Unfortunately, there was a technical glitch resulting in a confusing email.
I'm confused about why the email was "confusing".
172 posts • joined 6 Jul 2009
I'm confused about why the email was "confusing".
The backwards compatibility of being able to use WEP comes at a cost, which is that insecure WEP networks continue to exist.
WEP is maybe a special case, because what people do in the privacy of their own networks is their business. But what I really object to is having to use poor protocols and being made vulnerable to downgrade attacks because the server operator doesn't believe that data protection is a priority.
Lots of people see support for poor network protocols in widely used software as harmless, particularly when someone else might suffer more serious consequences than themselves. We'd still all be running DES and WEP if we had to wait for everyone to choose a good time.
Trial by journalism is a rotten way of doing business. But I am confused about a factual statement in the article.
It says "The image below was grabbed on 4 August 2012". It is of a web browser showing a "replication server" page and with several other tabs. But if I follow the link to it on Krebs's site then I see a Twitter-generated page with "6:40 a.m. - 19 Jul 2015" written on it. The link on Krebs's page is https://twitter.com/deuszu/status/622763065746915329
I am obviously even more dim witted than normal, so can someone sit me down and gently explain the 4 August 2012 thing.
Let's hope they remember to order the pilot of the A-10 to lose this time.
Having the F-35 beaten by one vintage plane is bad enough but two would look like carelessness.
That sounds like a long term maintenance nightmare for anyone foolish enough to use it.
Isn’t the actual printing of journals a relatively cheap thing to do nowadays?
Most people access journals electronically, and many of them are only available in electronic form. Where there are physical print runs it is often just for tax reasons - in the UK for instance VAT is not charged on printed material but is on material delivered via the web.
So in the UK it is often cheaper for a library to subscribe to a print version which happens to come with "free" web access included, than just the web access version. They usually just bin the print copies.
Yes - for a ball park figure, if their assets are about the same as last year's $55 million earnings then, with 38 million claimants, that's US$1.44, or 92p, each.
I hope we are ripping Android to shreds. We get fixes for Microsoft products for at least several years. I might as well chuck my practically new Samsung phone in the bin.
And I don't believe the blame should just attach to the tardy phone manufacturers and operators - this is as much a consequence of the design of the Android ecosystem.
The blog link on their home page seems to be broken, but still appears in Google's cache. I wonder if their blogging software was the route taken by the hackers into the site. https://ashleymadison.com/blog/
"Apple may not have noticed the post" is a poor excuse. He should have given Apple a sensible amount of time to fix it.
The number of people who will know to install SUIDGuard or whatever will be miniscule compared to the number now at risk from this public flaw. i.e. 100% of black hats now know about the flaw, 0.00001% of potential victims. Still we should be genuinely grateful he didn't sell it to Hacking Team.
>Everyone spies on everyone.
Many people suppose this, but I doubt it is true, particularly where the consequences could completely eclipse any possible benefits.
For example Israel would be very stupid indeed to spy on the US given the fallout from Jonathan Pollard, the devastating consequences of American military assistance being curtailed probably means that no minister would risk it; and whilst the US probably spies on the UK, the UK would not do anything to jeopardize their Trident missile rental agreement.
Since it covers far more than anti-virus software I wonder how much in total it costs the economies of Europe and US for companies to comply with this pointless nonsense.
It's like equipping a horse with a spare wheel. If you are genuinely concerned about security then you probably shouldn't be using Dropbox in the first place.
Digital Equipment Corp made the first page of virtual memory no access in VAX/VMS, because 0 is such a special number for pointers, unused values etc. The resulting exceptions identified pointers set to null etc. Maybe hardware designers should make physical address 0 no access for similar reasons.
Or maybe shift some liability onto the domain name registrars. That would incentivize them in the right direction.
It's hard to air gap it.
If the entertainment system and the displays have access to the Internet, and also need to know information about the electronic management systems even just for warning messages like "the handbrake is on" when you are moving, then there can't be an air gap.
Some sort of regular unidirectional broadcast by the electronic management systems, without any signals electrically possible in the opposite direction is the best you can hope for if you want to prevent the possibility of control in the other direction.
"most IT staff I have worked with are more than happy to do work in their own time, especially if it's really needed"
Why should IT staff and developers be expected to work for nothing. If the company really needs it, then the company should pay for it and not expect their employees to subsidize them.
This part sounds like geenwash bollocks. Fossil fuels are the dominant source of industrial hydrogen.
