I encourage you to consider the response regarding the local caving website. There are millions of small-time websites hosted by vendors who might be inclined to increase their revenue by injecting this malicious javascript into their customers' websites.
It might not always be the decision of the 'respectable website' to monetize traffic in this manner.
Please go back and read the examples I gave in my original post.
This vulnerability opens up the user's session to being hijacked in a way that alters the content being submitted to any non-HTTPS website. That content could be forum posts or article comments. It could mean any URL posted in a comment could be changed to point at a pharma scam website. The user's browser could receive javascript injection that starts comment-spamming (as the user) a forum or wordpress site in the background.
Packet-level manipulation works both ways-- what the browser receives as well as what the server receives.
By modifying the traffic, the content of the website can be manipulated. In the example I gave, superuser credentials could even be generated if the administrator visits the website and her HTTP transactions are modified by an attacker.
So long as HTTPS isn't implemented, websites could be subjected to modified content submitted by visitors. For instance, browsers visiting self-hosted Wordpress blogs could see a javascript injected into the HTML received. In the background of the session, the user's browser could be comment-spamming the site. If the user is an admin of the site, then the javascript could use the admin's credentials to create other superuser accounts in the background.
Even if the site's content submission forms are protected by captcha, the attacker could simply modify comment submission text to include links to pharmaceutical websites, etc. every time someone posts a comment to a self-hosted, non-HTTPS Wordpress blog. The same would hold true for forum posts.
The security industry would define this as a remote exploit as it does not require physical access to any of the devices nor does it require the attacker to be logged into the target devices. While the attack would result in decrypting any clear text being sent over wifi, the saving grace is that an increasing amount of traffic is sent via HTTPS or SSL, which would provide an additional barrier to an attacker seeing login credentials for remote websites, etc.
The most dramatic concern here is that non-HTTPS traffic is prone to injection of malware and exploitation of vulnerabilities on the client devices. Even if a user doesn't browse a sketchy website, suddenly a site like slashdot.org might seem to send code to a user's phone or laptop that could perform a remote code exploit.
As 140Mandak suggests, it would be trivial to assemble a cheap box (think raspberry pi 3) that sits at a public wifi location and automatically attempts to hack all older Android phones that connect to the network.
I think you're missing the point of the OP preferring the certainty of vision enabled by the black-and-white format. As the name implies, "Green Acres" and its ilk introduce a slippery slope of variable color palettes that are unpredictable and inconsistent in their ability to accurately represent the stark reality of right and wrong in our world.
Not to mention the theft of imagination perpetrated by RGB pixels. Does the audience need to be spoonfed that Opie's hair is red? Let the character develop that understanding through exposing persistent vulnerabilities so the audience gradually acknowledges subconsciously that the Opie character is driven by recessive ginger traits.
Although a bit less convenient, I enjoy riding my bicycle to the local public library and checking out bluray discs. The waiting list can sometimes be long for new releases, but anything released over a year ago are usually readily available. Our library system supports reserving a titled via their web page and then they'll transport it from a remote branch to my local branch for pickup over the course of a couple of days.
Pity those motherboards and CPUs used as a virtual machine host that don't support VT-x and can't run 64-bit VMs even though the host OS can be 64-bit.
Archville7 is incredibly correct here and deserves +9999 modpoints for pointing out the hysterics and idiocy of the OP.
Just wanted to extend this with more details.
When the OP asks, "Who was wanting FaceID?" I can help with that.
Physical buttons on consumer hardware are expensive. I mean that in terms of production, warranty, maintenance, and customer satisfaction. I mean that last one in terms not in usability, but in terms of anger of out-of-warranty broken buttons rendering a device useless. This is why low-end devices will sometimes employ the "function" key that modifies the behavior of other buttons when it is held down simultaneously with them. Suddenly, a user can enjoy myriad functionality while keeping the overall cost the same on the above-mentioned metrics.
The touch screen interface liberated the hardware manufacturers from this button-oppressed UI constraint. Designers were free to conceive all kinds of user interfaces for phones and other products without the burden of physical button expense.
