Link to Original Source
Link to Original Source
Over at Dice
But we are at Dice, sir:
Domain ID: D2289308-LROR
Creation Date: 1997-10-05T04:00:00Z
Updated Date: 2014-03-14T22:12:11Z
Registry Expiry Date: 2015-10-04T04:00:00Z
Sponsoring Registrar:Tucows Inc. (R11-LROR)
Sponsoring Registrar IANA ID: 69
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registrant Name:Host Master
Registrant Organization:Dice Holdings, Inc.
Registrant Street: 1040 Avenue of the Americas
Registrant City:New York
Registrant Postal Code:10018
Registrant Phone Ext:
Registrant Fax Ext:
Pros: Today's article has more content than the usual Dice front page linkage. Great article if you're not a programmer but feel stymied by the wide assortment of languages out there. Although instead of hemming and hawing before making your first project you're better off listening to Winston Churchill and sticking your feet in the mud: "The maxim 'Nothing avails but perfection' may be spelt shorter -- 'Paralysis."
Cons: It barely scratches the surface of an incredibly deep topic with unlimited facets. And when one is considering investing potential technical debt into a technology, this probably wouldn't even suffice as an introduction let alone table of contents. Words spent on anecdotes ("In 2004, a coworker of mine referred to it as a 'toy language.'" like, lol no way bro!) could have been better spent on things like Lambdas in Java 8. Most interesting on the list is Erlang? Seems to be more of a random addition that could just as easily been Scala, Ruby, Groovy, Clojure, Dart -- whatever the cool hip thing it is we're playing with today but doesn't seem to quite pan out on a massive scale
Microsoft patches to IE include patches to vulns in Flash - which is embedded in IE. The increase in vulnerabilities is the result of the horrible Flash code.
Not only did they take eternity to fess up but I found out about it via Slashdot - not from them. I have the same email address as 3 years ago, so I don't see why they couldn't have sent me an email??
Er.. most of the exploits are only possible if one is root and/or the directory is writable for some other user (e.g. leon in this case).
Since one is root, one can do anything anyway so why bother with all this misdirection? If someone leaves world writable directories lying around (especially without the sticky bit set), then they deserve everything they get. Or is this some kind of "trap the (completely) unwary sysadmin" wake up call? If I see some strange named file (especially if I know I didn't put it there) I would investigate very, very carefully what is going on. I can't be alone in this - surely?
The point is that this can be used to trick a root user into issuing what he believes is a safe command. The combination of the text-reinterpreting shell and specially crafted file names combines into a seemingly innocent command ending up allowing the attacker (the creator of the specially crafted file) root access on the system.
It doesn't help that some (on the surface) idempotent commands like find packs a number of dangerous options that can be used to execute shell scripts, commands or remove files.
Is the wildcard expanded by the shell in PowerShell?
No. This class of attacks will not work against PowerShell (nor for plain old DOS for that matter). The problem is the combination of text-centric shell scripting and shell expanded wildcards.
Surely, though, they must have registered the "iFind" trademark? And if you search on TESS we find:
Owner (APPLICANT) WeTag, Inc. CORPORATION TEXAS 3309 San Mateo Drive Plano TEXAS 75023
With an attorney listed as "Richard G. Eldredge" which corresponds to a local attorney. Before you deploy the door kickers to lynch somebody, that address is just somebody's $200,000 house and could possibly be a random address used by a jerk. Remember that it's entirely possible that this is all a front by some other actor and someone was paid western union/bitcoin to register this trademark through this attorney without realizing they were just being used by literally anyone in the world
So I sold my MBA on eBay (at almost as much as I paid for it, amazingly - incredible resale value) and switched to the SP1, which I am still using. I have pre-ordered a SP3, in fact, because I have been so happy with it (we don't get the Surface Pro 3 in Australia until September). It's smaller, lighter, faster and better suited to my current working life. I also love the pen, as I now spend about 40% of my week in meetings.
So overall, I don't think this is a bad thing - I just don't expect it to get heavily taken up. I think most MBA and MBP users will prefer to stick with what they have. The trust is, I use my Surface Pro like a desktop or a notepad (a literal, paper notepad, not a laptop notepad). I basically never use it as an actual laptop unless I have no alternative but then again, I pretty much hate all laptops, compared to the desktop experience.
And to think that just the other day Microsoft were complaining that the NSA fallout was getting worse. Are they hoping to swamp them with simply too much data on Microsoft's servers?
So, would you expect Microsoft to hold it's breath while the lawmakers pull their collective behinds together to reign in the runamok NSA? Should they stop doing business while they wait for the political system?
The default config for a Supermicro (which is what I use) is the IPMI is enabled and set to DHCP, so if you left it like that, yes, everyone on your network would probably be able to find it.
There's heaps of us who like Windows 8.x/2012, but Slashdot has its mind made up and every time there's a Windows 8 submission these idiots bring out their pitchforks while people like us just ignore it. So no, you're not the only one.
At this stage it looks like Microsoft could patch in a new Start Menu, throw in the option to use oh I don't know, KDE's menu or whatever your DE of choice is these days, put in a tool that converts fucking lead to gold, and donate 50% of their net profit to NASA, and people here would still hate it.