1080 posts • joined 12 Jun 2009
Sounds like the plot of many monster movies...
Take a rich biological environment, subject it to unusually high levels of radiation for an extended time.
Enter the naive honeymoon couple.
What could possibly go wrong?
Re: because the windows were left open
Note: WINDOWS BURGLAR SECURE is an option extra for AUTOMATIC HOME WINDOWS. The company is not responsible for unauthorised ingress or complete trashing of your home.
Confused by endless conflicting configuration screens? Get our ULTIMATE SECURE CONFIGURATOR and say goodbye to gaping security holes because of stupid configuration errors.
You know, there might be an endless market here...
The "personnel on station" are the end users. These are devices for home use, "tell your home to prepare as you drive, and it's comfortable, your favourite music is playing, and you meal is ready when you arrive". The only way these will get secured is if the manufacturers build in security as the default.
I suspect that the novelty of arriving home to a cacophony of pets disturbed by the sudden music who have eaten the toast again and an enormous electricity bill because the windows were left open will quickly wear off, but by then the devices manufacturers will have made their profit, and the devices will still be vulnerable when you are not using the features.
Re: More critical reading is needed
@Kevin - did you talk to the network contacts in Chinese and Korean? Have you junked any Chinese or Korean spam? That might have been your reply.
How old was Hagrid?
Hagrid claimed to have raised Fluffy from a pup, so Fluffy can't be an alias of Cerberus. Probably a relative.
I should get out more.
I like the idea of naming an astronomical body Kerberos. Fluffy should be reserved for a warm body that you can cuddle (as long as the music is playing).
Re: I don't mind being compared by age...
@dcluley, it might have "worked as intended", but that is not the same as being a well-designed, secure system. Could a criminal set up a direct debit to a front company just using the same details? Could a criminal set up direct debits to a charity, then take the money from the charity because it is poorly administered (concentrating on its intended purpose)? How difficult is it to reclaim an "incorrect" payment? Do the banks care that their weak system allows their customers to be robbed?
You've got it wrong...
It's a laser pointer to attract the giant, interstellar cat to deal with the problem.
Re: <rant>An unused /24?!
Definitely, the internet needs a "<rant>" tag! I <rant>NEED</rant> a "<rant>" tag.
Incidentally, is there a style guide that specifies how to pluralise /29 while shouting?
<rant>An unused /24?!
DOESN'T THIS RYAN WERBER KNOW THERE ARE DEPRIVED PEOPLE WHO NEED THAT /24? A /24 CAN PROVIDE 254 CHINESE PEASANTS WITH A VITAL CONNECTION TO POLITICALLY ACCEPTABLE PARTS OF THE WORLD, OR IT CAN BE SPLIT INTO /29s AND PROVIDE VALUABLE BUSINESS OPPORTUNITIES TO THIRTY TWO SMALL/MEDIUM ENTERPRISES STRUGGLING TO SEND OUT LOTTERY WIN NOTIFICATIONS AND LINKS TO FAKE BANK WEBSITES</rant>... oh, forget it...
Backups and bank cards...
Hopefully, all the banks will have changed to chip-and-pin before this is deployed.
The popularity of tape for transfers to off-site backup might suffer.
a martian emailing NASA, "thanks for finding my keys"
it shows that people who oppose gay marriage are more likely to lie about their porn usage?
But how much...
do you have to pledge for the right to aim it at the planet of your choice?
Re: "...paramecium the size of a grain of rice"
Not very rice-shaped, the rice I eat doesn't have an oral groove. A 4mm paramecium is the the stuff of nightmares.
With a little more work...
they might prove the whole media and web 2.0 phenomenon is not only unintelligent but not the result of any living agent1. Something that has been suspected, but not proved.
(1) Including this post. I'm going, but there's no evidence I'll need that coat.
I'm in Aberdeen, and I usually get 24Mbps or higher... up to 51Mbps occasionally, and some round here have a Gigabit connection, which might skew the statistics. That's Aberdeen, Hong Kong, in case you're wondering. Did they check more than the town's name when they took the measurements?
Half man, half kangeroo?
