So in summary:
1) FlightSimLabs just destroyed their company by intentionally inserting malware into a product they were charging for.
2) FSL was asked on their forums about it when various antivirus programs identified their product as malware. They responded by saying "turn off your AV software."
3) FSL transmitted the material over an open HTTP stream.
4) The server that they have stored this stolen information on is itself secured in a very piss-poor manner. (RDP is open for God's sake.)
5) As this was intentional, and not a mere "bug," it can theoretically be prosecuted in the U.S. as a felony. (Read: Quality time in Federal pound-me-in-the-ass prtison.)
6) Even if merely incompetent, their failure to secure the data they stole is itself criminal in the EU.
7) I guarantee you that they cannot prove that at no time was any of their unencrypted HTTP steams intercepted, NOR can they prove that their obviously insecure server was not comproimised, meaning:
8) How do we know that this wasn't intentional to steal information and go sell to identity thieves? They charge $100 by identity theft.
https://www.fidusinfosec.com/f...
Oh, where did I get #8? That's the only logical reason they would have stolen the data in the first place. It doesn't do shit for piracy.
I hope these assclowns have a good lawyer.
"Vampire! Vampire! Track 3872 bearing 285 at 20 klicks!"
"Taking out track 3872 with bird--"
(Screens all over the ship turn blue with the text "A problem has been detected and Windows has been shut down to prevent damage to your computer"...)
"What the bloody hell?"
"Gates, you arrogant ass! You've killed us!"
Coming this winter... For over twenty five years you've experienced the security hell that is Windows. You watched when Microsoft started uploading your data to the cloud by default without your consent. You've seen the joys of "telemetry." You remember the NSA encryption key (_NSAKEY) in 1999. Now, experience Windows 10 Workstation Edition! *Cue epic trailer music*
Now, all your data will be stored safely in OneDrive so you can access it anywhere, any time. Trust state of the art Microsoft security techniques such as administrator privilege escalation, coupled with our award winning intelligent ad suggestion service and forced obsolescence. *Red laughing skull with deep malevolent laugh* Never lose access to your files again with our patented back door cryptographic keys! And click on our new live.com dashboard for a record of all your keystrokes!
Coming this winter... Only from... MICROSOFT.
I always liked cracking the lame-ass security that is usually used and send "messages from God" over the audio system in the car next to mine. It's hilarious.
Unless the resulting burst is a Gamma Ray Burst we should already have seen other aliens using this kind of tech.
But we do see unexplained, massive gamma ray bursts all over the place. For all we know, we're seeing what happened when someone dropped out of warp 5 million years ago or something in another galaxy.
...As opposed to understanding how things work but not being able to receite a bunch of facts. Do you want the doctor, for example, that can recite loads and loads of random facts? Or do you want the doctor who can't do that but knows how to look it up, and can actually give you good care, rather than care that was terrific 10 years ago? Thank you.
Rote memorization is dead. That is what people don't seem to understand. We can find information in a few seconds that earlier required hours in a library. We need to concentrate on HOW people think rather than memorization. I obviously can't do it, but I wish I could have a school of kids whom I taught HOW to think versus your school of kids who just memorize things. Unfortunately, the disgusting, pathetic, achronistic way that we do testing penalizes people who have good reasoning skills, and rewards those who can do nothing more than recite a book.
I'm a doctor and one of the things I can contribute is this: If you think for a second that our society is NOT catering to dumbasses, look at any drug commercial on TV.
Thank you. Move on. Avoid the vomit I just put to the right.
My comments were wrong. You (and other posters) have a good point. Specifically Ledow, and one random anonymous coward. However, I do disagree with the latter on the idea that people wouldn't have been clicking OK on random certificates: People are sheep, and, well, they DO.
What in the flying name of crap is this shit? First off, they didn't hack anything: this is more of a social engineering attack. Second, WHY THE GODDAMN FUCK IS THIS NEWS? I do penetration testing on my own damned home network. If some moron decides to set up an insecure network (and I have a few as neighbors), then screw'em. If people are clicking "OK" on random certificates...screw'em.
...which increase accidents at the intersections. This has been said by the DOT. Why? Because usually what happens is the city reduces the yellow light time, then gets people who are in the middle of the intersection. As a result, people slam on the brakes when the yellow light turns, and there are more rear-end collisions. Toledo, OH is a perfect example.
