800 posts • joined 31 May 2011
Re: Invitation-only, for now...
...they will promptly make this the mandatory new GMail UI
They are still trying to figure out how to add a Like button to this without getting sued by FB. Still, they are getting close.
Dual Use Report
I've started reading the draft. It provides both a good overview of security concerns in dealing with VM management and a wonderful way to combat insomnia. More seriously, it could use some copy editing, presumably what this review period is for. As far as laying out the basics, it provides an outline of them but no direct examples or specific actions that can be taken by an admin. This is more a definition document than something that provides specific recommendations.
Re: It's intriguing to speculate
how would [Neanderthals surviving until the present day] have affected our approach to race, treatment of other species etc?
A worthy question, one which is addressed by Harry Turtledove in A Different Flesh, although Homo erectus, not Homo neanderthalis, were used in the story.
Tried and True
An advisory from Microsoft warns that the as-yet-unpatched flaw is present in all supported versions of Windows except Windows Server 2003...
Which means that Windows XP is most likely not vulnerable, either. I wonder how many people will continue to use it until it achieves the status of too old to run current malware.
Re: Earthquake Proofing?
Much more entertaining is the idea of leaving the floating house thing on by default. You would still have to have fail-safes to avoid damage due to loss of power or hooliganism involving your house, a length of rope, and a truck. Too, the power bill would be a bit high (perhaps requiring a local install of one of Lockheed Martin's truck-sized fusion reactors), but it would certainly be cool to look at.
Don't send anything that you wouldn't want others to know.
You were good right up to the last sentence and contradicts some of what you say earlier. Sooner or later, you will have to transmit something that you want one party to know, but not everybody, thus the basic problem. It's more than data management that's involved here. It is risk management, as well. Of course, the article highlights the lack of thought given to either by a wide range of people involved in sensitive areas. Thumbs up to you, Lee D, for good advice. None at all for the folks at the DSTO.
Borrow a target's car keys (e.g. valet parking) and swap their FIDO 2FA thingy...
Good point. I am not sure I understand the rationale of requiring a plug-in device rather than a randomly generated string. There are devices that do not require any communication with or through the device being used to access the web page (e.g. RSA SecurID). They can still be defeated, but I would think they are less vulnerable to attack than the method described in the article and are more widely usable.
Re: Problem solved
To me, this is a lot like governments setting up toll roads:
"We used the money you paid us to build this road. What? You want to drive on the lovely new pavement? Well, you have to pay for the privilege."
I predict that Net Neutrality will prevail if only, as in the case of robbery, because the government hates competition.
Re: Same as iOS 8
iOS 8's Spotlight does the same thing, sending search queries to Bing.
Bing? Why Bing? I understand that Apple's experience in creating a mapping service might color their perceptions and that farming out this service makes this a more glorious failure, but if they were going to do something blatantly self-destructive, wouldn't Google have been a better choice? It does a better job with search, a better job with mining user information, and undermines Apple's market share more efficiently than Microsoft.
Competent browsers... will detect the inappropriate certificate.... But other software, such as the popular 360 Secure Browser by Chinese biz Qihoo, will gobble up the dodgy cert without warning.
Incompetent? No, it's working as designed!
Re: Too late to the party...again.
Given MS are rather late to this somewhat narrow market, I really wonder why they're bothering.
Because this strategy has worked in the past for them, most notably against Netscape, though there are other examples. Problem is, I suspect you are right in this case, but if the only tool you have is a hammer, then every problem looks a lot like a nail.
Re: Ummm, no.
All those things she said about drones - they may well be true for fighter aircraft; but next to none of it applies to the road...
Especially the part about bombing friendly forces.
To be fair, little she said quoted in the article concerned cars, though I am not sure I agree with the conclusion that they ought to be working on keeping the driver engaged in the driving process rather than perfecting the automation. The draw of automated driving systems for many if not most people is that you won't have to pay attention and can do something else entirely. Take that away and you may have a safer system in which no-one is interested.
It's just ...whistleblower rules that make it an offence for journalists to report on security agencies' activity and data retention legislation. It's just the tip. It's for your own good. It won't hurt much. You never want to hear any of the above. None of them end well for anyone other than the person saying them.
Re: Why Turkey?
Why not? It isn't as though the government there has no opponents: the Kurds, governments of other states in the same region, its own citizens (yes, this applies to all the others), members of various terrorist groups operating in the region.
