I state as such, I might get a lynch mob formed for hinting at it.
I am a little disappointed at El Reg for using the word "monkeys". There's a notion used by Evolution bashers and more that describe evolution as claiming that we're related to monkeys, which is simply not true. Our closest common relative in the modern primate world via evolution are Chimpanzees, not 'monkeys'.
"Christine O'Donnell, has stated that evolution is no more than a "theory""
As someone's no doubt said, so is gravity. So are a lot of things that we take for granted in the world. So is creationism, if you want to get down to it.
I'd be more than happy to allow creationists to teach in classrooms as long as they A) Keep religion out of it (as much as possible, trying to keep a neutral environment in schools) and B) Properly inform students of what it is (a theory, just as much as evolution) and C) Give the facts and evidence of each. Any student who will question and show the slightest shred of critical thinking and logic will pick the obvious choice.
I made the same comments about the iPhone, back when it was first coming out (the very original), and within a week, someone had found an exploit or was circulating malware. I said, over and over, the more popular a system is the higher the liklihood of having viruses and other forms of malware written/introduced for it.
If Mac or Linux were taking up 80% of the market suddenly, I guarantee you they'd be found as an insecure OS due to the sheer number of vulnerabilities that people would be finding. Hell, if you want to think Linux is secure completely, go look at a patching list, like Red Hat's. See how many patches are released each month to cover vulnerabilities within the OS and subsystems that are installed by/come with the OS.
"You'll be talking about exposed core or "dumdum" rounds"
You're talking about hollow-point rounds, I think. I haven't heard anyone use the term "dumdum" rounds in a long time. They have a divot in the center of the bullet, nose-first, along with cuts down the sides to adjust how they expand.
"Meanwhile, the world's military have moved en masse to usiing deformable nose or "tumbling" bullets"
No, most of the militaries out there use either regular FMJ (full metal jacket) rounds or steel-core rounds. "Deformable" noses would be soft-point bullets, which are mostly used by hunters. Steel core rounds are for extra stability to the round as well as imparting a mild armor-piercing effect (although true AP rounds have hardened steel penetrator cores and a steel jacket).
My own servers & networks have large chunks of addresses blacklisted due to a high chance of crap coming from them. For example, China and Korea. I used to maintain a forum for my first employer and I set up large banlists there because of bots. I only had 1 legit user come out and ask why he couldn't register, and I added an exception.
Even if it doesn't, it's designed to kill tanks, not people. Shaped-charge + copper disc means a precise hit. Despite what you see in movies and video games, the standard AT warhead on an RPG-7 has a very limited blast range. Now, the OG-7V warhead, which is a long tube designed to fragment and spray shrapnel on the other hand...
"This is why you train in the use of a weapon before you go around shooting it."
When I've taught people how to shoot, I show them all the features on the firearm and shoot a few rounds off first to show them what it's like, plus teach posture, form, etc. If you start firing any round on automatic, even the low-recoil .22LR, you might get spooked and drop the weapon which could cause a slam fire.
"you should at least set the thing in "semi-auto" (3-round bursts) or single shot"
Semiautomatic is NOT burst-fire. Burst fire is fully automatic, but with a reset after a certain number of shots have been fired. Semiautomatic is one cartridge expended per trigger pull. Single shot would likely encompass any weapon that requires manual reloading between shots, like a pump/lever/bolt action firearm or a single-shot firearm (like a breech-loaded shotgun).
"Push email, long the killer feature for BlackBerrys, is standard smartphone fare these days,"
Fuck no. Push e-mail is a moronic idea. Especially when you have some person who has their e-mail hosted on a third-party source and all of a sudden it stops working and the fault -- surprise, surprise! -- is on RIM. And now you have to go and push RIM to convince them, yes, it is their fault, and to fix the problem. Which is not an easy task.
The two requirements for this are major 'if's. For starters, it would require someone to be on a network that is completely open (either with default credentials, which is the more likely scenario, or on a router that doesn't require authentication to get to the admin page (of which I've seen none)). Given how I'm seeing fewer and fewer open wifi networks out there there's very little chance for this to take root. It also requires Google Maps to have cached the area. That means only someone with a wifi signal strong enough to be broadcasted to a Googlecar or more likely, living in proximity to a street where a Googlecar would be bothered going through, is at risk.
Sorry, buddy. Not very likely.
El Reg should fix the article since it's not clear.
There is a completely legitimate page that appears very similar to the one the VXers use that also informs you to upgrade Flash. However, it DOES lead to Adobe's site and goes through the regular channels to update Flash. What this fake version does is appears to give you an upgrade, but when you attempt to use the 'upgrade flash' link, it has you download a payload.
Read the F-Secure article, folks.
Also: "In related news, McAfee warned earlier this week that VXers were offering a Trojan disguised as trial versions of its VirusScan anti-virus software."
So it's going to perform like regular McAfee - slow, bloated and does no good at all?
