Posts by trarch

How?

This might be a silly question, but why are the POS systems hooked up to the net, and how is it possible for the attackers to find them?

AES

Hardware-based encryption certainly sounds interesting. I'm guessing you have to enter the key in the same way as for conventional laptop hard drives.

Would this mean that applications such as TrueCrypt are no longer needed?

I think it's such a shame that people like him, who obviously have at least some skill/talent/dedication, spend their time and effort on just causing mischief rather than doing something productive and beneficial. I know people bitch a lot about the infosec community, but I'm sure it can't hurt to have a few more white hats around. I've no idea what motivates people to join the dark side, but I find it rather disheartening.

'Friends'

I think what's really interesting is that people are just accepting friend requests left and right. What's the point of 'friending' people you don't even know? Is it to boost your friend count as though that holds some sort of social credibility? Are people really that insecure/lacking that much self-esteem that they want to 'friend' everyone?

Back when I used Facebook, I only ever accepted people whom I was actually friends with and spoke to on a regular occurence. Sure, I only had a few dozen friends on there, but I'd go for quality over quantity anytime.

DPA Compliance

"Facebook Ireland Ltd is already compliant with European Union data protection law and acts as the data controller for these users."

'Europe vs Facebook' begs to differ.

GTFO

"Ghioni said his "precise mechanism" would need the "collaboration" of operating system manufacturers such as Microsoft and Apple to log all activities on their systems, according to the automated translation of the report."

My interpretation of this is system logs that are then uploaded to some central store.

What's next? We all wear pinhole cameras on our coats to monitor what we've been up to?

How soon before Linux becomes outlawed by not following this requirement?

Give me a break.

Step back a bit

I don't particularly like Facebook - I have an account that I log into once every few months just to have a quick look at what old friends are getting up to, but that's it.

That being said, I feel some are being a little harsh in the way they are expressing their opinion of the author for this article. It was not the author suggesting a $1tn valuation, rather citing a WSJ interview article regarding valuations and the 'tech bubble'.

One cannot rule out entirely that Facebook will not be as successful as Google in terms of revenue and worth, however personally I don't see it. Then again, if I could, I would probably be raking in the cash myself working for them.

My gut feeling, though, is that eventually Facebook will be superceded by the next best thing, whatever that may be.

US Involvement

As these are US artists, why aren't the pair being extradited to the US as with the British CS student

(Not that I want that to happen, though)?

The pair blackmailed, planted malware and went on a phishing rampage for financial gain by selling copyrighted material, yet the CS student merely linked to copyrighted material?

Some inconsistencies going on.

FFS

Please tell me they were using at least salted hashes.

Why is it every one of these large companies are apparently hiring complete idiots? I just don't understand, this is such basic stuff. Is there something I'm missing?

Fake, can see the strings

In all seriousness, that is some beautiful-looking technology. The glow of our atmosphere behind it tops it off perfectly.

Eagerly awaiting N.A.O.M.I./L.I.N.D.S.A.Y.

TWO-Factor Authentication

What I don't understand is how the compromise of RSA tokens resulted in network breaches. The purpose of two factors is to prevent problems if somehow one factor is compromised. It shouldn't be feasible for both to be had.

Publishing Details

The site was unavailable when I tried to access it, so I'm just going off the article. If they have actually published the user details (email, password etc.) then they have no credibility whatsoever. You don't start complaining about a lack of security and then just show the contents to the world. Karma - 1 for them.

FTW

"The ban is apparently aimed at attracting more shoppers into the centre of Barnsley – something which could arguably better be achieved by demolishing the place and rebuilding it from scratch."

You, Sir, win. Everything.

Link Bait

Calacanis does anything he can to get attention in order to get page views. He's the king of link baiting.

Deja Vu

SQL injection? Seriously?

Where are the security folk in these companies and what are they doing?

It's just pitiful that these companies are falling down one after another after another.

Log Retention

Can someone please explain what they actually do with the data that they retain?

My first thought was for targeted ads with AdSense, but that uses the current page being displayed if I remember rightly.

Anyway, thumbs down for Schmidt.

Accomplishment

A 16-year-old is doing research like this? I now feel completely insignificant.

Kudos to him though, it's good that there is support and encouragement for such uses of talent.

HR Department Email

Wait, don't tell me... 2011 Recruitment plan.xls?

You'd have thought a place like that would have things seriously locked down.

Locked down like 'no internet access'.

My Quick Fix

Personally, when shopping for items that can be faked in whatever way (USB storage, perfumes etc.) on eBay, I find the most effective way of eliminating 95%+ of fakes is:

Location

[X] UK Only

[ ] Worldwide

Evolution

"but disk I/O has become a bottleneck at the platter surface level, and is set to remain that way."

...for a few years until inevitably SSDs become the norm and our children say "your drives moved!?!"

Or maybe even "drives!?!"

Re: At the risk of universal obloquy...

Probably due to the extensive coverage in the media, one would assume.

If they just sat back idly and watched the events unfold, I'm sure people would have a thing or two (more) to say about our government.

One thing I didn't quite understand in this analysis was the remark about using so few Tornadoes in Libya. Surely this is a good thing as, as pointed out by the author, their payloads, running costs etc. are expensive.

Not that I know anything about military stuff though.

Making a bad situation worse

If hackers really did get to the crown jewels, thus compromising SecurID's security, RSA shouldn't hestitate for even a moment to reveal this information publicly. They cannot be taken seriously as a security vendor if the security of their customers is not their highest priority.

I would have thought the best option would be for them to assume the worst - yes, by all means refresh customers' memory regarding best security practices, but how about also telling them something along the lines of 'While we investigate, assume SecurID is broken and take necessary measures to mitigate its loss', as opposed to keeping quiet and hoping for the best.

Re; Oh, come on

I have to agree; this was certainly an inevitability.

Scumbags indeed, however they are scumbags in general. Turning the disaster into their opportunity makes no difference, and would actually raise an eyebrow if they didn't do so.