92 posts • joined 19 Aug 2010
Hopefully this doesn't end up bricking swathes of ATMs across the globe
Also, I don't see why a bunch of ideas have been ruled out because "they could be gamed". Entire websites have been (successfully) built around these ideas that can be "gamed".
I would also like to "+1" the suggestion of getting notifications when any post of mine has been responded to. It's a pain having to log in, open an article, click comments, click my posts, middle click a handful of my posts, ...and scroll.
All great apart from that!
> What, other than a channel Netflix doesn't hugely need, can Comcast offer beyond quality carriage?
Perhaps it's an exclusive deal. I.e. Netflix signed the contract with the understanding that YouTube and other video streaming services would not be offered similar deals and would continue to be throttled?
I guess it's no bad thing, raising the profile of permission overreach, but Android already presents all this information to the user when installing a new app. So I'm not sure what McAfee's proposal is bringing to the table.
Facebook finally got canned when a recent update decided that it now needed to access my text messages.
11 incidents per day?
Who has the time, perseverance, and steady hand required to cause 11 incidents a day?!
Totally, agree. This is really annoying.
Re: Rare pragmatic response
In this case, I don't think they've factored in the number of less-than-scrupulous users who will suddenly discover they have been using IE7 all this time.
Re: Bitcoins traceable for most users
I didn't say they *can* determine the source of funds, I said they *have more chance*.
> Cumbria University admitted it has no way of checking whether pupils had earned their virtual crypto currency by stealing, through botnets, by legitimate mining and trading, or via drug sales on Silk Road.
They have more chance of discovering the source of bitcoins than real money. They can trace back through every bitcoin transaction ever made. Try walking into a bank and asking where your client's payment came from.
Do universities check that traditional tuition payments haven't come from nefarious activities?
Whether or not I agree with Google's design decisions, I can usually see *why* they've done something.
I have no idea why they would do this. It seems everybody loses.
don't be [caught doing] evil
no Android version?
Nice to see Yahoo haven't lost their "unique" approach to business.
Re: Spread the cost. @AC
You're right that revisions are deleted after 30 days (and Google counts those revisions against your total storage, but Dropbox doesn't), but CryptoLocker gives you three to four days to pay the ransom before deleting your files, so if you haven't noticed after 30 days then I suggest your files can't be that important.
Re: Spread the cost. @lorisarvendu
Not true. All the major cloud backup services (Dropbox, SkyDrive, Google Drive, etc) have implemented file versioning so you'd always be able to navigate back to a previous (unencrypted) version.
Re: Techie question.... @Jamie
So if you sign your own certificate and someone navigates to your site, they'll see the usual "You're browsing on a secure connection, but we can't verify the identity of the site. Do you want to proceed?"
Someone sat between your users and your server could then strip out your SSL and re-encrypt traffic with their own self-signed certificate. You wouldn't have to dig deep to see the certificates were different, but if your end user is expecting to see that warning, then would they do that? I doubt it.
I suppose if you were able to convince a user to add you as a root certificate authority, then I guess you'd be more secure, as you suggest, but then how does your user know that initial connection hasn't been compromised and they aren't actually installing an attacker's certificate?
I don't think getting your certificate signed by a CA is detrimental to security, and only adds barriers to adversaries, especially to common or garden ones you're much more likely to encounter.
Again, correct me if I'm wrong...
Re: Techie question....
I'm not an expert, but I'm pretty sure this would make a MITM attack even easier.
A man-in-the-middle would be able to strip out your certificate and add their own, which now wouldn't even need to have a chain of trust, it could just be any old certificate.
If some adversary (criminal, governmental or other), employs this MITM technique, then the end user will still see the green padlock in their browser but if they inspect the chain of certificates, they should notice that the certificates involved are not the usual ones, no?
Are there any browser plugins that can warn about unexpected (but apparently legitimate) chains of certificates? Perhaps checking against previous experience and/or some independent database?
Re: P=Partner, not Parent.
> that strength is decreasing rapidly and they won't get taken seriously much longer.
Glad they are getting shut down
But why would anyone install a flashlight app that required the "Location" permission, (and full network access presumably)?
Fully agree with M Gales' post above.
Is this like that time President Obama said "we're not going to scramble jets to catch a thirty year old hacker", then grounded the Bolivian President's jet on the basis of a rumor?
Re: Well Well
Meanwhile, we are getting outraged and vocal about one of our diplomatic bags getting opened in Gibraltar. Hypocritical much?
Are they using automatic voice recognition, or are they doing this manually / relying on community members to flag stuff up?
Good luck to him, but does he not remember how he was dismissed from his government position as drugs policy advisor? Of all people, his "hopes the UK government can set that to rights" seem a bit optimistic.
Am I going to get hacked if I click that link?
Do you work for NSA/GCHQ?
I really don't understand this move
Surely the only people who understand the implications of this would also understand how futile it would be?
