I guess Iâ(TM)ve just never heard of a recall for something that isnâ(TM)t directly safety related. By alerting the public to the fact that this vulnerability exists, perhaps this guy has now caused a safety issue, so letâ(TM)s see....
Iâ(TM)m not quite sure how they would âoepatchâ without a recall of all affected models, as there is no OTA upgrade method for these. OTOH, as a driver of a vulnerable car, I would love to extend this feature to be able to unlock my car using my phone via a custom Bluetooth-enabled app. Iâ(TM)d be very interested in getting my hands on the code for my own (legal) personal use. I also think that publishing as much information as he already has is quite irresponsible given that it may now be quite easy to reverse-engineer.
- Store copies of important data in multiple locations (backed up to a device in my home as well as cloud).
- Use a long, complex password.
- Encrypt my hard drive.
- Enable Firmware Password. This is not preventative but it does give me some peace of mind knowing that if my laptop was stolen, it is not able to be wiped and re-used.
- Enable Find My Mac. I do not have any experience using this to locate a laptop but it has saved numerous friends' phones.
- Display a logon message with my full name, phone number and email address.
- Have insurance that covers me for theft when I am at home or travelling.
Oh, and not to mention that there is no doubt your handy iCloud backups which are conveniently located on Apple's very own servers will contain a readily available copy of any keys stored within your app's document space, just waiting for the first person who rolls through their doors warrant-in-hand.
I didn't read TFA, let alone finish reading TFS, but what you're suggesting is that securing the message in transit between the client and server is sufficient security. What about between the client and another client (SMTP)? Or when the bits are sitting idle on Google's spindles (read: being indexed and monetised)?
The problem I have with this type of solution is that we are placing absolute trust in the vendor's promises that it won't snoop on our data. If I personally generated my CSR and kept my keys secure and in a known location then I would have a little more faith, but unless they open source this and allow me to maintain my own back-end infrastructure I would be more concerned about sending my confidential information using this solution than not - as it's effectively a choke-point for all things sinister and you can bet your last $20/month that the authorities have all they need to intercept your data. After all, and I'm assuming the service is hosted in the US, the White House has access to any keys which are transmitted to and from Silent Circle's systems.
There was another app touted as having military-grade privacy recently, the free-to-install Wickr for iOS. I contacted them after downloading the application in June to pose the question of just what level of trust they expected me to place in their application and infrastructure, to which they promptly responded that their code was under review and they would update their FAQ over the subsequent days. I've just checked and can't even see a FAQ on their website.
Then loop through comparing both sets of data, comparing file extension for those files of the same size. Do a few test runs until you're confident and then run with Remove-Item -Confirm:$false.
Neither of these are open-source or linux-based, but... Cyber-Ark is the most secure solution I've come across - multi-factor authentication, as well as presenting passwords through a portal rather than granting access to the password file itself. Citrix had a similar solution, Citrix Password Manager, but I believe it is now EOL.
For it to provide any real level of security the database needs to be abstracted from the users, otherwise it can easily copied offline and brute forced. "Use a secure password" you say? Of course, but where do you record this 128-bit randomised password?
I'm not sure that the parent was particularly insightful...
- Walled gardens, vendor lock in
They are a company who manufactures proprietary products. I can't think of a single proprietary company who does not have an aspect of vendor lock-in. And I'm not even sure what element of Apple's offering would be considered lock-in (unless you're talking about the App Store).
- Taking down applications from the App Store and including versions in iOS
I think you'll find more-often-than-not that Apple takes features from jailbreak apps rather than those sold in the App Store. Fair game.
- Spurious litigation and anti-competitive lawsuits in Germany and Australia
I'll admit this is some pretty poor form. I do, though, think it's fairly obvious if you look at the smartphone industry before the iPhone vs after the iPhone you'll see how many other brands have copied Apple's look and feel. Not that look and feel should be patentable, but the entire industry was sitting on their hands selling mediocre products and then as soon as Apple releases their product they all rush to sell the same thing. Where's the innovation? Things like this are pathetic.
- CarrierIQ, GPS tracking privacy gaffes
At least iOS asked you if you wanted to opt-in for tracking (CarrierIQ). Other OS'es did not. I think you'll also find that Android had a similar 'bug' where a user's GPS location was tracked along with wifi data.
- Planned failure just after warranty period (ever since the original pod)
I own 7 Apple devices with all bar one (iPhone 4S) out of warranty. None of mine have failed, but I suppose YYMV (especially 11 years ago).
