* Posts by hayzoos

81 posts • joined 2 Jul 2014


What do sexy selfies, search warrants, tax files have in common? They've all been found on resold USB sticks


Multiple pass overwrite is a waste

Best: Proper physical destruction, choose your favourite method, just be thorough.

next: Any secure erase function built-in, fastest possible overwrite, may overwrite bad "blocks", use hdparm to access it

next: single pass overwrite ones or zeroes or preferably random bits, use dd with random or zero, slower than built-in due to interface bottlenecks

next: overwrite software like dban, blancco, or whatever with one or more passes to meet regulatory requirements including certificate, slow as molasses at the north pole

Format was never meant to erase, only prep for use. The same goes for "Low-level" or "Full" or "Guaranteed complete thorough better than new" format which may or may not overwrite all accessible blocks, it usually is used when there is no existing format or changing to a different format.

Windows cipher command is a good try, but it fails on multiple levels.

Delete, trash, recycle, hide, forget, ignore, store in vegetable drawer, will also not properly dispose of sensitive digital bit patterns.

I like to disassemble and apply a propane or mapp gas torch to the bit holding parts. For the really sensitive stuff I would use a microscanning microplasma torch or microsharks with microlasers.

Telecoms kit supplier shut down for carrying on work of two firms that had been... shut down


Here's an idea

1) The Insolvency Service has the authority to act on a known banned Director, but must be informed.

2) And, the Companies House can only publish such information publicly even being specific as to request the Director to terminate, but not act.

3) Then should not somebody(ies) job(s) at the Insolvency Service be to review the public information published by the Companies House?

Sorry, makes too much sense; goes against business lobbyists desires; and a law or rule will then be passed concerning this very loophole.

Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints

Big Brother

Re: Not much protection

When I heard signed script, I thought they were talking about corporate CA certs. The certificate store has grown to be a mess though with CAs from world+dog pre-populated for your convenience. This is another area where hardening needs to targeted. You have to trust the CA which can produce a code signing certificate. Enough damage can be done even when the rouge CA only produces TLS certs and javascript execution is permitted on that basis.

I don't see why a corporate CA has to be limited to internal use either. Properly managed (I know fanatsy world) corporate CAs can be used to vet comms between partners, more trustworthy than common TLS or even some EV TLS certs issued by traditional third-party CAs.

Take a browse through the certificate store in a default Windows install. Allow your paranoia to interpret the names of some of them. Is there a five eyes CA in there? How about an FSB? Don't leave China out of consideration nor North Korea, Isreal, Iran; all of their spy groups have entertained the idea of gaining a foothold this way. If not, they do not deserve to have Intelligence in their names.

As netizens, devs scream bloody murder over Chrome ad-block block, Googlers insist: It's not set in stone (yet)


Re: There is always the old fashioned way

"Not much they can do about that one...."

They can implement their own DNS client in Chromium/Chrome instead of using the one from the OS. This can then ignore the "/etc/hosts (or whatever it is on your O/S)" and always resolve anything google.com. They can even decide to encrypt it so a network based filter cannot interfere with google.com hosts name resolution.

BTW it was mentioned earlier in the comments - DNS over HTTPS.

Microsoft sends a raft of Windows 10 patches out into the Windows Update ocean


Am I biased?

"monthly Patch Tuesday excitement"

Did anybody else misread the above snippet as "monthly Patch Tuesday excrement"?

Still using Azure Scheduler? Schedule in 30 September 2019 'cos it's being euthanised


More replace simple with fancy, fancy, bells, and whistles

Not at all surprised. The scheduler must have been to simple and reliable and dull. These days everything must have every feature under the sun and then some.

The further expand on the cron analogy. It too may see a similar push to the wayside by the systemd crowd. This is not isolated to Azure or Microsoft.

Why can't we follow the "if it ain't broke, don't fix it" mantra? Sure it may have a few issues, but they have been worked around. A simple modular system tends to work much better than a single complex gargantuan system.

No, we need to reinvent the wheel, and axle, and bearing, and drive linkage, and differential, and braking, and engine, and steering, and lighting, and chassis, and cab, ad nauseum just because we want to create a new car radio, then do it all again to add mp3 playing into the new, new car radio.

Wanna save yourself against NotPetya? Try this one little Windows tweak


Re: One notable casualty of the full-strength malware was shipping line Maersk

I heard they went serverless.

