3634 posts • joined 10 Jun 2009
Even if it appears to come from a colleague? That's the point behind spear phishing.
Re: And of course...
"I'm still puzzled about the allegedly disguised filename. The story is that the text is reversed so the scanner won't pick it up, but the display presents it in such a way that it reads normally. When you click on a link or a filename it doesn't matter what it looks like, the thing that is executed is whatever is in the text, and that's what the scanner will see too."
The example in the article is erroneous, but the idea is that the filename is written backwards, too. Think "txt.setoN gniteeM evituc.exE". This is actually a program (which could contain a zero-day privilege escalation rootkit or such), but if it's displayed in a RTL mode, the displayed name gets reversed and now appears to be "Exe.cutive Meeting Notes.txt", making it look like an innocuous text file. See where this is going? Combine this with spear phishing, and the whole thing could be believable enough to click to open.
Re: And of course...
But wouldn't that still raise a red flag since that ALSO means the text becomes right-aligned? The standard approach is to align e-mail and common text to the same side as the start of the text, is it not? Thus English starts on the left while Hebrew, Arabic, etc. start on the right.
I thought they already moved on to encrypted ZIP archives which can't be extracted by automation since the password to decrypt them is hidden carefully in the text of the message such that computers aren't likely to make it out correctly. Furthermore, encrypted ZIPs can't be blocked out of hand since they may actually be legitimate correspondence from a coworker (which makes a spear-fishing encrypted ZIP even more plausible).
Re: Take my money! Oh, you're too busy... @h4rm0ny
I may be wrong, but I believe the actual phones are kept in the back (every store I've been to the high-ticket items are kept under some kind of lock and key). You use the app to present to the desk, and they fetch it for you, then you leave with it. The desk would be able to verify the receipt is used once and once only.
Honest question for anyone who might know. How will this new iPhone handle WiFi Calling? AFAIK, the only major US cell provider that supports this is T-Mobile, and only on certain classes of Android phones (mostly higher-end models) and only with their rolling plans (prepaids can't use this or Visual Voicemail). Considering the text of the article, this may be specific to T-Mobile, too (which has had the infrastructure for years).
It'll be curious to see how far North Korea will go on this. As embassies, under the Vienna Convention, the people within are supposed to possess some latitude in regards to matters within their walls, but NK could also say their affairs are affecting things outside the walls and declare the people responsible for these "breaches" personae non gratae.
Re: Lowest-cost archive medium
Anyone interested in the consumer market has to get used to the idea that price matters. It's not so much "We don't want to pay for it" as "We can't pay for it." For the consumer, "You Get What You Pay For" only goes so far, especially with limited budgets and competing interests. That's why there's the concept of the "comfort zone" beyond which any attempt to woo the customer will fail to attract all but hardcore adherents. The demand curve for the consumer is necessarily low and shallow. If the tech is such that even the lowest end is too expensive, that means supply and demand can't meet, leaving an untapped market.
Re: Lowest-cost archive medium
I know isn't a consumer-level product. I'm just pointing out there is also a need for backup media on the consumer end, too (indeed, many would say it's underserved). Consumer drives have reached multi-terabyte levels, and people are filling them up. Optical discs are rapidly being left behind in that regard; not even the upcoming Archival Disc will back up a 1TB HD in one disc, and the next step down, BD-R, is way too small. And there hasn't been a single consumer tape improvement since Travan-40 (raw capacity smaller than a BD-R). Which means pretty much the only practical way to back up a hard drive full of data is with another hard drive. But the reliability of external hard drives can be inconsistent, raising the specter of a Failsafe Failure before a cycle change occurs (I just did one when I transferred out my hundreds of backup DV-R's to HDs, and that wasn't without sporadic losses of data). So pardon if I seem a little concerned about mid-term data retention on the consumer front.
