Any number of reasonable things could have caused the patch to be missed, but you'd expect $250M spent over three years to provide a few more security processes beyond, "Fred forgot to apply the patch." The attackers were spreading through their systems over several months without detection.
Also, way to lead from behind. Every corporate officer I've met has shared one tenet with all others: they are responsible for everything that their team does, good and bad. If some employee several rungs down the corporate ladder fails, it's because the leadership above them failed to hire or train them correctly or put in the right processes.
AFAIK, seeking out child porn is a crime in and of itself. If so, this case is not comparable. Everyone visiting a child porn site is breaking the law. I doubt 1.3 million people rioted at the inauguration, though that would explain his obsession over the crowd size.
The FBI should scrape the public site, determine who was planning violence, and subpoena those IP addresses so they can track them down in meatspace. Y'know, actually investigate.
This overly-broad request for information is becoming a pattern. His voter suppression commission is requesting a ton of information that is irrelevant. These kinds of actions are what fuels gun owners' fears that the government is going to keep a list and come for their guns. Maybe that's his goal?
If you stick a bunch of toy blocks in front of a toddler, it will play with them and eventually teach itself to build more complex structures and games.
If you stick those same blocks in front of an algorithm trained to detect spam or optimize investments or drive a car, it won't do shit.
If you put them in front of a baby, it will eventually shit.
Snopes says that Pissgate is unproven. Do you disagree and instead believe the allegations of Russia blackmailing Trump have been verified? Interesting. You should call Fox & Friends!
All I can find on Snopes regarding Trump and Russia are articles debunkingfake news or reportingpublic tweets, something I'd think Trumpkins would find useful. Instead, you lump all news into fake news, even when it supports your position. You are your own worst enemy.
"It looks like the evidence doesn't support your arrest, and you're free to go."
"Lies! It's all damn lies and fake news!"
"Uh, sir? Are you confessing?"
But if you take the item with the original price sticker to checkout, and the person asks what price you would like to pay...
Either the shop owner is horrible at training and needs to sell the business if it hasn't gone under already, or they need to retrain/fire the clerk. No other store does this so I don't know why the clerk would think it reasonable.
Is that theft?
Of course not. The clerk asked you, and you answered. It was a dumb question to begin with and certainly not your fault.
But more importantly, who is at fault?
The shop owner is at fault for poor training or hiring an untrustworthy clerk. Given that I can think of no reason a clerk should think this a reasonable question to ask customers, it's probably their fault unless the shop keeper specifically trained them to do so. But if that's the case, obviously there is no problem as it was intended. Again, you'd be out of business as soon as word got out.
You argue the customer is at fault, for simply answering a question they were asked.
No, I don't that at all. The website isn't asking the customer how much they would like to pay. It's presenting the price to be paid (the sticker), and the customer is changing that price (with a counterfeit sticker), and the site is trusting that the price is the same as what it sent to the client. Most clerks would be trained to apply brain power to decide if the sticker is correct, and you'd be an idiot not to have your server do the same thing in 2017, something it could do with 100% accuracy and minimal development effort.
But that doesn't make it acceptable any more than applying counterfeit price stickers in a brick-and-mortar store would be.
I argue the customer is NOT at fault, again because there is no reason to expect a store to do this if that wasn't their intention.
Online stores have no expectation that their shopping cart will work the way they implemented it? That's a tough sell. Do you think they also expect their site navigation links to fail and their images not to load? If so, can you please email my boss and tell him that all those bug tickets the QA team submitted last week are invalid because we should have no expectation that our code works.
You're equating trusting that the data sent from the server was not altered by the client with a cashier ignoring the price stickers and asking every single customer what price they'd like to pay. Those simply aren't the same case—not even close. The end result may be the same, but that would apply to having the stocker attach the wrong prices to the products. I think we can both agree that would be the fault of the store owner or stocker, using the same reasoning I laid out above.
TFS makes it sound like you pay cash to buy tokens which you may hold or sell yourself for Ethereum, and at some point in the future, the company that sold them originally may decide to buy them back for Ethereum. Hold them if you think the company will go up in value faster than Ethereum or cash (and that the company won't let them get stolen); otherwise, sell them for Ethereum.
I agree that the SEC probably should be involved here.
Even worse, it sounds like the software was inserting ads into the Atom feeds it produced. You publish three new stories on your blog, but the feed has a fourth which is an ad for the software. It would be like gcc inserting display ads into your compiled application.
By that logic, shoplifting is not a crime. If a store is going to be stupid enough to just leave its wares lying unattended on the shelf with no security at the door, who are they to complain when I walk out with an armload without paying?
