Posts by c1ue 317 posts • joined 10 Nov 2015
I'm sorry to say but your search history is already turned over.
The only question is to how many.
The browsers do it. The forwarding links do it. The ISPs do it. Even the web sites do it.
If I can tell your search history just by forensically analyzing your computer, it means the OS can do it too. Ditto any other software or web app which operates on the same computer.
A greater compilation of idiocy, I have not seen in some time.
We already have an enormous ecosystem of advertising fraud based on bots. These bots build their user profiles precisely through mimicking "good" customer profiles via prime web site visits in order to parlay themselves into good advertising subjects - then go on to harvest ads.
These numbskulls in the IMF are proposing to use DoubleClick/Facebook Pixel type data gathering so that these same fraud gangs can now directly open credit cards and bank accounts.
-10 points for blatantly repurposing an existing business practice as "original research"
-20 points for failing to consider the myriad ways by which their already plagiarized proposal can be abused
Harris Kupperman at adventuresincapitalism.com called this bubble and even spelled out how it progresses.
Financial arbitrage of the Grayscale Trust, now we're into FOMO by institutions and consumer plus institutional pumping and dumping.
Bitcoin in 2017 was all about Ponzi/pyramid/consumer pumping and dumping.
Yet another example of the utter bollocks of "sophisticated, patient nation-state spies" - as opposed to the reality of semi- and in-competent IT setups.
What is abundantly clear is not that the "bad guys" are skilled, it is that their targets are not.
This is pure "security by obscurity" gone bad...
The proposal seems like nonsense because it wouldn't universally accomplish what it wants to:
Major email providers certainly log and have other forms of metadata on their email users. The effect of publishing keys thus only muddies the ownership waters for external entities (primarily individuals) but not for governments or the email providers themselves, or for lawyers via legal discovery requests.
As earlier commentators noted: temperature and extra wear due to log files are certainly a factor.
I would bet, however, that the real cause is the fact that Tesla can (and does) access various cameras on the vehicle to fill its self driving data lakes. There is likely both a standard and "pull" type requests from the manufacturer for this data.
Writing and reading pics is a lot more wear than text files...
At the moment, this is true.
In reality, the storage doesn't require a big VM to mimic. In theory, you can do it with micro.
In addition - if we're talking law enforcement, there are many other ways to crack the nut.
For example: serve an order to the telco. You can protect the phone all you want, but the telco ultimately has 100% access...
Somewhat misleading article.
Here's the reality: a relatively new (~2 years or less) android or iPhone can not be cracked by the tools except via pin brute forcing or via the "services" - basically the companies using 0-days and cracks. And while $1950 isn't a lot for some people - it is a lot for a police department to spend and generally won't be done unless there is a strong need.
Secondly, the report doesn't mention how often the subjects give up their pin. A lot of people will when asked.
For a person who has installed 2FA and also enabled the full security features on the phone, security is going to be good.
To be clear: there is no way to protect anything electronic from an attacker with time and money. The phones can be disassembled and their SSD memories copied - at which point all you need is to know the software architecture and you can run parallel attacks on the cloud against virtual copies.
"reasonable and proportionate"
Interesting that you use these terms when it can be argued that this action is what prompted everyone to "take the gloves off".
Again, I don't say Russia is pure as the driven snow.
The operative statement is: "Let he who is without sin, cast the first stone".
I would suggest everyone read the full indictment.
A number of items are odd: [On or about December 11, 2017, the Conspirators created a malicious "Seoul Bus Tracker" mobile application and registered the mobile application with a mobile application store approximately 1 hour later.] with multiple other apps created and attempted distribution in a very short time frame. Pretty fast work. There is also mention of 15000 web sites defaced in late 2019 - they must be incredibly productive...
Attribution is also interesting: is the "creation date" from just looking at file time stamps? Probably from the app application process?
Then there's the attribution of "creation of components" for NetPetya, Olympic Destroyer etc. The actual charges relate to spearphishing and transmission - there is nothing in the indictment indicating the creation other than the allegation.
The indictment does say that the NotPetya transmission component was via redirecting the web address target for the MEDocs software - makes a lot of sense.
Overall: if you just look at the behavior, it looks like a ransomware gang: spearphishing, network traversal, bitcoin payment for infrastructure etc.
I look forward to see how specific attribution to these 6 people was performed.
The point of a real backup is that you preserve the entire environment, not just data. A full disk image does that.
Secondly, a full external image is completely undetectable in-system whereas an attacker can poison your system backup if they’re in.
