* Posts by Charles 9

7449 posts • joined 10 Jun 2009

ISPs face piracy sue-balls

Charles 9
Silver badge

Re: Relax kids

If KA was complying, why were they raided and taken down?

0
1

Hilton hotels' email so much like phishing it fooled its own techies

Charles 9
Silver badge

Re: Newegg

This sounds like the reverse in this case. Someone's probably trying to establish an account in your name and used your e-mail address. Perhaps you should contact newegg and tell them you didn't create this account and that someone could be trying to usurp your online identity. Meaning you should start snooping around your contact details.

0
0
Charles 9
Silver badge

Re: Protection

"Education about the evils possible in an email helps, but it can take years to pound that through some people's thick skulls. Eventually, though, most of them will realize email isn't a happy utopia of rainbows and unicorn farts where everybody loves each other, but a dark, gritty place full of greed and malice. Mostly greed. It can take decades, though."

And for those who STILL can't get it? Especially those who happen to carry the immunity of an executive position?

And BTW, if you're forced to coddle to stupid all the time, how do you get things done?

2
0
Charles 9
Silver badge

Re: We can do better.....

And if it turns out to be someone over IT's head?

2
0

Adblock Plus blocks Facebook block of Adblock Plus block of Facebook block of Adblock Plus block of Facebook ads

Charles 9
Silver badge

Re: I find the best way to avoid adverts on Farcebook...

"The answer is in the excerpt.... feature phone."

You didn't read the whole thing. I mentioned shoddy reception. At least Facebook is a lot like SMS: it works opportunistically (and BTW, SMS costs more than Facebook over there). And compared to back home, we get off light with advertising. Ads over there are everywhere: printed on tarps, plastered on any wall where there's space, legal or not.

2
0
Charles 9
Silver badge

Re: I find the best way to avoid adverts on Farcebook...

"Someone important only has FarceBook? Which institution do they come from?"

Countries where Facebook is free and loaded on to feature phones there while the Internet (including e-mail and all that) is at a premium. Yes, it really exists; try going to some of the less opulent places in southeast Asia.

As for cutting them off, that's kinda harsh for a member of your immediate family (not to mention culturally improper over there).

3
12
Charles 9
Silver badge

Re: I find the best way to avoid adverts on Farcebook...

"...is to not use Farcebook."

And what if the only point of contact you have with someone important (like a member of your family) is through Farcebook because they don't have e-mail or a reliable telephone?

13
64

Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea

Charles 9
Silver badge

Re: Securer boot

You know that's over a year old, and the Win10 free update year has run out since then yet we haven't heard complaints about Win10 systems that are impossible to downgrade because of something like this (they can create keys that work with Win10 ONLY, you know?). Sounds like something that was backpedaled before release.

0
0
Charles 9
Silver badge

Re: "Security of Everyone" - WTF?

"Like encrypting all your files, plus all your backups if they're in an accessible disk or network drive, and then demanding bitcoins."

Nuke from orbit and then restore from an OFFLINE backup. Is it really that hard?

Some boot/EFI malwares, however, can SURVIVE a nuking.

0
0
Charles 9
Silver badge

Re: "Security of Everyone" - WTF?

"There are worse things that malware can do than install spyware/trojans into the bootsector, frankly..."

Like WHAT? The bootsector basically comes third in line after BIOS/EFI (basically State territory there; you're essentially screwed if it's in there) and the MBR (essentially the primary boot sector).

Getting malware into the bootsector essentially executes a pre-emptive attack. It gets the malware ahead of just about any software security measure you can throw at it, making it a useful attack against 64-bit OS's that have a higher degree of code signing. What can be worse than getting ahead of even the kernel?

0
1
Charles 9
Silver badge

Re: What's the alternative?

"Having a "sign anything" key was simply a terrible decision on Microsoft's part. Sure, it makes testing easier, but how hard is it to have your build system automatically pass the binary to your signing system? If they had the devices "phone home" on a daily basis checking for key revocations, like browsers do, that would have reduced it to the number of devices that haven't been connected to the public internet since the key compromise became known."

What if it's destined to be an OFFLINE system, meaning it'll have no network access? You usually don't want TEST systems on the open net; there's a risk of collateral damage.

2
0
Charles 9
Silver badge

Re: Securer boot

"Now whether OEMs wish to limit the capabilities and thus the sales potential of their kit..."

Now whether OEMs with to defy Microsoft and lose their deep loyalty discounts which may be the only things keeping their computers profitable...

