I am tired of the shills and astroturfers - they're always very obvious, you just have to leave them to be moderated by others and moderate up other people or at least people who CALL THEM on it.

Unfortunately I wouldn't be surprised if they work together to acquire karma - one person shills, another calls that shill out and then uses his mod points later to get a firstish shill post with high score.

The key is to check the user ID and the history before modding ANYONE.

We can't just give up - I don't see the alternatives right now...

I forgot to clarify that when you start adding the dry ingredients (cocoa, sugar and flour) you should take the saucepan off the heat.

I agree with you.

Just thought I'd share my ultimate brownie recipe with you. Take a saucepan and start melting real butter (125g) and chocolate (185g) and melt on a low heat. Then add 50g flour, 40g Cocoa and 275g sugar. Stir into mixture and then add three eggs. Pour into a greased or papred tin and place in oven for about 25 minutes and they're delicious. They're not to dense or light and they are rich but not overpowering.

You can also mix in chocolate chunks or nuts to make it even nicer.

Can anyone think of anything equivalent to this in history? Where people were under extensive surveillance? What happened?

There has to be a crunching point for things like this, society is meant to limp forward gradually. Hopefully it will get better after it gets worse...

Just a warning with bikes in Cambridge. You need a good lock. Leaving it for few seconds outside a shop can get it stolen really quickly.

You're going to meet so many geeks...
http://en.wikipedia.org/wiki/Silicon_Fen

This is why websites need to publish policy files a bit like ABE (Application Boundaries Enforcer). This would mean that a website would publish what resources that site can request and destinations that are not in that policy are not loaded. Unfortunately if they can intercept anything that you are served then the injector can just modify the policy file too. Perhaps signed policy file could solve this?

Does anyone know if SSL solves the problem? Can a malicious endpoint act as a proxy so the SSL connection is between the endpoint and the real site and then serve you a different SSL certificate with the adverts included. (Although I doubt they can make a certificate look like the legitimate website.) Alternatively they could just drop everything down to HTTP...

(Although the guy who wrote ABE/NoScript should be considered in caution because of what he did to NoScript users in the past. He deliberately removed NoScript blocks for his own website so he could raise money on his plugin update page that opens after updates.)

Agree with everything.

Always look forward to reading your posts because I know they will be good.

The problem I think is that geeks no longer run Slashdot, they no longer choose the stories to post. Instead it's by social media/blogger types which is not what Slashdot's target audience is interested in...

Your website's profitability depends on the comments posted below. You depend on User Generated Content (UGC). This is where most users extract value from your site and the reason why people actually still visit Slashdot.

It's not the articles themselves, people only rarely read those.

If you allow your user base to be diluted by commercial interests, your profits will dwindle as less users come here to socialize and learn. That is why you need to keep the comments off limits for gaming by media and PR companies. If you post a Slashvertisement, not that I like them at least it is separate from the comment section so you're not pretending to be anything but a shill for another company. However, the comment section should represent real users and trolls -- not shills.

You are right, this will be just as abused just like the current moderation system by shills.

I really would like a user preference that lets me block users greater than a certain UID. This is because there are very few genuine users over a certain ID.

Anyone with me? How do we slow down the shills?

You sir are paid for your opinions.

I respect your right to be paid but I want others to be aware of this before they mod you up.

You write like a paid poster :-(

It doesn't have to. It contacts the C&C server where someone presumably decides whether to install further bots or more resident exploits.

The exploit seems to be more about stealth distribution and about dropping other malware. This makes sense because if a dropper is detected as malicious, it becomes useless due to its detection. (You can safely assume anything using a dropper is malicious)

This means that anti virus software should in theory only be able to detect the actual dropped malware. Any new malware could have had a field day with this exploit because both the dropper and malware would not have been detected.

From my understanding of the article it actually dropped the Lurk trojan but I get the feeling it could drop anything the C&C wants it to.

You have that position because you are paid to have it.