Re: UK Intellectual Property Office - Sorry can you FAX that
I suppose an image-transmitting IM service is completely beyond the bounds of possibility, so fax will always have to be on standby ?
1103 posts • joined 18 Jul 2009
I suppose an image-transmitting IM service is completely beyond the bounds of possibility, so fax will always have to be on standby ?
"We've all worked with people who will email after every conversation or phone call to "confirm" what has been said"
And very welcome they are too. Though they could probably save time and dispense with the conversation. I'd much rather search my inbox than my memory.
If only that were true.
Sounds completely useless.
Isn't the point of testing to find out if there are effects that aren't expected from the theory ? If the computer models were perfect, there wouldn't be a need for testing at all. So relying on a knowledge base - even one with trendy words attached - isn't going to do even half a job.
"Check Point further noted an increase in the number of malware variants targeting multiple platforms (mobile, cloud, desktop etc)."
But no details of how that's done or how one might guard against it, unfortunately.
"You accessed your FaceBook account from your work computer ?"
You still have a facebook account ? WTF ?
@JDX They sure buggered it up, though. Repeatedly.
We don't have Caution: HOT on coffee cups because of dumb fucks. We have it because of lawyers.
Any idiot knows - or hopes - their coffee is hot. But if it says so on the cup, there's less chance that when they accidentally spill it on their lap that they'll be able blame the vendor.
It's not information. It's arse-covering. But yes, Americans.
C++ still isn't good enough for embedded systems (unless you mean phones, which are more like a pc on a stick than their embedded roots)
Kaspersky is doing it wrong.
Banned by the agency best known for planting spyware and illegally accessing their own employers (federal and public) data ? Must be good ! Buy it !
It got spent on some other lawyers ?
Not sure I can blame them for using philips screws. There are various screwheads around that are claimed to be tamperproof, but really they're just mildly inconvenient.
Many of them have drivers available in a kit from your nearest poundshop (where available) and those that don't can usually be defeated by hitting a cheap chinesium screwdriver so it moulds itself to the screwhead.
In short, they're worthless : tamperable by anyone over the age of 2 and most certainly by someone with an inclination towards overcoming locks.
You're missing the point. There is, perhaps, a statistical possibility that a rooted phone is more likely to have malware. But it's not certain, and the opposite could also be true (phones more likely to be rooted by people with a clue). I suggest figures, rather than supposition, are desirable here.
But the real point is : an unrooted phone isn't free of malware. NO phone is guaranteed free of malware. If the app isn't secure when running in a rooted environment then it isn't secure running in an unrooted environment either, and assuming that it is, is just painfully shortsighted.
The app has to do its own security. Any reduction in security created by the owner giving himself root privs is lost in the noise.
Good thing the people who built Open Street Map weren't as short-sighted as you.
Why would you want to detect rooting ?
Any app that relies on the OS security to protect itself is insecure by design. The OS can't be trusted, because there's no way to know whether some other malware has found a way under it.
If you consider that an app can't be built that is only secure on a secure OS, you may well be right (as in the old mantra of 'physical access is game over'), but that doesn't make any difference. There is no such thing as a secure OS, and rooting most certainly isn't a reliable indicator of insecurity.
If your bank insists on non-rooted phones to run their apps, they are incompetent. Don't use those apps even on non-rooted hardware, let alone rooted.
I don't think keeping up the standard is so hard. I'm finding Gmail less and less reliable : it gets stuck, crashes, is harder to use.
The bar is falling, not rising.
You forgot cheaper. It would be cheaper to just hand out money than it is to mismanage the attempts to control it.
Oddly enough, they already do run the rail systems. After a fashion.
The 'raiI minister' who cut all the high-speed commuter services from my local (thameslink) line, but fucked up and didn't provide even approximate replacement services has had another go. And fucked it up some more.
Simultaneous identical ( or complementary) hardware failure on all their backups ? Wow.
Bad luck's a bugger. Really hurts when it hits, eh ?
Obviously there wouldn't be a single point of failure or a domino crash in a professionally-engineered system. So maybe it was done by amateurs, or worse, accountants.
I've discovered a huge vulnerability in TV sets from almost every manufacturer. Apparently they use an unencrypted, openly known (and often documented) broadcast method to control them.
You could be subject to sniffing attacks that determine your choice of TV viewing, traffic and content analysis that determines which of your family is near that TV, remote command attacks that could change channel and influence you politically or present a fake channel instead of one you thought you chose. Selection of paid content while you're not present. Denial of service.
