553 posts • joined 17 May 2007
"Distributed web host CloudFlare says its costs rise dramatically..."
Don't let them hear you say the dreaded words "web host." Cloudflare serves up huge quantities of spam sites, malware, and phish sites...but its abuse team will quickly point out "we are not a Web host and therefore we will not/do not have to/cannot take any action against abuse on our network, now be off to bother someone else" if you file an abuse report.
Re: Missing information
From the sound of it, the hacking device is simply a payload delivery system; it would be up to whoever is deploying it to equip it with the appropriate payload.
Attacks exist against both Mac OS and Windows targets by exploiting holes in Flash (the Mac DSchanger malware is an example of an attack that targets Mac OS). Presumably, there are attack vectors against Linux as well, and I'm aware of at least one attack against old versions of Android that could presumably be loaded into this device.
Re: That's actually a feature I'd want
In a world where most people aren't developers, most people will always run someone else's code. "Run your own code" is fine for you and me, less so for my parents, my sister, my inlaws, and most of the other people who will be using these devices.
And I don't know about you, but I spend enough time doing friends'n'family tech support as it is. I don't want to be security-auditing or writing new firmware for every single new gadget they buy! I hardly have enough time to get things done as it is.
Re: When I can self sign, and provide my CA by side channel (e.g. DNSSEC)
One of the advantages I see to this scheme is it makes black hat SEO bullsh*t just that little bit harder. The economics of linkfarming and SEO spamming mean even small incremental changes in cost have large knock-on effects that can undermine the profitability of the enterprise.
If we start accepting self-signed certs, then all that will happen is linkfarms will start using SSL with self-signed certs. And the consequence of accepting self-signed certs are potentially quite troublesome. I'm not down with making MITM attacks easier, for example.
Ideas like changing the color of the padlock for self-signed vs. CA-signed certs don't stand well in a world where it's hard enough to convince folks to look for the padlock in the first place. And unlike some IT-savvy people I've met, I don't believe that users who are less savvy deserve to get hijacked.
Re: RE: Fanbois and Apple's Cash Mountain
"What always confuses me is *why* any Apple fanboi thinks Apple's mountain of cash is *in any way* a good thing."
Back in the 90s, before His Jobsness returned to Apple, everyone who didn't like the company was saying "they're losing money, clearly that's a bad thing. Apple is doomed."
Now it's "they're making money, clearly that's a bad thing."
I use a lot of different machines--there are three Apple devices, two generic PC boxes running Linux, and a NAS on my desk as I type this. I make money from my machines, and I find that I use an Apple laptop a lot more than I use any of the other computers. That suggests to me the money I invested in this tool was worth it. :)
"18 per cent revealed they have even checked their phone during sexual intercourse. Ah, that’ll be the women."
Nah, not necessarily. I once live-tweeted an orgy I was involved in. It seemed like a good idea at the time, though a well-known astronomer unfollowed me as a result. (Well, I assume it was as a result, given the timing, though correlation doesn't always imply causation, I've heard.)
Re: Point of Issue
"I can do dangerous things with a knife or chainsaw - that doesn't make them bad or dangerous when used in a responsible manner."
Sure. But plain old-fashioned C is a bit like a chainsaw with no chain guard. It's a capable tool, but you gotta watch where you put your hands...
Frankly, though, I think the responsibility lies with the AV vendors, not the tools they use. It's a poor workman who blames his tools. These folks are supposed to know about security, that's what they do.
"Electric toothbrushes. Discuss."
Rule 34, my friend. You can use an electric toothbrush applied to the...oh, never mind, just Google it.
Used to have a girlfriend who loooooved "abusing" her electric toothbrush this way...
So the company was founded in 2006, and for the last 8 years it's been operating without a peep from Bose. Then, in 2014, it gets bought by a company with very deep pockets, and Bose asserts its patent claims.
I'm sure the timing is entirely coincidental.
Re: TalkTalk blocked my site
I run and/or administer a large number of Web sites, on subjects ranging from computer troubleshooting to emerging biotechnology to sex.
Ironically, my personal site, which has no content that might be deemed even remotely scandalous (and is not a WordPress site), is blocked on Sky...but my sex site, which talks about kink in very explicit terms, is not blocked by any of the major UK ISPs.
Let's hear it for Net censors, getting things wrong since...well, since the dawn of time, I think.
A great sales organization always listens to the customer, first and foremost. Comcast, on the other hand, has other policies.
Re: El Reg... Really?
"Harrison Ford breaking his ankle (sounds more like a bad sprain, break one of your own and see), has no tech connection.
Some gossip site has no tech connection, except they have an Internet site."
