Re: Sounds like a job for:
... or xkcd's "What If?" blog.
195 posts • joined 9 Nov 2007
... or xkcd's "What If?" blog.
So, some security agencies are trying to disable security software in order to keep us all secure (from whatever threat of the day may be). And some of these security software companies apparently don't need to be fought/hacked/persuaded for unclear (read: obvious) reasons.
Seems to me that there are a number of different definitions of "security" out there.
"I go down to Speaker's Corner I'm thunderstruck [...] Two men say they're Jesus – one of them must be wrong..."
Ordering all federal website to use HTTPS does _not_ mean they want to ensure the users' privacy. It just means that since they have the data anyway (they're running the servers, after all), they just want to make sure that nobody _else_ gets to listen in too.
While still a good thing for users (and encouragement for other sites to go the same way), just don't be fooled into thinking that this will make your traffic more secure against official US snooping.
I know, for most readers of this comment this is obvious - but not for the general public. The just see the shiny lock icon or green address bar and think they're "safe."
... with any browser other than Firefox.
Will be fun to see these statements popping up again just like in the old days.
Oh, and good luck trying to upgrade all these appliances with their built-in webservers to support HTTPS.
See... and you thought prohibiting the export of <del>working</del> strong encryption in the 1990s would never pay off...
The DMCA is a rather large piece of regulation. It contains both the takedown notice mechanism (the Online Copyright Infringement Liability Limitation Act, which I guess is what you're referring to) and the WIPO Copyright and Performances and Phonograms Treaties Implemention Act, which makes it illegal (criminal) to circumvent copy-protection measures and such. There is no "DMCA order" involved here; it's just that the attorneys are threatening that what IOActive plans to do would be a criminal act.
That's the way I understand this whole issue.
Looks like Apple didn't send a batch of free watches to The Reg or iFixit. That would explain the weird arguments like "not offering an upgrade program". What was the last watch you bought that comes with a way to "upgrade" it? Or which smartphone, even (other than upgrading the software)?
And sure, if you can't upgrade it, it must be "obsolete" in 10 years. "Unlike most watches", of course. Who makes that stuff up? Any digital watch technology is outdated after 10 years (oh, and mechanical watch technology too, btw.) Would you call a chronograph built 20 years ago "obsolete" and toss it into the trash? Because you can't "upgrade" it? OTOH, Apple's watch is more closely related to a smartphone than to a watch, and of course you can (hardware-)upgrade smartphones. Right?
Reg, your Apple-bashing is funny up to a certain point, but at some point it's enough already.
What's wrong with that?
What is wrong with that is that the average Dell customer won't ever visit the Dell website and run the DSD.
Do I really want patches applied to my servers without a chance to review them?
Nope, but you want at least a notification that a patch is available that fixes a quite serious vuln without having to active look for updates.
I wonder why so much focus is put on the part that the router was meant for home use and not SMB. Would that have made a difference if it were a home network (not a few people use Asterisk PBX at home too) ? Yes, one difference: The SIP passwords would more likely have been "123456" instead of 256 bit.
Also, there are more than enough valid reasons to use SIP on the same subnet. One of them being that you might want to use software-based SIP clients.
To me, the router is broken. A firewall is not a firewall if it doesn't obey its configuration. And enabling UPnP funtionality when UPnP is off (if it is true that the router actively searched for a SIP device, then it's probably not really UPnP, but even more troubling), in my eyes, is "broken" too.
"Sure, Sir, that belt you just bought doesn't work, but it's you own fault that you didn't wear suspenders too."
That is exactly what the collection agencies are asking themselves these days; they slowly become aware that they are not the only way any more for an author to earn money with their works. So, in order to protect their income and power, they lobby the MEPs to create a law that effectively disowns the artists by forcing them to sell their works exclusively through them.
And it looks like they'll win; after all, they're "protecting" the artists from "exploitation". That's so somple that every MEP and even "H-Dot" will understand that.
... how compatible it is with the DMCA rules to make a complainant accept arbitrary conditions in order to "accept" a complaint.
"By submitting this complaint, you agree to your SSN and credit card details being sold on a chinese black market website. And also, we sign you up to our newsletter."
This story has a less technical viewpoint than expected (for me at least). "Keyless Vehicle Theft" means theft without a key (which I'd guess covers at least 95% of all car thefts). Not necessarily a keyless car. While the Met police article links to another one on the methods of stealing keyless cars, I'd guess this is the exception rather than the rule.
