Your idea is not a money-maker, but thanks for playing.
From what I've seen, the primary reason Wordpress installs get exploited is to install advertisements or links across every page of the site. The links are intended to boost somerandompharmacy.ru's Google pagerank, to the benefit of its owner. The advertisements generate revenue if someone clicks them. Sometimes they'll add a drive-by browser exploit to own visitors directly, who knows what they do to monetize that; ransomware, bank trojans, etc.
If you don't see any financial motive for these compromises, you aren't thinking hard enough.
Certified ADS-B transponders run multiple thousands of dollars, but as with everything in aviation, much of that cost comes not from the product but from the certification process. The hardware itself is not necessarily expensive. Proving to the FAA that the hardware is safe and reliable, and maintaining insurance coverage for when NTSB inevitably cites the device as a contributing factor to an accident, is what incurs the expense for manufacturers and why the prices are so high.
There are pilots building battery powered homebrew ADS-B receivers out of a Raspberry Pi and a USB software-defined radio tuner. The whole setup runs around $120. They aren't FAA certified, of course, but are not required to be since all they do is receive. It wouldn't be difficult to turn this design into a transponder with little additional weight. Surely it's conceivable to manufacture something even lighter and smaller and less expensive when done on a large scale, if the certification requirements were set reasonably enough to make such a unit commercially viable for consumer level "drones."
Hold up, as the summary doesn't jive with the facts. From the DOJ's release, emphasis mine,
According to industry estimates, Citadel, and other botnets like it, infected approximately 11 million computers worldwide and are responsible for over $500 million in losses. In 2012, Belorossov downloaded a version of Citadel, which he then used to operate a Citadel botnet primarily from Russia. Belorossov remotely controlled over 7,000 victim bots, including at least one infected computer system with an IP address resolving to the Northern District of Georgia.
This guy didn't create the malware, he wasn't responsible for 11 million infections, nor was he responsible for $500 million in losses. He downloaded and tweaked some existing bank trojan, got it onto 7,000 computers, and stole some undetermined amount of money, which the DOJ has not disclosed but which is probably much closer to his restitution amount of ~$320K than it is to $500M.
You haven't been able to buy a Slashdot subscription in forever, maybe for as long as Dice has been our steward. I still occasionally see someone with an asterisk and wonder what's going on there, did they buy a million pageviews way back when?
Look, we all know that marketing materials are fluff, and should not be relied upon when buying or using a piece of equipment.
The problem is that "we all" don't know that; in fact there are so many millions of people who don't know that, we have a Federal Trade Commission with the authority to regulate marketing materials. Sony's advertising explicitly infers using this phone to take photos of someone underwater in a swimming pool. If the phone is not intended or designed to be used that way, then depicting that exact activity in marketing materials is not okay.
It seems fairly obvious to me that by "water proof" they mean "water resistant" and they make it clear that it is not designed for dedicated underwater use such as a GoPro-like device. But you can probably still drop it in your toilet and it will work after being fished out.
It was obvious to me that those Enzyte pills with "Smiling Bob" were snake oil, that didn't stop the company from being bankrupted or the owners from going to prison. If this phone isn't designed for underwater use then Sony should not be permitted to promote it that way. Their website should show an image of a phone being fished out of a toilet, perhaps, not an image of someone photographing swimmers underwater.
Doesn't seem to be that hard, from what I've read.
You're being quite optimistic. This isn't autopilot or TCAS where you're separated from traffic by miles horizontally and thousands of vertical feet with plenty of time for human intervention. A self-driving car will have to respond in millisecond time to unexpected threats (tire blowout, deer darting into the roadway, etc.) and instantly coordinate that response with dozens of vehicles in immediate proximity. We'll get there eventually, but it's going to be many years in the making.
As someone who drives a GM car that came with an OnStar antenna, a rearview mirror full of OnStar buttons, and an OnStar free trial... How do I determine whether or not my car is vulnerable? Whether it received the patch? Which generation of OnStar my car has?