Looking for a tech connection on every Reg article? You must be new.
As for the rogue stormtrooper: The idea of a hero with a conflicted past trying to make good can be brilliant, if it's done properly, but I have little faith this movie will be done properly.
I mean, Star Wars Episode 3 was basically the story of Faust--the classic story of the fall from grace that's been a running theme in human literature since...well, since before there WAS literature. It's an archetypal story that's so embedded in our consciousness that it should not be possible to screw it up. Yet screw it up they did. So I might, I think, be forgiven for approaching any new movies in the franchise with a certain battle-hardened skepticism, I think.
Had a Web server (a shared hosting server operated by a big-name hosting provider) get hit by this recently. It dropped a PHP file onto the server that contained the line
from which, as you can imagine, all manner of mayhem became possible.
"Companies that do see malicious activity originating from AWS should contact us immediately at email@example.com."
I've done this on many occasions, only to receive a "thank you for your report, we have confirmed an Amazon EC2 instance was running at the address you specified" form email in response...and days or weeks later, it's still there.
Perhaps the problem is I'm a person and not a company? If companies can be people, shirley people can be companies too?
I had almost this same conversation a year back with Clear Wireless. I tried invoking the "may I speak to your supervisor" conjuration, but they were too clever for me--I got the exact same treatment from the supervisor. Wish I'd have recorded it.
 At least she claimed to be a supervisor. I have no empirical evidence this was the case.
Nickel allergies can be nasty. I once had a friend who discovered the hard way that the bright finish on a particular sex toy she liked had nickel in it...not a good scene. Aluminum-clad devices are, presumably, not likely to cause this particular problem.
"The next flight, "Elysium", is planned for October."
At which time it will no doubt be shot down by Jodie Foster.
Microsoft? Microsoft? That name sounds familiar. Wait, don't tell me, it will come to me...
Re: "Roth had notified them about the hole via Twitter"
I'm definitely more "security researcher" than "security professional," and on several occasions have notified firms of vulnerabilities and abuse by Twitter...when emails, phone calls, and other more orthodox channels of communication have been ignored.
Sometimes, public shaming works where reasonable discourse doesn't.
Re: Why is security still an afterthought?
In this particular case it doesn't seem like security was an afterthought--the mesh connections were encrypted, after all--but that the security wasn't implemented in a way that made it resistant to sophisticated physical attack on the microcontroller.
Security is HARD. Even when you think about it from the get-go.
Re: Scary stuff...
It's an urban legend that the blueprints of the Saturn V and F1 engines disappeared after the end of the Apollo program. In fact, every scrap of engineering records was kept.
The issue with simply rebuilding F1s from the original design wasn't the lack of blueprints, but rather of skilled labor. The F1s required a fearsome number of extremely sophisticated hand welds made by master welders. Each one was slightly different from all the others, as engineers made small hand tweaks to each. (For example, early prototype F1 engines had a nasty habit of tearing themselves apart because the hot combustion gasses would start swirling in the combustion chamber, setting up shock waves that would build until the engine failed catastrophically. The engineers solved the problem by adding baffles to the injector head to prevent the gases from swirling, but, lacking tools to model the combustion and design the appropriate baffling, they simply experimented until they found designs that worked.)
It's the institutional knowledge, not the blueprints, that were lost.
I've talked to folks who seem to think crowdfunding is a fad that will never produce anything more exciting than a pot of potato salad. Projects like this show what's possible when a group of smart, dedicated, and determined folks, supported by a lot of people who believe what they're doing is worthwhile, attempt something amazing.
Re: What's next ?
Did the same thing myself, many years ago, then got the idea to add a phono plug to it and write chat software that produced DTMF tones. Worked over the phone or the Internet.
First prototype used a simple, small switching transistor instead of a MOSFET, which promptly exploded the first time the toy turned on. (Who knew a simple battery-powered vibrator consumed six watts of power?)
More recently, I've connected an Arduino to a MOSFET and a Neurosky EEG chip, to make a vibe that works on brainwaves. Works really well, and it's even more hands-free than this iPad nonsense.
Re: Want standalone, or at least wifi
"being able to read and reply to massages from anywhere in the house or garden without carrying my phone all the time is a genuine benefit."
I've always been able to reply to massages without a phone, myself.
I used to think that any data you store in "the cloud" exists on someone else's whim if you store it there for free.
Apparently it exists on someone else's whim if you pay to store it there, too.
Re: It's empty!
Seems to me that nowadays that's the kind of task best suited to a computer, not a bloke with a joystick. If the computer fails you're kinda up the creek anyway; it's not like you're going to take manual control and pilot it down yourself.
