Re: It's public
You, apparently, have difficulty understanding the rights of a private company to set limitations on what its server resources are spent on.
43 posts • joined 20 Mar 2007
Are the courts claiming that a private company has the legal right to access the server resources and database of a third party in a way that the third party clearly states is against their ToU?
And they're getting away with it because that company built a business on breaking that ToU?
If the laptop was cold when this happened, it would still be secure, as you could not boot into the operating system to allow it to start the update process. The master key is usually only exposed when the system is fully booted.
If the system is turned on at the time, it's different.
Your disk is not actually encrypted using your password... Your disk is encrypted with a symmetric encryption key, that key is then encrypted again, and then your password encrypts THAT key.
When bitlocker is disabled, the symmetric key used to unlock the disk key is stored in plain text in a special partition on the boot. This allows it to unlock the drive without your password, until that key is then deleted.
It's a fairly terrible oversight... Here's MS's own technet article:
"Exposing the drive master key even for a brief period is a security risk, because it is possible that an attacker might have accessed the drive master key and full drive encryption key when these keys were exposed by the unencrypted key."
So we either have inflation... which would allow communication between primordial space and allow the flattening out of the background radiation...
Or we have the speed of light changing, which would have to have completely reduced itself to zero since, or low enough to be completely unmeasurable despite v = c / lamba being able to cause massive interference patterns at the slightest change
You must be wholly unaware of this "code signing" thing.
You could completely own the update servers and as long as the device has a proper public key and strong hashing algorithm embedded (2048 + SHA2) in it you can easily verify origin and therefore reject unsigned or badly signed updates.
Breaking into a website is one thing... but somehow getting a properly secured offline HSM (Hardware Security Module) to either cough up its keys or sign your malware is another thing entirely... if you can do the latter, the NSA probably has a job offer for you.
Was thinking about this the other week while inflating my car tyres at the local Tesco and I was wondering to myself how long it would be until we had cars and services where you could simply pull up beside a pump, and not only would it locate your fuel filler port and fill up the tank by itself, but it would also locate your tyres and inflate them to the relevant pressured based on some kind of QR code, and maybe there would even be a small secondary port next to the petrol inlet, which could be used to automatically top up your wiper fluid and antifreeze at the same time.
The same way he would now.
You encrypt the stream using a session key, but you'd also have to send the session key in the clear (of the encrypted stream), but encrypted using the NSA public key.
ByteCount(AES(SessionKey, NSA-Public)) + RSA(SessionKey,NSA-Public) + AES(PlainText,SessionKey)
That way you can capture the packets, decrypt the session key with the NSA private key, and read the contents of the original message, the two endpoints having already established their shared secret state box and thus being able to decrypt it themselves.
Kinda the same way as multiple recipients works; you encrypt the sole session key with the recipients public keys, one message, multiple people able to unlock it.
I'm going to go out on a limb here and point out that it's quite easily possible to create this sort of encryption.
It would involve sending the decryption key along with the data, but encrypting it with the NSA's public key.
Of course, it's still a stupid idea. If Iran / N. Korea / China is willing to spend billions on building nuclear plants then they're going to be willing to spend even more on a supercomputer plant the likes of which the world has never seen, with just the hope of factoring the global "master key".
I'm not seeing the problem here.
The telcos are awash with cash, and your implication is that if this scheme were to be introduced, that they would suddenly all cut their already non-existent plans to carpet bomb the countryside with masts.
I suspect the entire reason they have not built them there in the first place is that it is not profitable to do so.
Let people piggyback on each other, and put in the financial incentives to force investment in their own networks. That way the consumer is not being kicked in the nuts because they don't have £75 a month to spend on buying 3 SIM cards.
I'd like to throw up the following video from UC Berkeley and their fantastic video repository for anyone else interested in this topic. The video, Angels & Demons The Science Revealed is really quite informative - especially about the energy needed.
Prepare for antimatter bananas.
Interesting thought - but you managed to completely miss the obvious.
OS share has *very little* to do with it... or do you think if Windows ceased to exist that Flash would disappear overnight? Of course it wouldn't.
There is so much in-fighting over standards groups that I like the idea of, as well as a set of firm standards for HTML5, that there is also a more frequently updated option... provisions for cryptography, cross-domain ajax calls, dynamic security policies etc.
Having things such as increasingly powerful graphics processors you can run CUDA crunching on is all very well and good, but kind of irrelevant in the context of web based attacks.