I haven't had anything to do with OnStar since I was driving down the interstate and suddenly received a loud and unexpected phone call from a fucking OnStar telemarketer. My trial, which came with the car and which I hadn't used, was about to expire, so they decided to make a sales call. To my car. While I was driving. Out of nowhere, the car muted the radio, made some very loud dinging noises, and started blasting an unknown woman's voice over the stereo system while I was driving down the highway. She's asking me if I want to sign up for OnStar at such and such monthly rate. I have never been so distracted by anything while behind the wheel of a car, and vowed never to use any OnStar service again.
I'd just like to know whether or not the OnStar in my car, which I had hoped was disabled after not paying for it, will attempt to kill me again.
I'm with you, I don't see how their new logo conveys how people "interact with Google products across many different platforms, apps and devices-sometimes all in a single day" any more or less than the old one did. It's a logo. It says "Google." Nothing about the old logo or the new one infers usage from a desktop PC, a phone, a tablet, or anything else, and they could have added the new microphone icon and whatever else without changing the logo. It's their brand to play with, but the justification doesn't make sense, they could have just said "we thought we needed a crisp new look."
The one example the summary gives is murder because that was the most egregious attempt at covering up the Stingray's use. The examples of smaller crimes begin in the first sentence of the article.
BALTIMORE - The crime itself was ordinary: Someone smashed the back window of a parked car one evening and ran off with a cellphone. What was unusual was how the police hunted the thief.
There are a few more.
Police in Tallahassee used their stingray to track a woman wanted for check forging [...] Tacoma, Wash., police used theirs to try to find a stolen city laptop [...] Other departments have acknowledged that they planned to use their stingrays for solving street crimes.
And they're not just going after suspects; if you might have witnessed a robbery, your phone is apparently fair game, too!
Usually they were searching for suspects, but occasionally, the records show they used the devices to track down witnesses. The most common use by far was solving robberies.
Except YOUR device explicitly connects to their tower and tells them everything.
If I pick up a tapped or pen-registered landline phone and start dialing, my device is explicitly sending a series of tones that tells them everything, but they need a warrant to use that equipment. Why should it be any different just because we're discussing cellphones instead of landlines? "But, it's [new technology]!" does not obviate the need for a warrant.
It's like governments have abrogated their duty to protect people from this kind of shit and companies like Uber and Lenovo are having a field day.
Governments love this shit. The more data Uber and Lenovo and Samsung and Spotify collect about you, the more data the government can subpoena (or just take without a subpoena). These companies have become, in effect, agents of the government.
I remember read it somewhere that many later leaking documents only named after Snowden to cover the real sources.
We can reasonably assume that any documents containing dates or references beyond June 2013 didn't come from Snowden. He himself denies providing the documentation of NSA's spying on Angela Merkel. Bruce Schneier has a blog entry making the case for multiple individuals. It seems likely to me that there are at least three, counting Snowden (and not counting Manning).
In any event, the NYT article about the latest set of documents says "AT&T's cooperation has involved a broad range of classified activities, according to the documents, which date from 2003 to 2013" and goes on to explicitly source them to Snowden.
I'm sick and tired of seeing that a new version of an app is available, and the sole contents of what the update changes is "bug fixes."
Well if they were honest and said "Fixed more edge cases where ads weren't displaying" or "Increased the frequency of GPS coordinate tracking," nobody would install the update...
No kidding, reminds me of the LifeLock CEO putting his social security number on billboards claiming nobody can steal his identity. It's been stolen, what, 13 times now? I'd never heard of this Hirshon fellow but now he's painted a giant bullseye on himself, Streisand-style. Everyone who encounters him is going to be sneaking a photo.
You can go to about:config and set the value for pdfjs.disabled to true, or create that setting (boolean type) if it doesn't exist. That'll cause Firefox to pop up a download dialog when you click a PDF link, and you can use something like Sumatra to open the file.
The precedent was set long ago. ISPs regularly disconnect customers whose systems are spewing out spam email, participating in DDoS attacks, etc. The approach varies a bit depending upon the provider and the client's service level; consumers will usually be cut off without warning and enterprise connections might get a phone call or email first, but responsible providers act quickly on abuse complaints. Irresponsible providers often find themselves losing various bits of connectivity to the rest of the world.
