Totally flaming awesome!!!
It's a grand world where amazing things happen. Please keep the wondrous software and firmware coming into our lives for the beauty they bring!
413 publicly visible posts • joined 11 Sep 2007
Cisco enabled... They haven't had a very good security track record. The latest fixes are mostly a testament to how much they've been resting on their laurels and seem to be a way of pointing fingers elsewhere to try gaining back some cachet of responsibility and forward planning.
If you're brain dead to checking out the technology you buy, convenience always has a neat price...
Meh, whatever... You probably are ok in a sea of blithering data and have escaped so far.
There will always be another interesting method of compromise once you've closed this hole.
Humorously, we'll find that an OS with the latest patches available, web browser with downloads disabled, minimal acceptance of file types and email clients that only accept a minimum of file attachments will be about as safe as we can get for the next couple months... (RIP Bloated AV Suites)
Maybe time to start thinking about that mission specialized barebones *nix box if you don't already have one.
Can't we just put the stupid package to permanent death already. I've given up on the games as an enticement to keeping Smash Player loaded several years ago, and would like to see any accounting package (Sage, you're in the crosshairs) that demands Flash Player be loaded for part of their software display interface to be removed from the planet.
Sun/Oracle Java doesn't need to be installed on the system for this to operate, it's not Java Byte Code.
crapware is to manufacturer bloatware
as possible low grade fertilizer is to agent orange defoliant.
Often never updated more than once or twice after installation, the best way of handling all that manufacturer junk is to remove it with extreme decontamination level set and hope that there's no residual breakdown poison remaining in your OS.
Funny how you don't have to buy cheap Android equipment either to be caught in the patch quagmire. It's abysmally bad all around. The "business" models my company paid for were promoted for their performance and support and cost a little bit more, but at 18 months were basically unsupported when it came to OS upgrades. And the companies with garbage support can be some of the mainstream types that tout their excellence in all other fields, until it comes down to Android.
I've been told to quit whining about the lack of OS updates on the Samsung and HP abandonware that I stupidly bought because even though the last OS upgrade was a year and a half ago, I only had to worry if I had enabled downloading apps from anywhere else but the Google Store. Google Knows Best, serves out the very thing I was told by various Android FanBois that I didn't have to worry about as long as I didn't install from untrusted sources or root my tablet.
start looking for HTML5 vulnerabilities, our cash cows, Java and Flash are being taken away from us.
Oh, and Apple's still recommending Quicktime installation despite the somewhat nebulous security warning from them about their abandonware.
Grott E. Hacker
As soon as Stooge Software, err, ahem, Sage stops pushing it for their Visual Workflows tripe.
Their SOP install for their Sage 100 product leaves the central server wide open for ransomware takedown. You'd think that Client Server meant that the client wouldn't run with enough rights on the server to directly access and modify files, oh, who am I kidding. Every workstation on the network should automatically have read/write access to the data table files, 'cause, you know, Crystal Reports... even though it's only server processes on the server that actually modify the files.
World War III will begin with various nations ramping up their weaponry to include all sorts of hypersonic warhead delivery systems, advanced cruise missiles and cyberwarfare initiatives.
The trigger will be a 10 thousand year solar event and an itchy, ill-educated button finger recently removed from scratching a well-fed upper class behind.
Oh, you mean that awesome computer performance enhancement tool? We used it company-wide in our Windows XP days to revitalize our network and get an extra year out of the workstations so we could afford our Windows 7 roll-out. Good to know it has other world improving uses!
require companies to either build a backdoor into their encryption systems or use an encryption method that can be broken by a third party
And by federal mandate, all federal, state and municipal entities, law enforcement military and intelligence and any other unspecified government entity must use said encryption systems and methods.
No governmental, commercial entity or person is above the law.
Thank goodness the only installation of Java I have runs on a VirtualBox VM used for the single purpose task of router management. It's been a pleasure stomping it out and not having to worry about the panicked upgrade cycle on the network for about a year now.
Adoobie Trash, Murdersloth SliverBlight been exorcised as well. Sigh...
<quote>“So you decided to encrypt the giant database at rest – but you have automated queries coming in from other systems, all day."
“All those other systems have copies of the keys – you have copies of the keys all over the place. It's hardly any different to the data not being encrypted.”</quote>
Heh, the same argument as used against backdoors. All those keys sitting around just waiting to be extracted and exploited.
Next time around, please put a joke alert on. While a good portion of Apples software engineering and hardware R&D might be done in the US, I'd like to see a list of who builds iPhones in the US. It's got to be a pretty short to non-existent list...
Also, last I heard, Taiwan hasn't been taken over by Mainland China yet... and that's where Foxconn is based so we have a mix of their Mainland China locations that are Communists waiting to be rebranded as Extreme Communists and Taiwanese who will laugh at you...
This is a "no shit" type of finding. Yes, there is metadata that is used in the establishing of connections and outside of the encrypted connection that can be statistically and directly analyzed to identify the two stations exchanging information. We've known this all along unless we were hiding under a rock.