182 posts • joined 20 Oct 2007
the correct fingerprint is stored on the card and it is likely a canny thief could reprogram the card, or take a copy of the data stored on it.
This particular attack is very unlikely. EMV cards are quite good at preventing the leak of data stored in the chip (otherwise it would be easy to clone, and we don't hear much about that).
Making a gelatine "fake finger" from a fingerprint is relatively easy, and will defeat best mass market readers. It is easier than chopping off fingers. But still more difficult than simply eavesdropping on the pin entry.
Faraday cage will not help
Assuming the "remote kill" functionality is set up, the phone needs to be (1) FDE encrypted, (2) not rooted, and (3) have a system app that simply turns power down if it cannot connect to the "remote kill" server for a long enough period of time.
Miscreants will be hard pressed to find bash on embedded systems
- they usually run busybox(/ash) or some other "lesser" shell.
"Real" servers, and especially hosted VMs that boot from pre-built system images are probably more lucrative.
Does it promotes or prevents competition?
Let me get it straight.
- Vodafone has introduced "mobile money", with great success.
- Some local bank(s) decided to introduce their own mobile money, to compete with Vodafone.
- Vodafone tried to prevent banks from doing that, on the pretext that the technology proposed by banks weakens the security of the SIM.
- Court gave the bank(s) green light, so both parties can now compete for the customer.
- There is no sign (so far) of the banks trying to outlaw Vodafone's service.
on utopic, is apparently available in the 'universe', i.e. it is again a part of official Ubuntu.
(mate vs. cinnamon is a matter of personal preference, mate being a "resurrected gnome 2", and cinnamon - "reversed gnome 3".)
Meeting the goal with just two days margin is very... precise! Cheers!
Re: Dear Google, please!
Right! I mean, do we have to wait FIVE YEARS for this bore to be killed at last?
Re: I don't like it.
I'm not convinced about NFC payments though (via card or mobile) how is this safer than Chip and PIN?
NFC payments are not safer than EMV (known in Britain as "chip and pin"). Cards use basically the same messaging protocol over the wires and over radio. NFC is equally safe, but more convenient.
boost or death
"The mobile payments world has hailed Apple Pay as the start of the mobile payments revolution, something which happens about as often as Voyager 1 “leaves the solar system”, but it could be the death of the technology. Apple Pay is (surprise!) an Apple-only system and doesn’t offer any way in for the operators.
On the NFC side, Apple Pay is standard EMV over NFC, like the bank-issued contactless cards. And like Google Wallet. If proliferation of Apple Pay makes the merchants rise their collective back-side from the chair and upgrade POS terminals, that will be a boost for all other NFC payment systems.
Re: On what planet does The Guardian recruit?
I will concede that revenge porn is new
The idea is not: http://en.wikipedia.org/wiki/Nunc_Dimittis_%28short_story%29
... Not that I disagree with the rest
Re: Hold on a second... IMEI Blocking?
Well, it is much easier to protect IMEI against reflashing than the OS image.
Re: Hold on a second... IMEI Blocking?
Exactly. Why force vendors to install software feature that is difficult to use and easy to abuse when you can force operators to keep track of IMEI last used by a customer, and if the customer reports theft to police, add it to public blacklist?
Both the argument and counterargument in this debate are just stupid.
Just a nitpick: it says "Ad Adstra Tabernamque" near the bottom of the kickstarter page.
Even if you where able to get to 160 km altitude by balloon you'd only save 20% in delta-v. 7.8×10³ m/s is quite a lot to gain...
But, hell, that would be something!
I guess it was (semi?)deliberate. But I wish they hadn't done it. It's pain enough to see in reddit comments.
Good for them, and for Yubico
Yubikey is much more convenient to use than traditional TOTP tokens (or google authenticator on the phone) where you have to type in the the code from the token's display. Good publicity for Yubico, too.
Targeted vs. opportunistic
The stance "if you are a target then this technology won't help you" is red herring.
Of course it will not. If you are targeted then (presumably) you know what you are doing, and know how to protect yourself.
The point of technology similar to this is to thwart NSA-style opportunistic eavesdropping rather than CIA-style targeted operations. As long as it works - job done.
OpenWRT has native ipv6 support, as well as support for a number of tunnel brokers, for I don't remember since when. I have ipv6 on my home system with Kamikaze up and running for several years.
Surely a typo?
unduly prejudicing GPNE or confusing the jury.”
Otherwise, I agree with those who pointed out that "patent troll"/"nonpracticing entity" is a distraction. "Real" company using patents to prevent competition is no lesser evil than a troll collecting patent rent.
Thanks Mr. Worstall for spelling the word of reason! Data gathering in the interest of commerce has indeed quite different implications from data gathering in the interest of the state.
But, monopolization of commercial data gathering greatly simplifies state data gathering, and for this reason is dangerous. I share the view that we'd be better off if more of our Net life happened in distributed systems (similar to email) and less - in centralized (similar to Facebook).
is to my experience the best in the class that you describe. I've been using IXUS 80is for several years, recently replaced by Powershot SX280hs. The picture quality is quite good for the size/price, looks very decent on a 30x40 cm print. And especially ixus is quite sturdy.
Anybody remembers SFCave
or its knockoffs? They've been here, like, forever. I remember playing on Palm Tungsten. Admittedly, the ribbon that you had to direct through the tunnel did not flap its wings, though. Sunflat is still alive, though I am not sure that there weren't any earlier versions.
