From what I understand, most problems of this "kind" are the result of social engineering. What that means can be anything from an email pretending to come from the CEO to a phone call that apes a desperate user trying to recover some information. And other possibilities.
For this kind of a breech, I'd expect that there was a potential weakness, and social engineering was used to gather the information needed to exploit it. Actual holes are possible but less likely, and even then it's likely that social engineering was used to gather the information needed to know what holes to try for.
That said, a zero day is always a possibility to keep in mind. It's just not the approach I expect was used. Also possible is a strong misconfiguration such that social engineering wasn't needed to exploit it. P.S.: It's my belief that most social engineering is never detected. People don't like to tell their boss that they've been fooled, and in a really good social engineering approach they would never even know that they had been fooled, and the event could only be revealed by reasoning backwards after the penetration was detected.
All that said, I'm no expert in this area. Most of my information comes from reading Slashdot and such over the years, and patterns of attach change over time. But this is my best guess at the answer to your question.
They don't "suddenly come from", but Yahoo used to be a quite popular place to have an account, and since they don't charge you for the account, those accounts never went away, people just forgot about them.
Even if the accounts *did* go away, the records would still be there, and so if the passwords are used with the same account name on another site...
They've, indeed, "already experienced anti-trust lawsuits". That let them know how serious the penalties were likely to be (i.e., you need to start bribing government officials...of course that's not officially called bribing, it's called making campaign contributions, lobbying, etc., but bribery is what it is by any usage except the strongly "gammed" legal definitions).
But what's important for long term public perception is "Time since it was widely known". Even that oversimplifies, as when someone new hears about it, their opinions will remain flexible for awhile, and then, as their attention shifts to something else, the opinions will solidify and become more difficult to change. New memories are easy to alter.
That I'm "late to the party" is no surprise as I don't regularly buy any computers, and it's been awhile since I've looked at buying a laptop. (And when I did I wasn't looking seriously at Lenovo, though I don't remember why.) That said, I remember being quite unimpressed by the description of the "Yoga keyboard", which would already have me looking at other manufacturers before I considered Lenovo. But being "late to the party" is rather irrelevant to my point, and your point only makes it more likely that I'll consider the change malicious. But it won't affect most people, and only a few who read the article will read this far down in the posting tree.
FWIW, I recognize that my opinions are significant only in so far as they are similar to the opinions that many other people will have. Actually, others opinions are much more significant as I haven't actually bought a Lenovo computer since they were a part of IBM.
If they haven't fixed this within the week, I'm going to consider this malicious intent. If they do, I'll consider it sloppy QA.
In either case Lenovo have lost considerable reputation in my eyes...and this isn't the first time they've walked the edge between malice and incompetence, so they were already sliding down. I doubt that I'll recommend them to anyone for any purpose after this, but new stories are always popping up, and this isn't yet egregious enough that I'm sure I'll remember them as "always avoid".
The reason for "within the week", is that by then my opinions will have set, and I'll have my attention off this story. It gets pretty hard to change my mind after that, and currently I'm leaning towards malicious.
P.S.: While I'm only talking for myself, I don't delude myself that my thoughts and opinions are unique. So for Lenovo time *is* of the essence. If I don't become convinced that they weren't malicious this story will tack on the addendum "and then they lie about it".
Is that "Gnome tweak" tool the one they were promising to discontinue in a "future version" when they released Gnome3? Or is it a new version that they haven't yet promised that about?
Gnome3 is not yet as good as Gnome2. Kde4 is not yet as good as KDE3. The problem is that the main programs I use are the accessory programs, and they no longer work with the earlier versions.
That said, KDE4 is currently, to my taste, the best choice. It sure isn't Gnome. I sometimes try xfce or LXDE. I'm not sure I've even got Gnome installed, but if I do it's because it came boundled with geany or some such. (Or perhaps it was the original default desktop.)
You do know that email is, by default, unencrypted during transmission, don't you? Email has/should always been looked on as being as secure as a post card. The thing about things like GMail is that they provide a convenient place for the company to look at everyones messages not only during transmission, but while stored.
Running your own email server doesn't provide you with security during transmission unless you opt-out of the email protocol and replace it with something like https. (Even then there keep being new ways found to invalidate that security. But security is always a matter of degree.)
While evil, I wouldn't call it beyond evil. They did, after all, make their policy change publicly available knowledge. If they'd kept it secret they would have deserved your hyperbole.
I don't think studying crocodiles is a good answer, and I suspect that the knowledge to "re-engineer the human genome" is a century or two away at most. Possibly less.