Re: Other sites have statements ....
That thought occurred to me, too. If it were the result of a large-scale breach at $OTHER_PLACE, we would not likely see the exploits so localized.
It could even be the result of something as mundane and ho-hum as a phishing attack. Hell, I get phish emails asking me to "verify my Apple credentials" at least once a month.
A coordinated phish attack is less sexy than hackers trawling through troves of stolen eBay data and targeting people who reuse passwords, but it seems a bit more plausible to me.
Re: China beats up the US for spying
Though in this case, when Mr. Pot and Mr. Kettle go about doing their various dirty deeds, it's we who suffer for it. The fact that they're both in the wrong about this doesn't mean they aren't right about each other.
Re: I am sticking with Sennheiser and Walkman
"You will only get your hands on my Clement-Clarke Airlite-62s over my cold, dead body."
Your terms are acceptable.
You know what would be cool?
If the Federal government created a large, well-funded organization designed to safeguard the computer and communications infrastructure so vital to the nation's economy, perhaps by discovering flaws in commercially important cryptographic systems and...
Re: Apple is misleading
"For example, is Safari vulnerable ? So if a apple or windows browser visits a malicious web site can data be stolen from the machine visiting the server. Heartbleed works on clients too."
If you're using a Web browser to browse to a secure site, the security of the connection depends on the version of SSL running server-side. If some banking site somewhere is vulnerable, that's not Apple's fault, seems to me.
Yes, anyone connecting to a vulnerable server is at risk. Apple hasn't said otherwise; what they said was "IOS and OS X never incorporated the vulnerable software and key Web-based services were not affected," which as near as I can tell seems to be true. (Mavericks, for instance, ships with OpenSSL 0.9.8y.)
Re: Luxury item
"The organic movement contains an awful lot of people who think organic=natural=Good whereas using modern pesticides in agriculture=unnatural=Poison, irrespective of the effects/evidence."
Indeed. And rather a lot of those folks don't know that organic food is often grown with pesticides, or if they do, assume for some bizarre reason that "natural" pesticides must be less poisonous than "synthetic" pesticides.
There's a wide range of pesticides used by "organic" growers, ranging from pyrethrins to copper sulfate. You really, really don't want to eat any of those pesticides--in many cases, they're more toxic than synthetics.
Re: 1 in 10 reasons probably invalid, so all invalid?
"And saying that it "won't save you from cancer" is a straw man. No-one has ever claimed that."
Actually, lots and lots (and lots and LOTS and lots) of organic food proponents do indeed say that organic food will protect you from cancer. Do a Google search for organic food cancer and see for yourself. Pay attention to the claims you'll find on undergroundhealth.com, diseaseproof.com (which gets extremely specific--not only does it say that organic foods will protect you from cancer, it even specifies what varieties of cancer it claims are "caused" by "non-organic" foods), or any site at all that mentions "Max Gerson," the poster child of the organic food "non-organic=cancer" crowd. Hell, you'll even find personal stories on huffingtonpost.com of people claiming organic food smoothies "cured" their cancer.
So don't call it a straw-man argument. It's not. Rather a lot of folks make exactly that claim.
"Sorry, either you agree with free speech and democracy, or you don't. If you do, you have to accept others will hold views you don't like."
I accept that he has views I don't like. That's a bit different from trying to have his views enshrined into law, but that's a quibble--if you don't see the distinction, it's not really worth going into.
He has the right to have views I don't like. I have the right to choose what Web browser I use and what companies I patronize.
It seems strange to me that folks who support his right to his views, don't seem to support my right not to patronize companies whose views I don't like. We all have the right to hold our ideas...but Mozilla doesn't have a right to expect me to use their products!
I don't quite understand the ideal that says people who run a company have a right to whatever views they have but their customers don't have a right to take their custom elsewhere.
Ugly, sure, but still more attractive than the PS/2.
I remember when the first PS/2s came out. A friend and I had been reading about them, so when they showed up at the local computer store, we went 'round to have a look.
The pictures in the magazines didn't do justice to how ugly they were. Stunningly ugly. So ugly that the first time you laid eyes on one, you were apt to rock back on your heels and wail "what hath God wrought?" in your best William Shatner voice.
So we went down to check them out. When my friend had recovered the power of speech after being nailed square between the eyes by the ugly, he commented it looked like the business end of a ventilation device for outhouses. "Well, form follows function," I said. The salesperson showing us the wares ducked behind the shelf and broke up laughing.
To this day, I still can't rightly comprehend the enormity if the fact that someone made them look that way on purpose.
