Plus since Cellebrite is a non-US company, they can't be "legally compelled" by anyone to reproduce this method for all the other iPhones that have been discussed by various District Attorneys.
If someone can get physical access, then your security paradigm is already broken. Very few systems can withstand direct physical assault; it's not like the iPhone is built to the NSA's CSfC guidelines and meant to be completely secure against all threats. It's a consumer-level mobile phone; mass-produced with a unsecured supply chain and an open-sourced operating system. It says quite a bit to Apple's security engineers that it took this level of work to get access. Anyone who thinks "oh, this is proof that iPhones are totally unsecure!" obviously can't comprehend the level of effort it took to get into this phone.
If a rapid NAND mirroring system is what broke this, I'm betting that Apples next major security upgrade will include some type of encryption that is uncopiable, Slashdot even had an article about this that incorporates unreproducible physical defects unique to each NAND chip.
My apartment complex has been an "AT&T only Community" for at least 10 years. New management finally comes in, who is willing to let in competition. So I pop open the access box on the side of the apartment...and the coax is has all been cut off, about 1/2 inch from the customer side and about 1/2 inch out of the pipe. Checked other buildings here; same deal everywhere. The coax itself is covered in dirt and crap...it's obvious that this was done some time ago. My bet is that the AT&T techs sliced all these up when they snagged the complex in their exclusivity contract.
That's when the first telephone exchange in the US was started, per wikipedia. Somewhere in some warehouse these record from the very first commercial exchange are probably sitting, transcribed by hand. This is AT&T, they keep records of EVERYTHING, even before the FBI started asking them to.
Like the Toshiba 4s, which is completely self-contained and doesn't even need a "control room". It only gives 10Mw, but doesn't need refueling for 30 years. Of course this is far too small for a modern city, but Toshiba said they are working on one at 50Mw. Still, this would need 10,000 to run a city the size of Dallas (with the 50Mw), but self-contained no-maintenance is the way forward. These would especially be useful combined with renewables that are dependent on sunlight, wind, etc.
Something like this is needed; until actual "people in charge" have to pay these fines out of their own pocket, these headlines will just repeat. As long as they can hide "behind the corporate veil" and put profits over customers...and hospitals need to be held to higher standards. What if the info that was encrypted was medical files that was needed for life-saving operations? I hate to say this, but maybe if some innocent patient actually died because of these hacks then we, as a civilization, might actually do something about it.
Even worse for this "victim" is that the U.S. Department of Health & Human Services has specifically made laws about IT security for organizations like this, and supposedly enforces security. So in this example, it goes beyond "I didn't know" to "I willfully ignored the law that's been on the books for almost two decades".
Many "medical devices" in hospitals actually require internet connections and run ancient OSes like Win2k. It takes years to write new code, as everything has to go through FDA approval. Of course that's really no excuse to use vlans, proxies, IDS, and other mitigation techniques for this equipment...but until hospitals are hit with $50,000 per violation per day their just going to keep ignoring it all.
Not only did the hospital IT fail, there are federal policies that are made to help protect against this. A hospital should be doing a risk assessment annually, and is required to document why specific remediation weren't followed per HIPAA. 164.306 is very clear on this all; even the policies that are "addressable" still require them to "Document why it would not be reasonable and appropriate to implement the implementation specification;"
They could be hit with "civil money penalties" of "$50,000 for each violation", and this can be " a separate violation occurs each day the covered entity or business associate is in violation of the provision. " The ONLY thing that might save the hospital is that PHI hasn't actually been exposed. Source
Might as well blame it on Jupiter and Vertumnus, Roman Gods of storms and trees respectively. Next time, when parking under a tree, you need to pour some wine on the roof of your car while reciting "Vertumne, uti te ture ommovendo bonas preces bene precatus sum, eiusdem rei ergo macte vino inferio esto."
twinaxial for the 5250 was even more entertaining...sneeze at them and they broke. My first "professional" networking job, small city using cables from the early 1980's wanted me to upgrade them in 1994. All their new PCs had to have terminal cards, the connectors were so old they were brittle...NOT fun lol.
Even better, kill them with their own gun. "Live by the gun, get killed by your own gun - courtesy of your State Department of Corrections" would be a great billboard!
