Posts by artbristol 34 publicly visible posts • joined 5 Apr 2012
Causing a crash by typing in too much text does not mean you found a buffer overflow. Could just as easily be a validation mismatch between front and backend. You don't even know if the program is written in a memory-unsafe language like C.
And if I may play the man not the ball, this security researcher doesn't even have HTTPS on his blog.
Obviously it's not end-to-end. Microsoft must hold the encryption keys, otherwise how would an arbitrary recipient decrypt the message?
The link you provide is to the desktop app, which supports S/MIME, which *is* end-to-end, but users need to deal with keys.
Check the Oracle whitepaper (http://www.oracle.com/technetwork/java/javase/javaclientroadmapupdate2018mar-4414431.pdf)
> Swing and AWT will continue to be supported on Java SE 8 through at least March 2025, and on Java SE 11 (18.9 LTS) through at least September 2026.
> Oracle has begun conversations with interested parties in the Java ecosystem on the stewardship of JavaFX, Swing and AWT beyond the above referenced timeframes.
They're ditching them, just like they've ditched Glassfish, Java EE, Hudson, and others.
"Modern data looks a lot more like Amazon DynamoDB or Microsoft Azure CosmosDB than the neat ones and zeroes of relational databases of yesteryear. "
Don't believe the hype. A well factored relational database will look after gigabytes of your data for years and years. Not everyone is running Netflix.
Snaps include their own dependencies, a bit like a statically compiled binary.
To push them as a solution for software vulnerabilities is perverse. If a hole is found in an old-style unix library, it alone can be patched and all its traditional, dynamically-linked, dependencies are automatically protected (you may need a reboot). With snaps, you need every single snap that uses it to be updated.
Not trying to downplay the severity of this, but is it actually a C-style memory-corruption buffer overflow?
The patch to fix it just adds a maxLength to an XML file describing a screen layout. Maybe the lock screen just runs out of memory and is killed. There are plenty of badly written webapps that would crash if you put too long a string into an input field, but you're not exploiting a buffer overflow by doing that.
I think the old setting of click-to-play was the best.
Now if you're a developer you have to figure out whether chrome is going to relegate your flash to 'inessential'. This is the kind of thing Microsoft used to do with IE. 'Enhance' the user experience at the expense of standards.
"The other restrictions that had already been identified by Qualys ... are, Cisco says, quite unlikely in any real-world application."
Yeah I'm sure a hacker wouldn't dream of making up a hostname that fit those restrictions.
Reminds me of the time I was re-educating a developer on SQL injection, and asked him what would happen if there was a quote in a user-supplier input:
"Chances are less"
... sigh ...
...was lost a long time ago. Not to say antivirus is useless, it'll prevent maybe 50% of rootkit infections - but there are advanced nasties out there, and most of them don't play random audio, so you're never going to know you've been compromised.
Prevention is better than cure these days - run noscript, don't open email attachments, reimage regularly etc.
Unicode is a good standard and it was written by clever guys. There's nothing wrong with Unicode's approach of mapping each character to a code point, and adding an intermediate step requiring encoding it into bytes. Far better than the ugly mess of codepages that preceded Unicode.
UTF-8 is part of Unicode and it's a damn good encoding.
Tim Worstall wouldn't be happy with this article. Mobile operators will charge high prices based on market demand, not based on what they paid for the auction. Failing to auction the licence is basically putting money in the pockets of the shareholders of the mobile operators.
"MD5, a cryptographic hash function that's known to be insecure."
MD5's insecurities are nothing to do with its unsuitability for storing passwords; it's failing to salt the password (and to iterate the hash function to slow it down) that's the problem. And the quoted guy is a 'security researcher'?
The problem in Australia is politics - it's ten times worse than in the UK. 'Normal' water consumption (domestic, industry etc.) is dwarfed by consumption by farmers. There is no need for the dry south east of Australia to be growing that much food, when it could be grown and imported from the wetter north.
And of course, politicians there prevent the price of water from varying enough to put the farmers out of business, which it blatantly would if domestic users were allowed to compete in a free market for it.
0800 numbers are a ridiculous hangover from when people cared about the cost of landline calls - surely most people must be on an unlimited-landline-calls package by now. My £15/month mobile plan provides it all the time AND my basic Talk Talk package includes it on evenings and weekends.
Companies, PLEASE just give us an 03 or geographic number and forget about freephone!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