The tricky thing about that home button, though, is it has always been a lynchpin for functionality. If that thing breaks, the whole device can't be used. And with TouchID, even moreso because the part can't be replaced easily. It's a key (no pun intended) component of the security infrastructure and can only be replaced by Apple with an expensive process and stockpile of parts. A failure in the TouchID home button is crushing on all of the button-expense metrics-- "warranty, maintenance, and customer satisfaction."
FaceID solves all of that. The people who were asking for that were the manufacturer as well as their customers (unknowningly).
HBI- Please regale us with the 'trustworthy' source of information that highlights John McAfee as a stable, intelligent, truthful human being. I'm all ears.
Whether he's crazy or pretending to be crazy is a non-issue. Delusional rantings are still unworthy of our attention whether they are intentionally delusional or authentic.
I'm sorry, but you lost me when in the headline just after:
"John McAfee said.."
The best use of my time and attention is to keep walking down the sidewalk when I hear the delusional rantings of a person probably off his or her meds. No eye contact. Just keep walking.
Apple switched to Intel because the PowerPC consortium wasn't delivering on their commitments for R & D sufficient to stay competitive with the power / performance ratio of Intel. Apple hardware was falling behind PC hardware. Part of why Steve Jobs was able to convince the Apple BOD to buy NeXT was because their OS was already able to deploy on either architecture.
Intel's R & D investments were justified by the guaranteed volume. PowerPC was a niche server (IBM) and desktop (Apple) player, in contrast.
If Apple buys AMD, then they're taking on the enormous R & D expense again to outperform Intel. To defray that expense, they'd have to maintain channels with other platforms they might eventually want to compete with like PlayStation and XboX. It works better for Apple to play both CPU vendors against each other for negotiating the best vendor contracts. Don't get me wrong, I'd like to think one of the reasons AMD investors were convinced to fund Threadripper R & D was because Apple was guaranteeing a bulk purchase for the forthcoming MacPRO pending AMD's ability to deliver a compelling power / performance ration. I'd love to build my next hackintosh on an AMD platform.
Any professional outfit will test a new release (in-house or commercial product) thoroughly before letting it get anywhere close to an environment where their business is at stake.
This process can take anywhere from a day or two to several months, depending on the complexity of the operation, the scope of the changes, HOW MANY (developers note: not if any) bugs are found and whether any alterations to working practices have to be introduced.
I wanted to chime in with a tangible anecdote to support your observations here.
I work for an enterprise software company. One of our customers is a large credit card company. After our company was five years old, that credit card company still staffed more implementers / developers / testers dedicated to deploying our product throughout their organization than we staffed developers in our entire engineering team.
3. Install OpenVPN on my laptop. Verify against DNS leakage.
That process took about 15 minutes to set up and it's pretty straightforward. Security may be additionally enhanced by locating the remote VPS in another country, though your performance may suffer. The monthly cost of the VPS can be defrayed by using the server to host websites and files in addition to its service as a VPN gateway.
It would be helpful to readers if the summary contained any info at all about the company's main product or reason why this is significant. Instead, the summary dwells only on the method of the layoffs, which is not original at all.
Check this handy guide. It's across the board cheaper to use natural gas in homes for appliances than electricity. BTW, I trust that source as I used to work with the author in the nineties and have followed him ever since then.
According to this article, the estimated price is $21.85 per sq. ft. If you have a single-story, 2800 sf. home, and you decide to cover the ENTIRE roof with these tiles, then yeah, you're looking at $70k. Most people building new homes will go with multiple stories, so total square feet of roof space will be something less. And because of sun angle, it's likely the entire roof will not be covered. Though, if you're making that kind of investment, you better design your entire roof to be facing the sun!
That article also claims a warranty for the life of your home, not 30 years.
...But until the arrival of CRISPR, virologists lacked the tools to easily alter ferret genes. Xiaoqun Wang and his colleagues at the Chinese Academy of Sciences in Beijing have used CRISPR to tweak genes involved in ferret brain development, and they are now using it to modify the animals' susceptibility to the flu virus. He says that he will make the model available to infectious-disease researchers.