Reading any information not destined to you is intercepting communications. Imagine if TalkTalk stumbled upon some sensitive data that's not to be released to the public (confidental private/company docs, gov/mil/edu docs that are nocirc, etc.). They'd be accountable for it as the logs would plainly see and could easily be sued or have criminal proceedings on them for it. It doesn't matter if that agency or entity's security is poor, it would easily stand up that TalkTalk used an exploit (since I doubt their system does any error checking to see whether or not the URL is "followable", using blind logic).
As someone who's worked in the web hosting industry before, I have to wonder how much scraping TalkTalk is doing on sites it "checks". Does it just grab the page and scan, or does it download the entire shebang and run it through some heuristics engine? If it's the latter, I have to wonder just how much they're costing webmasters in bandwidth fees.
Bandwidth is NOT cheap, folks!
"Good guys: A $Bn fighter aircraft capable of evading any other $Bn fighter aircraft
Bad guys: A road side bomb that kills the pilot"
Exactly. You simply CANNOT compare the F-22 and the Typhoon at all. The F-22 is a 5th gen air superiority fighter, designed exclusively to combat enemy planes. It's best effort is a set of JDAM-equipped Mk83 (1000lb) bombs internally, which reduces how much anti-air power it can carry.
If you want to compare a US-made fighter to the Typhoon, compare the F-35. It IS a multi-role fighter, capable of carrying more firepower (internally AND externally) and capable of taking on many different targets. Hell, it can carry Mavericks and JSOWs, something that the F-22 can't. It has superior stealth and flight tech.
If you want a better aircraft to compare to the Typhoon in terms of tech and cost, look at the F/A-18 Hornet (or better yet, Superhornet).
"That's in the same price range as a Raptor (just 185 Raptors are to be made, which has pushed their unit price up)."
Well, the Raptor may not be made anymore. The latest 2010 funding has no space for them, and there is a law banning export of this craft (not so with the F-35 IIRC). They're great air superiority fighters, and are meant for that. Their primary armament is AMRAAM missiles, which are Air-to-Air (not Air-to-Ground).
"The F-22 does not have hardpoints"
WRONG. The F-22 and F-35 both have external hardpoints (F-22 has 4, 2 each wing, and the F-35 has 6, 3 each wing). However you are correct about diminishing stealthiness. As it breaks angles (and missiles have all kinds of right angles) it makes it have a much larger radar signature. Without external stores, the F-22 is described as having a "radar signature of a steel marble".
It's not that hard, depending upon the state you live in. If you live in a state that doesn't prohibit the use of suppressors, you just fill out a form, send it to the ATF, pay a fee, and there you go, you get a tax stamp to transfer or construct a suppressor to you. That's it. It's expensive, sure, but not that hard.
I don't see a MP5 in there. I see someone with what looks like a GSG-5 (with a real suppressor over the fake can that comes with it) shooting at the equipment.
btw: most guns in the US are not suppressed or automatic. It takes a lot of paperwork and money to get automatic weapons. Most civilians who legally own weapons use simple semiautomatic or bolt-action/pump-action/lever-action weapons. It costs a lot of money (we're talking several thousands) to get a legal automatic sear or an automatic weapon and anywhere from a $200 to $400 fee to get approved by the ATF, not to mention requiring a Chief Law Enforcement Officer to sign off on it (or barring that, a trust, which is more money).
Those hicks/yokels/rednecks/etc. that you see shooting automatics and lobbing grenades/cannons/etc. constitute less than 5% of the lawful gun-owning populace.
"PCI compliance doesn't cost extra money/budget. Neither does it take longer to implement or more effort to maintain. To be PCI compliant all you have to do is follow best practices and stop being lazy with procedures and systems."
You've absolutely never ever done it before, have you? Next time you decide to talk shit, take a deep breath and pull your head out of your ass.
You have to pay a firm to become PCI compliant. And if you handle your website through a hosting company, they may have to make you compliant if you don't have an in-house team that can handle it. It becomes especially tricky if your site is being managed through a control panel, since there are tons of businesses that have them since there are TONS of tech-illiterate folks out there. And the hosting company will charge fees (likely) and take time.
Ask me how I know this. Go ahead, ask me. I used to work at a webhost, I've seen this far too often.
They go beyond "best practices". They check all kinds of asinine stuff. For example, if you run the Plesk CP, which listens on port 8443 (and uses a completely different HTTP daemon for the CP as compared to the one for serving web content, lighttpd vs. Apache), and the port is open, they'll detect an open port that has poor encryption even though it has 0 relevance to your site, and flunk you. And different firms will have different regulations. One of the customers at my last job had a firm that would give them things to fix every day, refusing to certify them until he finally told them enough was enough, certify or I go to the prosecutors. Some barely do anything, and will certify you on a whim.
PCI/DSS is utter garbage and does nothing to fix the problem.
I get an occasional call from "Verizon" wireless, claiming that I am on track to running overages. First thing I get with the foreigner on the line is a request for my phone number, my social and something else (can't remember what else it is they want), but basically with it they get free reign to use your account to buy whatever they want.