* Posts by Charles 9

9998 posts • joined 10 Jun 2009

UK ministers to push anti-encryption laws after election

Charles 9
Silver badge

Re: Plugins

Simple answer: forbid unsanctioned add-ons under penalty of not being allowed to operate in the country: regulating apps and industries ARE within the government's remit; see the Uber controversy.

1
0
Charles 9
Silver badge

It's not the bomb victims you need to consider but the idea the government was complicit in the bombing given they were warned, specifically, multiple times. What's it going to take? Some YouTube video televising the exact time of the bombing? Heck, if you want REAL terror, I'd use that as a tactic to convey hopelessness; you know it's coming and you STILL can't stop it.

0
0
Charles 9
Silver badge

They weren't desperate enough. Push enough of them into the "dead either way" zone and the results would differ.

0
0
Charles 9
Silver badge

Re: good idea but seriously

Then who pays for the care of the elderly POOR?

0
0
Charles 9
Silver badge

Re: good idea but seriously

"The rich will flee abroad taking their money with them and leaving the rest of us plebs to pick up the bill."

And if a mandatory exit tax was imposed?

1
0
Charles 9
Silver badge

Unless the fake COMES FIRST or somehow all the other certs get invalidated, basically replacing the pin. How else do corporate secure proxies work? Wouldn't a State-level one apply the same principles?

0
0
Charles 9
Silver badge

And what would that do versus a mass uprising, unless the government is willing to nuke its own cities. Which would then be the signal that civilization's pretty much over.

1
0
Charles 9
Silver badge

"None of this will however stop pier to pier encryption as pointed out by an earlier poster"

But it could make it easier to detect, especially combined with steganography countermeasures like image mangling and text sanitizing.

0
0
Charles 9
Silver badge

Nope, not in terms of a "hidden in plain sight" zero-knowledge system. Can you come up with a code-word system that doesn't require the other side to know what it is yet can be hidden in plain sight, not necessarily in steganography but like a message that looks like any other innocuous message (In other words, can you use a "Happy Birthday" message to tell others what to do even though they've never met before to establish a common code yet?).

0
0
Charles 9
Silver badge

Re: So the person had been reported to the authorities....

By what standard, though? In terms of absolute time spent (which would make sense since the most time people spend in any one place is usually at home) or risk factors relative to time spent (which changes the emphasis to how risky is any given point you're located)?

1
0

How good are selfies these days? Good enough to fool Samsung Galaxy S8 biometrics

Charles 9
Silver badge

You'd have to match the IR map of a face against a cold background: not possible with a candle and tricky with a lamp without a sophisticated heat mask.

0
0
Charles 9
Silver badge

Re: Hardly a big deal

The trouble with edge cases is that they don't REMAIN edge cases for long. Think STALKERS...

0
0
Charles 9
Silver badge

But you have to MOVE the finger to do a pattern match, which you'd probably need if your memory is too poor to remember a PIN (and note that since I'm talking arthritis, this usually means the elderly whose memory is failing).

0
0
Charles 9
Silver badge

Re: RFID ??

"Concave or convex

To suit either sex"

But who'd use since ne'er was it clean.

3
0
Charles 9
Silver badge

Re: Other Options

So what if they take your phone and then use it to make incriminating phone calls or texts in your name?

0
0
Charles 9
Silver badge

Re: Iris scans can be done properly

"This is similar to proper fingerprint scanners which should incorporate IR Doppler to detect flowing blood under the skin."

Does that also defeat the gummy fingerprint on top of someone else's finger which would have live blood flow and everything?

2
0
Charles 9
Silver badge

Re: ... and you STILL need a strong identity

"Well, I wouldn't hire you for any job that require a strong identity - such a person would be unfit for the role, sorry."

So basically it's, "Game Over. You Lose. Better Luck Next Life." How Spartan...

Ever considered the person doesn't have to work...because he or she is retired? Old people still need to be able to access their accounts and so on, and if the last local branch closes...

3
3
Charles 9
Silver badge

Not so good for palsied or arthritic hands. As for avoiding the phone, what if the bank is branchless?

2
3
Charles 9
Silver badge

Re: Three pillars of identity

So what happens when you have a terrible memory (meaning there's little you know) and you tend to travel with little and keep losing things (meaning there's little you have) and you STILL need a strong identity?

0
6
Charles 9
Silver badge

But what if you have a terrible memory and can't remember a PIN. And yes, I know plenty of people with memories that bad, which is why they can only go to brick-and-mortar branches and use cards that don't require PINs.

0
9

Intel pitches a Thunderbolt 3-for-all

Charles 9
Silver badge

Re: A few things--a Luddite rants..

"Would you move into a house that only had one electrical outlet in the kitchen?"

