If you wanted to watch online banking transactions to a major bank like HSBC would this not be a way to do it?S ure, it would be difficult and would take a while, but you would gather huge amounts of information that is potentially worth millions.
The only difference between this and a completely unsecure connection is that it would take more effort and organisation and it would be limited to those browsers that you've set up a MITM attack for and have been downloaded. You could set up a MITM attack before a new release of a browser such as Firefox 4.0 and use a fake Verisign certificate.
This would only help you with listening to Firefox 4.0 connecting to https signed by Verisign; but this would be a way to gain access to bank accounts.
With the exception of pre-installed machines, we all have to download our web browsers. What would stop someone carrying out a man in the middle attack on a web browser or distribution download that provided a different Firefox that contains different CA keys. These CA keys could be designed to work the same with https websites, but would allow a man in the middle to also read off the information being transmitted.
Admittedly this would be very hard to do, but theoretically possible and with the resources of a nation state this may have already been done. As most machines are now built in the far east, what would stop the IE that ships with your computer from also having altered CA keys?
Would it even be possible to detect this? You could use MD5 checksums on your downloads, but most of the websites that show an MD5 are unsecure, so they could easily be showing a manipulated version of the checksum.
This strikes me as one of the biggest flaws of our reliance on SSL v2, v3, whatever.
If one path leads to profits now, but bankruptcy in 10 years, that's not good business.
True, but as these oil companies are so big then they'll probably get bailed out; just like the banks who sought short term profits at the expense of long term stability.
Daily Mail only thinks this is silly because it is an example of the 'nanny state' and its looks bad for the current government, even though it was a conservative government that brought the legislation in. Did you seriously think the Daily Mail would be happy with this law being repealed? Middle England would be up in arms over the possibility of raves.
You should try watching Inside Nature's Giants on Channel 4 at 9PM on Mondays. Its a very good nature programme where they cut up a large animal (last night was a whale) and show you all of its parts. I learnt last night that whales actually have hind legs inside them as they're most closely related to Hippos.
Correct, according to this article from the BBC: "Western governments, including the UK, don't allow you to build networks without having this functionality."
What I would like is "smart electronics" so I can push a single button on my way out and be sure I am not wasting electricity, without shutting off my fridge, alarm clock, and PVR. Maybe somebody can point me to that?
You mean like this? I have a similar set to these and find them very useful.
Absolutely. According to the article the government said it would "ensure that the government adopts open standards and uses these to communicate with the citizens and businesses that have adopted open source solutions".
The next time I get a.doc or.xls then I guess I should be able to demand an open standard. I sure hope so.
The raw idea of simply handing over all this information to any government, however benign, and sticking it in an electronic warehouse is an awful idea if there are not very strict controls about it.
That quote that you pasted comes from Lord Carlile who is the 'independent' reviewer of anti-terror laws. I think he was appointed by the government so is effectively a mouth piece and should be ignored.
These proposals are incompatible with a free country and a free people.
Amen indeed. Lib Dems are currently the only party that truly believe in our liberty. They might not get to run the government, a lot of Brits like the idea of an over-arching all-powerful government; but they do get to influence policy. Think about that next time you vote.
From looking at that graph; it would be more interesting to see the signal to noise ratio for each of the letters and numbers. Those names beginning with an 'A' do indeed receive more spam, but also far more non-spam. In fact it looks to be more like 50:51 (non-spam : spam), whereas from first glance those email addresses beginning with a 'P' receive 40:60.
I can load Java ME apps onto my Sony Ericsson K800i by using either the supplied USB cable, or via Bluetooth.
Java ME doesn't provide all of the libraries that come with Java Standard Edition; so be prepared to work around the lack of Lists which is something that I have found frustrating about it.
I've now read through the Lung Cancer article and it is very well written. Perhaps Wikipedia pages will gain links to these articles as authoritative pieces.
I've only really looked at this article, which was the most prominently featured on their front page. Reading the first few paragraphs it comes across as one persons view and experiences as opposed to an encyclopaedia. Some work will need to be done on this if it is to be a serious challenger to Wikipedia.
You need to show him something that will quickly show results, preferably something that can display a UI and I guess these days that would be best done via a web browser. Try to teach him some PHP so that he can quickly see the fruits of his work on the web, and from there move to Javascript, mySQL, and then to AJAX. With that knowledge teach him to learn for himself by developing a facebook application by reading the facebook api and going from there. From there you can move him onto some of the C/Java code at which point he should have a strong understanding of the logic and will have picked up some useful SQL skills.
Quick results are what got me into programming. Seeing that I could code a small, higher or lower game in about 10 mins for the BBC Micro or an Acorn and then show that to anyone who was interested was almost instant gratification. These days a web based project would be more impressive and easier to distribute.
I guess, in a way this isn't really a security problem, but more like a 'feature'. It gives you some space to store a message that you can then link to and uses a 16 digit hex key to hide the message through obscurity.
Slashdot Mirror
Agreed. However, with more and more transactions moving online; surely the incentive is growing everyday for this kind of attack to occur.
Maybe for large scale theft, or maybe to have access to bank account that can be used for money laundering.
If you wanted to watch online banking transactions to a major bank like HSBC would this not be a way to do it?S ure, it would be difficult and would take a while, but you would gather huge amounts of information that is potentially worth millions.
The only difference between this and a completely unsecure connection is that it would take more effort and organisation and it would be limited to those browsers that you've set up a MITM attack for and have been downloaded. You could set up a MITM attack before a new release of a browser such as Firefox 4.0 and use a fake Verisign certificate.
