I run the free version of AVG (without any of the browser add-on crap installed) and I dont see any indications that its MITM'ing SSL traffic inside SeaMonkey (my primary browser).
On my ADSL2+ connection I usually somewhere around 8-9mbits downstream depending on exactly what my router last synced at (currently getting 9.1mbits) and that is plenty fine for me even when watching YouTube or other video sites. The biggest problem is the poor quality of my copper line to the exchange (blame that on Telstra here in Australia who own the wires)
The best place to start in making cars more secure is to stop connecting them to the Internet or cellular networks. It makes them vulnerable to remote exploits and increases the cost of the car.
But now we have some jurisdictions (EU I think is one) mandating cellular connections in new cars so they can support "emergency features" (presumably stuff so when the car is involved in a serious crash, the car can notify emergency services automatically in case the occupants are pinned down or unconscious and cant make an emergency call themselves)
Get rid of the cellular connections, get rid of all this "infotainment" crap (whoever thought "apps" in a car is a good idea is an idiot). And spend some money on really strong encryption in things like the remote unlock keyfobs and engine immobilisers so hackers cant get in.
A number of car audio systems that I have seen have removable face plates. Thief looks in, sees that the faceplate has been removed and will then realize the unit is worthless to resell and will move on.
Start by replacing the broken CA model and push much harder for alternatives like DANE and the EFF Sovereign Keys proposal.
Stop the NSA or the Chinese Government (or hackers who steal the master keys for a CA ala DigiNotar) from being able to generate a certificate for a domain and perform MITM attacks with it.
Replace TLS with something designed from the ground up to be as simple as possible. Any "optional" features in the protocol that could be turned on by the server or client are extra vectors for attack.
Mandate forward-secrecy (via Ephemeral Diffie-Helman or similar) to prevent bad guys who later obtain private keys from decrypting previous traffic. Support only the strongest algorithms (RSA with at least 2048 bits, AES, SHA2/SHA3) and dont support obsolete algorithms like RC4, SHA1, MD5, DES or 3DES.
Make email encryption so easy anyone can do it. And build it into all the popular email clients (with encryption turned on by default) so that encrypted email becomes the rule rather than the exception.
Invent open-standard open-protocol chat programs (for voice, video, text and file transfer) with end-to-end encryption (including some sort of forward secrecy so that once the session is over, it becomes impossible for anyone to decrypt the conversations and get the data back)
You clearly dont understand cryptography. Unless the manufacturers screw up and use a weak algorithm for the signature (or screw up the implementation like Sony did on the PS3) it will be impossible to crack the signature.
If the data is stored in a data centre in Ireland, why cant they use Irish law (and work with Irish law enforcement if necessary) to get this information?
Hey, I actually happen to like CSI in all its forms (although Miami is definitely the weakest of the lot)
In terms of GOOD geek programming though, the best I have found is Halt & Catch Fire from AMC. Second season of that wrapped up not too long ago and I hope it comes back for a third.
AMC knows how to do good TV (Breaking Bad, Walking Dead, Halt & Catch Fire, Mad Men).
And yes I am very much interested in "The man in the high castle" although I haven't found a way to see it in Australia yet since we dont get Amazon digital content...
Too bad most of the good stuff gets canceled just as its getting interesting while garbage like Survivor gets 31 seasons of the same boring unwatchable crap.
At least the new season of Scorpion starts in a few weeks and the new seasons of Madam Secretary and CSI: Cyber in a few weeks after that. So there ARE still good TV shows out there but they are few and far between (and mostly on expensive-to-purchase cable channels e.g. Halt & Catch Fire on AMC)
My Nokia N900 has a separate firmware blob for the WiFi chip (no idea if the wireless radio enforces any digital signature on that) and it figures out what regional settings (FCC etc) to use by obtaining the current country from the cellular network or if it cant do that, reading it directly from a write-once part of the file system.
I have seen routers out there that have separate chips to do the WiFi stuff as well. I see no reason you couldn't lock down the firmware for these separate CPUs (so they will only run digitally signed firmware, just like they do now for the CPUs used for cellular radios) and have a write-once memory area somewhere that chip can see where the correct region information is written at manufacture time. Physically impossible for the main CPU to talk to the radio in those cases since the radio/RF part is only connected to whatever CPU is running the WiFi firmware and not to the main CPU.
Assuming you aren't on a browser that is so old it doesn't support more secure algorithms (AES I believe is the one everyone should be using instead of RC4) then what will happen is that people still using RC4 certificates will switch to AES certificates and your browser will be more secure as a result.
My guess is that Turkey has some sort of public prosecutors office that prosecutes criminal cases and it is that office that is the other side of the court case.
