That button was still there on the original iMac USB keyboard.
As for shutting down (or going to sleep), pressing Ctrl-Eject on modern keyboards will still do the trick.
299 posts • joined 9 Nov 2007
That button was still there on the original iMac USB keyboard.
As for shutting down (or going to sleep), pressing Ctrl-Eject on modern keyboards will still do the trick.
"he didn't say he was responsible for it, and to be honest I don't think he gives a flying monkey about it."
Sure, his company was not responsible for the choice of Ctrl-Alt-Del to reboot the machine.
But who exactly was responsible for "Press Ctrl-Alt-Del to log in" on various Windows versions? Was that brilliant idea also the fault of IBM engineers, or did someone at MS have a clown for breakfast?
The greatest achievements, and the greatest fails, in computer history begin with someone saying "Hey, I have a hilarious idea..."
Right. The Macintosh "Developer Button" was an add-on "button" you could purchase from Apple if you were an ADC member; actually it was just a set of two clip-on actuators that would push the already present "Reset" and "Interrupt" buttons on the main logic board.
At the retailer I worked during that time, we used to make fun of it and offer our customers a "Mac Eject" - a straightened paper clip to push into the hole by the floppy drive to trigger the manual eject.
Possible causes for sudden loss of lift:
- Battery malfunction
- Short circuit
- Software bug
- Loss of rotor*
- Operator error*
* Some, but not all, UAV can sustain flight with three of four rotors, and most prevent sudden downward acceleration - but not all.
100% agree. "...that is not user information... (simply because we wrote in our TOS that all your base are belong to us)..."
Despite insisting it was unaware such data was available and thus went unexploited, AccuWeather said it would remove the Reveal Mobile SDK from its iOS app until it takes privacy seriously.
Let me help you with that. By just uninstalling your spyware.
AccuWeather is close to useless anyway, as the data st displays is often directly contradicting the data on their own website for that very same location. But then again, it looks like they are not really in the weather forecast business...
Looks like Sonos already did:
"If you choose not to provide the functional data, you won't be able to receive software updates," the Sonos spokesperson explained. "It's not like if you don't accept it, we'd be shutting down your device or intentionally bricking it."
I just hope that all of these companies that do this kind of blackmail will crash hard, economically. Otherwise this will become the new normal.
This is ridiculous. Remotely disabling a product you have bought? Blackmailing users into installing "upgrades"? They must have a very confident (or very incompetent) legal department.
Calling this a "top-down approach" is not even near the truth. That is blackmailing, and I'm pretty sure that this is also infringing on several hacking laws. After all they're messing with computer systems that they don't own.
Absurd to think that people are still buying from them.
What happened to the
dude hacker terrorist who discovered that fiddling with the URL allowed access to other people's data? Surely they must have thrown him into jail for this nefarious use of the URL bar illegal high-tech hacking tools?
“I had my iPhone turn on remotely and start transcribing my conversations and texting them out,” Dewey said. “This was quite obvious, and didn’t require any interaction on my part.”
Sure, it's not totally impossible that this was happening, just very very unlikely. Applying a bit of Occam's Razor here leaves me with a much more likely explanation: That Siri was triggered accidentally (had that many times on anything that sounded roughl like "Hey Siri"). If it then thinks to understand "Send Text" or similar, it will happily start transcribing what you're saying int a text message.
As for another phone draining the battery despite being in airplane mode - there are many possible battery hogs, including dumb apps that don't recognize that they have no network and endlessly try to connect somewhere.
IMSI catcher, yes, I believe that. Airborne ones, even, and that would be a pretty badass example of mass privacy violation (though it might be legal in the U.S., I don't know.) But I have trouble believing that the hardcore spook agencies were field-testing their most powerful tools there for world+dog to observe.
From the Goop page:
"P.S. Leaving them on for the prescribed three-day period left a few goop staffers with marks on their skin, so be careful to stick them somewhere concealable if you’ve got an event coming up."
Maybe the "frequency" was somehow wrong.
The numbers are probably skewed as they only consider reported incidents.