"jump naked onto a Florida couple's roof" - or, as the later part of the article clarifies, he jumped off the roof... onto Mr. Land. Perhaps he thought that was a functional description, not a name?
No cognitive dissonance, the geological-timescale Carbon cycle is often mentioned, e.g. in @Kubla Cant's dragonfly comment above. However, I would suggest large, aerial carnivores would be a concern to parents of small children and pet-owners.
Re: ...firewall off port 22 completely.
Henry, Michael's remark is a good example of why, although /24 is "factually correct" and "shorter than Class C", it is less informative to people who are unfamiliar with networking jargon.
You are correct, but failing to communicate.
You store your lizard-based blueprints for your galactic-domination army on a convenient planet, but when you come back in 65 million years you find:
Why is there a mammoth carcass in the storeroom?
Don't worry, it's just the archive storage, I'll need your help tomorrow when we make a copy and take it off-site.
Bring a warm coat, and a map of the tundra.
@FartingHippo - I'd agree with your counter-arguments, but I was talking about a laptop in the real world. Password strength isn't mandatory, it's at the discretion of the owner, who has just been told by the salesperson how fantastic the fingerprint scanning is. Vein scanners might be better, how many have you seen on laptops?
You're thankful that bolt-cutters would be the only realistic alternative for a crook? What do you keep on your laptop! I think passwords offer more flexibility against this level of attack. You can choose your level of resistance, based on the value of the protected data, and your assessment of the attacker... you can give up the password at any stage from "calling you rude names" to "here come the bolt-cutters" or beyond. As an additional advantage, you get to avoid the punishment by giving in. With a fingerprint scanner, the crook's fastest, easiest option is the bolt-cutters, so you loose the finger AND the data.
Sorry, that's getting away from the real world again. For most laptop buyers, a fingerprint scanner is a convenience for people who forget their password a lot, is likely to be used with a weak password backup, and a crook will either be stealing it for the hardware value, or will take the disc out to access the data direct because there's no full disc encryption.
So, a laptop with a fingerprint scanner is less secure than one with just a password. The attacher can choose which method to attack, there is no protection from a poor password AND there is the opportunity to try a gummy finger cast or other false fingerprint method.
Making biometrics mandatory for all forms of password submission would be so bad. Don't get me wrong, biometrics is a useful form of authentication when used correctly. I've got an ID card with my thumbprint stored, and I can leave the country through an automatic gate by presenting it and my thumb. Very convenient. However, the gate is at a manned checkpoint. Someone with a fake thumb, or who tries to take the gate apart will be caught. Most places we use passwords do not have that sort of protection, so you cannot trust that the biometric reader is reporting correctly. For website authentication, the website owner doesn't even own the reader, so there is no control. BYOD is making the same true for office computing.
Salting and stronger hashes only protect users who choose strong passwords, starting an arms race is only marginally effective when so many users choose "password1" or "secret"
We need to move to PKI, then there is no problem with using the same certificate for multiple websites (or whatever) because the private key is never disclosed.
Re: if you want to lose weight
I think it was H G Wells, and he wore a lead belt and other weighty accessories to appear normal.
Re: Space is big.
So he has returned to his original profession, though apparently not his partnership with Hotblack.
I think my kids will begin lobbying for emigration to Sweden.
Never heard of a Faraday Bag?
The one with the mesh-lined pockets, please.
"Hang on, I thought we were first?" Re: How old is the star?
@toof4st - that sounds like the abandoned first draft of 2001 - A Space Odyssey . An ancient, mysterious technological artefact is found on the moon, it does nothing when discovered because it was created by an entirely extinct species, and nothing happens for the remainder of the film (in the book, an insane AI deletes all the research papers based on the artefact, because of a numeric overflow in the dates).
Re: How old is the star?
"would have left an indelible mark somewhere" - really? The chances of an individual becoming fossilised are generally pretty small, and the same would be true of most of our technology. That iron oxide stain next to your newly discovered velociraptor fossil? Maybe it was driving a car. Maybe a large building could survive, but the Lighthouse of Alexandria didn't, and the Pyramids are looking a bit tatty after only a few thousand years. You could easily miss them if you're not looking in the right place.
