Re: Stuck on old Android
I'm completely sure Google will have patched this 90 days after it was reported.
827 posts • joined 7 May 2012
I'm completely sure Google will have patched this 90 days after it was reported.
>FREAK (Factoring RSA Export Keys)
I'm just glad that we have a proper acronym for this vulnerability.
I would have thought so. Unless there is some suggestion of misrepresentation of the state of affairs when funding was sought or the funding was used improperly, that's just a risk of business.
Perhaps the bit about going back to the drawing board was improper or perhaps this isn't the whole story.
All that said, the investors retain the right to be pissed about the situation.
There's a few more you have to know.
Apple was contacted but had not responded at time of publication should be added as a boot note to all fruity news.
All references to Google need to be translated as the chocolate factory.
It's not uncommon for an employer to hold next of kin contact details.
Absolutely shocking legislation, with exclusions big enough to drive a bus through and absolutely laughable 'protections'.
The GDR would be proud.
There are lots of banks. There are even more providers for whom you are arguing should be blacklisted.
So who maintains the list? That list will get big for an enterprise running in 50 countries.
Much easier to just tell people it is not permitted and may be monitored. If you know the risk and do it anyway, that is your fault.
Their tools their rules.
If I want to create my own fake root cert and install it on my own box and inform anyone who uses my box that i can record any traffic going to the web, that is my prerogative.
I don't see any difference between me doing it for personal reasons and a company doing it for security reasons.
If you want to use a personal service, use hardware you own, not mine.
Discuss the success of air gap defences in mitigating attacks on the centrifuge facilities in Iran.
Meh. It all tastes like chicken to me.
If you find one, and it's not fixed in 90 days, can you also sell it to someone else?
Why does samba need root?
It failed to check that an alternate browser was available.
Don't be so harsh. People reset their computers back to factory image* from time to time.
* that is the only way these things get installed right @
Something like DEATHNEEDLE and I would be all on it. PRSSI just sounds like one of the cards on your motherboard.
Also, it is just a stupid statement full stop. As we become capable of squeezing more pixels into an LED display, matching those additional pixels with more from the source rather than an upscale is at best an evolution rather than a revolution.
I mean if you want tangible improvements, look at increasing the effective frame rates of the broadcast.
My customers trust me with their data. In turn I do my bit to keep their data private in the event of a theft.
The data itself is worth orders of magnitude more than the hardware it sits upon BTW.
I hope he gave them 90 days....
Or, you know. Fire up curl and send random crap in the right structure.
The binary blob is likely to be one of the standard formats.
Well I, for one, am definitely attracted* to these types of cable!
* with a force proportional to the product of our masses and inversely proportional to the square of the distance between us.
> to legal counsel
They will clearly need a crack defence team to argue their case for going 'round corners. I can't imagine a better place to source such counsel.
That is quite a lot of him. Of they were all carrying a DVD it would leave gfast for dead.
Easy, there's a USB port in the dash. Open the door, plug it in and it will start to draw power. This should provide enough charge to fire up the phone. You can then launch the app, open the door, plug it in and it will start to draw power. This should provide enough charge to fire up the phone. You can then launch the app, open the door........ Stack overflow
What's the El Reg stance on https?
Problem is that they are mostly Queenslanders so it is a bit hard to tell.
Half term Tony trying desperately to get anything else on the front page.
Any backup must be considered as of unknown success until you have successfully restored it to another machine.
If you go 6 months without noticing your backups don't restore with the encryption keys you hold, your problems are deeper than ftp passwords.
A good point. This sort of authentication is not designed to be a primary authentication because you really couldn't tell whether to let them use the computer until after a length of time. Generally speaking, you want someone to authenticate before they start using it, so I see this more like a mechanism to protect workstations where the user has wandered off without locking it. As a secondary measure, it would most likely be quite forgiving to minimise the false positive rates, or could work with tertiary measures like activating the webcam for facial recognition when it has a doubt.
