Posts by cotsweb 19 publicly visible posts • joined 24 May 2012
The malicious code wasn't generic, it was specifically crafted to work with the BA website then added to BA's copy of a third party library.
I still haven't seen any report about how the code got into their codebase, that bit at least looks like malice. Including the malicious code on the payments page may just be incompetence.
It isn't 100% clear to me but it looks like they managed to edit the aspx page to include the magecart script. This is similar to how they amended a local copy of the modernizr script on the BA site.
The script could be blocked by Content Security Policy but if they have access to the server they may be able to change the CSP headers too.
Does anybody know how they got the code into the page?
@Spazturtle NPM dependencies are definitely a problem but from what I have seen that isn't what happened here or in the BA case. at least not directly.
In my experience most people use just one or two passwords for everything and just one or two email addresses too. We all know that this is a bad thing but I can't even persuade my wife (who is quite tech savvy) to change her ways; what chance with the rest of the world?
Persona isn't perfect but it is a lot better version of the single password everywhere option. Who knows we might even be able to persuade people to change their passwords occasionally if they only have to change it in one place.
Extreme content should have adult verification so that children cannot access it. This stuff is damaging and will cause trauma to any ones mind.
What constitutes "adult verification"? I can't think of any viable way of verifying that a person is an adult on the internet.
Yes; I used to be with Nildram before they got swallowed by Pipex and then as you say...
Pipex. Wait, TalkTalk did what to Pipex??
I have been very happy with Zen for several years now and they still look strong, my main worry is that the politicians may eventually see past the top 4.
A quick search tells me my ISP is only number 8 in the list.
Perhaps this will be a self-selecting measure if only those who use BT, Virgin, Sky and Talk-Talk will be affected. If you care enough about it you will change to a smaller (and almost certainly better) ISP.
The majority will be "protected" and the rest of us can carry on taking responsibilty for our own lives (and those of our children).
The thing I like best about Opera is Dragonfly, other browsers have similar tools but Dragonfly works best for me. I am a little sad about the move to webkit but I understand the reasons, but I am much sadder that Dragonfly isn't in Opera 15.
http://my.opera.com/desktopteam/blog/opera-features-and-release-cycle
says And one more - Dragonfly is not dead though we cannot give you more information yet.
I do hope it makes it into 16 or 17 I would hate to lose it. In the meantime I will stick with Opera 12 which still works fine.
I found this interesting; from http://www.chromium.org/blink
"Historically, browsers have relied on vendor prefixes (e.g., -webkit-feature) to ship experimental features to web developers. This approach can be harmful to compatibility because web content comes to rely upon these vendor-prefixed names. Going forward, instead of enabling a feature by default with a vendor prefix, we will instead keep the (unprefixed) feature behind the “enable experimental web platform features” flag in about:flags until the feature is ready to be enabled by default. Mozilla has already embarked on a similar policy and the W3C CSS WG formed a rough consensus around a complementary policy."
So no more vendor prefixes! (at least in Blink) That will make the CSS tidier but it does mean we can't use shiny new features as soon as they become available in one browser.
It looks like Jolyon Smith and I have swapped places, it must be part of some programme to keep the world from spinning off it's axis.
NZ used to have a similar system to the UK but the smaller pool of licence fee payers wasn't sufficient to fund what was essentially a copy of the BBC. They had to add commercials to the NZBC channels to make up the funding shortfall, for a while they had the worst of both worlds. I guess you could say they still do but at least they don't have a separate licence fee.
I think the BBC is great but I hate the licence fee, the collection policy is very aggressive and it must be very inefficient to run a whole extra tax system to fund one goverment department.
The original blog post only seems to be talking about import/export functions, which I must confess (as a non-user) I didn't even know existed.
<quote>
Outlook has traditionally supported importing and exporting data to and from many different file formats. Many of the formats Outlook has supported are outdated and are no longer in mainstream use. Outlook will continue to support comma-separated-value (.csv) files as well as .PST files, but other file formats are no longer supported.
This list includes:
- ACT! Contact manager files
- Word 97-2003 (.doc)
- Excel 97-2003 (.xls)
- Outlook Express archives
</quote>
This may be important to some users but I suspect not to the majority.
I can't imagine that there are a lot of other businesses in Espoo who could use a building like this. And of course Nokia have to live somewhere, in their current position building a new office (even a more efficient one) probably isn't viable.
I think Nokia are probably stuck with occupying it whether they own it or lease it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
