I went to the island of Doctor Moreau...
Who showed me a vision, and it looked like... love?
197 posts • joined 26 Jul 2007
One WiFi privacy tool I use on my phone uses the GPS to ascertain if you are near a known network or not before it attempts to connect. (Rather than the usual practice of constantly broadcasting and looking for a known network)
Perhaps something like that could be applied to Bluetooth. (Of course, all the privacy-invasive things people like to use Bluetooth for - like retail BT beacons and such, would stop working. A feature, not a bug..)
Unfortunately Verizon's network, while probably the best run in the US, is rather unique.
So the majority of phones that work elsewhere won't be fully operable on Verizon's network. (Due to, among other things, its unique LTE spectrum and usage of IS-95/IS-2000 ["CDMA"] technology for fallback voice and SMS)
It doesn't look "right" because it's more or less just the top of the final launch stack, equivalent to the 2nd stage, a dummy crew module, and the Launch Abort System. (LAS - the little tower on the top, which is what they were primarily testing today)
This is what the completed launch vehicle will look like during the first stage of the launch:
@elDog - you beat me to it.
I thought the article was going to talk about the fact that Acronis and Kaspersky were going to do some kind of partnership or something.
Because Acronis was indeed founded by a bunch of Russian guys.
Lots of companies seem to move their official headquarters around to more geopolitically blasé locations to avoid cuing-in the public about their national roots, particularly when that's a place that isn't very popular at the moment...
I've been using RSS for quite a few years and a "headline lister" sounds fairly pointless to me.
The whole reason I use RSS readers is to avoid all the garbage on the original webpages, and to reformat the pages into something that doesn't blind me. (I pretty much despise blinding white backgrounds on anything I have to read much of.)
I realize this may sound like some kind of declaration of war to those whose salaries depend on website advertising, but if I wanted to load all the scripts, images, tracking nonsense, ads and other junk just to read a couple of paragraphs for each article of interest I would just go to the original website and forget about RSS.
Re: Assange's "selectivity", of course it would never have occurred to any of his numerous bitter critics who made their mind up about him the moment they heard all that state propaganda about him and never bothered to look at the details.. that he might actually be protecting Edward Snowden by not going full-tilt against Russia at the moment?
Or that Russia is one of the very very few countries in the world (2 or 3 at the most) which has the power and capabilities to a) keep Snowden away from US clutches, and B) provide some kind of platform to someone like Assange (eg via RT) who is persona-non-grata anywhere the US has significant influence? Does anyone in their right mind think that the BBC is going to provide Assange with a neutral platform from which to criticize western countries?
Most of the shrill critics from what I can tell basically decided whether they like him or not based on whether he leaked anything on their buddies recently and what their favorite politician tells them to think. The US Republicans hated him and Wikileaks with a passion for years and were incessantly braying for his head until Wikileaks released some damaging material on their political foes that ultimately helped them win the election, whereupon they all kissed and made up and got on the Wikileaks bandwagon. Pathetic.
This is the most ridiculous international legal case I have ever seen.
Sweden issues an international arrest warrant for a guy who had already been cleared to leave their country after they questioned him on Swedish soil the first time around. Then after he leaves the country they decide to re-open the matter - likely after back-channel pressure from one of those exclusive club-members with 5 eyes.. The way they've been after him you'd think he blew up the Swedish parliament or something.
Assange and his legal assistants offered many many times over the years to speak to the Swedish prosecutors, but they refused to take a plane flight to the UK to do so and instead created this ridiculous circus where the cost for the UK to babysit him all this time has probably exceeded 1000 times what the cost of traveling to London would have been to interview the guy who they claim they "do not have physical access to". (Yeah, I suppose that's code for "physical access to kidnap him, chain him to a wall and send him for US-style "extraordinary rendition"" in one of those peachy "black sites" the US loves to use when they want to avoid the inconvenience of legal and publicly-known detention.)
The Swedes waited something like 5-6 years before they bothered to travel to the UK to interview him and then a few months later they drop the case.
