Pugwash

This is why I tried to say this isn't a "Macs Are Better" post. You linked to an article that says "People that want to sell you something say it's better if you buy their stuff". Number of Trojans in the wild: Zero. Number of Viruses in the wild: Zero. Number of remote exploits: Zero. Whether it's because Macs are better or Windows is more popular or whatever. This doesn't matter when the net result is that you're safer on a Mac. It doesn't matter if Macs are getting less safe, which they're not but that's a different discussion for a different day, they're still way safer than a PC running Windows. Let's say tomorrow a dozen very severe and dangerous viruses all suddenly turn up for Macs, it's still got less than 0.01% of the exploits of Windows. It's like the man and his friend in the jungle when they suddenly see a bengal tiger. The man suddenly starts running. His friend says "You're wasting your time, you can't outrun a tiger!" The man replies "I don't need to outrun the tiger, I just need to outrun you." Being more secure than the other guy is currently enough. If you're on a Windows PC, you're the guy watching your friend hoof it into the sunset while the tiger starts to lick its chops.

Give it a week, then worry.

Or, alternatively, consider moving over to Macintosh. This isn't a "ha ha, macs are better" post, but Mac users don't have to worry about the whole virus/trojan/keylogger/spyware thing. If this kind of activity happens to you a lot, you should seriously consider a Mac. I can't unfortunately recommend Linux in the same way as the problem there is if you're not an expert, you'll spend more time trying to understand it than you did being hassled by your PC. If you are the sort of person that would be happy with Linux, you're already using it and you can ignore this message. Seriously, if you keep getting humped because you run Windows, maybe you're not the problem.

Looks normal to me.

Off to the big house?

I may do the same as Tuesday:

My friends know I don't dress rich, but they assume I'd have an expensive watch. I'm not rich, but I'm well enough paid and can carry off a rep as a genuine: It's all down to confidence. If you assume they're checking your watch for flaws to call you out, you'll show it. If you assume they're oggling your fancy watch because it's fancy, that too will show.

Go for something unusual then. Something like the new Vacheron Constantin that's supposedly very close to the gen, or my favourite, the IWC GST Chrono in Titanium. You'll never feel comfortable with a PAM, an Omega or a Rolex as you will assume everyone will assume it's a rep.

Bump. Best go donate too.

This is unfortunate. I advise you to only wear reps at home as they'll never be perfect, as one day the nearest to perfect will arrive and you'll be worried about an AD checking the serial.

6 User(s) are reading this topic (0 Guests and 0 Anonymous Users) 6 Members: Pugwash, kenberg, chris5264, HighDef, hk45ca, Woody Look in the webserver logs and you can see a referrer URL for each image. You will know what threads they are reading, unless you start storing the page IDs in a cookie-based session. If you control the avatar webserver, you can also force a no-cache on your image meaning it will be loaded every visit, as opposed to being pulled from the user's cache. If it weren't for the fact I think it's a bit rude, I'd knock you up a perl CGI that acts like an image, and does give a mime-type of an image and even outputs an image, but also, when called, greps the referring URL for usernames. It's a lot easier than I first thought.

... and ... Like I said, it's most likely a login sniffer on the old RWG site.

Yeah, but only you get to see your own IP. If you really wanted the IP addresses of everyone here, it's fairly easy to do. You run a webserver and use your Avatar as a bug. You get all the IPs, but you don't know to whom they belong, unless you write a Bot to trawl the bottom section of a page that shows who's reading it the instant someone views your avatar. Then you can draw a correlation between most likely IPs and usernames. Hmm ... that could actually work. Damn, must stop thinking ...

You're assuming the vector went undetected. I can imagine a payload hiding, but the vector itself would have been seen. I don't picture Chris as the type to not use a firewall against RPCs or the bloke that installs anything for a hope of free pr0n ...

I still stand by my password sniffer on the login processing page of RWG1 theory. It's easier than a keylogger and explains why they don't have his RWI/RWG2 login/passes.

Seeing as the scum is one of us, we should not discuss the investigation openly. Keep the [censored]tards on their toes, eh?

Any time. If you don't go for your direct access, you can get a 33BHP kit for the SV to make it 'just passed test' legal.

Almost certainly. It's a trivial patch to the code.

Or Serenity. That came out in the last two years and did not suck one bit. ps. Yes, V for Vendetta rocked too. Alan Moore knows the score.

This makes me wonder if the old site encrypted the passwords at all... unless of course you logged in after the hackers controlled the site. A password sniffer would be trivial to add. That has just become my most likely suggestion. Once the site was compromised, the hackers added a bit of bespoke PHP to the login page. Every login/pass would then be emailed/posted/whatever any time anyone logged in. Too damned easy.

The one I tell users (I'm a sysadmin in my dayjob) is a favourite song or book title. Like for instance, a shakespeare reader would have something like "IsIknwIass" for "In Sooth, I know not why I am so sad ..." or "Da4e4e4e" for a Bond fan. The more obscure the better, but you'll never forget it. Once you have your non-dictionary password, you can harden it up with a few numbers and symbols thus: "&tm@tbs34" ... and it turned into a ballroom blitz (Ballroom blitz, ballroom blitz).

If you have a few GB of pre-hashed words, you don't need to try every password in the DB, you can just check against all the hashes for the low-hanging fruit. If you have a botnet, this takes under a week.

Really? Passwords aren't that hard...

Ok, this is such an excellent low-budget suggestion I feel I should help. I love anything that lets you get results without much expenditure. So, to help people who are struggling with Mahler's English, I'd like to give a translation of the basics. Once you get this, the rest of the article needs no translation: Here's what you need: 1) Your digital camera 2) the subject 3) A Magnifying Glass Then, put the glass between the lit subject and the camera and move it about until it's in focus and stuff. Amazing idea, it fits right in with my philosophy. It goes along with using sunglasses as polarising filters to reduce reflection on watch crystals and using a mirror if you only have one lamp. Mahler, I salute you.

I no longer own any guitars. I just occasionally borrow Mrs Pugwash's Gordon Smith ...