* Posts by Charles 9

5717 posts • joined 10 Jun 2009

Boffins nail 2FA with 'ambient sound' login for the lazy

Charles 9
Silver badge

If your reception is so bad even an SMS is hit or miss, you basically don't have a practical second factor to work with, which means you're SOL.

So that leaves a big unanswered question. How do you do 2FA when lots of people don't even have a second factor to work with?

1
0
Charles 9
Silver badge

Re: This from a security team!!?

But you also have to consider the secure-vs-easy scale. If you try to make the second factor too onerous, people will say, "Sod this!" and look for shortcuts; failing that, they'll abandon the whole works. How do you do secure in such an environment?

0
0

You've been Drudged! Malware-squirting ads appear on websites with 100+ million visitors

Charles 9
Silver badge

Re: Isn't it about time...

Many malware are now VM-aware and are likely AV-aware (or worse, AV-sabotaging) to avoid honeypots, so they won't react to such a scan. And the give and take has an unintended consequence as well. Soon, malware researchers will eventually have to develop honeypots that mimic humans to the point they can pass a Turing Test. Once that happens, the malware writers will usurp the research and create malware attacks indistinguishable at the endpoints from humans...

0
0
Charles 9
Silver badge

Then you're not working from the inside of an enterprise. Many enterprise units contain control sites that require Flash or other compromising features just to operate. And since these frontends are attached to highly-expensive, usually-still-being-amortized hardware, you're never gonna get the bean counters to put up for replacements.

2
0
Charles 9
Silver badge
FAIL

Not without losing access to sites that require Flash to operate, and some of them are either hosts to exclusive content or are business control sites that can't be ignored or replaced.

8
0

Imation ejects its removable disk biz, hands it to Sphere 3D

Charles 9
Silver badge

Re: I'm puzzled..

RDX drives are rated better for cold (long-term) storage. Most hard drives on the market are only warrantied for 3, 5 years, maybe 7 on the outside. RDX drives are supposed to maintain their data cold for up to 30 years. They're also shock-resistant by design, as the spec requires them to maintain integrity even after a 1m drop, something that could occur if Murphy strikes during a changeout.

0
0

Samsung phablet phrenzy brings mobile payments into the age of WIRELESS TAPE

Charles 9
Silver badge

And given (1) no one's apparently tried to overload a cassette head's magnet to produce a similar item in the past and (2) the device is performing something nontrivial given no one else has tried to do it and (3) this also involves the carefully-timed emulation of a magstripe swipe which involves digital-analog conversion that does not exist in the all-analog cassette adapter, this makes it a nontrivial derivative of an existing invention, which DOES qualify for a patent.

0
0
Charles 9
Silver badge

Re: I wonder what the commentariat of this site are going to do

Just search "exploding iPhones" (all of which are sealed) and you'll get a laundry list. I recently swapped out the battery of my S4 after over two years because it was starting to bulge dangerously, so I can speak of the dangers firsthand.

5
0
Charles 9
Silver badge

No, the OP says they work at contactless range, up to a few inches. Cassette adaptors only work at contact range, right up against the playback head. I've broken open a few of them myself to see how they work.

2
0
Charles 9
Silver badge

Then the phones can use THAT. That's the point. Anything that can take a stripe can take this.

0
1
Charles 9
Silver badge

So if an American with a Chip card comes along, the retailers are SOL?

0
0
Charles 9
Silver badge

Contactless took a slide due to retailers wanting control of the transaction. Only when Apple Pay came along did it start a comeback because the retailers didn't want to snub Apple and its loyal base. As for Chip and PIN, the transition's in progress. Many retailers have installed Chip-readable terminals but haven't turned the readers on yet. Mostly it's the third-party readers that can do it right now. BTW, most of these new terminals can also do contactless, but like the Chip reader, most retailers leave it turned off on preference. As for a phone emulating a Chip card, the physics of the reader and the design of the cards will likely preclude integration.

PS. Early experience with the Chip notes that using it is slower, especially on low-value transactions, than the stripe, which may turn off some people who already have zero-liability on small-ticket (no need to sign) transactions (as do the retailers).

0
3
Charles 9
Silver badge

"No doubt that this has been patented, even though it's the same technology used in those line audio to cassette tape adaptors we all had in our cars before in-car CD players became the norm ten years ago."