It's ridiculous, it's absurd, he should be a free man.
It's trendy to bash antivirus (especially when you have your own axe to grind), but it reminds me of all the dimwits who breezily proclaimed on January 1, 2000 that the Y2K computer problem was obviously a big hoax because the world didn't come to an end that day. (Conveniently forgetting that the world had spent decades and billions of dollars/pounds updating everything precisely so that would NOT happen.)
Oftentimes when a security measure is this ubiquitous people in ivory towers who have enough advanced knowledge and skills that they don't personally need to rely upon such measures make dumb sweeping proclamations about everyone else.
I haven't used A/V on most of my personal boxes for decades (except Android where eg the available web browsers are too unsophisticated to be capable of being configured securely and Google has a lousy track-record of letting malware/spyware into its appstore), but I would never dream of advising one of my clients to do the same.
I sympathize with both parties. A company in IBM's position can absolutely have a legitimate concern that keeping the worst parts (eg exploit code) offline during the initial disclosure will prevent some of their customers from being exploited. Perhaps after some nominal timeframe they can "un-embargo" it.
And while full disclosure is a nice philosophical goal, I've seen more than my fair share of "security researchers" over the years who seem more determined to make a name for themselves by releasing documentation and tools to facilitate widespread malicious behavior via copycats than they truly seem interested in improving the security of the digital world.
I don't know what category Maurizio Agazzini comes under. But likewise, not every company that thinks in the way IBM is here is automatically some cartoonish caricature of the sleazy, profit-hungry monster that only cares about their bonuses and golden-parachutes.
Given that OVH is one of the very largest hosting providers in the world (especially free or cheap hosting, thus they have more than their share of miscreants as customers), and given that Level3 operates one of the very largest "Tier one" transit networks in the world - statistical probability suggests that yes, it was probably a coincidence.
I'd say there's a good chance I started soldering electronic things together before you were born, given the demographics of this website.
So yeah, I'm a total beginner at this stuff.
The statistical risk of damage to a $10 surface-mount component when attempting to de-solder it from a circuit board is exactly the same whether it's one of a dozen junk phones you are casually tinkering-with in your garage or a key piece of potential evidence in a massive and highly time-sensitive international terrorism investigation where failure is not an option. (Which for some reason you have also been asked to perform in that garage lab of yours)
But the stakes in the latter are about 1,000,000 times higher. Which is why you don't send such high-value evidence to tinkerers to play around on in their garage lab for 6 months. And the price of such an operation varies accordingly.
Actual high-security/low-production devices such as those used in top-secret roles eg military and by national-security officials, often have just such countermeasures.
But it would be corporate suicide for a company to build a product that sells at the scale of hundreds of millions per year, which is essentially 100% un-repairable.
Especially since the vast majority of end-users don't give a rat's behind about security and privacy anyway. (If they did, companies like Facebook wouldn't exist)
Re: "Not so amateur"
What you offer as 'proof' says that he's an academic, not a professional forensic technician.
As I wrote previously, the constraints of an actual, high-profile forensic investigation of a very high-profile, high-value piece of evidence are vastly different than what a guy tinkering in his home lab (while probably destroying many phones in the process) are under. Has nothing to do with his smarts or abilities, has everything to do with A) being able to guarantee success within a certain timeframe, and B) being able to guarantee that even if he doesn't succeed, he doesn't destroy the evidence in the process.
For every Skorobogatov that proudly announces he's come up with a successful hack, there are probably at least 100 people that tried and failed. Which one of those 100 should the FBI have hired instead of Cellebrite or whoever they did hire? John McAfee? :D
And how much was it worth it for them to have an answer in March, rather than waiting 6 months for the tinkerer to come up with a successful hack?
Skorobogatov claims it took him 4 months, but it's nearly 10 months since the FBI got their hands on Farook's iphone.
Except the little fact that the article author claims that the FBI overpaid by "$999,900" - valuing the amateur hacker's work at exactly $100. (In fact, valuing their labor at "zero", and only accounting for their out of pocket cost for hardware. Which is uhh, rather sensationalist.)
