Wikipedia:Reference desk/Archives/Computing/2012 August 1

= August 1 =

Google + Opt Out
Is there a way to opt out of Google+? I don't have time to clear my inbox of emails I keep getting, telling me someone I wrote to once months ago has decided to share some irrelevant crap with everyone in her contact list. This is Buzz, all over again. KägeTorä - (影虎) ( TALK )  08:21, 1 August 2012 (UTC)


 * You can't opt out of others' mailing list. You can just filter them out using a keyword, if these messages have some common text (like "irrelevant crap brought to you by Google")OsmanRF34 (talk) 11:19, 1 August 2012 (UTC)


 * You can disable Google+ email notifications or you can delete Google+ entirely. -- BenRG (talk) 15:17, 1 August 2012 (UTC)

Risk of sharing a wi-fi network
If several users are sharing a password protected wifi network, all of them using the same password, can users decrypt each others' packages? — Preceding unsigned comment added by OsmanRF34 (talk • contribs) 11:46, 1 August 2012 (UTC)
 * Per this discussion, which I found by searching for "encrypted wi-fi sniffing", the answer is "yes" for WEP, "yes if they saw the initial connection handshake" for WPA[2]-PSK (the usual home configuration), and "no" for WPA[2]-Enterprise. -- BenRG (talk) 15:10, 1 August 2012 (UTC)
 * The above is good. But I wonder if the OP is considering other potential issues where security could arise. If users are sharing the same wi-fi they are going to be physically close and other possibilities arise like visually observing, Bluetooth(an issue for some phones), indirectly via computer equipment you may share such as a server, a local drive or a internet gateway or if your computer has been comprising in the past various local tracking software. Regards, SunCreator (talk) 19:41, 1 August 2012 (UTC)
 * Security is only as strong as the weakest point. So locking the front door could result in an entry via an unsecured window. Many such windows are possible in addition to the above someone could be recording your keystrokes if you use an unsecured wireless keyboard, thankfully most wireless keyboards these days are secured. Regards, SunCreator (talk) 19:55, 1 August 2012 (UTC)

Does logging in through the secure server stop my workmates on the same network from also being logged in under my account?
I am a registered user but I never post here while logged in when I am at work. I think my section header says it all, but let me make it crystal clear. If I log in through the secure server, if one of my workmates, who is on the same network as me, i.e., they can access my mac from their mac, goes to Wikipedia, will they then see themselves as logged-in under my account? I hope that's clear enough. I can't really describe the exact type of network connection we have because I don't understand that stuff. I am also aware that there is an easy way to test this, just log in and then go to another computer and go to Wikipedia to see, but I cannot do that. We don't use each other's computers at all. Please DO NOT leave any message on this IP's talk page that one of my officemates might see if they happen to visit here (they would get the "you have new messages" bar and be alerted to this post). Thank you.--108.14.204.172 (talk) 18:28, 1 August 2012 (UTC)


 * So long as they have different accounts on their Mac, they will not be logged in as you. Wikipedia keeps track of your username using a piece of text called a cookie that is saved in your user profile. Each user on a computer (or domain) has a separate profile. You do not need to use the secure server. It only encrypts the data (thus preventing people from maliciously eavesdropping on any traffic you send and receive from Wikipedia). So, unless you are worried that they will try to steal your user name and password wirelessly, you won't need to use the secure server..&mdash;Best Dog Ever (talk) 18:40, 1 August 2012 (UTC)
 * Ah, thank you. Yes, each mac has its own network name and when I want to get something from their computer I have to go to their computer's name. I do know about cookies, though I did not know they wouldn't be accessing my cookie through my computer if they were connected to it. Thanks.--108.14.204.172 (talk) 19:02, 1 August 2012 (UTC)

dreamincode.net - compromised?
Hi All,

I just had a bad experience, I was searching on google for this term "vb 2010 write hosts file" and the second result was a forum post in dreamincode.net which I knew from previous research to be a legit site, so I loaded up the top 3 result in new tabs like I normally do. Lo and behold i caught a quick glimpse of the dreamincode forum link loading a java applet. My bad at this point was not having any antivirus (I have kept my laptop clean for the past 2years without any) and so I was too late to stop it, it launched a couple of trojans (including a fake flash update).

I was able to clean my laptop, and I wanted to report that link to DIC but even their 'Feedbak/support' link (footer) pointing to  http://www.dreamincode.net/forums/forum/106-site-questions-support/  was redirecting to  http://vialsalud.com.ar/67834678.html

Question is, why does the link still point to something in DIC but is going someplace else? is it a .htaccess exploit of some sort?

tia PrinzPH (talk) 19:11, 1 August 2012 (UTC)


 * Have you checked your own HOSTS file? It doesn't redirect for me, I suspect it is something still wrong with your own machine, not their site. There isa discussion of it on DIC; it was some kind of SQL injection hack, it has been fixed there, they are well aware of it. --Mr.98 (talk) 21:37, 1 August 2012 (UTC)


 * Weird, I checked my hosts file it only has the default localhost 127.0.0.1 entry. But right after checking I clicked on your link and the same redirect+infection happened to me again. Seems to be something server-side in as far as the redirect goes? I went through the cleanup process again, exactly as I did before and now I can view the thread (which apparently does label it as a server-side thing). If anything this experience taught me to keep java off unless I explicitly need it :P One of my buddies had an add-on for firefox which blocks applets (like video) until you click it, any one know what it's called? 71.21.62.217 (talk) 00:24, 2 August 2012 (UTC) lol forgot to sign in PrinzPH (talk) 00:25, 2 August 2012 (UTC)


 * It's not happening at all for me. I really do suspect it's on your end. I see nothing in the code on the server that suggests its on their end. (What browser are you using? Chrome by default doesn't enable Java globally, you have to approve it for every domain.) --Mr.98 (talk) 02:05, 2 August 2012 (UTC)


 * Try clearing your browser cache. For Firefox try NoScript. There are other add-ons like Flashblock but I think NoScript is better. If you want you can configure it to enable Javascript for all sites and only block Flash and Java. -- BenRG (talk) 06:34, 2 August 2012 (UTC)


 * I attempted unsuccessfully to replicate this in a virtual machine—I figured I'd go ahead and analyse the crap it downloads anyway, though, so I pasted in the malicious URL directly. No dice—it 404s, so presumably the exploit page has been taken down. dalahäst (let's talk!) 09:08, 2 August 2012 (UTC)

Thanks for all the responses and attempts to look into this. Based on the thread linked by the ever helpful Mr.98 it appears that they fixed it at some point, the hacked was attempted again, then fixed a second time. I was/am using Firefox, and I installed NoScript which will hopefully keep these kind of exploits from happening (to me) again. Just as FYI for those who are curious though the Trojan the malicious urls dropped was Trojan.ZbotR.Gen. Sigh, 2-years of playing carefully and this has really driven the point home that anti-viruses still are pretty much a requirement. PrinzPH (talk) 20:58, 2 August 2012 (UTC)

Addendum: for the likes of dalahäst who seems to be interested in the specifics of this attack they published the source here: http://ideone.com/6Jm1u PrinzPH (talk) 21:01, 2 August 2012 (UTC)