rss or mobile? - Page 2 - Techist - Tech Forum

Go Back   Techist - Tech Forum > Techist Forum Information > Forum Admin, Announcements & Feedback
Click Here to Login
Reply
 
Thread Tools Display Modes
 
Old 04-15-2010, 04:39 PM   #11 (permalink)
Lord Techie
 
Kharn's Avatar
 
Join Date: Feb 2007
Posts: 7,638
Default Re: rss or mobile?

^ Yes Mak you are right, there is a reason we don't give that information away. Spear Phishing and remote exploits are two reasons that come to mind.
__________________

__________________
Visit this and do something for the world!
www.hackersforcharity.org

Want to do even more? Take a look here and join the fight on human trafficking.

Hear and you forget, see and you remember, do and you understand.

Kharn is offline   Reply With Quote
Old 04-19-2010, 09:24 AM   #12 (permalink)
Mod Emeritus
 
Puddle Jumper's Avatar
 
Join Date: Oct 2007
Posts: 4,286
Default Re: rss or mobile?

How detailed would information about what OS people are using to visit a site have to be for it to be considered dangerous? For example would releasing that of the visitors to site xyz 40% use Windows 7, 20% use XP, 20% use Vista, 10% use OSX and 10% use Linux be hazardous or would the info need to be more specific than that?
__________________

__________________

AMD Phenom II x4 955 Black Edition : Asus M4A89GTD PRO : Corsair 550VX
G.SKILL Ripjaws 4x2gb DDR3 1600 : MSI Geforce GTX 770 2gb : Antec 300
OCZ Agility 2 60gb SSD (OS) : SanDisk Ultra 120gb SSD (Apps) : Crucial M500 240gb (Steam) : Win 8.1 Pro 64bit
2x Samsung 2494LW & 1x Dell U2312HM Eyefinity

Lenovo ThinkPad X220 : Core i5 2410M : 12.5" 1366x768 IPS LED display : Intel 320 Series 120gb SSD

Samsung Galaxy Note 3 stock 4.3 : Nexus 7 2 stock 4.4

Puddle Jumper is offline   Reply With Quote
Old 04-19-2010, 01:11 PM   #13 (permalink)
Seg Fault'n
 
Join Date: Jul 2005
Location: The dried husk where America came from
Posts: 5,801
Default Re: rss or mobile?

It would not be posted by individuals, I believe what people are referring to here is just data included in the user agent string. These are provided to the site by your browser (unless you have something in place to spoof or mask them out). Take a look here: UserAgentString.com - Netscape version 4.0.
You can see this sort of information collected anonymously and used for statistics on other sites.
__________________


There are in order of increasing severity: lies, darn lies, statistics, and computer benchmarks. - diskinfo man page
"Get your money and let's go to court!" - Craig Mudie, MS
kmote is offline   Reply With Quote
Old 04-19-2010, 04:20 PM   #14 (permalink)
Call me Mak or K
Mod Emeritus
 
KSoD's Avatar
 
Join Date: Sep 2004
Location: C:\
Posts: 35,647
Default Re: rss or mobile?

Quote:
Originally Posted by Puddle Jumper View Post
How detailed would information about what OS people are using to visit a site have to be for it to be considered dangerous? For example would releasing that of the visitors to site xyz 40% use Windows 7, 20% use XP, 20% use Vista, 10% use OSX and 10% use Linux be hazardous or would the info need to be more specific than that?
Even posting that information can be hazardous. I mean just look at the Windows update cycles from the time a known exploit is released and the patch comes out. Your talking about a month's time that someone could know exactly how many users they could easily infect with a specific exploit before it is patched.

So lets say that All Windows versions are at risk. That means by posting that information that 80% of our members would be at risk of someone knowing that they are at risk and that they could be subject to an infection from just visiting our site.

Could you feel comfortable knowing that could happen to you? Now imagine you are a first time visitor and it happens. What are the chances you come back?

kmote is right about the user agent string, and i can tell you that it isnt that hard to dupe that little detection mechanism either.

The fact is it isnt going to happen. We are not going to release the information about how many of our users use a specific OS. With the amount of viruses that are out there, exploits that are found almost daily for so many different version of all OS's we are not willing to risk our members safety so people can have some information that isnt necessary for anything relevant to them. Just to fulfill their curiosity.

I will find out about the % of people checking from mobile devices, as that information can range from a phone to an iPod touch and so on that it is very difficult to arrange an attack against a specific device. But as far as the OS debate goes, it aint happening. No amount of griping, no amount of trying to sway that decision is going to work. Sorry but that is the way it is going to be.
__________________
I do not accept support questions via EMail, PM, IM or my G+ page!

Phone: LG Optimus G Pro
Running: Stock JB from LG with Nova Launcher

KSoD is offline   Reply With Quote
Old 04-19-2010, 04:56 PM   #15 (permalink)
Mod Emeritus
 
Puddle Jumper's Avatar
 
Join Date: Oct 2007
Posts: 4,286
Default Re: rss or mobile?

Quote:
Originally Posted by Mak213 View Post
Even posting that information can be hazardous. I mean just look at the Windows update cycles from the time a known exploit is released and the patch comes out. Your talking about a month's time that someone could know exactly how many users they could easily infect with a specific exploit before it is patched.

So lets say that All Windows versions are at risk. That means by posting that information that 80% of our members would be at risk of someone knowing that they are at risk and that they could be subject to an infection from just visiting our site.

Could you feel comfortable knowing that could happen to you? Now imagine you are a first time visitor and it happens. What are the chances you come back?
Ah, ok it's good to know the reasoning behind it. Although it seems like people assuming what percentage of visitors will be made up by a specific os according to it's market-share would be a pretty accurate approximation.

