This particular troll listens to Glenn Beck, who invented the meaningless phrase "useful idiot". This is a particularly vile kind of troll.
As much as I hate Glenn Beck (and Fox News in general), this is not true. The phrase is a reference to Stalin, who referred to communist sympathizers in the USA as "useful idiots," recognizing both that they served a purpose for him and that they were morons for wanting wealth redistribution while members of the wealthiest nation in the world. So essentially, every time Beck used that phrase, he was associating the people he was insulting with communism, but in a way that wasn't easily called out and discredited based on, well...facts.
Also, given Google's propensity for dropping features without much pretext...
They have the temerity to change the software that they provide to the world for free without asking permission from you first? God, the BALLS on those Google people!
But all that aside, given that I see some recommendations for alternate (but similar) options besides Google listed above, I have a caveat. Bear in mind that any and all software/services provided on a free basis contain two potential issues: one, the product is you...and two, they may change the nature of said software/services at their discretion without warning or so much as a requirements document from you.
..on a smart phone like the iPhone. Use the gyros/accelerometers, make the user draw randomly on the screen, maybe use random info like wifi network names currently available, generate random info based on images on the phone, etc. etc. Plenty of data/means available to create the entropy needed.
Easy, but not necessarily a good idea. Picture this threat case:
Attacker has iPhone they wish to compromise. Disassemble, remove gyro, replace with appropriate component (resistor, perhaps?) to generate a steady, predictable outcome. Random seed is no longer entropic, PRNG ends up following suit.
So, to counter that, you could do entropy analysis on the incoming entropy, right? Uh oh...then your iOS boot sequence consequentially develops a dependency: if the gyro doesn't function (or the phone is very still) the phone won't even boot. PLUS you've now had to build all this functionality just to query the gyro/accelerometer into your boot-level code, along with the entropy analysis. At some point, you need to back off from packing lots of stuff into what is effectively the BIOS.
The PRNG in iOS plays a major role in everything, starting with the boot chain. So it's a bit of a challenge.
So "this one is deterministic" seems like a weak complaint.
This is essentially what makes them PRNGs instead of RNGs.
True...but that's by unavoidable effect, not by intent. The intention is to be as far from deterministic as possible...you can't help but be deterministic, as evinced by the classic "living in a state of sin" quote, but you can make it difficult for another person to predict that deterministic outcome. And apparently the PRNG fails, in this case. So the real goal is for a PRNG to have a very small value for the "P", so that the RNG part is bigger. (At least that's how I would explain it to a 5-year-old or someone with a Ph.D. in something other than CS, engineering or mathematics.)
Because the PRNG is used at a very low level; as such, it is unique to the hardware platform and the OS as well. You can't code it with a high-level language, as it even affects components of the boot process itself (in the case of iOS, that is...see Dallas de Atley's talk at BlackHat 2012 for some insight into this). So, you need separate PRNGs for the A4/A5/A6 line, the ARM, x86, ia64, etc. You can't just have one code library and use it across platforms, because you're using instruction sets that are unique to the processor. And when the processor is proprietary, so will be the PRNG.
It would be a delicious irony if people were able to recover some of their lost value due to government regulations.
You mean like what would have happened if they were regulated like a real bank?
Just a few months ago, when there was talk of regulating exchanges like these, there was an uproar. I didn't think that the reasons for regulatory oversight would have made themselves apparent so quickly, to be honest. Just the fact that nobody can be sure whether Mt. Gox got ripped off or ripped people off is one reason alone.
I totally get that there are benefits to a truly untraceable, anonymous currency. But to those who oppose regulation for the simple fact that it's the government getting involved, I would advise taking a look at what happened to the banking industry back in the 1920s and early 1930s before making claims that it's all bad.
That may be so, and perhaps they find some other place better to shop, but my sister shops there regularly, and is gluten intolerant (celiac).
P.S.: If they DON'T have gluten free bacon, why not? I could understand it not being sugar free, as I believe most bacon is cured with sugar, but I don't see any reason that it should contain gluten, unless all their bacon is cured with soy sauce or some such. (It definitely doesn't need to be.)
P.P.S: Yes, berating the clerk over this is unjust. But perhaps the manager needs to be asked. (Politely will probably get a better response.)
