It's got one minor drawback. It can only receive signals. Good for broadcast, not so good for anything requiring two way communication, like pretty much everything except TV and radio.
For someone in the security community to not know the significance of sniffing SNMP traffic is quite sad. Having the community strings would give an attacker the ability to map out every device on the entire network. In some cases the right community strings would give them access to change the configuration of the routers, firewalls and switches on the network. SNMP v1 and v2 are not secure.
So if someone tricks a user into opening an HTML file they've downloaded, the scripts in that file should have access to every file on your filesystem?
You can't test anything to do with security if you're using file:// as the origin. You can't test cookies, you can't test http headers, you can't test cross-origin restrictions.
Are you really unable to run a local web server? Is it beyond your technical skill level? If so, please reconsider your choice on doing web development.
How does APK work with DNS over HTTPS https://blog.nightly.mozilla.o... ? Once this is enabled by default, it will bypass the operating system's DNS resolution, bypassing APK Host files.
Google don't have dedicated networks full of systems that blindly trust everything, as they're on "trusted networks". They have one massive network, with devices that are supposed to be secure.
Yes, any application that is running (background or foreground) with the clipboard permission in their manafest will have access to its contents. There's probably some intent they can register too, to be notified of clipboard events.
What the lobby groups behind this are after is wide ranging laws that make it illegal to use anything containing a computer for anything other than its intended purpose. Presumably the purpose intended by the manufacturer, not the owner or end user of the product.
One of the 12 temperature sensors in your MacBook is faulty? Sorry, you can't run 3rd party software to make the system ignore it. You must accept it running at the absolute slowest speed, or have an Authorised Apple Repair Agent replace the entire motherboard for $1000. Say goodbye to the data on that soldered on SSD.
They're starting a narrative about a loophole in the laws for criminals to get away with violating the core of democracy and taking away your votes.
Next step will be to introduce more restrictive, wide reaching laws. Probably along the lines of "it's illegal to use any computer system for any reason but its intended purpose".
Finally, John Deere et. all will use the new laws to sue 3rd party repair agents and prosecute anyone who attempts to install "unintended" software on their products or work around restrictions they've put in place..
If you don't like how they've implemented it, you can just not use the feature as it's entirely optional.
You obviously don't trust Google with unencrypted data, yet you're willing to copy your private keys to the system clipboard on your Android device. That's going to give all apps on your phone access to your private keys. Clipboard monitoring is a permission all apps are given. I have a download manager on my phone, it monitors the clipboard for URLs. There is nothing in the list of permissions to disable its clipboard access.
While you can disable clipboard access for any app, it's not easy. android.permission.READ_CLIPBOARD is auto-granted to any app that requests it and only a few custom roms allow you to control it.
Because WhatsApp doesn't hold the key. The private key is only stored on your phone. You can't restore a backup if you've lost your key. Storing the messages encrypted would render the backup useless if you lost your phone or factory reset it..
A 32GB Asus Transformer barely fits Windows 10 and a few kids games on it. It was extremely painful to install the Creators Update, as there wasn't enough free space.
Not only is the bootloader unlockable, it's also opensource. You're not restricted in any way with what you can do with the hardware. You just won't get any more automatic Chrome OS updates. coreboot source: https://chromium.googlesource.... uboot source: https://chromium.googlesource....
Name another laptop manufacturer with entirely open source boot code.
You XP machine hasn't been getting automatic updates for 9 years now. These Chromebooks will still continue to function, they just won't get automatic updates. They also provide instructions on how to install Linux.
Slashdot Mirror
If only Futurama was invented 100 years ago when they figured that shit out.
It's got one minor drawback.
It can only receive signals.
Good for broadcast, not so good for anything requiring two way communication, like pretty much everything except TV and radio.
Sony ends its repair service for Playstation 2 5 years after selling it.
For someone in the security community to not know the significance of sniffing SNMP traffic is quite sad.
Having the community strings would give an attacker the ability to map out every device on the entire network. In some cases the right community strings would give them access to change the configuration of the routers, firewalls and switches on the network. SNMP v1 and v2 are not secure.
Here's one example, the first google result I got when I searched "firefox exploit access local files"
https://blog.mozilla.org/secur...
