On Sun, Mar 25, 2012 at 7:25 AM, Charlie Derr wrote:
> ... I always figured attempting to grab things with links or lynx from a
> command-line GNU/linux environment ought
> to be fairly safe, even for files that I'm pretty certain contain
> viral/trojan code
once upon a time there was an ugly T
On Mon, Mar 26, 2012 at 05:29:28PM +, Thor (Hammer of God) wrote:
> Making a conclusion of community behavior, good or bad, based on some
> indication of a number of clicks on some link is non sequitur. I
> actually don't see any reason why one would be surprised by a "security
> community" f
losure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Apple IOS security issue pre-advisory record
>
>
> Hello,
>
> I'm one those who clicked on it (and to make matters wors : after it was
> discover and discussed).
>
> Why I click on it : it's a big thr
Le 24.03.2012 06:42, john doe a écrit :
> Gentlemen, I must say that beyond the raw results the reactions are
> also very interesting because I think this actually IS what I called
> "community behavior". Clics and votes are just one "reaction" type,
> and those clever and smart comments are anoth
On Sat, 24 Mar 2012 13:21:12 -0700, IA64 LOL said:
> everything is obvious after its pointed out.
Not everything.
Consider Diffie-Hellman key exchange. There are very few people with enough
number theory clue that it's "obvious" as to *why* DH works on a first
explanation . Most people can event
On 03/23/2012 07:26 PM, Michal Zalewski wrote:
>> I find it very unfortunate that 300 supposed security professionals clicked
>> on a hidden link like that without first checking what it was, or if not
>> simply ignoring it like I did!!!
>
> So how do you meaningfully "check what it is" without act
everything is obvious after its pointed out.
On 03/24/12 11:23, Dave wrote:
> On 24/03/2012 15:53, valdis.kletni...@vt.edu wrote:
>> On Sat, 24 Mar 2012 10:26:48 -, Dave said:
>
>>> Doesn't the the -e, robots=off, --page-requisites and -H wget directives
>>> enable
>>> one to collect all the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/03/2012 15:53, valdis.kletni...@vt.edu wrote:
> On Sat, 24 Mar 2012 10:26:48 -, Dave said:
>
>> Doesn't the the -e, robots=off, --page-requisites and -H wget directives
>> enable
>> one to collect all the necessary files that are called fro
On Sat, 24 Mar 2012 10:26:48 -, Dave said:
> Doesn't the the -e, robots=off, --page-requisites and -H wget directives
> enable
> one to collect all the necessary files that are called from a page?
No, not *all* the files, for the same reason that if you visit a page with
NoScript enabled, yo
Gentlemen, I must say that beyond the raw results the reactions are also
very interesting because I think this actually IS what I called "community
behavior". Clics and votes are just one "reaction" type, and those clever
and smart comments are another one. Maybe much more important to understand
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/03/2012 05:44, valdis.kletni...@vt.edu wrote:
> On Sat, 24 Mar 2012 00:52:45 -, Dave said:
>> I am not an expert so please, for my education, correct me if I am wrong.
>> Is it not so much the request, but what the request is made with?
>
>
On Sat, 24 Mar 2012 00:52:45 -, Dave said:
> I am not an expert so please, for my education, correct me if I am wrong.
> Is it not so much the request, but what the request is made with?
It's a pretty safe bet that most of the 300 clicky-clicky types did *not* use
wget to test what it was.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 23/03/2012 23:26, Michal Zalewski wrote:
>> I find it very unfortunate that 300 supposed security professionals clicked
>> on a hidden link like that without first checking what it was, or if not
>> simply ignoring it like I did!!!
>
> So how do yo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/03/2012 00:39, valdis.kletni...@vt.edu wrote:
> On Fri, 23 Mar 2012 22:34:38 -, Dave said:
>> ii) Paranoia is healthy. If one runs a computer most people ARE out to get
>> you.
>
> A tad extreme, perhaps. There *are* 7 billion people on t
On Fri, 23 Mar 2012 22:34:38 -, Dave said:
> ii) Paranoia is healthy. If one runs a computer most people ARE out to get
> you.
A tad extreme, perhaps. There *are* 7 billion people on the planet, most of
whom have never heard of you either.. Of course, the ones that you never hear
from don
> I find it very unfortunate that 300 supposed security professionals clicked
> on a hidden link like that without first checking what it was, or if not
> simply ignoring it like I did!!!
So how do you meaningfully "check what it is" without actually
requesting the document?
And what's the differ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
And I thought curiosity killed only pussy cats.
I don't consider myself a security professional, but playing around with
computers since the early 80's has certainly taught me that:
i) Most links in forums.emails.blogs etc. benefit only the post
Gary/John: imagine how many more would have if I didn't send that reply.
I'm sure I skewed the results, even if only slightly, by doing that.
On Fri, Mar 23, 2012 at 3:41 PM, Gary Baribault wrote:
> I find it very unfortunate that 300 supposed security professionals
> clicked on a hidden link l
I find it very unfortunate that 300 supposed security professionals
clicked on a hidden link like that without first checking what it was,
or if not simply ignoring it like I did!!!
Gary Baribault
Courriel: g...@baribault.net
GPG Key: 0x685430d1
Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6
he he, good catch :)
Anyway, it doesn't hurt anybody: it's just a vote.
Well, let me explain. I'm a journalist (non IT, mainstream) preparing an
article about different internet communities behaviors. I've posted similar
messages talking about a security issue, pron pics, divx, software and
breakin
20 matches
Mail list logo
