|
Looks like someone who was just fooling around to see if the bug was real, I bet a lot of people did the same without realizing they were truly doing something illegal simply in the interests of seeing if it worked. I hope he learns a lesson without it ruining his life.
|
|
|
|
|
"Illegal" ? It's not that you gained access to the remote system, execing remote commands, and (optionally) profit from this. I brought down the city hall server testing the same vulnerability.
Imagine this conversation:
Client: 00 18 00 13 31 00
Server: here's my apache and PHP loader, take a handle to apache and maybe grab some url with user/pass in clear
Client: Ha?
What's next? Send a PNG with vulnerability and read memory of shell32.dll? Oh, it has been done already.
I think the term hacker is used every time one have XP installed with empty password and green grass as wallpaper.
It's not that the guy was pumping day and night fragments to the server in order to make the server bonk. Even so, it's the server's problem. At least, this is how I see things.
|
|
|
|
|
But the professional criminals of NSA & Co won't be arrested...
|
|
|
|
|
I hope they catch some serious flak for this one - ignoring a critical vulnerability like this for 2 years so they could exploit it put many individuals and business' data at risk.
I doubt it though, NSA/GHCQ seem to have carte blanche to do whatever they want in the interest of "National Security".
"If you don't fail at least 90 percent of the time, you're not aiming high enough."
Alan Kay.
|
|
|
|
|
Even though Google does not have a Heartbleed problem, a large number of Android users may still be at risk. And now 'reverse Heartbleed' triple-salchows itself into our hearts
|
|
|
|
|
Way to work the word salchow into the conversation.
I've heard Scott Hamilton pronounce this word a zillion times over the years as I've watched (accidentally) Olympic figure skating, but I've never known how it might be spelled.
For the disincluded :
[salchow - a jump in which the skater leaps from the back inside edge of one skate, making one full rotation of the body in the air, and lands on the back outside edge of the other skate.]
You always have nice phrase-turning here. Keep on.
|
|
|
|
|
newton.saber wrote: You always have nice phrase-turning here. Keep on.
Thank you for the kind words!
TTFN - Kent
|
|
|
|
|
One of the most interesting things about Microsoft’s new Cortana search assistant has just gone live for those early adopters of it: integration with Bing’s search results. Cortana, find me the URL for Google.com
update: Bother. May not be available outside the US.
|
|
|
|
|
Coverity, a company specializing in software quality and security testing solutions, finds that open source programs tend to have fewer errors than proprietary programs. Not counting OpenSSL
Defect Density is a great band name idea
|
|
|
|
|
Here is an interesting conundrum for Google: it has created an algorithm that’s significantly better at reading street numbers in Street View images, which helps it give you more accurate directions. At the same time, though, it turns out that this algorithm is so good, it can decipher 99 percent of CAPTCHAs (those squiggly text puzzles you often have to solve to prove you are human). So now people will post login screens to their houses to get Google to solve them?
|
|
|
|
|
Kent Sharkey wrote: So now people will post login screens to their houses to get Google to solve them? No, dude. Now people can finally replace the street number on their house with CAPTCHAs
Soren Madsen
"When you don't know what you're doing it's best to do it quickly" - Jase #DuckDynasty
|
|
|
|
|
There we go: I knew there had to be a solution.
TTFN - Kent
|
|
|
|
|
More and more of the customers I have been talking to have been leveraging threat modeling as a systematic way to find design-level security and privacy weaknesses in systems they are building and operating. I wish I met those same customers
|
|
|
|
|
This nasty little company is cold-calling people from a hidden caller ID and telling people that they're receiving errors from their Windows computers. Receiving errors from a Windows computers is believable, Microsoft trying to call to fix those errors is not.
|
|
|
|
|
Over the last year or two we've had a few of these calls at my house.
I've never answered them but I've always wanted to lead them on and get them to scramble for information that they don't know.
|
|
|
|
|
For god's sake, only SD times could consider this news - I've been receiving calls like this for the last 5 years.
I like winding them up and pretending to go along with their instructions - but pretending that some fault with Windows is preventing me accessing the site. On one occassion I left him on the line for 15 minutes while I "checked the cables".
We may as well run up their phone bills.
"If you don't fail at least 90 percent of the time, you're not aiming high enough."
Alan Kay.
|
|
|
|
|
I have suspect SD Times is secretly being run by InfoWorld because it's easier to make themselves look good by creating an even more wretched pile of fail than to actually create content worthy of being read.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
You could be right, but that would imply a level of cunning that I'm unconvinced either publication capable of.
I think in IT, the aphorism "Those who can't, teach" can be adapted to "Those who can't, write about it".
(Excepting the excellent staff working on this web site of course, Kent does that earn me brownie points?)
"If you don't fail at least 90 percent of the time, you're not aiming high enough."
Alan Kay.
|
|
|
|
|
Troy Hunt is the master at that game! If you've got a couple of hours to spare, some of his videos are hilarious.
http://www.troyhunt.com/search/label/Scam[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I will have to look at that later, the first image that came up looked distinctly NSFW.
Maybe I'll pick up some tips
"If you don't fail at least 90 percent of the time, you're not aiming high enough."
Alan Kay.
|
|
|
|
|
Yeah, the last scammer who called ended up trying to convince Troy to buy him a subscription to a porn site.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I've had dozens of these. There's plenty of blog postings about people who have been called and let the perps down the proverbial garden path.
The best I've managed was about 15 mins and then they hung up on me. Hey - everyone needs a hobby, right?
cheers
Chris Maunder
|
|
|
|
|
Reduces after-retirement support costs for large enterprises as much as 95%. XP: the gift that keeps giving
|
|
|
|
|
Despite that, I think it already turned into a nightmare for them. Kudos for their long-time support on Windows, but I think XP is pushing it a bit too far. I mean, who would still expect support for Mac OS 10.1 today? XP already gained some kind of life-time support (not the lifetime of the product, of course, I'm talking about the user) in comparison.
|
|
|
|
|
Kendo UI Core includes 24 of the UI widgets currently in Kendo UI Web (AutoComplete, DatePicker, Tooltip, etc.), all of the widgets and features formerly available under Kendo UI Mobile, and all of the core framework features of Kendo UI (DataSource, SPA, MVVM, etc). Kendo UI goes open source
|
|
|
|