Some real world notes here:
T2 doesn't just "make the Mac secure" - it also prevents any type of external backup service outside of Apple's walled garden.
For example: a normal computer - you can boot up on Linux and capture a full dd image. This has its uses - for example, this image preserves all of the OS and installed software, as well as data, should something happen to the source computer. A disk failure can be remedied by putting in a new disk and slapping the image on. A computer failure can be replaced with an identical model computer and said image (really, it is the bios/motherboard).
With T2 and FDE - you can't do this. The Mac/Linux file system won't work without the T2 present, so virtual images are right out.
You can mount the image with a "recovery key" a la Bitlocker, but you have to do this ahead of time. Yes, the system is set up so that you can literally not access your own image without going through a specific sequence of events: FDE on, generate recovery key, capture image. Yes, out of order doesn't work (!)
Wrong.
Excel is powerful because Ajax allows it to reach out and access/do all manner of things.
I've created an Excel spreadsheet that would update, from a web page, the prices of my mother's 300 stocks, because her online brokerage account was so crap to understand.
How else would you do something like that? Particularly 20 years ago...
Yes, you can hire a programmer to slap together something custom - but what a waste of time and money.
Sure, it is easier to work with data these days particularly if there is an XML or similar type feed - but businesses existed before this and the Excel pages are an IT artifact just like the XP laptops fronting 15 year old Xray machines.
The problem is that Microsoft's Excel programmers did a really amazing job of integrating all manner of extra capabilities into Excel.
You can query web pages. You can move data back and forth between sheets and even documents. You can bend, fold, spindle and mutilate cells and their contents.
That's the real problem: if there isn't a 100% perfect program to do something, it is easier to do it in Excel than to do "real" programming to create something custom.
So the real complaint is about Microsoft Excel/Ajax programmers being too good at what they do.
The OP is angry at Excel.
The OP apparently would prefer everyone use some specialized tool or language where the operations are utterly opaque.
Excel - you can see and trace everything going on. Not so for "modern" platforms.
Yes, it isn't scalable for Big Data or even medium Data - but it never pretended to be.
Being angry at something which can do so much, well enough, that it is pushed to the limits and beyond is silly since this applies to literally everything in IT.
Totally wrong.
Regular bank account customers are hacked all the time.
The difference is that retail customers in the US (and in many other countries) are protected by laws from absorbing most of the losses, much as retail customers in the US are protected against credit card number theft.
The lack of cryptocurrency exchange regulation - said exchanges being a combination of bank and security exchange/stock exchange - throws out this vitally important protection for the consumer along with all the "red tape" and what not.
Apple's app store rake isn't "somewhat greedy".
1) If it is payments and fraud protection: the credit card companies do that for 2% to 3%.
2) If it is costs: I looked at Apple's financials for 2015. The app store revenues were higher than Apple's entire personnel cost structure - which includes Apple store leases, Apple store employees, Apple developers for the entire company, Apple's entire sales and marketing people, etc.
The 30% is egregiously more than anything to do with costs - it has everything to do with monopoly access to Apple customers.
The worst thing is: Apple's iPhone business model is identical to the "razors and razor blade" model Gillette uses - except the razor is the apps/OS/email/software while the blades are the phones themselves.
The apps developers put on the app store are a significant part of the hook by which Apple can sell its immensely profitable hardware. To squeeze them is ridiculous.
Thank you for your recreational drug promo.
Legalizing marijuana has not dropped the price; the legal stuff is a lot more expensive than the illegal stuff.
Nor has it reduced usage - illegal marijuana is still 80% of the market.
Reality is that legalization generates revenue for states. Period end stop.
The OP is ignorant.
PowerPC systems still underlie many of the core capabilities in big companies because of its hot swap capability. VMs exist in this case but still cannot replicate the hot swap nor can they replace the big iron original basis.
However, the lack of MacOS VMs is 100% Apple patent trolling.
MacOS is a flavor of Linux - there is absolutely nothing preventing virtualization besides Apple's lawyers.
Turning on Secure Boot also makes it a lot more complicated for offline backups.
So - would you prefer defending against the largely mythical nation state attacker (if you are not in the defense industry/intel agency/government official space) or improving business continuity interruption protection against the very virulent ransomware gangs?
It is turtles all the way down.
The reality is that AI is still somebody's algorithm - only justified with mountains of data.
The thing is - data in the real world is messy, ugly and generally unusable. Real world data encompasses limitations in sampling, errors in measurement, biases in focus, architectural limitations in model, and on and on.