Imagine malware which downloads porn, and you deny internet access to everyone who downloads porn because they must be "infected"
Maybe in the UK or Iran, but that isn't a net abuse issue, it's an issue of oppressive government.
This headline reminds me of the "enter your credit card number here to see if it's been stolen" type of things. I realize that's not what's going on here, but that form asks for a lot, and while much of it is optional, I'm hesitant to touch it.
Biometric markers are not security and should never be used as more than one component of a multifactor approach. Any system created to read and authenticate a biometric identifier can already be tricked by today's technology into accepting either a reproduction of that identifier or a surreptitiously obtained sample of the true identifier. Fingerprints can be lifted and faked; blood or other molecular scans can be fooled by misappropriated material; even iris scans can be forged. It's really not hard to get someone's fingerprint, hair, blood, saliva, iris scan, or similar if you have more than a passing interest. Tomorrow's public technology will make it even simpler for small-time criminals, and heaven only knows what level of planting/forgery law enforcement and intelligence are already capable of.
For many years, when I've objected to biometrics by saying things like "my fingerprint is irrevocable, it isn't like a password where I can just change it once it's compromised," the counter-argument has always been "oh don't worry, no one is actually keeping *scans* of your fingerprints, they're condensed into some mathematical hash." That might be accurate for the fingerprint scanner on your iPhone, but it's bullshit when it comes to the government. The recent OPM compromise has many outlets reporting that federal employees' fingerprints themselves were compromised. Not hashes, but fingerprints that can be reproduced, either ink on paper or the high-res digital version that I'm more familiar with. I'm ready and willing to listen to the government's opinion on how those will be replaced...
Anyone relying on biometrics for security is in for a Bad Time.
Slashdot Mirror
Your idea is not a money-maker, but thanks for playing.
From what I've seen, the primary reason Wordpress installs get exploited is to install advertisements or links across every page of the site. The links are intended to boost somerandompharmacy.ru's Google pagerank, to the benefit of its owner. The advertisements generate revenue if someone clicks them. Sometimes they'll add a drive-by browser exploit to own visitors directly, who knows what they do to monetize that; ransomware, bank trojans, etc.
If you don't see any financial motive for these compromises, you aren't thinking hard enough.
Certified ADS-B transponders run multiple thousands of dollars, but as with everything in aviation, much of that cost comes not from the product but from the certification process. The hardware itself is not necessarily expensive. Proving to the FAA that the hardware is safe and reliable, and maintaining insurance coverage for when NTSB inevitably cites the device as a contributing factor to an accident, is what incurs the expense for manufacturers and why the prices are so high.
There are pilots building battery powered homebrew ADS-B receivers out of a Raspberry Pi and a USB software-defined radio tuner. The whole setup runs around $120. They aren't FAA certified, of course, but are not required to be since all they do is receive. It wouldn't be difficult to turn this design into a transponder with little additional weight. Surely it's conceivable to manufacture something even lighter and smaller and less expensive when done on a large scale, if the certification requirements were set reasonably enough to make such a unit commercially viable for consumer level "drones."
Hold up, as the summary doesn't jive with the facts. From the DOJ's release, emphasis mine,
According to industry estimates, Citadel, and other botnets like it, infected approximately 11 million computers worldwide and are responsible for over $500 million in losses. In 2012, Belorossov downloaded a version of Citadel, which he then used to operate a Citadel botnet primarily from Russia. Belorossov remotely controlled over 7,000 victim bots, including at least one infected computer system with an IP address resolving to the Northern District of Georgia.
This guy didn't create the malware, he wasn't responsible for 11 million infections, nor was he responsible for $500 million in losses. He downloaded and tweaked some existing bank trojan, got it onto 7,000 computers, and stole some undetermined amount of money, which the DOJ has not disclosed but which is probably much closer to his restitution amount of ~$320K than it is to $500M.
You haven't been able to buy a Slashdot subscription in forever, maybe for as long as Dice has been our steward. I still occasionally see someone with an asterisk and wonder what's going on there, did they buy a million pageviews way back when?
Look, we all know that marketing materials are fluff, and should not be relied upon when buying or using a piece of equipment.