That was my point...gluten-free bacon is like gluten-free aluminum foil. It's inherently gluten-free to begin with. There's no reason to ask the manager, there's just good reason to learn about what you're eating in the first place. The person was way, way past the point of seeking reasonable solutions to real problems and was out in the stratosphere of making shit up in her mind to be upset about. Unfortunately, there seem to be more and more people like this...getting aggressive in restaurants about gluten in the dishes, making a scene at grocery stores, etc...and I believe two things about them. One, relatively few of them actually have a major problem with gluten. And two, they are making a mess of things for the more sane people who *do* have a real problem with gluten. For every drama-queen gluten-attention-whore I see, I may see 2, 10, 100 well-behaved people with gluten sensitivity/intolerance/allergies but who I don't know are those people because they aren't assholes about it..so my perception becomes all about the screaming lunatic. And as often as not, when I have prolonged contact with the lunatics, I happen to notice that they love pizza and seem to suffer no ill effects from it, which adds a whole other layer to the mess.
Go to Safeway or any other supermarket and take a look around. Or do you really think that post cereals promote heart health? Hell, it took a law suite to stop "vitamin" water from claiming health benefits from their sugar water.
Bingo.
I go to Whole Foods regularly...but I don't give a shit about whether something is "organic". The produce is better, for the most part...both in diversity and in quality. The meat...holy balls, the MEAT...it's incredibly tasty. I don't get the grass fed beef (I find it tough) but the regular stuff. Yes, it's expensive, but if you want a NY strip that's literally almost 2 inches thick and will taste better than what you can find at most restaurants, Whole Foods is the place. Oh, and yes...we are yuppie DINK scum with both foodie inclinations and the money to indulge them...and for that Whole Foods is like a playground.
On the other hand, things like sugar, aluminum foil, paper products...we get those at Giant. I don't feel like paying extra just to have my paper towels be gluten free. (Yes, that's an exaggeration, but just barely.) But that brings to mind another thing...if you're gluten-sensitive, gluten-intolerant, allergic to gluten, or just one of those assholes who thinks that gluten is like eating AIDS, Whole Foods is a much better place to look. Though it does get out of hand sometimes; I watched a woman go totally nuts at a guy in the beer and wine section (diagonally opposite from the meat section within the store) over the fact that they didn't carry (I shit you not) "gluten-free bacon." Which of course leads into the fact that Whole Foods caters to that niche for the self-entitled, of which that screaming cunt is just one excellent example.
But yeah...try their steak sometime. WOW, is it good:)
Re:You have violated copyright by posting this.
on
Star Trek Economics
·
· Score: 1
And 5 quatloos, oh damn I dated myself.
Well, at least you got a date. That puts you ahead of many trekkies...
You are correct that cryptography is not a cure-all to all problems, however, your post goes irrevocably wrong immediately after that. HSM and TPM chips are quite secure and well established. The example problems you suggest are in no way relevant to the conversation at hand since they deal with an entirely different use case of security. As dmbasso was kind enough to point out, I am referring to the use of asymmetric cryptography to allow secure validation of a private key being held remotely. Such cryptography is used all the time (any time you use an HTTPS page) to prove the exact same thing.
The device merely has to hold the a public key for which the legitimate owner (or the vendor) has the private key. If the device is stolen and locked, it is trivial for an HSM to prevent unlock without the private key. It may be possible to circumvent the kill switch by yanking the HSM, but such an operation would likely exceed the black market cost of the majority of phones as it involves painstaking processes such as removing the silicon one layer at a time with a very carefully applied acid bath, and even then, the write once public key address space would be just as secure as any write once kill switch flag that could be implemented.
To prevent re-activation of the kill switch itself (rather than the recovery mechanism) the switch could be tied in hardware to a similar challenge response against a private key held in the device's HSM. To "kill" the device, this private key would be wiped, preventing the device from starting. To re-initialize it, the private device key would be restored by looking for a key signed by the owner's private key.
This is a simple to implement and highly secure system that would be cost prohibitive to work around and also could use available, near off the shelf components to implement.
Do you have any idea how profoundly ungainly this is? First of all, you're talking about a set of keys that is over a thousand times that of all the SSL key pairs in existence.
