909 posts • joined 19 Jun 2009
It's hard to believe that the flaw was actively exploited for a year without the credit card companies noticing. Chances are that any discovery and exploitation is quite recent.
Publish and be Damned
The Duke of Wellington had the right attitude, chances are the NSA has all the details too so it's only a matter of time before the news leaks out. It's time that we, as a society, stopped allowing ourselves to be held to ransom by every snotty nosed b-steward that wanders along.
We are being held to ransom by our own fears.
Re: [A}n organisation that takes mugshots plus fingerprints
In the US that would be every Federal, state, or local government agency, every bank, every hospital, and a great many others. Also included would be military dependents and, at their option, military and civilian retirees.
And their wives, boyfriends, and tennis partners.
I always like the argument against raising the minimum wage "because it will force employers to fire people" - just think how many more CEO's we could have if they all took a pay cut. It's people like Larry that are causing the current unemployment crisis in upper management.
If you want to know what God thinks of money, just look at the people he gives it to.
You had to be there at the time - encryption was considered "munitions" and it's export and sale were tightly controlled.
BWI could use this
I used to live in Fort Meade, near the Baltimore Washington International airport (code BWI) in the USA (no, I don't work for the NSA) and luggage and freight was forever being lost and ending up in the British West Indies.
And we're surprised?
I've thought that SSL was vulnerable for a while and mentioned this some time ago. Now it's time to fix it ... but almost any encryption is vulnerable if you throw enough resources at it.
But while we're all panicking - it's worth noting that a hell of a lot of servers are not vulnerable but nobody's discussing that.
Re: "and setup a small pfsense box"
This patch is being tested at the moment and should be available within a couple of days ... and your commercial router will be update when?
Re: For sufficiently small values of "wide"
I'd hazard a guess that 90% of the people ranting about how terrible COBOL is have never actually used it to write any functional program.
Re: COBOL and Reverse Polish notation (not really!)
LOL - Try doing that in C++
What did they expect? It's the "cloud" and sometimes, sure as eggs is eggs, it's going to go down - same as storing it locally except that this time you get to blame someone else. So instead of the sysadmin getting a bollocking and working 24/7 to get the array back up again, your sysadmin is down the pub having a beer and "checking the remote access" ...
You know, I could like this "Cloud" thing after all ...
Re: Cannot believe it!
I'm not seeing it work at all - @ is found once on the page:
// controlIds to be flushed explicitly, set from @jsControlFlush
I think it's pretty clear that conventional encryption methods don't work against this level of capability. We need to throw out the conventional encryption toolkit and build a new one.
You call that decompiling?
Decompile an operating system (and document with comments) and then I'll talk to you.
Re: at best...
Check your Terms and conditions, it's very likely that there's some wording in there that allows Juniper to walk away from this ...
It's the way business works these days, you are a customer. you are to be plucked, diced and quartered and boiled up with some vegetables to make a nice soup stock. So get over your self importance and jump in the pot.
Lysergic acid diethylamide
At the recommended dosage/dilution levels I think this would be a good advertisement for the homeopathic method. It's always worked for me.
Absolutely - I believe that the "age" was 16 when I was a kid back in the 60's and I can assure you that underage sex was really quite fun ... of course we didn't really know how to do what we were doing in all the enjoyable ways that I figured out later on in life but at least we made an effort.
Sex Ex for my generation was simply passed on in the Biology Class with the teacher ending the class with, "And you'll be sad to hear that there will be no homework tonight"
But I solved it by throwing out my last HP printer from home (there is one left at work and when it dies it will not be replaced by HP) and taking the pledge never to buy another printer from HP.
Re: Worn out his welcome in New Zealand, has he?
Maybe, I can't say that he's a very likable guy but that's not the point. The USA is charging him with some nice big fat "crimes" mostly because he pissed off the movie industry by offering a service that is theoretically protected by the exclusions in the Digital Millennium Copyright Act. So now the world gets to see how Justice works in America ... but Kim's relatively wealthy so he can afford a better class of Justice ... this will be interesting.
"Why do *I* have to go to jail to protect *your* freedom? - Larry Flynt.
Let's bill God ...
"Specifically, he wants networks to provide content at a set price without charging any extras of either the supplier of the consumer."
So just who does supply the consumer?