These offices are generally also independent from the government precisely to prevent political interference in the legal system. (at least they are in Australia)
Its all about funneling billions of dollars into the coffers of Lockheed Martin (and providing jobs building F-35s for a whole bunch of people who will then turn around and vote for the politicians who gave them those jobs)
The politicians dont care if the F-35 is a piece of crap aircraft, they just care that it gets built in the right congressional districts.
Actually, the statute of limitations on some of the charges has expired. There are other more serious charges who's statute of limitations hasn't yet run out.
It may be unusual that its going on for such a long period of time but police (in the UK and elsewhere) regularly work with building owners to get access to vantage points overlooking suspect properties to observe what is going on.
The plans Intel had for Larabee seemed like a good idea. Take an old Pentium core, add a bunch of fast special-purpose instructions specifically designed for doing the sorts of operations that 3D graphics require, stick a bunch of these cores on a single chip and add a few special blocks for certain operations (as well as stuff to actually display stuff on the screen)
It sounded like an interesting idea (and would have been a LOT more open than anything from AMD or NVIDIA) but Intel decided to cancel the project because they didn't think they could match AMD or NVIDIA on price.
If the ad networks stopped using Flash for ads and switched to only using HTML5, the amount of nasty stuff would drop dramatically. Are there exploits in browsers where a dodgy non-Flash ad could get in? Sure there are. But its much harder for malware to exploit those holes, especially if you keep your browser up-to-date (and aren't doing something stupid like connecting a browser that is no longer receiving security updates to the open internet)
At the very least, a non-Flash malware ad would need a bunch of different exploits for various different browsers (Firefox, Chrome, Internet Explorer at the very least) and different versions of those browsers (an explot that works on IE6 on Windows XP isn't going to work on IE11 on Windows 10 for example). Also, non-Flash ads will (by virtue of their HTML/JS source being visible) be easier for ad networks to vet and examine for dodgy stuff.
Even better, dont use Windows 10 at all. Do what I am doing and stick with Windows 7 (which doesn't have all this crap) or if you dont need any windows-only software (e.g. games) switch to an alternative OS.
I would be willing to bet that by far the vast majority of cases where advertizing networks are spewing out malware (either because they have been hacked or because they didn't properly review an ad that contained malware) are using exploits in Flash to get their malware installed on victims PCs. If more ad networks (especially the really big players like Yahoo, Google/DoubleClick, Microsoft etc) drop Flash and stop serving Flash ads, it will be much harder for malware authors to use dodgy Flash files as a vector for their attacks.
Yes browsers can have security holes in their HTML5 implementations but to exploit that a malware author would need to sniff the OS and browser versions and feed the correct malware to the user depending on which exploits they are potentially vulnerable (which is both harder for malware authors to do and easier for ad networks to detect)
That doesn't happen here in Australia. When I booked a return flight recently, I was shown all the possible flight choices for my outbound leg (and their costs) and all the possible flight choices for my return leg (and their costs). What flight I picked for my outbound leg had no effect on the costs offered for the return leg and vice versa.
I did run a Linux VM for N900 development a while back but then I bought an SSD and reinstalled Windows and haven't yet bothered with reinstalling VMWare to use the VM again:)
My first real experience of Linux was seeing other people installing Linux on a machine in the computer lab at school. (probably around Windows 3.x time frame and I think possibly some version of RedHat). I didn't actually get to use it though (I did spend a lot of time in those labs and got busted trying to pirate Visual Basic off the Windows machines:)
I also had experience with it at University with various courses that involved Linux in some way.
As for personal use, my first use of Linux was installing some version of Mandriva (exactly what hardware I ran it on I don't have a clue). After that I installed Gentoo on an old Pentium 4 box that a family member no longer needed (ironically it was a computer that used to be mine before I sold it to said family member as an upgrade to whatever they had at the time).
I used that Gentoo box for some brief development work for a Motorola Z6 linux phone (including kernel compilation). At some point something went bad in the system and I didn't do anything with it for a while.
Then after I took it to a repair shop who cleaned out all the dust and gunk, redid the thermal goop on the CPU and replaced the busted video card with a working card my system started working again and I used that system to do a lot of software work for my Nokia N900 linux phone (software work that has made a number of other N900 enthusiasts very happy).
That system lasted all the way until just before xmas 2013 when I moved to the other side of Australia and decided the old clunker of a PC wasn't worth moving (especially since I only had a really old really heavy CRT monitor that I was using with it).