It's not the "culture" per se, but because the Swedes are far more homogeneous as a people than the US. Family connections and Dunbar's Number come into play. It's also political, as in the US (being a "majority rule" system) always frames everything as one side vs the other, no matter what the situation. So in the US we've been conditioned that it's either all gun legislation is a trap to take away our Constitutional rights OR all gun legislation is to increase our personal freedoms. US citizens, as a general "mass", have lost the ability to see the middle path of most situations. Our foreign policy is to either bomb someone or completely ignore them. Our police either kick down the door with a SWAT team or don't even go into a neighborhood. We have "liberals" vs "conservatives", "right" vs "left", and anyone in between is quickly shouted down by the extremes of both sides. If a Republican tries to be more liberal their called a RINO, never mind the existence of the Progressive Republicans of Eisenhower's day.
When working at IBM as a t2 tech, I would come in at 6:30-7:00AM, grab all the "easy" tickets, and then just skip lunch. I was leaving at 2:30-3:00pm, doing my eight hours. Eventually some coworkers complained that I was "leaving early", so I showed that I was doing my full eight to my boss. A day later, HR sent out a "memo" that we were required by company policy to take a minimum 30 minute lunch with a max of 60 minutes.
H1B holders should be allowed to become citizens; then they can toss the H1B and earn an actual wage. The Department of Labor needs to seriously crack down on all companies who replace anyone with someone who needs ANY training; the point of H1B is they aren't supposed to need training and are fulfilling a position that the US worker couldn't. Fines from the DoL aren't enough; any company found training replacements needs to have their H1B issuing ability yanked and given 90 days to remove all "employees" that have violated the law. Additional violations need to result in that company being banned from working in the US.
An H1B isn't allowed to move from company to company either, but Wipro gets around that by maintaining the primary employment and just moving them around to different "contracts". It's a violation of the spirit of the law; typical corporate shenanigans. But when the replacements need training beyond "company policy" then this IS a violation of the law and needs to be punished quite harshly.
The CEO's ARE putting in 800x efforts, just not aimed at helping their employees. The CEOs are only beholden to the shareowners, who only care about quarterly profits and getting the stocks higher. Employees are nothing but numbers in a column, only means to an end. That end is higher profits, that's all a corp is concerned with. If allowed, a corp would poison the air, water, and ground if it meant making a profit; they would kill the local population indiscriminately. They have in the past, and still do when they can get away with it.
Whomever this company is needs to be named. TFA mentions that this is the same data Affinity Gaming reported, and now their suing the ITSEC corp Trustwave whom they hired to contain the breach since Trustwave failed and Affinity got hit again. This article says that it was a breach of the card processing system used for non-gambling (hotel, food, etc) purchases, so it appears this "third party" is a credit card processor that sits in between Affinity and AMEX.
I'm betting AMEX isn't the only card company hit in this, but there are so many data breaches unless you work in credit card ITSEC you probably don't keep good enough track of it all to tie it all together. It could be CK Systems, they are a CC processor that got hit in 2013.
No, unless we fundamentally change the system of government we have. What we need is called "proportional representation" along with the "single transferable vote" system. This would enable more than two parties, which is the end result of the "majority rule" we have in the US. If our Legislature had seats allocated per registered, voting members of various parties in proportion to their district's population vs countries population; and voted on party seats only within those parties...but since we have a "winner takes all" majority rule, it's pretty much impossible for any third party to overcome the 51% mark.
Ah, I actually meant neither. It's an abbreviation for "faster than light", which means anything moving above 299,792,458 meters per second, no matter what the actual method used to acheive it lol. Ideas like the alcubierre drive have been theoretically postulated at around 10x of c, which is FTL yet neither teleportation nor time travel. As for causality, that's only if the FTL is actually truly instantaneous. That's what this particular article is claiming; but the Alcubierre drive isn't claiming this...superluminal movement has already happened during the inflationary period of the Universe so as long as it's not actually instantaneous the laws of the Universe obviously allow it. We just don't understand how yet. Here is an interesting discussion about all of this.
So soon I will be able to use this to help make my ultra-drone army even more effective at killing all the humans! Now I just need to perfect my human glucose-based power harvesting, and my biological harvested bioprinter!
Slashdot Mirror
Plus since Cellebrite is a non-US company, they can't be "legally compelled" by anyone to reproduce this method for all the other iPhones that have been discussed by various District Attorneys.
