The AI we have today is not capable of the kind of malice that people seem to be afraid of with all of these FUD stories, and will not be any time soon if ever. Even if we add some AI to things like drones which can kill people it is only the malice/incompetence of the developer that causes the destruction that results. If an engineer built a bridge woefully inadequately, either on purpose or because he is incompetent, and it falls down and kills a bunch of people would you blame the bridge or the engineer? We are not even remotely close to the Terminator level strong AI, and it's still a big open question whether such a thing is even possible at all.
Formal logic: Yes
Troubleshooting: Yes
Basic computer skills: Yes
The fewer people who think computers are magical devil machines and can figure out how to solve technical problems on their own the better, but the vast majority of people will not write programs.
Half the web developers out there can't even prevent simple cross site scripting let alone the dozens of other common threats that exist in web development. As with adding any other new development feature, it's just giving people who don't know any better more ammunition to shoot themselves in the foot with. There needs to be more focus on educating developers on security instead of trying to cram every new buzzword tech they can into their application.
There was a company that already tried to do this with games, they got some VC money and then ran into the dirt. At this point the vast majority of user hardware is all but useless for mining. This would have worked a couple of years ago, but not now.
That would seem to be a matter of what the default configuration is. Do these DNS servers have these protections enabled by default, and are then disabled? Is it that they left it off by default on older versions? Do they still leave it off by default?
Shockwave hasn't been used much for a quite a while, unless you are referring to flash (but hopefully html video will kill that eventuall). Javascript on the other hand is going to be around for quite a while, what we are more likely to see will be things like signed javascript or some other security mechanism like that added to it.
This article makes very little sense to me. They don't mention what the crypto algorithm was or who was pushing it as the "next gen standard". I don't know of any proposed cryptographic standard with 923 bit anything.
Taking a quick look at the JavaScript they use there doesn't appear to be anything particularly unusual going on such as browser fingerprinting, or even as encompassing as evercookie which can be easily defeated using built in browser options. The only thing that seems different about it is that it attempts to use more storage techniques than other tracking services, browser local storage , e-tag tracking, and ie userdata storage in addition to the common browser and flash cookies. To say that it "can't be dodged", while possibly true for the average user, doesn't hold for anyone who knows how to configure their browser for greater privacy.
With no flash or javascript you get a gif version, just by taking the first frame and putting it into even a free ocr application it was able to get the letters for the captcha. This is nothing more than more advertising hocus pocus, as a captcha its pretty much worthless.
http://imgur.com/5GfsU.jpghttp://www.free-ocr.com/
I just took a look at their site, which I thought must be amazing for that kind of money, and I found this:
What exactly Birmingham City Council up to!? Perhaps the money is going someplace a bit more nefarious.
I have the same name as a Canadian hockey player, though unintentionally, and virtually every result for my name on Google is for him. If your name is common enough and you practice information control over yourself you can almost completely avoid being in Google's system. The real problem is that youths are willing to give out vast amounts of personal information, partially because they don't realize the value of such information and partially because they are stupid kids.
Are you sure you aren't confusing symmetric and asymmetric crypto keys? I don't think 128 bit has ever been considered unbreakable for asymmetric keys, 1024-2048 has been the standard for asymmetric since I have known about it. For symmetric, 128 bit is still considered secure and is still the standard for AES, although many applications are moving to 256 bit.
I for one am glad they aren't policing internet interactions in gaming, the last thing I want is game companies being forced to attempt to censor every bad word to kowtow to the ESRB for an M rating. As for all the companies that already attempt to do it, good luck with your stupid useless endeavor.
I still buy CD's as well, but it's mainly due to a lack of quality online downloads. When you buy a game at a store or on Steam you get exactly the same game, but buying a lossy mp3 isn't the same as ripping a CD to FLAC. If there were some decent online retailers of lossless audio I would probably buy from there.
I mean any malware author. Code execution vulnerabilities in non-executable file formats like images or documents can get through email and intrusion detection systems much more easily than exe's.
I still very much doubt it, for the simple reason that if this was indeed a publicly known vulnerability that required no javascript and could be executed by opening an image file every hacker and their grandma would be using it right now. Those sorts of exploits are very valuable to malware authors.
I really wish you would upload a sample someplace because I have never heard of anything like this. The last widely exploited image file based exploits that I know of was the ANI and WMF vulnerabilities, and those have been patched a while ago.
Uhh, what? I have no idea what this "JPG exploit" your talking about is. Conflicker spreads through the MS08-067 RPC vulnerability, removable media, and shared folders; nothing to do with IE or jpegs.
Slashdot Mirror
The AI we have today is not capable of the kind of malice that people seem to be afraid of with all of these FUD stories, and will not be any time soon if ever. Even if we add some AI to things like drones which can kill people it is only the malice/incompetence of the developer that causes the destruction that results. If an engineer built a bridge woefully inadequately, either on purpose or because he is incompetent, and it falls down and kills a bunch of people would you blame the bridge or the engineer? We are not even remotely close to the Terminator level strong AI, and it's still a big open question whether such a thing is even possible at all.