Actually, it's a feature of the iPhone 4S and iOS 5. Transferring 'voice data' as you put it has been around since Bell's days, the gimmick that Siri offers is the promoted ability to understand natural language and not the transfer of data. Siri is a feature of the phone, no matter which way you look at it.
If they only sell 32" and 37" sets who is going to buy them? 32" is too small for even a bedroom, let alone watching the 'HD' media one would expect to be able to stream to one of these televisions.
Also, if the rumours are true this television must have some significant features other than what can be achieved with an AppleTV + LCD. My guess is they will include an EPG and storage to record television shows to in addition to the AppleTV functionality. Then Apple will call it revolutionary and pretend like they came up with the idea to record to HDD.
Not saying I don't like the idea of an Apple tv, just saying.
So what I'm saying is... these guys have potentially got the password databases. What's changing your master password going to do? It'll ensure that they can't get into your password safe as it stands, online. But if they brute force your database then all of your passwords are compromised. No?
This might be a lack of understanding of the LastPass system on my part, but I'm not understanding why they are/were suggesting customers reset their master password. Surely, if this password decrypts a password safe then it is as, if not more, important to reset all passwords which were stored in the database.
The solution to your problem is simple, either a) use a static IP configured with reverse DNS, as many people have indicated, or; b) use your ISP's SMTP as a smart host to forward all outgoing email to. Simple, really.
USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.
Slashdot Mirror
I guess Iâ(TM)ve just never heard of a recall for something that isnâ(TM)t directly safety related. By alerting the public to the fact that this vulnerability exists, perhaps this guy has now caused a safety issue, so letâ(TM)s see....
Iâ(TM)m not quite sure how they would âoepatchâ without a recall of all affected models, as there is no OTA upgrade method for these. OTOH, as a driver of a vulnerable car, I would love to extend this feature to be able to unlock my car using my phone via a custom Bluetooth-enabled app. Iâ(TM)d be very interested in getting my hands on the code for my own (legal) personal use. I also think that publishing as much information as he already has is quite irresponsible given that it may now be quite easy to reverse-engineer.
I do the following:
- Store copies of important data in multiple locations (backed up to a device in my home as well as cloud).
- Use a long, complex password.
- Encrypt my hard drive.
- Enable Firmware Password. This is not preventative but it does give me some peace of mind knowing that if my laptop was stolen, it is not able to be wiped and re-used.
- Enable Find My Mac. I do not have any experience using this to locate a laptop but it has saved numerous friends' phones.
- Display a logon message with my full name, phone number and email address.
- Have insurance that covers me for theft when I am at home or travelling.
Or do the cafeteria doors actually weigh 1.5x as much as the total amount of concrete used to build the thing.
http://thenextweb.com/asia/201...
Oh, and not to mention that there is no doubt your handy iCloud backups which are conveniently located on Apple's very own servers will contain a readily available copy of any keys stored within your app's document space, just waiting for the first person who rolls through their doors warrant-in-hand.
I didn't read TFA, let alone finish reading TFS, but what you're suggesting is that securing the message in transit between the client and server is sufficient security. What about between the client and another client (SMTP)? Or when the bits are sitting idle on Google's spindles (read: being indexed and monetised)?
The problem I have with this type of solution is that we are placing absolute trust in the vendor's promises that it won't snoop on our data. If I personally generated my CSR and kept my keys secure and in a known location then I would have a little more faith, but unless they open source this and allow me to maintain my own back-end infrastructure I would be more concerned about sending my confidential information using this solution than not - as it's effectively a choke-point for all things sinister and you can bet your last $20/month that the authorities have all they need to intercept your data. After all, and I'm assuming the service is hosted in the US, the White House has access to any keys which are transmitted to and from Silent Circle's systems.
There was another app touted as having military-grade privacy recently, the free-to-install Wickr for iOS. I contacted them after downloading the application in June to pose the question of just what level of trust they expected me to place in their application and infrastructure, to which they promptly responded that their code was under review and they would update their FAQ over the subsequent days. I've just checked and can't even see a FAQ on their website.
If it were me, I would use the file size to identify which were likely duplicates. Less reliable than hashing, but much faster. Using PowerShell:
Get-ChildItem D:\MyData -Recursive | Export-CSV mydata.csv
$objData = Import-CSV mydata.csv
$objData | sort Size | Export-CSV mydata_sorted.csv
$objSortedData = Import-CSV mydata_sorted.csv
$objUniqueSortedData = $objSortedData | sort Size -unique
Then loop through comparing both sets of data, comparing file extension for those files of the same size. Do a few test runs until you're confident and then run with Remove-Item -Confirm:$false.