Re: Lowest-cost archive medium
I would love to have even something of an LTO-6 level of capacity, but at consumer prices (which they're decidely NOT--an LTO-6 drive runs nearly $6,000). Having something that can several TB of things pretty safe for the mid-term, say around five to seven years, would be really nice for packrats such as myself. Right now, external hard drives remain the most affordable choice in the consumer market, but I still have to wonder about their reliability and data retention at these lengths of time.
"Not to mention that if you really want to "archive" something for a prolonged period of time and have it readable by future generations, you're still better off sticking to ink on paper."
Kind of hard to put a movie on pen and paper. Same for a selection of music (sheet music is basically musical source code--most people prefer finished products).
Re: OnePlus One
"Is it common to require headphones for FM radio? Anyway, with that caveat, it seems to be standard on Lumias."
It's pretty standard fare for any tiny FM radio to use the headphone wires as an antenna. It's down to physics. To pick up a good FM radio signal, you need an antenna of a decent length. Cell phones are simply too small to provide that length. Back before cell phones, portable radios needed an extendable antenna for the same reason.
Re: Slippery Slope to Much Higher Prices
How, when ABSOLUTELY NONE of the candidates who would actually do something about this are even on the ballot. Heck, many ballots are unchallenged.
Re: Identical twins are not identical
"Favourite fact regarding foetal alcohol syndrome: identical twins can be born with one suffering FAS and the other not. You'd have thought one womb would be as close to an identical environment as possible, but no..."
IINM FAS is epigenetic and so can be a crapshoot. Fingerprints are epigenetic, too, that's why fingerprints differ even among identical twins. There's a hypothesis that it's the same way with sexual orientation. Thus why some identical twins diverge in spite of identical genes and upbringing.
Begging one's pardon, but given the definition of "identical", one would think that monozygotic twins are physically indistinguishable from each other barring personal choices of hairstyle, makeup, etc. But if they wear their hair and makeup the same way, their faces should be nigh-impossible to tell apart. Otherwise, they're not identical, eh?
Re: Show me the hardware.
"Excuse my ignorance. Everybody keeps saying, referring to "FTTN" things like "it'll have to be ripped out to do FTTP". I would presume that the same fiber would have to get to the same node, irrespective of FFTN or FTTP."
The problem is that FTTP requires a completely different topology from FTTN, meaning most FTTN equipment can't be used in FTTP. If you use FTTP now, then in five or ten years time when more bandwidth is needed, it's MUCH easier (and less expensive) to build on an existing setup than it is tearing up the FTTN setup to replace it with a FTTP one. IOW, FTTP has a higher up-front cost but is more future-resistant.
Then recycling needs to be encouraged. Once it breaks (the internal electronics can be cushioned to reduce the chance of these breaking), they should be encouraged to call in and order a replacement for a reduced price. Maybe it can be done like some warranty jobs where the replacement comes in and you send the busted one back in the same box.
Re: All that safety...
It should be noted that some municipalities prohibit the use of earphones while on bicycles, on the understanding that auditory awareness is considered too important to compromise. As some have said, some people can't turn their heads that much without twisting their torso, which in turn means they unintentionally turn the handlebar. Meaning trying to look back can actually be dangerous. As for "hybrid cars", they're big enough that you can still hear the wind as they pass and the friction of the tires on the road, not to mention the whirring of the electric motor. I hear the same phenomenon in electric golf carts. They're not completely whisper-quiet ninja autos. Put it this way, you need as many senses as you can employ to be at your safest on a bike. You can't rely solely on sight (blind spots) or sound (drowning out).
"For divers, there are already dive computers to control depth, air pressure and ascent rates, normally worn on the wrist."
And they already make a helmet-mounted display for divers so the diver doesn't have to look down to be kept informed. In fact, they already make an HMD for firefighters, too (the C-Thru).
Re: As a motorbike rider...
So you're saying that a helmet display is more dangerous than taking one's eyes off the road to glance at the gauges on the bike? And it's not like it's new tech since helmet displays have been developed for military aviation as well. It's just a matter of developing a way to unobtrusively display useful information like speed, revs, and fuel.