I wouldn't feel any less comfortable with attackers knowing that I have x% probability of running a specific os since I already assume they are picking their targets based off of similar data but I suppose it's a case of avoiding doing anything that could potentially make members here a higher priority target than usual.

I'm not arguing for releasing the statistics at all. I just wanted to better understand the risks surrounding them for future reference.
__________________

AMD Phenom II x4 955 Black Edition : Asus M4A89GTD PRO : Corsair 550VX
G.SKILL Ripjaws 4x2gb DDR3 1600 : MSI Geforce GTX 770 2gb : Antec 300
OCZ Agility 2 60gb SSD (OS) : SanDisk Ultra 120gb SSD (Apps) : Crucial M500 240gb (Steam) : Win 8.1 Pro 64bit
2x Samsung 2494LW & 1x Dell U2312HM Eyefinity

Lenovo ThinkPad X220 : Core i5 2410M : 12.5" 1366x768 IPS LED display : Intel 320 Series 120gb SSD

Samsung Galaxy Note 3 stock 4.3 : Nexus 7 2 stock 4.4

Puddle Jumper is offline   Reply With Quote
Old 04-19-2010, 05:10 PM   #16 (permalink)
Master Techie
 
Join Date: Mar 2008
Location: Logan, WV
Posts: 2,503
Send a message via AIM to wafflehammer
Default Re: rss or mobile?

Quote:
Originally Posted by Mak213 View Post
Even posting that information can be hazardous. I mean just look at the Windows update cycles from the time a known exploit is released and the patch comes out. Your talking about a month's time that someone could know exactly how many users they could easily infect with a specific exploit before it is patched.

So lets say that All Windows versions are at risk. That means by posting that information that 80% of our members would be at risk of someone knowing that they are at risk and that they could be subject to an infection from just visiting our site.

Could you feel comfortable knowing that could happen to you? Now imagine you are a first time visitor and it happens. What are the chances you come back?

kmote is right about the user agent string, and i can tell you that it isnt that hard to dupe that little detection mechanism either.

The fact is it isnt going to happen. We are not going to release the information about how many of our users use a specific OS. With the amount of viruses that are out there, exploits that are found almost daily for so many different version of all OS's we are not willing to risk our members safety so people can have some information that isnt necessary for anything relevant to them. Just to fulfill their curiosity.

I will find out about the % of people checking from mobile devices, as that information can range from a phone to an iPod touch and so on that it is very difficult to arrange an attack against a specific device. But as far as the OS debate goes, it aint happening. No amount of griping, no amount of trying to sway that decision is going to work. Sorry but that is the way it is going to be.

Good point about it. It seems like this information is pretty harmless...but it does give them a clue. "Oh 30% of the users use XXX OS..that means I have a pretty good chance and if that fails another XX% use XXX OS".

But more on topic, I do visit T-F regularly on my phone when I'm waiting on class to start. And the site is a huge PITA to get anywhere. Really big on a phone screen, have to scroll forever in order to get anywhere, loads freaking (like it'll have the same layout as it does on PC...but the thread titles will be centered instead of against the box thing), etc etc. So yea, I think it'd be pretty cool to have a mobile version of the site.

I'd rank it more as a luxury than a necessity though.
__________________

Core i7 920 @ 3.0Ghz
GIGABYTE GA-EX58-UD5
6gb G.Skill 1600mhz/9-9-9-24
Corsair 750XT
EVGA GTX 260---216core
WD 640gb
14590 3dmarks @ stock
wafflehammer is offline   Reply With Quote
Old 04-19-2010, 06:51 PM   #17 (permalink)
Grandfather of Techist

\_(ツ)_/
 
Trotter's Avatar
 
Join Date: Jan 2005
Location: The South
Posts: 31,307
Default Re: rss or mobile?

Having a mobile version is still something we want to do. I've said it before and I will say it again. I'm not sure how vB4 is situated for setting up a mobile version but if it can then it would make that possibility much more likely when we upgrade. Right now we are waiting for vB to work out the bugs before we dive in blindly.
__________________


My Rig: SABLE
Antec 300 Illusion / Antec EarthWatts EA650 650W / ASUS GeForce GTX 960 GTX960-DC2OC-2GD5
AMD FX 8320 x8 Black Edition / Gelid Tranquillo / MSI 970A-G43
Sandisk Ultra Plus 128GB / Samsung 840 120GB / WD Black 750GB / WD Green 1TB
2x4GB DDR3 1600 - 2x2GB DDR3 1600
Win10 Ent 64-bit - Mionix Naos 7000 Mouse - CM Storm QuickFire Rapid Mech Keyboard


R.I.P. Danny L. Trotter ... 14 Nov 1945 - 4 Sept 2009
Trotter is offline   Reply With Quote
Old 04-19-2010, 06:52 PM   #18 (permalink)
Master Techie
 
Join Date: Mar 2008
Location: Logan, WV
Posts: 2,503
Send a message via AIM to wafflehammer
Default Re: rss or mobile?

Quote:
Originally Posted by Trotter View Post
Having a mobile version is still something we want to do. I've said it before and I will say it again. I'm not sure how vB4 is situated for setting up a mobile version but if it can then it would make that possibility much more likely when we upgrade. Right now we are waiting for vB to work out the bugs before we dive in blindly.
yea...never did think of that. I'm sure forum based like vB would be a lot harder to convert then just plain html
__________________

__________________

Core i7 920 @ 3.0Ghz
GIGABYTE GA-EX58-UD5
6gb G.Skill 1600mhz/9-9-9-24
Corsair 750XT
EVGA GTX 260---216core
WD 640gb
14590 3dmarks @ stock
wafflehammer is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 09:14 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.