Sure I travel, and like you no pick pocket could take my passport, but the vast majority of people aren't very smart. Regardless, the point was that your eye color, height, and weight can all be obtained by reading the printed info, or perhaps by someone just looking at you as you walk by. There's nothing on the passport that's worth going to the trouble to obtain.
The various articles seem to suggest that the data accessible on the RFID chip is actually printed on the passport anyway. So what's the big deal? For anyone sufficiently inclined to obtain the data they could simply open your passport and read it. Granted the chip makes it easier to obtain this "sensitive" data, but to own and operate the technology to achieve this seems to be no less complex than having a $20 pick-pocket help you get it. In addition, who cares whether it can be copied to another RFID chip? To make that "cloned" data useful, the actual physical passport still needs to be adequately forged and that's not trivial. This "hack" does not seem to have a negative impact on the security of passports. Sure, it doesn't advance their security any, but neither does it detract from it?
10) find big remote vulnerability in product 20) perfect the exploit 30) have fun with it for months 40) find another big hole in same product 50) perfect exploit for hole 60) alert vendor about original hole 70) have fun with new hole 80) goto 40
10) find big remote vulnerability in product 20) perfect the exploit 30) have fun with it for months 40) find another big hole in same product 50) perfect exploit for hole 60) alert vendor about original hole 70) have fun with new hole 80) goto 40
Some close friends of mine adopted a child from Russia. While they were in the country completing the adoption process the child fell sick and they had to charge a lot of medical bills. Their bank, after spotting the change in account activity, did lock the account quite quickly. Was that the right action? It caused my friends a lot of trouble and stress. What's required is a mechanism for customers to inform their banks of expected irregular account activity.
As I was busy setting up httptunnel to get around a strict application layer http-no-direct-connect proxy last week (to liven up a boring training class I was at) it occured to me it'd be handy to tunnel tcp/ip over http get/put's. This is not a million miles away from that idea... hmm...
Sun has enough fingers in enough pies that will keep it going strong regardless of where it's open source strategy goes. The recent deal with the Chinese standard software company shows that it can leverage open source products without having to open source anything so big as Java to establish their commitment.
"Although this means that Intel could bring a 32/64-bit chip to PCs soon, Barrett said the company has no plans do so in the near future."
Right, so introducing a 32bit/64bit "server chip" is absolutely NOTHING like introducing a "desktop chip". They still clearly are pretending that they are not competing with AMD's strategy. Who are they kidding?
I charge my family and friends a standard callout fee of 1 cookie, and then 1 cookie per hour onwards up to 4 hours where a sandwhich is then required. A beer is required on the 8th hour, as is another sandwhich.
I know the point of Slashdot is to collect and present stories of interest to technology oriented people, but is there really any need to print at least one story from each print edition of Wired, every single month without fail? I already have a wired subscription thanks!:-P
Media should be sold like electricity- with people paying a regular fixed fee to a chosen company. That way they can own content in whatever format they like, copy from whoever else has a license, use the media on whatever platform they like, and best of all the media giants could have a steady and predictable source of income.
You can bet they wont rush THAT fix onto windowsupdate.com
Any technology takes YEARS to establish
on
Is Bluetooth Dead?
·
· Score: 1
Bluetooth is just getting started. It's finally possible to buy $20-$30 adapters for PCs, it's going into cars now, keyboards and mice are finally coming out with it: the technology is primed to explode in use!
It's taken so long to get going beacause chip prices were originally too high to enable use in low cost devices such as those mentioned above, but now economies of scale have finally kicked in, demand is picking up as the prices have fallen.
This is exactly why it will become ubiquitous- any competition technology emerging right now has got the same steep "economies of scale curve" to work through before it picks up. Other technology might be on the market, or nearly on the market, but it's years from being on the tongue of Joe Consumer.
PS: Take USB- that took well over 5 years to get going properly, and now there's no stopping it.
How about a device on your phone line that immediately answered the call and gave the caller something like this:
"Hello, Press 1 to enter the line pin number and immediately ring the home phone, or press 2 to enter a valid VISA number which we will charge $50 if we subsequently consider your call to be unsolicited commercial marketing."