If someone can get physical access, then your security paradigm is already broken. Very few systems can withstand direct physical assault; it's not like the iPhone is built to the NSA's CSfC guidelines and meant to be completely secure against all threats. It's a consumer-level mobile phone; mass-produced with a unsecured supply chain and an open-sourced operating system. It says quite a bit to Apple's security engineers that it took this level of work to get access. Anyone who thinks "oh, this is proof that iPhones are totally unsecure!" obviously can't comprehend the level of effort it took to get into this phone.
If a rapid NAND mirroring system is what broke this, I'm betting that Apples next major security upgrade will include some type of encryption that is uncopiable, Slashdot even had an article about this that incorporates unreproducible physical defects unique to each NAND chip.
My apartment complex has been an "AT&T only Community" for at least 10 years. New management finally comes in, who is willing to let in competition. So I pop open the access box on the side of the apartment...and the coax is has all been cut off, about 1/2 inch from the customer side and about 1/2 inch out of the pipe. Checked other buildings here; same deal everywhere. The coax itself is covered in dirt and crap...it's obvious that this was done some time ago. My bet is that the AT&T techs sliced all these up when they snagged the complex in their exclusivity contract.
You don't "need" a land line, it's called a "dry loop". I've had one for almost five years now. It still sucks compared to fiber though lol.
That's when the first telephone exchange in the US was started, per wikipedia. Somewhere in some warehouse these record from the very first commercial exchange are probably sitting, transcribed by hand. This is AT&T, they keep records of EVERYTHING, even before the FBI started asking them to.
Like the Toshiba 4s, which is completely self-contained and doesn't even need a "control room". It only gives 10Mw, but doesn't need refueling for 30 years. Of course this is far too small for a modern city, but Toshiba said they are working on one at 50Mw. Still, this would need 10,000 to run a city the size of Dallas (with the 50Mw), but self-contained no-maintenance is the way forward. These would especially be useful combined with renewables that are dependent on sunlight, wind, etc.
Something like this is needed; until actual "people in charge" have to pay these fines out of their own pocket, these headlines will just repeat. As long as they can hide "behind the corporate veil" and put profits over customers...and hospitals need to be held to higher standards. What if the info that was encrypted was medical files that was needed for life-saving operations? I hate to say this, but maybe if some innocent patient actually died because of these hacks then we, as a civilization, might actually do something about it.
Even worse for this "victim" is that the U.S. Department of Health & Human Services has specifically made laws about IT security for organizations like this, and supposedly enforces security. So in this example, it goes beyond "I didn't know" to "I willfully ignored the law that's been on the books for almost two decades".
Many "medical devices" in hospitals actually require internet connections and run ancient OSes like Win2k. It takes years to write new code, as everything has to go through FDA approval. Of course that's really no excuse to use vlans, proxies, IDS, and other mitigation techniques for this equipment...but until hospitals are hit with $50,000 per violation per day their just going to keep ignoring it all.
Not only did the hospital IT fail, there are federal policies that are made to help protect against this. A hospital should be doing a risk assessment annually, and is required to document why specific remediation weren't followed per HIPAA. 164.306 is very clear on this all; even the policies that are "addressable" still require them to "Document why it would not be reasonable and appropriate to implement the implementation specification;"
They could be hit with "civil money penalties" of "$50,000 for each violation", and this can be " a separate violation occurs each day the covered entity or business associate is in violation of the provision. " The ONLY thing that might save the hospital is that PHI hasn't actually been exposed. Source
Might as well blame it on Jupiter and Vertumnus, Roman Gods of storms and trees respectively. Next time, when parking under a tree, you need to pour some wine on the roof of your car while reciting "Vertumne, uti te ture ommovendo bonas preces bene precatus sum, eiusdem rei ergo macte vino inferio esto."
twinaxial for the 5250 was even more entertaining...sneeze at them and they broke. My first "professional" networking job, small city using cables from the early 1980's wanted me to upgrade them in 1994. All their new PCs had to have terminal cards, the connectors were so old they were brittle...NOT fun lol.
Even better, kill them with their own gun. "Live by the gun, get killed by your own gun - courtesy of your State Department of Corrections" would be a great billboard!
