Opening suspicious files is still dangerous. Who woulda thought?
As others have pointed out, this "no click" malware requires you to download and open a malicious powerpoint file, and then hover over the link contained in the file before it can infect you. If anything, this seems far LESS of a risk than many other attack vectors that also require opening malicious file attachments in email. (usually opening the installer itself instead of a powerpoint file)
That said, WTF powerpoint? who makes a mouseover capable of downloading and installing something? c'mon guys, how stupid do you have to be to allow this sort of behaviour in your file format?
The summary says you shouldn't quit your day job, but obviously he did because he doesn't still wait tables at Red Lobster. It's about WHEN you quit your day job.
This will be a fairly personal decision, but a bunch of factors come in to play. first of all, if you can't survive on the money your startup is providing, then obviously you need to keep your day job. And once you can make more money running your own company than spending that same time at your day job, it's a no-brainer to quit to focus on your startup. The real challenge is the in-between states, and that's going to depend on your opinion of your existing job. Is it something you enjoy? and does it provide you the flexibility to work on the other project that you're passionate about? in that case stick around. Is it something you despise? Do you absolutely detest going to work each morning? is it interfering with your passions? In that case it may be worth taking a pay cut to work on your startup.
"Rachel from cardholder services" is only a threat to normal people, the elite don't have to deal with "her", so why would they expend resources going after the scam?
That said, the bigger issue is that they collect so much data, that there is no possible way to actually filter it in any meaningful way and bring out any useful data. This is why every time there's an attack of some form the authorities can almost instantly know everything about the attacker, but can't do anything to prevent it in the first place. It's easy to search your database for a known person and get everything about them, it's impossible to search the database for "criminal/terrorist intent with ability and likelihood of carrying it through"
It would be far more worthwhile to save billions of dollars on mass surveillance and spend that same money on old school investigators who can actually figure out what's going on, follow leads, and prevent things ahead of time.
Every time they do controlled tests where they put weapons (real or simulated) in to carry-on bags and go through TSA checkpoints, a huge majority of the weapons make it through completely undetected. This isn't a surprise if you've ever tried to actually make heads or tails of the images on the x-ray machine, especially if you've been staring at them for hours on end.
The previous ban for laptops from certain countries was worded as any electronic device larger than a certain dimension (which basically meany anything larger than a Samsung Galaxy Note series device). So yes, tablets were included. both with and without keyboards, and sold by Microsoft or not. As was technically the bluetooth keyboard (but not likely the smartphone unless you use something like the Samsung Galaxy Mega) and the Desktop Mini-Tower, but not the smartwatch.
I can't see why they'd word a new one any differently.
I'm not sure why you're confused. You've managed to post the actual definition of net-neutrality correctly, so why wouldn't you be for it just because it's called by it's actual name?
You agree 100% with net neutrality per your quote, but you disagree with the name???
Having you pay per gigabyte for what you download would not violate net-neutrality.
Blocking the porn site that the provider doesn't want you to go to, and only allowing you to go to the one they own shares in, would.
ISPs "felt" just fine when they were raking in large sums of money before they figured out how to violate net-neutrality, why do you suddenly think it would kill them to have to follow those same rules now?
Net neutrality isn't that tough a concept to grasp, and yet comments like yours seem to purposefully try to confuse the issue.
That's been standard process for many decades, but it's actually less likely now because it's harder to implement than these technological solutions, even though it's more likely to actually catch the party involved (because even if they take every precaution listed so far here, they'd still be caught simply by the wording used.)
They also don't allow top secret printouts to leave, but obviously they weren't too successful there. Why are you so sure they would be successful the other way?
My car basically runs Ubuntu, with a bunch of modifications. The manufacturer has denied this, however I have managed to get root access on the centre stack and instrument cluster comptuters and I can see for myself exactly what is going on.
It is being used commercially, and no source code is being distributed.
It's a clear violation of the GPL, however they don't care because they know that it's highly unlikely anyone will ever take them to court on it.
But we do have to take our laptops out of our bags and we can't take water bottles through security. Neither of which are based on any evidence whatsoever.
Nobody is forcing you to use the gpl. If you don't want to use it, don't. But if a project is under the gpl, you don't get to simply ignore it's terms simply because you don't like them.
My car is full of gpl code, and it's being used in contravention of the terms of the gpl. Of course the manufacturer doesn't care, but so many products are in the same boat. I hope that real gpl enforcement starts soon. These companies need to either respect the gpl, or stop using code produced under it.
What people seem to forget when they claim that the gpl is "invalid" is that without it, they wouldn't be able to use the code AT ALL. So if it really is invalid, then it reverts to normal copyright laws which state that you can't copy without the creator's permission. People try to have it both ways, free code that they can do anything they want with. If that's what you want, gpl code doesn't qualify any more than expensive commercial code.