If you REALLY need additional ports, they would respond, "Get a powered hub!" And to use your kitchen analogy, you would not believe how many places I've seen using multi-plug orange extension cords strewn about the place...yet they STILL pass inspection.

0
1

LastPass now supports 2FA auth, completely undermines 2FA auth

Charles 9
Silver badge

Re: The other side of the argument

Unless, of course, they just hack LastPass itself, steal the contents, AND figure out ways to crack or hack them, which is not outside the realm of possibility. Then they can pwn you without hacking you.

0
0
Charles 9
Silver badge

Re: Fewer Secrets

OR they can glean your details and use that in social engineering to get better access to your more-sensitive stuff through identity theft.

0
0
Charles 9
Silver badge

Re: Banking

Unless, of course, it's an extended weekend (coming up here in the US) and/or you're far from the nearest local branch (assuming they HAVE brick-and-mortar branches)? Or worse, they refuse to believe you?

0
0
Charles 9
Silver badge

Re: Is this really 2FA?

What happens when you routinely have to handle sensitive data BUT you're also highly prone to losing things like your keys, meaning you're likely to lose the fob?

0
0
Charles 9
Silver badge

Re: Complex passwords stuck on a post it note under your desk

Unless, of course, you're MUGGED and they take advantage while in an unconscious heap.

0
0
Charles 9
Silver badge

Re: Is this really 2FA?

And what if you LOSE it? Or they break the system like in the RSA attack? People lose their keys already, let's not try to add something ELSE to lose?

0
0
Charles 9
Silver badge

Re: Non issue?

If they can pwn the point of entry, then any other kind of entry screening is moot since they still have to go through the point of entry. IOW, 2FA isn't going to work not because it's going to the same point as the pwned point of entry but because it'll have to go through the pwned point of entry anyway.

1
0
Charles 9
Silver badge

Re: Date of birth

So you say all your dates (xxxx, mm dd)?

What about all the hispanics and so on that say "dd de mm, yy" (or simply English who say "ddth of mm, yyyy")?

Anyway, the mm/dd/yyyy format is consistent with Americans and many other English speakers who say "mm ddth, yyyy".

The ISO date format is as much a mishmash of letters and dashes as any other date format. The ONLY reason it's so useful in computers is that it AUTOMATICALLY sorts dates chronologically if you perform a simple ASCII sort (to the second if you use the extended format which includes a 24-hour time).

0
0

Google now mingles everything you've bought with everywhere you've been

Charles 9
Silver badge

Re: Paying by cash just became mandatory....

And then you find out they can track that, too. Consider "Where's George?".

0
0
Charles 9
Silver badge

Re: Another good reason to avoid Android

Only to be replaces with CHINESE bits inserted to replace them. And before you say, "Who cares?" don't forget China's busily engaged in an economic war with the West, too, so there CAN be serious consequences.

3
0

India makes biometrics mandatory for all e-gov projects

Charles 9
Silver badge

But guess what education helps to do? Condition the mind to be able to do what you describe. Even in the old days, the hands-on education of skilled trades and so on conditioned the mind to be able to think out of the box for the sake of their position (adapting to changing conditions). If OTOH everyone did things by rote...

1
3
Charles 9
Silver badge

And I'm sure you realize the obvious counter.

Many in India are POOR and likely have POOR education.

Meaning in a world of "Are, Know, Have", many in India neither KNOW nor HAVE anything of value. How do you handle an identity system when the ONLY thing of value you possibly possess is something you ARE?

2
3

What's got a vast attack surface and runs on Linux? Windows Defender, of course

Charles 9
Silver badge

Re: But isn't the environment itself just as important?

Partly useless, because you can't fake PANIC. You can't fake a fire, and so on. Even the late Terry Pratchett noted it. IOW, unless people REALLY feel their life is on the line, they won't behave the same way during a drill than they will during an actual emergency. Practice isn't all you need, you ALSO need discipline: the ability to not panic when surprises DO come. Say detonate a flashbang once in a while nearby to condition people to react in desired ways.

7
9
Charles 9
Silver badge

Re: But isn't the environment itself just as important?

But the point stands. What if the exploit is a gestalt, meaning it ONLY appears in a certain environmental combination and then becomes something greater than the sum of its parts? IOW, it's like planning for an emergency: the ONLY way to really know if the plan works is to have an emergency, with all the environmental factors that ONLY come from true emergencies.

5
6

The real battle of Android's future – who controls the updates

Charles 9
Silver badge

Re: No Skins please.

There's more than one manufacturer, so there's no real supply monopoly, and since the manufacturers come from different countries (Taiwan, South Korea, etc.) with different economic incentives, they're unlikely to act in a cartel.