A prosecutor would be stupid to bring charges against this man, but this is technically hacking their system, even though he didn't penetrate it in the usual sense. The software worked perfectly well under normal circumstances, but he chose to tinker with the underlying data structures exposed by the browser. Of course, involving the police given that he sent an email explaining the problem and how to solve it was just asinine, and I hope they do something to compensate him for their overreaction.
This hack was akin to changing the price stickers on items in a store and then buying them for the lower price. Should the sales associate know the prices of everything in the store? For a small clothing store, sure, but for a giant place with hundreds of thousands of products like WalMart, that's a big ask.
Why do we in the U.S. disallow one but not the other?
Many of the laws were passed before the internet
I should have phrased that better. Obviously, those laws are older. I was responding to the OP's shock that Europe would pass this law when we have the same law in the offline world. My question should have been "Why hasn't the U.S. passed the same law given the similar offline law?"
But the fact remains that it is possible to find those answers even accidentally.
I'm unconcerned with accidental knowledge. It is not illegal to overhear that you're married at a job hunting mixer. It is illegal to seek that knowledge in an interview. Reading the newspaper is a normal activity. Searching for my social profile is not. If you come across it because we have friends in common, that's accidental.
I agree that you can't expect privacy. That doesn't mean you shouldn't be allowed to ever have it. When there are specific laws in one domain, it makes sense to apply them to other domains lest they become useless.
What if you share posts about ending the drug war or politics? If the HR person disagrees with your stance, they may not hire you. Is that acceptable? Those things won't affect your ability to do the job, but it gives an unscrupulous employer the opportunity to discriminate against you.
Or maybe you have a photo of you with your spouse of the same gender or a different race? Again, that person can now discriminate against you which would actually be illegal.
It's easy to avoid posting things that will obviously show you in a bad light like party photos or you drawing a dick on your passed-out friend's face. I still think you should be protected, but a lot of people probably side with you on that count.
The reason to disallow employers from poking their noses into your social life is discrimination. Some forms have legal protection while others do not. Better to just block the possibility.
There are a variety of personal questions that employers are barred from asking a candidate:
* How old are you?
* Are you married?
* Are you LGBTQ?
* Do you have kids?
* Do you own a car? (unless the job requires a personal vehicle)
That's just the tip of the iceberg. Yet the employer is free to look you up on social media and find the answers to many of those questions without your knowing. They can find even more personal details and possibly see who your friends are. This is way more invasive than the seemingly innocuous questions above.
Why do we in the U.S. disallow one but not the other?
I'm sure the first argument is that it's your own fault for posting publicly, but that would only make sense if you were shouting room the rooftops. The employer has to take specific action to view your social profiles. Similarly, if you blurt out, "I'm 37 and married with two kids," in the interview, that's on you. They still can't use that information to discriminate, but potential discrimination is the reason they can't ask themselves.
How is searching for your social profiles any different from asking probing questions?
By that logic, it's ARM, computer, and binary malware. Are all binary-based computers threatened? I don't think so. It could be ported, or you could set up your Linux PC to have the same common credentials, but the only Linux box that comes configured that way is the Pi.
Yes because when a Windows user purposefully executes malware and it takes over the system it's all Window's fault, but when a Linux user permits the same thing it's not Linux at all.
No, the reason this isn't Linux malware is that it only works on the Raspberry Pi with the default password. You could easily build a Windows-based version with the same flaw, but that wouldn't make it Windows malware. Your Windows malware example only requires Windows, making it Windows malware. This is Raspberry Pi (model A?) malware.
When people use the term Windows malware correctly, they mean malware that requires only a Windows host to function. You cannot deny that there are hundreds of malware programs that can infect a generic Windows install.
For the record, I use Windows and Linux for both work and play.
Just try to log into it with the default password. If you fail, the "exploit" in the article will fail too.
Don't forget, the first thing the malware does after gaining access is change the default password of the pi user. You can't tell being immune from already infected based solely on being able to log in.
Slashdot Mirror
Don't you mean nachos?
A notch is typically a rectangular cutout on one side of the screen to make room for front-facing cameras, physical buttons, etc.
The quoted description is a long way to say, "The top and bottom edges may each have a single notch."
Any number of reasonable things could have caused the patch to be missed, but you'd expect $250M spent over three years to provide a few more security processes beyond, "Fred forgot to apply the patch." The attackers were spreading through their systems over several months without detection.