Actually, cassette adapters utilize heads similar to those used by the playback, except they're used in reverse, to induce magnetism in the heads instead of detect them. Crack one open and you'll see it really isn't all that complicated. About the only things inside are the induction head, some electronics to convert the line-level audio in to a level comparable to that stored on tapes, and some takeup mechanics to ensure the player's on the correct playback side.

2
0

Sane people, I BEG you: Stop the software defined moronocalypse

Charles 9
Silver badge

Re: A better analogy

" A better system would be to garnish 50% - 75% of the killer's wages for 10 years or whatever and give it all to the victims. That creates a far higher incentive to not drive drunk,"

Or it creates a far higher incentive not to have a decent job and instead just turn to crime and the black market where everything goes under the table. The fines won't mean much if it's 75% of $0.

0
0

Rise up against Oracle class stupidity and join the infosec strike

Charles 9
Silver badge

Re: I wonder how many people who commented on this article....

He's saying Google and Android are part of the problem. IOW, people using Android mobes to comment on invasions of privacy are basically hypocrites.

1
0
Charles 9
Silver badge

Re: Civilisations?

But did any of those past civilizations have the power we have today, where a chosen few, if the need arose, could easily eradicate a few million people without much in the way of outside assistance? How would the oppressed masses feel if even their combined might were no match for, say, a nuke in their backyard? Even worse, what if these oppressors felt, in the final analysis, if they couldn't win, then MAD would be considered preferable to ceding power (Death Before Dishonor)?

0
0
Charles 9
Silver badge

Re: Industry pressure

Markets can't self-regulate because markets are run by humans...and humans, in spite of popular belief, default to irrational behavior. Essentially, they run on emotions first and logic only when the former doesn't get in the way. It's for this reason that things like lotteries (that play on inherent optimism) can make a killing. It's why you have runs on the bank and panic spikes.

0
0
Charles 9
Silver badge

Re: It can't happen to us...

"The fact that they chose to ignore the warning is purely indicative of stupidity, payola, incompetence or whatever but, now that the FBI, Department of Defense and others actually have had their fingerprint database stolen, how confident do you think they will be in the next snake oil salesman?"

Probably just as confident as they were last time. The people making the decisions now probably weren't the ones who made the decision when the fingerprint scanners appeared, have been lulled into complacency, and will willingly make the same mistakes again, banking on persistence paying off before insanity hits.

1
0
Charles 9
Silver badge

Re: Easy to bitch about other people's work

But in each and every one of those scenarios, there's something between the IT and the life involved. Since IT is mostly nonphysical, it's hard to DIRECTLY pin the blame on the IT to the point the average joe has no recourse but to blame it and nothing in between.

0
0
Charles 9
Silver badge

Re: Be careful out there kids....

"You mean something like this?"

Even that's going to be shaky. See, with IT you're mostly dealing with virtual, non-physical things. There's always at least one degree of separation between IT and your life. In this case, faulty compilation, not a flaw in the code itself, was the primary problem. It could also be one of a hundred other things between the code and the life that proves the linchpin. Yet it has to be that DIRECT connection that will make people pay direct attention to the actual code enough to make it matter.

0
0
Charles 9
Silver badge

Re: Nice idea

"That worldview is fucking appalling."

It's also the only one THAT ACTUALLY WORKS. Welcome to Reality. Why else has no other beast on Earth tried what we're doing?

"Jesus H mother of goddamned donkeyfucking christ, what the hell happened to us that we've forgotten so much, so fast?"

We've come to the realization that, in the final analysis, it's every man for himself. Nice guys finish last, and if you don't pass on to the next generation, you might as well be whizzing in the wind...

1
0
Charles 9
Silver badge

"If my country follows, it too won't be fit to call civilized either."

So what happens when ALL the countries fall down the slippery slope? Are you willing to say then that civilization as a whole is a failed experiment against the baser instincts of humanity?

0
0
Charles 9
Silver badge

Re: RE: In civilized countries

"suitcases of campaign contributions" - BZZZT!

You broke what wasn't broken. That's just the carrot. You forgot the stick of, "Do what we demand or we'll take our business (and our taxes) someplace friendlier to us!" How else do you think oil companies can get such generous tax terms except because 10% of something is better than 100% of nothing?

0
0
Charles 9
Silver badge

And I disagree on the disagree. It's happening EVERYWHERE; you just don't see enough of it on your side yet, but it HAS happened, it IS happening, and it WILL happen, inevitably, to every civilization you see. Yours just may not be that far along, but it will be soon enough.