Since then my use of Linux has been confined to my Nokia N900, a VMWare VM I set up for N900 development (which I haven't used since I bought an SSD and re-installed Windows) and various interactions of various sorts with computers I dont own out there in the cloud:)
Would love to get back into Gentoo again though but I dont have any hardware I can run it on (maybe if I ever get enough money I can upgrade this Core 2 Duo to a nice Core i7 or something and use the Core 2 Duo as a Gentoo box:)
Slashdot Mirror
I run the free version of AVG (without any of the browser add-on crap installed) and I dont see any indications that its MITM'ing SSL traffic inside SeaMonkey (my primary browser).
On my ADSL2+ connection I usually somewhere around 8-9mbits downstream depending on exactly what my router last synced at (currently getting 9.1mbits) and that is plenty fine for me even when watching YouTube or other video sites. The biggest problem is the poor quality of my copper line to the exchange (blame that on Telstra here in Australia who own the wires)
The best place to start in making cars more secure is to stop connecting them to the Internet or cellular networks. It makes them vulnerable to remote exploits and increases the cost of the car.
But now we have some jurisdictions (EU I think is one) mandating cellular connections in new cars so they can support "emergency features" (presumably stuff so when the car is involved in a serious crash, the car can notify emergency services automatically in case the occupants are pinned down or unconscious and cant make an emergency call themselves)
Get rid of the cellular connections, get rid of all this "infotainment" crap (whoever thought "apps" in a car is a good idea is an idiot). And spend some money on really strong encryption in things like the remote unlock keyfobs and engine immobilisers so hackers cant get in.
A number of car audio systems that I have seen have removable face plates. Thief looks in, sees that the faceplate has been removed and will then realize the unit is worthless to resell and will move on.
Start by replacing the broken CA model and push much harder for alternatives like DANE and the EFF Sovereign Keys proposal.
Stop the NSA or the Chinese Government (or hackers who steal the master keys for a CA ala DigiNotar) from being able to generate a certificate for a domain and perform MITM attacks with it.
Replace TLS with something designed from the ground up to be as simple as possible. Any "optional" features in the protocol that could be turned on by the server or client are extra vectors for attack.
Mandate forward-secrecy (via Ephemeral Diffie-Helman or similar) to prevent bad guys who later obtain private keys from decrypting previous traffic. Support only the strongest algorithms (RSA with at least 2048 bits, AES, SHA2/SHA3) and dont support obsolete algorithms like RC4, SHA1, MD5, DES or 3DES.
Make email encryption so easy anyone can do it. And build it into all the popular email clients (with encryption turned on by default) so that encrypted email becomes the rule rather than the exception.
Invent open-standard open-protocol chat programs (for voice, video, text and file transfer) with end-to-end encryption (including some sort of forward secrecy so that once the session is over, it becomes impossible for anyone to decrypt the conversations and get the data back)
I uninstalled the nag thing pushing me to upgrade to Windows 10 and I haven't gotten any of the big space-hogging Windows 10 stuff.
You clearly dont understand cryptography.
Unless the manufacturers screw up and use a weak algorithm for the signature (or screw up the implementation like Sony did on the PS3) it will be impossible to crack the signature.
Rupert Murdoch is chairman of the News Corp board so he is still very much in control of his newspaper empire (WSJ included)
If the data is stored in a data centre in Ireland, why cant they use Irish law (and work with Irish law enforcement if necessary) to get this information?
Its still better than Survivor, X Factor, Biggest Looser or any of the other so-called "reality" TV that seems to dominate the screens these days...
Hey, I actually happen to like CSI in all its forms (although Miami is definitely the weakest of the lot)
In terms of GOOD geek programming though, the best I have found is Halt & Catch Fire from AMC. Second season of that wrapped up not too long ago and I hope it comes back for a third.
AMC knows how to do good TV (Breaking Bad, Walking Dead, Halt & Catch Fire, Mad Men).
And yes I am very much interested in "The man in the high castle" although I haven't found a way to see it in Australia yet since we dont get Amazon digital content...
Too bad most of the good stuff gets canceled just as its getting interesting while garbage like Survivor gets 31 seasons of the same boring unwatchable crap.
At least the new season of Scorpion starts in a few weeks and the new seasons of Madam Secretary and CSI: Cyber in a few weeks after that. So there ARE still good TV shows out there but they are few and far between (and mostly on expensive-to-purchase cable channels e.g. Halt & Catch Fire on AMC)
My Nokia N900 has a separate firmware blob for the WiFi chip (no idea if the wireless radio enforces any digital signature on that) and it figures out what regional settings (FCC etc) to use by obtaining the current country from the cellular network or if it cant do that, reading it directly from a write-once part of the file system.
I have seen routers out there that have separate chips to do the WiFi stuff as well. I see no reason you couldn't lock down the firmware for these separate CPUs (so they will only run digitally signed firmware, just like they do now for the CPUs used for cellular radios) and have a write-once memory area somewhere that chip can see where the correct region information is written at manufacture time. Physically impossible for the main CPU to talk to the radio in those cases since the radio/RF part is only connected to whatever CPU is running the WiFi firmware and not to the main CPU.
