Re: Misread as $10
You are right. It was a terrible misunderstanding. The cheque was actually for $10!!!
1576 posts • joined 7 May 2012
You are right. It was a terrible misunderstanding. The cheque was actually for $10!!!
Not sure how that would work. Definitely worth a look, but as I understand it this is just a "try these areas first" collection of data points. That is to say, it can't interfere with the positioning values themselves (via http MitM).
My old tom tom would take several minutes to find itself; you basically have to drop to that sort of brute force scan.
It is possible to believe that a malformed file could be misprocessed causing a buffer overflow or equivalent. Seriously though, if you want an easy way to pwn most android handsets, write a simple app with two threads, activate copy on write, load an executable owned by root and .... you know what, I'm not doing your homework, this isn't stack overflow here...
> US Army backs droid for search and rescue missions
Yeah. That's definitely the use case they have in mind. The other one plays jingle bells.
That has got to be the most awesome job title for your business card.
-- Adam 1 - Roboticist
At least there is no way for an evil app could get itself root access. Oh wait....
Come on Chocolate Factory. You get all 90 days on other vendors.
> you can login as root and get command-line-level access to the operating system if you can crack these password hashes:
$1$$mhF8LHkOmSgbD88/WrM790 (gen-5 models)
iMaxAEXStYyd6 (gen-6 models)
In that case I'll be extra careful to not Google those hashes in a day or two.
I know it's only Tuesday, but @gazthejourno for FotW.
Tbh, it's not the premature shutdown on a galaxy note that would worry me about their batteries.
Going for a walk alone in the wrong part of town is going to result in a mugging or worse. Leaving your iPad on the back seat of your car in some poorly lit car park is going to result in a smashed window and no more iPad.
None of this excuses or reinforces the behaviour of the perpetrators. It's simply a recognition that there are injustices in this world. We can chew gum and walk here.
> IoT security camera vendor ...
> A new firmware is due to be released within the next couple of weeks
Clearly a real IoT product would never release updated firmware to fix things
Well that pretty much describes windows update. Here's a font vulnerability fix that breaks outlook.
Seriously though, it is the responsibility of the original developer to create sufficient test case coverage that my fix gets rejected by the build server. Apart from the most egregious introduced bugs, if someone breaks functionality that I wrote, I ask myself:
* Did I adequately name the variable/parameter/method/field/const/enum/class/whatever?
* Did I include a comment where what is being done is obvious but why it's done less so?
* Did it structure my code with single responsibility principles?
If the answer to those is no then I tend to blame myself.
It happens with software all the time, where by the time a specific bug bubbles up through onto a sprint, it has been coincidentally neutered by another fix or improvement. It can also happen when a developer working on an unrelated ticket stumbles upon the initial problem and fixes it at the same time, legitimately believing that it had never been reported. Obviously not saying that this is definitely what happened here, but let's not feign surprise about something that would happen in a product as big as windows at least daily has indeed happened.
> But the publisher can tell if ads are being loaded or not
To do this they need to wait for the ad content to download and render before delivering the content. With video or animations that is impossible. Even for simple images or text you would be adding substantial lag to your page display time for the 80%ish users who aren't using them.
There are other possible measures. Many moons ago I had to deliver a "way too complex for html of the day" report over the web which ended up being a dynamic png rendered on the server side. These days you could do it with html5 and angular. It was an absolute usability nightmare. You could get dynamic screen sizes to be taken into account and image map out hyperlinks but it was non trivial. It also made it inaccessible to screen readers.
I'd like to think that websites would not screw up everyone's experience to spite the relatively small proportion of users who bypass their ads. Then again, we are already stuck with animations that interfere with content, fake download buttons, etc all apparently in the name of supporting websites so yeah.
Not quite. When you ask for x, you get exactly x. This x contains URIs for other resources such as images, videos, scripts, stylesheets and frames. Your browser then requests those resources and renders them. The ad blockers work by choosing to not download some of those resources and/or adjusting the stylesheet so those resources are not visible.
> This IP had a TCP connection to that IP and this amount of data went in one way and another amount in the other direction.
You have possibly just made the first really good argument to switch all comms to IP6...
A blackhat could have mined bitcoin with every new instance of red hat on Azure, pushing a custom version of ps that hides the process and a custom version of ls that masks the version details of ps. Setting up a 24 hour "do nothing" on first start would make this really hard to detect as would throttling the computations to say 25% of the CPU in a low priority process.
3500 is a joke given that risk.
I'm just glad that all the products and services that I use have proper cryptographic protection on their auth tokens and so can't possibly be vulnerable to such MitM attacks.
I LOVE BOOGERS!
1. IBM don't want to get excluded from circa $500,000,000 pa in contacts. $30,000,000 (and it's less) is a pretty good investment on those numbers.
2. The government can't afford the focus to fixate on their failure to appoint someone to that position for the better part of a year and to accidentally forget it in a reshuffle, and then replacing the minister in charge mere weeks before. They can't even stop their coalition partners from freelancing, they need this off the front page.