Nobody can imagine it because nobody would be crazy enough to do that at 220v. There's a reason that current fast charging stations work at almost 400v, and why future standards are looking at even higher voltages. If you double the voltage you halve the current. Also, why pick 1 minute? that's much faster than you refuel a gasoline car, and everyone says that they are fast enough.
If your meeting doesn't happen while driving, that seems a perfect time for the car to be charging. And if you can't make the one way trip without charging with a modern long range electric vehicle, you also probably can't make it without at least 1 meal break, and probably 2 bathroom breaks, which are also good times to charge.
Modern long range electric vehicles don't have a problem with range, and they don't have a problem with recharge time. The only real remaining problems are: - lack of charging infrastructure in some specific locations. - refusal of most car companies to build any compelling models. - initial cost (mostly because of the above refusal to build any)
You joke, but it all depends on what you are securing against.
If my computer is in my house, then there's nothing that someone can get from that post it note than they can get from all sorts of other things already there. So why not have it on a post-it?
If someone gets as far as the post-it note, my problems are far bigger than some random person posting to Slashdot under my name.
And that "class" is "a large percentage of Slashdotters" because every time we discuss password security there's always a large number of people recommending one or another of these sorts of services as the be-all end-all of password security.
So there's no way of knowing if it's secure, because it's a blob nobody has access to. And it doesn't work on most devices (who ONLY uses their PC these days and doesn't need password access on their phone?)
So it's both useless, and a security nightmare... good work!
And yet every time we talk about password security, the general consensus on Slashdot is to use a password manager so that you can have strong passwords. And every time I bring up the "all your eggs in one basket" problem I'm told that it isn't an issue because --insert hand waving here--- And yet, we know that any time your passwords are on the internet, they are vulnerable. No matter what has been done to "secure" them.
If this is for embedded applications, it's probably already on Linux anyway, not Windows, and even if it isn't, the cost to rewrite will be made up quickly on the cost difference.
If computing power isn't the goal, simply having a computer at all. What application would pick this over a Raspberry Pi that's likely to be less than 1/4 the cost?
Is not irrelevant. The airlines don't care about additional fees tracked on by the government because they're the same for everyone. They don't affect their competitive position. The only way it's relevant is if you decide never to fly you don't pay the fee. But you also don't go anywhere.
Slashdot Mirror
Allowing an event to be captured, and allowing it to download and install software are two very different things.
Opening suspicious files is still dangerous.
Who woulda thought?
As others have pointed out, this "no click" malware requires you to download and open a malicious powerpoint file, and then hover over the link contained in the file before it can infect you.
If anything, this seems far LESS of a risk than many other attack vectors that also require opening malicious file attachments in email. (usually opening the installer itself instead of a powerpoint file)
That said, WTF powerpoint? who makes a mouseover capable of downloading and installing something? c'mon guys, how stupid do you have to be to allow this sort of behaviour in your file format?
The summary says you shouldn't quit your day job, but obviously he did because he doesn't still wait tables at Red Lobster. It's about WHEN you quit your day job.
This will be a fairly personal decision, but a bunch of factors come in to play. first of all, if you can't survive on the money your startup is providing, then obviously you need to keep your day job. And once you can make more money running your own company than spending that same time at your day job, it's a no-brainer to quit to focus on your startup. The real challenge is the in-between states, and that's going to depend on your opinion of your existing job. Is it something you enjoy? and does it provide you the flexibility to work on the other project that you're passionate about? in that case stick around. Is it something you despise? Do you absolutely detest going to work each morning? is it interfering with your passions? In that case it may be worth taking a pay cut to work on your startup.
"Rachel from cardholder services" is only a threat to normal people, the elite don't have to deal with "her", so why would they expend resources going after the scam?
That said, the bigger issue is that they collect so much data, that there is no possible way to actually filter it in any meaningful way and bring out any useful data. This is why every time there's an attack of some form the authorities can almost instantly know everything about the attacker, but can't do anything to prevent it in the first place. It's easy to search your database for a known person and get everything about them, it's impossible to search the database for "criminal/terrorist intent with ability and likelihood of carrying it through"
It would be far more worthwhile to save billions of dollars on mass surveillance and spend that same money on old school investigators who can actually figure out what's going on, follow leads, and prevent things ahead of time.
Every time they do controlled tests where they put weapons (real or simulated) in to carry-on bags and go through TSA checkpoints, a huge majority of the weapons make it through completely undetected. This isn't a surprise if you've ever tried to actually make heads or tails of the images on the x-ray machine, especially if you've been staring at them for hours on end.
The previous ban for laptops from certain countries was worded as any electronic device larger than a certain dimension (which basically meany anything larger than a Samsung Galaxy Note series device). So yes, tablets were included. both with and without keyboards, and sold by Microsoft or not. As was technically the bluetooth keyboard (but not likely the smartphone unless you use something like the Samsung Galaxy Mega) and the Desktop Mini-Tower, but not the smartwatch.