There's ALWAYS proxies. Given encryption, there's no way to block an encapsulated forwarding packet (the "double envelope" as I call it). As far as the ISP knows, the proxy is the targeted "entity", after which it's out of its control.
Except last I checked, your average plastic cup is round. I've never seen one that was ellipsoid, probably because such cups are prone to collapsing on the narrow dimension. So, assuming the cup is round, either the cup is NOT pint-sized (such a cup in the standard shape would have to be at least four inches tall, and a Lego figure is only about two inches) or that's not a Lego figure on the right. Could be a Duplo figure, which are taller to account for the larger blocks.
Re: If I had a time machine...
As I recall, 3dfx barely missed the turn of the millennium when nVidia borged them, and the PCI Express standard didn't come out until 2004. That's a pretty lengthy interval for "as soon as". As you mentioned, 3dfx was too ambitious. They lost the plot. Not only did they misfire catering to the hardcore set, they lost the more mainstream buyers.
Though I should note that an external power hookup from the PSU developed independently of PCI Express. I actually own a broken ATI All-in-Wonder AGP card that took an external power feed, either from a floppy-style connector or from the connectors we now associate with PCI Express Power.
Re: If I had a time machine...
Except that it would only cover you for the New and Improved design. The old design would still be open season, and anyone you tried to sue can just wave the expired patent in your face.
Re: If I had a time machine...
As I recall, both sides sued each other. offsetting each other in a patent war. In the end, 3dfx bet on the wrong horse (please direct your attention to the Voodoo5, a card so ungainly it needed its own external power supply to work properly--plus the FANS). People went with ATI and nVidia for more practical reasons, which left 3dfx in the cold and eventually borged by nVidia.
Re: Whither Apple?
Samsung may produce the Exynos SoC, but both the CPU and GPU are actually licensed designs from ARM (that includes the Mali, the actual infringing component--it's not unique to Samsung as many ARM SoCs use it). Most of Samsung's tweaking concerning the Exynos is on the CPU end, which isn't being sued. So Samsung could still point fingers: this time at ARM, who made the original GPU design.
Re: Whither Apple?
So why hasn't Sony been sued? Or HTC? Or LG? Why was Samsung singled out? And what about Samsung's claim that it should be taken directly to the companies that make the infringing chips (Qualcomm, etc.)? Samsung are just using the chips like everyone else, after all.
The thing is that the article notes that the trend is more towards either offline attacks where gatekeeping is useless or with distributed attacks where the site is swarmed with a million attempts from a million IPs, each trying to crack a different user just once or twice. You can't filter by username because each individual user is only attempted once or twice, and you can't filter by IP because of the sheer number of IPs being used in the attack. It's basically indistinguishable from the legitimate use case of a million actual users actually logging in all at once.
The problem is that, unlike in other parts of the world, the USA has a ton of sparsely-populated area. That means running ANYTHING out to The Middle of Nowhere involves a ton of infrastructure costs, to the point there's the risk of a failure to return on investment. Therefore, ANY company that is interested in actually getting there won't do it without an exclusivity contract. It's basically Deal or No Deal.
IOW, if you prevent contracts of the sort, you run the risk of leaving small communities in the lurch.
Re: two parts will do
The TV part MUST be regulated because NBC Universal contains NBC, one of the three major broadcast networks. Being broadcast, it's subject to FCC regulation.
Re: Which begs the question
Besides, the NSA is part of the government itself. They're basically IMMUNE from paying fines because the government holds sovereign power: my government, my rules. And that Cosntitution? Ink on a page...
As for Verizon, they should've been forced to make their policy opt-IN.
Also, T-Mobile phones in the USA can take advantage of a WiFi Calling feature that doesn't require a femtocell or other special equipment to use: just a phone with their firmware. It "just works" and is one reason I stick with them.
FTR, Cox already has something of a mobile rollout. IIRC, they're a MVNO on the Sprint network, so buying into T-Mobile (which is GSM and not compatible with Sprint) would create a shakeup on that end. That may be why Cox is denying interest in Iliad at this time: there would be additional up-front costs for them.