All this with just line-of-sight access to your window : no need to tap infrastructure, you can do it from a van in the road,. a handheld appliance from across the street, or a laser from the next block of flats.Cost of entry is low using arduino-level hardware. Cheap products have been on the market for years to facilitate some attacks. For extra fun and on-topicness, I can imagine a remote attack via a compromised light bulb. PoC needed.
ps. I don't watch TV any more and never leave it in standby if my partner uses it. So I don't care. Perhaps you don't either. I made this post because you don't have to be on the internet to be a victim of remote control device takeover. Moaning about IoT failures like they're a new thing and the result of people using unnecessary technology is valid, but 50 years too late.
You can even do that with a gas or oil lamp. No need for pesky unreliable mains services.Get orff my lawn.
Everyone has their own choice of a tradeoff between convenience, complexity and risk. You make yours and I'll make mine. Fwiw, that means mechanical switches for me too at the moment too, but there are some cases where I'd be glad of a different method provided it met various criteria.
I'm getting bored with the anti-ioters. Nobody makes you use the things. Some of them (most of them ?) have flaws. So what ? Fix them, or ditch them, or push for something better and move on. But don't tell me what I should think. I can do that myself, thank you.
It's partially good design in having local control (does Nest have that ? I''m not sure). But it's bad (read : venal, customer always comes last) to tie the remote service into a single point of failure.
Of course, most customers want it in a box and no thinking. I'm sure Philip's have done a reasonable job on that or they'd be on the remainder shelves already. And they're not : I tried to get one in the Maplin firesale but they all went before they'd dropped to retail price. So they're an attractive item, for whatever reason.
A reasonably professional IoT device though would have :
1. Default fully-local control (not set it up on the net then fallback to local. Full.)
2. A provisioned service from the manufacturer, secure, reasonably reliable, easy to use. 'Free', paid, whatever as long as it's clear upfront. Points off for 'free for the first year'.
3. The option to move the remote control from the manufacturers' service to another, whether your own or a 3rd party. Documented, secure, no opt-out cost. Possible even if the manufacturer's servers fall offline one day and never return.
I don't honestly know whether Phipps or Nest offer that (I wanted a bargain offer to find out!) but anything less than that is just junk or, worse, a scam that deserves the full scorn of the anti-IoT peanut gallery.
There have been a few people doing studies of IoT devices with an interest in security. They don't generally do a good job of also evaluating threat models, they're more interested in the publicity of 'I found a hole'. But it seems to me that such a review should also examine business models.
Update : just saw MartinB105's post. Philips appear to be pretty close to the above. ++
You've made a big assumption there. That the toy is on the other end of a routable internet connection. Sure, if that's the case you deserve everything you get.
Clue : Having an IP address doesn't mean you're open to the internet, any more than having your bedroom door open means you're welcoming the public in.
Why on earth would you put an unknown device on your internal network without firewalling it off ? Security belongs at the borders. That's why you don't need to care about the internal security of these devices - because if your network allows them incoming or outgoing access you've lost.
Expecting any vendor - especially malicious ones - to do your security at the device level is silly. A toy isn't going to be as hardened (or as trustworthy) as a gateway router so why even waste your time testing it ? Put the security where it's under your control, not the toy manufacturer's.
I'm starting to get the impression that some of these 'security researchers' are just making a mountain out of a molehill for the sake of publicity.
Not EVERYTHING has to be secure by design. Especially things that are toys, or research tools.
I've got a drawerful of sharp knives in my kitchen. Someone could easily break a window, climb in and kill me with them.
I've got a garage full of tools to help them break in. A gas pipe full of gas to set a fire with. A water tap that could be used to construct a DoS moat. A piggy bank that can be robbed just by dropping it and stealing the £5 that falls out.
Get a grip folks. If you're going to pick faults in things that don't actually need to be secure, at least write up a decent abuse scenario and risk management strategy. So we can decide if we actually give a ff.
You do know that's pretty much how the rest of the world sees journalists / media etc., don't you ?
They're only no longer at the bottom of the pile because politicians, estate agents and lawyers have been doing their damnedest to get lower.
We do remember the occasional journalist who did something useful so there's kind of a hope that you'll beat down the Daily Wail element and drag yourselves up by your bootstraps.
But get on with it, k ?
Awesome imagination you've got there, Kieran.
Hope it's not disappointed.
It's a decision by a judge. Generally given their post by noting that they're intelligent and knowledgable about the law.
Unlike POTUS, which is mostly about being newsworthy enough to attract votes.
If the decision fails to stand, it won't be because it's stupid. It'll be because politics doesn't respect justice.
