For the same reason we pay public servants to write Security Configuration Guidance documents, post YARA rulesets for malware campaigns, etc. It's a public service. I'd call it progress: in years past, data like this was frequently only circulated to select enterprise partners. This product will be directly accessible to the public.
You aren't kidding.
I have an old Gmail account loaded into my IMAP client. Haven't accessed the Gmail web interface in a few years, and even that was just long enough to enable logins with a third-party client. Today I had the misfortune of loading Gmail in a browser and couldn't believe it; it's like they're stuffing a whole operating system onto the page. There was a chat pane, something about phone calls, various widgets that apparently were assimilated from Hangouts, a drop-down menu to switch between standard and Dvorak keyboard layouts... I could barely see the email for all the other bullshit they've cluttered Gmail up with. Sliding or minimizing the various panes didn't put a dent in the CPU load or network traffic they were generating. I really can't see how people put up with that interface for using email every day.
Yep, 3.0.4 came out on August 31. I don't see anything on their website or FTP server about a newer release.
The dev changelog does refer to a version 3.0.5, but the changes listed there don't include fixing this vulnerability.
FlashSessions, now there's something I hadn't thought about in 20 years.
Let me see if I got it right... when you're being sent emails from a particularly spammy entity, you go ahead and click on a link on their email that confirms that your email address is, in fact, active?
Yes. They already know the email address is active by virtue of the fact that their messages aren't bouncing, and they're already sending me emails. The worst that can happen is they send me more emails. I'll live with the risk.
Yes, exactly. I have the same problem with my Gmail account. Over the years many hundreds of people have mistaken it for their email address, distributed it far and wide, and entered it into all sorts of things. Sometimes I just let it go, especially if a site only sends one "thanks for registering" email. I hit delete and move on. But if the service is a particularly spammy one, I'll use the "forgot password" link, login, change the password, turn off all email-related options, etc.
I used to look for an option to delete the account entirely, but that invariably led to the same people signing back up for the same services again. Occasionally I'll try to do the other guy a favor and tell the sender that they have the wrong address. It usually isn't worth the effort. Someone has a Royal Bank of Scotland account registered to my email and no amount of emailing, filling out their contact form, or tweeting at them ever did any good so I just filtered that domain out.
Not much you can do about people sending random unsolicited communications, though. I've received some really interesting misdirected mail over the years, including some stuff from the European Space Agency, and being cc'd on an NFL player's contract negotiations with a new team.
LED Lights: Friend or Foe? was posted here more than 15 years ago. Everything old is new again (except me, I guess).
"Flooz" was pretty fucking bad.
Slashdot is often associated, whether rightly or wrongly, with being populated by many tech related users, it's within the realm of possibility of rogue scripts being served with Slashdot to scarf up clipboard data, passwords, etc in hopes of hacking well known websites that Slashdot users do work for.
No doubt. If the "good guys" target Slashdot users, you can bet the black hats do, as well.
That is nonsense. The IT guy that wiped her server, after the investigation began, posted on this very site asking for advice on how to destroy the evidence.
He posted on Reddit, not here, and his inquiry didn't read to me like an attempt to destroy evidence. He was trying to figure out how to redact email addresses from a large corpus of archived messages. This is standard practice during electronic discovery and document production, and isn't a sign of anything nefarious.
Jeb Bush performed the same scrubs on his email archives, after first releasing them unredacted and causing an uproar because they were full of constituents' personal data.
Low on the list, but certainly not nonzero. Given the increasing number of devices out there it's probably happening around the world with some regularity. There just isn't a way for most of us to properly measure or attribute the occurrences.
Say you're driving down the interstate and your cruise control shuts off, but you're sure you didn't bump the brake. Your $1.49 bag of chips rings up as $9.49 at the grocery store, but re-scans at the correct price after a void. A few pixels go blurry in an otherwise flawless TV broadcast. We tend to chalk these things up as "a glitch" and go on with life, but a few of them really are caused by tiny visitors from outer space...
I recall reading that most space probes are designed this way, due to increased exposure to radiation. Flipped bits are a serious problem in space, the hope is that only one event occurs at a time so that the other two processors maintain quorum.
My problem with AMP is that Google returns tons of those results for normal searches as well. It's supposed to be Accelerated Mobile Pages, but I'm not on mobile, I'm on a desktop. I don't want to see stripped-down AMP results, I want to go to the original page.
Kleeneness is next to Godelness.