Until there is actual intelligence - i.e. independent reasoning combined with intuition and reinforced with scientific method, "AI" is pure marketing garbage albeit very useful for killing jobs for people.
I can't say for the less dense areas, but a UPS driver in a major city will have 200+ packages for their route every day.
Just how much money is saved by having each package loaded into a drone and said drone sent on its way?
Just how likely is it that said drones will not collide with buildings, utility wires, other drones, birds, kites, trees and what not?
For rural areas: much longer distances are involved. Sure, the drones can fly "as the crow flies" - but then again maps and survey quality deteriorate in direct inverse proportion to density even as distance traveled increases.
I suspect the operational reality of drone delivery is just not worthwhile - particularly with $5000 geolocation/sensing packages required.
And then there's GPS jammers/spoofers. Why bother with porch pirating when your loot can come to you?
Utter bollocks.
I looked at Apple 2015 earnings: the app store revenues exceed the costs for the entire company: store and employees, developers, manufacturing management, salaries for everyone in the company, etc.
The Apple App store is a profit center at 30%, pure and simple.
Visa offers a "free" product at 2.x% of revenue, so it isn't the financial aspect.
It is ludicrous to say that what Apple charges has anything to do with the costs of providing "free" product or the cost of vetting apps etc.
Furthermore, it is the apps plus email, texts etc which is why people buy iPhones repeatedly - so in fact the app developers are a key factor Apple's core product repeat sales: the software is the razor while the hardware phones are the blades.
You might ask the same question of why would anyone drive for Uber/Lyft, deliver for DoorDash/Grubhub, etc?
Because there aren't better choices and because there is very expensive marketing.
Uber lied vociferously over what drivers get paid - the $80,000 annual income they were pushing in the early years was later shown to be completely made up.
Amazon: they offer "high" minimum wages, but people don't realize just how debilitating those jobs are. Nor are they jobs which can be handled for very long - injuries and lack of benefits are both later consequences.
Ultimately, these jobs exist because of the hollowing out of employment opportunities in the Western countries: manufacturing to China, services jobs to India, etc. have led to a dearth of opportunity for those who aren't sufficiently middle tier (software devs and managers) to the billionaire overlords.
Nice: a "secure" app which clearly has put zero thought into security.
plaintext sender and receiver addresses?
The crypto sigs is a bit more understandable - running those packages on low end cell phones is trickier than an iPhone only crowd.
Nonetheless, the pattern seems much more Zoom than Signal.
It would be nice if some of Ms. DiResta's other initiatives (and potential conflicts of interest) were more clear.
Among them:
1) Part of a cyber security company: New Knowledge name changed to Yonder. Past or still present?
2) Multiple online mentions of her doing research into the Internet Research Agency - self licking cone action going on here?
3) Director at Data for Democracy. Incredibly intrusive web site. How is it funded? Freedom House/BBG action?
Perhaps this was covered in Ms. DiResta's talk, but failure to differentiate between pure profit motive/attention trolling vs. nation state actors and motivations is a serious oversight. It has been documented since 2016 that there is a world of people out there who don't even speak English well, but understand internet attention/advertising economics well enough to pull outrageous memes from fringe sites to provoke anger and attention and to then monetize via advertising. See the Wired article about the Macedonian Fake News Complex.
And most importantly: it is the Western, for profit social media companies and their algorithms which underpin this activity.
It is their algorithms which are choosing for "high emotion" = "high divisiveness"/"high anger".
How incredibly convenient to blame negative social media outcomes on Russia - as opposed to the people and institutions without which this type of activity is literally impossible.
Backups work in theory.
In reality: the cyber criminals are actively going after backups: hardware, cloud, you name it.
Also in reality: if you have any significant number of endpoints, restore from hardware or cloud - even if not-corrupted - is immensely time consuming and often bandwidth limited. As is the reality that data/work *will* be lost as a tradeoff between backup corruption vulnerability, bandwidth impact on corporate network and windows of data loss vulnerability.
The point which your experience should inform is that moderation can not be fairly accomplished through small teams and opaque means.
The benefit of transparency and public scrutiny is that the overall picture is much easier to assemble and make fair than the outcome of the views of a handful of moderators and AI devs.
It isn’t clear to me that FB, Goog and Tw are deliberately discriminative at the top level, but their hiring practices can accomplish the same outcome. If you hire nothing but libera moderators and coders, you’re going to get liberal moderation and filtering policies.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2021