269 posts • joined 15 Aug 2008
IT knowledge? Not even close! More like a test for iPhone users on popular / current social (mis)information.
The Target exploit used the same approach by hacking through the HVAC systems that had used an unmodified admin password. Once in the HVAC system, they pretty much were able to get into the rest of the network.
From this: "A company spokeswoman told Advertising Age earlier this year that the UIDH was "privacy safe" and that it had done "everything and more" in "communicating often and clearly" about the program. "So there are never any surprises," she said."
Add $5 and you can get a nice latte from Starbucks!
Why you shouldn't use Windoze for critical systems
When will people learn? There are secure operating systems that won't be easily corrupted or compromised, but big biz seems to be intent in taking the easy way out, and screw all of the rest of us!
I used to be a U2 fan
I like their music, but this behavior on Bono's part will force me to boycott all their product, at least until he/they come to his/their senses.
So, if you get the iMmortality package, are you committed to purchasing all medical needs from the iMedicine store? I can see the disclaimer now - "Purchase of medical products and services from providers other than iMedicine will invalidate your iMmortality warranty and may have undesirable interactions with the iMmortality products in your body."
Blowing your nose in a spider silk hanky and then tossing it away after one use?
I guess HP never heard the term "caveat emptor" - buyer beware!
A small number of customers
A small number of customers to MS is probably on the order of 10 million people... As in "just a small amount of $$ was stolen from the Federal Reserve Bank - just $10 million or so".
This is why
This is why I only run Winows in a virtual machine on my Linux box. I will NEVER submit to installing ANY Microsoft OS on any of my personal gear. At least if an update bricks the VM, I can restore it to the last snapshot and continue on my merry way. Also, NEVER enable auto-updates for ANY system, Windows or other!
A look into the finances of the legislators and state governor might be "interesting". I hope they didn't sell out to big media too cheaply... :-(
Open front doors
This is akin to leaving your front door unlocked and open - basically an invitation to all and sundry that the contents of your fridge is fair game, even the Guinness... Enjoy!
What a terrible to ruin an otherwise great bit of embedded gear! Gah! Shoot me now, please!
My philosophy about secrets
There are no secrets unless only 1 person knows it. There are only "less well-known information". If you want truly secure communication with someone, find a deep, dark hole, both jump in, and then use a "cone of silence"...
Time to hack
From deployment to fully pwnd devices - less than 1 week. More likely less than a day... Maroons! Can you spell "instant gridlock"?
And the banks that launder money?
How many of their senior managers will end up in durrance vile for their nefarious activities? The number zero comes to mind...
What Microsoft refuses to understand
If you are providing critical infrastructure services to the public, you need to plan for failure and redundancy in order to provide 365x24 service. If you don't, you are remiss and should lose your business. I was responsible for the design of an application development framework (in C++) for semiconductor, disc drive, and flat panel display manufacturing systems that had to support very large installations, thousands of users, and process terabytes of data per day, where 1 hour of down time would cost the customer over $10M USD per hour in lost profits - failure was not an option. We had to design the systems to be failure-resiliant with no single point of failure at the network, system, database, or other system components. This is not easy, but it is possible - if your system has a chip, disc drive, or LCD display, then that software most likely built it...
I left Microsoft shortly after they closed their purchase of Nokia Mobile Phones (where I was working), because they still refuse to understand this. My position was Senior Performance Engineer handling 5000+ servers worldwide, and the software I designed and wrote collected 10 billion data points of performance data per day so we could apply mathematical and engineering algorithms to monitor system behavior and predict when systems, networks, and databases might fail. Unfortunately, most of the people I worked with at Nokia will be looking for new jobs soon... :-(
In my opinion, this failure of Microsoft is inexcusible. I hate to see what will happen to Azure users in the future.
The birth of Sky Net
To quote the Terminator - "I'll be back!"....
Can you spell "prior art"? This "invention": “System and method of interfacing co-processors and input/output devices via a main memory system” is what all current computers implement to move data around the system. Applying to flash memory is neither novel, nor original. Of course, the idiots as the USPTO probably don't understand the tech so they allowed the patent. I hope it is challenged PDQ.
Conspicuous by its absence
There is no mention that while this makes intrusion detection and such more difficult, it also most likely makes spying of the type the NSA and GCHQ do more difficult as well...
100M records? 75M photos
In my work experience, this is a medium size Oracle Enterprise DB. Somebody screwed the pooch, and I don't think it was Oracle.