And it's "Arabia" or "Saudi Arabia," not "Saudi," which is akin to saying British.
Re: "By August the comet will make its closest approach to the star, and cook Philae"
Comète en brochette avec atterrisseur brûlé... Mmm... tasty!
Thanks for covering this truly awesome event.
Re: 10 years
It might change everything...
As recently alluded to here on El Reg concerning artificial lighting, I suspect that people will use whatever their current energy budget would buy at the new price point. As a race, we tend to take incremental steps in the development of new tech, but we are really good at finding ways to use resources as fast as they become available.
Living in the Wild, Wild West
Whoever is developing software has responsibility to users who do not know enough to protect themselves
Yes, but what happens when they don't know enough to protect themselves? Oh, wait...
Pete 2, you bring up several good points. I don't think any security system that can be defeated by a simple photo or 3D print of someone should be considered fit for purpose. As far as voice recognition, there are several ways to take into account the hack you describe. A simple way would be to have a quick Q&A between the person and the system. Both voice and content could be analyzed. Too-perfect matches should be counted as an attack, so if you ask the person for the same word in two different contexts and the response is detected to be identical, then the system should "know" it is being hacked.
I think the way to go for a reasonable amount of security for system access involves simultaneous, multiple checks. They should be as transparent as possible to the user. Any one method can be defeated. Adding layers and making them simultaneous should greatly increase the difficulty in doing so.
Because planking is passé.
Maybe there is a category of sub troll? Goblins, perhaps?
Politicians. Seems to be a good fit.
Re: When I leave the house ...
See, that is how you can tell Zombies' phones from those of humans: they only text this one thing over and over. Besides, the biggest take-away from most zombie shows is that your fellow surviving humans are the biggest danger, not the undead.
Sorry, gotta get my coat and go. The zombies are at the door.
Mmm... Swiss Cheese
Since the browser is one of the most common attack vectors, you would think that MS would put more effort into minimizing its attack surface. Of course, if they had that attitude, Windows would be Xen...
Performance-based Proportional Pay
...theoretically the bosses should be paid by the amount of work they actually do compared to the amount the employees do.
The are paid on that basis, it is just not a simple proportional relationship.
Re: Once again...
...but at least they were trying
Talk about damning by faint praise!
...or better not use a standard BIOS at all but roll their own proprietary system.
The problem with this is that banks tend to value stability over everything else. My experience has been that given a working system, they would rather make incremental changes to improve security, functionality, et cetera than to replace an entire working system. To back this up, I point to the fact that banks were responsible for OS/2 being kept alive well beyond the point that IBM pulled the plug simply because many banks were using it in ATMs and for other purposes, too.
Just the facts
...more taxing on the mind of drivers than normal tasks...
Eddy Ito has a good point, no matter how unintentionally made. There were a number of things that the study should have addressed but that it did not. There should have been a quantified measure for each of those "normal tasks" as well as a baseline (driving with no additional tasks). The measurements given were based on subjective reporting - a notoriously weak approach - by people with a clean driving record. Throw in some teens who are familiar with Siri and I imagine the data would look quite a bit different. The outcomes were unsurprising if the sample group had no experience with the tasks being performed as any novel task would would be relatively distracting. Some of this is perhaps outside the scope of this study, but should highlight some of its weaknesses.
Re: Or it would have if I'd let it...
This isn't about Adobe Reader, it's about Adobe Digital Editions...
Well, the product in question is Digital Editions, but the article is concerned more broadly with Adobe, their actions and their responses which seem to be designed solely too deflect and mislead.
For friends and family, I have advocated ditching Reader because it is attacked enough to essentially qualify as malware in its own right. I was further encouraged to avoid their products when they moved to a subscription based program for their Creative Suite. I viewed this as milking it for all it was worth and am not interested in contributing to the Buy an Exec a Yacht charity program. This revelation was another nail in the proverbial coffin from my perspective, but the box had to be pulled out of the ground before the nail could be pounded in.
Next question: do other e-book reading applications and e-book readers also report home in the same manner?
Re: Frankly speaking Khaptain if anyone is doing their banking............
Never underestimate the self-inflicted damage that people are capable of! I got called in, once upon a time, on a consulting position for a company in which all of their printers had stopped working. Nothing wrong with and no change on the printers. Same with the network. Same with the client machines. The print server... inexplicably had been upgraded to a beta version of Windows Server that had no drivers for those printers. The owners refused to back-level because "newer is always better."
