However, we are extended all sorts of credit, yet we wouldn't define it as debt until the payment is late. Just because you haven't yet paid for your meal or your gas doesn't mean you're in debt. It just means you have yet to pay.
Why would it have to go through America? Not all internet traffic flows through the borders of the US.
The US "control" of the internet is administrative control (address space allocation, DNS stuff, etc); it's not the hub for worldwide internet traffic.
I'm almost ashamed to admit this, but it did happen for the longest time. Ever get signed for something at Best Buy, but you swear that you never signed up for anything. Here is the trick that is used, and that I was taught from a Best Buy manager. When a customer would refuse either AOL, MSN, NetZero, magazine offers, or whatever other D-SUB we had, we'd sign you up anyway. You know those Best Buy gift cards that are all over the store? Well those are just American Express cards, with a Best Buy face. So, we'd go through the motions of selecting your address but when it asked for your credit card, we'd swipe through a gift card. Since it was an American Express card in reality, the system took it and you were signed up. The customer had to deal with the late fees because they couldn't charge the credit card the provided. Not our problem.
Just because the summary was so scarce on details: this has nothing to do with computers, OEMS, Windows, or OS bundling. It's not that same old story again.
This is about signing people up for MSN without their permission.
Sounds like stupid college students working at Best Buy getting a monthly prize for signing people up for MSN. Doesn't sound like a giant corporate scam. It also doesn't sound like this involves Microsoft at all. I've read the same story online, but replace Microsoft with Comcast (Cable or HSI) or DirecTV
From the AP article...
The dispute began in 2003, when James Odom sued the companies after purchasing a laptop computer at a Best Buy store. Odom alleged that Best Buy included a software CD with his purchase that provided a six-month free trial to MSN.
Best Buy allegedly signed Odom up an MSN account with the credit card Odom used to pay for the computer. After a six-month free trial ended, Microsoft began charging him for the account, the suit charged.
...
The lawsuit alleges the companies violated RICO by engaging in wire fraud when they electronically transmitted the plaintiffs' financial information. The plaintiffs are claiming damages in the "tens of millions," which if tripled would top $100 million, Girard said.
Microsoft has denied illegal conduct in response to these allegations and a Best Buy spokeswoman says the company does not comment on pending litigation.
The US has this thing called the PATRIOT act, and MS has agreements with some agencies allowing back-door access to data they host. Let's just say that I highly doubt this information will be protected from people working for US "security" agencies.
The thing that's awesome here is not just the joke (product with n+1 things is better than product with n things). The article is hilarious way beyond that joke because of how it's written.
Except that certificate just says "Microsoft Corporation" in the Subject. It may have been an attack vector for something like an ActiveX Control (where it asks if you trust "Microsoft Corporation"), but in the case of Windows Update, it's looking for code actually signed by an MS server, not a $99 Verisign SSL certificate with "Microsoft Corp" in the subject.
Also, that's REALLY old news. Take a look on any recently updated Windows box, and you'll see a certificate store titled "Untrusted publishers" and that exact certificate is in there. Now that that novel hack has been done, it's unlikely to happen again.
The only thing you could do with a compromised WSUS server is approve patches without the consent of the admin running it (not the worst thing in the world).
What you can't do is install arbitrary patches. Like has been said before, you need to be able to fake digital signatures from MS to install patches, and that's (currently) impossible.
The biggest problem I have with this update, is that it proves beyond any doubt that Microsoft deliberately placed a "hole" in the security of their OS for their own purposes.
Yawn...
You have to fake a digital signature from MS to install any patch for Windows. It's always been this way.
If a hacker figures out how to defeat the PKI infrastructure and fake the signature, then everyone has problems (ssh, encrypted email, https, etc), not just Microsoft.
Just a bunch of people bitching for no reason, trying to generate traffic to their blogs. Let's see...
The update only updated the Windows Update software itself, nothing in Windows.
It did not update if you have automatic updates turned off.
It did update if you had "Notify me" turned on. This is a point of contention, but MS says they needed to do the update to continue to notify users of actual updates.
Finally, this doesn't apply to any networks running a WSUS (or whatever it's called now) server.
True. At this point, there is only one implementation, however, which makes the spec easy to fix.
Also, do we know that the spec matches the software? Or is the software wrong, too? Specs sometimes getting written after the software, and then they can be wrong (and the software can be right).
This is mostly because MS had the more advanced software, and when prices came down, people actually *did* want to play videos on their devices, mostly because you can buy a 1GB SD card for $5 these days.
Well, there's more factors than that, but what seemed like overkill (color screens!?? no way!) is now standard, and the MS people were there first.