4
1
Charles 9
Silver badge

Re: Actually it doesn't make much difference security wise on a laptop

Have you ever read Nineteen Eighty-Four. The pods had the capability to reproduce any cookies you tried to make. They probably also have ways of prevent your sense wires from tripping.

0
0
Charles 9
Silver badge

Re: Accidental leaking of golden backdoor keys

Ever locked yourself out of your own house? That's why.

2
1
Charles 9
Silver badge

Re: When is something insecure ?

Or unless it's locked until the time of purchase which is what Apple Pay and Android Pay both do. And if you play the Evil Pad card, I'll counter that that can successfully attach Chips, meaning NOTHING is safe at that point meaning it's back to barter.

0
0
Charles 9
Silver badge

But then the bigger question is can you really trust ANYONE...even YOURSELF?

2
1

Nobody expects... a surprise haemorrhoid operation

Charles 9
Silver badge

They'd probably have to write it off. The traveler will likely never be in a position to pay, and all remaining parties can cite legal protection or sovereignty.

0
0

If you use ‘smart’ Bluetooth locks, you're asking to be burgled

Charles 9
Silver badge

Re: Masterlock: keeping standards as low as possible

And if someone happens to walk up and ask what the **** they're doing?

0
0
Charles 9
Silver badge

Re: I use a whitetooth packet sniffer for security

"If your dog isn't a TRAINED guard dog, his loyalty and silence can easily be bought for the price of a juicy steak or other shank of meat from the nearest supermarket."

Trained or simply xenophobic. If your dog's the type that tends to charge and bark at any newcomer to the house, there may not be time for the bribe. Dog socialization can be quite specific to a family since dogs think in terms of packs.

0
0

Adblock Plus blocks Facebook's ad-blocker buster: It's a block party!

Charles 9
Silver badge

Re: Thought I'd add... (not ad)

The kind of people you're talking about, this stuff probably turns them on.

0
0
Charles 9
Silver badge

Re: There's no way publishers win this war

The publishers however, can employ techniques that are not conducive to surgical strikes.

Facebook, for example, can take the "take hostages" route (similar to unscrupulous guerillas sticking to hospitals, religious places, etc.) and simply make ads indistinguishable from content: likely by "baking it in" by putting text ads inline with articles and baking ads into graphics, then using random-looking hashed names (so they can track each visit) for everything universally so good luck with a pattern search. NOW how do you strip the ads without collateral damage?

And remember, the server can tell whether you call up something or not, and if you fake loading something you waste your bandwidth, which for many is at a premium.

0
0
Charles 9
Silver badge

"For a site with any sort of automated content, the ads will pretty much always be surrounded by some sort of standard DIV or other handy giveaway that the Ad Block regexps can sniff."

Not if the element name is random (or worse, hashed, so they know what it's about but you DON'T). How will you be able to tell them apart NOW? And before you say "I'll just watch for the word "advertisement", they'll make a graphic out of it with a hashed/random name. NOW try picking it out without resorting to OCR.

0
1
Charles 9
Silver badge

Re: Don't forget 'connected' TV's

You don't even need a connected TV. The BOX is ALREADY connected to the provider AND talks back (for plan enforcement if anything else). They're nearly more reliable than Nielsen boxes when it comes to demographics (where Nielsen is better is that they can handle multi-watcher homes).

0
0
Charles 9
Silver badge

Re: arms race @Charles 9

"Facebook is far from being the only way to keep in touch. One almost forgotten solution that has been around for more than a couple of decades is Internet Relay Chat (IRC). Set up your own private channel for family and friends and then you can have multiway chats, transfer files, etc. No need for your family pictures to become tagged, geolocated, recognized and otherwise processed property of some data slurping corporation."

You underestimate the capabilities on the other end. There, Facebook is SEPARATE the Internet on cell phone plans, which costs extra, meaning ANYTHING related to the Internet (e-mail, IRC) EXCEPT Facebook is a non-starter. And given that cell phone reception there can be hit or miss, something that doesn't require a constant connection, like Facebook, is preferred.

Basiclly put, it's Facebook or Bust. And if they're pretty much the only family I've got left, going without means going total hermit.

4
4
Charles 9
Silver badge

"When will the ad pushers realise that most people don't want adds pushed in their faces when they visit a web page?"

They DO realize it, BUT they only need ONE hit out of the unwashed masses to make it ALL worthwhile. Think about it. ONE hit among BILLIONS and it's in the black. They've essentially got nothing to lose.

2
0
Charles 9
Silver badge

Re: Simple, innit?

