besides that, not the domain name, but your surfing habits and security measures mean a lot more than if it is a.com or even https. You are not safe on a safe reputable site. They can be hacked or host 3th party content (ADs?!)
Whenever the mission software fails at 3 AM due to bad tested software you might disagree. If the same people responsible for the software have a responsible task in developing it there will be far less outage, because it is in their interest to have software that keeps running.
It is not that hard The other model is to develop the application yourself instead of buying it. but the implication is that you become a software develop instead of doing the business you are actually good at. If your software does something better than the competitor then you might be a good developer.
No need to use nand fingerprinting here. And since card chips have a low amount of nand memory this fingerprinting method might not be reliabable anyway.
No... read again. If you run a TPM module (BAD certificate... HP how could you fuck up the certificate on a article on a TPM product...:X:X ) you get:
" HP-UX Trusted Computing Services (HP-UX TCS) provides software support for hardware-enforced key management "
Meaning that the TPM provider already providedd some means to create a unique identification, supported by $$$ hardware. HP determines what you can do wiht this id. You don't owe that hardware, HP does. But TPM hardware is required for trusted booting. Why add som cheap software hack is the TPM hardware has this capability. and you cannot apply the cheap software hack to simple software because the environment is not trusted (malware infested or virtualized)
The last line in TFA gives the problem in this scheme:
"If we run a secure boot or a reliable software-based attestation scheme before we ID a device, we know that there is no active malware that may modify the report that results from reading the machine identity. So we know that the reading actually comes from the intended block, and that it was done correctly."
However if this secure boot thingy is comprimised you can force to read it form a virtualized memory block that contains a forged block. . You can beat this with all secure hardware, but at that point having generic nand memory is not the point, because this "trusted" hardware will/can have a specialized chip that contains a non-tamperable key.
In reality the networks wil use it to blur out any logo's from companys that do not sponsor the show. F1 cars will be red instead of filled with sponsors.
Yes.. and why did they choose a non-native solution for a embedded platform? Are they aware how many cpu cycles (=battery power) ius wasted in pre-compiling code instead of doing something that could have been done on a development platform? Apple did that one right:Native apps save cpu cycles and improve response time.
A lighter car certainly will be more energy efficient. But your Daihatsu is a complicated beast, you better drive a simple 2cv to make a statement. You can fix it yourself and the footprint was made in the previous century.
But calling a prius transmission unreliable is not the truth in recent models. It works different that your rocket car, but that is not by definition complicated. The fact is that it is much harder to troubleshoot any modern car (as a non-professnional) then it was 20 years ago, due to all the electronics in the car.
Some secury enhancements like in se linux (or trustedbsd) would (could) be nice.
However, there is a strange effect that is "too much security". Examples: Create an password policy that is too complicated an people start to write down password on a note next to(taped under) their keyboard. Lock down a system too much and people will find workarounds not to use that system. Have a too complicated security policy and you need too many administrators (With god mode access) that configure the security.
Having a secure OS is one thing, designing secure way of work is a different way of thinking.
in a 101 course you should not play with things that could have bigger consequnese if something went wrong.
SO: -Eicar will trigger a virus scanner. easy enough. If it breaks free from the lab it will do no harm(as explained by others)
-If you want something hard to remove let them manually remove MSN live, or some other autoinstall package, where you remove in from the control panel, so the unintall option is not available.
-You want a package that can do more harm? Install VNC as a service by hand,and add RDP You can take over their PC for extra shock points.
Yup, because an other statistic in The Fine Article puts the usage at 60.03%. Surely 2 digits are more accurate than 0 digits, so you know which one is more accurate...
You did see with the Tesla car, when it ran hot, it goes into low power (emergency) mode, you can only drive at very slow speed so you can move you car out of the dangerous area, and wait to cool your your car down or until replace the defective sensor.
If something goes wrong at 205 mph? well, in that case you don't have to worry how to cut open the car, because the driver is probably very dead. solves that problem.
A exit node can pretend to be the real site, and do a MITM attack. For simple joes you would just send the data unencrypted to the tos user and hope he does not notice it is an unencrypted page. (THIS HAS BEEN OBSERVED IN THE WILD!!!)
