Little Pig, Little Pig! Let Me Admin! (Security Thread)
Little Pig, Little Pig! Let Me Admin! (Security Thread)
Ars Technica article about malware & spyware vendors attempting to purchase access to extensions as a means of backdooring and data collection.
Scary shit. Some suggested having some notifications show up when an extension changes ownership. Chrome's existing job of letting you know when an extension requires new permission is a fair start. Extensions needed to style or inject elements (Stylish, some media downloaders) already have that scary "all data across all sites" permission, so it's not even close to perfect, as a precaution.
Scary shit. Some suggested having some notifications show up when an extension changes ownership. Chrome's existing job of letting you know when an extension requires new permission is a fair start. Extensions needed to style or inject elements (Stylish, some media downloaders) already have that scary "all data across all sites" permission, so it's not even close to perfect, as a precaution.
- Angryoptimist
- Posts: 18
- Joined: Tue Jan 21, 2014 8:16 pm
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
This was bound to happen sooner or later. It's easy to do and, well, it's running code from the Internet; you always have to be careful running code from the Internet, be it an .exe, a plugin, an extension, or even Javascript.
These days, I install extensions only after quick read through of their code and prefer ones licensed under a copyleft license; my theory being that someone who's ideologically motivated to choose something like the GPL is at least less likely to then turn around and insert malicious code.
These days, I install extensions only after quick read through of their code and prefer ones licensed under a copyleft license; my theory being that someone who's ideologically motivated to choose something like the GPL is at least less likely to then turn around and insert malicious code.
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
Reset your ebay password.
But under no circumstances should you listen to ebay's terrible password strength indicators.
But under no circumstances should you listen to ebay's terrible password strength indicators.
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
Thank you, Thad!
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
Know anyone who's still using Windows XP?
You've probably heard it's not getting security fixes anymore.
Well, not on PC's.
But it is on embedded devices.
And how does Windows Update know the difference between a PC and an embedded device?
By a simple, easily-changed registry key.
My grandfather's still using Windows XP. We're debating whether to switch him to Win7 or Xubuntu. Either one, with proper tweaking, can look pretty much like WinXP.
I'm more concerned about MS Office. He uses Excel heavily, and Office 2003 support ceased at the same time WinXP support did. I think it would be cruel to try to make somebody his age switch to Office 2007 or later, but I'm not sure LibreOffice would be familiar enough to him either.
You've probably heard it's not getting security fixes anymore.
Well, not on PC's.
But it is on embedded devices.
And how does Windows Update know the difference between a PC and an embedded device?
By a simple, easily-changed registry key.
My grandfather's still using Windows XP. We're debating whether to switch him to Win7 or Xubuntu. Either one, with proper tweaking, can look pretty much like WinXP.
I'm more concerned about MS Office. He uses Excel heavily, and Office 2003 support ceased at the same time WinXP support did. I think it would be cruel to try to make somebody his age switch to Office 2007 or later, but I'm not sure LibreOffice would be familiar enough to him either.
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
I haven't used LibreOffice in a while but unless it tried to ape the ribbon design for some reason, my experience with introducing people who've been weaned on oldstyle Excel to it is: They couldn't tell the difference, but complained that it was because it was different any time it didn't do something they wanted, that Excel also didn't do.
- Mongrel
- Posts: 21290
- Joined: Mon Jan 20, 2014 6:28 pm
- Location: There's winners and there's losers // And I'm south of that line
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
You know what's funny? I did set my Win7 install to be like XP. Not because I'm THAT dependant on clinging to the familiar, but because it has much less wasted space compared to Win7 and later.
Of course, I expect there's a way to make the Win7 native schemes equally minimalist with a little simple work. But it was a lot simpler to just hit the big "look like XP" button.
Of course, I expect there's a way to make the Win7 native schemes equally minimalist with a little simple work. But it was a lot simpler to just hit the big "look like XP" button.
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
I did that for a while but after a few monitor upgrades I just stuck with the default UI. XP was not designed at a time when 1920x1080 was a standard.
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
Mongrel wrote:You know what's funny? I did set my Win7 install to be like XP. Not because I'm THAT dependant on clinging to the familiar, but because it has much less wasted space compared to Win7 and later.
Not in the taskbar, it doesn't.
But yeah I'm sure he'll want the taskbar to look like XP's. (He won't miss QuickLaunch, though; I can tell by what's in it that he never uses it.)
- Mongrel
- Posts: 21290
- Joined: Mon Jan 20, 2014 6:28 pm
- Location: There's winners and there's losers // And I'm south of that line
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
You can manually add quicklaunch icons to the Win7 taskbar.
And by less wasted space on the taskbar, are you talking about the way Win7 groups all windows of the same program into one icon? Because I don't actually like that - I prefer reaching my programs with a single click. Or do you just mean the size of the taskbar? Because I think the default 7 taskbar is slightly larger?
I'm using it at 1920 x 1200 and it works fine for me :dunno:
And by less wasted space on the taskbar, are you talking about the way Win7 groups all windows of the same program into one icon? Because I don't actually like that - I prefer reaching my programs with a single click. Or do you just mean the size of the taskbar? Because I think the default 7 taskbar is slightly larger?
I'm using it at 1920 x 1200 and it works fine for me :dunno:
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
Mongrel wrote:And by less wasted space on the taskbar, are you talking about the way Win7 groups all windows of the same program into one icon? Because I don't actually like that - I prefer reaching my programs with a single click. Or do you just mean the size of the taskbar? Because I think the default 7 taskbar is slightly larger?