Note the open-source mindset already beginning to surround CRISPR! Researchers are exchanging their CRISPR recipes without concern for patents and intellectual property. This can really accelerate progress with developing CRISPR-based treatments.
Check out this slide I saw at an Oracle presentation last month in Austin, Texas. The creator of that slide probably thought they were demonstrating diversity by including different ethnicities and genders from stock photos.
But consider how certain roles implying advanced status or experience are aligned with white men and lower-skilled roles are filled by women.
1. Mobile Developer (kind of a light type of programming, accessible job without deep experience) -- hip, young Asian woman.
2. Service Developers (dry programming that requires deep experience in boring stuff like databases and heavy-duty programming languages) -- Indian guy
3. LOB Stakeholder (some kind of business decision maker) -- white, bald guy in a suit
4. MCS Admin (no idea what MCS is, but "admin" means clerical administration no doubt.. low barrier to entry, probably no degree required) -- black woman
5. Enterprise Architect (big on training, probably CS degree, decades of IS experience) -- white man
Why can't the black woman be the LOB Stakeholder or the Enterprise Architect in this slide?
...sell them to the National Enquirer without fear of legal repercussions.
I assume you mean that the National Enquirer would buy them to simply burn the documents. They are robust Donald Trump supporters and currently feature a story on the front page proclaiming "Trump finally caught the WH leaker!"
The best media outlet to sell them to would be Penthouse or Hustler.
I wouldn't expect any legal repercussions for the packet-sniffer as we just saw Rachel Maddow handling Trump's tax returns from 2005 and she is not in jail.
This is totally true and feasible in the enterprise. I work for a company that sells a product that aggregates all existing accounts, and then periodically sends out emails to managers saying, "Here's a list of accounts belonging to your team." The manager has to approve each one or revoke them. That way, there is accountability down the road if it turns out there were lingering accounts that shouldn't have been accessible or exploitable. Can also be used to certify the accounts on each remote application by the application "owner" or administrator.
These certifications are then reviewed by third-party auditors to validate their completeness. Several other vendors offer similar variations of this functionality.
Slashdot Mirror
I encourage you to consider the response regarding the local caving website. There are millions of small-time websites hosted by vendors who might be inclined to increase their revenue by injecting this malicious javascript into their customers' websites.
It might not always be the decision of the 'respectable website' to monetize traffic in this manner.
Please go back and read the examples I gave in my original post.
This vulnerability opens up the user's session to being hijacked in a way that alters the content being submitted to any non-HTTPS website. That content could be forum posts or article comments. It could mean any URL posted in a comment could be changed to point at a pharma scam website. The user's browser could receive javascript injection that starts comment-spamming (as the user) a forum or wordpress site in the background.
Packet-level manipulation works both ways-- what the browser receives as well as what the server receives.
By modifying the traffic, the content of the website can be manipulated. In the example I gave, superuser credentials could even be generated if the administrator visits the website and her HTTP transactions are modified by an attacker.
So long as HTTPS isn't implemented, websites could be subjected to modified content submitted by visitors. For instance, browsers visiting self-hosted Wordpress blogs could see a javascript injected into the HTML received. In the background of the session, the user's browser could be comment-spamming the site. If the user is an admin of the site, then the javascript could use the admin's credentials to create other superuser accounts in the background.
Even if the site's content submission forms are protected by captcha, the attacker could simply modify comment submission text to include links to pharmaceutical websites, etc. every time someone posts a comment to a self-hosted, non-HTTPS Wordpress blog. The same would hold true for forum posts.
The security industry would define this as a remote exploit as it does not require physical access to any of the devices nor does it require the attacker to be logged into the target devices. While the attack would result in decrypting any clear text being sent over wifi, the saving grace is that an increasing amount of traffic is sent via HTTPS or SSL, which would provide an additional barrier to an attacker seeing login credentials for remote websites, etc.
The most dramatic concern here is that non-HTTPS traffic is prone to injection of malware and exploitation of vulnerabilities on the client devices. Even if a user doesn't browse a sketchy website, suddenly a site like slashdot.org might seem to send code to a user's phone or laptop that could perform a remote code exploit.