Wouldn't Valve counter, like they do in the US, that the transactions are considered leases and not sales, and therefore not subject to consumer rights protections (refund guarantees in Australia, first sale in the US, etc.)?
Re: @Eugene Crosser
"Such countries are few and getting fewer. If all the stolen phones were only usable there, the supply in those countries would balloon to the point where even the high end phones would become worthless, and thus not worth the risk of stealing in other countries."
Unless that country's phone market is skewed enough (as in the prices are too high and/or supplies too low) that a black market is allowed to thrive there. Turns out that's the case in a lot of southeast Asia. Knick a good phone, fence it overseas, and you stand a good chance of turning something, even if you sell it for cheap. These are also countries where their blacklists are less likely to be up to date (or maybe not even honored because their attitudes toward the West are frosty).
Re: Cars Too
You can use a program (like Torque for Android) together with an ODB-II adapter to read, interpret, and clear fault codes.
Re: Closed source...
It's a cardinal rule of business. You're not a business if you're not making money. If they don't get you one way they'll get you another way.
Take printers. You can either have an expensive printer with decently-priced supplies or a cheap printer with expensive supplies. If you try to find a cheap printer AND cheap supplies, you'll find it won't last long.
High-quality, inexpensive, long-lasting — Pick any TWO.
Re: So that's the end of RAIDs then
Nice advertisement for ZFS...except for one thing. It's NOT platform agnostic. Otherwise, it would work natively in Windows.
"An OpenZFS port of code to Windows is not likely in the foreseeable future. The OpenZFS launch discussion on Slashdot touches upon some of the issues."
The closest solution to this is to use another machine and network the drive. zfs-win only mounts the drive read-only. Oh, and I also read that its more robust data-protection features are memory-intensive.
In any event, I'm thinking of the more likely event of gradual deterioration (a sudden catastrophic drive failure is basically game over for anything short of paranoid redundancy, which is not usually the desired setup for a consumer). PAR files combined with strategic physical file allocation (arrange the physical files ext-style, shotgun-like) should increase the odds of a recovery in this scenario.
Re: i Wussed out on Offsite Storage,
Ever considered using the cloud but encrypting your IP beforehand? If you don't trust even self-encrypted content in the cloud, then you're basically in DTA mode, in which case your offline storage is no safer.
Re: Now you can lose 8TB of data in one shot instead of just 4!
For Flash to be viable as a consumer backup medium, it has to beat SATA and USB, carrying slow but large spinning rust. Right now it's 4TB for $150. How close is Flash to this, and what's its longevity, both in terms of write cycles and in terms of offline shelf life (I keep hearing of flash bit rot)?
Re: Nobody has yet asked the important question
15GB per HD movie? That's generous. HD net videos shouldn't do more than 2GB per on the top end (BD 1080p rips of 1GB/hr are considered generous, most are half that). And all the retro stuff can be crunched down even further due to the reduced resolution: say 10MB/min or about 600-800MB per. Meanwhile, all the PornTube stuff is even smaller: say 100MB for a decent size/quality clip. That could shrink the whole estimate back to the low end of the PB scale.
No, because this is more along the lines of cameras with no blind spots or "Police officers may be posing as employees." The traps are getting to the point that an outside is hard pressed to tell if it's a trap or not until you're beyond the point of no return, as with a bomb that's impossible to defuse (and it IS entirely possible to make a bomb with a one-way arming mechanism--think sacrificial braces or glass bulbs). Just because you know the trap's there doesn't mean there's much you can do about it.
Re: just sayin
Trouble with that idea is that intruders are like roaches and mice. They can usually slip under your notice until it's too late, staying under the radar and in the places no one bothers to look because bothering to look everywhere takes too much time and money and they'll just slip in after you leave. That's why we use roach bait and mouse traps...and honeypots in this case. If you can't find them, make them come to you.
A Turing Test for Honeypots?
So basically, creating a server that looks so much like a legit server that a hacker can't tell the difference between it and a real server?