Yep. A prominent pediatric neurosurgeon killed himself down here a number of years ago after he got in an argument with someone and they made a malicious report of child porn to the authorities. They searched his place and found nothing, but as a result his life was destroyed. His career was over. His family life was ruined.
Yeah. The ones who actually knowingly committed a sex crime. Not those who went to a prostitute, urinated behind a tree in a park, got accused of something with no proof except some ten year old saying so, people named as rapists by some teenage girl who got caught by her father at a party she wasn't supposed to be at, naked and covered in two guys' semen, and made up the story to try and get out of trouble (true story), had sex with their 16 year old girlfriend when they were 18, had sex with some 16 year old in a club that she used fake ID to get into, and any of the rest of that crap.
Unfortunately, with crap like 's Law it's just a profit-making, life-destroying industry that the government has created so that politicians can get votes.
It absolutely is. Let me throw this out there, though:
It's common practice -- and supported by the United States Government -- for medical students and residents to work 30 hours (realistically, up more since that's just WORK time) at a stretch. This is to support our lovely public health system. (If you doubt this, consider the fact that most academic institutions are predominately uninsured and Medicaid.)
There have been numerous studies that show that the impairment from this level of sleep deprivation is at least, if not worse, than 0.08 BAC. One showed 0.1 BAC equivalent.
Should we require a mental aptitude and coordination test before allowing someone to drive?
Either way, the government should pull its head out of its ass and regulate that. I worked with a doctor who twenty years ago left a 36 hour shift, went to pick up her kids, and veered off the road, killing her kids and seriously injuring herself.
And before someone says that it's these peoples' choice to work that long, here's a clue: It isn't. It's mandatory from the academic institutions, and encouraged by the government by virtue of regulatory agencies.
You underestimate the power of stupid people in large groups.
Case in point: Hospital infant abduction systems, which are designed to keep infants from being stolen from their parents and the hospital personnel. I am aware of two different kinds of systems, but I do know there are more out there.
System 1) Uses a sensor which attaches to the child's ID band. There is no accounting for whether that ID band is still attached to the child, or whether someone cut it (and the really obvious sensor) off and left it in the hospital.
2) A system called HUGS. Now it's a nice system, in theory. This one has three contacts on each side of the square tag, and a special band that goes around the child. The idea is that if it's cut, the circuit opens and it alarms. Unfortunately, there are two big problems with it. First, you can just short the connections. Second, if you have a tag you can short the connections, let the system recognize it, then disconnect it, and the system will arm falsely for a missing tag until everyone gets sick of it and turns it off.
So no, I really don't think that they thought of that one two seconds into the meeting, or they didn't care.
See, you have people like me who DO. For a classic example, Starcraft II. Starcraft II is a high-budget game, which Blizzard spent a lot of money marketting. All that is good. I was going to buy it.
Here's what happened: I bought the thing, was confronted with a 36 hour download time, and used a version that I happened to have which was a torrented predownload. For reasons I still don't understand -- maybe it was regioning, whatever -- their DRM prevented me from using the game that day. I had to wait until July 28th, a day after it was released, to play it at all. On the release day, I'd tried numerous times to "authenticate" my copy, all of which failed. I went to my battle.net account, which claimed that I'd somehow activated too many copies. I called Blizzard and got hung up on numerous times with an "unfortunately, we're experiencing a high call volume" load of crap until I finally got through, at which point the hold time was 56 minutes.
Now, I did the right thing. I bought the damned thing for $60. Blizzard's DRM caused a major screwup, which made me wish that I'd pirated it so at least it would work.
This sonuds like a good reason why I would want to pirate things rather than buy them. Already the issues with the stupid software DRM that's prevalent all over the place encourage people to either pirate the software or find a crack so that they don't have to deal with it.