Consider a password which may be between 1 and 6 characters long, alphanumerics, giving a total of around 2 billion options, lets take another mathematical shortcut and ignore the missing digits from the smaller numbers and lets say that each option tried is 6 digits... so for each check you've got 6 digits, lets add 250 bytes for a decent sized HTTP POST header and presume that you're also going to need to send a 10 character login name and, while were at it, the fields will need to be identified so 'user=' and 'password=' add another 14.
That brings it to about 270,000,000,000 bytes to transfer or about 250 GB of upload to the server.
Lets presume that in order to know if you've succeeded in logging in or not you're going to need to receive the response, and for the sake of argument lets say your average webpage being about 15k totalling an additional 28 TB of bandwidth.
So all told you're talking about 28 TB of bandwidth to check all of the 6 character passwords for one user.
Now the question is, if you maxed out the bandwidth of a moderately sized server of the kind you may wish to attack without alarm bells going off all over the place due to the expensive DDoS and IDS protection you find on larger sites.. so let's say that's 10 mbyte/sec... about 3 million seconds to test them all or 30 days.
Using the assumption that somebody wouldn't noticing you sucking up 100% of their bandwidth for an entire month you then have to consider the poor server trying to check all of these details - running a password attack on an offline is all very well and good... but what is a server going to think when it's having its CPU burnt up by handling billions of extra page generations in ASP or PHP or whatever it may be.
Anyway, in summary, it is true that longer passwords are needed... but when you're dealing with websites, how many you can shove down the pipe to be processed by the server is much more important than how you generate the passwords in the first place.
Ran the 09-10 file through PHP, converted to ASCII, ripped out any NULL fields (which accounted for most of the file) and put in CSV with double quoting.
Reduced to 23MB (1.8GB Uncompressed) which is small enough to be opened in excel = http://host.awportals.com/coins/facts_09-19.rar
Gotta do some other work but I'll see about rationalizing it and entering it into a MySQL DB.
As a programmer, I hate COM in ways that are not suitable for publishing. But it is perfectly sensible to include it in SIlverlight, just as they included it in PHP.
You wouldn't stop people from using sounds in Silverlight just because some people don't have speakers, if people want to make offline silverlight apps capable of leveraging pretty much the whole OS then why not let them. If Mac was to develop a single unified model for all of their OS features I'm sure MS would include that to - as it's in their best interests.
So yeah, let them use it... why complain about a helpful feature. Are the Mac people really going to complain that they can't use a SL component built on COM to control their IIS server, even though they don't have the COM components to control and IIS server? Etc.
Well, I have to say that I often enjoy reading the odd article on The Times website, but charging £1 a day for it - for casual readers that's £1 per article... is absolute insanity. I agree with the above statements that £104/year for the news most of which can be read on the BBC for the cost of the license fee shows just how out of touch news corp has become.
All perfectly valid points - but I was actually considering the matter from a theoretical standpoint of a black hole at rest. There are a few things you may wish to consider though:
1) 15 TeV is the energy of individual proton collisions - not the entire beam. There is the possibility that the whole beam would be deposited through the singularity in less than 100 microseconds.
2) You presume that nothing but the singularity is stationary - this is not the case. Consider the enormous heat underground - Once you get to the mantle you're talking between 500 and 1000 Celsius. That is a *lot* of kinetic energy moving a lot of very dense matter about - significantly increasing interceptions with the event horizon.
3) Even beyond the event horizon there are forces which would accelerate additional matter towards the singularity.
So yes, while your points are well taken, and while I do not think that the LHC is going to implode us, the sun, or anywhere else for that matter... I do think there is a lot more theoretical discussion to be had on the matter.
Eating the Earth in a few years? I think not.
A black hole located at the centre of the Earth would swallow the entire meaningful planet in less than an few hours if it didn't evaporate... So long as it has an event horizon matter would fall into it under the force of the planets own gravity... that collapse would happen now if it wasnt for the pressure of the inner atoms repelling the ones higher up against the force of gravity...
If there was an event horizon there would be no atoms able to affect an opposing pressure, the whole planet would fall towards the centre and pass through the event horizon unopposed... Even if the mass of a black hole did not increase as more matter fell into it, the whole earth would soon be going bye bye as the effect of its own gravity being centred at the core would accelerated the contents of the planet towards the black hole.
By the way El Reg, if you wanna advance the cause of science, start linking to Richard Muller's PFFP.
I've now got this phone on O2 and I have to say after jumping into the windows settings and tweeking a few things it is a delight to behold and use.
The multiple input options offered by Windows Mobile are good, and the screen is big enough to use the transcriber input well. Failing that you can always use the old 3 by 4 on-screen input method.
