When kept updated, antivirus software should do a pretty good job keeping all the older, known attacks out of the door. That leaves only a (relative small) number of new attacks that can affect you.
Combine that with some proper lockdown of the computer (not running as admin/root should help a lot, for example) and you can keep many of those newer attacks at bay as well.
For that part, the problem lies with the browsers.
I still think this whole "signed by trusted CA" is nonsensical. Instead. a browser should do a different check: is the certificate we have on file from the previous visit to this site, the same as the certificate the site presents us now? If not, something is fishy (unless the old certificate has expired, or the new is signed with the old).
Such a simple check on the client side would completely thwart any such buying out of a trusted CA.
The chance that your very first visit to a site is compromised already, is extremely slim, as an attacker would have to lie in wait hoping to intercept traffic that may never happen. That chance may be even smaller than the chance of a CA being compromised (which we know actually has happened before).
He should have talked about the light bulbs on the ISS. If you include transport cost, they're probably even more expensive. And that may not even be that special bulbs.
I see. Then they're going to have a problem finding good pilots when their salaries offered are low.
People want to be paid for their services - if not in the form of training, it's got to be cash.
Four year contracts are quite short, imho, when it includes such an expensive training. I expected more like eight or ten year contracts for those positions.
I always thought the normal career was the other direction. Join the army, be trained for helicopter pilot (paid for by the government instead of using a study loan to pay for a commercial training), finish your contract, move to the private sector.
Is it even legal for AT&T to just hand over personal data, to anyone who asks for it? Don't you guys over in the US have privacy laws, preventing or at the very least tightly regulating this kind of data transfer?
Otherwise, why would anyone ever bother with subpoenas and so to get such information?
Personal data is valuable. If AT&T can freely sell it to the CIA, what's stopping them to sell to other companies, for use as marketing purposes, or maybe even for identity theft purposes?
If so, it'd truly be the only currency in existence, or that has ever existed, that has seen this problem. And that by itself should be a massive red flag.
The problem is those evil pedophiles, praying on our children, preferably online.
To prevent that from happening, significant and highly invasive surveillance is needed because those evil pedophiles are so good at hiding their activities.
So it's those evil pedophiles ruining all our lives, not those saints working at GCHQ and NSA and the rest, those glorious people keeping us all safe and protected from those pedophiles, and all we have to do is give them complete insight in all our communications and our private lives. A tiny offer to make, just think of the children!
Full disclosure: I'm practicing for a new career as politician. Aiming for a +5 insightful. As soon as I can manage that, will run for office!
Good luck indeed. Why would be want to conspire against a government that protects us so well, prevents any evil to happen, and when it happens will make sure those evil-doers get caught immediately?! They're the best, the most true leaders. Nothing wrong with that, right?
Now I know Americans are quite geographically-challenged, but I thought at least you guys know the difference between North (where Alaska is) and South (where South America is - that one is easy, it's in the name even).
By the way, Antarctica is also not exactly close to Alaska. Hint: it's even more south than South America.
Again China with its mega-cities (it has many cities with >10 mln people - how many of those are there in the US?) has more people live really close together. It also has lots of very empty countryside.
Such a limited reaction doesn't bode well for when someone decides to empty their machine gun there. Which, according to pro-gun activists, should not be able to result in many deaths with so many guns around.
If there is such a link, a country like China (much poorer than the US) should have a much higher gun death ratio. It's not what that country is known for. Within Europe, the poorer eastern parts (far lower incomes than the US on average) also don't have serious gun issues.
Poverty may or may not have to do with it - it's obviously not the only thing. Homicide rates (and other gun related deaths even more so) in the US are well above those of other developed countries that are currently not experiencing a war.
Do you realise that every year many more people die from gun violence in the US than in almost completely unarmed Europe? This while the population of Europe is nearly twice that of the US?
And by the way, are you talking about this no-guns-allowed NRA conference where everyone went home safely, or this bring-all-your-guns NRA conference where one got off by accident, and as a result everybody started to randomly spew around bullets, and 20 visitors didn't make it home?