Then...who issues the keys, and how do you secure them? (Exhibit 1: problems with forged certs from insecure CAs)
How do you revoke that authority if necessary? (Exhibit 2: problems discovered by the military as they contemplated DNS servers running DNSSEC in combat zones where they could be overrun and captured).
How do you know which kill switch cert goes with which device? (Exhibit 3: AMI meter deployment problems where the meters were mis-deployed, causing incorrect billing attribution)
Finally: How much will this cost...to stand up an unprecedentedly large PKI infrastructure, the governance around who would own/manage it, to license the tech (patents abound with TPM) and to incorporate it.
Look into the NISTIR 7628 guidance from NIST and you will get a brief glimpse into the horrors of incorporating PKI into a group of devices that numbers tens of millions. It's not simple. For further info, look up the comments by Annabelle Lee on the topic.
I have less of a problem if they make it a kill switch that can be cryptographically turned off by the manufacturer after verifying the purchaser or even with some kind of a special key that you get with the purchase and keep at home. It should also be something that can be turned off by the end user.
If you can ensure that it can be reverted securely when triggered and can be prevented from triggering by the legit user (possibly using the same mechanism as unlocking a locked device) then I don't see a problem with it, but without those two caveats, there are so, so many thing that could go wrong.
I love this..."crypto," the magic "c" word that makes everything secure just by talking about it. In reality, it's not quite that simple. Authentication in Windows, for example, works like what you just described...and yet look at the flaws in NTLM and NTLMv2 authentication that turned up. That covers over a decade of time, before MS adopted Kerberos. Then, to that, add all the vulnerabilities in the software that governs authentication...I've lost track of how many times LSASS has been patched.
And yes, I hear it now...the retort: "But that's Microsoft! They suck at security!" Maybe, maybe not, but the fact that they also dominate the desktop space should be a warning that you have to consider: functionality to be placed in ubiquitous consumer devices may not have the world's best security controlling them. And that is just a simple empirical fact as demonstrated by the recent past and current reality.
The only thing competition does is to create monopolies, since the whole point of competition is to eliminate competitors.
"This word you keep using...I do not think it means what you think it means" -Inigo Montoya
Competition does not lead to monopolies. Competition and monopoly are literally antonyms; they are the opposite of one another. So let me ask you this...if not competition, what would you propose to prevent a monopoly?
I'm not an IT person, but weren't there a few companies that tried this crap wwaayy back when? I seem to remember them all failing miserably.
Actually and unfortunately, most hardware manufacturing companies do this. Cisco does this, for example. Software companies are less likely to do it, but a lot of them do it as well. When I look at my clients and tick off the list of vendors that are in their environments, only Microsoft and Oracle seem to provide access to updates for free.
Everyone seems to be ignoring the most important thing: WHY. The CFPB is a fairly new and rather aggressive consumer protection agency. They are seeking patterns of abuse by the credit industry, particularly around the practice of deliberately depressing FICO scores for a band of consumers with less-than-stellar credit risk but also not-the-end-of-the-world credit risk. This group is also known as the middle class. To do this, statistical information is needed about the FICO scores and credit history of the lower, middle, and upper class. How else will they be able to discern, describe and prove such a thing?
This was like someone going to a Hindu place of worship and trying to serve prime rib. Would you be impressed?
I would be impressed, and even more so f they pulled if off. Hindus aren't so ignorant to demand everyone else believe their beliefs, or live their life styles. You are more likely Steakhouses in India than Bacon in Saudi Arabia.
Uh...wow, are you ignorant. Go to India sometime and then tell me how likely you are to see a steakhouse in a Hindu temple. What a dumbass.
Tech/computer specialists isn't something that is field specific. Any well rounded programmer/engineer can move from industry to industry with relative ease, in fact its pretty much a job requirement to be able to get in, get up to speed, and get productive. Its what we do.
Are Database Administrators some how different in hospitals than in power plants?
For any given sub-discipline, the job is largely the same everywhere.
When it comes to a predefined solution for compliance, portability is a major problem. You're confusing people with offerings. A chef can move between a steak house and a vegetarian restaurant with only minor training; the menu, however, cannot. This was like someone going to a Hindu place of worship and trying to serve prime rib. Would you be impressed?
