Re: Was it really a 'hack' though, John?
I guess that answers the "Hacking Team" item, but...
136 posts • joined 10 Nov 2012
I guess that answers the "Hacking Team" item, but...
Now, turn it into news and give the first two characters of the password, and see what AM has to say. They can always change it. Suppose they have cast-iron protocols for just such emergency requests. But suppose they gave you a fake password and waited for your logon attempt. Or suppose they gave you a real password to a bait-data server.
Or suppose you just made the whole thing up?
The company is asserting it was an inside job by some sort of contract worker, however. If it involved privileges and passwords conferred, it wasn't a hack, but more of espionage. Depending on Canadian law, there may be no basis for prosecution. If AM/ALM didn't sew up the contract's non-disclosure wording tightly, there may even be no civil basis against the whistleblower/leaker.
And if AM can argue that 'delete' neither meant nor implied a 7-pass overwrite destruction, but simply the same thing as where you trash a file and empty the can (recoverable), a suit could likewise fail.
If, as AM is implying, this was an inside job by some kind of contract worker, and the data acquisition was possible by privileges and passwords, then it is not a hack. Depending on the non-disclosure wording and Canadian law it could even conceivably not be subject to espionage prosecution.
It worked for Blackphone, which built on a modified Android base, with the backdoors stripped, and with a thoroughly vetted apps ecosystem. It's larger ecosystem, Silent Circle, won a significant award in a survey of secure systems and even surpassed Blackberry. Blackphone has never been successfully hacked in a real-world exploit demonstration, only by a blackout user who had to physically work with the phone: his OWN phone. And that 'vulnerability' was patched in short order.
In brief, Android is inherently capable of the security already offered by BB. The trick is to get app-makers to comply with some rather stringent permissions requirements.
The body of the text could hardly be a more recondite defence of the thesis. So: Why does Blackberry on Android make perfect sense?
Because, although the lesser of two evils is still evil, it is still lesser. Why should someone buy cut-rate Prozac from alibaba?
I make it easi(er) on myself. I don't buy Chinese computer/mobe products. The government there whines about how messed up the place is with rampant, non-state, hacking, and if the Red Army or the politburo isn't quietly mandating backdoors in firmware, they will get them in anyway (why should the NSA have all the fun?), and in this case Lenovo is showing a pretty clear evidence of security ignorance in getting non-domestic crapware—Israeli is this instance—on your machine in the first place, and dishonesty in lying about how long ago it was getting installed.
This doesn't guarantee security on a Mac, or even on a Blackphone. It gets me a bit closer.
The article is ambiguous on this point. Eg:
"The rest all came from coders working on behalf of companies large and small. "
working on Linux on behalf of companies...?
working for companies and working on Linux...?
Apparently Tim Cook had never before been confronted with the phenomenon of Apple execs actually being able to stand up unaided before a certain time. And these guys want to build a CAR?
You've drunk the BB Cool-aid, I get it.
A careful parsing of Chen's statement shows a growing future for QNX, but not on mobile. He can't say at the moment they will slowly let BB10 die. The base would simply melt away: "If the future is Android, and BB10 will just hang on for a while like an appendix, for legacy apps, why bother? just get an HTC or Samsung and be done with it."
The "Don't be Evil" company is going into the replacement of the human race. Why don't they just make nuclear weapons and sell them N. Korea?
... tit-for-tat counter-accusation CIA, oops, I mean 'FireEye'. What a coincidence that this claim comes shortly after the Snowden material on U.S. spook-staff flooding the embassy in Canada on the G-20 summit there.
One downvote already. Did I upset the NSA? keylog vendors?
"Who tells the truth is driven from 9 villages" --Turkish proverb.
What does encryption matter if both govs and crims can get access new passwords more securely than you can write them down?
Secured input services should be built down in the OS kernels (and even chip-maker microcode) of all major vendors so deeply that unless the user sets an option, it would be impossible for keyloggers to work at all, even commercial ones installed by the users themselves.
One major hack just in the news appears to have depended on keylogging. Change your password with all the best salting and length in the world and the hackers have it.
...to match their increasingly crappy search engine. You have to put quotes everywhere, even quotes won't work, garbage returned that doesn't have ANY of your terms, cache that no longer shows coloured terms (Bing, bless their incompetent souls still has ONE thing right, however trivial), horrible youTube changes...
Did I mention the search engine is crappy? Well, what do you expect from glorified internet PR flaks? Search? wtf is that?
As ice is removed from Greenland, the viscous asthenosphere beneath rebounds upward, with compensatory replacement from peripheral oceanic upper mantle, lowering the seafloor. Crustal rebound of up to ~ 1.0 cm/year has been measured in post-glaciation areas of north-eastern Canada.
Connect the dots, Professor Gore.
With my Google news page science/technology already glutted with climate-change porn and more and more thermocalyptic drivel, it's depressing to see highly qualified scientists and researchers making such patently poor use of adjectives for something so fundamental as a COMPUTED imaging of the early galaxy.
'direct', my arze.
'First DIRECT image of a neutrino!'
'First DIRECT image of a T. Rex!'
Encryption would prang the hidden watermark. And, as someone has said, evolving code would bypass filters: eg. cool David Cameron.
I find an unexplained absurdity in some older Google 'Books': stuff that's been out of print for 200 years that is only allowed snippet views, and sometimes nothing at all, just the fact that it's there.
It is my suspicion that every time one of these books is quoted by a modern author and a citation given, Google stores the quote as though it were the modern author's writing and refuses any further data from the thus cross-indexed original as well.
"Today we announce a new era for the Mac, because today we're announcing that Mavericks is free," he said. "Free is good."
Bring back Hypercard. Updated, bundled, and free.