You could just use the standard credit card validation algorithm, it's not like you'd need a real time link to a bank or anything:-)
The Sun newspaper is notorious for printing stories that have little or no basis in truth. It's also written in a style geared towards readers with a mental age of 12.
At a big company I have a relationship with, after the executives recieved the original warning letter SCO sent out to 100's of top companies, projects around the company involving linux were forced on hold or cancelled.
Hundreds of man hours of labour have been wasted.
This must be the case at other big corporations, and if so, wouldn't some sort of class action suit be in order?
Can you imagine how quickly SCO would crumble if many of the Fortune 500 companies and lots of other big institutions got involved?
The protocol isn't the problem
on
Replacing SMTP?
·
· Score: 1
It doesn't matter what new protocol you introduce to enable servers to exchange mail, at the end of the day someone is always going to be able to get a legit webmail account somewhere and shove a ton of mail out through it.
The real problem is being able to make people accountable for the traffic that comes from their IP address, regardless of the protocol it comes via. Of course whether that is desirable or not is a different matter.
It's just a simple fact that if you use an unregulated commmunication channel there's going to be data coming down it you might not like.
I think it's one thing for a little team to build a narrow electric car where the government spent billions and failed, but another entirely to do sub orbital flights where the resources of NASA are still not enough to prevent tragedies like the shuttle accidents. Serious life loss is surely imminent, but the most ironic thing of all is that even if some people do make it up and down again, it can surely never lead to actual orbital flights as the engineering and physics problems associated with getting in an out of the atmosphere really do need astronomical resources to solve?
10) find big remote vulnerability in product 20) perfect the exploit 30) have fun with it for months 40) find another big hole in same product 50) perfect exploit for hole 60) alert vendor about original hole 70) have fun with new hole 80) goto 40
Slashdot Mirror
Sure I travel, and like you no pick pocket could take my passport, but the vast majority of people aren't very smart. Regardless, the point was that your eye color, height, and weight can all be obtained by reading the printed info, or perhaps by someone just looking at you as you walk by. There's nothing on the passport that's worth going to the trouble to obtain.
The various articles seem to suggest that the data accessible on the RFID chip is actually printed on the passport anyway. So what's the big deal? For anyone sufficiently inclined to obtain the data they could simply open your passport and read it. Granted the chip makes it easier to obtain this "sensitive" data, but to own and operate the technology to achieve this seems to be no less complex than having a $20 pick-pocket help you get it. In addition, who cares whether it can be copied to another RFID chip? To make that "cloned" data useful, the actual physical passport still needs to be adequately forged and that's not trivial. This "hack" does not seem to have a negative impact on the security of passports. Sure, it doesn't advance their security any, but neither does it detract from it?
Once again, as noted previously here and here:
10) find big remote vulnerability in product
20) perfect the exploit
30) have fun with it for months
40) find another big hole in same product
50) perfect exploit for hole
60) alert vendor about original hole
70) have fun with new hole
80) goto 40
"This is more a new concept than a new technology, and the real version may still be a year or two away."
Boy those Microsoft Reserchers are really innovative. I don't know how they keep managing to come up with this stuff
Once again: (original at http://slashdot.org/comments.pl?sid=71367&cid=645
10) find big remote vulnerability in product
20) perfect the exploit
30) have fun with it for months
40) find another big hole in same product
50) perfect exploit for hole
60) alert vendor about original hole
70) have fun with new hole
80) goto 40
Some close friends of mine adopted a child from Russia. While they were in the country completing the adoption process the child fell sick and they had to charge a lot of medical bills. Their bank, after spotting the change in account activity, did lock the account quite quickly. Was that the right action? It caused my friends a lot of trouble and stress. What's required is a mechanism for customers to inform their banks of expected irregular account activity.
How is it possible in this era of security issues that new standards are still being drawn up without security being a requirement?
As I was busy setting up httptunnel to get around a strict application layer http-no-direct-connect proxy last week (to liven up a boring training class I was at) it occured to me it'd be handy to tunnel tcp/ip over http get/put's. This is not a million miles away from that idea... hmm...
Get a laptop and stash it in a desk drawer. I do this and I hear no sound at all even in the dead of the night.