All that said: I'm no apologist for the FBI, or Comey in particular who I think is a lying/deceptive piece of sh.... But the premise of the article doesn't "prove" that the FBI overpaid "$999,900". (See my previous comment)
They probably overpaid, and overpaid by a lot, and trumped-up the figure to make headlines. But they could not have done it in a proper way for $100, either.
It's also telling that we never heard a peep from the FBI later about what they had actually found on the device - which likely corroborates the opinion of various people who said prior to the hack being announced that it was highly unlikely that there was anything of value on the phone anyway. (It was his work phone, he already destroyed his personal phone.)
You can't compare the work of some amateur that values their time and expertise at 'zero' - and who spends months working on the hack, along with probably destroying dozens of phones in the process, to an actual forensic investigation of a highly valuable piece of evidence.
When you desolder the chip that holds all the memory of the device from the board, there is a huge risk that you damage the chip beyond repair and then everything that might have been on it is lost, whether or not you eventually figure out how to extract data from similar chips.
For a certain class of person, the only possible explanation for a person who has revealed widespread injustices, lies and governmental abuses and thus rattled feathers in high-places (and is therefore on the run from governments determined to punish him for that) is that he is a self-aggrandizing attention seeker.
I think such pre-determined conclusions say more about their worldview than his.
Thank goodness for so many of those "attention-seekers" over the millennia that had the perspicacity and conviction to force society to make important changes that ultimately became the human race's heroes.
But no, in this case, we keep hearing instead that he's just an "attention seeker".
If so, that's an attention-seeker we could use more of.
Actually the Swedish allegations have always been weak and questionable, and the Swedes already had a chance to question him about the allegations, which they did, and they cleared him to leave the country.
Sorry but for those who have actually reviewed the actual history in detail and who don't have some kind of in-built bias against the guy, the whole matter stinks to high heaven.
"...any links to actual evidence that Yelp offers such quids pro quo?"
Yes, they do. But here's how they do it:
At the top of every review today, Yelp now proudly states:
" Your trust is our top concern, so businesses can't pay to alter or remove their reviews. Learn more."
No, they don't technically "remove" negative reviews, they hide them. Which is the go-to tactic these days for online "review pages": the vast majority of people do not have the motivation or drive to seek out anything but the stuff right at the top of any page they are viewing. If a company like Amazon or Google Play systematically put the positive reviews of a product or service right at the top, 99% of people will never read anything but those positive reviews.
SO they hide the ones their advertised businesses don't like. Take a look here: http://imgur.com/a/qaEjB
That's an example from today, using a desktop browser. Note how they hide the bad reviews and call them "Not Recommended", at the very bottom of the page (there are 20 reviews per page) in small, faint grey text with a tiny dropdown button. And I'm not sure that "unhide" feature is even available to people using a mobile to view reviews. (Probably the majority of Yelp users these days)
Sleazy, absolutely. Pity it's not thought of as illegal here in Capitalism Central.
I remember the days when Yelp was much more useful. Now you have to be very careful to not get misled by the reviews.
If the "per capita" absolute amount of dollars/pounds/etc paid in income tax annually by a billionaire is higher than what a dishwasher at a fish and chips shop pays annually, is that supposed to be some kind of shocking and satisfying revelation of fairness?
As Warren Buffet (considered to be one of the most highly respected US investors and one of the wealthiest in the world) has pointed-out on numerous occasions, there is something very wrong with the fact that his personal tax rate is far lower than his personal secretary's.
In short: the wealthy have the attitude and the means to find ways to escape the kind of taxation rates that most of the populace pay. That generally comes down to political power and the resources that capital allows them to expend on the matter.
In the case of companies like Apple and Google, most of what they have been doing with tax-jurisdiction shopping is actually legal in the USA. It only became a hot-button issue after western countries were financially crippled post-2008 and looking for scapegoats.