Also, way to lead from behind. Every corporate officer I've met has shared one tenet with all others: they are responsible for everything that their team does, good and bad. If some employee several rungs down the corporate ladder fails, it's because the leadership above them failed to hire or train them correctly or put in the right processes.
That's the problem with Affirmative Action and Diversity hiring.
These aren't supposed to involve hiring unqualified people. It means that you make an effort to ensure a good mix of qualified people.
. . . in a sensory deprivation tank!
My guess is that the submitter/editor refers to the lack of online papers.
No, TFA alludes to the 60s being a decade of hallucinogenic drug exploration.
AFAIK, seeking out child porn is a crime in and of itself. If so, this case is not comparable. Everyone visiting a child porn site is breaking the law. I doubt 1.3 million people rioted at the inauguration, though that would explain his obsession over the crowd size.
The FBI should scrape the public site, determine who was planning violence, and subpoena those IP addresses so they can track them down in meatspace. Y'know, actually investigate.
This overly-broad request for information is becoming a pattern. His voter suppression commission is requesting a ton of information that is irrelevant. These kinds of actions are what fuels gun owners' fears that the government is going to keep a list and come for their guns. Maybe that's his goal?
Trump is merely looking for proof of his massive inauguration crowd size.
I am a responsible citizen and removed myself from voting roles every single time I died!
Snopes says the Russian collusion story hasn't been proven yet, but you disagree?
Got it. You're actually that obtuse.
If you stick a bunch of toy blocks in front of a toddler, it will play with them and eventually teach itself to build more complex structures and games.
If you stick those same blocks in front of an algorithm trained to detect spam or optimize investments or drive a car, it won't do shit.
If you put them in front of a baby, it will eventually shit.
Snopes says that Pissgate is unproven. Do you disagree and instead believe the allegations of Russia blackmailing Trump have been verified? Interesting. You should call Fox & Friends!
All I can find on Snopes regarding Trump and Russia are articles debunking fake news or reporting public tweets, something I'd think Trumpkins would find useful. Instead, you lump all news into fake news, even when it supports your position. You are your own worst enemy.
"It looks like the evidence doesn't support your arrest, and you're free to go."
"Lies! It's all damn lies and fake news!"
"Uh, sir? Are you confessing?"
But if you take the item with the original price sticker to checkout, and the person asks what price you would like to pay...
Either the shop owner is horrible at training and needs to sell the business if it hasn't gone under already, or they need to retrain/fire the clerk. No other store does this so I don't know why the clerk would think it reasonable.
Is that theft?
Of course not. The clerk asked you, and you answered. It was a dumb question to begin with and certainly not your fault.
But more importantly, who is at fault?
The shop owner is at fault for poor training or hiring an untrustworthy clerk. Given that I can think of no reason a clerk should think this a reasonable question to ask customers, it's probably their fault unless the shop keeper specifically trained them to do so. But if that's the case, obviously there is no problem as it was intended. Again, you'd be out of business as soon as word got out.
You argue the customer is at fault, for simply answering a question they were asked.
No, I don't that at all. The website isn't asking the customer how much they would like to pay. It's presenting the price to be paid (the sticker), and the customer is changing that price (with a counterfeit sticker), and the site is trusting that the price is the same as what it sent to the client. Most clerks would be trained to apply brain power to decide if the sticker is correct, and you'd be an idiot not to have your server do the same thing in 2017, something it could do with 100% accuracy and minimal development effort.
But that doesn't make it acceptable any more than applying counterfeit price stickers in a brick-and-mortar store would be.
I argue the customer is NOT at fault, again because there is no reason to expect a store to do this if that wasn't their intention.
Online stores have no expectation that their shopping cart will work the way they implemented it? That's a tough sell. Do you think they also expect their site navigation links to fail and their images not to load? If so, can you please email my boss and tell him that all those bug tickets the QA team submitted last week are invalid because we should have no expectation that our code works.
You're equating trusting that the data sent from the server was not altered by the client with a cashier ignoring the price stickers and asking every single customer what price they'd like to pay. Those simply aren't the same case—not even close. The end result may be the same, but that would apply to having the stocker attach the wrong prices to the products. I think we can both agree that would be the fault of the store owner or stocker, using the same reasoning I laid out above.
TFS makes it sound like you pay cash to buy tokens which you may hold or sell yourself for Ethereum, and at some point in the future, the company that sold them originally may decide to buy them back for Ethereum. Hold them if you think the company will go up in value faster than Ethereum or cash (and that the company won't let them get stolen); otherwise, sell them for Ethereum.
I agree that the SEC probably should be involved here.