And I suspect that cancer can be "solved" only at the cost of inhibiting all non-artificial future evolution. (Which was why I mentioned multiply-error-correcting code.) The exception would be preventing epigenetic modifications, but that's what we use to differentiate cell types. I mentioned sponges because that's a animal where the cell type differentiation appears to be controlled only by local environment. Some plants do this in a less extreme way, i.e. they have specialized cells that can "readily" lose their specializations when the environment changes, to one extent or another.
But my real feeling is that while we can definitely learn to treat, and hopefully even reverse, cancer in situ, we can only prohibit it's coming into existence through methods that are ultimately suicidal.
To solve cancer in the way you propose would require going to triple or quadruple stranded DNA.
OTOH, it probably is possible to solve it be signing each chromosome with a hash-tag and using error correcting code to kill and that don't match properly. But that would tend to get rid of epigenetic codes, and thus there wouldn't be any differentiation between a liver cell and a kidney cell...we'd need to be giant sponges.
Well, the FSF has never tried to audit my system, and they're the only people with grounds.
(Yeah, I know that's not true, as the FSF doesn't hold title to the copyrights. But the Licenses explicitly give me the right to have a copy without caring about how I gout it.)
What's the use case where VirtualBox is the best choice? I know it's one of the top three virtualizers, but I, personally, have never had the need for anything beyond qemu.
Apple could probably catch up with Amazon if they wanted to...or at least it could have back when Jobs was "inspiring" them. It wouldn't have been cheaper, but that's not the only way to win.
No. EULAs are contracts of adhesion, and are considerably less valid that contracts that have been theoretically negotiated.
OTOH, IANAL. Check with a lawyer in your local jurisdiction before believing this. But almost everywhere you can't presume that just because something exists, even in a negotiated contract, that it will be enforceable. And contracts of adhesion are considerably weaker.
Sorry, but that's a part of the rush into the Singularity. Techno-optimists can paint it as an entirely rosy scenario, but they're only looking at one side of the coin as it flips in the air. (Actually there's a lot more than two ways that it could turn out.)
If I thought we had or could get sane governments, I'd be utterly opposed to the Singularity as too dangerous. But we've already been within 30 seconds of nuclear war, the military is not working on hypersonic missiles, and if we don't hit the Singularity first, I expect everyone to end up dead at the same time. Unfortunately, there's no guarantee that the Singularity won't be just as bad...but it *might* be everything people have hoped for.
One result of this plunge into the Singularity, however, is that jobs that take a long time and a lot of effort to acquire the skills to perform properly are likely to be automated away just as you are polishing your skills. And I see no way to predict what jobs won't be automated. Laughing at current implementations of, say, film editor doesn't mean you are far-sighted, it means the current implementations need to be significantly improved...but that's happening every day.
The "difficult-to-attain skillset" is usually just a way to become well-off rather than rich. Exceptions are where using or developing the skill-set is beset with dangers. E.g., some con-men become rich, but most either end up in jail or die broke.
No. Being moderately well-off has usually been based on merit...with some race thrown in. Being rich has *almost* always been based on rich parents and good social connections. There are exceptions, but they are exceptions.
The last brother printer I bought never worked properly.
The printers I buy are all combination printer/scanner, and any other functions are both unneeded and unwanted, and they need to be inkjets because a) color printing is very important, and b) it used in a small enclosed area that also includes me...so lots of microparticles floating in the air is very undesirable.
Only HP has done what I want. Many refused to even work with Linux. I'm including Cannon. Epson was just unusably bad. The Brother scanner only worked with a particular version of the Linux OS, and when apt-get did a *minor* upgrade it stopped working.
That said, I'm not real happy with the HP either. It wouldn't print on colored paper except in draft mode, e.g., and it demands access to the internet which I really don't like. And it chokes on paper of altered thickness...the printing on which was one of the reasons I bought it.
Laser printers are great if you use them in an open and well ventilated area with no people stationed near them. Otherwise they are courting lung disease in maybe 20 years. (This isn't certain, as the particles are a different material and different size, but look up silicosis.)
Slashdot Mirror
From what I understand, most problems of this "kind" are the result of social engineering. What that means can be anything from an email pretending to come from the CEO to a phone call that apes a desperate user trying to recover some information. And other possibilities.
For this kind of a breech, I'd expect that there was a potential weakness, and social engineering was used to gather the information needed to exploit it. Actual holes are possible but less likely, and even then it's likely that social engineering was used to gather the information needed to know what holes to try for.