Isn't Cthulhu a Monsanto product?
Re: Free as in "complimentary for paying customers"
I'd get you a pint, but I don't know who to give it to, your details are false...
Re: Oddly enough...
How private is a Twitter direct message? I don't think I'd want to rely on it for any communication I seriously needed to stay private. Unless it is end-to-end encrypted, it's like sending a postcard - probably no-one will bother to look.
Sorry, I should have added a "Joke Alert" to my second paragraph.
Who says the van is arriving from China? I'm sure Bradley Manning can explain how transferring documents, even in a private message, can get you into trouble in many places.
OK, that's a big jump, from a private tweet to loads of secret documents, but I think there is a continuous range. Whenever people do things online, they must consider the wider consequences, whether that is not getting a job interview because of student party photos, or getting arrested for treason, or finding disturbing "targeted advertising" appearing. When you post a private message in twitter, you are trusting that they actually follow their own privacy rules; they don't screw up; the company that buys them in 10 years doesn't decide to misuse the data; and so on...
Society depends on trust. The internet is changing trust in non-obvious ways. People need to be aware of that.
Re: Oddly enough...
Why would anyone worry about being monitored while micro-blogging? It's a public forum where you EXPECT people to listen to you! Next you'll be saying intelligence agencies shouldn't buy newspapers.
Though it'd be nice if they would actually be open about doing it... great for one-upping your friends, "I'm being followed by MOSSAD", "So what, I'm being followed by FSB and CIA".
There's a big difference between monitoring a public forum and the, sometimes related, arrival of an unmarked van in the middle of the night to take you on an unexpected holiday at a re-education camp (though China might be getting rid of re-education camps this year).
OK, the power cable might be a bit limiting, but plenty of scope for in-the-heat-of the-moment manslaughter, or meticulously pre-planned homicide.
Also an open invitation to Darwin awards for anyone close enough ("it really warms you up if you stand here").
Now, who do you buy network monitoring gear from? qui custodit custodes
But, overall I think they'll have a hard time finding a supplier that isn't owned by and doesn't employ citizens from all countries they might have a bit of a disagreement with during the lifetime of the kit.
If they are going to be properly paranoid, they should keep quiet about their suspicions, buy the kit, reverse engineer it, find the backdoors and use them for feeding disinformation.
Re: A question to hackers or security people
"Full control" means administrator-level access, so, yes, they could launch an RDP session if they wanted to. I recall the old Back Orifice party trick... you could remotely eject the CD tray, great for awareness raising, not much use for a criminal.
Typically, an attacker would try to be unobtrusive, and would install something to further their ultimate purpose. If the attack can be automated, then it will be used in drive-by attacks to install botnet software for later sale as DoS or spamming zombies; if the attack is more involved, then maybe used in targeted attacks on high-value victims for installing keyloggers; or capturing webcam images for extortion; the possibilities are endless.
Is anyone else thinking this might be an inside job? Fraudsters pay off employee, who either has another job lined up, or plans to let a colleague take the fall. The alternative is that fraudsters are routinely checking the certificates on every SSL website in the hope that one day a CA will make this serious blunder and they will be able to find a way to steal the key from the cert holder. Sure, they can automate the search, but why wait for a blunder when you can pay for one?
Secondly, are the fraudsters now kicking themselves for issuing a fake "*.google.com" cert? They could have kept themselves busy and well-funded on dozens of low-profile domain certs, maybe some obscure badly-run banks, but they got greedy and went for the big one.
Re: "...damped by gravity..." ???
I don't know...
but it occurs to me that a string in gravity will always have a slight distortion downwards, so the forces on different parts of the string will be different. The ends will be under higher tension than the middle, because they are supporting the weight of the middle, changing how the string propagates the wave.
Take a skipping rope - held slack, it is difficult to get a (low frequency) wave from one end to the other. Pull it taught, and it can be plucked. Now, imagine a slack skipping rope extended until the tension at the ends from the weight is the same as the original taught skipping rope (yes, this is a very long rope). You can pluck one end, and the wave will propagate until it approaches the middle, where the tension is insufficient. The guitar string is a much less pronounced example of this effect.