3. The ABS needs this to disappear too. They have screwed up numerous indexes over the past few years because of poorly planned methodology changes. Their hubris on privacy was exposed for what it is. Everyone I spoke to on it scratched their heads about how the maximum anticipated load could be so low. It defied common sense. Everyone I have spoken to who I would describe as technically literate were puzzled by the suggestion that ddos can be prevented with geo blocking (even if done well). Let alone the inevitable truth stretching that happens when people are forced to identify themselves. The data will be forever tainted by larger than typical "typos". But hey, at least linkage keys right?
So this settlement is a win win win for IBM, the government and the ABS. Just a shame for the rest of us who hoped that it might be useful for policy development.
> and you get redirected to the page where you can purchase more
Which absolutely shouldn't be possible if security is done right. You can't serve a 302 when MitM a HTTPS connection unless you can convince my browser to trust the certificate you sign the page with. And with HSTS you can't even get my browser to talk HTTP even if you type it into the address bar if the server is known to support HTTPS. (Try to visit Google over HTTP)
And if you use a VPN, your ISP has exactly zero ability even for this sort of farting around. Send an SMS or email. Hardly rocket science.
> loan made on cost grounds, not due to concerns about the business model
Colour me shocked. How convenient. The question isn't about whether someone somewhere would lend them the money at 15%pa or whatever. The question is why the market would put a large premium on those loans. Hint: the project has suffered from the Not Invented Here syndrome with stupid meddling just so there was a way to throw a waste and mismanagement angle at the political foes. Whilst the original plan was hardly perfect, it at least would have left us with a cheap to maintain cheap to upgrade natural monopoly that unlike the mistakes made when privatising Telstra did not result in a vertically integrated entity with a self interest in making their competitors' network access difficult. When something is perceived to have higher risk, the interest rate must be higher to attract capital. It's the same reason that payday loans have ridiculous interest rates and government bonds have low interest rates.
That is brilliant AC. Thanks
Device initiates. If you want your device to be untrackable*, you need to switch off WiFi. I think there are some ways to randomise the MAC address periodically to reduce the problem but you can bet lots of places do this.
*By WiFi traffic analysis I mean. It's still going to be broadcasting on its 4G frequency.
Yes it's you. The problem with the suggested backdoored encryption is one of mathematics. The person between Bob and Alice is an adversary. There is no value judgement on the adversary. Perhaps Bob and Alice are evil and the adversary is benevolent. The crux is that you can't make it easy for the good adversary without making it easy for the bad one. The best you could hope for is some sort of golden key, so then we turn to how we keep that protected. Given the US was unable to prevent early nuclear research finding its way into Soviet hands, what makes you remotely imagine that such a sweet honeypot would not be leaked. Those 20 million OPM records could easily be used to blackmail for access.
But let's just leave all those challenges aside for the moment and pretend there can exist a solution if we "try harder". Why would any terrorist use encryption that they know to be broken when they have the mathematically secure algorithms already in existence. You are throwing out the baby with the bathwater except not even managing to throw out the bathwater you wanted to dispose of.
> I think you will find that software being written outside the USA is only a theoretical possibility
Totally agree, especially encryption technology like that designed by those two American and definitely not Belgian men Vincent Rijmen and Joan Daemen.
Perhaps I can see a way through this impasse. Apple should be made to provide a TLA friendly encryption mechanism which terrorists should be mandated to use, leaving secure encryption for those who aren't terrorists. Win win!
> Shadow copies / snapshots. Why are they not enabled by default on all computers, and why are they deletable? Literally just set every machine to fill up its disk with "backups" and only remove them when there's no space left
Enabled by default yes, but it hardly solves the ransomware problem. If the ransomware sees 250GB free, it just has to overwrite the files enough times that the oldest shadow copy must be from after the infection. As the files are encrypted, there is very little potential for deduping compared with more typical shadow copy use cases.
> Telling users not to click on phishing links
Surely that's phushing lunks
/ah, my coat. Thanks.
Eadon has been approached for comment.
It's also a fundamental misunderstanding of where the said energy is coming from. It does not produce energy. It consumes some of the energy that would normally be returned to the walker. This should make walking more difficult (in the same way that walking through dry sand is more difficult than walking along the wet sand at the shoreline). If walking isn't noticeably more difficult then the power extracted is pretty laughable. Basically you are using the human body as a power generator. Putting aside for the minute that some of us really should be expending a few more KJ or moderating our intake, the efficiency question becomes about how efficient a human is at generating that energy and whether it would be more environmentally friendly to burn coal (almost certainly).
There may well be some applications where you don't need much energy, where running power specifically is a PITA where this may work (eg doorbell or keyfob that gets just enough energy from the button press to broadcast its signal) but it isn't chances are against watch batteries not coal, gas, nuke, solar, wind, hydro.
> Either way the payload is unreadable whether the payload is in the email body or on an attachment.
I disagree. I guess it depends though if you recognise that metadata is in and of itself also data. And that social graphs can be drawn from those headers. And that goes to the heart of freedom of association. We don't use email for its security capabilities. We use it because of inertia and because distributed key sharing without a trusted intermediary is a dam hard problem to solve.