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more


Re: What a load of bull

I don't know why everyone is being so harsh on @Pascal Monnet. He has a point, even comparing by numbers, the playing field of cybersecurity is vastly more complex than chess. The full set of chess is definable. We have chess programs, we have chess playing programs able to defeat top human players. If it was as easy as chess, then where are our programatic weapons to defeat even the average cybercriminal?

The real problem is, thinking it is possible. It is a similar problem as making something foolproof.


Re: SMS '2FA'

Outsourced Authentication, to save money, probably lowest bidder, What could go wrong?

Wait, don't answer that. It is called saving money at all cost.

I'm trying to be funny, it doesn't help the despair.

Big Cable tells US government: Now's not the time to talk about internet speeds – just give us the money


DSL is not an option for the rural coverage, only cable and fibre. Satellite already serves rural areas. The material used is not the major cost, the labor to run it is. The best value and bang for the buck is fibre. But it does cost more than copper. So the savings of sticking with the lower speed copper is turned into profits.

If the rural ares get higher speeds, then suburban and urban areas will demand increases. Can't have that, all that investment eats profits.

Space station springs a leak while astronauts are asleep (but don't panic)


What part of International Space Station do some of the commentards here not understand? Ingenuity knows no borders. It must be a prerequisite to becoming a spacefarer.

I saw mention of duct tape, zip ties, wd-40, let us not forget the tried and true mechanic's wire.

EU wants one phone plug to rule them all. But we've got a better idea.


Wire, plugs, current, safety

I'm a USian with better than average knowledge of the electrical systems here, enough to make me dangerous. My direct experience is with the radial circuits, primarily in the residential electrical. I have also worked with industrial 3-phase delta and wye tapped circuits over 480 volts.

I think a fuse integrated into the plug is proper engineering whenever the wire beyond the plug is rated for less current than the outlet and building circuit. I see the fused plugs here in holiday decorative lights and a few other applications. But, most of the daily use appliances have cords rated for 10 amps or less plugged into 15 amp outlets/circuits, most without a plug fuse. Many of those appliances have a fuse in their power supply, leaving the cord as a weak link.

Keep in mind when talking of fuses or circuit breakers, it is concerning overcurrent protection. There is also GFCI for ground fault protection when the current flowing through the hot is greater than that returning through the neutral and/or ground. The goal of GFCI is to cut the circuit when the current is finding another path besides the neutral or ground since that may be a human providing the circuit path lethally. Then you have the more recent arc-fault circuit protection. It's goal is to break the circuit when a prolonged arcing is occurring. Why? Prolonged arcing causes high temperatures suitable for igniting flammables or melting metals just like arc welding.

This has direct relevance to the "one plug to rule them all". Take USB for example, is has variations for differing power levels through different combinations of volts and amps in the range of 2 to 100 watts. Combine that with backward compatibility either directly or through adapters with older spec cables of lower current capability and no fusing of the wires at the plug and you can see temperatures reaching ignition levels. I know the specs usually cover handshaking to negotiate higher power levels, but various low cost cables and adapters seem to find workarounds to those nasty safety limits. 100 watts may not seem like a lot, but it is more than enough to cause ignition temperatures for a lot of common materials.

SMS 2FA gave us sweet FA security, says Reddit: Hackers stole database backup of user account info, posts, messages


one word


GitHub given Windows 9x's awesome and so very modern look


Re: Not authentic enough....

Maybe sooner if DST change is not too far off. Gaining or losing an hour has strange productivity effects.

Google Chrome update to label HTTP-only sites insecure within WEEKS


Shut up about the Chinese Cannon and the Verizon Supercookie

Those running the Chinese Cannon will have no trouble performing a MITM attack on a HTTPS session. If you don't believe that, then go crawl back under the rock. In fact, you don't have to be a "state level actor" (TM) to MITM a HTTPS session.

The Verizon Supercookie works at a lower layer in the network stack and HTTPS aint gonna help. Your ISP is by definition a MITM and can attack your session in a variety of ways. In the US the big ISPs are the only offering so you cannot find another. They also have a friend at their regulatory agency the FCC who will rule to their liking like killing net neutrality. So side gigs like supercookies, and ad injections are not frowned upon.

Boffins want to stop Network Time Protocol's time-travelling exploits


time doesn't exist, unless I believe it

Encrypting/decrypting a time query/answer will occur at a known interval, adjust accordingly.

Aren't you supposed to use a relatively local ntp server? for multiple reasons, think it through.

It's all relative, I like that one.

My system clock may be off, I think it's beer-thirty.

