Re: Odd world.
Certainly an odd world were people kill each other because they think that their book that tells them that killing is wrong is the right one and thus they must kill anyone who doesn't agree...
2513 publicly visible posts • joined 29 Jun 2009
Persons downloading the report might be able to access the personal data if the document had some kind of embedded queries to a database rather than the data itself (Some pieces of report creation software will do this so it appears that the document is always fresh).
There is also the possibility (But I highly doubt it) that the document could have had some kind of DRM scheme attached to it (such as Microsoft AD-RMS)
So that if the audio connector is accidentally removed before the tone is stopped (via closing microscope App or turning the lamp off) then you don't deafen the user or waste the batteries on bluetooth devices (Bluetooth transceivers will filter out inaudible tones to stop feedback loops but the internal speakers will not)
Most smart phone cameras have a flash nearby that can be used as torches|flashlights. Stick a light pipe on the housing and you have your lamp. You could cut the light pipe so it was stepped-shape in order to get light from flashes at varying distances.
At the very least they could always just pull power from the audio jack via a continuous tone at an inaudible frequency.
The point of the Keystore isn't to obfuscate access to certificates, but rather to put them all in one place and make it much easier to work with using a common API for all your crypto needs rather than having it done on an application-by-application basis.
Yes, the system has to get access to the key from somewhere, in modern computers this would be the TPM in conjunction with SecureBoot. The SYSTEM account's keys are stored in the TPM and without those keys the keystore is unreadable. Of course now the TMP is the weakest link, but if your attackers have the technology to break one of those, I think you have bigger problems.
Besides, if someone malicious has physical access to your machine, it doesn't matter what OS you are using, you have already lost. A system's security isn't just about the OS, you also have to protect
No, every account has its own encryption key used to encrypt the keystore (keys used by the OS are stored in the SYSTEM account's keystore and encrypted with the machine's key).
The source of this key depends on the account type: on locally created accounts the key is made from a one-way hash of the user's password and some other unique data. In directory services, such as Active Directory, the key is stored and generated by the directory software.
The only place the key is stored in plain text is in a protected section of memory (Assuming your MMU isn't a pile of crap) and is processed by non-interruptible software ISR.
Indeed, a few months ago I helped my parents with their garden and unearthed a Lego from when they were kids (about 45 years). It was even in near-pristine condition, especially compared to the nearly-disintegrated plastic bucket that we also found that was from a mere 15 years ago. Seriously, what the hell are the made of? I think they will still be around even after the heat-death of the universe.
What is so special about the Bay Area that tech companies flock there like moths around a flame?
These companies could save truck-loads of cash by moving somewhere else where they don't have to pay their employees quite so much. I understand that a lot of their employees are graduates of the nearby universities, but they could easily relocate them to Portland, pay them $30k less each year and pay for moving expenses, all with both parties having more money in their pockets at the end of the year.
The rent is ridiculous in the Bay Area, I paid the same amount for a tiny studio (~500 Sqft) in SF as I did for a 3-bedroom place (~2000 sqft) in Downtown Seattle.
How much does it take to produce the software on it? I don't think it could possibly bankrupt any of the manufacturers to just give it away, especially when they charge anywhere between $5000 for a basic router all the way up $2 million for the high-end stuff. Hell they might end up saving money by cutting down on the versions they have to maintain, shutting down the authentication servers and laying-off all the account managers responsible for the software support accounts.
HP's networking division seems to be doing well enough despite giving away the software.
Both these companies make their money from advertising, and the value of their advertising is directly proportional to the value of the eyeballs (Value in this case is how likely the viewer is to buy the advertised product). But that value plummets drastically when you add millions of poor people that can't afford clean water, let alone whatever shlock is being shown to them. Hell, did they even think about the fact that very, very few people even have electricity, let alone some type of device that would let them use the internet?
I agree with Gates here in that giving them things to help them live would be a much better investment than them being able to post "Lost my brother to dysentery, second time this year" to TwitFace+.
They'll carry about a week's worth of provisions with them in case of emergency, specifically if something goes wrong at any point in the trip.
As for waste, it is either recycled back into fresh water or stowed in sealed bags and placed in the same compartments the food was carried up in. What better ballast material than something that has the same weight and consistency of what was there before; a balanced spacecraft is a happy spacecraft.
Given how many manufacturers like to cram super-bright blue LEDs into their products, I don't doubt you could go blind from them. I wonder when device manufacturers will realize that blue LEDs produce a far more intense light than the same amount of energy in a red or green LED. There have been many times that I've walked into a datacenter and have been temporarily blinded by locator LEDs right at eye-level.
Exactly,
I have two problems with modern ads:
1) I am wasting cpu cycles and memory to have these things shown due to the hundreds or even thousands of lines of Javascript or Flash/ActionScript running from somewhere else, which brings me to:
2) All that code is hosted on a server that neither myself nor the organization running the website can control and the advertisers don't have much of an incentive to police so long as the money keeps rolling in.