That said, a zero day is always a possibility to keep in mind. It's just not the approach I expect was used. Also possible is a strong misconfiguration such that social engineering wasn't needed to exploit it.
P.S.: It's my belief that most social engineering is never detected. People don't like to tell their boss that they've been fooled, and in a really good social engineering approach they would never even know that they had been fooled, and the event could only be revealed by reasoning backwards after the penetration was detected.
All that said, I'm no expert in this area. Most of my information comes from reading Slashdot and such over the years, and patterns of attach change over time. But this is my best guess at the answer to your question.
They don't "suddenly come from", but Yahoo used to be a quite popular place to have an account, and since they don't charge you for the account, those accounts never went away, people just forgot about them.
Even if the accounts *did* go away, the records would still be there, and so if the passwords are used with the same account name on another site...
They've, indeed, "already experienced anti-trust lawsuits". That let them know how serious the penalties were likely to be (i.e., you need to start bribing government officials...of course that's not officially called bribing, it's called making campaign contributions, lobbying, etc., but bribery is what it is by any usage except the strongly "gammed" legal definitions).
But what's important for long term public perception is "Time since it was widely known". Even that oversimplifies, as when someone new hears about it, their opinions will remain flexible for awhile, and then, as their attention shifts to something else, the opinions will solidify and become more difficult to change. New memories are easy to alter.
That I'm "late to the party" is no surprise as I don't regularly buy any computers, and it's been awhile since I've looked at buying a laptop. (And when I did I wasn't looking seriously at Lenovo, though I don't remember why.) That said, I remember being quite unimpressed by the description of the "Yoga keyboard", which would already have me looking at other manufacturers before I considered Lenovo. But being "late to the party" is rather irrelevant to my point, and your point only makes it more likely that I'll consider the change malicious. But it won't affect most people, and only a few who read the article will read this far down in the posting tree.
FWIW, I recognize that my opinions are significant only in so far as they are similar to the opinions that many other people will have. Actually, others opinions are much more significant as I haven't actually bought a Lenovo computer since they were a part of IBM.
If they haven't fixed this within the week, I'm going to consider this malicious intent. If they do, I'll consider it sloppy QA.
In either case Lenovo have lost considerable reputation in my eyes...and this isn't the first time they've walked the edge between malice and incompetence, so they were already sliding down. I doubt that I'll recommend them to anyone for any purpose after this, but new stories are always popping up, and this isn't yet egregious enough that I'm sure I'll remember them as "always avoid".
The reason for "within the week", is that by then my opinions will have set, and I'll have my attention off this story. It gets pretty hard to change my mind after that, and currently I'm leaning towards malicious.
P.S.: While I'm only talking for myself, I don't delude myself that my thoughts and opinions are unique. So for Lenovo time *is* of the essence. If I don't become convinced that they weren't malicious this story will tack on the addendum "and then they lie about it".
Personally, I've had pretty good experiences with ZAReason, vendor of Linux laptops, desktops, and servers.
Is that "Gnome tweak" tool the one they were promising to discontinue in a "future version" when they released Gnome3? Or is it a new version that they haven't yet promised that about?
Gnome3 is not yet as good as Gnome2. Kde4 is not yet as good as KDE3. The problem is that the main programs I use are the accessory programs, and they no longer work with the earlier versions.
That said, KDE4 is currently, to my taste, the best choice. It sure isn't Gnome. I sometimes try xfce or LXDE. I'm not sure I've even got Gnome installed, but if I do it's because it came boundled with geany or some such. (Or perhaps it was the original default desktop.)
You do know that email is, by default, unencrypted during transmission, don't you? Email has/should always been looked on as being as secure as a post card. The thing about things like GMail is that they provide a convenient place for the company to look at everyones messages not only during transmission, but while stored.
Running your own email server doesn't provide you with security during transmission unless you opt-out of the email protocol and replace it with something like https. (Even then there keep being new ways found to invalidate that security. But security is always a matter of degree.)
While evil, I wouldn't call it beyond evil. They did, after all, make their policy change publicly available knowledge. If they'd kept it secret they would have deserved your hyperbole.
I don't think studying crocodiles is a good answer, and I suspect that the knowledge to "re-engineer the human genome" is a century or two away at most. Possibly less.