Formal logic: Yes Troubleshooting: Yes Basic computer skills: Yes The fewer people who think computers are magical devil machines and can figure out how to solve technical problems on their own the better, but the vast majority of people will not write programs.
When more of them can be used offline (when it's easier to make them work offline), then they will be more prominent.
Half the web developers out there can't even prevent simple cross site scripting let alone the dozens of other common threats that exist in web development. As with adding any other new development feature, it's just giving people who don't know any better more ammunition to shoot themselves in the foot with. There needs to be more focus on educating developers on security instead of trying to cram every new buzzword tech they can into their application.
There was a company that already tried to do this with games, they got some VC money and then ran into the dirt. At this point the vast majority of user hardware is all but useless for mining. This would have worked a couple of years ago, but not now.
That would seem to be a matter of what the default configuration is. Do these DNS servers have these protections enabled by default, and are then disabled? Is it that they left it off by default on older versions? Do they still leave it off by default?
Shockwave hasn't been used much for a quite a while, unless you are referring to flash (but hopefully html video will kill that eventuall). Javascript on the other hand is going to be around for quite a while, what we are more likely to see will be things like signed javascript or some other security mechanism like that added to it.
This article makes very little sense to me. They don't mention what the crypto algorithm was or who was pushing it as the "next gen standard". I don't know of any proposed cryptographic standard with 923 bit anything.
Taking a quick look at the JavaScript they use there doesn't appear to be anything particularly unusual going on such as browser fingerprinting, or even as encompassing as evercookie which can be easily defeated using built in browser options. The only thing that seems different about it is that it attempts to use more storage techniques than other tracking services, browser local storage , e-tag tracking, and ie userdata storage in addition to the common browser and flash cookies. To say that it "can't be dodged", while possibly true for the average user, doesn't hold for anyone who knows how to configure their browser for greater privacy.
Microsoft Malicious Software Removal Tool? Microsoft Security Essentials?
With no flash or javascript you get a gif version, just by taking the first frame and putting it into even a free ocr application it was able to get the letters for the captcha. This is nothing more than more advertising hocus pocus, as a captcha its pretty much worthless. http://imgur.com/5GfsU.jpg http://www.free-ocr.com/
Does the "liveness" test work as well as those for fingerprint scanners?
I just took a look at their site, which I thought must be amazing for that kind of money, and I found this: What exactly Birmingham City Council up to!? Perhaps the money is going someplace a bit more nefarious.
I have the same name as a Canadian hockey player, though unintentionally, and virtually every result for my name on Google is for him. If your name is common enough and you practice information control over yourself you can almost completely avoid being in Google's system. The real problem is that youths are willing to give out vast amounts of personal information, partially because they don't realize the value of such information and partially because they are stupid kids.
Are you sure you aren't confusing symmetric and asymmetric crypto keys? I don't think 128 bit has ever been considered unbreakable for asymmetric keys, 1024-2048 has been the standard for asymmetric since I have known about it. For symmetric, 128 bit is still considered secure and is still the standard for AES, although many applications are moving to 256 bit.
Pfft, that's only pseudo random data, why settle when you can get true random data.
https://www.fourmilab.ch/hotbits/secure_generate.html
https://www.random.org/passwords/
I for one am glad they aren't policing internet interactions in gaming, the last thing I want is game companies being forced to attempt to censor every bad word to kowtow to the ESRB for an M rating. As for all the companies that already attempt to do it, good luck with your stupid useless endeavor.
Fu(K!ng n0o85!!1
The link goes to on nimp, don't click it.
Wouldn't the malware have to already be running on the computer to do that?
I still buy CD's as well, but it's mainly due to a lack of quality online downloads. When you buy a game at a store or on Steam you get exactly the same game, but buying a lossy mp3 isn't the same as ripping a CD to FLAC. If there were some decent online retailers of lossless audio I would probably buy from there.
I mean any malware author. Code execution vulnerabilities in non-executable file formats like images or documents can get through email and intrusion detection systems much more easily than exe's.
I still very much doubt it, for the simple reason that if this was indeed a publicly known vulnerability that required no javascript and could be executed by opening an image file every hacker and their grandma would be using it right now. Those sorts of exploits are very valuable to malware authors.
I really wish you would upload a sample someplace because I have never heard of anything like this. The last widely exploited image file based exploits that I know of was the ANI and WMF vulnerabilities, and those have been patched a while ago.
Uhh, what? I have no idea what this "JPG exploit" your talking about is. Conflicker spreads through the MS08-067 RPC vulnerability, removable media, and shared folders; nothing to do with IE or jpegs.
Actually Malwarebytes is free, the paid version just gives you "realtime protection, scheduled scanning, and scheduled updating".