I assume that the percentage of breaches that are being reported is very high in the health industry - as they should be.
And I also suspect that the reporting threshold is lower there because of the sensitivity of data. Emailing a diagnosis to the wrong patient is a bummer; but if, say, a web hoster emails the contact details of a domain to the wrong customer, I doubt that they would run to the ICO.
The study would be much more interesting if it contained original research, ie. asking companies (anonymously) for all breaches, reported or not. I bet the numbers would be a lot different then.
From their marketing blurb:
"Enjoy Peace of Mind – When your identity management system is secure and reliable, everyone in the enterprise enjoys peace of mind. OneLogin truly values transparency and building trust [...]"
From their TOS:
"ONELOGIN DOES NOT WARRANT THAT THE SERVICE IS ERROR-FREE OR THAT OPERATION OF THE SERVICE WILL BE SECURE OR UNINTERRUPTED.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL ONELOGIN, ITS AFFILIATES, [...] BE LIABLE FOR (A) ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR BUSINESS OR OTHER INTANGIBLE LOSSES, [...] UNDER NO CIRCUMSTANCES WILL ONELOGIN BE RESPONSIBLE FOR ANY DAMAGE, LOSS OR INJURY RESULTING FROM HACKING, TAMPERING OR OTHER UNAUTHORIZED ACCESS OR USE OF THE SERVICE OR YOUR ACCOUNT OR THE INFORMATION OR CONTENT CONTAINED THEREIN."
Pro tip: Read the Terms of Service before signing up to a service, especially when it's a security-critical one. If their own legal department doesn't trust the service, run. As fast as you can.
"This move seems to mirror the sort of compulsory registration measures that regulators in the EU and the UK are currently mulling over. [...] people are less likely to use their drones for naughtiness if the authorities are looking over their shoulders..."
And the "authorities", in this case, is a Chinese company. And it is only to ensure legal operation, not data slurping, of course.
"Last month DJI quietly geofenced off large chunks of Iraq and Syria in conjunction with a US-led military offensive..."
Yes, please, give me a drone where the manufacturer can add limitations remotely, retroactively and without my consent. Of course that would only happen if I'm a "terrorist."
Obviously not or inconsistently, and EBICS looks like it is only for payments.
No, EBICS is for almost everything banking-related - statements, payments, direct debit,card processing, even investment management. The security model seem sound to me (public/private key signature and encryption, key update mechanism etc.)
What about EBICS? I know that (here in Germany, at least) banks often make it seem like a big deal, but you can get EBICS access at least for every business account; not a big deal to do it for private accounts, too. (The actual implementation is often lousy, but that's another topic.)
I just received an email from the not-too-distant future. I reads:
> It's unclear how widespread the problem is.
Avast has been receiving reports that a very small percentage of our users are affected by a minor issue today.
> Avast's PR reps have acknowledged our requests for comment but are yet to supply a substantive response.
The security of our users and their equipment is very important to us. We're sorry that you can't access the web any more. To fix this problem, please visit our knowledgebase at http://....
We're talking about the overcharging up to 11 years ago. An interest rate of just 3% amounts to roughly 34% over 10 years.
Wel, that's not completely wrong - as long as the FBI can demand (and was confirmed in this by a US judge) the data regardless of where it is, as long as it is accessible from the US (i.e. any data), European data protection laws are just a PR issue and/or the cause of an extra paragraph of text in a National Security Letter.
"Of course opening documents from unknown sources is a security risk."
OK, let me ask a rhetorical question here: Why should opening a document (from whatever source, in whatever format) be a security risk? Isn't it rather that using certain applications is a security risk?
A software vulnerability is, without exception, a software malfunction (a.k.a. bug.) By telling users to be "careful where that document comes from", "not 'open' emails from unknown sources", "not click on links to unknown sites", you're putting the blame for malfunctioning software on the user instead of the creator/publisher/vendor of the software – "we told you to be careful." But that appears to be generally accepted now.
And if anybody wants me to rant a bit more, ask me about why software companies can shed all liability for their software with the inclusion of a single paragraph in their small print.