The way I see it there are 2 major issues: the laws that allowed such practices to flourish in the first place (tell the politicians and banksters to solve those - and good luck with that), and the fact that globalized tech companies like Apple and Google which deal heavily in digital 'intellectual property' make it quite trivial to move capital around, since most of their assets are ephemeral and not physical. (In addition to the IP assets, the vast majority of their manufacturing is outsourced to other entities)
The EU apparently wants to retroactively penalize Apple and make them a high-profile media pariah, but if it was such a big issue going back 10 years in their own backyard, the EU should have dealt with it themselves 10 years ago by making sure member states like Ireland could not grant companies like Apple these low or zero-tax incentives. Instead of waiting 10 years and then trying to make a media circus out of it to deflect attention from their own failings.
Mexico also being the second nation in North America which refers to themselves as "United States" (..of Mexico), for almost as long as the USA. (47 years less, to be exact. Almost 200 years now.)
I gleefully attract many cross-eyed looks and grimaces by pointing-out such inconvenient facts and using terms like "Yanks" or "USians" when referring to US residents.
Apple Cart Upsetter in Chief
I don't normally read Reddit. But the stuff I read yesterday on Reddit was like a bunch of petulant children that have already made their minds up that TeamViewer (you know, the company that's been giving away a fabulously useful, stable and reliable product to people for years now) is the Big Evil Satan.
As for the snippet you quoted: TV's new permission notification thing should stop any bruteforcing dead in its tracks.
Also do not forget that there was a trojan discovered last month that exploited the TeamViewer client by bundling it with the trojan and using it to create a proxy reflector. TV might want to look into how they can harden their client to make it more difficult for it to be exploited in that way.
I just read about what the "teamviewer trojan" is - seems that they were not just bundling Teamviewer with the malware, they seem to have exploited its functionality in a certain way to facilitate their hack:
Including hiding any obvious presence of Teamviewer on PCs so compromised machines are less obvious.
Perhaps its time for Teamviewer to add countermeasures to their code to make it harder to hijack it in this way.
I'm inclined to agree with this.
TeamViewer is a VERY widely used app, there are all sorts of ways it could be falsely implicated, including this KNOWN issue where some miscreants are bundling it with a trojan and then using it to further exploit the already-trojaned system.
TeamViewer has done the world a great service by allowing millions of people to use this excellent product for free for years now. But as with any widely-used free product that does things online, miscreants often exploit those tools for their own sleazy purposes.
SMDH that some people here immediately assume that TV is at fault with no actual specific evidence, and then talk about the "superiority" of tools like VNC which, for many years, had the worst security in the world. (eg, NO encryption whatsoever unless you created your own encryption tunnel to pass its traffic through, and most people never bothered)
Data breaches have become so ridiculously common lately that the likelihood of someone NOT having had their data compromised in one of them is getting smaller and smaller. The entire voting population of Mexico was one such recent example.
Actually he described DDG as "Google scraping", eg, uses Google search results.
Which would explain that particular bit, but I was actually not of the impression that DDG used Google as a source. I thought they pulled their results from a variety* of sources, including their own spider.
*(~400 sources, was the figure I recall. Neither do I think Google is amongst them.)
The dumbing-down of search engines over the last 10+ years has left us with a situation where the majority of the popular ones (except Google, interestingly) completely ignore double-quotes as a way of trying to specify only a specific string of words in a particular order.
So the first problem is that the non-Googly services are likely interpreting your query entirely differently than how Google does.
And then of course there's the infamous "tunnel vision" issue with Google and others serving you customized results. Are you searching from a clean device/browser, cookies cleared, not logged-in to any other Google services/sites?
I just discovered that BBM is now offering "private chat" for free, which used to be part of their add-on privacy subscription. (Along with message retraction/editing, photo retraction, etc)
Private chat is a snapchat-like service where when you enter such a chat your username becomes invisible, history is not retained, timestamps are not visible, and screenshots are blocked or send a notification to the other party.
Perhaps Andrew mistook that for BBM Protected?
@AndrewOrlowski - in the article you claim:
"...making all of its goodies available for free, including secure encrypted chat."