This would only help you with listening to Firefox 4.0 connecting to https signed by Verisign; but this would be a way to gain access to bank accounts.
With the exception of pre-installed machines, we all have to download our web browsers. What would stop someone carrying out a man in the middle attack on a web browser or distribution download that provided a different Firefox that contains different CA keys. These CA keys could be designed to work the same with https websites, but would allow a man in the middle to also read off the information being transmitted.
Admittedly this would be very hard to do, but theoretically possible and with the resources of a nation state this may have already been done. As most machines are now built in the far east, what would stop the IE that ships with your computer from also having altered CA keys?
Would it even be possible to detect this? You could use MD5 checksums on your downloads, but most of the websites that show an MD5 are unsecure, so they could easily be showing a manipulated version of the checksum.
This strikes me as one of the biggest flaws of our reliance on SSL v2, v3, whatever.
Please tell me that this isn't possible.
NASA have set up a webpage for the LCROSS Observation Campaign: http://lcross.arc.nasa.gov/observation.htm
By the way, it is at 11.30 UTC for those who don't know how far their timezone is from EDT.
Can't we link to the original source in the article summary? http://www.johntemple.net/2009/09/lessons-from-rocky-mountain-news-text.html
If one path leads to profits now, but bankruptcy in 10 years, that's not good business.
True, but as these oil companies are so big then they'll probably get bailed out; just like the banks who sought short term profits at the expense of long term stability.
Daily Mail only thinks this is silly because it is an example of the 'nanny state' and its looks bad for the current government, even though it was a conservative government that brought the legislation in. Did you seriously think the Daily Mail would be happy with this law being repealed? Middle England would be up in arms over the possibility of raves.
You should try watching Inside Nature's Giants on Channel 4 at 9PM on Mondays. Its a very good nature programme where they cut up a large animal (last night was a whale) and show you all of its parts. I learnt last night that whales actually have hind legs inside them as they're most closely related to Hippos.
Correct, according to this article from the BBC:
"Western governments, including the UK, don't allow you to build networks without having this functionality."
What I would like is "smart electronics" so I can push a single button on my way out and be sure I am not wasting electricity, without shutting off my fridge, alarm clock, and PVR. Maybe somebody can point me to that?
You mean like this? I have a similar set to these and find them very useful.
Absolutely. According to the article the government said it would "ensure that the government adopts open standards and uses these to communicate with the citizens and businesses that have adopted open source solutions".
.doc or .xls then I guess I should be able to demand an open standard. I sure hope so.
The next time I get a
Add the dailymail tag, thats what I'm doing from now on for Daily Mail articles.
The raw idea of simply handing over all this information to any government, however benign, and sticking it in an electronic warehouse is an awful idea if there are not very strict controls about it.
That quote that you pasted comes from Lord Carlile who is the 'independent' reviewer of anti-terror laws. I think he was appointed by the government so is effectively a mouth piece and should be ignored.
These proposals are incompatible with a free country and a free people.
Amen indeed. Lib Dems are currently the only party that truly believe in our liberty. They might not get to run the government, a lot of Brits like the idea of an over-arching all-powerful government; but they do get to influence policy. Think about that next time you vote.
From looking at that graph; it would be more interesting to see the signal to noise ratio for each of the letters and numbers. Those names beginning with an 'A' do indeed receive more spam, but also far more non-spam. In fact it looks to be more like 50:51 (non-spam : spam), whereas from first glance those email addresses beginning with a 'P' receive 40:60.
I can load Java ME apps onto my Sony Ericsson K800i by using either the supplied USB cable, or via Bluetooth. Java ME doesn't provide all of the libraries that come with Java Standard Edition; so be prepared to work around the lack of Lists which is something that I have found frustrating about it.
One page version: http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9112621
The article on one page: http://www.washingtonpost.com/wp-dyn/content/article/2008/08/12/AR2008081203275_pf.html
So, did he get the cart for his Warcart from Walmart?
He didn't say 25 is old. He said "old-timers like me (i.e. more than 25-30 years old)"; implying that an old-timer is anyone over 30 years old.
I've now read through the Lung Cancer article and it is very well written. Perhaps Wikipedia pages will gain links to these articles as authoritative pieces.
I've only really looked at this article, which was the most prominently featured on their front page. Reading the first few paragraphs it comes across as one persons view and experiences as opposed to an encyclopaedia. Some work will need to be done on this if it is to be a serious challenger to Wikipedia.
Uniform Office Format explained on Wikipedia.
You need to show him something that will quickly show results, preferably something that can display a UI and I guess these days that would be best done via a web browser. Try to teach him some PHP so that he can quickly see the fruits of his work on the web, and from there move to Javascript, mySQL, and then to AJAX. With that knowledge teach him to learn for himself by developing a facebook application by reading the facebook api and going from there. From there you can move him onto some of the C/Java code at which point he should have a strong understanding of the logic and will have picked up some useful SQL skills.
Quick results are what got me into programming. Seeing that I could code a small, higher or lower game in about 10 mins for the BBC Micro or an Acorn and then show that to anyone who was interested was almost instant gratification. These days a web based project would be more impressive and easier to distribute.
I've just realised that the reason Google had indexed that MMS along with the others is because they've been linked to from other websites. For example the one I pasted above is linked to here http://1000milesdown.blogspot.com/2008/04/day-3-foyers-connell-84-miles.html
I guess, in a way this isn't really a security problem, but more like a 'feature'. It gives you some space to store a message that you can then link to and uses a 16 digit hex key to hide the message through obscurity.