Sadly, this is not the only instance I have encountered use of beta software in production. On the plus side, it meant money in my pocket. I still felt like a physician must having to explain, "No, no. If you keep stabbing yourself, it will keep hurting."
Re: Clever but
A headset would also be better able to deal with surfaces that do not show projected images very well. My first impression of this was that it looked really cool. Then I realized that my living room does not have much in the way of plain white surfaces. The rug has a dark, complex pattern. The media center, desk and book shelves are stained wood. The sofa has a green plush upholstery. I think that it would be difficult to use this sort of setup in a environment similar to what I have.
Also, having players use headsets would allow different players to see different things, which could be used to add depth to games.
Re: It's all too difficult
If you need to do business, you need people to access information. If the wrong person or the person in the wrong frame of mind decides to use that access badly, what can you do?
The quoted person shouldn't be working in security! Frank ly, you've got a good start. Why not add in some auditing, both automated and human monitored? Robust logging with an audit trail that goes back a considerable amount of time? Restrictions on removable data and access to external networks? Granted for AT&T, this later might be difficult, but blanket statements about how impossible it is to address this issue should set management on edge. There is no security measure that cannot be overcome, but not even to attempt to address an obvious and common concern is ridiculous!
Why no photo?
I am curious as to why this card will not have a photo on it. If it is going to be used for verification of electronic identity, why not add a photo to it? It will, after all, have all sorts of biometric data stored on it. Also, I saw that it will require a card reader. Presumably, this will be very similar to the smart cards common among US government implementations (CACs). I wonder will the Estonian version take advantage of NFC.
Re: "Perhaps developers simply shouldn't use unaudited or sketchy-sourced code in production"
Yes, but that would mean investing time in auditing the code. In a production environment, the point of using third party tools is to save time, so spending that time is going to get push-back from management if it even occurs to the devs to do so in the first place. I fully agree with the sentiment, but it is going to be a hard sell in order to get this added into a coder's SOP.
Re: What's a mile?
Comes to about 11,637,878br` or 174,568,174ddb" give or take
Re: Really? Worried? You had me for a minute there
Why the f*ck are they still playing the paedo/terror "the world will end" card every time we (the ones who make and design the devices and services) try jack up the security and encryption in them?
Left hand, meet right hand. Conversely, this might be an effort to generate more budget so it is important to highlight real, emerging, difficult to quantify threats. Or the people presenting this data might be unassociated with those who typically bring up the paedoterrorcrim issue. Or "they" might have simultaneous though conflicting goals. Pick as many as you feel may apply.
To turn the question on its head, what is the point in having data if you cannot find anything in it? Encryption helps ensure that only authorized users can access the data, not that no-one can. Too, consider that search values themselves are metadata and relate that to the tracking of telecon metadata by various government organizations. There might be a reason to develop this sort of thing based on that alone.
What? No Kiss?
To stop people feeling violated again, Facebook says it has given researchers clearer guidelines and will review their proposals more closely if they’re aimed at ... deeply personal things...
To translate: People are still going to be violated. However, Facebook will work to make sure people don't notice. Bastards.
Re: Not likely to succeed
Have an up-vote for making me laugh. Very, very funny!
Firearm-related death rate per 100,000 population per year...
Removing easy access to weapons and increasing police presence are two different aspects that affect the outcome of this. Also, focusing on the implement used in violence does not address underlying causes. Perhaps better comparisons might be homicide rate, number of law enforcement officials and average income.
US - 4.7 UK - 1.0 Afghanistan 6.5
Law enforcement/100,00 (2012/2009)
US - 248 UK - 307 Afghanistan 401
Average Wage ($US 2012)
Gross US - 55,047 UK - 44,222 Afghanistan 70/426 (2004/2010)
Disposable US - 38,753 UK - 29,938
Still a bit simplistic, but a shot (pardon the pun) in the right direction. It's not a simple interaction between one or two factors.
... is still crap. Just look at the quote:
It claimed security could be afforded through the use of URL obfuscation or log in requirements, tokens that rotated addresses, or IP address restrictions. Spam too could be fought initially through traditional search engine mechanisms.
Given Google's current approach to security and privacy, this looks a lot like dressing crap up in a fairy tale and trying to sell us all on it. Their only concern with security is how it affects them. Likewise with spam (they hate the competition). In what world should everybody be able to use anything? Isn't that kind of openness and accessibility the opposite of having security?