Would this have been an exploit if Firefox had locked down local file access?
Here's another one, reported to the tor project, which was using Firefox
https://hackerone.com/reports/...
A hero who will sell out to anyone, like Kim Dotcom.
Or they'll just enjoy having a 5x lower murder rate than USA.
What about when they've got a warrant or probably cause and they come while you're not home?
So if someone tricks a user into opening an HTML file they've downloaded, the scripts in that file should have access to every file on your filesystem?
You can't test anything to do with security if you're using file:// as the origin. You can't test cookies, you can't test http headers, you can't test cross-origin restrictions.
Are you really unable to run a local web server? Is it beyond your technical skill level? If so, please reconsider your choice on doing web development.
How do you test HTTP header configuration with file:// ?
How does APK work with DNS over HTTPS https://blog.nightly.mozilla.o... ?
Once this is enabled by default, it will bypass the operating system's DNS resolution, bypassing APK Host files.
Google don't have dedicated networks full of systems that blindly trust everything, as they're on "trusted networks".
They have one massive network, with devices that are supposed to be secure.
Yes, any application that is running (background or foreground) with the clipboard permission in their manafest will have access to its contents. There's probably some intent they can register too, to be notified of clipboard events.
Isn't the proper word "itâ(TM)s" ?
If you kill -9 their process, that isn't murder.
What the lobby groups behind this are after is wide ranging laws that make it illegal to use anything containing a computer for anything other than its intended purpose. Presumably the purpose intended by the manufacturer, not the owner or end user of the product.
One of the 12 temperature sensors in your MacBook is faulty? Sorry, you can't run 3rd party software to make the system ignore it. You must accept it running at the absolute slowest speed, or have an Authorised Apple Repair Agent replace the entire motherboard for $1000. Say goodbye to the data on that soldered on SSD.
They're starting a narrative about a loophole in the laws for criminals to get away with violating the core of democracy and taking away your votes.
Next step will be to introduce more restrictive, wide reaching laws. Probably along the lines of "it's illegal to use any computer system for any reason but its intended purpose".
Finally, John Deere et. all will use the new laws to sue 3rd party repair agents and prosecute anyone who attempts to install "unintended" software on their products or work around restrictions they've put in place..
If you don't like how they've implemented it, you can just not use the feature as it's entirely optional.
You obviously don't trust Google with unencrypted data, yet you're willing to copy your private keys to the system clipboard on your Android device.
That's going to give all apps on your phone access to your private keys. Clipboard monitoring is a permission all apps are given.
I have a download manager on my phone, it monitors the clipboard for URLs. There is nothing in the list of permissions to disable its clipboard access.
While you can disable clipboard access for any app, it's not easy. android.permission.READ_CLIPBOARD is auto-granted to any app that requests it and only a few custom roms allow you to control it.
Don't forget Retardistan
Because WhatsApp doesn't hold the key. The private key is only stored on your phone. You can't restore a backup if you've lost your key.
Storing the messages encrypted would render the backup useless if you lost your phone or factory reset it..
More like What would you expect? Your backup is there if you lose your data on your phone, including the encryption key.
If you've lost the encryption key, an encrypted backup is completely useless.
You should be fine with any A1 rated SD card.
A 32GB Asus Transformer barely fits Windows 10 and a few kids games on it.
It was extremely painful to install the Creators Update, as there wasn't enough free space.
Windows, no, why would you want to install Windows on a 32GB SSD?
Linux, yes.
Friendly guide: https://www.servethehome.com/g...
Google instructions: https://www.chromium.org/a/chr...
Many flavours of Linux run on it.
Here's the latest Ubuntu https://www.servethehome.com/g...
Not only is the bootloader unlockable, it's also opensource.
You're not restricted in any way with what you can do with the hardware. You just won't get any more automatic Chrome OS updates.
coreboot source: https://chromium.googlesource....
uboot source: https://chromium.googlesource....
Name another laptop manufacturer with entirely open source boot code.
You XP machine hasn't been getting automatic updates for 9 years now.
These Chromebooks will still continue to function, they just won't get automatic updates.
They also provide instructions on how to install Linux.