Entry 19593 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 19593

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/07/10 [General] UID:1000 Activity:popular

7/10

2000/10/29 [Computer/SW/Security, Computer/SW/OS/Windows] UID:19593 Activity:nil

10.29   http://www.theregister.co.uk/content/1/14265.html

ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/07/10 [General] UID:1000 Activity:popular

7/10

You may also be interested in these entries...

2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil

9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...

2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil

6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil

8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...

2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil

8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...

2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil

7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
	...

2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil

7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...

2013/3/25-5/18 [Computer/SW/OS/Windows] UID:54639 Activity:nil

3/25    It's strange that only every other Windows version is a hit.
        NT 4.0: hit
        2000:   flop
        XP:     hit
        Vista:  flop
        7:      hit
	...

2013/2/19-3/26 [Computer/SW/OS/OsX] UID:54611 Activity:nil

2/19    I program a lot by sshing to a Linux cluster.  So I'm used to using
        Xemacs to code.  This works fine from a Linux or Windows workstation,
        but sometimes I have to use a Mac.  On Mac, the meta is usually
        bound to option, but that often doesn't work over ssh for some reason.
        This makes using emacs a real pain.  Any suggestions on how to fix it?
        (Other than "use vi")
	...

2012/3/15-6/1 [Computer/SW/Languages, Computer/SW/OS/Windows] UID:54340 Activity:nil

3/15    Why does MS put double-quotes around the '8' in Windows Server 8, like
        the following?
        - Windows 8
        - Windows Server "8"
        \_ Because when they didn't do it, code didn't see the '\0'
           and went over?  Looks better than '8','\0' *shrug*
	...

2012/2/23-3/26 [Computer/SW/OS/Windows] UID:54312 Activity:nil

2/23    fixboot wrote FAT boot sector to my WinXP hard drive.  How can I convert
        the drive back to NTFS?
        \_ Does C:\WINDOWS\system32\convert.exe work?
	...

2011/12/21-2012/2/6 [Computer/HW/Laptop, Computer/SW/Editors/Emacs] UID:54269 Activity:nil

12/21   In Emacs, how do I make it so that it will resize its screen
        when the maximum resolution of my monitor changes? When I
        use my laptop, my emacs is too big (and I can't resize it
        because the bottom-right corner is not accessible).
        \_ Which OS?  Can't you drag the top border (not a corner) to resize
           the height to be smaller?
	...

2011/12/23-2012/2/6 [Computer/Rants] UID:54271 Activity:nil

12/23   http://venturebeat.com/2011/12/22/uc-berkeley-google-apps
        Oh noes! What Would Bill Gates Do?
        \_ http://lauren.vortex.com/archive/000701.html
           Microsoft to Transition Corporate IT to Google Apps
	...

2011/11/27-2012/1/10 [Computer/HW/Drives] UID:54244 Activity:nil

11/27   CalMail has been down for a few days (hardware failure and database
        corruption -- sounds like fun!) and is starting to come back online.
        Looks like they're planning to outsource all campus mail to either
        Google Apps or Microsoft 365 as part of Operational Excellence.
        <DEAD>kb.berkeley.edu/jivekb/entry!default.jspa?externalID=2915<DEAD>
        \_ http://ist.berkeley.edu/ciocalmailupdates/november-30-2011
	...

2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil

11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
	...

2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil

5/19    Uh, is anyone still using this? Please mark here if you post and
        haven't added this yet. I'll start:
        \_ person k
        \_ ausman, I check in about once a week.
        \_ erikred, twice a week or so.
        \_ mehlhaff, I login when I actually own my home directory instead of
	...

Cache (2604 bytes)

www.theregister.co.uk/content/1/14265.html -> www.theregister.co.uk/2000/10/27/ms_hacked_russian_mafia_swipes/A major breach of the company's networks reported in today's Wall Street Journal (nice shooting, Ted) seems to have effectively compromised the integrity of a whole range of Microsoft products, including Windows Me, the gold code (or maybe not) of which shipped just last month. The hack is being described by Microsoft as industrial espionage, so no doubt the FBI will shortly be in touch with Larry Ego-san of Oracle, who earlier this year confessed to funding trawls through MS-related trash. But it looks to have been too sophisticated for Larry and his spook squads. According to the WSJ the hackers probably (very detailed for "probably," this) planted the QAX Trojan disguised as Notepad in a Microsoft employee's email. QAZ then alerted a computer in Asia, and may also have installed tools from a site in the South Pacific. Other computers were infected, employee passwords collected, and then sent to an email address in St Petersburg. Sensitive areas could then be entered, and files downloaded. There does appear to have been some serious intent behind the exercise, rather than it being one of those merry prankster 'look at me' things. On the contrary - the hackers could have had access to the files for up to three months, and they didn't say look at me once. There are advantages to some company associated with getting access to Microsoft source code, but these would be entirely negated if it wasn't legal access. There might be all sorts of cool things you could do, but the Feds would start wondering what special advantages you'd had to be able to do them. But you might speculate that one of the less controlled and responsible secret services might. Given that Microsoft software is now ubiquitous, there are security issues. The code having been taken hostage is a slightly more likely scenario, although it's still not entirely plausible. If Microsoft just refused to deal, said publish and be damned, where would that get the kidnappers? On the other hand, publish and be damned all over the Web to such an extent that it could never be returned to captivity, that might be a big problem. If Redmond does hear from the kidnappers, it would perhaps be wise not to turn them down straight off. But the most immediate problem for Microsoft is that the company seems not to know whether or not the code it's been producing in the last three months is safe. It's going through the files now, examining all changes made during that period, and until it's through it can't be sure that anything produced in the past three months, including Windows Me and Whistler beta code, is clean.