Basically, a fast-flux system. That's how malware barkers evade domain blocks.

0
0
Charles 9
Silver badge

HDMI can already detect when the TV attached to the box is on or off, and a little electrical magic can achieve the same for analog plugs (thus auto-sensing TVs), so that's sorted.

0
0
Charles 9
Silver badge

Re: arms race

"Not quite the only way. You can... call them. They generally appreciate a call more than a "like" anyway."

Nope. Their reception is spotty, meaning you don't know when they're in reach.

0
0
Charles 9
Silver badge

Re: arms race

"Actually AdBlock Plus Element Hiding Helper can do regexps."

But how does that help when (1) the name's different every time and (2) the legit images have the same scheme? The only way around it now is to block ALL images. And that does nothing for inline TEXT ads. And for those who think people will be turned off by them, they do it on television and people haven't unplugged en masse yet, so I don't think an inline text ad is going to make much of a difference. Some sites do it right now...successfully.

2
0
Charles 9
Silver badge

Well, that's what's going to happen. It already happens on television with inline ads. Ad companies are pressured to get to you one way or another, so they're motivated to find ways you can't avoid short of going Luddite.

1
0
Charles 9
Silver badge

Re: arms race

There are ways to make ads unblockable.

Text ads get baked inline with the article. The only way to block the ad would be to block the article, making it a pyrrhic victory and defeating the purpose of the ad blocker (you want to block just the ad, not the whole page).

Graphical ads can be given a hash name so that it's different every time, making blacklist useless from the whack-an-ad shenanigans. Furthermore, ads can be programmatically baked into images genuinely to do with the article the way product placement and ads are now baked into TV shows so that you can't skip them without skipping the program.

The nuclear option would be a clickwall, and the loading of ads (especially in-house ads) can be detected by the server without any scripting, especially if the filenames are hashed (and thus tagged per session).

Yes, I know the nuclear countermeasure would be to abandon Facebook, but for many it's the only way to keep up with remote family (because where they live Internet, including e-mail, is a premium while Facebook is gratis) or other reasons that make ignoring Facebook "Walking on the Sun."

5
3

Microsoft researchers smash homomorphic encryption speed barrier

Charles 9
Silver badge

Re: The key is not stored

"The argument from incredulity is a logical fallacy that occurs when someone decides that something did not happen, because they cannot personally understand how it could happen."

It's also called being properly paranoid. Don't trust what you can't understand, especially in a world where it's hard to trust ANYONE; you're as likely as not being taken for a ride.

0
0

How do you securely exchange encrypted-decrypted-recrypted data? Ask Microsoft

Charles 9
Silver badge

Re: Magic encryption dust

Why not just explain things in a way the average computer user can understand, because we frankly can't take your word for it (not that we can actually FIND your word on the matter, you show a list of works with your link but not a SPECIFIC link that explains how you can do part of the work with part of the key and still not know enough to decrypt the rest, sort of like how one can manage to open a door partway with only part of a key and yet not use the crack you open to get it the rest of the way.

0
2
Charles 9
Silver badge

Re: Homomorphic encryption

Except it's way too slow, especially for complex calculations, IIRC. Plus we have no assurance the homomorphic system doesn't have potential holes in it.

0
0

Boffins' blur-busting face recognition can ID you with one bad photo

Charles 9
Silver badge

Re: Privacy concerns

"You can bet your life, facial recognition will start to be used when you go in for a job interview. So, you think it's bad now... you have no idea."

I'd hate to think the nightmare scenarios this could pit for identical siblings where one is a convicted felon...

2
0
Charles 9
Silver badge

Re: Amazing

You'd need to mesh your eyes as well, then, or figure out extrasensory perception. I hear they've been making progress there, too, based on shape, distance, node ridge, etc.

2
0

Google Chrome will beat Flash to death with a shovel: Why... won't... you... just... die!

Charles 9
Silver badge

Two words: Flash EXPLOITS. At least with HTML5 the standard can be hardened against malware because it's more open and the browser makers can be motivated to compete on security grounds.

Face it. You're not going to get rid of multimedia web pages. It's what the masses want, and they outnumber you, so unless you become Dictator of the World, you don't have the power to change that. You can either brace yourself and join the ride or bail out of everything and go hide in the mountains somewhere.

0
0
Charles 9
Silver badge

Re: Last refugee of Flash?

No, given we haven't gotten there yet. Very expensive equipment tends to be a long-term investment: intended to stay put for a couple decades or so. And if you'll recall, it took a long time for the original crew to finally retire.