The point about the arc refers to the fact that it is very difficult to move your mouse in an absolutely straight fashion due to how people usually hold their mouse. The size of that arc would depend on a number of factors, such as how you grip the mouse, your usual posture and what part of your wrist is still in contact with the desk, the size of your hands etc. Also, the basic direction you move would influence the extremeness of the arc (which would go back to whether you hold it square on or at an angle).
As a result, (in answer to your question) a relatively simple calculation could create a believable profile for pressing minimise or close. The end point and clicks would be chosen by the attacker, but the mouse movements would not raise any alarms because they emulate the speed and direction such a user is likely to take. The easiest attack vector I can think of is to send some exec a "free mouse" and embed the attack code within it.
Wouldn't this be fooled by recording of mouse movements. I can imagine the following data points without specialist mouse hardware.
* the rate of acceleration and deceleration as you move from the original cursor point to the target.
* the angle of the arc of movement between the two points.
* the delay between movement ceasing and clicking
* double click profile (time between each click and how still you can keep the mouse)
OK, so plug those into some algorithm and give a score as to how likely it is the same user.
Now do all that again and imagine some malware software is recording your mouse movement profile (could even be embedded in a freebee mouse). A vnc style piece of software could after not too much time now allow you to perform an action but instead emulate the recorded profile in those actions.
Not as trivial as a rainbow table, but if these techniques take off you can bet such tools will become available.
The creators of the transaction are not only the customer. Equally without the vendor, no such information would exist. The vendor will provide a receipt if you want your own record of the transaction.
More interesting, unless you opt out, Google will track your location via your android smartphone through location history. They would be in an amazing position to track the movements of customers over time through various businesses. If they play those cards right, they could well and truly beat the financial markets at their own games.
>I think even a tiny electric car might take a few days to charge at 3W
But on the bright side, at least it could use a standard USB charger.
Just because they provide updates doesn't mean you should install them. Some of the older models that scrape onto the list of compatible devices work so slow you will soon need an upgrade.
>The nature of a circle means that adding 1cm to a 2m turbine blade increases the catchable wind by almost half (4.52sq m compared to 3.14), while removing 1cm reduces the harvested wind by half a square metre
Not the circles I am picturing...
So firing up fiddler and, um "doing research for your story" eh?
Plus the assumption that you run a data centre but would have to call a guy in to replace the drive?
The problem isn't so much the browser (or they would just update it in Google play or advise you to use another browser). The problem is that the WebKit rendering engine is used by apps to integrate web content into a regular app. Most commonly, this is how the ad supported apps show those ads, but there are also things like phonegap which lets you wrap an html5 website and deploy it to the various app stores in what appears to the user to be a regular app on their platform.
We are in a state where a dodgy advertisement on a free game is a relatively easy attack vector but Google won't fix it.
Not good enough Google!
(Posted from my Nexus 5 running lollipop)
Came in here to find this comment. Was not disappointed.
You have to keep an eye on the drop bear with a selfie stick. That never ends well.
>That said, 8EiB is about a couple orders of magnitude or so higher than even today's high-end RAM usage.
And the fart of a flea is also a couple of orders of magnitude quieter than a jumbo jet at take off.
The 64 bit address space is really big .
The Titan supercomputer at oak ridge is the current largest by RAM. If you decided that you needed you needed a million times more RAM to play the latest version of Crysis, you are still an order of magnitude from running out.
>Because 64 bit software support is only going to last so long.
May I make a bold prediction;
16EiB ought to be enough for anybody.
Not all android is Java.
Mostly to get you first world (or as close as available nearby) hospital cover if you fall ill or get injured abroad. Some injuries have long recovery times and prevent you travelling home on your cattle class tickets.
Shirley they could have used more understandable units of measure. I mean we all know that hair driers need a lot of energy  so saying that could mean anything.
Why not just state the number in terms of how it compares to the power used by a London bus to drive one beard second.
I just learnt something today from a cat on the internet.
Seems a good candidate for Total Inability To Support Usual Performance...
I, for one, welcome our new <noun> <adverb> overlords.
Already happening I'm afraid. Some well known technical news sites based in the UK don't even use https in their comments section.