Agreed. Really good to see an article like this on el Reg.
Unicode is notoriously difficult to get right, so I have sympathy for the Apple developer w̻̔̽ͯ̄͒́̎ͅh̻̰̭̗̣̪̩͗̎ͯͣ͆̓o̬̱͚̟̹͉ͦͥ̔̈́̓ͨ͋ ͤͤg̭̩̲̍͐ͣ̈́̆͗ͅͅǫ̐ͥͬͣ̀̿̂t͚̤̙̠̫̐̌̾̉̽ ̫̳̫̈̅̍͗̑ṱ̴͎̲͇̯͉̖̊ͤ̈͐ͬḧ̤̳̭̠͉̱͌ͬ͞i̜̺͓̞̳̓̉̓ş͔̩̲͙̤̺ͬ̆̉̂ ̲̭̍̑̉̉̄̆ͫ͞wͬr̛͖̭͎͉̪ͬ͂ͩͥ̚o̢̰͉͙͇͖ṅ̌g҉̫͕̺
Thanks for the explanation. Baffling that they decided to take that route for the sake of a few hundred kilobytes.
It sounds like it could be the bizarre brain-child of an eccentric but senior engineer at Xerox. And it's worked well enough until now that no one could be bothered to tell him what a pile of over-engineered crap the idea was.
I still don't fully understand this.
If it's faulty OCR, why does the copy look such poor quality?
If it's not using OCR, how how the digit get flipped?
So Google isn't subject to British laws, but BP (and Deepwater Horizon) is subject to American laws?
Re: Haven't we had read/write laser disks for close to a couple decades?
You're either referring to magneto-optical disks (e.g. MiniDisc) which still use a magnetic write head to change the polarity of a substance heated by a laser, or you're referring to ReWriteable CDs which rely on dyes that change opacity depending on the temperatures they are heated to (i.e. not magnetic).
If my understanding is correct, this new process is completely different; uses only lasers and is orders of magnitude faster.
I think they are more concerned about the endpoints than the transport.
Re: The curious part of me wants to know....
Re: At the rish of being downvoted into Oblivion
Just as an addendum to the above; comparing Windows to Linux a decade ago would lead you to a very different conclusion regarding the security of open vs. closed systems.
Would I be out of line to suggest that it's fairly foolhardy to claim 'closed' is inherently secure than 'open', on the basis of a single piece of anecdotal evidence?
How is the NSA so certain Huawei is feeding intel back to the Chinese government? Because they intercepted the emails.
That link again is: http://www.pozible.com/project/26539/
(Would be better placed in the article though).
Does anyone outside of the government use the word "cyber"?
Plot twist: storage manufacturers have been spent years emailing terabytes of "encrypted" data around, lacing the meta-data with trigger words. NSA was forced splash out on multi-million dollar data warehouses to accommodate this suspect "chatter".
They should call it Lyp Sync
s311 != s313
"Senator Conroy told Estimates that the government will set in train a process to improve the transparency surrounding the use of s311"
Sleight of hand on the senator's behalf, or typo?
Why do the balloons burst? Is it because atmospheric pressure drops and the balloons expand too much, or the low temperature causes the rubber to become brittle? Or a combination maybe?
Re: First of all ...
Cool story, bro.
It's not that people don't know, it's that they don't care. And why would they? Most people see a few targeted ads as a perfectly adequate price for using google/youtube/etc.
oh, and you have to wait 3 hours for each biscuit to be printed.
Ok, so the badges thing has been running for a while now. My thoughts on the system? Aiming for these medals seems to have prompted certain commentards into a frenzy of just spamming useless comments on every story published. I think it would be much better to reward the *quality* of the posts, rather than the *quantity*, (or at least some kind of hybrid). You already have the metrics to do this.
For starters, can you just remove medals from people who predominantly get down-voted?
Oh man, yahoo is just a grave yard of once-promising projects.
I bet anyone with an interest in tumblr failing are rubbing their hands in glee right now.
Q: What do you call a piece of software that uses duplicitous techniques to install itself on your computer, often piggybacking on the installers and updates of completely unrelated software. After which it slows your computer and then later, tries to scare you into sending them money?
If a public company is having this success, can we assume that certain shadier (government) organisations are already ahead of the game and are routinely cracking public key cryptography?
Re: The real reason they want them turned off
...which makes sense. But then you're allowed to read a book, but told to "switch-off" a kindle. Which makes no sense.
"All of the data related to the backdoor is held in shared memory and never touches the disk."
(which just raises more questions that it answers...)
- Vid Hubble 'scope snaps 200,000-ton chunky crumble conundrum
- Bugger the jetpack, where's my 21st-century Psion?
- Windows 8.1 Update 1 spewed online a MONTH early – by Microsoft
- Google offers up its own Googlers in cloud channel chumship trawl
- Something for the Weekend, Sir? Why can’t I walk past Maplin without buying stuff I don’t need?