With all the constant 'security' and other updates Adobe pesters me for free Reader, it's not shock to me. Since Reader is the only point for their existence for the vast majority of people (I use Gimp for example), why don't they just abandon all their other junk, and do ONE job right?
Google, why can't you find me all pages explaining why a search query with all of a small number of keywords and phrases won't give me exactly what I want and only what I want and not force me to put every cotton pickin' keyword in quotes?
Is that more complex enough for ya?
Yes, I've noticed that. I'm surprised only one person has commented here so far, and I wonder if the author actually uses youTube.
I knew it would be hacked eventually, but only practical by commercial/government clients against high-value targets.
I can't believe it happened this soon and this easily.
Will wait out the next few days for official confirmation. If so, they have bricked a major Apple next-big-thing system almost as soon as it's released, which has never happened in history.
With 50-100 experts, one or several of them may be near-native English speakers with a lot of social and net-savvy jargon providing a false front appearance.
Even the small, informal lulzSec had Jake Davis doing a lot of the 'talking' (although there was no intention of linguistic misdirection), and lacing the content with Briticisms, but the core leader was American Sabu.
You lack faith.
Charity, technology, and capitalism—the Three Virtues—join hands in the dance of life.
The heavens open, the angels sing; Zuckerberg, Google, et al. find ways to monetize poverty.
They must be rescued from activities that might endanger themselves. When they are all looking at FB ads and nowhere else, they can do no harm...
As soon as Samsung's eye-tracking arrived, I widely posted a basic algorithm that goes even further than that:
forced tracking of ads:
If eye(x,y)<>adCenter(x,y), then eye(x,y)=adCenter(x,y)
So, they will charge a premium for advertisers who want to insure users ARE looking at their ads.
Maybe the Luddites had a point...
I appreciate all that, but I assumed Power was simply filling in a humble role where it could no longer have the market-forces to evolve into leading edge computing functions. Apple dropped the chip because they simply felt it had run out of gas, and that was years ago. I was disappointed of course.
601? I thought that architecture was dying a slow death inside embedded systems, such as solar-powered climate-controlled coffins.
Plastic and human wrongs, oh my, Mr. Cook.
How will you explain this to the coffee and cheesecake at Starbucks, yoga-mat tree-hugger higher income crowd?
Lenovo, et al. don't infer they are saving the poor, eliminating blood-diamonds, and stopping the nefarious big-oil plot of global warming. Apple does all those things, and more.
But...plastic? Your base will be terribly upset.
Apple's sleek, sculpted, cool social progressive form-factor sits only too well with the coffee and cheesecake at Starbucks, yoga-mat tree-hugger higher income crowd.
Lenovo, et al. don't infer they are saving the poor, eliminating blood-diamonds, and stopping the nefarious big-oil plot of global warming.
It's software and hardware reviewers fault that misperception continues.
When's the last time they did an in-depth look at the landfill of complaints over the past 20 years about Apple stuff on Apple's own tech-help and 3rd party help websites?
Because an issue is restricted to <1% of users, it doesn't reach any threshold of action or discussion. But there are literally thousands of such issues that never do get resolved. I know this, having used Apple computers almost exclusively for almost 25 years.
China seems to take the same Keith Alexander, NSA approach to data. The whole haystack, vacuum-cleaner approach. See what neat stuff falls out of the bag.
And no, there are more there than fart apps.
"...customer information is securely encrypted."
[I feel so much better now.]
China has the world's fastest supercomputer.
I'm not starting an account with a site that still cannot spell its own name.
...James Clapper. Yes, folks your favorite perjurer, and inheritor of J. Edgar Hoover's coveted bra, will make life all that easier for the NSA as they spy on the taxpayers and other terrorists who think they can push America around.
It's a bit hard to enlighten when an article uses a suspect pollster:
"Is it worth it to point out yougov's political affiliations - for instance to the Murdoch press, and its directors who are conservative supporters? Wikidea 15:08, 9 April 2010 (UTC)" --Talk Page, YouGov, Wikipedia.
The main page transparently promotes youGov's supposed 'accuracy' by selecting those predictions that are...accurate. Of course, it works for psychics, why not pollsters?
"Is it worth it to point out yougov's political affiliations - for instance to the Murdoch press, and its directors who are conservative supporters? Wikidea 15:08, 9 April 2010 (UTC)" --Talk Page, Wikipedia.
The main page transparently promotes youGov's supposed 'accuracy' by selecting only those predictions that are...accurate. Of course, it works for psychics, why not pollsters?
Why would this get a thumbs-down? Is Google shill-voting on El Reg?
A magazine isn't a search engine. In fact magazines are pages of ads interspersed with content to glue the ads together. A search returns related-content ads that are often unique to that search. If you read the same magazines the ads appear over and over again, with only minor variations. They are easily visually filtered; nobody has to read the fine print.
Again on this Register page there are two items of ad-drivel that have nothing to do with this story or the comment section. I filter them out automatically.
... for example their 404, busted robot, error message: "That's an error."
But Ads? Hey Sergey, how 'bout:
"These are people who want to sell you something. That's all we know:"
This story doesn't need a punch-line.
Thumbs-down hardly critique the flaws, if any. If speed is what's really called for by the experts, mass-drivers are the way to go.
I think the eventual solution will have to be mass-drivers built and stationed on the moon (using mostly moon materials). Craft will accelerated to ~20 miles/sec over 30-40 mile track and sent ballistically, with mid-course corrections by nuclear propellants, to the planets. This will reduce time and allow for more robust shielding. G-forces for humans would be mitigated by almost complete immersion in neutral buoyancy tanks.
Energy for launch would be nuclear or solar.
Yes, security companies vector through a top University to target NYT reporters who happen to be exposing a Chinese Premier's billionaire relative clan. And hacking into free Tibet interests. That's Mandiant, alright.