Are you saying that BlackBerry Ltd is now offering BBM Protected for free? This would be news to me.
BBM has been encrypting its chats on the wire with real encryption (as opposed to the traditional BBM "scrambling") ever since they built BBM on BB10 and went cross-platform. But data-at-rest encryption, or the other additional BBM Protected layers of security, have always required some sort of subscription.
Have they really done away with that now?
The way I look at it, anyone who gives a rat's hindquarters about privacy has always been an idiot to use WhatsApp, because WhatsApp's user identities are directly tied to each person's phone number (like SMS), which means that (AFAIK) you are broadcasting your telephone number to the whole world whenever you use it. Furthermore, anyone who uses anything owned by FB and expects their privacy to be respected is an idiot of the highest degree.
Ergo, people of that persuasion who are miffed about sharing their contacts list with the FacePlex seem sort of quaint.
@Pott, I often vehemently disagree with your rants. This one I agree with 300%.
I'm enough of an old fart to imagine that I was in the biz' before the majority of the major players had turned into mendacious monstrosities that are seemingly comprised of 85% marketing BS and 15% technology, if you're lucky.
It would be hilarious as hell if it weren't so pathetic that I oftentimes will get some drivel in my mailbox that after reading over 4-5 times I still cannot figure out WTH they are supposedly talking about: 100% idiotic buzzwords, corporate double-speak and impenetrably abstract euphemisms for what I do not know.
Living through the days when HDDs failed a lot more frequently perhaps places a different light on these things.
The problem with SSD failures is that there is no "Plan B" where you can take it to a fabulously expensive outfit that will find a way to retrieve the magnetic bits, usually. If the chips fail, they fail. There is no resurrecting them at any price, usually.
And then there is that pesky problem where SSDs in powered-off state (particularly after they've been used a while), tend to "forget" what was stored on them, randomly. Oops.
I actually love that article layout.
My usual problem with the avalanche of data that exists to be absorbed in this field is when I see a long review of a bunch of products, I have this sense of dread that I have to slog through it, from beginning to end, looking for things of interest, and half the time I lose interest because of all the unrelated junk I'm forced to slog through to find a nugget or two. (Yeah, I do a lot of skipping to the "conclusion" page but oftentimes the info I'm looking for isn't there)
Not only was this article short and to the point, it allowed me to browse through each product description while simultaneously taking-in the performance measurements for the whole slate of products, which I thought made a much better use of my "eye-time".
Besides the "helium leakage" issue, I don't suppose enough people realize (and the industry isn't going around telling them, of course) that flash memory has this annoying problem of just getting amnesia over time.
One of the scariest aspects of SSDs and flash memory in general, to me, is the fact that data can just start randomly disappearing while they sit on the shelf, with no voltage applied.
Someone at Seagate who also is a member of the JEDEC standards-body wrote a highly publicized paper on this which was published last May, but the issue of offline flash/SSD data retention has been known-about for years.
The "all in one" approach to updating typically only works if every single executable is open-source and the developer is willing to relinquish control over the distribution of their product. And believe it or not, repositories sometimes get compromised, which is one reason why some software developers prefer not to cede control over that critical part of the chain to 3rd parties.
And while it's a nice utopian fantasy, the whole universe of software will not all become open-source in my lifetime. So, we are sometimes stuck with a bunch of proprietary updaters. Which I don't have a huge problem with if they are GOOD proprietary updaters. Pity how many unnecessarily lousy ones exist.
Some day some places may actually mandate a minimum level of software quality for some products, especially when its code flaws have a widespread effect on the well-being of the populace. Just like laws that attempt to ensure little things like the automobile you drive has brakes that actually work.
Looking at the previous Reg article about the $17M Symantec judgment, I couldn't help but guffaw at the almost perfectly appropriate surname of IV's legal spokesperson:
"“We are grateful to the jury for their hard work and for confirming the validity of these patents,” Intellectual Ventures chief litigation counsel Melissa Finocchio said in a canned statement.
Biting the hand that feeds IT © 1998–2020