Welcome to Ubuntu 18.04: Make yourself at GNOME. Cup of data-slurping dispute, anyone?


Re: 3rd choice

Finally, somebody pointed out other ways to present the options. People are stuck in the current paradigm of binary opt-in or opt-out and one has to be the default.

For some reason I feel the need to quote the band Rush:

"You can choose a ready guide

In some celestial voice

If you choose not to decide

You still have made a choice

You can choose from phantom fears

And kindness that can kill

I will choose a path that’s clear

I will choose free will."

Brit doctors surgery fined £35k over medical data fumble


Similar happened near here about 15 yrs ago

The similarity is abandoned medical records. Near here is the village of Colver, Cambria Co., PA, USA, a mining town whose hospital folded in the early 1970's. The building was boarded up and due to unpaid property taxes and ownership by a now defunct company, the county assumed ownership. There was a news story around 2003 about medical records blowing around the town due to the boards of the boarded up building rotting away. Records were collected and moved to county record storage at the former county prison where they give public tours. Somebody I know went on such tour a while ago and said many records are in banker's boxes in the old cells unlocked and doors open.

Nothing to see here, don't hold up the tour, just move along and be sure to stop in the gift shop on you way out.

US Congress mulls expanding copyright yet again – to 144 years



I am not creative enough to live off my creativity. I have created some works worthy of copyright though.

My descendants do not deserve ongoing remuneration of use of my creative work from 20 years ago. They can have what is left over from all I have received during my lifetime after settling all my debts. The law as it stands now relieves them of my debts not so settled.

Copyright should not begin until published. I have works created many years ago that I have not yet published. I should be able to pass these on to descendants for publication and subsequent copyright protection. Life of the creator should not matter. X number of years from publication should. This also simplifies corporate or real person ownership. 14 years seems reasonable to me.

Prolific creators would have no trouble living off their creations and supporting a whole cadre of promoters, producers, marketers, agents, lawyers, and the like, even extended family, within the 14 year limit of each piece.

I once tried to produce personal copies of a professional looking photograph I created at a large retail outlet. They were not going to allow me to have the copies I paid them to produce, with no refund. They said this looks like a copyrighted image. I said it very well could be if it were published, but it is not, and I produced the image, therefore I own it. After a bit of back and forth with a couple of supervisors, they "allowed" me to have the copies.

What good is 144 years to me? Even if I could produce enough to live off my creativity, I am not going to benefit from 144 years worth of revenue. Relatively, very few works can be leveraged to have revenue for 144 years.

Astroboffins spy the most greedy black hole yet gobbling a Sun a day


The end is near

Just wait until we find the secondary percussion wave of the big bang is propagating albeit at a slower pace. That secondary wave is sweeping up after the initial mess and pushing everything together. These supermassive black holes and such will seem puny by comparison.

I'm off to the restaurant at the end of the universe, or maybe i'll calculate a few impropabilities and see where I end up.

PGP and S/MIME decryptors can leak plaintext from emails, says infosec professor


I preferred to use PGP without email integration. I would prepare the plaintext and encrypt in an isolated environment. The encrypted file would be sent as an attachment.

For received encrypted emails I would export the cyphertext part to a file, transfer to the isolated environment, and decrypt there.

I remember one particular encrypted email. It was a saved copy of a webpage with an accompanying comment, keep this secret. Said webpage included embedded resources to be downloaded. I said they should have their encryption keys taken away before they hurt someone.

Password re-use is dangerous, right? So what about stopping it with password-sharing?


"I am probably being paranoid for thinking they have just offered to breach my user security."


They also send a second factor via SMS even when you have registered a one-time password app.

So many ways to login, it's so hard to choose.

A bit like my old Ford truck, any old Ford key 1970's through 2000 will start it.

No, Sierra Leone did not just run the world's first 'blockchain election'


Blockchain, blockchain, blockchain

I can't believe the current voting machine manufacturers are not all over the blockchain craze. Ya know since doing blockchain does wonders for stock values. The only part they have to get right is making sure blockchain is in the marketing literature and enough techno mumbo jumbo gobbly gook to appear they have this blockchain thing down pat. Oh, and since the paper trail thing has already left the station, they have to do that too.

Pardon me, can I get something without blockchain? Ah, sure, blockchain!