As 140Mandak suggests, it would be trivial to assemble a cheap box (think raspberry pi 3) that sits at a public wifi location and automatically attempts to hack all older Android phones that connect to the network.
Tin isn't an element, however.
I think you're missing the point of the OP preferring the certainty of vision enabled by the black-and-white format. As the name implies, "Green Acres" and its ilk introduce a slippery slope of variable color palettes that are unpredictable and inconsistent in their ability to accurately represent the stark reality of right and wrong in our world.
Not to mention the theft of imagination perpetrated by RGB pixels. Does the audience need to be spoonfed that Opie's hair is red? Let the character develop that understanding through exposing persistent vulnerabilities so the audience gradually acknowledges subconsciously that the Opie character is driven by recessive ginger traits.
Although a bit less convenient, I enjoy riding my bicycle to the local public library and checking out bluray discs. The waiting list can sometimes be long for new releases, but anything released over a year ago are usually readily available. Our library system supports reserving a titled via their web page and then they'll transport it from a remote branch to my local branch for pickup over the course of a couple of days.
Pity those motherboards and CPUs used as a virtual machine host that don't support VT-x and can't run 64-bit VMs even though the host OS can be 64-bit.
Archville7 is incredibly correct here and deserves +9999 modpoints for pointing out the hysterics and idiocy of the OP.
Just wanted to extend this with more details.
When the OP asks, "Who was wanting FaceID?" I can help with that.
Physical buttons on consumer hardware are expensive. I mean that in terms of production, warranty, maintenance, and customer satisfaction. I mean that last one in terms not in usability, but in terms of anger of out-of-warranty broken buttons rendering a device useless. This is why low-end devices will sometimes employ the "function" key that modifies the behavior of other buttons when it is held down simultaneously with them. Suddenly, a user can enjoy myriad functionality while keeping the overall cost the same on the above-mentioned metrics.
The touch screen interface liberated the hardware manufacturers from this button-oppressed UI constraint. Designers were free to conceive all kinds of user interfaces for phones and other products without the burden of physical button expense.
The tricky thing about that home button, though, is it has always been a lynchpin for functionality. If that thing breaks, the whole device can't be used. And with TouchID, even moreso because the part can't be replaced easily. It's a key (no pun intended) component of the security infrastructure and can only be replaced by Apple with an expensive process and stockpile of parts. A failure in the TouchID home button is crushing on all of the button-expense metrics-- "warranty, maintenance, and customer satisfaction."
FaceID solves all of that. The people who were asking for that were the manufacturer as well as their customers (unknowningly).
HBI- Please regale us with the 'trustworthy' source of information that highlights John McAfee as a stable, intelligent, truthful human being. I'm all ears.
Clonehappy- come now. Has the public consciousness forgotten this old McAfee chestnut from last year?
McAfee Says He Lied About iPhone Hacking Method To Get Public Attention
Calling the man "batshit crazy" is not a criticism. He aspires to the title.
Whether he's crazy or pretending to be crazy is a non-issue. Delusional rantings are still unworthy of our attention whether they are intentionally delusional or authentic.
The best use of my time and attention is to keep walking down the sidewalk when I hear the delusional rantings of a person probably off his or her meds. No eye contact. Just keep walking.
Apple switched to Intel because the PowerPC consortium wasn't delivering on their commitments for R & D sufficient to stay competitive with the power / performance ratio of Intel. Apple hardware was falling behind PC hardware. Part of why Steve Jobs was able to convince the Apple BOD to buy NeXT was because their OS was already able to deploy on either architecture.
Intel's R & D investments were justified by the guaranteed volume. PowerPC was a niche server (IBM) and desktop (Apple) player, in contrast.
If Apple buys AMD, then they're taking on the enormous R & D expense again to outperform Intel. To defray that expense, they'd have to maintain channels with other platforms they might eventually want to compete with like PlayStation and XboX. It works better for Apple to play both CPU vendors against each other for negotiating the best vendor contracts. Don't get me wrong, I'd like to think one of the reasons AMD investors were convinced to fund Threadripper R & D was because Apple was guaranteeing a bulk purchase for the forthcoming MacPRO pending AMD's ability to deliver a compelling power / performance ration. I'd love to build my next hackintosh on an AMD platform.