The problem is that "we all" don't know that; in fact there are so many millions of people who don't know that, we have a Federal Trade Commission with the authority to regulate marketing materials. Sony's advertising explicitly infers using this phone to take photos of someone underwater in a swimming pool. If the phone is not intended or designed to be used that way, then depicting that exact activity in marketing materials is not okay.
It seems fairly obvious to me that by "water proof" they mean "water resistant" and they make it clear that it is not designed for dedicated underwater use such as a GoPro-like device. But you can probably still drop it in your toilet and it will work after being fished out.
It was obvious to me that those Enzyte pills with "Smiling Bob" were snake oil, that didn't stop the company from being bankrupted or the owners from going to prison. If this phone isn't designed for underwater use then Sony should not be permitted to promote it that way. Their website should show an image of a phone being fished out of a toilet, perhaps, not an image of someone photographing swimmers underwater.
Doesn't seem to be that hard, from what I've read.
You're being quite optimistic. This isn't autopilot or TCAS where you're separated from traffic by miles horizontally and thousands of vertical feet with plenty of time for human intervention. A self-driving car will have to respond in millisecond time to unexpected threats (tire blowout, deer darting into the roadway, etc.) and instantly coordinate that response with dozens of vehicles in immediate proximity. We'll get there eventually, but it's going to be many years in the making.
As someone who drives a GM car that came with an OnStar antenna, a rearview mirror full of OnStar buttons, and an OnStar free trial... How do I determine whether or not my car is vulnerable? Whether it received the patch? Which generation of OnStar my car has?
I haven't had anything to do with OnStar since I was driving down the interstate and suddenly received a loud and unexpected phone call from a fucking OnStar telemarketer. My trial, which came with the car and which I hadn't used, was about to expire, so they decided to make a sales call. To my car. While I was driving. Out of nowhere, the car muted the radio, made some very loud dinging noises, and started blasting an unknown woman's voice over the stereo system while I was driving down the highway. She's asking me if I want to sign up for OnStar at such and such monthly rate. I have never been so distracted by anything while behind the wheel of a car, and vowed never to use any OnStar service again.
I'd just like to know whether or not the OnStar in my car, which I had hoped was disabled after not paying for it, will attempt to kill me again.
I'm with you, I don't see how their new logo conveys how people "interact with Google products across many different platforms, apps and devices-sometimes all in a single day" any more or less than the old one did. It's a logo. It says "Google." Nothing about the old logo or the new one infers usage from a desktop PC, a phone, a tablet, or anything else, and they could have added the new microphone icon and whatever else without changing the logo. It's their brand to play with, but the justification doesn't make sense, they could have just said "we thought we needed a crisp new look."
The one example the summary gives is murder because that was the most egregious attempt at covering up the Stingray's use. The examples of smaller crimes begin in the first sentence of the article.
BALTIMORE - The crime itself was ordinary: Someone smashed the back window of a parked car one evening and ran off with a cellphone. What was unusual was how the police hunted the thief.
There are a few more.
Police in Tallahassee used their stingray to track a woman wanted for check forging [...] Tacoma, Wash., police used theirs to try to find a stolen city laptop [...] Other departments have acknowledged that they planned to use their stingrays for solving street crimes.
And they're not just going after suspects; if you might have witnessed a robbery, your phone is apparently fair game, too!
Usually they were searching for suspects, but occasionally, the records show they used the devices to track down witnesses. The most common use by far was solving robberies.
Except YOUR device explicitly connects to their tower and tells them everything.
If I pick up a tapped or pen-registered landline phone and start dialing, my device is explicitly sending a series of tones that tells them everything, but they need a warrant to use that equipment. Why should it be any different just because we're discussing cellphones instead of landlines? "But, it's [new technology]!" does not obviate the need for a warrant.
Bitcoin, perfect for all your illegal extortion needs. What a shining endorsement!
It's like governments have abrogated their duty to protect people from this kind of shit and companies like Uber and Lenovo are having a field day.
Governments love this shit. The more data Uber and Lenovo and Samsung and Spotify collect about you, the more data the government can subpoena (or just take without a subpoena). These companies have become, in effect, agents of the government.