Boffins discover chemistry that could have produced building blocks of life in space


Have an upvote, exactly what I was thinking. The last paragraph has me wondering if Ahmed is an actual scientist or just a grant chaser:

"The next step is to find out if these life-bearing molecules can be formed from ionising a mixture of hydrocarbon gases. "Is this enough of a trigger? There has to be some self-organization and self-assembly involved to create life forms. The big question is whether this is something that, inherently, the laws of physics do allow," Ahmed concluded. "

Well, certainly not a physicist. Hardly deserves the boffin title either.

Pennsylvania AG sues Uber over 2016 data fail


Correct link


America's broadband speed map is back! And it doesn't totally suck!


Notice the small notation of speed >=25/3Mbps as broadband for the color legend. The count of broadband providers for the color coding is based on that. My location shows 2 broadband providers, one cable and one satellite, plus 3 below the 25/3 threshold two satellite and 1 ADSL; speeds are 200/10, 25/3, 15/2, 5/0.768, 2/1.3.

I have the cable at the lowest tier of service 10/2 for $50/mo. with my own cable modem, router, and wireless no data cap, definitely not neutral, personalized ads injected, torrents & other services blocked/throttled, VPN hostile. It's $75/mo. to go to 25/3 without renting equipment. 100/5 and 200/10 are available at $100/mo. and $200/mo. They claim to offer 2000Mbps service at $300/mo and must lease their equipment. Inaccurate, but close.

The only other 25/3 broadband provider only lists up to 12Mbps for my area throttled at $65/mo.@40GB, $95/mo.@60GB, $145/mo.@100GB. Inaccurate, only half the speed supposedly available, not broadband.

The 15/2 provider actually resells the ADSL 5/0.768 in their TV/internet package. I had DSL before, started out OK but then the service was bad, the infrastructure is even more neglected now. They cannot be providing 5/0.768 service here. No sense in looking up their prices. Inaccurate on two counts.

The 2/1.3 provider actually lists plans ranging from 0.768/0.512 to 4/2 unmetered contended from $360/mo. to $3450/mo. and 10/2 metered from $100/mo to $500/mo. without equipment cost or installation of $1550 to $4884 plus taxes discounted $1000 with 2-year service agreement. Inaccurate and priced out of the market.

So in reality there is only one broadband provider in my area. One listed resells the other, therefore only four providers, not five. None of the service levels are accurate. Three directly or through partners compete with streaming providers (net neutrality issue), and are known data slurps. Nice work of fiction. No need to change the names to protect the innocent.

Cox blocked! ISP may avoid $25m legal bill for letting punters pirate music online


As mentioned earlier, repeat "offenders" are according to Rightscorp. All Rightscorp knows first hand is IP addresses. They have to rely on the ISPs to send notices and provide identity of the customer of the IP address. Many possible points of failure there depending on which flawed methods they choose. Keep in mind both Rightscorp and ISPs seek to reduce costs of the mandated overall process, they get to choose the implementation details.

Assumptions were made that copyright holders or their agents would do due process in seeking damages. Ha! I said doo-doo, no Ha! assuming due process by the likes of RIAA or MPAA or their agents like Rightscorp.

Rightscorp and their ilk act much like spammers. They have managed to automate much of the process of locating pirates, downloaders, streamers, torrenters, and all types of copyright violators. Then they feed that to automated notice mailers. My guess is their notices were blocked by spam filters.

Another plausible reason is excess false alarms, boy crying wolf syndrome.

I'm not for either ISPs or corporate copyright collectors, but in this case I'm more against the corporate copyright collectors.

Canada charges chap alleged to run stolen data-mart Leakedsource


Apples to Oranges

Leakedsource provided access to the stolen credentials quite usable for malicious intent, clearly bad. haveibeenpwned and breachalarm do not provide the stolen credentials, all you get is confirmation that a username/email was part of a data breach or a warning when it happens. Neither of which is usable to break into accounts.

US border cops told to stop copying people's files just for the hell of it


Re: Define "border", USA style

Yes, borders for the US include International Airports and any other inland ports. I remember seeing a map of the 100 mile radii to all of them, a lot of the US is covered.

Microsoft patches Windows to cool off Intel's Meltdown – wait, antivirus? Slow your roll


Re: Huge Baby Huge

In comparison to Windows, I would not expect Linux kernel patches to be huge, even if you include some critical system utilities require patching, systemd on the other hand . . .

IT giant CSC screwed its 1,000 sysadmins out of their overtime – jury


Re: Let's play the classification game!

That moves jurisdiction to the IRS. Not that it matters much these days. I believe the IRS will target the mis-classified contractors for their taxes instead of the corporation-persons formerly known as employers.

