Re: Revenge Porn or something else?
Revenge porn wasn't illegal yet when he did it, so they had to make something else up.
1602 publicly visible posts • joined 4 Mar 2011
This is what I hate about these warnings. Against all logic, whoever designed them seems to think a self-signed certificate or an expired one is more dangerous than no certificate at all. Clearly that isn't true. In fact right now I'm about to submit a form over an unsecured connection, and Firefox won't say a thing.
I'm a little skeptical of broad anti-revenge porn laws since the issue does touch on freedom of speech, but I thought this case was a slam-dunk. Surely the fact that he was asking for money to take pictures down makes it outright extortion/blackmail. I don't see how pretending to be two separate organizations changes this.
What I don't understand is how these crooks can get away with using services like Ukash and GreenDot. Normally governments make a big freaking deal about preventing money laundering. I find it hard to believe that these payment methods are allowed to exist if governments can't track where the money goes.
My problem with this isn't that I think that evidence should necessarily be allowed; I don't have the legal training to say whether that is reasonable or not. It's the the impression I get that the defense didn't have fair warning that this line of questioning wouldn't be allowed that bothers me. Almost as if they'd been set up just so the rug could be pulled out from under them later.
There are at least three Los Angeleses just in California. Los Angeles City, Los Angeles County and Los Angeles metropolitan area, each containing the former. There are Los Angeleses in other states and countries as well. I'm not quite sure how to judge which of these are suburban though.
Needing 600 Mhz (not mhz) makes a whole lot more sense than 600 MB RAM. But I don't understand how anyone could mix these two things up. Please tell me nobody working for El Reg was responsible. The 4GB requirement still seems excessive, although hardly prohibitive considering what flash memory costs nowadays.
I think that version is fairly popular everywhere.
Don't forget most teachers are women.
Additionally, his draft law would require all businesses in New York State who handle such data to provide a set of basic security protections including employee training, and third-party audits to certify compliance.
So if my small tiny business, which doesn't even take credit cards decided to add a little forum to our website where people could discuss our products, we'd have to get a 3rd party audit to make sure the passwords were safe?
I have enough familiarity with Skype to know about the random contacts from "women", although I'm not a regular user. But this article says "Someone posing as a woman called Cathy Wong befriended each of the victims on Facebook before asking them to Skype her."
Their real downfall was missing the fact that meeting through Facebook meant the "hot babe" already knew their real name and exactly who to send embarrassing video to. If they'd just been showing their junk to people on Omegle or similar they'd have been fairly safe.
I'm trying to figure out if there's some sort of implied hierarchy. It starts out fairly reasonable, states, terrorists, organized crime. Then it gets weird with "sophisticated worldwide hackers and botnets" I must say this troubles me greatly. One doesn't normally describe people as "worldwide", and the inclusion of botnets is also strange, since no other tools are mentioned. Sounds too much like Skynet. Be that as it may, next we've got "hack-tivists", and I can understand why the NSA doesn't like them, so no surprise they feature just below the obviously scary stuff. But the last four are once again curious: weirdos, bullies, pedophiles, and creeps. What's the difference between a weirdo and a creep? What makes weirdos 3 levels eviler? I'd have thought creeps were worse than weirdos. Putting pedophiles so low on the list is a little surprising too, although I've long suspect they were just a smokescreen.
The directory servers do contain a list of list of nodes and exits, but this is public anyway. As for the idea of keeping them running and directing people to a fake Tor network, that would be possible, but it would be awful brash. It's not like it would go unnoticed.
Menus that rearrange themselves based on what you've used recently are bad enough, and now they want to add an extra layer of unpredictability by taking the time of day into account? Not that having to launch things by trying to scribble with your finger was ever a good idea to start with.
It's semantics, but I don't know if I could really agree the first sentence. As I understand it, gravity is the only thing holding it in place. I mean, it bounced and came back down. That sounds like a landing to me. But I do of course agree that the situation is precarious. Doing anything rash could easily make it "jump" and even if it didn't achieve escape velocity (estimated to be 1 m/s) it might not be so lucky to land mostly right-side-up next time.
piracy websites, child pornography websites, and/or the like
I think Disney just said piracy is equivalent to child pornography. Seriously? Even if we could all agree those are both "bad" (which is in doubt), they are bad in completely different ways. Only the most fanatic free-marketeer would suggest that the main problem with child pornography is that the performers aren't bring properly compensated. In fact I think most people would agree that when it comes to CP, authenticity is directly correlated with "bad".
It does seem strangely at odds with the real name policy (although they claim they've relaxed that as well). But I guess one use case is that you post under your real name, but need to protect your location. Alternatively, Tor can also be used to bypass censorship, so people in countries where Facebook is banned might possibly find it useful.
It's a little scary actually. But yeah they brute forced the whole thing. I doubt they were specifically aiming for the corewwwi part though. More likely what they did was generate tons of these, and filter for facebook<words>.onion and then have a human look over the results to pick one that kinda made sense.
Still, it's an impressive achievement, and it probably means the 16 character addresses won't be good enough all that much longer.
Let me see if I understand that right. The bug is it could create symlinks and then follow those symlinks so it would actually be writing outside the intended target directory. Is that accurate?
Also, it doesn't sound like it's exactly fixed. All they did was turn off creating symlinks by default. So if you ever actually needed that and turned it on you'd still be vulnerable.