0
0
Charles 9
Silver badge

Re: Nice idea

If "Following Orders" is the only way to put food on the table, ethics kind of takes second priority.

2
0
Charles 9
Silver badge

Re: Be careful out there kids....

"We probably need a large scale disaster, like Seveso in Europe that lead to the EU Seveso Directive for chemical plants safety"

People won't pay attention until their lives are in danger. Think of all the regulations that are in place in other industries. Nearly all of them came about because someone DIED or was SERIOUSLY HURT as a result. It's about the only motivator that matters. But since IT deals primarily with virtual, non-physical matters, it's going to take something truly extraordinary to pin IT on a death.

2
0
Charles 9
Silver badge

A civilized shithole, and the inevitable result of civilization if history is any indication.

0
0
Charles 9
Silver badge

Re: Nice idea

"Or maybe you just want to wait until the price of individual selfishness and cowardice on behalf of developers is measured in bodies."

About the only way you'll make people care is when you can directly pin security faults and so on to people dying. That's what it took to mandate seatbelts and airbags, recall cars with explosive gas tanks and ground faulty airplanes. Nothing less will do.

2
0
Charles 9
Silver badge

"Engineering in civilized countries functions this way. It's time to apply this to development, and IT in general."

But in really civilized countries, the executives have the legislature's ear with carrots and sticks, blocking such efforts. What then?

0
0
Charles 9
Silver badge

Re: "I know where your personal details went "

"Or, perhaps: "which corporation has leaked or sold your personal information today?""

What happens when the answer comes back, "ALL of them", and you're faced with a desperate need to put food on the table? Principles are tough to defend when you're starving...

2
0

Sick of politicians robo-calling you? Bin your landline, says the FCC

Charles 9
Silver badge

Re: What about VOIP?

And what happens when the telemarketers use techniques to get around the blockers such as by using disguised numbers?

0
0
Charles 9
Silver badge

Re: I'm thankful I don't live in the US

You ever thought the callers are actually kinky enough to get off on their own drivel?

0
0

Patching a fragmented, Stagefrightened Android isn't easy

Charles 9
Silver badge

Re: What a shoddily designed OS.

"Meanwhile, Windows runs on millions if not billions of disparate configurations, and users can pretty much upgrade the day the new OS is released."

Those millions of PCs happen to run on standardized hardware pushed due to need to have a common clone design back in the 80's which grew from there. The phone market matured differently, with multiple highly-competitive firms delivering proprietary, often Trade-Secret- and Patent-protected all-in-one designs that ticked the major box of power efficiency. Such an ecosystem prevents a one-size-fits-all design and because Trade Secrets and Patents are involved (many of them being linchpins), not even Google could force the manufacturers to toe the line.

0
0
Charles 9
Silver badge

Re: A general problem

And if they sell direct to international customers over the Internet?

0
0
Charles 9
Silver badge

Re: Bright side

"Fit for Purpose" laws can trump contracts, even ones with "No Liability" clauses.

3
0
Charles 9
Silver badge

Re: "it needs to push carriers to push over-the-air updates promptly after fixes become available."

It's more than that because of the automatic negotiation and the fact they can tie it to your existing number: something IIRC SIP can't do.

0
0
Charles 9
Silver badge
Meh

And yet it was the only way to make inroads against the iPhone, since only a company like Apple (with its uniquely sirenesque appeal) could actually usurp the control from the carriers. Everyone else (Google included), the carriers could impose "take it or leave it" conditions. And if Google left it, they'd be conceding the phone market to Apple, which to them was unacceptable. So what do you do?

Besides, the core of Android (where the fault lies) is open-source, meaning anyone can make forks of it (like Amazon has done). Once someone rolls their own, it's basically out of your hands.

2
0
Charles 9
Silver badge

Re: A general problem

"You could make the phone suppliers responsible for any reasonable loses due to known but unpatched bugs for, say, 5 years after the product was last sold."

And how do you do that when the manufacturers are located in countries that simply don't care?

0
0
Charles 9
Silver badge

Hard to say. BB10 is supposed to have QNX under the hood which is normally hardened against exploits, but it's still manmade. About the only reason it and Sailfish don't make headlines are their abysmally-low takeup rates. Much like how MacOS and Linux usually didn't get as much attention by the hackers until recently.

