Re-read the summary. It is a little more complex than you may realize.
Attacker inserts malicious JS code into a comment box.
JS code is viewed and thus executed by site's administrator.
JS code was specifically crafted to modify/edit PHP files on the server - a common function of WordPress, allowing the live editing of templates and plugins.
JS code then requests the newly modified PHP files from the server.
Most everyone is commenting about better security software, firewalls, VPNs, encryption, and all that shit. Isn't the article about employee training?
For example: call up a bank. Try to get the balance on someone's account. This is a task well within reason for the person on the other end of the phone, ASSUMING it is your account, right? That's the point of employee training. The human element is the weakest element of any security system. What training do these employees need in order to not leak out your private information to any random person who calls in? Is simply stating your name on the account enough? Is there more verification steps required?
An example of social engineering security policies at various companies to the extreme that can happen:
http://www.wired.com/2012/08/a...
This is why: https://tools.ietf.org/html/rf...
I'm in this weird bubble where I live. I'm currently on the city owned cable internet here in Tacoma WA. This ISP has some really shitty upstream connections depending on what site I'm trying to access. I also have Hurricane Electric's IPv6 Tunnel Broker service on my router itself, so my entire network has public IPv6 over IPv4. The route to the HE server in Seattle WA (~35mi away) seems to ALWAYS be stable. HE's backbone is also rock-solid world wide. Sites that are IPv6 enabled, I generally have a much better / faster / lower latency route to them, simply because my ISP has shit IPv4 routes leaving our local region.
Some major companies that are or are not IPv6 enabled:
google: yes
facebook: yes (interesting note: they always have
wikipedia: yes
mozilla.org: yes
amazon: no
AWS anything: mostly no (they have some half-assed thing on their load balancer service that sucks ass, but nothing else)
slashdot: no
twtter: no
microsoft.com: no
I have absolutely no idea what you're talking about! https://www.youtube.com/watch?...
It's called moderators points... which I just lost my chance to use by leaving a comment.
What about all the PCs that were shipped with valid licenses, but for whatever reason, techs (such as myself) have had to install a fresh copy of Windows on the box. Could be a failed drive, or other failed hardware, or whatever, reason doesn't matter too much. The point is that it shipped with a legit copy of Windows, and often times doesn't have a recovery disk or an OEM copy of Windows. What are we supposed to do then as techs? Tell the customer "SUCKS TO BE YOU" or "GOTTA PAY FOR THE THING YOU ALREADY PAID FOR, AGAIN" - or just suck it up and install a "non-genuine" license key on the box? Are these users totally SOL out of having a genuine upgrade to Windows 10 because the previous version of Windows that shipped with the system became broken?
You only want an ergo suggestion if it is awesome? As a software engineer, I've been using the Microsoft Narual 4000 for longer than I can remember. Before that, I had an earlier generation Microsoft ergo keyboard. Yeah, this thing is clunky, but honestly it is the most comfortable thing I've ever used for long term typing. Being a software engineer, ya'know that is an assload of typing!
OR how about just get a chain for your wallet? Sometimes low tech is the best tech. Don't lose your shit in the first place.
SIMPLE! He'll just revert the patch. Problem solved!
That number is EASY to figure out. Just look at all the revolving door jobs the IT industry has created the past few years. The largest companies don't want to high full time anymore, so they just go through temp agencies (*COUGH*MICROSOFT*COUGH*). So, once the temp hits a certain date, they're terminated and replaced by another temp (and the original temp is invited back after a certain period of time). So, with this, we just look at the cycle of temps going in/out of the tech industry. These are the "openings", which are just being filled by the same cycle of people.
So, I personally don't follow performance numbers too much these days, but I just went and did a comparison of this "new" system against my current desktop (most components are 4-5 years old inside)
Theirs:
http://www.cpubenchmark.net/cp...
http://www.videocardbenchmark....
Mine:
http://www.cpubenchmark.net/cp...
http://www.videocardbenchmark....
So, the thing barely tops my "ancient" (by today's standards) desktop computer for CPU performance. It has half the RAM (even my old 10" netbook has 8GB DDR3)
Really, I think I'll just label this article as another #Slashvertisement.
My team is spread all over the world. We've managed to do quite well using a combination of Google+ Hangouts (with their various interaction plugins) and Trello.
We use G+ for those real-time drawing and thinking sessions, and then once we get all of our thoughts organized and shared with one another, we push it out to Trello for long term storage and project management tracking.
While everyone else is bitching about ads being displayed (hey, adblock targets the CONTAINER, not the AD itself, so it is still blocked, just like static images were before!)...
I'm extremely THANKFUL for this! Seriously, can we not count the number of end-user exploits that have been transmitted through Flash advertising on some of the worlds largest and most visited web sites!? Adobe and the Flash platform have a horrendously bad reputation in the security market. As someone who has to constantly fix other people's computers, this is a much MUCH welcomed change!!
oh wait, shit, what am I saying... less broken computers = less paychecks for me... FUCK. NNNOOOO, BRING THE FLASH BACK!!!
Those of us interested in DSLR cameras are at the point of diminishing returns. I didn't buy a new DSLR or any new glass in 2014, and hardly got anything new in 2013. Why? Because the longevity of the equipment keeps increasing. I'm currently shooting with a 5D Mark II, and all but the most absolute extreme conditions does this camera perform nearly perfectly. The same goes for the lens collection in my bag, they cover more than 99% of the conditions that I'm shooting it. It is very rare where I'm feeling like the equipment is the limiting factor to the point where I want to invest the money to replace it.
These are tools. They don't follow the same mindset as other consumer electronics that work on annual cycles. When was the last time you thought about replacing your hammer because there is a newer model built with a slightly different design? That's exactly how many of us feel in the photography world right now.
How many NASA managers does it take to screw in a lightbulb? "That's a known problem... don't worry about it."