Slashdot Mirror
So in summary: 1) FlightSimLabs just destroyed their company by intentionally inserting malware into a product they were charging for. 2) FSL was asked on their forums about it when various antivirus programs identified their product as malware. They responded by saying "turn off your AV software." 3) FSL transmitted the material over an open HTTP stream. 4) The server that they have stored this stolen information on is itself secured in a very piss-poor manner. (RDP is open for God's sake.) 5) As this was intentional, and not a mere "bug," it can theoretically be prosecuted in the U.S. as a felony. (Read: Quality time in Federal pound-me-in-the-ass prtison.) 6) Even if merely incompetent, their failure to secure the data they stole is itself criminal in the EU. 7) I guarantee you that they cannot prove that at no time was any of their unencrypted HTTP steams intercepted, NOR can they prove that their obviously insecure server was not comproimised, meaning: 8) How do we know that this wasn't intentional to steal information and go sell to identity thieves? They charge $100 by identity theft. https://www.fidusinfosec.com/f... Oh, where did I get #8? That's the only logical reason they would have stolen the data in the first place. It doesn't do shit for piracy. I hope these assclowns have a good lawyer.
"Vampire! Vampire! Track 3872 bearing 285 at 20 klicks!" "Taking out track 3872 with bird--" (Screens all over the ship turn blue with the text "A problem has been detected and Windows has been shut down to prevent damage to your computer"...) "What the bloody hell?" "Gates, you arrogant ass! You've killed us!"
Coming this winter... For over twenty five years you've experienced the security hell that is Windows. You watched when Microsoft started uploading your data to the cloud by default without your consent. You've seen the joys of "telemetry." You remember the NSA encryption key (_NSAKEY) in 1999. Now, experience Windows 10 Workstation Edition! *Cue epic trailer music* Now, all your data will be stored safely in OneDrive so you can access it anywhere, any time. Trust state of the art Microsoft security techniques such as administrator privilege escalation, coupled with our award winning intelligent ad suggestion service and forced obsolescence. *Red laughing skull with deep malevolent laugh* Never lose access to your files again with our patented back door cryptographic keys! And click on our new live.com dashboard for a record of all your keystrokes! Coming this winter... Only from... MICROSOFT.
I always liked cracking the lame-ass security that is usually used and send "messages from God" over the audio system in the car next to mine. It's hilarious.
Unless the resulting burst is a Gamma Ray Burst we should already have seen other aliens using this kind of tech.
But we do see unexplained, massive gamma ray bursts all over the place. For all we know, we're seeing what happened when someone dropped out of warp 5 million years ago or something in another galaxy.
...As opposed to understanding how things work but not being able to receite a bunch of facts. Do you want the doctor, for example, that can recite loads and loads of random facts? Or do you want the doctor who can't do that but knows how to look it up, and can actually give you good care, rather than care that was terrific 10 years ago? Thank you. Rote memorization is dead. That is what people don't seem to understand. We can find information in a few seconds that earlier required hours in a library. We need to concentrate on HOW people think rather than memorization. I obviously can't do it, but I wish I could have a school of kids whom I taught HOW to think versus your school of kids who just memorize things. Unfortunately, the disgusting, pathetic, achronistic way that we do testing penalizes people who have good reasoning skills, and rewards those who can do nothing more than recite a book.
I'm a doctor and one of the things I can contribute is this: If you think for a second that our society is NOT catering to dumbasses, look at any drug commercial on TV. Thank you. Move on. Avoid the vomit I just put to the right.
Exactly. This would be because they hired a bunch of Devrys and/or retards for their IS staff.
Thank you for your service, sir. (Think about it.)
My comments were wrong. You (and other posters) have a good point. Specifically Ledow, and one random anonymous coward. However, I do disagree with the latter on the idea that people wouldn't have been clicking OK on random certificates: People are sheep, and, well, they DO.
What in the flying name of crap is this shit? First off, they didn't hack anything: this is more of a social engineering attack. Second, WHY THE GODDAMN FUCK IS THIS NEWS? I do penetration testing on my own damned home network. If some moron decides to set up an insecure network (and I have a few as neighbors), then screw'em. If people are clicking "OK" on random certificates...screw'em.
In Neverland, Michael rides YOU!!
Reading this, I am somehow drawn to the song by Futuristic Sex Robotz called "Fuck the MPAA."
...which increase accidents at the intersections. This has been said by the DOT. Why? Because usually what happens is the city reduces the yellow light time, then gets people who are in the middle of the intersection. As a result, people slam on the brakes when the yellow light turns, and there are more rear-end collisions. Toledo, OH is a perfect example.