As for the carriers, there has always been a market for carrier-free phones, particularly in regions where common settled frequencies have been established like LTE Band III, allowing for easier carrier-jumping. Areas with more prepaid rather than postpaid carriers tend to encourage carrier-jumping and thus carrier-free phones. Even in America that trend is growing with increasing numbers of "Bring Your Own Smartphone" MVNO carriers. Most of the headliners for the past ten years or so have been offered carrier-free in some form, plus there was the iPhone which carriers were SO desperate to carry that they let Apple dictate terms for a while. So I doubt there's a real monopoly on the distribution end, either.

No, I think the real demand is strictly with the customers. Thin is in, and simplicity sells, thus closed-in slim phones win out over thicker and easier-to-grip phones with removable battery packs and expansion slots.

0
0

EU security think tank ENISA looks for IoT security, can't find any

Charles 9
Silver badge

Re: Rule zero

The existing iteration of "The Internet"

There, FTFY. The truth is, nothing known to man can ever be really secure as long as someone knows about it. Not even a One-Time Pad is proof against Rubber-Hose Cryptanalysis. The only true secret is one known to NO ONE and NO-THING (because the thing can be used by man to access it).

1
1
Charles 9
Silver badge

Re: if the mandate is that the device will ...

Especially if "setting up" requires a computer the owner may not possess.

0
1

Why Microsoft's Windows game plan makes us WannaCry

Charles 9
Silver badge

The problem behind the problem for (2) is that upgrades can be DOWNgrades, too. And if your software depends on something that WILL disappear with the upgrade (like support for the ISA bus which was dropped with Vista), then you're up against the person who's sworn to stand his ground to the death, meaning no carrot is more valuable than where he stands right now and amount of stick will make him budge. The thing is that one size can't necessarily fit all and for some, there are higher priorities than anything you can provide.

0
0

Hi! I’m Foxy! It looks like you want to run Flash. Do you need help?

Charles 9
Silver badge

Re: F off

Careful. What if they F back...without the lube?

0
0
Charles 9
Silver badge

Re: Dear BBC,

"At the moment whois shows bbci.co.uk as registered to the BBC."

As I recall, bbci is short for "BBC Interactive" and represents the BBC's earlier forays into combining television and internet to create interactive programming. It's a legitimate domain that the BBC has had for about a decade or so.

0
0
Charles 9
Silver badge

Re: Until Adobe oficially kills Flash

But what if turns out to rise again like a zombie. Without a head, so sorry, folks, the old "shoot 'em in the head" ain't gonna work.

1
1
Charles 9
Silver badge
Devil

So what happens when you really DO need Flash and you don't even know it, then? Hate to be at the Help Desk when THAT happens, especially when the caller happens to be someone high up.

0
2

Supreme Court closes court-shopping loophole for patent trolls

Charles 9
Silver badge

Re: Simpler answer (Energy Co in E-Texas)

Nope, because it's likely long since expired, given internal combustion engines have been around for over a century by now.

0
0
Charles 9
Silver badge

Re: Look out Delaware!

Delaware's friendliness tends to favor factories, warehouses, and distribution centers. No sales tax among other things makes it advantageous to settle there. I believe Oregon has a similar business-friendly structure.

1
0
Charles 9
Silver badge

Re: Note the vote 0-8

I think the difference is whether or not product is exported directly to the buyer or run through some affiliate or subsidiary first. The latter can be sued directly while the former usually have to be taken to trade courts.

1
0
Charles 9
Silver badge

Re: Note the vote 0-8

An international company with no US presence couldn't be sued in the US due to lack of jurisdiction. Those kinds of cases usually go before the international trade courts which are a special case. Besides, isn't it normal for a company doing business in the US to have some sort of US presence for legal reasons?

4
0
Charles 9
Silver badge

Only if the DEFENDANT is incorporated in Delaware. That's the big thing. Patent trolls basically have to take on violators on their turf.

16
0

Kill Google AMP before it KILLS the web

Charles 9
Silver badge

Re: I like AMP

It's the PUBLISHER'S responsibility since they're in the best position to know or figure out whether or not the piece in question is true or not. Anyone else would not be in a good position to know, especially if the content is exclusive. Besides, the LEGAL liability (under libel law) fall to them, does it not?

0
0

WannaCrypt: Roots, reasons and why scramble patching won't save you now

Charles 9
Silver badge

Re: virtual machine

And the manufacturer is NOT your friend since you can't replace the machine: it isn't yours to mess with. Remember that infamous boilerplate: Breaking this seal voids all warranties and service agreements.. It's basically an untouchable machine that's an integral (and to the manufacturer, inseparable) part of the six-to-seven-figure whole. And no, airgapping won't be an option since it has to be able to transfer the fruits of its labor, and a USB drive can pwn a machine just as easily as a network connection.

0
1

Forums

Biting the hand that feeds IT © 1998–2017