.. oh, and twittercounter.com is down currently, with the message "Just fine tuning the experience. We should be back shortly."
There must be some heavy "fine tuning" going on :)
It's funny how an app that is supposed to count something requests write (posting) permission on your Twitter account. Even Graham Cluley (well-known security guy), who was caught in this attack as well, did fall for it.
Now if you look at the press site of Twitter Counter, their last post is from November last year. Topic? "We're sorry we were hacked, but we fixed it now."
At least they can copy-and-paste that press release for today.
Today: "... advice to reboot the driver console..."
Tomorrow: "Try installing new drivers for the driver console interface."
Next: "... go to the registry and look for HKEY_LOCAL_VEHICLE, ..."
Then: "... Could not connect to the license server. To make sure you have the Tesla Genuine Advantage, upgrade to the newest Tesla model. [OK] [Cancel]" -- (Clicks "Cancel") -- "Thank you, your order for the 2018 Tesla Model S has been recorded. Decommissioning your current vehicle now..." -- (Shuts down)....
The title says it's 200 Lindisfarne Gospels, but in the article it says 20,600 Adult Badgers or Lindisfarne Gospels, or about 200 Great White Sharks.
Is that due to metric vs. imperial units being used?
... depends. Still better that the "contact the server admin at firstname.lastname@example.org" on their highly-customized error page ;-)
Trust an IT giant like IBM to do it right.
- The SSL cert on banter.com gets flagged as it is for *.ibm.com.
- When you get redirected to ibm.com, you get this priceles cookie disclaimer:
"Some opt-outs may fail due to your browsers cookies settings. If you would like to set opt-out preferences using this tool you must allow third party cookies in your browser settings."
OK, so I must enable third party cookies in order to not get tracked? Stupid me, I always thought it was the other way around.
"Adobe did likewise last week [...] Microsoft's now caught up"
Why the hurry? It's not as if after Adobe's patches every script kiddy knows the vulnerabilities and starts exploiting them. What's one week (or a few million vulnerable machines) in a billion-years old universe... no need to rush.
Well, so they've published this little script that can convert data into HDD access and thus say that it can be used to exfiltrate data. Not exactly rocket science, you could probably do that with 3 lines of C code.
First of all, if you can access the disk in a certain pattern, that doesn't mean that the HDD light will actually reflect that access 1:1 - there's a lot of other stuff going on at any given time, so the actual output you get will contain a lot of noise - most of the time the noise will probably completely cancel out your data.
And then I could probably think about a dozen more ways to do this with more reliability (although they may require a deeper level of access that this example.) They would include: Using the Caps Lock light; subtle changes in screen brightness; or screen gamma; screen steganography (using a row of pixels along one edge of the screen); sound output (very low/high frequencies); diskette drive "music"... you name it.
So - good that somebody is doing this research; but you won't see me rushing to the hardware store for a roll of masking tape anytime soon.
bash: aptget: command not found.
Did you mean 'rm -rf /' (Y/n)?
Oh my. Does it come with a long disclaimer and liablity waiver?
Amended version of their statement...
"Sports Direct filed an incident report with the Information Commissioner's Office because they wanted to cover their butts after it became aware that its workforce's information had been compromised, but as there was no evidence well, at least the intruder didn't give us any that the hacker had made further copies of the data the snatched or shared the data they probably sold it, but didn't share it, the company did not report the breach to its staff."
The usual BS. "Somebody stole that data, and we pretty much know they're using it to f**k the affected people, but we don't have actual evidence of them using it. So no need for action."
... that I understand the issue correctly: The actual problem appears to be that the media player launches IE to access the "information" site instead of using the Tor Browser, and that bypasses Tor and so snitches your IP address, right?
I'm not using Windows, so I have to ask: isn't there a way to prevent IE from launching (or otherwise cripple it)?
I think the most important option is more or less mentioned in the article: Stop spamming users with too many unnecessary and attention-seeking alerts.
A good human interface is a form of art, and it's not just about the color of your window title bars. When the machine has to communicate something to the human, it should be done in the appropriate way. Why is the launch screen of certain Adobe products more prominent than a critical security warning? Why is the overlay alert on certain websites asking me to subscribe to their newsletter bigger and flashier than my software update UI notifying me about a critical security update?