Sun has enough fingers in enough pies that will keep it going strong regardless of where it's open source strategy goes. The recent deal with the Chinese standard software company shows that it can leverage open source products without having to open source anything so big as Java to establish their commitment.
"These have been improperly copied into Linux 2.6.0 at lines 127 (Tab 20) and 201-240 (Tab 21)"
First time I've seen mention of problems in 2.6?
"Although this means that Intel could bring a 32/64-bit chip to PCs soon, Barrett said the company has no plans do so in the near future."
Right, so introducing a 32bit/64bit "server chip" is absolutely NOTHING like introducing a "desktop chip". They still clearly are pretending that they are not competing with AMD's strategy. Who are they kidding?
hmm do a file to see what is text, then count the lines of everything that is text?
I charge my family and friends a standard callout fee of 1 cookie, and then 1 cookie per hour onwards up to 4 hours where a sandwhich is then required. A beer is required on the 8th hour, as is another sandwhich.
It works very well.
I know the point of Slashdot is to collect and present stories of interest to technology oriented people, but is there really any need to print at least one story from each print edition of Wired, every single month without fail? I already have a wired subscription thanks! :-P
Media should be sold like electricity- with people paying a regular fixed fee to a chosen company. That way they can own content in whatever format they like, copy from whoever else has a license, use the media on whatever platform they like, and best of all the media giants could have a steady and predictable source of income.
You can bet they wont rush THAT fix onto windowsupdate.com
Bluetooth is just getting started. It's finally possible to buy $20-$30 adapters for PCs, it's going into cars now, keyboards and mice are finally coming out with it: the technology is primed to explode in use!
It's taken so long to get going beacause chip prices were originally too high to enable use in low cost devices such as those mentioned above, but now economies of scale have finally kicked in, demand is picking up as the prices have fallen.
This is exactly why it will become ubiquitous- any competition technology emerging right now has got the same steep "economies of scale curve" to work through before it picks up. Other technology might be on the market, or nearly on the market, but it's years from being on the tongue of Joe Consumer.
PS: Take USB- that took well over 5 years to get going properly, and now there's no stopping it.
How about a device on your phone line that immediately answered the call and gave the caller something like this:
:-)
"Hello, Press 1 to enter the line pin number and immediately ring the home phone, or press 2 to enter a valid VISA number which we will charge $50 if we subsequently consider your call to be unsolicited commercial marketing."
You could just use the standard credit card validation algorithm, it's not like you'd need a real time link to a bank or anything
Take measures to force compliance, is what I remember the letter saying?
:-)
Perhaps they have a bunch of servers ready to serve as the com & net name servers, and they'll just shove out a little update to the root?
The Sun newspaper is notorious for printing stories that have little or no basis in truth. It's also written in a style geared towards readers with a mental age of 12.
At a big company I have a relationship with, after the executives recieved the original warning letter SCO sent out to 100's of top companies, projects around the company involving linux were forced on hold or cancelled.
Hundreds of man hours of labour have been wasted.
This must be the case at other big corporations, and if so, wouldn't some sort of class action suit be in order?
Can you imagine how quickly SCO would crumble if many of the Fortune 500 companies and lots of other big institutions got involved?
It doesn't matter what new protocol you introduce to enable servers to exchange mail, at the end of the day someone is always going to be able to get a legit webmail account somewhere and shove a ton of mail out through it.
The real problem is being able to make people accountable for the traffic that comes from their IP address, regardless of the protocol it comes via. Of course whether that is desirable or not is a different matter.
It's just a simple fact that if you use an unregulated commmunication channel there's going to be data coming down it you might not like.
I think it's one thing for a little team to build a narrow electric car where the government spent billions and failed, but another entirely to do sub orbital flights where the resources of NASA are still not enough to prevent tragedies like the shuttle accidents. Serious life loss is surely imminent, but the most ironic thing of all is that even if some people do make it up and down again, it can surely never lead to actual orbital flights as the engineering and physics problems associated with getting in an out of the atmosphere really do need astronomical resources to solve?
Being from the little town where Bennet is from
10) find big remote vulnerability in product
20) perfect the exploit
30) have fun with it for months
40) find another big hole in same product
50) perfect exploit for hole
60) alert vendor about original hole
70) have fun with new hole
80) goto 40