Dentist-turned bug-biter given a taste of freedom


I will have to check with my dentist if he is aware that Patterson Dental's Eaglesoft has security issues.

Samsung to let proper Linux distros run on Galaxy smartmobes


Re: Don't most Linux distros have a watered down 'Live CD' version?

More than some UI tweaks. The 'Live CD' versions are generally for x86/ia64, not smartphone processors. Most of the 'Live CD' versions I have seen are not watered down either, but smartphones do not need a watered down version. They will need very good power management but a lot of that is app dependent, not just an OS function just like the smartphone OS/app combinations.

I am able to use a combination of a bluetooth keyboard and a chromecast to do what the dex is doing. I used the smartphone screen as a touchpad, but a BT mouse or USB mouse works for pointing. I haven't done the Linux thing on my current smartphone, but have on an older one. I still use a laptop for my computing needs.

UK Land Registry opens books on corporate owners


Re: May I introduce you to...

And for every rule of proper age there must be one or more exceptions.

WPA2 KRACK attack smacks Wi-Fi security: Fundamental crypto crapto


Is this a protcol issue? I think reusing a nonce is an implementation issue even if the protocol says to do so.

More and more websites are mining crypto-coins in your browser to pay their bills, line pockets


Hell no!

I do not trust the current website ad outsourcing model or other marketing services. Malware javascript gets injected and all we hear is "oops, our bad, we'll remove it" and no other changes. It happens again and again. Happened to Equifax and Trans Union recently with marketing stats scripts.

Clean up the whole website ad/marketing industry before I will even consider allowing javascript from such sources. Until then I will maintain my whitelist, pay a few subscriptions, and donations. All other sites, meh.

Rejecting Sonos' private data slurp basically bricks bloke's boombox



All these comments fail to cover the affect of the Internet at large. Sonos has created a situation where potentially large numbers of their (unpatched) devices can be enlisted into a cyber army battalion. Yet another reason why this IoT mindset is bad.

Flash... Nu-uh! Tech folk champing at the bit to switch off life support


I once crossed paths with a Macromedia "higher up" whilst in San Francisco. He sat next to me at a hotel bar, ordered his drink, then proceeded to count out coins to pay. Since I was ready for my next drink I told the bartender to put it on my tab so I wouldn't have to wait an eternity. That's when he introduced himself. I decided not to let on that I was into computers twenty years or so. I could see why Flash ended up the way it did after his talk. It wasn't bad per se. It just was conceived before Internet security needed to be designed in from the beginning. Adobe just made sure it got as bad as it did.

systemd-free Devuan Linux hits RC2


My thoughts on the systemd thing

A major symptom of the problem of systemd is the fact that it takes so much effort not to use it. Here you have *nix veterans having to establish a major fork/project/distro which shows the effort goes beyond even what many here can do. I'm not talking the one-off, "I removed systemd from xyz distro and everything is working for me except maybe x and sometimes y, but that is typical *nix anyway so it works".

I finally left Windows last year as my daily driver. I dabbled in *nix of various flavors for many years so I have no fear of leaving Windows. I was trapped by "certain application(s) are only available in Windows". I solved that issue by a POV change. I don't use an OS because of applications anymore. I have things to do, not I use a particular app. When a part of my system exhibits objectionable "features", I can change the entire toolset if I have to ,to get my stuff done.

Now, (over a many months' time) I find Linux distros beginning to exhibit objectionable "features" mostly due to systemd. Including the distro I chose to replace Windows. It seems I have few distros to choose without systemd. Fortunately for me, I have dabbled with some of those before, so I am more comfortable considering them. Unfortunately, the Graphical environments are also exhibiting systemd issues. And udev is in the future?

I propose for clarification that non-systemd distros continue to be known as Linux distros. Those that have adopted/(been assimilated by) systemd be known as systemd distros instead of Linux distros. It would make things alot easier in choosing one. There already are compatibility issues between the two types, so it seems a new species has been created. Should also be extended to anything else with a systemd dependency, so you know the package is incompatible with non-systemd Linux.

Is there a niche for creating a systemd to legacy translation package to make things like (systemd udev), (systemd KDE), et. al. work in legacy Linux? Probably more like a compatibility layer, but also a sanity layer to insulate kernel and other low levels from userland. Nevermind, it's starting to sound more and more like how Windows (d)evolved.