You can make security alerts red, pink, flashing, wobbling and whistling all you want; sooner or later the flashiness of your Sudoku app's "Like us on Facebook!" alert will be just as flashy.
It's not a "standalone unit"...
... because it has to be accessible from the reception (after all, it's them who are programming the key cards) and (for some system types) by every door lock.
And who said it was accesible from the internet? It might just have been infected when somebody from the reception (or office staff, ...) opened a booby-trapped email attachment.
BTW, after reading the referenced article, I'm not even sure that the crims explicitly targeted the keycard system. Disabling that might just have been a "lucky" side effect from encrypting all files, including the keycard database.
And finally, replacing the electronic locks with old-fashioned key locks will cost a fortune and will only solve a tiny part of the problem. Good luck when your reservation system or credit card terminal are hit. That's pretty much of a business showstopper too.
... that it's more likely that ransomware is simply more effective in Germany than in other european countries. You attack people and companies that are most likely to pay up, and when I look at the sorry state of malware protection and backup at many german businesses, it figures.
"And indeed you can, provided it's based on fact and not hearsay or lies."
And so that the surgeon can check whether anything that one person wrote to another in private is true, he should be able to get all private messages the person in question ever wrote (hey, why limit that to Mumsnet? Why not subpoena their email provider too?)
UK libel law is something I don't understand. Now you have to be able to prove everything you write, even in private. Absurd.
I've come to the conclusion a long time ago that if you ask people for directions, the outcome is usually worse than just driving/walking in a random direction. Whether it's trolls, people who have no clue but don't want to admit it, or other reasons, generally the chances of getting correct directions are worse than 50/50.
Really, if my satnav fails for some reason, I just try my luck. Usually works out better.
It's supposed to be a FIPS-level HSM (Hardware Security Module.) May be possible to break these, but probably a lot of effort (and you have to steal one, too, without the owner noticing.)
... has certainly lost contact with reality. From their site:
"Stronger protection for private keys: The best practice will be to use a FIPS 140-2 Level 2 HSM or equivalent. Studies show that code signing attacks are split evenly between issuing to bad publishers and issuing to good publishers that unknowingly allow their keys to be compromised. [...] Therefore, companies must either store keys in hardware they keep on premise hardware, or in a new secure cloud-based code signing cloud-based service."
Aside from the obvious proofreading fail, it says you have to use either a HSM or "a new secure cloud-based code-signing service." Oh, OK then, that probably means that storing the keys in the cloud and let a cloud service sign your code, instead of your local machine, makes it more secure. Figures.
I wonder what "a new, secure [...] service" means, though. Are they planning to offer one themselves? Or does it mean that OS makers (MS, Apple) may offer that service, as long as it is "new" (and, of course, "secure")?
Either I'm totally ignorant to the level of stupidity of mankind, or there's something missing.
"Almost two-thirds (61 per cent) of targeted organisations paid out a ransom as a result..."
I'm sorry, but I can't believe that. Do you want to tell me that if I send an email to a number of (large) businesses telling them that their files are gone, less than half of them bother to actually check before paying out 5-digit sums?
There has to be another element to this type of fraud, some way in which the attackers cause the mark to believe that something actually happened (such as internal knowledge of the organisation or such.)
I know that way too many gullible people live on this planet, but not on that level.
I'm not sure which version is worse: That they don't know whether it's a DDoS or not, or that they don't want to be open about the cause.
The former means that they are absolutely clueless (how hard can it be to tell that you're being flooded with bogus traffic), the latter means that they're dishonest and that the real cause was even more embarassing than simply refusing to answer the questions.
Either one would make me worried if that was my bank.
For a long time, Facebook has tried their best to become a replacement for the World Wide Web, to a point where many businesses worry more about creating a Facebook profile than a website.
And now - surprise - the reports about questionable decisions on blocking or allowing certain content are on the rise. So many people are not aware that Facebook is a profit oriented business which deals with the content its clients generate and which pretty much runs counter to all of the internet's ideas about "openness" and freedom.