So, read "keyless" as "jamming a screwdriver into the ignition lock" rather than "mad scientist cracks OBD encryption key using an abacus and duct tape" in most cases.
I still wonder how complicated it really is to forge wireless keys from the available data (via OBD).
Yep... "Success Starts Here"...
"... and if you have finally succeeded, we'd like to have the money you have earned. Thank you."
Can anybody enlighten me on how anybody who has been on this planet for longer than six weeks would ever invest large sums of money into a Hong Kong-based sub-company of another company that has a "sole director" (who apparently does more successful business on Virgin Islands), promises extraordinary large gains, and that requires you to bring new marks into the game (sorry, "sign up new investors") in order to get your money back?
And how these people have made a fortune (apparently) while being that stupid? I mean, come one, they cannot *all* have inherited their wealth, can they? Lottery winners, maybe?
I suspect that what they do is to scan the black app markets for anything malicious that uses the name or look of any of the top apps, and if they find one, voilá, "WhatsApp has been HACKED!!!111!!!"
Try to offset the actual number of malicious or really "hacked" instances of downloads to the total number of (legit) downloads of those top 100 apps, and come back when you have real numbers. Thank you.
I'll take that report for what it is: advertising disguised as a "press release."
Read the article again - it reveals the WiFi credentials.
I admit that I'm clueless when it comes to Android, but can a "zero permissions" app really initiate a phone call? If that is the case, then this Speak'n'Steal attack appears to be not the only security problem...?
... funny what a name can do. Most "FOI" laws are actually the opposite - a means to prevent disclosure of information. It gives the public bodies a "tick all that apply" list of excuses on why it won't disclose anything. I wonder what judicial oversight is on this process; a potentially wrong election result vs. "commercial sensitivity" –– guess which one wins...
"This government was brought to you by ACME Inc."...
That would be the Apple Death Knell™ #65, right?
"In other news, Fred Wilson announces new startup that has something to do with the cloud and does think about data."
"...that if visibility is reduced to three metres, [...] even top end cameras couldn’t see beyond 10 metres."
No, dude. If the visibility is reduced to three metres, then top-end cameras can't see beyond 3 metres. That's what "visibility" means. OTOH cameras tend to be mounted a bit higher than eye level which sometimes improves visibility in smog a tiny bit.
But to me the idea of improving visibility by software sounds a bit like "24": "Can you zoom in a bit on that pre-recorded QVGA CCTV picture?" - "Sure, here it is, I've converted it to 4k resolution for you. Would you like me to switch on 3D?"
A good voting app should show the results as soon as they have been determined. If the results have been <del>fixed</del> determined that early, why not let the public know... The OECD will be impressed with this level of transparency.
... the traveller is supposed to (a) pay a premium and (b) *list* the contents of their luggage (guys, looks like you need to add a few fields to the Passenger Name Record), and as a reward the airline won't lose your luggage. Or at least, they'll notice when they do.
"What a nice suitcase you have... would be a shame if anything happened to it, no? How about joining our new RFID-tagging program for a small fee, and we'll make sure nothing... "bad"... happens to your luggage...?"
... or are there other explanations for the fact that I actually had to browse to the _second_ page of comments to find the first Hitchhiker reference?
Anybody want to mail him this URL?
He'll probably sue Google afterwards.
OK, if they really sent out up to 840k messages per day (which seems a bit high to me), let's assume they did on average 100k messages per day and operated this for, say, one year, roughly 200 days (without the weekends and such). That makes some 20 million illegal text messages. A fine of 440k makes the steep price of £0,000022 per message. This is probably less than 1% of what they paid their operator.
So that's what "new powers to levy heavy fines" means. That will teach them. They will probably never do this again.
So, "relevant authorities" said that "no purpose was served by notifying members". Oh, OK then. After all, they are authorities, and relevant. So they must know best. After all, who wants to know that crooks have lifted your debit card details and all kinds of personal info...
"... or record how someone connects manually for the benefit of other users."
I don't see what could go wrong with that technique... until one day a not-so-public, not-so-free Wifi AP somehowm manages to get onto their list of "Wifi Hotspots" and <del>snitches</del> records the login of some poor soul.
Well, duh, it's called a "language", not "naming convention." Get yourself a Farsi dictionary, Mr. Kemp.
.. the kit, not buying it, for export?
"The defendants tried to take advantage of America’s free markets to steal American technologies for the Russian government."
Well, the music industry has already tought us that "stealing" does not mean "take something away from someony without paying", but rather "buy something, pay for it, and then do something with it that the seller [or a third party] doesn't like." Looks like the DoJ likes this particular piece of newspeak.