A logic tester? Luxury! We had an LED with a resistor soldered to one leg. You'd hokd the resistor against the ground pin, touch the other leg to the pin or trace you were interested in, and see if it lit up.
Re: "expansion of space briefly exceeded the speed of light "
One quick and dirty way that gets the idea across, if crudely, is "space was unfolding so fast that objects in space would seem to recede from each other at greater than the speed of light." If, you know, there were "objects" during the inflationary period (which there weren't) or you could see them (which you couldn't).
"signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions..."
...and it's convenient, though not necessary, when the department's missions align with the nation's.
"Nice IPO you got there. Would be a shame if something happened to it."
"[A]s the authors note, the attacker has to be able to visit the same Web pages as the target, and has to be able to capture the victim's traffic."
So the NSA, basically.
Re: New Barbarian Manifesto
"His point was very simple. If the number of voters consuming government money outnumber the people providing government money, then Democracy will fail. Consumers of government money have no stake in the productive side of the economy, they will simply vote themselves more and more benefits..."
How does he explain corporations voting themselves corporate welfare and tax breaks, I wonder? We talk about the poor consuming government money, but we don't talk about all the corporations doing the same.
Well, some folks do, I reckon, but it's always "they DESERVE that government money, because they MAKE JOBS!" Never mind, of course, that they aren't making jobs as an act of charity--they're making jobs because they have to in order to make more money.
Re: We get into problems when.....
"Pretty soon the "wealthy" don't want to be "wealthy" much more and join the majority who just want to feed at the trough."
Riiiiight. Well, I guess that explains the long lines of rich people burning all their money so they can become poor and feed at the trough, then. I was wondering about that.
To me it reads a bit like "Hi there, I'm Mr. Icahn, and I see you have a pot of money. I would like to transfer your pot of money into my pockets please. Oh, look, there's another company with a pot of money! Hi there, I'm Mr. Icahn, and I see you have a pot of money. I would like to transfer your pot of money into my pockets please."
Amazing that folks can make a living doing that.
What's even scarier is the number of cash registers I see running Windows XP. And last month I went to a movie theater and about midway through ending credits, the glorious 4K digital projection stopped suddenly, and was replaced with a Windows XP desktop showing a plain white background and the message "Active Desktop Recovery. Microsoft Windows has experienced an unexpected error. As a precaution, your Active Desktop has been turned off" with a "restore" button and a bunch of troubleshooting info.
Re: How could we have been so stupid?
For every complex problem there is an answer that is clear, simple, and wrong.
The universe isn't under any obligation to be simple, beautiful, or even comprehensible to us. In fact, given that we live in a relatively large world of things moving relatively slowly with respect to each other, it's just about guaranteed that there are bits of the universe which absolutely won't be intuitively obvious, and will vigorously defy attempts to make them seem simple and elegant to us.
Complex theories are complex because when we test simple theories, they usually don't match reality.
Re: "I know absolutely nothing about the black holes...
"its also entirely possible that they've all been coming up with utter twaddle in order to sell impenetrable books to the facebookwits.."
I think you have Dr. Hawking confused with Deepak Chopra.
Welcome to embedded systems programming...
...where security is something we've heard of.
It's not just P2P. I received a text message yesterday on my phone advertising "free Microsoft Office" and a URL, which I knew instantly had to be either a phish or malware. Visited the site (from a disposable *nix VM, naturally), and yup, shore 'nuf, it downloaded Cryptolocker. No surprise there.
The advertising it via text messages is new, though.
Re: Boo Hoo
"The sheeple should be glad the NSA has their back"
And their front, and up their skirts, too, I reckon.
This "sheeple" is literate enough to understand that the risk of terrorism is far less than the risk of being hit by a drunk driver, but we don't use that as an excuse to let the police track every sale and use of alcohol that goes on in the country, nor to eavesdrop on every dinner table throughout the land.
In the US, parody is still permissible use even if the parody is for profit (see the novel "The Wind Done Gone") or for advertising (see the Leslie Nielsen parody of the Energizer Bunny in TV ads for Coors beer).
The US parody exception to copyright law is VERY broad, and is not Invalidated just because the parody is used for advertising or marketing.
Of course, there's a lovely bit of irony here; the Beastie Boys copied the melody from that particular song from another song, and prevailed on "fair use" grounds.
- Product round-up Six of the best gaming keyboard and mouse combos
- LinuxCon 2014 GitHub.io killed the distro star: Why are people so bored with the top Linux makers?
- Opinion IT blokes: would you say that LEWD comment to a man? Then don't say it to a woman
- 6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
- Linux turns 23 and Linus Torvalds celebrates as only he can