So what does it do about Chrome? I've seen a couple installers that want to install it along side whatever I downloaded initially...
Posts by Crazy Operations Guy
2513 publicly visible posts • joined 29 Jun 2009
Page:
VirusTotal wants YOU (but not you) to join its epic AV whitelist
But most exploits in modern software come from those 'trusted' bits that are being white-listed... Why not have it set up to only have libraries and other bits of code on there that haven't been proved exploitable. I'm sure there are several compiled versions of OpenSSL on that whitelist that have vulnerabilities, especially since there are over 6000 Microsoft-built binaries on that list, one of em has to be vulnerable.
Just because it isn't a virus, doesn't mean it won't bite you in the ass...
Hey, network giants: Facebook swigs from an 'open' 6-PACK of tech
HISTORIC HOVER-ROCKET takeoff held up by 'SLEDGEHAMMER' winds
California mulls law to protect your e-privates from warrant-free cops
A law is the wrong way to go
They should be bringing this up to the US Supreme Court. A state law does nothing to prevent the Federal Government from grabbing the data . Besides, all those companies are technically registered in Vermont and/or Ireland so a judge could declare that the law doesn't apply to them. Plus they could just wander over to the datacenter outside of the sate to grab the same information.
All that being said, getting a Federal precedent in front of the SCOTUS will do a hell of a lot more for the privacy of the people (EG, sue the US Federal Government / local police on the grounds of violating the Sixth Amendment and just keep appealing until they get to the US Supreme Court) Hell they could even get a local police department and the ACLU/EFF to cooperate and purposefully manipulate the case to reach that high up.
French plod can BAN access to any website – NO court order needed
RIP SPDY, we hardly knew ye: Google to retire next-gen web protocol
"Google's work on open source .... in stark contrast to Apple or how Microsoft used to work."
I can't agree with you 100% on that...
Microsoft is the largest corporate contributor to the Linux Kernel (To increase compatibility with Hyper-V and other Microsoft products) and Apple sends quite a few code changes up-stream to NetBSD (OS X's underpinnings are based on NetBSD).
ACHTUNG! Scary Linux system backdoor turns boxes into DDoS droids
What exactly is being exploited here?
Is this a bug in sshd? In which case, what versions of sshd? What can be done to mitigate the threat?
The Linux ecosystem is pretty large and there are many different ssh and ssl daemons out there. Hell, there are many different branches of the Linux Kernel itself out in the wild, the part that makes it Linux in the first place...
UK air traffic mega cockup: BOTH server channels failed - report
What kind of OS were you using that it didn't immediately close ICMP packets that it had responded to? Any modern OS would have closed those connections pretty quickly as part of basic Denial-of-Service mitigation. At the very least you should have installed a firewall in front of a machine like this to block connections from machines that capitalize on connections like that (Assuming whatever crap OS you were using wasn't capable of doing such itself).
No wonder you posted anonymous, you were trying to hide your shame after such an embarrassing failure.
Limits on Atomic Functions
So wait, they are running *at* the limit? I figured that something that is meant to guide billions of dollars in aircraft and tens of thousands of lives would have a ridiculous amount of extra resources available. I would think that the system should have a capacity of 512 Atomic Operations across redundant systems so that if one fails you'd still have 63 free operations available to cushion bugs (a 33% buffer).
My company is spinning down their s/390's, so should I be sending them over to NATS rather than just scrap 'em and sell the parts?
France enacts law to block terror and child sexual abuse sites
Toshiba packs NUMERIC KEYPAD onto self-bricking USB drive
Re: TrueCrypt?
The biggest benefit is that it doesn't use TrueCrypt...
Even if 7.1a was declared safe, the fact that there was a security flaw tells me that there might be another one hidden in there, waiting to rear its ugly head.
Besides, there's nothing stopping you from doubling up on security and installing TrueCrypt.
UK official LOSES Mark Duggan shooting discs IN THE POST
We take bots down, but they get up again – you're never going to keep them down
When will the NSA do their damn jobs?
The NSA was set up to protect the United State's infrastructure from foreigners, so why do we still see millions of infected systems reporting to foreign countries? They have the funding and skillset to stop such things, which are a far bigger threat to our economy and safety than terrorists ever were... SO why aren't they even lifting a finger to stop it?
What do China, FBI and UK have in common? All three want backdoors in Western technology
I'm all for audits
I think that any government that cares about its citizens[1] should demand code audits for everything being imported. A proper[2] audit would reveal any backdoors that other countries have demanded to be put in place.
