Liability for any loss resulting from unauthorized Internet banking transactions rests with the customer if they have "used a computer or device that does not have appropriate protective software and operating system installed and up-to-date, [or] failed to take reasonable steps to ensure that the protective systems, such as virus scanning, firewall, antispyware, operating system and antispam software on [the] computer, are up-to-date."

Grandpa, why's Grandma getting arrested?
Because she didn't patch Windows Timmy.

I don't have a good feeling about this. Lets say Grandma leaves her garage unlocked and Eve takes some tools out of it and uses them to break into a bank. Is Grandma "Liability for any loss" because she "does not have appropriate [locks] installed and up-to-date?"

Is Grandma criminally negligent for not keeping her computer up-to-date? Civilly?

I wonder how this applies to Phishing. If Grandma falls for a phishing scheme and didn't spend money on an anti-phishing filter, is she liable?

NZ Banks pass the security buck to end users

In essence, the phrase “long tail” refers to those numerous objects that have very limited popularity but that together form a significant share of the total volume. The aim of this article is to make it possible for anyone to utilize the long tail concept not only as a general idea but also as a tool to make realistic and useful analysis of real phenomena.

A feasible analysis requires a mathematical model, enough raw data, and good understanding of the subject and the properties of the model. Thus not only is a formula necessary in this essay, in fact the selected formula forms the concrete basis for the whole analysis of long tails. Nevertheless, we have to be aware of the fact that there cannot be any simple formula that is able to explain all the diverse phenomena that result in a long tail distribution.

A practical model for analyzing long tails

In octal of course!

var x = 010;
alert(x); //displays 8

In JavaScript, Numeric Literals with leading 0's are treated as octal literals, unless the prefix is 0x, in which case its hex.

f you’re already an AT&T customer and want to keep your current voice plan, you can just add an iPhone Data Plan with unlimited data (email and web) and Visual Voicemail for just $20 per month.

Sweet! I want to buy an iPhone but I was /still am worried how they might dick over existing customers.

Apple - iPhone - Rate Plans for iPhone

Also, you are missing the other part of Jikto, which is the command console - which was basically exactly the same as Jeremiah's code (it might have even been the exact same - I'm not sure without looking at it).

I've heard some silly claims before, but wow. I get my chops busted for Jikto, and then get my chops busted again because someone thinks I'm doing it with someone else's backend code?

What's annoying about this is the way I'm guilty until proven innocent. A command console thats "basically exactly the same" and "might have even been the exact same?" Nevermind the fact that the Jikto webcast clearly shows how the captured data is shipped to the collecting web server web server and in addition to this video these screen shots show this data is displayed in a UI. So if by "exactly the same" you mean captures data and outputs it then yes they are the same. By this logic it is "basically exactly" the same as a telegraph too.

The webcast and all this info was publicly posted over two weeks before this silly claim was made. That really leaves me at a lost. I certainly hope this is a misunderstanding and that RSnake isn't trying to knock down someone who just happens to work at a company who competes with his friend.

Of course, HP bought SPI and HP apparently competes with everyone. That's right Berners-Lee, it's go-time!

Yep, I stole that too.

CD Holes as Art

Jill and I are starting to shop for a house. Having lived in a house with a scary basement including a room we affectionately deemed "the murdered children room"* this comic presents a very real and legitimate fear.

* - 6x5 room, covered with falling down acoustic tiles, drain in the floor, no windows, and it locked from the outside... Seriously, that basement was freaky. Ask anybody.

Penny Arcade! - Perfectly Reasonable

Found a copy of Jose Nazario CanSecWest presentation where he talks about detecting JavaScript malware. Actually, he is talking about how to manually reverse engineer JavaScript encoders that drop traditional sploits.

Interesting, but too primitive to turn into an automated process to stop the JavaScript malware John and I are talking about at BlackHat.

csw07-nazario.pdf (application/pdf Object)

I did a Google search for an ASCII chart this morning and came up with this link. I thought it looked familiar. Looking at the bottom of the image confirmed it. This is the ASCII chart printed in the back of the manual for my first computer, the Leading Edge Model D!

As you all know, I got into computers rather late in the game. I had used computers before, but my older brother Jason was the computer nerd. I knew enough to start the machine with the right bootdisk to play Doom or X-Wing (ahhh the days of hand tuning config.sys). He left for college in the summer of 1996, the computer broke, and I had to learn how to fix it. There was a 486DX2-66 in the basement that my mom still used, so I didn't have free rein on that system. Instead, one of my best friends Chris Brown gave me his old computer when his family upgraded. It was a dual floppy Leading Edge Model D. I set it up in my bedroom between Freshmen and Sophomore year and hacked on it every night. This is the computer I learned so much of my early computer knowledge. I remember doing things like:

-Using DEBUG to write assembly
-Learning about screen buffers
-Writing to the keyboard buffer to make programs that couldn't be killed.
-Learning graphics programming for a Hercules video card (720x348 baby!)
-Writing a phone call logger that opened the 2400 baud modem (OPEN "COM1" in Qbasic) and listened for the ATA "RING" commands.

I later upgraded it to an MFM hard drive and a CGA monitor. I hacked on that machine every night for almost 2 years. I spent my days sleeping through class or programming on my TI-85.

And I loved every minute of it.

Back in the Day!

Mark: I ordered the cheese sticks at the Oasis once.
Me: You actually ordered food at a strip club?
Mark: I've sampled the cuisine at all of the strip clubs. ... ... [sigh] I need to get married