Balancing miners borks blockchains, say boffins


Re: stopped reading at first line of abstract

I cannot see why you had a downvote. I read the article waiting for the relevant application of the attack. I had the same thoughts, POW systems (aka mining) are for digital currency using blockchains. Blockchains are useful for so much more than digital currency and does not require POW mining.

Then I thought maybe some think banks are considering using blockchains for "digitizing" currency. That could be an explanation for the downvote.

'Geek gene' denied: If you find computer science hard, it's your fault (or your teacher's)


flaw in the research

There was no measurement of effort. I have excelled at things with little effort. Others have excelled at the same things which some, much or great effort. The scores the research looked at could not distinguish those who excelled through effort from the coasters who aced the exams. The one who excelled with little effort are obviously naturally talented in the field.

This fact applies in fields well beyond CS. I would have to say there are gifted people in any field. The opposite also applies. There are those that despite their best and strenuous effort cannot do something.

Infected Android phones could flood America's 911 with DDoS attacks


Re: Open vs closed source

The baseband is where the cell radio "firmware" is located. That may be closed source. This attack uses the baseband approach to achieve the semi-anonymous IMEI only calls.

It is done on closed source, and possibly may need to be signed. So this is not an easy attack on many levels, but that does not mean impossible. Once the steps are defined, as much as possible can be scripted and it becomes a lot more feasible.

35,000 ARRIS cable modems at risk from firmware dumper bot


"Internet-of-things botnets are becoming a thing: manufacturers have to start building secure and reliable products, ISPs need to start shipping updated devices and firmware, and the final user has to keep his home devices patched and secured," Rodrigues says.

My ISP does not allow me to keep my cable modem updated, nor change any configuration parameters. So my ISP must do this, even though I own the device.

I better not be charged for their screw-up and lack of patching.

Alleged buggy software wrongly flunks wannabe lawyers from bar exam. What happened next won't shock you


Class action lawsuits are getting ridiculous. Now we have only lawyers benefiting from them.

US standards lab says SMS is no good for authentication


Re: Do US mobile numbers still look like landline numbers?

US numbers can be ported between carriers. My landline number was ported from Verizon landline to Comcast VOIP and is now on my AT&T mobile plan with their cell to POTS device. I see charges on my bill for texts but the device has no SMS capability, good thing they are zero charges on unlimited text plan.

Ban ISPs from 'speeding up' the internet: Ex-Obama tech guru


Re: Eh...

"Okay, I'm an electrical engineer in license only, but I thought bits traveled about 2/3c on copper and exactly c on fibre."

Electrical engineers should stick to their realm of electrons and not speak of photons or bits. Since fibre is not a vacuum, the photons must not be traveling at exactly c. Bits must be converted to electrons or photons, and the conversion process is only known to alchemists and wizards. Creatures such as bit pixies or photon faeries or electron elfs may be able to effect the conversion process, but they do not know the process. It's all a matter of limited resources. There is a shortage of alchemists and wizards and no amount of H1Bs will get you enough to speed up the conversion process to effect a speed up of packets.

Bin Apple's $500m patent judgment, US DoJ tells Supreme Court


Attack the patent

A single bad patent doesn't make a patent system bad. Attack the bad patents. If a lot of patents are found bad, then the system or it's implementation is bad.

Argue that rounded corners are a functional element not design. Argue that the function of rounded corners in such an application as a smartphone is the same as the function of rounded corners on numerous handheld devices (there are plenty of functional reasons to round the corners). Functional rounded corners are not a new invention and does not merit a patent award. Awarding a design patent to a functional element steps on the purpose of functional patents.

Don't panic, says Blue Coat, we're not using CA cert to snoop on you


For nation-state clients

The product wasn't plug and play for the nation-state market wishing to spy on any and all HTTPS traffic crossing the borders.

By obtaining the trusted intermediate cert. the product has become plug and play for the likes of Syria, China, USA, Russia, UK, N.Korea, Australia, Denmark, or just about any country you can think of to spy on their citizens' and each others' citizens' HTTPS traffic.

It also makes it easier for the existing clients by not having to install an extra cert. in all the browsers for the appliance to work.

Democratized trust certificate model, sounds like how PGP was setup.

Cops deploy StingRay anti-terror tech against $50 chicken-wing thief


If they spend that much on the units, then they need to use it as much as possible to justify the expense. Did nobody think of that angle?

FBI's PRISM slurping is 'unconstitutional' – and America's secret spy court is OK with that



So then everyone must be a suspected agent of a foreign government. Paranoia runs in many directions. Tin foil hats for all!


Biting the hand that feeds IT © 1998–2019