3 letter agencies have their own root certificates and can reencrypt data that would be accepted by the browser as trusted. Only careful examinition of the certificate would show that is was issued by a differt CA.
The whole point of TOR is that you cannot trust you own governmet police. But browser do give your governmet a root certificate of trust. really.
1. They think those are the people who look up material that illegal 2. Running a sniffer on a tor exit node gives all kind of traffic that is anonymous, but not encrypted.
You are not told in this story WHY the police did not decide that there was no need for action. Maybe the dog was sold, or there was some dispute over the dog. The police is not disclosing this fact and maybe Dave Morehouse prefers it that the police does not reveals the entire story of the police investigation.
The police does have to keep in mind however if they are not doing anything to uphold the law, some frustrated civillion might break the cops their monopoly on violence and take the law into your own hands.
The dmca also uses the word effective. But there is little value to this word since it is no longer effective the second it is broken. Since DRM is desinged to create a copy the suer can see the content is decoded in at least one step. So there will be always a vector of attack to a DRM. By its very design DRM can only be partly effective.
But threathening with DCMA is a effective. Since a lawsuit cost a lot of money you need to take a lot of risk for a lawsuit where the outcome is doubtful.
-Something you know. (password) -Something you have (phone) -Something you are (voice print)
and make them more secure: -Password contain 20 chars -A one time pad that generates new password every 10 minutes. -Retinal laser scan combined with fingerprint scan.
By the way, loosing you phone does not loose your account, you will need to loose the password or some other secret as well. And even then you will have to need to trust the maintainers of the server.
Slashdot Mirror
the 404 also has an error now:
Forbidden
You don't have permission to access /sitemap8.xml on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Like verisign does for https certificates?
besides that, not the domain name, but your surfing habits and security measures mean a lot more than if it is a .com or even https. You are not safe on a safe reputable site. They can be hacked or host 3th party content (ADs?!)
Whenever the mission software fails at 3 AM due to bad tested software you might disagree. If the same people responsible for the software have a responsible task in developing it there will be far less outage, because it is in their interest to have software that keeps running.
It is not that hard The other model is to develop the application yourself instead of buying it. but the implication is that you become a software develop instead of doing the business you are actually good at. If your software does something better than the competitor then you might be a good developer.
Sorry. Should have used a different word than "non tamperable". how about Secured by specialized hardware, or fucking hard to break?
You are talking about a different kind of trust. TPM is about a architecture that has cryptographic means to protect the integrity.
Credit card chips have the capability to run in a trusted environment. See Here for a commercial example.
No need to use nand fingerprinting here. And since card chips have a low amount of nand memory this fingerprinting method might not be reliabable anyway.
No... read again. If you run a TPM module (BAD certificate... HP how could you fuck up the certificate on a article on a TPM product... :X :X ) you get:
" HP-UX Trusted Computing Services (HP-UX TCS) provides software support for hardware-enforced key management "
Meaning that the TPM provider already providedd some means to create a unique identification, supported by $$$ hardware. HP determines what you can do wiht this id. You don't owe that hardware, HP does. But TPM hardware is required for trusted booting. Why add som cheap software hack is the TPM hardware has this capability. and you cannot apply the cheap software hack to simple software because the environment is not trusted (malware infested or virtualized)
The last line in TFA gives the problem in this scheme:
"If we run a secure boot or a reliable software-based attestation scheme before we ID a device, we know that there is no active malware that may modify the report that results from reading the machine identity. So we know that the reading actually comes from the intended block, and that it was done correctly."
However if this secure boot thingy is comprimised you can force to read it form a virtualized memory block that contains a forged block. . You can beat this with all secure hardware, but at that point having generic nand memory is not the point, because this "trusted" hardware will/can have a specialized chip that contains a non-tamperable key.
in 1884? Wow!
In reality the networks wil use it to blur out any logo's from companys that do not sponsor the show. F1 cars will be red instead of filled with sponsors.
Yes.. and why did they choose a non-native solution for a embedded platform? Are they aware how many cpu cycles (=battery power) ius wasted in pre-compiling code instead of doing something that could have been done on a development platform? Apple did that one right :Native apps save cpu cycles and improve response time.