SecureState...ah, those guys. They don't seem to quite "get it." For example, they were hyping their services, in terms of benefits towards HIPAA compliance...on a LinkedIn group that was explicitly and specifically focused (and named) on NERC compliance. HIPAA is health care, NERC is power grid. Not only totally different compliance regimes, but totally different industries as well. And the regulations don't even share much commonality: HIPAA puts the main focus on privacy while NERC doesn't even mention the word (or any synonym of the word). But everyone's career has a few "stepping stone" jobs, and it can be a golden opportunity to be the smart one among a field of twits.
This concept...the viability of a business model defined by "if X% of Y population buys this for $Z" is so classically suicidal that it is literally taught in management 101 in college as one of the most sure-fire signs that a business will fail. It is called "Chinese Marketing," as a lot of early examples involved pipe dreams of how much profit could be had with even modest market penetration within the Chinese population. Such a simplistic approach fails to take into account many things:
-how long it may take to reach that level of penetration -currency valuation challenges -IP law differences between countries -how many of the world's online population has access to sufficiently high bandwidth -how many of the world's online population has their own computer (as opposed to just using an Internet cafe...substantially increasing the cost of subscribing to those potential customers who are on the margins of affordability) -who would be the clearing house/sole distribution provider that would distribute all of the movies on behalf of every movie company
The model falls apart quickly when you take these factors into account, and I am sure there are at least a few more that I don't even know about.
He isn't decrypting the traffic; he's just able to pull the raw packets from the air and express then, still encrypted, as data. And for BTLE, he isn't even able to do that, as he can't manage the frequency agility. So he isn't even seeing the encrypted data, just the BT advertisements...which you can already do with a variety of tools (bluetoothscan, bluelog, etc.) and a cheap BT dongle with greater range than the setup he has put together.
It's a clever kluge for capturing and reading 2.4 GHz traffic with a sub-2.2 GHz device on the cheap but it's not really meaningful from a security perspective.
Slashdot Mirror
You fucking idiot. You 'useful idiot', more like.
This particular troll listens to Glenn Beck, who invented the meaningless phrase "useful idiot". This is a particularly vile kind of troll.
As much as I hate Glenn Beck (and Fox News in general), this is not true. The phrase is a reference to Stalin, who referred to communist sympathizers in the USA as "useful idiots," recognizing both that they served a purpose for him and that they were morons for wanting wealth redistribution while members of the wealthiest nation in the world. So essentially, every time Beck used that phrase, he was associating the people he was insulting with communism, but in a way that wasn't easily called out and discredited based on, well...facts.
Maybe try getting professional help? Instead of asking Slashdot? Just saying.
Isn't finding out who made the threats. Where can we find the Furry porn?
Find a local LARP and ask around. They'll know.
They have the temerity to change the software that they provide to the world for free without asking permission from you first? God, the BALLS on those Google people!
But all that aside, given that I see some recommendations for alternate (but similar) options besides Google listed above, I have a caveat. Bear in mind that any and all software/services provided on a free basis contain two potential issues: one, the product is you...and two, they may change the nature of said software/services at their discretion without warning or so much as a requirements document from you.
"I am a beautiful and unique snowflake because of the poetry of my code."
..on a smart phone like the iPhone. Use the gyros/accelerometers, make the user draw randomly on the screen, maybe use random info like wifi network names currently available, generate random info based on images on the phone, etc. etc. Plenty of data/means available to create the entropy needed.
Easy, but not necessarily a good idea. Picture this threat case:
Attacker has iPhone they wish to compromise. Disassemble, remove gyro, replace with appropriate component (resistor, perhaps?) to generate a steady, predictable outcome. Random seed is no longer entropic, PRNG ends up following suit.
So, to counter that, you could do entropy analysis on the incoming entropy, right? Uh oh...then your iOS boot sequence consequentially develops a dependency: if the gyro doesn't function (or the phone is very still) the phone won't even boot. PLUS you've now had to build all this functionality just to query the gyro/accelerometer into your boot-level code, along with the entropy analysis. At some point, you need to back off from packing lots of stuff into what is effectively the BIOS.
The PRNG in iOS plays a major role in everything, starting with the boot chain. So it's a bit of a challenge.
So "this one is deterministic" seems like a weak complaint.
This is essentially what makes them PRNGs instead of RNGs.