Proof of Concept
It seems this would be the sort of thing a quantum computer would be ideal to implement. I expect I will wake up to news that some academic type now owns all the BitCoin any day now.
Re: No Brainer, Really....
That and it is a lot easier and cheaper to gain experience there than on Mars. There is a much shorter turn-around time for transport, plus, you can bring your experienced astro/taiko/cosmo/nauts home.
Apples to Oranges?
I am a bit confused concerning the comparisons being presented in the chart. The quote near the end of the article indicates that this approach is supposed to complement initial authentication methods, but the chart seems to make direct comparison with some of them. On the other hand, if the point is to simply list different authentication methods, why not list methods that require users to present a token of some sort (e.g. CAC) and other two-factor authentication methods?
Is that Victor Lustig?
BFL = lying scumbags, they flatly refused to refund my money and were nearly 1 year late with the shit they shipped in the end.
They were basically selling a money machine - put in a 10 and get back two 20s. It's been done plenty of times in the past for great profit, though not by the marks, so it's a good model for con artists to follow. I am sorry you were had, though.
What Will Happen
El Reg can't help but imagine what will happen when keen hackers equip Colias devices with weapons and lay out RoboCode arenas for real …
Beautiful, beautiful mayhem.
Re: Security dept. is there to serve the business
It's time security folks joined the rest of the IT world in a thorough understanding that they need to justify what they do.
I'm not sure which world you live in, but what I have seen is not so much in the explanation or understanding of the requests, but in management's caring. It is easy to explain something in terms of "If you do this, you will add this amount to the bottom line." It is fairly easy to explain things in terms of "If you do this, we can cut costs in these areas." What is harder to get someone to sign off on is, "If we spend this money, the odds are good we will avoid losing more later." This last is what security budgets seem to translate to in Managerspeak. Add some regulatory teeth to the equation and you might have something along the lines of "Invest this amount now or you will end up paying this much larger amount later" which would result in better implementation of security standards.
On the Plus Side
I am aware this diverges somewhat from the point of the article, but concerning relative standard of living, has anyone else stopped to consider that many of us (especially those of us on this forum) live comparably to royalty in years past? Many of us have portraits done of ourselves and our families. Once upon a time, only the very rich could afford to have a portrait painted. Now, we have cheap photography. Likewise with sculptures: we are starting to see 3D printing handle the market for memorials to our egos. Exotic foods, drinks and spices - things that wars were literally fought over - are readily available in our supermarkets and in many cases are offered for free (e.g. salt, pepper, sugar) when we buy a meal at a restaurant - another extravagant luxury in the eyes of our ancestors. We have education available to us and can presumably read and write. We have reasonably cheap electric lighting. Compared to gas light, candles, oil lamps, or other flame-based lighting, it's pretty darn good.. We can buy appliances to clean our floors, clean our clothes, provide us with music, show us plays, and so on. We can have a security system installed and monitored. Our phones stand in for servants that only a wealthy person could afford in years past, working as our personal secretaries, allowing us to send communicate in any number ways with virtually anyone we could wish, providing us with a library we can access at any time. It would seem that we will have self-driving cars in the not-too-distant future, making chauffeurs available to the masses.
It should not be too difficult to add to this list. Many of these things initially were driven by the very wealthy wanting them. Later, they were produced in sufficient scale to allow more and more people to afford them. I would argue that, the evils of unmitigated consumerism aside, this is not a bad thing and has in fact raised the actual standard of living immensely. Inequality is not an inherently bad thing, though its abuse - any abuse - is.
Follow the Money
If PayPal can do it, why can't Visa and Mastercard stand up and enforce their own anti-piracy policies?
Because BitCoin. I am not familiar with PayPal's efforts in this regard, but as they are associated with eBay which has a dog in this fight, it makes sense for them to be concerned with copyright infringement. I do not believe there is similar motivation for Visa or Mastercard.
Someone who causes an accident because they're playing angry birds on their wrist should of course be dealt with appropriately (execution ideally)...
So, should they be loaded into a giant slingshot and hurled at some random collection of debris or be forced to stay in one place while poultry is fired at them from on high? Either one works for me.
- +Comment Trips to Mars may be OFF: The SUN has changed in a way we've NEVER SEEN
- Vid Google opens Inbox – email for people too stupid to use email
- Back to the ... drawing board: 'Hoverboard' will disappoint Marty McFly wannabes
- Pic Forget the $2499 5K iMac – today we reveal Apple's most expensive computer to date
- Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...