But seriously, typos aside, what you see here is the American AT&T cell phone mindset being applied to their Internet service - AT&T feels like it's entitled to charge customers for providing a service, charge them again when they use the service, and finally charge them again when someone else uses the service to communicate with them.
NB. In the US most phone contracts charge for minutes used, whether incoming or outgoing unless you purchase the more expensive "unlimited" calling plan.
Re: Land of the free...
I suspect that the United States Constitution may have been secretly amended to permit this snooping - of course, we the people would not have the security clearance or the need to know about this amendment.
So that's alright then.
Re: Daddy, what is XP?
I know the problem, I have an entire accounting system written in COBOL ... oh wait - it's still working.
To mis-quote Frank Zappa
"You can't be a real company unless you have a CEO and a patent. It helps if you have some kind of a business plan, or an actual product, but at the very least you need a patent."
Diversify away from search?
Smart move - because the Google search results have been crap for months now - once upon a time you could enter a few words and almost always find what you were looking for but these days you get served something that more closely resembles my dogs dinner ... after he deposits it on the carpet.
History is on Bitcoins side
The US dollar has a history far worse than Bitcoin with dollar notes issued by the individual states originally and values fluctuating wildly - it was the backing of the Federal Government that stabilized the currency and made it "safe".
Bitcoin is not really that much different that trading with small bits of carbon with strong atomic covalent bonding - we assign a value and trade based upon a mutually agreed value. Although a diamond does look prettier than a Bitcoin.
Tax deductable loss anyone?
This could be interesting - Dear Tax man, I lost (pick a number) of Bitcoins worth $MONEY$ so can I claim this as a tax loss against my income for the next few years?
For some reason I thought MWC was "Married With Children" - I must be spending too much time on Craig's List.
Re: useful for the ladies, perhaps
Sure they will - and the cops will arrest them if they see them. Of course, all the judges are either out of town or in the parades so anyone arrested during Mardi Gras will be in jail for a few days until the judges get back to business.
Re: If you've ever been
I have been to New Orleans for Mardi Gras many times and I've often been happy to pay the going rate (anywhere from a couple of dollars upward) to use a clean bathroom - many hotels and restaurants with a bathroom close to the entrance charge a fee to visit and for the most part it's well worth paying ... this morning I'll be paying it simply to get my hands under some warm water I suspect - the weather report is for freezing rain and sleet but the parades will roll anyway.
Today in Louisiana it's Mardi Gras - for the rest of you poor bastards it's just Tuesday. This is a major reason that I live here.
What's the cost benefit?
There's always going to be some snooping going on, I can accept that - I don't like it, but I understand the rational for it and politicians being the weak-kneed bastards that they are, it's inevitable.
But what doesn't make any sense is the secrecy - if the aim is to prevent terrorists and pediatricians ^H^H^H^H^H^H^H^H^H^H pedophiles from injuring our society then why keep it secret? Wouldn't we all be safer if they knew that they would be caught if they tried anything? With the current scenario, what cost it cost to catch anyone in the categories that they are looking for?
Dr. Strangelove: Of course, the whole point of a Doomsday Machine is lost, if you *keep* it a *secret*! Why didn't you tell the world, EH?
You can't defeat terrorists by blowing up terrorists, that just creates more terrorists - you defeat terrorists by dealing with the root causes of terrorism. And pedophiles et al wouldn't exist if our society was more open to sexually positive experiences.
How is this different?
This sounds exactly like the experience that I have calling AT&T about my phone account in the US.
Re: Lawmakers huh?
Here in Louisiana they put a law on the books some years ago banning posting to Facebook while driving ... they recently had to amend it after a number of prosecution case failed because the drivers showed that they were posting to Tumblr and Twitter, not Facebook.
"If you've got half a mind to run for Public Office, that's all you need" - David Frost.
... they still have no idea how Gareth Williams died ...
It's the math
Cheaper to Insure than Secure + Cheaper to under-staff than maintain staffing levels = management bonus.
Re: dum di-di dum dum
"Ok, so apparently we have 750k btc deposited. Do we actually own those bitcoins, and where are they?"
That question depends on the accountants - and accountants are notorious for not asking questions that might embarrass the person paying them.
Never attribute to Malice anything that can be accomplished by Stupidity.