1
0

Samsung says micro-sats could blanket the world with Internet

Charles 9
Silver badge

Re: Antenna gain

"It makes some sense for users in really sparse areas, but not for high density cities, etc, where putting in some fibre and a few mobile base stations operating at frequencies that penetrate building is going to work much better."

But what about a place like New York, which is already so built up that trying to add anything else, even fiber, is a project instead of an operation due to having to dig around so much (still-operational) crap AND is a concrete jungle so dense that trying to get even 700Mhz waves through is a crapshoot?

1
0
Charles 9
Silver badge

Re: Radio is so 20th century

Actually, you'd think what they want is masers (substitute light for microwave). Thing is, tight-beam communications on mobile bases suffer a huge drawback: the need for steering.

0
0

Cisco network kit warning: Watch out for malware in the firmware

Charles 9
Silver badge

Re: Holy *crap*

Actually, there's NO better way. It's like with the front door. If someone steals or copies your keys, you're screwed. As long as there are criteria for SOMEONE to get in, someone else can mimic that someone enough to pass the criteria also.

3
1

ICANN chairman loses mind over his domain-name privacy shakeup

Charles 9
Silver badge

Re: Another Option?

"Can the computer be programmed to follow some simple rules that mimic the ICANN processes? Can the software that the computer uses be perfectly open and verifiable at any time by any interested party?

Isn't it time we stop giving responsibility to humans that have naturally human foibles?"

Only one problem. Computers are programmed by humans (if not, you have a RotM scenario). They can sneak stuff behind the scenes and hide the secret code from prying eyes. Think the rogue compiler or rogue hardware scenario.

0
0
Charles 9
Silver badge

Re: You beat me to it

"...is there really much evidence that we could do worse than ICANN without actively working at it?"

Ever heard the phrase, "the worst thing there is with the exception of everything else"? There's a distinct chance, given the bureaucratically-charged power-grabbing atmosphere, that this is the least worst possibility on offer. Anything truly beneficial will never be backed, and anything that will be backed will be corrupt as Hell. So what's your choice?

5
0
Charles 9
Silver badge

Re: Another Option?

Unless the solution that appears is even worse. And to top it all off, if anything other than ICANN were to take over, the end result may be a fracturing of the Internet standards. After all, if the US loses control of the Internet standards, might there be a mad power grab in the vacuum left in its wake?

0
0

Apple and Google are KILLING KIDS with encryption, whine lawyers

Charles 9
Silver badge
Alert

Sense goes out the window when an existential threat looms. And as far as many people are concern, they ARE under existential threat...

0
0
Charles 9
Silver badge

Re: Munitions

Yes, but the restriction was lifted when foreign encryption standards outside of US control caught up, making the whole exercise meaningless.

2
0
Charles 9
Silver badge
Alert

You'd have thought they'd have banned them and box cutters already after 9/11. After all, there we have concrete proof of it being used to kill thousands of lives in a single day. Metal detectors, meet ceramic knives. Even with hardened cockpit doors, all that's needed is one slip during one of the pilot's snack or meal breaks and BOOM! the setup for 9/11 part two!

PS. And if that fails, there's always the dildo bomb (INSIDE a kinky woman; won't find it with anything short of a strip search) filled with homemade ANFO (like Oklahoma City). Good luck trying to stop a truly determined adversary from using things we need everyday to ruin civilization.

3
1
Charles 9
Silver badge
Childcatcher

Re: Whose Crime?

(Could only choose one icon; using this one in sarcasm; bear with me)

But the moment you invoke children and the future, then all bets are off, no holds are barred, no search is unreasonable. Which means the search is within the law. After all, without children, where will our country be in a few decades?

2
0

Random numbers aren't, says infosec boffin

Charles 9
Silver badge

Re: "Take my vehicle's radio"

"Actually, in practice FY needs space equivalent to the total size of the collection in quite a few cases unless you're happy with the increased cost of memoising the swaps and losing the O(1) property (that would be a total no-no in crypto apps where side channel attacks need considering)."

I was talking in terms of a simple music playlist, in which case the playlist is a separate array from the actual table of music files (stored separately), which makes sense if you want to customize the playback in other ways. With the Modern Fisher-Yates Shuffle, you alter the playlist in situ by going down the list in order (direction doesn't matter) and swapping each entry you come across with any of the ones after it. All you need is one placeholder to hold values during swapping, nothing else. And it's O(1) space, O(n) time, and uses no floating points, so it's something any processor capable of MP3 playback should be able to do.

1
0

Forums