Facebook controls substantial parts of the global internet communication, has created its own "sub-web", and behaves pretty much like a totalitarian state: It tracks and spies on its "citizens", has practically no accountability, censors content at will, spreads known-false information, and has a "leader" who lives by a different set of rules. Preaches "sharing is caring"-like statements to justify its snooping while trying to sue his neighbors in Hawaii to vacate their premises so that he has some privacy.
Anybody who does not see the irony - and danger - in this, should read up on recent history, especially about East Germany.
At least stop seeing Facebook as a more convenient alternative to the World Wide Web. It's like thinking life in North Korea must be great since you don't have to worry about unemployment.
I'd rather call it remote access malware - it opens up a backdoor in your OS once it's installed.
The infection vector is not known yet, as far as I understand it.
It could very well be the payload of a standard trojan, I think.
Depends - these types of clocks tend to be right every 2^64 seconds (or whatever their time base is)...
" ... identifies the original makers of the rubidium clocks as the Swiss Cantonal Observatory of Neuchatel, which appears to no longer be a functioning scientific institute."
So they clocked out early?
Actually, they did this: in the test phase, the Galileo system consisted of just a few ground-based stations (placed somewhere in Bavaria IIRC.)
Google for "GALILEO Test and Development Environment".
"At Radbots, Gailey and his team are interested in bridging the gap between chatbots and advertising: slipping ads into conversations when the AI feels it's relevant and least likely to irritate the user."
Oh, so that would be every neverday at 3:15 p.m.?
Are you f***ing serious? "Siri, will it rain tomorrow?" – "Sorry, Frank, I don't know, but did you know that Amazon has a special offer on umbrellas this week?" – "Siri, where can I buy a shotgun or a mallet?"
"The particular virus has never been seen before..." - ahum.
According to whom? The person who couldn't tell ransomware from another kind of malware? (Pro tip: you can tell that it's ransomware if it asks for a ransom.)
The statements they made do not add up.
First, manufacturing delays do not justify lack of communication, as some on this thread have already noticed.
And then, " their handmade prototype was not compatible with the manufacturing procedures in Shenzhen, and the mechanical and industrial design of the padlocks had to be recreated." That translates to: "We 'invented' something without checking if it can actually be built, and then we had to re-invent the whole thing."
I just invented something: A set of goggles that convert any 2-D film to 3-D. How that is supposed to work? Don't know, that's for the nerds to figure out. But please fund me anyway.
Being a "startup" does not justify having no clue about the business you try to enter. And being a "maker" does not mean you can create, manufacture and market a technical product.
"A spokesperson [...] insisted that MongoDB is not less secure than relational databases like MySQL and PostgresSQL, and pointed to the company's list of security best practices."
Translation: So it is not secure, they just tell you how you can make it secure.
"MongoDB has the robust security capabilities that one would expect from a modern database,"
... but for some reason we believe that our users' preference is to not have a secure installation, so we don't make security the default.
"It is the nature of database software that administrators can switch certain options on and off."
Topic missed, failed. Dear marketing drone, please understand that this is not about what a user can do, but what should be the default.
How's the weather on that planet you're living on?
I have these exact issues.
Did you make sure that everything is plugged in and switched on?
... or philosophy, maybe. What could go wrong?
Doolittle: Hello, Bomb? Are you with me?
Bomb #20: Of course.
Doolittle: Are you willing to entertain a few concepts?
Bomb #20: I am always receptive to suggestions.
Doolittle: Fine. Think about this then. How do you know you exist?
Bomb #20: Well, of course I exist.
Doolittle: But how do you know you exist?
Bomb #20: It is intuitively obvious.
Doolittle: Intuition is no proof. What concrete evidence do you have that you exist?
Bomb #20: Hmmmm... well... I think, therefore I am.
Doolittle: That's good. That's very good. But how do you know that anything else exists?
Bomb #20: My sensory apparatus reveals it to me. This is fun.
Biting the hand that feeds IT © 1998–2017