I wanted to chime in with a tangible anecdote to support your observations here.
I work for an enterprise software company. One of our customers is a large credit card company. After our company was five years old, that credit card company still staffed more implementers / developers / testers dedicated to deploying our product throughout their organization than we staffed developers in our entire engineering team.
Talk about a ripple effect....
Introduce noise to the data by purchasing tickets to see Emoji movie, but actually seat yourself in the War for the Planet of the Apes auditorium.
Here's what I did. Perhaps it would work for your level of security / privacy needs:
1. Rent VPS (Virtual Private Server) running linux. From my vendor, I get 2TB of data transfer per month for less than $5.00.
2. Set up OpenVPN on remote CentOS linux server.
3. Install OpenVPN on my laptop. Verify against DNS leakage.
That process took about 15 minutes to set up and it's pretty straightforward. Security may be additionally enhanced by locating the remote VPS in another country, though your performance may suffer. The monthly cost of the VPS can be defrayed by using the server to host websites and files in addition to its service as a VPN gateway.
And just this moment on a Russian aircraft carrier docked off the Siberian coast, a banner unfurls that reads in Russian, "Mission Accomplished."
It would be helpful to readers if the summary contained any info at all about the company's main product or reason why this is significant. Instead, the summary dwells only on the method of the layoffs, which is not original at all.
Check this handy guide. It's across the board cheaper to use natural gas in homes for appliances than electricity. BTW, I trust that source as I used to work with the author in the nineties and have followed him ever since then.
According to this article, the estimated price is $21.85 per sq. ft. If you have a single-story, 2800 sf. home, and you decide to cover the ENTIRE roof with these tiles, then yeah, you're looking at $70k. Most people building new homes will go with multiple stories, so total square feet of roof space will be something less. And because of sun angle, it's likely the entire roof will not be covered. Though, if you're making that kind of investment, you better design your entire roof to be facing the sun!
That article also claims a warranty for the life of your home, not 30 years.
Per this article in Scientific American--
Note the open-source mindset already beginning to surround CRISPR! Researchers are exchanging their CRISPR recipes without concern for patents and intellectual property. This can really accelerate progress with developing CRISPR-based treatments.
Check out this slide I saw at an Oracle presentation last month in Austin, Texas. The creator of that slide probably thought they were demonstrating diversity by including different ethnicities and genders from stock photos.
But consider how certain roles implying advanced status or experience are aligned with white men and lower-skilled roles are filled by women.
1. Mobile Developer (kind of a light type of programming, accessible job without deep experience) -- hip, young Asian woman.
2. Service Developers (dry programming that requires deep experience in boring stuff like databases and heavy-duty programming languages) -- Indian guy
3. LOB Stakeholder (some kind of business decision maker) -- white, bald guy in a suit
4. MCS Admin (no idea what MCS is, but "admin" means clerical administration no doubt.. low barrier to entry, probably no degree required) -- black woman
5. Enterprise Architect (big on training, probably CS degree, decades of IS experience) -- white man
Why can't the black woman be the LOB Stakeholder or the Enterprise Architect in this slide?
I assume you mean that the National Enquirer would buy them to simply burn the documents. They are robust Donald Trump supporters and currently feature a story on the front page proclaiming "Trump finally caught the WH leaker!"
The best media outlet to sell them to would be Penthouse or Hustler.
I wouldn't expect any legal repercussions for the packet-sniffer as we just saw Rachel Maddow handling Trump's tax returns from 2005 and she is not in jail.
This is totally true and feasible in the enterprise. I work for a company that sells a product that aggregates all existing accounts, and then periodically sends out emails to managers saying, "Here's a list of accounts belonging to your team." The manager has to approve each one or revoke them. That way, there is accountability down the road if it turns out there were lingering accounts that shouldn't have been accessible or exploitable. Can also be used to certify the accounts on each remote application by the application "owner" or administrator.
These certifications are then reviewed by third-party auditors to validate their completeness. Several other vendors offer similar variations of this functionality.