Michael Collins wrote:
> Heh,
>
> One of the fun exercises I like to spring on people is to play out the
> following scenario: assume you've got an embedded system of some kind
> being controlled by a windows 3.1 box. Let's say it's doing something
> like wrapping candybars or stamping plaq
On Sat, Oct 10, 2009 at 05:59:40PM -0500, toralv_di...@mcafee.com wrote:
> And prevent their customers from some activity on the internet that
> may be extremely urgent and important? As much as I would prefer such
> an approach personally, I'm afraid this is not a realistic option in
> the real wo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jim Murray wrote:
>> The problem was given a more concrete example by a colleague who
>> pointed out that most medical hardware running on windows boxes is not
>> only certified for windows only, but specific *patchlevels*, and that
>> consequen
Peter Evans wrote:
> On Sat, Oct 10, 2009 at 09:08:11PM -0400, Larry Seltzer wrote:
>> How about a voluntary system? If an ISP offered a "clean" network with
>> rules like this would there be any value to opting in to it?
>
> Expecting the average user to get off his fat arse and opt-in is
>
Researcher refutes Microsoft's account of hijacked Hotmail passwords:
http://www.networkworld.com/news/2009/100709-researcher-refutes-microsofts-account-of.html
"Mary Landesman, a senior security researcher at San Francisco-based ScanSafe,
said it's more likely that the massive lists
-- which inc
On Sat, Oct 10, 2009 at 09:29:13AM -0700, Alex Lanstein wrote:
> I like that Comcast is at least trying /something/ to protect their users.
This is a very feeble attempt.
Consider: they are going to send these pop-ups to systems that they
have reason to believe -- based on externally-visible evid
"Twitter erroneously suspended, and subsequently restored, a prominent
researcherÂ’s account two months after he tweeted
a security warning intended to inform his audience about an imminent threat.
Aside from poor security handling, this situation offers a case study example
of immature customer
Jon already pretty much covered the response to this - remote
administration, viewing, and to be frank, we plug in internet
connectivity to *everything* these days.
That said, I also think that we forget there are three parties in
security - attacker, defender and user. From the user's pers
r...@gsp.org (Rich Kulawiec) writes:
> ...
> This should be burned into the brain of everyone working in security:
>
> If someone else can run arbitrary code on your computer,
> it's not YOUR computer any more.
>
> And allowing computers known-owned by the enemy to operate on
> one's
What security professional in their right mind would use Twitter?
I'd say it was a good call on Twitter's part.
On Sun, Oct 11, 2009 at 9:53 AM, Juha-Matti Laurio
wrote:
> "Twitter erroneously suspended, and subsequently restored, a prominent
> researcher’s account two months after he tweeted
>
> --
>
> Message: 2
> Date: Sun, 11 Oct 2009 09:50:21 -0400
> From: Rich Kulawiec
> Subject: Re: [funsec] dumb. Comcast pop-ups
> To: funsec@linuxbox.org
> Message-ID: <20091011135021.ga20...@gsp.org>
> Content-Type: text/plain; charset=us-ascii
>
> On Sat, Oct 10, 2009
Google Streetview has come to Canada!
All kinds of people are rejoicing: all kinds of privacy types are screaming.
My wife sings at a Remembrance Day service every year at a seniors residence in
the West End. This year we are meeting someone there, and I figured that
Google
Maps, and Streetvi
: On Sun, Oct 11, 2009 at 11:05:09AM -0400, The Security Community wrote:
: > What security professional in their right mind would use Twitter?
:
: Twitter is for twits. I fail to see the attraction of what amounts
: to stream of conciousness net.diarrhoea. I guess my random thoughts
The Security Community wrote:
> What security professional in their right mind would use Twitter?
While I kinda agree with the sentiment here -- Twitter itself is
clearly a security and privacy disaster on steroids...
> I'd say it was a good call on Twitter's part.
...but that's silly.
Twitte
>> If they are not...
I think it's fair to assume that a very high percentage of these users
will have at least one malicious system behind the cable modem. We're
pretty good at recognizing that now, aren't we?
>> If they are, then what POSSIBLE reason is there to believe that the
users will actu
Many of us have agreed that, for competitive reasons, it's not possible
for ISPs to lock infected users out of a network. I'd like to suggest a
crazy idea for your reaction: A law governing ISPs that sets rules for
these situations. It sets rules for how they can and should contact
users about susp
On Sun, 11 Oct 2009 14:26:33 -, Paul Vixie said:
> malware has penetrated not just the skin, but the bones and DNA of
> the internet economy. it's everywhere and it's not going away ever.
> there will always be something infected, and in a race to the bottom
> there will always be competitors
17 matches
Mail list logo