I can't see why they'd word a new one any differently.
I'm not sure why you're confused. You've managed to post the actual definition of net-neutrality correctly, so why wouldn't you be for it just because it's called by it's actual name?
You agree 100% with net neutrality per your quote, but you disagree with the name???
Having you pay per gigabyte for what you download would not violate net-neutrality.
Blocking the porn site that the provider doesn't want you to go to, and only allowing you to go to the one they own shares in, would.
ISPs "felt" just fine when they were raking in large sums of money before they figured out how to violate net-neutrality, why do you suddenly think it would kill them to have to follow those same rules now?
Net neutrality isn't that tough a concept to grasp, and yet comments like yours seem to purposefully try to confuse the issue.
That's been standard process for many decades, but it's actually less likely now because it's harder to implement than these technological solutions, even though it's more likely to actually catch the party involved (because even if they take every precaution listed so far here, they'd still be caught simply by the wording used.)
They also don't allow top secret printouts to leave, but obviously they weren't too successful there. Why are you so sure they would be successful the other way?
My car basically runs Ubuntu, with a bunch of modifications.
The manufacturer has denied this, however I have managed to get root access on the centre stack and instrument cluster comptuters and I can see for myself exactly what is going on.
It is being used commercially, and no source code is being distributed.
It's a clear violation of the GPL, however they don't care because they know that it's highly unlikely anyone will ever take them to court on it.
But we do have to take our laptops out of our bags and we can't take water bottles through security. Neither of which are based on any evidence whatsoever.
Nobody is forcing you to use the gpl. If you don't want to use it, don't.
But if a project is under the gpl, you don't get to simply ignore it's terms simply because you don't like them.
My car is full of gpl code, and it's being used in contravention of the terms of the gpl. Of course the manufacturer doesn't care, but so many products are in the same boat.
I hope that real gpl enforcement starts soon. These companies need to either respect the gpl, or stop using code produced under it.
What people seem to forget when they claim that the gpl is "invalid" is that without it, they wouldn't be able to use the code AT ALL. So if it really is invalid, then it reverts to normal copyright laws which state that you can't copy without the creator's permission. People try to have it both ways, free code that they can do anything they want with. If that's what you want, gpl code doesn't qualify any more than expensive commercial code.
Nobody can imagine it because nobody would be crazy enough to do that at 220v.
There's a reason that current fast charging stations work at almost 400v, and why future standards are looking at even higher voltages. If you double the voltage you halve the current.
Also, why pick 1 minute? that's much faster than you refuel a gasoline car, and everyone says that they are fast enough.
If your meeting doesn't happen while driving, that seems a perfect time for the car to be charging. And if you can't make the one way trip without charging with a modern long range electric vehicle, you also probably can't make it without at least 1 meal break, and probably 2 bathroom breaks, which are also good times to charge.
Modern long range electric vehicles don't have a problem with range, and they don't have a problem with recharge time.
The only real remaining problems are:
- lack of charging infrastructure in some specific locations.
- refusal of most car companies to build any compelling models.
- initial cost (mostly because of the above refusal to build any)
You joke, but it all depends on what you are securing against.
If my computer is in my house, then there's nothing that someone can get from that post it note than they can get from all sorts of other things already there. So why not have it on a post-it?
If someone gets as far as the post-it note, my problems are far bigger than some random person posting to Slashdot under my name.
And that "class" is "a large percentage of Slashdotters" because every time we discuss password security there's always a large number of people recommending one or another of these sorts of services as the be-all end-all of password security.
So there's no way of knowing if it's secure, because it's a blob nobody has access to. And it doesn't work on most devices (who ONLY uses their PC these days and doesn't need password access on their phone?)
So it's both useless, and a security nightmare... good work!
And yet every time we talk about password security, the general consensus on Slashdot is to use a password manager so that you can have strong passwords. And every time I bring up the "all your eggs in one basket" problem I'm told that it isn't an issue because --insert hand waving here---
And yet, we know that any time your passwords are on the internet, they are vulnerable. No matter what has been done to "secure" them.
If this is for embedded applications, it's probably already on Linux anyway, not Windows, and even if it isn't, the cost to rewrite will be made up quickly on the cost difference.
If computing power isn't the goal, simply having a computer at all. What application would pick this over a Raspberry Pi that's likely to be less than 1/4 the cost?
Nitrates are screened for already, so that doesn't warrant depriving people of their liquids.
Is not irrelevant. The airlines don't care about additional fees tracked on by the government because they're the same for everyone. They don't affect their competitive position.
The only way it's relevant is if you decide never to fly you don't pay the fee. But you also don't go anywhere.
So... basically, it's all a giant conspiracy theory... right....