Next up: Classify the purchase and smoking of Cuban cigars as "arson". Or, better yet, as "terrorism".
I once had a can (same stuff of a different brand) exploding due to corrosion on the bottom edge of the can (apparently caused by the leaked stuff slowly eating away on the can's paint.) Anyway, the artful pattern on the wallpaper in my living room was a thing to behold.
It happened at night, though, so my eyes are still fine. Anyway, since then I keep that can in a plastc bage when not in use, just to be sure.
Sounds like a good idea. Make sure you tell the folks over at Dropbox...
... did I read that right? "the advertising world would regulate itself and honor "Do not track", so long as browser manufacturers didn't make it a default setting"...?
In other words, when browser makers are starting to enable privacy by default, the ad industry sees that as a license to ignore user privacy preferences completely?
If you need any more reasons than that to enable DnT and privacy modes globally, you must be working at the Facebook HQ.
... to include the Parkes radiotelescope in that system. It's known to pick up terrestrial, umm, "interference"... for example, from handheld radios - as shown in the movie "The Dish".
Westworld? No, rather Eureka! A town full of boffins testing the newest gadgets... Where can I apply?
... can you please stop trying to get an "all access" pass to our data?
ACTA, SOPA, PIPA, RIPA, CISPA... can you *please* stop it, now?
Giersch tried to register a trademark for "GMAIL" in Germany in July 2005; in October 2005 Google filed a protest citing "Identity of marks and G&S Likelihood of confusion Earlier sign & right to prohibit use of later TM under national law Earlier non registered TM & right to prohibit use of later TM under national law". He later withdrew the TM application.
I suspect that was the basis on which he lost the domain, as it would show that he knew about the existence of Google's trademark.
<yourname>@gmail.com (and, hopefully soon, @gmail.de) is a valid Google mail address (resolves to the same account as the corresponding @googlemail.com address).
Proven wrong :)
... Eugene, OR, then?
"Western colonialist media wannabes" - you can't make that stuff up.
"... wrapped up by saying that the children get lots of money for their Holy Communion and should consider giving some of it to the church."
Sure, p0rn site subscriptions are expensive these days...
... and looking like some cheap Chinese knock-off Mac mini clone.
And the website looks like a flashback to the 1980s. Was half expecting the "Best viewed with Netscape Navigator and at least 256 colors" badge.
I hope that post was meant to be sarcastic.
On 2.4G use channel 13 if you can as it takes the WIFI off the Radar for older hardware.
Sure, as the bad guys are known to go wardriving using ten-year old laptops.
Add spaces to the key (I believe this extends time to dictionary brute force but is easy to remember).
If you have a key so simple that a space adds to the entrophy, better leave your network open. OTOH, if you see a van parking in front of your house and hear hysterical laughter coming from it, you know your network has just been pwned.
... maybe slapping your hardware a little less would help...
I like that idea. I'll ask the next candidate I have to interview for their Facebook creds. If they hand it over, the interview is over.
Because next time they're asked by someone else, they'll probably hand over the creds to their account on _my_ server.
I strongly second that. Their Java GUI is a mess, unreliable, and, well, it uses Java. In short: I hate it.
... tell you which drive is "possible" and which is not. As in "the GPS insisted the drive was possible".
That's what the extra warning message says that you have to confirm each and every time you start up that thing. Which was invented due to such idiots.
As a SatNav maker I would sue them for such idiotic statements.
... can you report a mobile phone stolen without identifying yourself to the police properly? I mean, "name, telephone number, and other pesonal information" probably wouldn't cut it here in Germany. If you're not showing your ID card, passport or other solid identification, that wouldn't work.
And it's illegal, too (well, maybe not yet, but probably soon.)
OTOH, what better way is there to teach kids about IP than to rip them off like this? "What, your parents have a copy of this pinned on the fridge? I'm calling the police right away..."
"I'll be saying, over and over again in my car, 'Call the Lark Creek Steak House,' and I can't get it done." Wonder how many times a week he's trying to call that Steak House :)
Those who sent out that email are as clueless as those who wrote the response. Might be the same person(s).
What made me really laugh: "... before deciding what action, if any, needs to be taken ..."
"if any"? Really? How about, umm, teaching your staff on how email works, what data protection means, how they DID disclose confidential and sensitive data, that they HAVE to inform the ICO, and why the data they handle is especially sensitive...? Just for starters?