0
0
Charles 9
Silver badge

Re: Google Chrome 55 will effectively make all Flash content click-to-play by default

Sorry. Not Edsels, Pintos. Think gas tank fires.

So you're saying it doesn't matter if you die of CO poisoning on the driveway, as long as you get there it's still a success. Sounds pretty messed up if you ask me. That's like saying jumping off a skyscraper is a surefire way to get back to street level. You get there, yes, but not in one piece. Getting there SAFELY is an AUTOMATIC requirement of ANYTHING used by man. Otherwise, what's the bloody point? Risk is tied to effectiveness, as it describes the chance of a failure of some sort. And failures usually mean the job didn't get done: implying an effectiveness of zero.

0
1
Charles 9
Silver badge

Re: Google Chrome 55 will effectively make all Flash content click-to-play by default

But it has to get you there SAFELY, or it's better by far not to go. Better stranded alive than burned to death in the next Edsel. And since you can't fix stupid and get sued if you take the Darwin route, you're FORCED to coddle to keep the lawyers at bay.

1
0
Charles 9
Silver badge

Re: Dear Google,

"Don't download software from dodgy websites ... easy..."

Three words: DRIVE BY HACKS. They attack the mainstream sites.

2
0
Charles 9
Silver badge

Re: One down many to go

Not while content providers demand DRM or no content. Flash and Silverlight are the chief middlemen for DRM enforcement.

0
0
Charles 9
Silver badge

Re: BBC support html5 fully - just not on desktop

Even BBC News? I read lots of complaints that the Agent hack doesn't work there and the site, even on iPad, demands Flash without exception.

1
0

McAfee outs malware dev firm with scores of Download.com installs

Charles 9
Silver badge

Re: Interesting

Download.com IS a CNET site. IIRC the whole works is owned by CBS Interactive.

5
0

Facebook to forcefeed you web ads, whether you like it or not: Ad blocker? Get the Zuck out!

Charles 9
Silver badge

Re: FB force feeding ads?

Thank you. Facebook now probably has enough information to identify you. You probably haven't ID ALL of Facebook's domains, and they probably share some with legit sites so you can't block them without collateral damage. Next thing you know they'll have a fast-flux system so you end up playing whack-a-domain trying to stop them.

Basically, the only way to stop them tracking you (whether you go to their site or not) is to get off the Internet. And who knows? Maybe they'll start tracking you through the post...

0
0
Charles 9
Silver badge

"I guess next step in the ad-block wars would be to use randomly named page elements but I've not seen anyone try that yet."

I've already seen them: hashed elements so they're unique for each visit (and each visit can be traced). It reaches a point where you can't block one element without blocking ALL elements, INCLUDING the content itself which is kept in a separate frame.

0
0
Charles 9
Silver badge

""cold calls" reported for calling a TPS line - fines incoming"

Call comes from an international number: sovereignty kicks in and the fine is unenforceable.

""billboards" very few here - it's rural area - and easily ignored"

Except probably on the trunk roads which are your key ways in and out. Can you say "chokepoint"? It's certainly true in America.

""and junk mail" goes back into the post box - I don't care whether it's the advertisers or their side-kicks, the Royal Mail who pay for return to sender, they're all the same to me."

Except it's the people who pay for the mail ultimately, through postage fees and stamp rates. Keep doing that and you can expect the rates to go up, meaning the people STILL foot the bill.

0
0
Charles 9
Silver badge

Re: How does it work?

Well, they use feature phones for the most part, live in conditions where power isn't a certainty, AND they outvote you.

0
0
Charles 9
Silver badge

Re: Diaspora

Not gonna work. It's like with yacy and freenet. You get hit in the bandwidth costs. AFAIK, efficient decentralized (and possibly anonymous) networking is a physical impossibility because efficiency necessarily creates identifiable traces.

1
0
Charles 9
Silver badge

"You guys can go back to writing your own content on A4 paper?"

Last I checked, we don't have matter transporters yet and not everyone has a facsimile machine, so instant global communication that isn't point to point raises issues.

"Or you could start a movement so that everyone pays for access to sites!"

Unless your content is both high-demand and exclusive, paywalls tend to be a downvote for you, history has proven.

"By blocking ads surely your just making this worse?"

Worse to the point they have to make a leap of faith: either go all in or check out.

"You chose to use an ad blocker rather than avoid a site so i doubt that."

Wanna BET? For many, they think the Internet is becoming a cesspit and are checking out of the Internet...COMPLETELY. At least back in reality they just have to deal with cold calls, billboards, and junk mail.

2
0

Forums