Very simple answer. "We stopped many terrorists from even trying! Our presence and security means they're not even considering these plots. Take us away and the floodgates are open."
Of course. Just make sure you shoot before he sets off that bomb. And make sure your fellow passengers don't shoot you thinking you're a terrorist as you just shot the other guy.
And in no-time we have a nice shoot-out. Just hope the cockpit has bulletproofing so the pilot can survive and at least put the aircraft back on the ground.
According to TFS the box is sound-proof. So you can't record sound. And this may be why they use lead; it's heavy which may stop the sound vibrations better than light metals like aluminium.
This appears to be a generic attack, not a targeted. The summary suggests the infection was accidental, and there is no evidence that this person was targeted specifically - like with the Stuxnet virus that targeted a very specific set of components.
Researcher says he noticed his systems doing stuff spontaneously, he evidently didn't write it himself, so it was an external source.
That's why I call it implausible. It's not likely the attacker would have known the exact configuration the researcher has, nor is there an apparent reason to attack this researcher using such a sophisticated method.
What I don't understand is why Amazon actually cares about that.
They are a company that is located in a certain location (well maybe a few), and they sell out of that one company, and thus have to pay sales tax for that very place they are. They'll have to figure out once how much that is, after that they're done. They don't sell in the location where the customer is.
Just like if you go to a book store, the brick and mortar type, you pay the sales taxes that depend on whatever that location happens to have to pay. Not the sales taxes related to where your home happens to be. Or that retailer should charge different prices for different customers, depending on where they happen to live.
Treating those Internet sales companies as what they are - a mail order company, with a physical presence and physical warehouse out of which they sell their physical goods - should solve this whole issue in one go.
Slashdot Mirror
Has any hijacking been attempted since? I can't really recall any. Besides, aircraft high jackings have been out of fashion since the late 1980s.
When kept updated, antivirus software should do a pretty good job keeping all the older, known attacks out of the door. That leaves only a (relative small) number of new attacks that can affect you.
Combine that with some proper lockdown of the computer (not running as admin/root should help a lot, for example) and you can keep many of those newer attacks at bay as well.
For that part, the problem lies with the browsers.
I still think this whole "signed by trusted CA" is nonsensical. Instead. a browser should do a different check: is the certificate we have on file from the previous visit to this site, the same as the certificate the site presents us now? If not, something is fishy (unless the old certificate has expired, or the new is signed with the old).
Such a simple check on the client side would completely thwart any such buying out of a trusted CA.
The chance that your very first visit to a site is compromised already, is extremely slim, as an attacker would have to lie in wait hoping to intercept traffic that may never happen. That chance may be even smaller than the chance of a CA being compromised (which we know actually has happened before).
Stupid guy
He should have talked about the light bulbs on the ISS. If you include transport cost, they're probably even more expensive. And that may not even be that special bulbs.
Note that this is primarily targeting companies needing UPLOAD capacity. Where normal consumers use download mostly.
I wonder what the transfer rates are in this bundle.
I see. Then they're going to have a problem finding good pilots when their salaries offered are low.
People want to be paid for their services - if not in the form of training, it's got to be cash.
Four year contracts are quite short, imho, when it includes such an expensive training. I expected more like eight or ten year contracts for those positions.
I always thought the normal career was the other direction. Join the army, be trained for helicopter pilot (paid for by the government instead of using a study loan to pay for a commercial training), finish your contract, move to the private sector.
Don't stop reading halfway, even if the post is as long as that of GP. You missed his actual joke.
Is it even legal for AT&T to just hand over personal data, to anyone who asks for it? Don't you guys over in the US have privacy laws, preventing or at the very least tightly regulating this kind of data transfer?
Otherwise, why would anyone ever bother with subpoenas and so to get such information?
Personal data is valuable. If AT&T can freely sell it to the CIA, what's stopping them to sell to other companies, for use as marketing purposes, or maybe even for identity theft purposes?
This sounds more like Google helping the NSA in data collection.
Don't know yet. I'm not from UK or US, that complicates matters. Never imagined I'd ever achieve this goal!