A lighter car certainly will be more energy efficient. But your Daihatsu is a complicated beast, you better drive a simple 2cv to make a statement. You can fix it yourself and the footprint was made in the previous century.
But calling a prius transmission unreliable is not the truth in recent models. It works different that your rocket car, but that is not by definition complicated. The fact is that it is much harder to troubleshoot any modern car (as a non-professnional) then it was 20 years ago, due to all the electronics in the car.
Some secury enhancements like in se linux (or trustedbsd) would (could) be nice.
However, there is a strange effect that is "too much security". Examples: Create an password policy that is too complicated an people start to write down password on a note next to(taped under) their keyboard.
Lock down a system too much and people will find workarounds not to use that system.
Have a too complicated security policy and you need too many administrators (With god mode access) that configure the security.
Having a secure OS is one thing, designing secure way of work is a different way of thinking.
The phone would call for you. That is why it is called a SMART phone.
in a 101 course you should not play with things that could have bigger consequnese if something went wrong.
SO:
-Eicar will trigger a virus scanner. easy enough. If it breaks free from the lab it will do no harm(as explained by others)
-If you want something hard to remove let them manually remove MSN live, or some other autoinstall package, where you remove in from the control panel, so the unintall option is not available.
-You want a package that can do more harm? Install VNC as a service by hand,and add RDP You can take over their PC for extra shock points.
Yup, because an other statistic in The Fine Article puts the usage at 60.03%. Surely 2 digits are more accurate than 0 digits, so you know which one is more accurate...
But then ..
I still do not see them cutting open the car. So that problem is solved anyway.
But you are right that such speeds should only be reached at racetracks that are designed to have survivable obstacles.
You did see with the Tesla car, when it ran hot, it goes into low power (emergency) mode, you can only drive at very slow speed so you can move you car out of the dangerous area, and wait to cool your your car down or until replace the defective sensor.
If something goes wrong at 205 mph? well, in that case you don't have to worry how to cut open the car, because the driver is probably very dead. solves that problem.
Even when they do:
A exit node can pretend to be the real site, and do a MITM attack. For simple joes you would just send the data unencrypted to the tos user and hope he does not notice it is an unencrypted page. (THIS HAS BEEN OBSERVED IN THE WILD!!!)
3 letter agencies have their own root certificates and can reencrypt data that would be accepted by the browser as trusted. Only careful examinition of the certificate would show that is was issued by a differt CA.
The whole point of TOR is that you cannot trust you own governmet police. But browser do give your governmet a root certificate of trust. really.
Those are far more interested in tor exit nodes.
1. They think those are the people who look up material that illegal
2. Running a sniffer on a tor exit node gives all kind of traffic that is anonymous, but not encrypted.
Yup... one atom is exactly the amount that is supported by current generation of the IBM hardware. So actually it is insightful instead of funny.
You are not told in this story WHY the police did not decide that there was no need for action. Maybe the dog was sold, or there was some dispute over the dog. The police is not disclosing this fact and maybe Dave Morehouse prefers it that the police does not reveals the entire story of the police investigation.
The police does have to keep in mind however if they are not doing anything to uphold the law, some frustrated civillion might break the cops their monopoly on violence and take the law into your own hands.
Do you really get a pinquin with an armour for free with that 1400 dollar a year support?
The dmca also uses the word effective. But there is little value to this word since it is no longer effective the second it is broken. Since DRM is desinged to create a copy the suer can see the content is decoded in at least one step. So there will be always a vector of attack to a DRM. By its very design DRM can only be partly effective.
But threathening with DCMA is a effective. Since a lawsuit cost a lot of money you need to take a lot of risk for a lawsuit where the outcome is doubtful.
Go for 3 factor?
-Something you know. (password)
-Something you have (phone)
-Something you are (voice print)
and make them more secure:
-Password contain 20 chars
-A one time pad that generates new password every 10 minutes.
-Retinal laser scan combined with fingerprint scan.
By the way, loosing you phone does not loose your account, you will need to loose the password or some other secret as well. And even then you will have to need to trust the maintainers of the server.