Yep. A prominent pediatric neurosurgeon killed himself down here a number of years ago after he got in an argument with someone and they made a malicious report of child porn to the authorities. They searched his place and found nothing, but as a result his life was destroyed. His career was over. His family life was ruined.
He hung himself in a closet.
Yeah. The ones who actually knowingly committed a sex crime. Not those who went to a prostitute, urinated behind a tree in a park, got accused of something with no proof except some ten year old saying so, people named as rapists by some teenage girl who got caught by her father at a party she wasn't supposed to be at, naked and covered in two guys' semen, and made up the story to try and get out of trouble (true story), had sex with their 16 year old girlfriend when they were 18, had sex with some 16 year old in a club that she used fake ID to get into, and any of the rest of that crap. Unfortunately, with crap like 's Law it's just a profit-making, life-destroying industry that the government has created so that politicians can get votes.
It absolutely is. Let me throw this out there, though:
It's common practice -- and supported by the United States Government -- for medical students and residents to work 30 hours (realistically, up more since that's just WORK time) at a stretch. This is to support our lovely public health system. (If you doubt this, consider the fact that most academic institutions are predominately uninsured and Medicaid.)
There have been numerous studies that show that the impairment from this level of sleep deprivation is at least, if not worse, than 0.08 BAC. One showed 0.1 BAC equivalent.
Should we require a mental aptitude and coordination test before allowing someone to drive?
Either way, the government should pull its head out of its ass and regulate that. I worked with a doctor who twenty years ago left a 36 hour shift, went to pick up her kids, and veered off the road, killing her kids and seriously injuring herself.
And before someone says that it's these peoples' choice to work that long, here's a clue: It isn't. It's mandatory from the academic institutions, and encouraged by the government by virtue of regulatory agencies.
Next week they'll pass a stupid law banning cell phone use while driving, while similarly mandating this device for people on probation.
You underestimate the power of stupid people in large groups. Case in point: Hospital infant abduction systems, which are designed to keep infants from being stolen from their parents and the hospital personnel. I am aware of two different kinds of systems, but I do know there are more out there. System 1) Uses a sensor which attaches to the child's ID band. There is no accounting for whether that ID band is still attached to the child, or whether someone cut it (and the really obvious sensor) off and left it in the hospital. 2) A system called HUGS. Now it's a nice system, in theory. This one has three contacts on each side of the square tag, and a special band that goes around the child. The idea is that if it's cut, the circuit opens and it alarms. Unfortunately, there are two big problems with it. First, you can just short the connections. Second, if you have a tag you can short the connections, let the system recognize it, then disconnect it, and the system will arm falsely for a missing tag until everyone gets sick of it and turns it off. So no, I really don't think that they thought of that one two seconds into the meeting, or they didn't care.
Why not just install an ambo bag on the interlock and squeeze? 0.0 BAC every time, unless you put vodka in the bag.
Guns. Lots of guns. And flamethrowers. And electrify all the door knobs by hooking them to 220V mains.
See, you have people like me who DO. For a classic example, Starcraft II. Starcraft II is a high-budget game, which Blizzard spent a lot of money marketting. All that is good. I was going to buy it. Here's what happened: I bought the thing, was confronted with a 36 hour download time, and used a version that I happened to have which was a torrented predownload. For reasons I still don't understand -- maybe it was regioning, whatever -- their DRM prevented me from using the game that day. I had to wait until July 28th, a day after it was released, to play it at all. On the release day, I'd tried numerous times to "authenticate" my copy, all of which failed. I went to my battle.net account, which claimed that I'd somehow activated too many copies. I called Blizzard and got hung up on numerous times with an "unfortunately, we're experiencing a high call volume" load of crap until I finally got through, at which point the hold time was 56 minutes. Now, I did the right thing. I bought the damned thing for $60. Blizzard's DRM caused a major screwup, which made me wish that I'd pirated it so at least it would work.
Fucking moron.
This sonuds like a good reason why I would want to pirate things rather than buy them. Already the issues with the stupid software DRM that's prevalent all over the place encourage people to either pirate the software or find a crack so that they don't have to deal with it.
The problem with Chinese experimental homebuilt aircraft is, a half hour after you test fly it, you....
...get shot down by the Chinese airforce and your family is billed for the cost of the missile.