Who reads that cruft anyway?
"Last year, a US judge threw out a similar data privacy lawsuit, after ruling the plaintiffs had failed to show any evidence that they had bothered to read Apple's privacy policies before they bought their iPhones."
Re: Google Mottos
Yeah. That pretty much sums it up - and to think that I once thought about taking a job with The Chocolate Factory... Of course I would have had to relocate to the Silly Valley (been there before), but my wife wasn't interested in moving. She worked at SLAC in the 1980's, but they aren't doing anything interesting for her physics (PhD in particle physics) chops.
Douglas is laughing
I think Douglas Adams is laughing at your pun... :-) And yes, I don't expect to hit my 2^7 b'day either! I hit my 2^6 a couple of years ago, but still feel like I can make a contribution to the computer software industry, although Microsoft apparently thought not since they let me go from my Nokia Mobile Phones position (senior systems engineer) 2 weeks after their purchase of Nokia was closed. Interesting that all the other grey haired folks in the division have also disappeared, except those in management positions...
It looks like time for the NHS to start migrating their systems to open source software! If MS wants to play hardball (a US baseball term - hardball is what the big kids play, softball is for the girls - sorry, but I mean no disparagement to the more attractive half of the species, and I love playing both), then let them consider what it will cost them if there was zero income from the NHS at all!
To quote the Bard - there are lies, damned lies, and then there are statistics! Having marketing people use statistics to prove a point is a pure oxymoron, and proof of the previous statement.
Personally, I want a "I don't want ANY adware on my system!" option. IE, nuke it all!
"Last year, Samsung and LG were criticised for poor Internet-connected TV security. Internet of Things insecurities have also hit home automation systems and refrigerators."
So, I own your fridge - all your bacon is mine!
For small deployments, the AWS tools may be satisfactory for some applications. On the other hand, for large deployments, there are still issues that require sysadmin, NetOps, and other competencies to deal with that are NOT easily available from Amazon, et al. We have deployed about 2500 servers in the AWS cloud, and trust me when I say that sysadmins are just as needed now as ever. I should know, since I am the one that administers just a small bit of that for our performance engineering group. We have maybe 100 servers, but they still are standard (if cloud-based) Linux servers. Who is going to set up the cron jobs, remote access, load balancers, gateways, DNS servers, etc? NOT Amazon...
Can you spell "a day late, and a dollar short"? My wife's credit card was compromised, and only becuase it was American Express was this caught. They have superior (to most credit card operators) fraud detection software, and caught this situation. She didn't lose a cent, and she has a new AMEX card as a result... Thankfully she did not use her debit card, otherwise she would have been out of some serious money!
The OS kernel is closed source
But it is VERY clearly documented. As it is a micro-kernel architecture and all applications and drivers communicate with the kernel via well-defined messages, this is not such a problem. After 30+ years developing QNX applications, I would rather write software for it than just about any OS, though its full support for the GNU compiler suite, POSIX, Eclipse, etc. means that most applications written for Linux/Android will port without much problem. I know, because I do this regularly - most of the time it is a simple recompile issue. FWIW, QNX wrote the CDT plugins for Eclipse, so if you use Eclipse for C/C++ application development, you can thank QNX!
Very good engineering
I have been a QNX developer since 1982 - I have serial number 0004. They have some of the best software engineers it has been my privilege to work with over the past 30+ years. FWIW, in the past I was an OEM of the operating system, and wrote a good bit of the TCP/IP code for the QNX 2.x OS so it could be used by the US Navy. So, it is not surprising to me that they managed this "hack". Kudos QNX!
Most users of this gear will not have any idea why their system has gone snafu, and a knowlegeable hacker will restore the system to a functional state pdq, so the user will likely be oblivious as to why their internet was down for awhile - likely that it was an ISP issue! Still, if the attack was done at an appropriate time (really late at night / early in the morning), then the target may NEVER realize that they were hacked, and only know there was a problem when they try to access the management web interface of the device at some future time. FWIW, I am a senior systems engineer at a major corporation, and have been working with many such devices over many years. I probably access my personal router's management interface once every 3-6 months...
@Eddy Ito: Yeah, the NSA and CIA (and other national TLA's) will have a field day with this! Now, just where did I put my Faraday underwear?
Removing the hard drive doesn't protect from BIOS/Flash memory infections. IE, a virus can be introduced into the computer firmware, and re-infect the system whenever it is booted, and it is virtually impossible (without special tools) to detect. We are seeing more and more of this sort of infection.