True...but that's by unavoidable effect, not by intent. The intention is to be as far from deterministic as possible...you can't help but be deterministic, as evinced by the classic "living in a state of sin" quote, but you can make it difficult for another person to predict that deterministic outcome. And apparently the PRNG fails, in this case. So the real goal is for a PRNG to have a very small value for the "P", so that the RNG part is bigger. (At least that's how I would explain it to a 5-year-old or someone with a Ph.D. in something other than CS, engineering or mathematics.)
Because the PRNG is used at a very low level; as such, it is unique to the hardware platform and the OS as well. You can't code it with a high-level language, as it even affects components of the boot process itself (in the case of iOS, that is...see Dallas de Atley's talk at BlackHat 2012 for some insight into this). So, you need separate PRNGs for the A4/A5/A6 line, the ARM, x86, ia64, etc. You can't just have one code library and use it across platforms, because you're using instruction sets that are unique to the processor. And when the processor is proprietary, so will be the PRNG.
It would be a delicious irony if people were able to recover some of their lost value due to government regulations.
You mean like what would have happened if they were regulated like a real bank?
Just a few months ago, when there was talk of regulating exchanges like these, there was an uproar. I didn't think that the reasons for regulatory oversight would have made themselves apparent so quickly, to be honest. Just the fact that nobody can be sure whether Mt. Gox got ripped off or ripped people off is one reason alone.
I totally get that there are benefits to a truly untraceable, anonymous currency. But to those who oppose regulation for the simple fact that it's the government getting involved, I would advise taking a look at what happened to the banking industry back in the 1920s and early 1930s before making claims that it's all bad.
There goes your odds of getting much in the way of help from this crowd...
That may be so, and perhaps they find some other place better to shop, but my sister shops there regularly, and is gluten intolerant (celiac).
P.S.: If they DON'T have gluten free bacon, why not? I could understand it not being sugar free, as I believe most bacon is cured with sugar, but I don't see any reason that it should contain gluten, unless all their bacon is cured with soy sauce or some such. (It definitely doesn't need to be.)
P.P.S: Yes, berating the clerk over this is unjust. But perhaps the manager needs to be asked. (Politely will probably get a better response.)
That was my point...gluten-free bacon is like gluten-free aluminum foil. It's inherently gluten-free to begin with. There's no reason to ask the manager, there's just good reason to learn about what you're eating in the first place. The person was way, way past the point of seeking reasonable solutions to real problems and was out in the stratosphere of making shit up in her mind to be upset about. Unfortunately, there seem to be more and more people like this...getting aggressive in restaurants about gluten in the dishes, making a scene at grocery stores, etc...and I believe two things about them. One, relatively few of them actually have a major problem with gluten. And two, they are making a mess of things for the more sane people who *do* have a real problem with gluten. For every drama-queen gluten-attention-whore I see, I may see 2, 10, 100 well-behaved people with gluten sensitivity/intolerance/allergies but who I don't know are those people because they aren't assholes about it..so my perception becomes all about the screaming lunatic. And as often as not, when I have prolonged contact with the lunatics, I happen to notice that they love pizza and seem to suffer no ill effects from it, which adds a whole other layer to the mess.
Go to Safeway or any other supermarket and take a look around. Or do you really think that post cereals promote heart health? Hell, it took a law suite to stop "vitamin" water from claiming health benefits from their sugar water.
Bingo.
I go to Whole Foods regularly...but I don't give a shit about whether something is "organic". The produce is better, for the most part...both in diversity and in quality. The meat...holy balls, the MEAT...it's incredibly tasty. I don't get the grass fed beef (I find it tough) but the regular stuff. Yes, it's expensive, but if you want a NY strip that's literally almost 2 inches thick and will taste better than what you can find at most restaurants, Whole Foods is the place. Oh, and yes...we are yuppie DINK scum with both foodie inclinations and the money to indulge them...and for that Whole Foods is like a playground.