As for forcing backdoors, that reveals the true nature of a Government in that they only care about staying in power, keeping its citizens safe is a side effect (need someone to rule over)...
[1] If anyone knows of one, let me know.
[2] meaning transparent and uncorrupted
Snowden reveals LEVITATION technique of Canada’s spies
Re: airport wifi?
I think its more about intercepting last-minute messages to the terrorists like the 'go / no-go' command, or where to meet their fellow terrorists to coordinate the attack itself.
Or maybe they just want publicity for catching a terrorist whenever someone posts something like "God, another delay, I should blow this place up!" to a social media site.
Top smut site Flashes visitors, leaves behind nasty virus
Facebook kills pic of Mohammed weeks after Zuck's Je suis Charlie!
Bill Gates – I WISH I was like Zuck and spoke Chinese. Yep, I drink poo
Death by Super Intelligences: it'll be the personal assistants
I've always figured that rather than military hardware going wrong that'll kill us, it'll be all the personal assistant programs and robots. A military robot would be chock-full of safeguards and fail-safes where a PA bot would have none (those things cost a lot of money) and are more likely to glitch in a way to kill us: tell you to take more medication than normal, convince us to walk through dangerous neighborhoods, or even just sending the wrong commends to our appliances. Hell they'd be far more susceptible to getting hacked by a malicious human since consumer electronics never have anywhere near the security that they need and they'd be so prevalent that research on them is trivial.
The new Falcon Heavy: MOST POWERFUL ROCKET since the Apollo moonshots
'Boozed up' US drone spook CRASHED UFO into US White House
Re: Not all there
Indeed.
Even if they did regulate something like this, how would they enforce it? At what point do you draw the line between toy and 'unmanned aerial vehicle'?
It'd be impossible to ban the materials to make something like this and prevent people from building them. The only solution I see would be to build a giant mosquito net around the White House to prevent something like this from happening again. Or maybe a ridiculously expensive radar system and a giant laser.
INTERNET of STUFF: Google to replace old Dropcams for $0.00
P0wning for the fjords: Malware turns drones into DEAD PARROT
Mutual Authentication?
Te best solution to prevent this sort of thing might be to have the drone and the controller authenticate themselves at the beginning of the flight and then to ignore commands from anything else until its safely on the ground and powered off.
Or better yet not actually ave firmware on the drone and instead have it on the controller, you'd then plug in a cable to the drone form the controller, it'd copy the code into the drone's RAM and then proceed with startup. Part of this code would be a long symmetrical encryption key from the controller.
Some Androids can be HOSED by WiFi Direct vuln
Re: throws an IllegalArgumentException, crashing the device
The problem is that whoever coded that bit forgot the first rule of machine-to-machine programming: never trust the data coming in to be correct and uncorrupted.
You should always operate under the assumption that the data is broken until you run it through a series of routines to verify that it is correct and to have a method of bailing out safely at any point.
FTC to Internet of Stuff: Security, motherf****r, do you speak it?
Management protocol?
Going forward, I think the best option would be to build something like SNMP for IoT into wireless routers / modems. You'd register the device to the modem and give it a certain amount of data (Device name/type, update URL, version info, data that it sends out) The router would then do basic management of the IoT devices that report to it (comparing the device's version info with what the website offers, see which devices are operating / responding, etc).
Another day, yet another emergency Adobe Flash patch. Because that's how we live now
I wish they'd change their update method
Why can't they use the update mechanism built into the browser, similar to how normal extensions / add-ons update?
I loathe updating flash since it requires to use a separate executable to check for an update, then you have to go to their website (and uncheck the box to download whatever piece of shovelware they are offering this week)and download a full executable, then when the executable is done running, you have to restart your browsers whether or not flash was running at the time or not.
Although its not nearly as bad as the JRE... But that's like saying getting kicked in the leg isn't as bad as getting kicked in the face.
Dark Fibre: Reg man plunges into London's sewers to see how pipe is laid
Cubans defy government's home internet ban with secret home-made network
Re: Mesh network via WiFi modules?
"Unless the Govt. decides to kill or "disappear" anyone caught using it."
Too many people start going missing and the government will have a full-scale rebellion on their hands. People tend to be fairly passive in the face of oppression so long as there isn't a threat to their lives; disappearing too many people tends to push the people over that threshold.
Yeah, I thought about making the CubaSats joke, but felt it was a little too corny...
Mesh network via WiFi modules?
It would be fairly trivial to build a massive mesh network of small modules. Build a small device with an ARM SoC and a couple extra radios, maybe a couple gigs of storage (There are many SoC with all this built-in) and you can have a tiny, portable node with an in-built web server / proxy / caching. Build up a customized version of tor for the routing.
