You will have to excuse the recent lack of posts. I have been in the process of packing up and moving all my domains to their new host, Site5. This has been a particularly arguious journey, as I have been with my old host for nearly a decade. Many of my sites were custom, undocumented and needed to be moved by hand. This post is itself a test of my syndication.
Change your password immediately as well as any other accounts with the same or similar passwords. Another lesson in password reuse will undoubtably trickle down over the next few days and weeks. At least the passwords weren’t stored in the clear, though I don’t think they were salted. when will we learn?
When I preordered Diablo III, I knew it required an internet connection. I figured this was for additional online content, updates, etc. What i was not prepared for was the harsh reality that if battle.net is down, i cannot play. This is not a MMORPG, this is a single player game and the entire game is stored on my laptop. Years ago, i remember playing Diablo II on my laptop at school, airport terminals, and even in airplanes. (these were the days before in flight wifi) It is unfortunate that Blizzard’s fear of piracy has lead them down a path of poor user experience for their paying customers (in this case prepaying). Better still is the fact that it is very doubtful that this will even stop piracy of the game. Already users of bootlegged versions of this game are able to play without purchase, authorization, or even network connectivity.
The truth is that today is launch day, and there are undoubtably piles of problems to be resolved with the game. Hordes of users log on to play, the servers can get overwhelmed. I just feel that users should be able to enjoy most of the game without connecting to battle.net. Game makers need to understand that sometimes people want to play offline. My favorite example, what can you play when the internet is down? The list is getting shorter every year. Wake up Blizzard. If you cannot provide an excellent user experience with copy protections, you may want to rethink your priorities. Is it more important to continually infuriate customers or temporarily frustrate pirates?
Another Java privilege escalation exploit spotted in the wild. Trojans and web based java classes are already installing remote access tunnels into Macs across the globe. Apple finally updated their java binaries and you should too! Protect yourself! Just run Software Update from the Apple menu.
More info (including a AppleScript test for infection):
I am already disappointed with apple’s latest change to it’s web service. Apple has never known what it was doing with it’s web services, but people were actually paying for it. Now they switched to a free service that does only half of what many were already relying on.
When i originally signed up for my @mac.com email address it was upon installing a brand new Mac OS 9 on my Performa 6400. Then free service was branded with the tagline “Free eMail for Life!” Just two years later, apple rebranded it dotmac (.Mac), a pay service with all newly designed web hosting and design services so that anyone could create a polished site in minutes. I was cynical of this new pay service, there were cheaper hosting services and seemly nothing more valuable then the continued use of my email. i vowed never to use it. That only lasted about a year or so before apple gifted it to me for free with my APP certificate. If memory serves, i just got one free year and another half price, but by then i was hooked. i was hooked on iSync/iDisk. it kept all my devices and computers in sync. it allowed me to work on my desktop, laptop, or work machine with all the latest and most current data and documents. it was amazing. I used it, loved it, and sold the hell out of it. I setup so many different installs configurations. From the Granny with a bridge club to a Travel Photographer with his portfolio. it was a great system. (this was years before drop box).
iTools -> .mac -> MobileMe -> iCloud
A few years ago with introduction of the iPhone, Apple rebranded the service MobileMe! This time forcing users to migrate their websites and design tools away from the older web based system to the newer iweb. Forcing the people who needed template sites and automated publishing tools to manually move their websites to the new system and to abandon any hope of future updates. Basically saying “Adopt or Cancel.” They were discontinuing the very publishing tools that they had sold these customers on only a few years ago. Outages, lost or duplicated data was a Sword of Damocles looming over any user for over a month. The migration was so bad that apple ended up giving everyone who remained a few months of free service.
Now it comes full circle and returns to being a free service with iOS 5 or Lion. No more syncing keychains, mail settings, smart folders. No more iDisk, so no more Document syncing in ANY application. Its’s as if Apple wants to do away with any user control over the location if their files. Some of us like to be able to browse their files if they want to. It’s great if the application knows where the file is stored. It can be updated to utilize iCloud, but what if i want to save whatever the hell i want in there. What if (heaven forbid) the internet is down!?? Can i copy it to a thumb drive? At least contact and calendar sync reamins uninterrupted. Location services and tracking have been expanded to include computers. iMessages to allow rapid decimation of location data (some privacy issues remain). With any luck, many of these concerns may very will be solved in future updates or by the developers that make this platform so great.
Well, at least we can all quit ponying up $99 to apple each year. We’ll have to wait and see where we go from here. See how it evolves. Photo Stream is pretty cool. gets my pictures from my iPhone to my iPad , and all my computers without any syncing, though i am still unsure if i need all my vacation picts on my office machine. I am generally disappointed with iWork for iPad (but of course mine is still the original iPad). All my custom templates must be updated to look good. Many of my apps are still waiting for iCloud integration before i can take advantage of the new document syncing. Wish they could integrate keychain syncing. What are they if not documents? Lucky for me i have already migrated much of my file sync services away from Apple to cheaper storage with Dreamhost, Dropbox, Box.net, etc. For many of my friends, colleagues, and customers this task lies ahead. Apple certainly didn’t make it easy.
all the ssl blacklists are updates. we can return to thinking we are safe. Apple included the patches in a Security Update, Firefox updated to 6.0.2. Jailbroken iOS users can update or install “sslfix” in Cydia to get the protections that apple has yet to release.
After watching Moxie’s BlackHat talk, we seriously need to fix SSL. It is holding up too many technologies to be this insecure.
Their recents exploits include hacking FBI affiliate Infragard (Atlanta Chapter). They defaced the website, stole account information, and messed with their users. Particularly Karim Hijazi of Unveillance. LulzSec alleges that Karim (in a chat on IRC) offered them money and information to hack and his competition in the security industry. This kind hypocritical behavior is specifically deplored by hackers. Hijazi’s company email was posted online and in LulzSec’s official statement they threaten the release of his personal email as well. LulSec started taking donations with BitCoin. They used some of the money to pay for servers and their “lulzsecurity.com” domain which appears at present to be down.
After PBS’s documentary on wikileaks “Wikisecrets” painted alleged cablegate leaker Bradley Manning in a seemingly negative light some hacktivists have set their sights on PBS. A group going by the name “LulzSec” posted some fake news stories and pages on PBS’s site and published database dumps of usernames, passwords, email, and other confidential information here. Though they claim not to be affiliated with Anonymous, the style is certainly similar. They even included a taunting statement, “Hey Anonymous, we heard you were having trouble!” in reference to the recent anonymous split and anonops.net hack. I suspect these are more 4chan hackers, possibly even the ones responsible for the anonops.net hack.
yesterday, anonymous’s irc server was hacked and user’s ip addresses and private messages were posted
here. Looking at the logs, it is clear to me that many of their users use proxies, VPNs, or some other way to obscure their actual address. It is doubtful that any serious hacktivists were actually unmasked. With rumors of an internal conflict within anonymous ablaze online, it is still unclear who was responsible or when their operations will be back online.
here was https://sites.google.com/site/lolanonopsdead/ and it’s since offline.
After 3 straight years of pwn2own invincibility, someone finally bested all of chrome’s mighty security to downloaded and run code. French security research firm @vupen used two exploits to bypass ASLR, DEP, and leave the sandbox to run a calculator (in this demo). The calculator might be innocuous, but method is quite significant. Impressive work by the good guys.