Of course electricity naturally flows downhill. Geez people. I thought it was obvious how the high voltage lines were really high up, local street distribution tends to be about 10m up and within homes most power points are waist height or even lower down near ankle height. Why do you think it costs so much to move electricity supplies underground?
I mean, one doesn't simply ban internet memes.
... how quick the ink dries after being quickly sprayed on all 6 sides.
Do I win?
> Earlier this year, The Register reported strong industry opposition to the laws.
I'm sure they would have been consulted* about the changes
*As defined in the abridged dictionary of Brandis...
The two statements that concern me about this research are:
1. Signal employs a novel and unstudied design, involving over ten different types of keys and a complex update process which leads to various chains of related keys
Novelty is not a positive feature. It doesn't necessarily mean it's negative (all designs were at some point in human history considered novel in this sense) but anything that makes it harder to study is just security through obscurity. In the same way obscurity doesn't mean insecure, but the obscurity may mask some actual flaws from the whitehats/design reviewers so the security ends up compromised.
That leads to
2. the protocol is not substantially documented beyond its source code
Given the supposed advantage of the novel design, the design itself should be will documented at a high level so that inherent design flaws can be effectively studied. Not the implementation itself (through implementation bugs also need to be checked) but the interaction between the parties with data/keys/RNG etc for inherent attack vectors.
Crowdsourced rating of domains for trustworthiness and child safety. It's a pity. As per others I have recommended it in the past for my less technically adept friends and family. It gives a traffic light style indicator next to Google results etc so you don't have to deal with the otherwise inevitable "I downloaded the latest version of Photoshop from myfreeverygoodsoftwarebestfree.cn (it had a padlock icon) and now my computer is slow". Uninstalling now, sigh...
> coming up with a suitably deterrent punishment. Like publicly skinning them alive one square centimetre at a time over the course of a week or two.
Now now. I'm not a fan of Hillary or Trump either but I think I have to draw the line at a day or two.
I remember this when I was looking after about 30 win 9x boxes for a school keeping them breathing. A little esmith (now smeserver) would make the 64K connection tolerable.
The downside of http is that MitM attacks are trivial and that's not exactly comforting when your applying security patches delivered over such an insecure channel.
This patch segment changes the gwx close button so it accepts the win10 upgrade.
This patch segment ignores your previously hidden update.
This patch segment adds another t registry key you need to set if you don't want gwx to update.
Only buy genuine HP phone mast printer accessories! They updated the firmware a few months back and now if the printer detects a non genuine phone mast it will refuse to work.
Why does the phone trust the base station? Naïve me thought thinking my phone might expect some sort of certificate gets checked before it connects and can emulate a network I connect to.
When you burn a CD you get to choose whether to support multiple sessions on the disc to allow subsequent changes or whether to burn as a single finalised session for compatibility.
Very good compression with ultra low CPU overhead algorithms exist. The only reason I can see for wanting to avoid it would be for more efficient deduping.
Let's not confuse algorithm and file format. The language used seems very loose to me. The algorithms are simply the methodology taken to transform one byte stream to another. It stands to reason that different architectures will be better at some algorithms than others because of the various sizes of caches and buses involved. Some lend themselves to larger dictionaries and better parallelism than others. There's no reason other than priorities as to why they haven't switched to something more suited to x86 in newer versions.
I lower my hat to you.
Why do people buy cars without autonomous braking systems?
El Reg via Twitter via Engadget via popular mechanics via gizmido via wired via NASA
Troy did a blog post on it. Apparently some guy for reasons unexplained was connecting to random IP addresses on port 80 to find those with directory browsing which exposed database backup files and helped him(presumably)self to it. He then shared it with Troy who worked with AUSCERT to get it dealt with quickly.
Troy's argument was that since the organisation committed to actively contact those affected, since he had not shared it with anyone*1 and that the mystery guy promised he had not shared it with anyone else and promised to delete all copies he had personally*2, there were no further known copies of that data in the wild.
Now unless the mystery guy was some "friend of a friend", I'd be a bit doubtful that all copies were wiped securely. I would have preferred he treat it as a sensitive breach (even if he withheld notifications for a few weeks to let RC notify through official channels everyone they can still locate) but hey, his bat and ball, his rules.
*1 - I have completed confidence of that being true personally
*2 - I am somewhat less confident in that assurance.
The point is valid but this paper makes a bit of a time jump. We are not going to swap over from meat bags to microchips overnight. Cars will automate more functions over time. Cruise control became adaptive cruise control became autopilot. Reversing sensors became reversing cameras became surround cameras and self parking. In the medium term, even self driving capable cars will allow meat bag control, so the pedestrian has to risk the fact that the car may not be under AI control.
In reality, many cars today come with autonomous braking systems that could equally be pranked by chicken players. In another few years, that'll be every car from energy level up (probably will become part of the highway codes)
I'm a bit more optimistic than the paper anyhow.
And kudos to slurp for not trying any 90 day crap in spite of the fact that either iOS becoming unstable due to a rushed fix or remaining knowingly insecure would both commercially benefit them.