Slashdot Mirror
Try Calvin College...yeesh. Just because Taco went to Hope (bitter rivals)...grumble grumble...
Pictures of the telescope.
You're technically correct ("the best kind of correct").
However, we are extended all sorts of credit, yet we wouldn't define it as debt until the payment is late. Just because you haven't yet paid for your meal or your gas doesn't mean you're in debt. It just means you have yet to pay.
Wrong. Using credit gets you into debt, maybe, but not me. Credit does not get you into debt; debt comes from not repaying your creditors.
People these days just can't accept personal responsibility for things; it's ridiculous.
Why would it have to go through America? Not all internet traffic flows through the borders of the US.
The US "control" of the internet is administrative control (address space allocation, DNS stuff, etc); it's not the hub for worldwide internet traffic.
My thoughts exactly.
The title of the story made it sound like he said, "Android? That's just a press release, nothing more!"
Instead he made an insightful comment about MS's position in the Mobile OS market compared to Google's.
Nice map. Is it realtime somehow?
Yup.
Slashdot convention is when you say "you" you're addressing the parent who you replied to.
That having been said, I didn't write that, I quoted it. So, uh, go complain to the anonymous guy from Consumerist.
Replying to my own post, check this post from the Consumerist out...
Just because the summary was so scarce on details: this has nothing to do with computers, OEMS, Windows, or OS bundling. It's not that same old story again.
This is about signing people up for MSN without their permission.
Sounds like stupid college students working at Best Buy getting a monthly prize for signing people up for MSN. Doesn't sound like a giant corporate scam. It also doesn't sound like this involves Microsoft at all. I've read the same story online, but replace Microsoft with Comcast (Cable or HSI) or DirecTV
From the AP article...
Vista has these disabled by default (go ahead, look). :)
Good Lord...I know the fucking PATRIOT Act exists.
I was asking for proof that "MS has agreements with some agencies allowing back-door access to data they host." That's just malarkey.
Proof?
Not a special privilege. Anyone can use copyright and patents.
Sorry, how do any of those examples have anything to do with a certificate subject hack?
The specific examples you mention are of a stolen laptop, which has nothing to do with cryptography.
Did you read the article?
The thing that's awesome here is not just the joke (product with n+1 things is better than product with n things). The article is hilarious way beyond that joke because of how it's written.
YES!!!!!!
Mod parent up, please, and while you're doing that, read this:
http://www.theonion.com/content/node/33930
Except that certificate just says "Microsoft Corporation" in the Subject. It may have been an attack vector for something like an ActiveX Control (where it asks if you trust "Microsoft Corporation"), but in the case of Windows Update, it's looking for code actually signed by an MS server, not a $99 Verisign SSL certificate with "Microsoft Corp" in the subject.
Also, that's REALLY old news. Take a look on any recently updated Windows box, and you'll see a certificate store titled "Untrusted publishers" and that exact certificate is in there. Now that that novel hack has been done, it's unlikely to happen again.
The only thing you could do with a compromised WSUS server is approve patches without the consent of the admin running it (not the worst thing in the world).
What you can't do is install arbitrary patches. Like has been said before, you need to be able to fake digital signatures from MS to install patches, and that's (currently) impossible.
Yawn...
You have to fake a digital signature from MS to install any patch for Windows. It's always been this way.
If a hacker figures out how to defeat the PKI infrastructure and fake the signature, then everyone has problems (ssh, encrypted email, https, etc), not just Microsoft.
Just a bunch of people bitching for no reason, trying to generate traffic to their blogs. Let's see...
The update only updated the Windows Update software itself, nothing in Windows.
It did not update if you have automatic updates turned off.
It did update if you had "Notify me" turned on. This is a point of contention, but MS says they needed to do the update to continue to notify users of actual updates.
Finally, this doesn't apply to any networks running a WSUS (or whatever it's called now) server.
True. At this point, there is only one implementation, however, which makes the spec easy to fix.
Also, do we know that the spec matches the software? Or is the software wrong, too? Specs sometimes getting written after the software, and then they can be wrong (and the software can be right).
It's Krusty.
Hopefully the spec will be fixed. A spec is even more easily fixed than software!
The whole site wouldn't pass the NPOV test. It ought to be just applefanboy.com
This is mostly because MS had the more advanced software, and when prices came down, people actually *did* want to play videos on their devices, mostly because you can buy a 1GB SD card for $5 these days.
Well, there's more factors than that, but what seemed like overkill (color screens!?? no way!) is now standard, and the MS people were there first.