>which are the best?
Any $25 Nokia or LG phone would qualify.
>best way to get one?
By exchanging one for money at a store that sells pre-paid phones.
Another drawback is the quality of the product. To put it politely, it is less-than-Good.
It sounds as though global hotkeys may not be restricted. As much as I hate to link to Macworld, here goes - http://www.macworld.com/article/1166857/apps_using_global_hotkeys_will_remain_welcome_in_the_mac_app_store.html#lsrc.rss_main
Neither of these are open-source or linux-based, but... Cyber-Ark is the most secure solution I've come across - multi-factor authentication, as well as presenting passwords through a portal rather than granting access to the password file itself. Citrix had a similar solution, Citrix Password Manager, but I believe it is now EOL. For it to provide any real level of security the database needs to be abstracted from the users, otherwise it can easily copied offline and brute forced. "Use a secure password" you say? Of course, but where do you record this 128-bit randomised password?
- Walled gardens, vendor lock in
They are a company who manufactures proprietary products. I can't think of a single proprietary company who does not have an aspect of vendor lock-in. And I'm not even sure what element of Apple's offering would be considered lock-in (unless you're talking about the App Store).
- Taking down applications from the App Store and including versions in iOS
I think you'll find more-often-than-not that Apple takes features from jailbreak apps rather than those sold in the App Store. Fair game.
- Spurious litigation and anti-competitive lawsuits in Germany and Australia
I'll admit this is some pretty poor form. I do, though, think it's fairly obvious if you look at the smartphone industry before the iPhone vs after the iPhone you'll see how many other brands have copied Apple's look and feel. Not that look and feel should be patentable, but the entire industry was sitting on their hands selling mediocre products and then as soon as Apple releases their product they all rush to sell the same thing. Where's the innovation? Things like this are pathetic.
- CarrierIQ, GPS tracking privacy gaffes
At least iOS asked you if you wanted to opt-in for tracking (CarrierIQ). Other OS'es did not. I think you'll also find that Android had a similar 'bug' where a user's GPS location was tracked along with wifi data.
- Planned failure just after warranty period (ever since the original pod)
I own 7 Apple devices with all bar one (iPhone 4S) out of warranty. None of mine have failed, but I suppose YYMV (especially 11 years ago).
Actually, it's a feature of the iPhone 4S and iOS 5. Transferring 'voice data' as you put it has been around since Bell's days, the gimmick that Siri offers is the promoted ability to understand natural language and not the transfer of data. Siri is a feature of the phone, no matter which way you look at it.
If they only sell 32" and 37" sets who is going to buy them? 32" is too small for even a bedroom, let alone watching the 'HD' media one would expect to be able to stream to one of these televisions. Also, if the rumours are true this television must have some significant features other than what can be achieved with an AppleTV + LCD. My guess is they will include an EPG and storage to record television shows to in addition to the AppleTV functionality. Then Apple will call it revolutionary and pretend like they came up with the idea to record to HDD. Not saying I don't like the idea of an Apple tv, just saying.
So what I'm saying is... these guys have potentially got the password databases. What's changing your master password going to do? It'll ensure that they can't get into your password safe as it stands, online. But if they brute force your database then all of your passwords are compromised. No?
This might be a lack of understanding of the LastPass system on my part, but I'm not understanding why they are/were suggesting customers reset their master password. Surely, if this password decrypts a password safe then it is as, if not more, important to reset all passwords which were stored in the database.
The solution to your problem is simple, either a) use a static IP configured with reverse DNS, as many people have indicated, or; b) use your ISP's SMTP as a smart host to forward all outgoing email to. Simple, really.
USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.
That's purely speculative. Also one would assume that setting Location Services to 'off' will infact turn off location services.
Now you can choose which apps are able to access your location information, or disable this feature altogether. Was that really so hard?
I wish that I had Hypersafe installed so I could open Acrobat on a virtual machine instead.
I am not even on the electoral roll but am considering signing up to give Labor my last preference.
Can I google and find the formulas? Sure, yeah, but do I have the level of understanding with all of Kelper's Laws and bits...
You might have had more luck if you were Googling "Kepler's Laws".
Does anyone actually use Modchips on their Wii any more?