It's not the "culture" per se, but because the Swedes are far more homogeneous as a people than the US. Family connections and Dunbar's Number come into play. It's also political, as in the US (being a "majority rule" system) always frames everything as one side vs the other, no matter what the situation. So in the US we've been conditioned that it's either all gun legislation is a trap to take away our Constitutional rights OR all gun legislation is to increase our personal freedoms. US citizens, as a general "mass", have lost the ability to see the middle path of most situations. Our foreign policy is to either bomb someone or completely ignore them. Our police either kick down the door with a SWAT team or don't even go into a neighborhood. We have "liberals" vs "conservatives", "right" vs "left", and anyone in between is quickly shouted down by the extremes of both sides. If a Republican tries to be more liberal their called a RINO, never mind the existence of the Progressive Republicans of Eisenhower's day.
That happens to me too, my gun yells at me all the time! Usually it's just "MURDER! DEATH! KILL!" but sometimes it yells "OIL ME!"
When working at IBM as a t2 tech, I would come in at 6:30-7:00AM, grab all the "easy" tickets, and then just skip lunch. I was leaving at 2:30-3:00pm, doing my eight hours. Eventually some coworkers complained that I was "leaving early", so I showed that I was doing my full eight to my boss. A day later, HR sent out a "memo" that we were required by company policy to take a minimum 30 minute lunch with a max of 60 minutes.
H1B holders should be allowed to become citizens; then they can toss the H1B and earn an actual wage. The Department of Labor needs to seriously crack down on all companies who replace anyone with someone who needs ANY training; the point of H1B is they aren't supposed to need training and are fulfilling a position that the US worker couldn't. Fines from the DoL aren't enough; any company found training replacements needs to have their H1B issuing ability yanked and given 90 days to remove all "employees" that have violated the law. Additional violations need to result in that company being banned from working in the US.
An H1B isn't allowed to move from company to company either, but Wipro gets around that by maintaining the primary employment and just moving them around to different "contracts". It's a violation of the spirit of the law; typical corporate shenanigans. But when the replacements need training beyond "company policy" then this IS a violation of the law and needs to be punished quite harshly.
The CEO's ARE putting in 800x efforts, just not aimed at helping their employees. The CEOs are only beholden to the shareowners, who only care about quarterly profits and getting the stocks higher. Employees are nothing but numbers in a column, only means to an end. That end is higher profits, that's all a corp is concerned with. If allowed, a corp would poison the air, water, and ground if it meant making a profit; they would kill the local population indiscriminately. They have in the past, and still do when they can get away with it.
Whomever this company is needs to be named. TFA mentions that this is the same data Affinity Gaming reported, and now their suing the ITSEC corp Trustwave whom they hired to contain the breach since Trustwave failed and Affinity got hit again. This article says that it was a breach of the card processing system used for non-gambling (hotel, food, etc) purchases, so it appears this "third party" is a credit card processor that sits in between Affinity and AMEX.
I'm betting AMEX isn't the only card company hit in this, but there are so many data breaches unless you work in credit card ITSEC you probably don't keep good enough track of it all to tie it all together. It could be CK Systems, they are a CC processor that got hit in 2013.
No, unless we fundamentally change the system of government we have. What we need is called "proportional representation" along with the "single transferable vote" system. This would enable more than two parties, which is the end result of the "majority rule" we have in the US. If our Legislature had seats allocated per registered, voting members of various parties in proportion to their district's population vs countries population; and voted on party seats only within those parties...but since we have a "winner takes all" majority rule, it's pretty much impossible for any third party to overcome the 51% mark.
I think the domain names would actually be redhatc.om and ubuntuc.om, were someone swapped the . and the c
Ah, I actually meant neither. It's an abbreviation for "faster than light", which means anything moving above 299,792,458 meters per second, no matter what the actual method used to acheive it lol. Ideas like the alcubierre drive have been theoretically postulated at around 10x of c, which is FTL yet neither teleportation nor time travel. As for causality, that's only if the FTL is actually truly instantaneous. That's what this particular article is claiming; but the Alcubierre drive isn't claiming this...superluminal movement has already happened during the inflationary period of the Universe so as long as it's not actually instantaneous the laws of the Universe obviously allow it. We just don't understand how yet. Here is an interesting discussion about all of this.
The feds are still free to listen all they want. They just can't understand what their listening to due to encryption lol.
So soon I will be able to use this to help make my ultra-drone army even more effective at killing all the humans! Now I just need to perfect my human glucose-based power harvesting, and my biological harvested bioprinter!
Why reply to me? I never mentioned teleportation in my post...