And I suspect that cancer can be "solved" only at the cost of inhibiting all non-artificial future evolution. (Which was why I mentioned multiply-error-correcting code.) The exception would be preventing epigenetic modifications, but that's what we use to differentiate cell types. I mentioned sponges because that's a animal where the cell type differentiation appears to be controlled only by local environment. Some plants do this in a less extreme way, i.e. they have specialized cells that can "readily" lose their specializations when the environment changes, to one extent or another.
But my real feeling is that while we can definitely learn to treat, and hopefully even reverse, cancer in situ, we can only prohibit it's coming into existence through methods that are ultimately suicidal.
To solve cancer in the way you propose would require going to triple or quadruple stranded DNA.
OTOH, it probably is possible to solve it be signing each chromosome with a hash-tag and using error correcting code to kill and that don't match properly. But that would tend to get rid of epigenetic codes, and thus there wouldn't be any differentiation between a liver cell and a kidney cell...we'd need to be giant sponges.
I think you need a word with your accountant. His figures disagree with the other figures I've seen.
If that's the reason, not only was it a successful troll, but I don't even feel taken advantage of.
Well, the FSF has never tried to audit my system, and they're the only people with grounds.
(Yeah, I know that's not true, as the FSF doesn't hold title to the copyrights. But the Licenses explicitly give me the right to have a copy without caring about how I gout it.)
What's the use case where VirtualBox is the best choice? I know it's one of the top three virtualizers, but I, personally, have never had the need for anything beyond qemu.
Apple could probably catch up with Amazon if they wanted to...or at least it could have back when Jobs was "inspiring" them. It wouldn't have been cheaper, but that's not the only way to win.
Yeah, but I thought it was 20 pounds, but perhaps that's a stone.
Which version...the Asimov, the Eando Binder, or the Movie?
No. EULAs are contracts of adhesion, and are considerably less valid that contracts that have been theoretically negotiated.
OTOH, IANAL. Check with a lawyer in your local jurisdiction before believing this. But almost everywhere you can't presume that just because something exists, even in a negotiated contract, that it will be enforceable. And contracts of adhesion are considerably weaker.
Sorry, but that's a part of the rush into the Singularity. Techno-optimists can paint it as an entirely rosy scenario, but they're only looking at one side of the coin as it flips in the air. (Actually there's a lot more than two ways that it could turn out.)
If I thought we had or could get sane governments, I'd be utterly opposed to the Singularity as too dangerous. But we've already been within 30 seconds of nuclear war, the military is not working on hypersonic missiles, and if we don't hit the Singularity first, I expect everyone to end up dead at the same time. Unfortunately, there's no guarantee that the Singularity won't be just as bad...but it *might* be everything people have hoped for.
One result of this plunge into the Singularity, however, is that jobs that take a long time and a lot of effort to acquire the skills to perform properly are likely to be automated away just as you are polishing your skills. And I see no way to predict what jobs won't be automated. Laughing at current implementations of, say, film editor doesn't mean you are far-sighted, it means the current implementations need to be significantly improved...but that's happening every day.
The "difficult-to-attain skillset" is usually just a way to become well-off rather than rich. Exceptions are where using or developing the skill-set is beset with dangers. E.g., some con-men become rich, but most either end up in jail or die broke.
No. Being moderately well-off has usually been based on merit...with some race thrown in. Being rich has *almost* always been based on rich parents and good social connections. There are exceptions, but they are exceptions.
I can't duplicate this precise story, but I feel the last good printer I bought was the HP G55...around 1998, but I'm not sure precisely.
N.B.: My requirements limit me to a multi-function ink-jet, I'm sure that there have been good printers made since then.
The last brother printer I bought never worked properly.
The printers I buy are all combination printer/scanner, and any other functions are both unneeded and unwanted, and they need to be inkjets because a) color printing is very important, and b) it used in a small enclosed area that also includes me...so lots of microparticles floating in the air is very undesirable.
Only HP has done what I want. Many refused to even work with Linux. I'm including Cannon. Epson was just unusably bad. The Brother scanner only worked with a particular version of the Linux OS, and when apt-get did a *minor* upgrade it stopped working.
That said, I'm not real happy with the HP either. It wouldn't print on colored paper except in draft mode, e.g., and it demands access to the internet which I really don't like. And it chokes on paper of altered thickness...the printing on which was one of the reasons I bought it.
Laser printers are great if you use them in an open and well ventilated area with no people stationed near them. Otherwise they are courting lung disease in maybe 20 years. (This isn't certain, as the particles are a different material and different size, but look up silicosis.)
That's not an approach if being humane is your goal. But some cats are quite efficient.