I'm sure you can present plenty of links to stories mishandled in such a way.
Even worse, it sounds like the software was inserting ads into the Atom feeds it produced. You publish three new stories on your blog, but the feed has a fourth which is an ad for the software. It would be like gcc inserting display ads into your compiled application.
By that logic, shoplifting is not a crime. If a store is going to be stupid enough to just leave its wares lying unattended on the shelf with no security at the door, who are they to complain when I walk out with an armload without paying?
A prosecutor would be stupid to bring charges against this man, but this is technically hacking their system, even though he didn't penetrate it in the usual sense. The software worked perfectly well under normal circumstances, but he chose to tinker with the underlying data structures exposed by the browser. Of course, involving the police given that he sent an email explaining the problem and how to solve it was just asinine, and I hope they do something to compensate him for their overreaction.
This hack was akin to changing the price stickers on items in a store and then buying them for the lower price. Should the sales associate know the prices of everything in the store? For a small clothing store, sure, but for a giant place with hundreds of thousands of products like WalMart, that's a big ask.
They'd like their client-side shopping cart software back.
How does even the most novice developer not know that you can't trust anything from the client?
Why do we in the U.S. disallow one but not the other?
Many of the laws were passed before the internet
I should have phrased that better. Obviously, those laws are older. I was responding to the OP's shock that Europe would pass this law when we have the same law in the offline world. My question should have been "Why hasn't the U.S. passed the same law given the similar offline law?"
But the fact remains that it is possible to find those answers even accidentally.
I'm unconcerned with accidental knowledge. It is not illegal to overhear that you're married at a job hunting mixer. It is illegal to seek that knowledge in an interview. Reading the newspaper is a normal activity. Searching for my social profile is not. If you come across it because we have friends in common, that's accidental.
I agree that you can't expect privacy. That doesn't mean you shouldn't be allowed to ever have it. When there are specific laws in one domain, it makes sense to apply them to other domains lest they become useless.
What if you share posts about ending the drug war or politics? If the HR person disagrees with your stance, they may not hire you. Is that acceptable? Those things won't affect your ability to do the job, but it gives an unscrupulous employer the opportunity to discriminate against you.
Or maybe you have a photo of you with your spouse of the same gender or a different race? Again, that person can now discriminate against you which would actually be illegal.
It's easy to avoid posting things that will obviously show you in a bad light like party photos or you drawing a dick on your passed-out friend's face. I still think you should be protected, but a lot of people probably side with you on that count.
The reason to disallow employers from poking their noses into your social life is discrimination. Some forms have legal protection while others do not. Better to just block the possibility.
There are a variety of personal questions that employers are barred from asking a candidate:
* How old are you?
* Are you married?
* Are you LGBTQ?
* Do you have kids?
* Do you own a car? (unless the job requires a personal vehicle)
That's just the tip of the iceberg. Yet the employer is free to look you up on social media and find the answers to many of those questions without your knowing. They can find even more personal details and possibly see who your friends are. This is way more invasive than the seemingly innocuous questions above.
Why do we in the U.S. disallow one but not the other?
I'm sure the first argument is that it's your own fault for posting publicly, but that would only make sense if you were shouting room the rooftops. The employer has to take specific action to view your social profiles. Similarly, if you blurt out, "I'm 37 and married with two kids," in the interview, that's on you. They still can't use that information to discriminate, but potential discrimination is the reason they can't ask themselves.
How is searching for your social profiles any different from asking probing questions?
Meh, nevermind.
/bail
By that logic, it's ARM, computer, and binary malware. Are all binary-based computers threatened? I don't think so. It could be ported, or you could set up your Linux PC to have the same common credentials, but the only Linux box that comes configured that way is the Pi.
Yes because when a Windows user purposefully executes malware and it takes over the system it's all Window's fault, but when a Linux user permits the same thing it's not Linux at all.
No, the reason this isn't Linux malware is that it only works on the Raspberry Pi with the default password. You could easily build a Windows-based version with the same flaw, but that wouldn't make it Windows malware. Your Windows malware example only requires Windows, making it Windows malware. This is Raspberry Pi (model A?) malware.
When people use the term Windows malware correctly, they mean malware that requires only a Windows host to function. You cannot deny that there are hundreds of malware programs that can infect a generic Windows install.
For the record, I use Windows and Linux for both work and play.
Just try to log into it with the default password. If you fail, the "exploit" in the article will fail too.
Don't forget, the first thing the malware does after gaining access is change the default password of the pi user. You can't tell being immune from already infected based solely on being able to log in.