To put it another way, the difference in tension is an impedance difference to the wave, and causes attenuation in the string affected by gravity.
Uh - does that sound right? Can I have this icon with a question-mark, meaning technical, and quite possibly bovine excrement?
I've gone all nostalgic
It all comes back to me, the darkened sitting room, the awkward erection of the screen, fiddling with the projector, the focus all wrong... corrected. The satisfying clicks as the changer inserts each new slide on the click of the remote control (well.. the control on a 6 foot grey cable), the frustration of the big carousel jamming.
The joys of youth. Yes, the specs are rose-tinted.
Full disclosure: I sell anti-virus software and do a little research on viruses and related security areas.
I was surprised at the small sample set Imperva used - just 82 samples, collected from honey pots, google and hacker forums. Can this really reflect on effectiveness against the millions of malware samples known to exist?
In comparison, AV-Test uses two test sets in its Protection tests:
* All malicious files they discovered in the last 6 - 8 weeks: around 100,000 – 150,000 files.
* Extremely widespread malicious files they discovered in the last 6 – 8 weeks: around 2,000 – 2,500 files.
Looking at the full study, there is another surprise - Imperva do not do their own testing, they threw the samples at VirusTotal. VirusTotal is a useful website, but they are quite explicit that it is unsuitable for product testing. Imperva takes the short form of VirusTotal's advice, "not designed as a tool to perform antivirus comparative analyses", and counter it in their 'Limitations' section saying that they are not doing a comparison. They ignore the longer advice, that details why VirusTotal is unsuitable for both comparative and effectiveness testing.
Anti-virus testing is notoriously difficult, and competent researchers put a lot of work into making sure they use methodologies that will produce relevant, reliable results. Did Imperva?
Re: Obligatory XKCD cartoon...
I hope you realise that there's a badly-written "u", it should read, "Someone is wrung on the internet". It's a protest against unnecessary networking of laundries.
I'm waiting for the black LED
Black is cool, black is the future. "Every time I press this black button on a black background, a black light lights up black to tell me I've done it!" (Thanks, Douglas)
Possibly recovered - if you happen to know someone who enjoyed doing those really large jigsaw puzzles, with names like "The World's Largest Jigsaw Puzzle" where all the pieces look the same. A moderately large, moderately fragmented disc with the File Table missing would be an excellent Christmas present for them.
Personally, I'd recommend imaging the disc and restoring from backup...
Only 25 years?
I'll swear I once saw a module in CPAN called Universe, the new method took arguments c, G, h, ε0, e and a boolean value for evolution. There was a warning that memory requirements often grew quickly.
Re: Seems overcomplicated
So Wile E Coyote has a very low spring constant?
It has a "resemblance to the river Nile"? Sure, but if they turn the photo 90° clockwise, it's the spitting image of the Amazon.
But the gravity version is more portable than the spring version. You don't have to carry the weight around, you fill up the bag with soil, gravel, shrapnel or whatever else is around when you use it. The two are both useful in different circumstances.
The choice is...
running round like a blue-arsed fly, fielding calls from your users and trying to get answers from your outsourcer about what happened and when it will be fixed
running round like a blue-arsed fly, fielding calls from your users and trying to identify what died and fix it.
Re: All we need are some inbred cannibals living at down that road and we've got a B-movie!
What a coincidence, so am I. If you come to these coordinates, I'm sure you can make a contribution. The cast tells me they are looking forward to having you for dinner.
You didn't start on the 4040, like me? To be fair, mine was a plastic DIP package, but the IO chip was ceramic.
I never tried running a *nix on it, and, IIRC, Linux never supported the 286 or earlier.
I only switched off my last 386SX in 2010, though that was running DOS.
- Analysis Windows 10: One for the suits, right Microsoft? Or so one THOUGHT
- Vid+Pics Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
- Xbox hackers snared US ARMY APACHE GUNSHIP ware - Feds
- You dirty RAT! Hong Kong protesters infected by iOS, Android spyware
- Ice, ice maybe: Evidence of 'Grand Canyon' glacier FOUND ON MARS