On the other hand, things like sugar, aluminum foil, paper products...we get those at Giant. I don't feel like paying extra just to have my paper towels be gluten free. (Yes, that's an exaggeration, but just barely.) But that brings to mind another thing...if you're gluten-sensitive, gluten-intolerant, allergic to gluten, or just one of those assholes who thinks that gluten is like eating AIDS, Whole Foods is a much better place to look. Though it does get out of hand sometimes; I watched a woman go totally nuts at a guy in the beer and wine section (diagonally opposite from the meat section within the store) over the fact that they didn't carry (I shit you not) "gluten-free bacon." Which of course leads into the fact that Whole Foods caters to that niche for the self-entitled, of which that screaming cunt is just one excellent example.
But yeah...try their steak sometime. WOW, is it good :)
And 5 quatloos, oh damn I dated myself.
Well, at least you got a date. That puts you ahead of many trekkies...
You are correct that cryptography is not a cure-all to all problems, however, your post goes irrevocably wrong immediately after that. HSM and TPM chips are quite secure and well established. The example problems you suggest are in no way relevant to the conversation at hand since they deal with an entirely different use case of security. As dmbasso was kind enough to point out, I am referring to the use of asymmetric cryptography to allow secure validation of a private key being held remotely. Such cryptography is used all the time (any time you use an HTTPS page) to prove the exact same thing.
The device merely has to hold the a public key for which the legitimate owner (or the vendor) has the private key. If the device is stolen and locked, it is trivial for an HSM to prevent unlock without the private key. It may be possible to circumvent the kill switch by yanking the HSM, but such an operation would likely exceed the black market cost of the majority of phones as it involves painstaking processes such as removing the silicon one layer at a time with a very carefully applied acid bath, and even then, the write once public key address space would be just as secure as any write once kill switch flag that could be implemented.
To prevent re-activation of the kill switch itself (rather than the recovery mechanism) the switch could be tied in hardware to a similar challenge response against a private key held in the device's HSM. To "kill" the device, this private key would be wiped, preventing the device from starting. To re-initialize it, the private device key would be restored by looking for a key signed by the owner's private key.
This is a simple to implement and highly secure system that would be cost prohibitive to work around and also could use available, near off the shelf components to implement.
Do you have any idea how profoundly ungainly this is? First of all, you're talking about a set of keys that is over a thousand times that of all the SSL key pairs in existence.
Then...who issues the keys, and how do you secure them? (Exhibit 1: problems with forged certs from insecure CAs)
How do you revoke that authority if necessary? (Exhibit 2: problems discovered by the military as they contemplated DNS servers running DNSSEC in combat zones where they could be overrun and captured).
How do you know which kill switch cert goes with which device? (Exhibit 3: AMI meter deployment problems where the meters were mis-deployed, causing incorrect billing attribution)
Finally: How much will this cost...to stand up an unprecedentedly large PKI infrastructure, the governance around who would own/manage it, to license the tech (patents abound with TPM) and to incorporate it.
Look into the NISTIR 7628 guidance from NIST and you will get a brief glimpse into the horrors of incorporating PKI into a group of devices that numbers tens of millions. It's not simple. For further info, look up the comments by Annabelle Lee on the topic.
I have less of a problem if they make it a kill switch that can be cryptographically turned off by the manufacturer after verifying the purchaser or even with some kind of a special key that you get with the purchase and keep at home. It should also be something that can be turned off by the end user.
If you can ensure that it can be reverted securely when triggered and can be prevented from triggering by the legit user (possibly using the same mechanism as unlocking a locked device) then I don't see a problem with it, but without those two caveats, there are so, so many thing that could go wrong.
I love this..."crypto," the magic "c" word that makes everything secure just by talking about it. In reality, it's not quite that simple. Authentication in Windows, for example, works like what you just described...and yet look at the flaws in NTLM and NTLMv2 authentication that turned up. That covers over a decade of time, before MS adopted Kerberos. Then, to that, add all the vulnerabilities in the software that governs authentication...I've lost track of how many times LSASS has been patched.
And yes, I hear it now...the retort: "But that's Microsoft! They suck at security!" Maybe, maybe not, but the fact that they also dominate the desktop space should be a warning that you have to consider: functionality to be placed in ubiquitous consumer devices may not have the world's best security controlling them. And that is just a simple empirical fact as demonstrated by the recent past and current reality.
"This word you keep using...I do not think it means what you think it means" -Inigo Montoya
Competition does not lead to monopolies. Competition and monopoly are literally antonyms; they are the opposite of one another. So let me ask you this...if not competition, what would you propose to prevent a monopoly?