Performance is good, can be improved slightly by disabling Touch-Flo but the TF3D interface is pretty snazzy.
Camera time of 7 seconds is only first load, you can just keep it running as a background task, it is true it does take a few seconds to take a picture when you have automatic focus on but it does give you good quality snapshots.
Lack of flash is a bit of a downside though.
Has good software features and configuration options such as the touch focus and optional back light and shutter sounds. Not too good on the effects aspect with only Grayscale, Sepia and Negative available.
Has lots of decent applications installed by default including the mentioned Google Apps, and the GPS is quick to pick up.
Choice of Opera or IE is good, although installing Flash add-ins for Opera is going to cause you a few headaches.
Having Mobile Office is also a handy thing to have about when you receive documents as email attachments on the go and would previously have found yourself without a way to view them.
The phone dialling interface does its job although you can occasionally go clicking on peoples names or such expecting a menu and instead finding yourself calling them immediately leading you to tap like a madman at the end call button - a confirmation here would have been useful.
If you're wanting to get one of these phones you'll also want to invest in a MicroSD card, I just paid £17 for an 8GB class 4 card off eBuyer and the phone is much better for it.
The TF3D media player is not much to look at but that is no problem as you can turn it off and use the Windows Media Player with ActiveSync to play your music with a lot more freedom.
The included YouTube app is strange, as it finds videos in a different way to what you would get if you did a search on the website, often missing the ones you're after.
* No flash
* No vibrate on key click when connected via USB
Another shocking cliffhanger to the BOfH...
In the next episode:
Will the PFY find himself strapped to a chair?
Will the boss ever finish his powerpoint presentation on time?
Will Simon remember to recharge the cattle prod?
None of these questions, and more, answered on the next episode of...
:O :O :O :O :O :O
Here we go again.
To be quite honest I would use WMP absolutely EVERY time when given the choice between it and the memory hogging, resource eating, so-slow-its-practically-unusable Real Player.
Oh noesss some open-platform fundamentalists want us to have a choice. I couldn’t care less about a choice in this regard, WMP works well, RP doesn’t.
"Good morning Mr. Rist, can I get your first name please?"
"Yes, my name is Tiror."
"welcome to the DoE offices, this is just a short meeting to check your suitability, now please... don't mind the men attaching electrodes do your head, or the heavily armed men ready to take you to Guantanamo bay if you should fail this test.."
"Are you ready?"
"I understand you have a PhD in nuclear engineering, which University was that from please?"
"My degree from The Qaeda Valley university, very good, we do many practical experiments. Excellent mail order degree. Register today get free caesium."
"Excellent, and how long did you study there?"
"4 year, many field trips to Pakistan. Much fun."
"Good Good. Now, sorry I have to ask you these but its just because of the job you understand... Have you ever wished to harm Americans?"
<pause and frown> No.
<looks at polygraph> "Mr Rist?"
"Well, yes. But who hasn’t? Ha Ha! Some people so rude I want to just cut off their heads, you know? Traffic awful, guy crashed into my car on the interstate, I punched him right in the face, just like that. Ha Ha!"
"Yes well, truthfully we all want to do that every now and then. Now, could you tell me if you have any links with terrorism"
"Oh yes. Many. My landlord, big terrorist, always shouting to scare young children. He should be locked up"
"So you are not tied to Bin Laden in any way?"
"Tied? No no. I tied to your machine, you see? But Bin Laden, no, he very far away".
"Finally, Id just like to ask you about your religious background. Could you tell me a little about it please?"
"Oh yas. I love peace. Peace is very good, we should thank God for it. God is great. God is great."
"Oh sorry, Ha Ha! I am Christian, but I sing no good so no gospel for me. But I say God is Great!"
"Okay thats excellent then, well, this polygraph has shown no problems so here is your Level 5 access codes to the reactor core, and your keys to the waste storage room"
"Thankyou. Thankyou so much. I look most forward to working here. Ha Ha!"
"Always good to have another peace loving American".
"Thanks for coming. Now if the guards will kindly take Mr. Tiror Rist down the hall to fill out the paperwork we shall look forward to seeing you at work first thing Monday"
"God is Great!"
"My government will take steps to detain and imprison for 90 days without trial all those either suspected or confirmed to believe or express that either the French are surrender monkeys, that the Spanish should stop being lazy, that the Germans really do love fighting wars, or that the Italians were better in roman times.
My government will take steps to ensure that these foul people are imprisoned for the rest of their natural life never again to speak a bad word about those countries which this great nation spend the last thousand years waging war with."
-- HRH The Queen
Biting the hand that feeds IT © 1998–2019