I wouldn't mind advertisements that were just basic JPGs or GIFs hosted on the website itself. I also wouldn't mind if the website shipped its access logs off to the advertiser to analyze, they already end up with all that information and a lot more with the current ad systems.
I had tinkered with the idea of a social-network backed email system some time ago. It would be easy to determine if something is spam in real time with the data they have. If a message is sent to multiple people (or very similar messages are being sent) you'd just check to see if there is some sort of link between the recipients such as going to the same schools, having friends in common, etc. Otherwise you'd block the message as spam.
I'm surprised if they were going for something like this, they wouldn't have also tried to embed more of the virus into images.
The main payload could be nothing but a tiny little script that embeds a decoding routine and exec function into some system library. You could even use a browser update bug and embed this into Chome's or Firefox's SSL libraries (Done properly, you could even sign it with a fake code-signing cert and embed it into the underlying OS so the modified binary looks legit)
The rest of the virus would be embedded in a series of images labeled as 'Desktop Wallpaper' saved as full-color bitmaps at 1920x1080 or something of the like.
Something like this could go unnoticed for a long time
They weren't directly making money off the signal anyway, but indirectly from increased sales of products advertised via those signals. At least with this model, they could request viewership statistics from Aereo and rather than try to sell air-time based on 'Company X bought time from us and their profits went up by X amount, where they could now say 'We have at least X number of viewers on these time slots'
It bothers me to see companies like this getting shut down as it could be a boon for all parties involved. At the very least I could see a deal going with Public TV channels as it would a charitable donation and these channels would have a much wider audience.
'If your answer to that is "but I can control that from a central place" you have just indicated a new APT target, and therein lies the rub.'
You seem to have missed the point. In most networks, anyone inside the company could be launching point for attack, my point is to reduce the number of possible targets. I would rather have the IT department's systems and working harder to protect them than having to worry about the thousand other machines in the company that can access the management interfaces of the critical servers.
Also your comparison to a company that only has a single key is flawed in that I can replace my machines whenever I want and it wouldn't affect a damn thing, where a key needs to be replaced everywhere.
It causes Security engineers to think in terms of having just three networks: Internal, external and a section in-between when modern technology requires thinking in much finer grained terms. With modern OS's supporting virtual interfaces* you should have dozens, even hundreds of separate networks.
What should have happened when they brought the partner on board was to have set up a specific VLAN and subnet for them that connected to virtual NICs on the servers they needed with listeners configured for access to the data and commands they needed to get it or modify it. If something requires a different set of security rules, it should have its own network.
The last network I designed used hundreds of individual network, each web server cluster had 2 private networks and connection to at least 2 other purpose-built networks: 1 external connection to the back-end of the load-balancer shared only among public web servers, a second shared network used only for management of the internet-facing machines (only interface that allowed ssh/sftp access), a third interface only connected between the web servers to sync application data and user state, and finally the last one was set up only for the servers to connect back into the database servers where the listener was configured to only allow connections to the specific DB the web servers needed and further restricted it by limiting what commands could be passed through.
Of course each network also had an IP or two available for packet-capture systems for debugging and performance monitoring (much easier to debug applications when you can just pull the stats from the interface rather than having to filter everything)
*either through the virtualization platform on a virtual server or through the OS (UNIX-like systems and the VLAN interface, Windows and the HW manufacturer's drivers) on physical boxes.
You do know that the little 'read-only' switch on the side of the card is merely a suggestion to the host, right?
In the operating system, the only thing that happens when you try to write to a card that is 'read-only' is that the OS will bitch at you, if you use the OS's built-in that is. However, you can just send the raw write command and data directly to the card without any problem.
However there is a read-only fuse built into the card you might have used, but then that would mean you are using old, vulnerable software since you can never reset it back to read-write.
What you should have done was to set your partitions to read-only except for /home, /tmp and /var/log. To update, you would mount the device you are booting from on another machine,edit fstab to be RW and then reboot to the device and update, reboot back into other OS and reset fstab to mark everything read-only. Of course this assumes you are using an OS that is intelligent enough to partition its data properly and not just cram everything in to one giant partition.
I don't need any more crap in the network racks when I already have the BGP routers, forward firewalls, load balancers, anti-malware engine, IDS/IPS system, web cache appliance, vpn gateways, rear-facing firewalls, packets shapers...
Typical Web 2.0 idiot programmer thinking: "I have no time to check my code for security bugs, I'm too busy inventing the next InstaSnapLinkedFaceGram+. Lets just make something to cover this up and make it the responsibility of the Dev/Ops team!"
Neither, the algorithm they built was able to detect 68% of the known-spam accounts and incorrectly identified 5% of the known-good accounts as spam.
The algorithm wasn't running for 4 months either, the data they were using was on accounts that have been active for 4 months without being flagged but were determined to be spam accounts.