Learning, and doing
Different things. Use something like Oracle's Virtual Box to learn about VMs. Assuming you are running LInux or similar, use KVM (Kernel Virtual Machine) for production. I use VirtualBox on my Linux and Windows systems to run other operating system images (R&D or personal use), but if I need to run production systems, KVM is a better (more efficient) option.
Believe but verify!
To paraphrase Ronald Reagan... In any case, I wouldn't trust the US DOJ if they told me the Earth was round unless I got it in writing, certified and notarized, and then I have my doubts and would parse the wording of the document most carefully for caveats and loopholes. IE, never trust a lawyer, especially a government one!
Ah, the dangers of the uneducated that possesses a large vocabulary... sigh.
Yes, they were cheesy...
But they were sooo much fun! RIP Roger.
Another ACA snafu?
I suppose the developers of this web site were the same/associated with the fools who "developed" the Obamacare ACA (Affordable Care Act) web site here in the USofA?
Security and Ethics
I think Marlinspike has some good points; however, I think that Lavabit (Levison) provided a reasonably secure service, and the fact that Levison was willing to shut it down instead of compromising his customers says a lot about him as a person. Yes, his service could have been more secure, such that even with his own keys, the lock could not be picked, but to my mind, that is beside the point of this exercise.
Bringing it back home.
I was born in Oakland, but my family and I lived in Richmond back in the late 1940's until we moved to Nebraska in 1951. I feel for this family - losing a son at such an age is a tragedy. That the police have not found the perpetrators of this crime is a travesty of justice. I agree with the victim's father that the Richmond police should make sure that this case does not go unclosed much longer.
64-bit memory space
With 32-bit systems, this was an insurmountable problem. With 64-bit ones, it is a matter of memory mapping of the GPU memory into the CPU's virtual memory space. In truth, this is not a difficult problem, and the fact that it hasn't happened until now is not a "cudo" to nVidia! Although, I will admit that the issues are more likely business process related than anything else, and those are always more difficult to overcome than the merely technical!! :-)
It's a sales opportunity!
I think that soon Colorado will be the world leader in the sale of Ozium!
So, where did I put my QEMU 6502 emulator? :-)
And who'd of thunk it?
Ironically, my father's sabbatical on Maui also coincided with another solar max period - no wonder the corona photos are so incredibly awesome! I'll have to scan a couple of them and post here for all to marvel. :-)
FWIW, we spent a year in Britain in 1962-1963 while he worked on a Guggenheim fellowship there. I spent the year at Dulwich College (4th form), and got to meet, amongst his many friends in the physics and astronomy universe, people like Fred Hoyle.
Neat, and thanks!
My father was an astro-geo-physicist from the 1950's until his passing in 1991, with a specialization in the solar corona and interplanetary fields. He even presented a paper at the IGY (International Geophysical Year) conference in 1958 in Russia. I have preserved some of his awesome solar corona photos taken during a sabbatical at the Mees solar observatory in the crater atop Mt. Haleakala on Maui (1969-1970). Thanks for the reminder! :-)
Re: The ultrasonics bit sounds like utter cobblers to me.
Never heard of using a speaker as an input device? :-) You need to do some serious review of current audio system technology... Also, who uses the case speaker any longer? Even laptops have cone speakers for the most part, in order to get some sort of dynamic range out of them for audio reproduction. They may be piezo instead of magnetic driven, but that belies the point. An electric pulse/current can drive a piezo device, but causing the vibration of a piezo device from an outside source will generate an electric pulse/current as well. They are superbly bi-directional!
On my workstation at home, the only time the in-case speaker is used is for the diagnostic beeps on start up. All other audio output is via the HD audio chip set on the motherboard which drives a pair of Bose speakers. :-) Nice sounding ones they are, too!
FWIW, I have been doing serious cross-platform coding for 30+ years (including boot-loader and BIOS engineering), and with todays' systems, this sort of attack is a lot easier to accomplish. Not simple, for sure, but not impossible, and I could probably do it by myself in about 6-12 months of 100% effort. Of course, my wife would probably kill me after about 3 months, so it may be a moot point! :-)
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Analysis Pity the poor Windows developer: The tools for desktop development are in disarray
- Chromecast video on UK, Euro TVs hertz so badly it makes us judder – but Google 'won't fix'
- Product round-up Ten Mac freeware apps for your new Apple baby
- Product round-up The Glorious Resolution: Feast your eyes on 5 HiDPI laptops