Come on, we've all looked at code for days and not seen the problem, only to awaken in the middle of the night and realise that the problem is simply that we're always checking for a>b and never a=b or some similar malfunction (sic).
Re: Actually, yes it can be "Stolen".
Really? I woke up this morning and, after commenting in El Reg last night, I found that my identity had been stolen. I have no name, I don't know who I am and I'm sleeping on a park bench and my head hurts ...
Now, about those fifteen Pan Galactic Gargle Blasters that I drank last night ... I have no memory of them either because my identity has been stolen ... maybe I'll get my identity back when I sober up?
"300,000 SSNs swiped "
Nope - the SSN's have not been stolen - I still have mine.
Identity can not be stolen, merely forged or copied. The solution to this problem is not to penalize the "victims" of this data copying but instead to make the banks and other organizations liable when they either hand out the data entrusted to them or sell services/make loans based of the information and then blame the "victim" - Identity Theft is a scam perpetrated the Banks to avoid admitting that they gave away money/goods without bothering to check.
Please offer to service my town.
You don't actually have to do it (we're a little cow town in Louisiana) but the mere threat of competitive high speed internet (that is anything over 2mb) will make both COX and AT&T improve their service.
"My father was a nun" - Baldrick
Where's the IT angle?
Oh wait, the PHB just walked past my office ...
Alternatives are available
Personally I like a dab of Talisker behind the ears.
Of course your phone app is secure
ROTFLMAO - I wouldn't trust my Bank to code its way out of a paper bag - particularly if the bag was stuffed with my money. If you read the Terms and Conditions with any of these apps then somewhere in there you'll find that you are assuming all the risk of using the app and the Bank is not liable.
Wait for the next batch of numbers
These numbers are only the numbers that they are permitted to release and only purportedly cover "official" requests, meanwhile everything is being sucked into the NSA/GCHQ vacuum cleaners for "analysis" - no, we're not collecting anything, we're just analyzing it.
You're missing the point lads.
Ignore the patent - the fact that they think it's a patentable business method tells you quite a lot about how the Amazon site and databases works behind the scenes. When you go to Amazon and start searching or browsing for a product category they probably have a better idea of what you'll eventually purchase than you do when you log in.
Re: Made little sense to begin with
That's a good point and time will show who's right.
I think the web is slowly souring on the idea of hanging on the coat-tails of one vendor to the exclusion of all others - sure Verizon's big in some places but other than wireless access ($$$) its' relatively unmetered direct fiber access is limited. In general people subscribe to content first and the method of delivery comes second.
Made little sense to begin with
I think Intel had no real idea what to do with OnCue from the beginning - if they could make it a "standard" then it could have had some running room but that was never really on the table. The real kudos must go to Intel for actually being able to flog this thing anyway ... Verizon just bought a dog, the only question now is how long it will be before they take it out and shoot it.
We the sheepeople...
That was predictable - while Obama is reviled by the Republicans as "left-wing" the truth is that he's politically about as right-wing as Maggie Thatcher in real terms and is a member of the establishment majority. He is a politician which means he doesn't care about anyone unless he need their vote - and having voted for him, we have no further purpose.
I don't see the current level of surveillance changing for the better in the future unless we the people change our behavior - we need to live our lives knowing that we are always in the spotlight. Use cash, not credit, firewall everything (not using commercial firewalls - they are compromised), abandon the cloud and cease using any service that stored data in the US or its minions. Build EMF shielded houses and offices where all cell-phone service is lost when you walk in the front door and isolate the AC power because before Edward Snowden there was Echelon, and before that we had Tempest - these programs didn't go away. Only we we change our behavior will anything change.
But the chances of this happening are vanishingly small. The function of the President is not to wield power but to distract attention from those who do wield power - and to point out, when questioned, that the book has "Don't Panic" on the cover. Move on folks, there's nothing to see here.
What do you make of this fiendish challenge?
Boring - it smells like the Illuminati rebooted.
Gosh - think how lower the prices would be now if AT&T had managed to buy T-Mobile ... that deal was promising to lower costs too.
- Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
- FOUR DAYS: That's how long it took to crack Galaxy S5 fingerscanner
- Did a date calculation bug just cost hard-up Co-op Bank £110m?
- Feast your PUNY eyes on highest resolution phone display EVER
- Wall St's DROOLING as Twitter GULPS DOWN analytics firm Gnip