It's slightly taller (assuming you keep it on the top or bottom) but eliminating the program name and showing just an icon significantly reduces the amount of space each program takes up, and is far friendlier if you want to stick the taskbar on the side of your screen like you probably should if you've got a widescreen monitor.
Again, though, I wouldn't make my grandfather do any of that stuff; he's used to program labels and a taskbar at the bottom of the screen and I'm going to let him have them. This is a guy who stuck with his Mac Classic until it finally died sometime in the late 1990's; he does not like change.
- Mongrel
- Posts: 21290
- Joined: Mon Jan 20, 2014 6:28 pm
- Location: There's winners and there's losers // And I'm south of that line
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
Oh, I don't mind the labels. If I have five Excel windows open, I like to know which is which without actually clicking.
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
And if that helps you navigate, more power to you. I'm all for keeping things like that as options for users who like them. But I think removing it as the default was a good call, saves a lot of space, and is a practical necessity if you want your taskbar on the side of your screen instead of the bottom, which is a serious consideration if you're looking at reducing negative space now that we're working on 16:9 and 16:10 monitors instead of 4:3.
- Mongrel
- Posts: 21290
- Joined: Mon Jan 20, 2014 6:28 pm
- Location: There's winners and there's losers // And I'm south of that line
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
Yeah, I mean customization is going to come down to preference.
Since I have widescreen, I actually prefer my bottom bar as it's a shorter distance to travel to click than if it was on the right hand side of the screen. You'll note that a common theme of mine is minimizing physical motions and actions. I also have my mouse sensitivity pretty high.
Aesthetically I don't seem to care - I like everything looking barebones and functional such that the XP scheme actually has a bit of a twisted appeal to me in that it's just these bland grey bars. My background is actually just as bland, being a dark blue-grey colour and no image.
Since I have widescreen, I actually prefer my bottom bar as it's a shorter distance to travel to click than if it was on the right hand side of the screen. You'll note that a common theme of mine is minimizing physical motions and actions. I also have my mouse sensitivity pretty high.
Aesthetically I don't seem to care - I like everything looking barebones and functional such that the XP scheme actually has a bit of a twisted appeal to me in that it's just these bland grey bars. My background is actually just as bland, being a dark blue-grey colour and no image.
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
truecrypt.org is redirecting to truecrypt.sourceforge.net, which is recommending people switch to bitlocker.
There are some theories flying around as to whether it's a site defacement, an official announcement, or a misfire of an inadvertent activation of a dead man's switch. Dust hasn't settled, but the last thing approaching consensus that I'd seen is that the TC devs were abandoning the project and not giving an especially good reason for doing so. Unsettling stuff; Lavabit incident comes to mind.
There are some theories flying around as to whether it's a site defacement, an official announcement, or a misfire of an inadvertent activation of a dead man's switch. Dust hasn't settled, but the last thing approaching consensus that I'd seen is that the TC devs were abandoning the project and not giving an especially good reason for doing so. Unsettling stuff; Lavabit incident comes to mind.
- grc.com is hosting truecrypt 7.1a, which was the last version out before a recent signature change.
- The existing truecrypt security audit is continuing, despite devs fucking off (ars).
- Can't tell whether truecrypt.ch is a call to arms for an OSS movement or just some kind of honey pot. It claims to be truecrypt.ch "the gathering place for all up-to-date information. If TrueCrypt.org really is dead, we will try to organize a future."
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
Court allows MS to seize No-IP domains associated with malware; results are totally predictable.
Ars Technica: Millions of dynamic DNS users suffer after Microsoft seizes No-IP domains; Microsoft issues mea culpa to No-IP, but service reportedly remains down for many
Forbes: Security World To Microsoft: Stop Trying To Police The Internet
Ars Technica: Millions of dynamic DNS users suffer after Microsoft seizes No-IP domains; Microsoft issues mea culpa to No-IP, but service reportedly remains down for many
Forbes: Security World To Microsoft: Stop Trying To Police The Internet
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
FYI, we're on No-IP dynamic DNS too. Doesn't seem to have caused any problems yet but be aware that shenanigans are taking place within the Brontoforumus infrastructure.
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
You've probably seen the "Russian firm steals 1.2 billion passwords" story making the rounds.
Here's what Schneier has to say about it:
Here's what Schneier has to say about it:
As expected, the hype is pretty high over this. But from the beginning, the story didn't make sense to me. There are obvious details missing: are the passwords in plaintext or encrypted, what sites are they for, how did they end up with a single criminal gang? The Milwaukee company that pushed this story, Hold Security, isn't a company that I had ever heard of before. (I was with Howard Schmidt when I first heard this story. He lives in Wisconsin, and he had never heard of the company before either.) The New York Times writes that "a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic," but we're not given any details. This felt more like a PR story from the company than anything real.
Yesterday, Forbes wrote that Hold Security is charging people $120 to tell them if they're in the stolen-password database[.]
Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)
Malware targeting NAS demands ransom to return access to system.
First noticed it with Synology, but I guess there are other strains and now a site that recovers files locked behind NAS ransomware (via krebs) .
First noticed it with Synology, but I guess there are other strains and now a site that recovers files locked behind NAS ransomware (via krebs) .
Who is online
Users browsing this forum: No registered users and 27 guests