If so, it'd truly be the only currency in existence, or that has ever existed, that has seen this problem. And that by itself should be a massive red flag.
NO, you get that the wrong way around
The problem is those evil pedophiles, praying on our children, preferably online.
To prevent that from happening, significant and highly invasive surveillance is needed because those evil pedophiles are so good at hiding their activities.
So it's those evil pedophiles ruining all our lives, not those saints working at GCHQ and NSA and the rest, those glorious people keeping us all safe and protected from those pedophiles, and all we have to do is give them complete insight in all our communications and our private lives. A tiny offer to make, just think of the children!
Full disclosure: I'm practicing for a new career as politician. Aiming for a +5 insightful. As soon as I can manage that, will run for office!
Good luck indeed. Why would be want to conspire against a government that protects us so well, prevents any evil to happen, and when it happens will make sure those evil-doers get caught immediately?! They're the best, the most true leaders. Nothing wrong with that, right?
Now I know Americans are quite geographically-challenged, but I thought at least you guys know the difference between North (where Alaska is) and South (where South America is - that one is easy, it's in the name even).
By the way, Antarctica is also not exactly close to Alaska. Hint: it's even more south than South America.
Again China with its mega-cities (it has many cities with >10 mln people - how many of those are there in the US?) has more people live really close together. It also has lots of very empty countryside.
Such a limited reaction doesn't bode well for when someone decides to empty their machine gun there. Which, according to pro-gun activists, should not be able to result in many deaths with so many guns around.
If there is such a link, a country like China (much poorer than the US) should have a much higher gun death ratio. It's not what that country is known for. Within Europe, the poorer eastern parts (far lower incomes than the US on average) also don't have serious gun issues.
Poverty may or may not have to do with it - it's obviously not the only thing. Homicide rates (and other gun related deaths even more so) in the US are well above those of other developed countries that are currently not experiencing a war.
Do you realise that every year many more people die from gun violence in the US than in almost completely unarmed Europe? This while the population of Europe is nearly twice that of the US?
And by the way, are you talking about this no-guns-allowed NRA conference where everyone went home safely, or this bring-all-your-guns NRA conference where one got off by accident, and as a result everybody started to randomly spew around bullets, and 20 visitors didn't make it home?
Very simple answer. "We stopped many terrorists from even trying! Our presence and security means they're not even considering these plots. Take us away and the floodgates are open."
Of course. Just make sure you shoot before he sets off that bomb. And make sure your fellow passengers don't shoot you thinking you're a terrorist as you just shot the other guy.
And in no-time we have a nice shoot-out. Just hope the cockpit has bulletproofing so the pilot can survive and at least put the aircraft back on the ground.
That you have to worry about Russia doesn't mean you don't have to worry about the USA.
And indeed the likelihood of the NSA listening in is possibly as high as all the others combined.
According to TFS the box is sound-proof. So you can't record sound. And this may be why they use lead; it's heavy which may stop the sound vibrations better than light metals like aluminium.
This appears to be a generic attack, not a targeted. The summary suggests the infection was accidental, and there is no evidence that this person was targeted specifically - like with the Stuxnet virus that targeted a very specific set of components.
Researcher says he noticed his systems doing stuff spontaneously, he evidently didn't write it himself, so it was an external source.
That's why I call it implausible. It's not likely the attacker would have known the exact configuration the researcher has, nor is there an apparent reason to attack this researcher using such a sophisticated method.
What I don't understand is why Amazon actually cares about that.
They are a company that is located in a certain location (well maybe a few), and they sell out of that one company, and thus have to pay sales tax for that very place they are. They'll have to figure out once how much that is, after that they're done. They don't sell in the location where the customer is.
Just like if you go to a book store, the brick and mortar type, you pay the sales taxes that depend on whatever that location happens to have to pay. Not the sales taxes related to where your home happens to be. Or that retailer should charge different prices for different customers, depending on where they happen to live.
Treating those Internet sales companies as what they are - a mail order company, with a physical presence and physical warehouse out of which they sell their physical goods - should solve this whole issue in one go.