Why do I keep thinking the Turing Test for some reason?
PS. I know it's not an exact analogue, but the basic idea is the same: a simulation of a real server that can't be distinguished from the real thing, only in this case used intentionally as a bait. Sort of like creating a highly-convincing drug dealer persona for a police sting.
Re: Is it just me…
Plus in the US, credit cards typically come with theft insurance standard (Visa frequently advertises this aspect on TV). If a card is ID'd to have been stolen, the issuer can usually flag any suspicious transactions, ring you up, send a new card, and you're not on the hook for the oddball. This is especially true for cheap transactions, where it's just cheaper for the credit card company to eat the occasional small costs rather than waste money in legal battles.
"A command economy doesn't need to account for left hand screws being different in different towns. That way lies madness. Instead a command economy says THIS is the screw for the people."
And then you hit the brick wall of reality: that one size DOES NOT fit all. Inevitably, you get complaints of a physical nature, such that "Live with it!" is answered with, "Why don't YOU come and try this?!" Dictating square pegs doesn't work when life gives you round holes.
Re: @ TedF
"That assumes no capitalism and probably more of a corrupt socialist paradise. Capitalism works due to a flow of money which requires people to spend. To spend there must be an income which capitalism dictates to be earned."
But when Capitalism reaches the end-stage, the ones who have it all don't NEED to hire out. They'll have everything they need ON HAND. You're talking about catering "For the Man who has Everything" (and I DO mean Everything). And if labor is required, they can either use a robot or just convince someone to do it for a crust of bread (or something else so ephemeral that it's gone before he even leaves).
"And it all boils down to one question: who decides? Does a government bureaucrat decide what is best for you are do you decide?"
But in most cases, it's NEITHER. Usually, you can only decide if you're PROVIDING. Otherwise, you don't have much say. If it's not the government dictating terms, then it's a private provider. And one of the goals of the provider is to remove your ability to choose so that you can't just "walk away". Think of the situation of a town with only one well. Because it's so valuable, SOMEONE'S always going to make a move on it AND will have the means to keep out everyone else. Who would you rather have in control of the well? Public or private interests?
Re: A reasonable compromise for socialists...
Utilities as I recall trend naturally toward monopolies because of the necessary evil of infrastructure. Allowing the market to compete here would mean multiples of pipelines, power rigs, and so on, which are considered eyesores. Not to mention for each redundant infrastructure, you reduce the RoI on each set, so the money stops adding up.
There's also the matter of medicine: an industry for which people don't always want money to be the determining factor. Plus certain medical circumstances prevent flexibility, meaning the market can become predatory.
So in other words "census" is self-plural, like "species"?
Re: The internet
Perhaps, but it was the state who gave the Internet the initial jumpstart with ARPAnet, much like modern space technology was pretty much jumpstarted by the state-run "space race". There are some places the market falters, and one of them is in what I'd like to call "industria incognita": novel industries where there is no prior data on which to draw possibilities. Basically, the market hates to take leaps of faith, and it's only by people willing to gamble or with the resources to safely take a change or two (like states) that we get any data on them at all.
As for efficiencies, perhaps there's another way to look at business strategies: forward planning. For example, does a business always strive for the immediate gain (what I'm seeing a lot today due to investor/voter pressure) or is a business willing to take a hit now (commit a "necessary evil") to secure revenue down the road? I suspect this latter is one big weakness of any elected government because it implies doing something necessary but unpopular such as raising taxes or cutting fundings to beneficial projects. Thus you see hemming, hawing, and can kicking because no one wants the blame for it. I recall that's at least one reason why Machiavelli favored an autocracy. Not saying he had it all right but rather he had a point.
- +Comment Anti-Facebook Ello: Here's why we're still in beta. SPAMGASM!
- Vid+Pics Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
- Analysis Windows 10: One for the suits, right Microsoft? Or so one THOUGHT
- Xbox hackers snared US ARMY APACHE GUNSHIP ware - Feds
- George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests