If you cancelled out the cyclical/reciprocal debts then you'd still have the same amount of working capital as you'd pay back $X but also get $X back as a creditor.
> Once on a targeted system, RAM scrapers work by examining the list of processes that are running on the system and inspecting the memory for data that matches the structure of credit card data, such as the account number, expiration date, and other information stored on a card’s magnetic stripe.
No hooking, sounds exactly like they're looking through the memory assigned to each process looking for the right looking data.
That's exactly what they do. They'll call ReadProcessMemory() on every process and then use a regex + Luhn algorithm to check for credit card data. I'm sure some of the more advanced and targeted ones do use hooking, and some filter the processes to scrape by name, but a lot of malware authors are surprisingly amateur.
Wow, that's sort of surprising to me. Perhaps just due to having some RE background, though maybe it's not stupid or amateur. It may actually be a better strategy if you want to minimize time in the store (no separate trip to steal the POS software first) and effort (no reverse engineering necessary).
I just can't get excited about vim plugins (no matter how good they are, no matter how much I love vi/vim - and no disrespect to their authors). I can imagine how they could increase my productivity (to some extent) but...
I'm old school, I work happily with vi, many of the customers I dealt with going back to the mid-90s never gave me a choice. SunOS 4.1.3U5 (ugh). AIX 3. Heady days of Solaris 2.5. Bog standard vi. vim is a bonus, but I'm far from lost when it's just vi. I love macros, but I can still get stuff done if they aren't available. If there's no vi then I'm not lost either, I can work around stuff with awk/sed/etc.
Fundamentally I don't want to have to ever install a bunch of stuff in multiple places to create a common environment for myself. That's a big problem that hasn't been solved yet. I just want it to be the same everywhere, which is why I don't rely on zsh or even ksh, and I just go for the bare minimum.
I've been to too many customers to know that not being able to do stuff within someone else's environment is really not a good thing. I've seen people escorted off customer sites because they've been ineffectual.
But, the biggest takeway is that I've seen too many new employees/interns that are lost without their expected favoured environment, and it's not getting better. vim plugins aside, there's a growing lack of adaptability.
Occasionally, usually over zealous stripping back of machines in very controlled environments[1].
1. I don't do much work with these kinds of customers any more as I chose not to go for security clearance (on purpose, as this is a convenient way of avoiding these kinds of customers).
Eh, I use a large number of the top plugins in the OP, but I've never had any trouble dropping back to "vanilla" vi/m in ssh shells or whatever. It's just a matter of convenience; there's nothing there that's so totally transformational that you won't be able to use vim without it.
This site could implement an ACL though github accounts and provide centralized, recipe-like plugin and *rc file mashups like alias.sh with an ifttt.com twist.
Indeed. The biggest weakness is that users aren't well trained in ensuring that the page they're typing their username/password into (to access one of the public access points) may not be genuine.
I know I've seen some faked BT Openzone login pages in the UK, luckily the BT Wifi App is clever enough only to attempt to login to the real webpage.
http://www.bbc.co.uk/news/uk-politics-31151821