It would be best not have have a body part near a suddenly moving, hot or electrified component when the car unexpectedly starts. It would also bad to have the car run its engine inside an unventilated space or where the fumes can leak into residential space.
Being able to hack remotely starting the engine seems like a serious problem. There are circumstances when starting a car engine without warning could maim or kill people.
It beggars belief that David Cameron wants to weaken encryption in the UK. Whilst the NSA might not be targetting UK economic interests in the same way as they are here (at least that's what they probably tell the British), they are not the only state actor which engages in this sort of well resourced industrial and economic espionage.
You mean the World's best exploit kit? Worst = Most inferior. The World's worst exploit kit would be really crap at exploits.
Whatever the vulnerabilities in it, it deserves to die because it is not an open standard. It is controlled by a single company. Open standards promote competition and compatibility, closed standards allow a single vendor to screw everyone. It's like having exactly one browser implementation controlled by one company.
>Did you read the article? The benefit to advertisers is that users won't disappear behind their own privacy tools.
I read it. If websites obey the DNT then the effect for advertisers is identical to the user deploying privacy tools. If a tracking company obeys it then all their tracking data disappears, followed shortly afterwards by their business. If they don't obey DNT then their tracking business stays alive for several more years, and maybe forever.
The discussion about ad blockers seems a bit irrelevant because DNT wouldn't turn off adverts.
I always thought DNT was a waste of time. There is no benefit whatsoever to websites to pay attention to it. It's like putting a "do not eat" sign on your hen house to discourage foxes. Even if they could read, why should they?
Who says people aren't prepared pay for content anyway, it's just that there's no need if the competitor is free. When its not, or the competition is rubbish by comparison, then lots of people do pay. A good chunk of the online population have Netflix etc subscriptions.
>Take any medium size (or larger) application written in C/C++ and compile it with gcc -o3. Result: Broken application.
I've just tried it. The program worked fine. The only odd thing was the output file from gcc was called 3.
My "usual keyboard technique and speed" might also be dependent upon which keyboard I am using too.
Three or four years in prison and getting to keep $10 million of the money they stole? Sounds like $1 million a year and better working conditions that most fast food outlets. Where do I apply?
Just what sort of interval is a "relatively short" one. A week, a year, a century? Forever hopefully.
>Therefore I would say it could currently "thwart obvious attacks" but is not fully secure. But then again what is?
Thwarting obvious attacks is not enough. It needs to thwart attacks by people whose job is credit card fraud.
Equally importantly there should be far fewer bugs in the first place. Industry average is about 15-50 errors per 1000 lines of delivered code.
Dunno. There isn't going to be another election for five years, so I guess their constituents can mostly just piss off for the next four.
>The real problem with SSLv3 is, that what Web Browsers (and so called SSL VPNs) are doing goes beyond the design limits of SSLv3
Cryptographic protocols can't be considered in isolation. They exist for the applications which use them.
To say that SSLv3 is secure and it's the web browsers which are broken because they allow client side scripting is a bit like saying that your feet are the wrong size for your shoes.
They should do the same with TLS 1.0.
It is just as vulnerable to BEAST as SSL 3 is.
They will probably just rename it and start again.
>If BT/Openreach can remove the need for twice the amount of equipment as is really necessary, surely that would make maintaining the network easier to and therefore more reliable?
It depends on which parts of the system are the most unreliable. It isn't usually the electronics that cause the trouble, it's the JCB through the fibre optic cable.
The best marketing that money can't buy.
I would add a codicil, "except where the mistake grossly benefits the people who made it."
Privacy is like democracy - Governments like to pretend they want us to have it but the opposite is true.
>Just about every manufactured item exhibits that pattern of failure.
Bathtubs have a "bathtub curve" failure pattern too. Problems with poor installation, shipping or manufacturing at the start; hard water and fatigue related cracking taking their their toll after a few years.
>Cool. Could you please post a link (or library reference) to the working exploits you have actually produced during all these years? Thanks in advance.
Wim van Eck's 30 year old paper "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?" http://cryptome.org/emr.pdf
The wheel is not so much turning as being re-invented.
Yes, why is it that so many of the people here who claim they have nothing to hide find it necessary to do so anonymously. Maybe they just don't understand irony.
>The next consideration is what proportion of activity is actually sensitive.
If you only encrypt sensitive activities then that highlights them with a big sign reading "THIS PERSON IS CARRYING OUT A SENSITIVE ACTIVITY HERE". You need to encrypt everything, all the time.
As a Doctor Who fan I am looking forward to the return of blue police telephone boxes on street corners.