... they sure as hell will now.
I'm not an IT person, but weren't there a few companies that tried this crap wwaayy back when? I seem to remember them all failing miserably.
Actually and unfortunately, most hardware manufacturing companies do this. Cisco does this, for example. Software companies are less likely to do it, but a lot of them do it as well. When I look at my clients and tick off the list of vendors that are in their environments, only Microsoft and Oracle seem to provide access to updates for free.
Everyone seems to be ignoring the most important thing: WHY. The CFPB is a fairly new and rather aggressive consumer protection agency. They are seeking patterns of abuse by the credit industry, particularly around the practice of deliberately depressing FICO scores for a band of consumers with less-than-stellar credit risk but also not-the-end-of-the-world credit risk. This group is also known as the middle class. To do this, statistical information is needed about the FICO scores and credit history of the lower, middle, and upper class. How else will they be able to discern, describe and prove such a thing?
Stop falling for the PR plant, everyone.
This was like someone going to a Hindu place of worship and trying to serve prime rib. Would you be impressed?
I would be impressed, and even more so f they pulled if off. Hindus aren't so ignorant to demand everyone else believe their beliefs, or live their life styles. You are more likely Steakhouses in India than Bacon in Saudi Arabia.
Uh...wow, are you ignorant. Go to India sometime and then tell me how likely you are to see a steakhouse in a Hindu temple. What a dumbass.
Where were you really going with this ramble?
Tech/computer specialists isn't something that is field specific. Any well rounded programmer/engineer can move from industry to industry with relative ease, in fact its pretty much a job requirement to be able to get in, get up to speed, and get productive. Its what we do.
Are Database Administrators some how different in hospitals than in power plants?
For any given sub-discipline, the job is largely the same everywhere.
When it comes to a predefined solution for compliance, portability is a major problem. You're confusing people with offerings. A chef can move between a steak house and a vegetarian restaurant with only minor training; the menu, however, cannot. This was like someone going to a Hindu place of worship and trying to serve prime rib. Would you be impressed?
SecureState...ah, those guys. They don't seem to quite "get it." For example, they were hyping their services, in terms of benefits towards HIPAA compliance...on a LinkedIn group that was explicitly and specifically focused (and named) on NERC compliance. HIPAA is health care, NERC is power grid. Not only totally different compliance regimes, but totally different industries as well. And the regulations don't even share much commonality: HIPAA puts the main focus on privacy while NERC doesn't even mention the word (or any synonym of the word). But everyone's career has a few "stepping stone" jobs, and it can be a golden opportunity to be the smart one among a field of twits.
...a familiar lifestyle for people from third-world countries with high crime, corrupt cops and crumbling infrastructure.
I'm just glad that Kanye West doesn't follow news of pretty much any sort. I dread the sort of music that would be inspired by a "pussy tornado."
This concept...the viability of a business model defined by "if X% of Y population buys this for $Z" is so classically suicidal that it is literally taught in management 101 in college as one of the most sure-fire signs that a business will fail. It is called "Chinese Marketing," as a lot of early examples involved pipe dreams of how much profit could be had with even modest market penetration within the Chinese population. Such a simplistic approach fails to take into account many things:
-how long it may take to reach that level of penetration
-currency valuation challenges
-IP law differences between countries
-how many of the world's online population has access to sufficiently high bandwidth
-how many of the world's online population has their own computer (as opposed to just using an Internet cafe...substantially increasing the cost of subscribing to those potential customers who are on the margins of affordability)
-who would be the clearing house/sole distribution provider that would distribute all of the movies on behalf of every movie company
The model falls apart quickly when you take these factors into account, and I am sure there are at least a few more that I don't even know about.
He isn't decrypting the traffic; he's just able to pull the raw packets from the air and express then, still encrypted, as data. And for BTLE, he isn't even able to do that, as he can't manage the frequency agility. So he isn't even seeing the encrypted data, just the BT advertisements...which you can already do with a variety of tools (bluetoothscan, bluelog, etc.) and a cheap BT dongle with greater range than the setup he has put together.
It's a clever kluge for capturing and reading 2.4 GHz traffic with a sub-2.2 GHz device on the cheap but it's not really meaningful from a security perspective.