I remember read it somewhere that many later leaking documents only named after Snowden to cover the real sources.
We can reasonably assume that any documents containing dates or references beyond June 2013 didn't come from Snowden. He himself denies providing the documentation of NSA's spying on Angela Merkel. Bruce Schneier has a blog entry making the case for multiple individuals. It seems likely to me that there are at least three, counting Snowden (and not counting Manning).
In any event, the NYT article about the latest set of documents says "AT&T's cooperation has involved a broad range of classified activities, according to the documents, which date from 2003 to 2013" and goes on to explicitly source them to Snowden.
Where was Captain Obvious ten years ago?
She was (and still is) here. Alas, as you mentioned, no one wanted to listen.
what did AT&T get out of this?
Millions of dollars at the very least (see: RSA). Perhaps billions, considering the vast scale.
Here are a few others, and some scheduled tasks that I was surprised to find on Windows 7 machines.
No, squirting women are clearly the true threat to the Empire.
I'm sick and tired of seeing that a new version of an app is available, and the sole contents of what the update changes is "bug fixes."
Well if they were honest and said "Fixed more edge cases where ads weren't displaying" or "Increased the frequency of GPS coordinate tracking," nobody would install the update...
Interesting ploy, but can't Uber figure out through GPS tracking that the rides never happened?
No kidding, reminds me of the LifeLock CEO putting his social security number on billboards claiming nobody can steal his identity. It's been stolen, what, 13 times now? I'd never heard of this Hirshon fellow but now he's painted a giant bullseye on himself, Streisand-style. Everyone who encounters him is going to be sneaking a photo.
You can go to about:config and set the value for pdfjs.disabled to true, or create that setting (boolean type) if it doesn't exist. That'll cause Firefox to pop up a download dialog when you click a PDF link, and you can use something like Sumatra to open the file.
Get a pen and paper draft a new decleration of independence and ignore the old consitution.
Isn't that pretty much what the TPP authors are doing already?
The precedent was set long ago. ISPs regularly disconnect customers whose systems are spewing out spam email, participating in DDoS attacks, etc. The approach varies a bit depending upon the provider and the client's service level; consumers will usually be cut off without warning and enterprise connections might get a phone call or email first, but responsible providers act quickly on abuse complaints. Irresponsible providers often find themselves losing various bits of connectivity to the rest of the world.
Imagine malware which downloads porn, and you deny internet access to everyone who downloads porn because they must be "infected"
Maybe in the UK or Iran, but that isn't a net abuse issue, it's an issue of oppressive government.
This headline reminds me of the "enter your credit card number here to see if it's been stolen" type of things. I realize that's not what's going on here, but that form asks for a lot, and while much of it is optional, I'm hesitant to touch it.
Biometric markers are not security and should never be used as more than one component of a multifactor approach. Any system created to read and authenticate a biometric identifier can already be tricked by today's technology into accepting either a reproduction of that identifier or a surreptitiously obtained sample of the true identifier. Fingerprints can be lifted and faked; blood or other molecular scans can be fooled by misappropriated material; even iris scans can be forged. It's really not hard to get someone's fingerprint, hair, blood, saliva, iris scan, or similar if you have more than a passing interest. Tomorrow's public technology will make it even simpler for small-time criminals, and heaven only knows what level of planting/forgery law enforcement and intelligence are already capable of.
For many years, when I've objected to biometrics by saying things like "my fingerprint is irrevocable, it isn't like a password where I can just change it once it's compromised," the counter-argument has always been "oh don't worry, no one is actually keeping *scans* of your fingerprints, they're condensed into some mathematical hash." That might be accurate for the fingerprint scanner on your iPhone, but it's bullshit when it comes to the government. The recent OPM compromise has many outlets reporting that federal employees' fingerprints themselves were compromised. Not hashes, but fingerprints that can be reproduced, either ink on paper or the high-res digital version that I'm more familiar with. I'm ready and willing to listen to the government's opinion on how those will be replaced...
Anyone relying on biometrics for security is in for a Bad Time.
What word do you propose we use to mean "to swindle by assuming a false identity online"?
Scam, defraud, or even just swindle; we have plenty of words to use for that already.