Stick a solar panel on it and a battery to let it last the night, and add a hook or two and you ave a small device that can be hidden nearly anywhere in a public location providing a free network that can't be traced to anyone (stick 'em on top of roofs, utility poles, treetops, sides of buildings). Drop in a couple with a satellite module to provide access to the greater internet.
It'd be trivial and fairly cheap to build them, and not too difficult to flood the country with them. At a high enough rate, the government would be swamped and unable to confiscate them fast enough to kill this kind of network. The difficult part would be getting them into the country and paying for the satellite time (Maybe use weather balloons or cubeSats instead?)
NSA gunning for Google, wants cop-spotting dropped from Waze app
Do we want our police to be a "secret police"
We're already half way there with the PATRIOT ACT. The feds are able to send out National Security Letters (that don't let you tell anyone about them) and are upheld by a court (FISC) that lacks oversight and does not allow any representation to contest the order. The only thing stopping police is the PR nightmare that would be generated...
Oi, Aussie sports fans! Take that selfie stick and stick it
SpaceX makes nice with U.S. Air Force, gets shot at black ops launches
Hola HoloLens: Reg man gets face time with Microsoft's holographic headset
Could actually be used for the opposite
With proper image-recognition software, it might actually be possible to do the opposite: remove ads from the real-world. The headset could be set up to do basic image recognition to compare what you are seeing to a database of advertisements (linked to your current location and the direction you are looking to reduce computational requirements) and replace it with a blank rectangle or maybe nice photos of cats or something. Maybe when you're traveling to a location, replace the image on the billboard with a maps and directions to the next way-point..
The advertising industry would hate it but Microsoft wouldn't care, the lion's share of their income is off of software sales, not ad sales like their competitors.
Mind-controlled clicking
Combine this with Mattel's Mind-flex headset contraption from a few years ago and work on improving it a bit and you'd have your clicking sorted out and maybe a few other controls as well depending on whether they could improve the technology.
With some work, you could totally administer a whole network of computers using a UI like the one form "Hackers".
Your anonymous code contributions probably aren't: boffins
Snowden SLAMS iPhone, claims 'special software' tracks users
US military finds F-35 software is a buggy mess
Skipping tests?
On a $110+ Million dollar piece of hardware? And one that can carry a 340 Kiloton nuke? Are they goddam suicidal? Hopefully they do a better job testing the software (when they get around to it) than they did for the F-22 Raptor where they lost Avionics by crossing the International Date Line and had to get to dry land using only their eyes and dead reckoning...
We can't even get by with skipping a single test on a $1 million dollar project at work, how in the hell are they allowing tests to be skipped on a $1 Trillion project?
Copycat drug souk Silk Road 2.0: Another man cuffed
I wonder how much money they could save by spending on drug rehab centers and other social services. Almost no one starts taking drugs for the hell of it, they do it to fix a problem in their lives, it'd be far better to treat the reason why people take drugs than to keep beating them down while scratching their heads trying to figure out why there is still a drug problem...
Hell, Silk Road is probably reducing crime as most violent drug-related crimes occur at the 'retail' level (distribution to the street level dealers, disputes with other street-level merchants over territory, and disputes between dealers and customers). Such issues that do not appear with Silk Road.
Polish chap builds computer into a mouse
Why induction charging?
Are they just trying to check off another item on the "Useless new feature"? Or do they not understand that portable means not having to carry around the mouse pad and a power adapter.
Although I don't understand how this is an different than taking a smart phone that was built with a Micro-HDMI connector and stripping off the screen, speakers/mic, and cellular radio while re-wiring some buttons to make it a mouse. Oh and making it much more difficult to carry around.
Notorious skin-flick master Max Hardcore goes limp over namesake dot-com
Microsoft Outlook PENETRATED by Chinese 'man-in-the-middle'
Possible Lizard Squad members claim hack of Oz travel insurer
People still buy travel insurance?
I'd thought that independent Travel Insurance had gone the way of Travel Agent once all the major credit card players started offering it for free on the Airline-branded and other loyalty cards... Not to mention that a lot of Insurance companies also offer this as part of their standard packages.
Spavined RadioShack to file for bankruptcy next month – report
Bacon-smoking locals provoke noxious Chinese smog
Recycle the smoke?
Couldn't they build some sort of system that just pumps the smoke right back in and circulates it until its nearly air? From what I understand about the smoking process is that the additional flavor comes form the particulate matter in the smoke itself, so why not use all that you can?