Regardless of his age / senility etc. - it's unlikely he expected to have to check out the camera before using it. Would have been just a piece of kit supplied by NASA - while it might be familiar, you wouldn't expect him to check and maintain every bit of crap. He's supposed to use it in accordance with the mission plan. If the plan doesn't say 'check batteries, SD card' then he's got no reason to do that.
If NASA wanted him to take it outside and take pictures, they should have prepared it to do that. I very much doubt the astronauts have a supply of SD cards for putting in various things.
Of course, he MIGHT have ignored the instructions, thinking it was just a gopro and he knew how to use it. In which case he's probably not going to survive many more missions. I very much doubt that happened.
Regulate ammunition supplies.
For personal protection,. you don't need more than one reload. If it takes more than that you've lost.
For agriculture (most likely a shotgun), licences and appropriate storage can handle it.
For target shooting, the shooting range can control it.
For gun-nuts with a huge cache 'because' - prosecute.
Avoid a rampager having a big enough cache to shoot more than a few rounds and the problem will be less.
I would have more sympathy for the patent system if it was usable from both sides.
It should be simple to register a patent and defend it successfully against infringement.
It should be simple to determine whether an invention infringes an existing patent.
At present, I think it's weighted toward defence - although that can still be costly. But I don't think it adequately allows for searching, and can be abused to make it specifically difficult to find a relevant existing patent.
Fit corner reflectors around the cockpit.
The objection to them is the idea that $authority would demand 'papers please'. If there are no papers, there can be no demand.
Did AI write the article ? Or just someone very tired and emotional ?
Or stride / leap over instead of stopping and jumping.
But tbf, a five-year-old human would do just the same.
You forfeit your right to contribute to this debate due to your error.
I can agree with that.
But before we ban something on the grounds that we don't want to try to upset anyone, perhaps we should determine whether, in fact, it does upset them.
Where I come from, clowns are supposed to be funny.
So I assume your ridiculous and unhuman opinion is a troll.
You've got it the wrong way round.
If you want to be protected from prosecution, don't try to prevent other people posting as you. Positively encourage it. Then the host of dodgy characters can unwittingly claim to be Spartacus.
Hardly a problem if password theft is common.
In fact, using the password 'password' is probably a good way to claim reasonable doubt of your identity.
I agree about being unusable.
But secure ? Why would you believe putting all your eggs in one unregulated basket is secure ?
If you use them only occasionally as a backup reference like the gentleman upthread, why use an application of unknown quality when you can merely encrypt a text file using some well-verified algorithm ?
I think downvotes are mostly like/unlike substitutes. They're used when someone objects to your whole stance, as against racists. Or because you got upvotes, and they didn't.
You're more likely to get a comment when the response is thoughtful (and perhaps corrective) rather than just argumentative.
Personally, I think downvotes should be allowed only with a comment to justify them. Upvotes are ok, because they're just 'me, too's.
Similarly, I find getting a card to the reader is easier. Carrying a card is lighter and less prone to battery failure than a phone. A card is completely waterproof. I carry a phone in a trouser pocket or backpack, and being bigger than my wallet it takes longer to extract.
I do find NFC payment very much faster than chip-and-pin, which can take up to a minute, I presume because it's using dialup in some form while NFC is perhaps always online. This may be more of the reason for your satisfaction with apple pay than the terminal-to-card comms : the backend is on a faster infrastructure.
Not arguing that you're wrong : just that different habits and lifestyle can make one or the other better for someone. No person's opinion is everything.
The first Android I bought had NFC. As did a Nexus tablet. The two subsequent ones didn't. No phone cost more than £120. I'm assuming it hasn't really caught on except in the 'do everything' phones in the upper part of the market. Which means it's far from essential and probably always will be.
Perhaps it will also help weed out the chips that haven't been properly tested past their infant mortality phase.
In the foot ?
Head, more like.
News of its demise has only recently reached the feet.
"Once again, that was an OPEN REQUEST to invite FB friends into activities. Which has been pointed out to you every time you bring that one up. CA has been found to have been quite a bit less open about its doings."
Yes, but Mr. BJ is an american rightwinger. (yes, the extreme leftwingers are pretty much as bad).
He's not interested in the truth. He's only interested in being right (in both senses).
He assumes that if he keeps repeating something it becomes true.
In a more reasonable culture where people don't get excited about mere politics, he just marks himself out as a loonie and is ignored.
I remember filing a 25-way D socket down to fit the 23-way plug that was the Amiga's video outpot.
Are you still taking the dried frog pills ?
Biting the hand that feeds IT © 1998–2018