(I want an icon of a man with long grey beard)
I will tele-toast from 2500 km away
Re: It's all about balance of payments
That's right, paying per Gb (or having capped tiers, like I have from my provider) is the way. The consumer should pay fair price for the service. That is capitalism.
By the way, the top tier, 100Mbit symmetric without caps costs under $30/mo where I live. Admittedly, we have multi-story buildings, so providing the last mile is cheaper per user than in the US.
Do they call it free market?
Suppose I am a customer of Comcast's rival, let's call it "YMission". And I pay subscription to Netflix. It means that part of my money goes to help the rival of my provider, who does nothing for me. Why is it legal?
That is not to say, the content providers create the market for the ISPs, making the customers want to have Internet access. If anything, its the ISPs who owe to the Netflixes.
This does not look like capitalism at all.
Not only that
There are not many people in the world who can pull this off
and most of them know each other, I think. Their effort just might be sponsored by an organisation for which some of them work, but I think it's more likely that they decided to do it for fun, to amuse themselves and to recruit like-minded people into their circle.
do you mean that on Windows, you allow some third party application to delete your files without asking your permission?!
An that application is closed source, developed by a Russian company owned by a guy alleged to have ties with Russian secret service? And famous for advocating for compulsory real identity on the Internet?
Please, please, Please let us see the match!
goes to fetch popcorn
Re: I expect to get a zillion downvotes but...
"the NSA probably are after something is flagged it will inevitably end up at the hands of another person who has not been given explicit permission to read your email"
Just as a thought experiment, imagine that NSA establishes an automated system that scans emails, searches for specific signals, and notifies human operators that the people involved are suspect. Without presenting actual emails to the human operators. According to your line of thought, that would be acceptable, no? Human-free system at Google learns something from users' email and make decisions about advertising tactics. Human-free system at NSA learns something from users' email and makes decisions about investigatory tactics. I don't see much difference.
On a second thought,
Bring Ariadne to Spain for a quick holiday, and let her do the job herself!
+1 David Stockman's
because it is:
- reminiscent of a bikini
- is red+white+blue as Union Jack
- has the Vulture logo (and in the right place too!)
If Angela Merkel or any other European leaders are so outraged by the NSA practices, they surely ought to show some gratitude to the person who made evidence of such practices public, and give him political asylum. No?
Because they where not the spooks
In Russia, spooks basically get everything that they want without asking anybody, under the "СОРМ" (SORM) legislation. In this case, the company stood up to a request for data that came from somebody other then spooks, i.e. financial authorities. Nothing to see here, move along!
Re: Reply @Rascak
Accessing yahoo mail via IMAP (and presumably POP) is free, this is how I reach it from Android.
For that matter, you can perfectly access gmail with an IMAP client too.
Tape never died, it was just rewinding
Re: TCP/IP has been multi-path from the git-go.
@jake, err, no it hadn't
Sure enough, IP has always been, and is now, multipath. TCP session, however, is defined by the quadruple of source and destination layer3 addresses, and source and destination (layer4) ports. For a host with multiple interfaces that means one TCP session can use only one interface (at least, the incoming packets can only arrive on one interface). What they are talking about here is having different packets with different pairs of source and desitnation addresses belong to a single TCP session. Standard published in January 2013: http://tools.ietf.org/html/rfc6824
Social network != "Social network"
Someone on reddit makes a good point:
A lot of people commenting are confused by how New York Times is using the term "social network." They're not talking about Facebook, Myspace, etc. They're talking about the NSA secretly building graphsyour real-life social network without warrants: everyone you talk to, do business with, etc.
Re: Two part PIN?
Or, you could just use chip and pin.
Compromised terminal can show on screen that it's charging $10, but in fact charge $100. The only way is to build a mini display and keypad into the card.
Re: satisfied customer
Depends on who you prefer to be watching you - NSA or FSB. For non-Russian citizens, it might be sensible to prefer FSB. But keep in mind that here you don't have even the token judicial oversight of the FISA court - they just take what they want without asking anybody.
Re: sudo echo $'The Register on Pi-Lite' > /dev/ttyAMA0
When you use shell redirection, the file is opened by the shell process, that runs under the original userid. Sudo launches the command under root userid, and if it opened the file it would be able to, but it does not, it just uses stdout that was already opened by the shell. If it could.
If the command worked, it means that the file was writeable for the original userid, and running without sudo would also work. So, sudo is either unnecessary, or does not help.
sudo echo $'The Register on Pi-Lite' > /dev/ttyAMA0
will not work.
Exactly why it won't is left as an exercise to the writer.
Having a secure OS is not enough. These days, many exploits are very high level: XSS and suchlike. They never leave the browser, so the OS has no chance do deploy its defences.
Qubes mentioned in this thread tries to address this problem by sanboxing multiple instances of the browser in separate VMs.
Double speak alert
Putin said "He must stop his work aimed at harming our American partners" ("Он должен прекратить свою работу, направленную на то, чтобы наносить ущерб нашим американским партнерам"). He did not say about it being "harmful to the US" as the author of this piece interpreted it. Putin't "American partners" are not necessary the "US, the Country".
Putin probably still feels that he belongs to the "intelligence community", and perceives the US secret service establishment as his partners, so it makes sense.
- Review This is why we CAN have nice things: Samsung Galaxy Alpha
- Ex-Soviet engines fingered after Antares ROCKET launch BLAST
- Hate the BlackBerry Z10 and Passport? How about this dusty old flashback instead?
- NASA: Spacecraft crash site FOUND ON MOON RIM
- NATO declares WAR on Google Glass, mounts attack alongside MPAA