Assuming you aren't on a browser that is so old it doesn't support more secure algorithms (AES I believe is the one everyone should be using instead of RC4) then what will happen is that people still using RC4 certificates will switch to AES certificates and your browser will be more secure as a result.
My guess is that Turkey has some sort of public prosecutors office that prosecutes criminal cases and it is that office that is the other side of the court case.
These offices are generally also independent from the government precisely to prevent political interference in the legal system. (at least they are in Australia)
Its all about funneling billions of dollars into the coffers of Lockheed Martin (and providing jobs building F-35s for a whole bunch of people who will then turn around and vote for the politicians who gave them those jobs)
The politicians dont care if the F-35 is a piece of crap aircraft, they just care that it gets built in the right congressional districts.
Actually, the statute of limitations on some of the charges has expired. There are other more serious charges who's statute of limitations hasn't yet run out.
It may be unusual that its going on for such a long period of time but police (in the UK and elsewhere) regularly work with building owners to get access to vantage points overlooking suspect properties to observe what is going on.
The plans Intel had for Larabee seemed like a good idea. Take an old Pentium core, add a bunch of fast special-purpose instructions specifically designed for doing the sorts of operations that 3D graphics require, stick a bunch of these cores on a single chip and add a few special blocks for certain operations (as well as stuff to actually display stuff on the screen)
It sounded like an interesting idea (and would have been a LOT more open than anything from AMD or NVIDIA) but Intel decided to cancel the project because they didn't think they could match AMD or NVIDIA on price.
If the ad networks stopped using Flash for ads and switched to only using HTML5, the amount of nasty stuff would drop dramatically. Are there exploits in browsers where a dodgy non-Flash ad could get in? Sure there are. But its much harder for malware to exploit those holes, especially if you keep your browser up-to-date (and aren't doing something stupid like connecting a browser that is no longer receiving security updates to the open internet)
At the very least, a non-Flash malware ad would need a bunch of different exploits for various different browsers (Firefox, Chrome, Internet Explorer at the very least) and different versions of those browsers (an explot that works on IE6 on Windows XP isn't going to work on IE11 on Windows 10 for example). Also, non-Flash ads will (by virtue of their HTML/JS source being visible) be easier for ad networks to vet and examine for dodgy stuff.
Even better, dont use Windows 10 at all. Do what I am doing and stick with Windows 7 (which doesn't have all this crap) or if you dont need any windows-only software (e.g. games) switch to an alternative OS.
I would be willing to bet that by far the vast majority of cases where advertizing networks are spewing out malware (either because they have been hacked or because they didn't properly review an ad that contained malware) are using exploits in Flash to get their malware installed on victims PCs. If more ad networks (especially the really big players like Yahoo, Google/DoubleClick, Microsoft etc) drop Flash and stop serving Flash ads, it will be much harder for malware authors to use dodgy Flash files as a vector for their attacks.
Yes browsers can have security holes in their HTML5 implementations but to exploit that a malware author would need to sniff the OS and browser versions and feed the correct malware to the user depending on which exploits they are potentially vulnerable (which is both harder for malware authors to do and easier for ad networks to detect)
That doesn't happen here in Australia.
When I booked a return flight recently, I was shown all the possible flight choices for my outbound leg (and their costs) and all the possible flight choices for my return leg (and their costs). What flight I picked for my outbound leg had no effect on the costs offered for the return leg and vice versa.
I did run a Linux VM for N900 development a while back but then I bought an SSD and reinstalled Windows and haven't yet bothered with reinstalling VMWare to use the VM again :)
My first real experience of Linux was seeing other people installing Linux on a machine in the computer lab at school. (probably around Windows 3.x time frame and I think possibly some version of RedHat). I didn't actually get to use it though (I did spend a lot of time in those labs and got busted trying to pirate Visual Basic off the Windows machines :)
I also had experience with it at University with various courses that involved Linux in some way.
As for personal use, my first use of Linux was installing some version of Mandriva (exactly what hardware I ran it on I don't have a clue). After that I installed Gentoo on an old Pentium 4 box that a family member no longer needed (ironically it was a computer that used to be mine before I sold it to said family member as an upgrade to whatever they had at the time).
I used that Gentoo box for some brief development work for a Motorola Z6 linux phone (including kernel compilation). At some point something went bad in the system and I didn't do anything with it for a while.
Then after I took it to a repair shop who cleaned out all the dust and gunk, redid the thermal goop on the CPU and replaced the busted video card with a working card my system started working again and I used that system to do a lot of software work for my Nokia N900 linux phone (software work that has made a number of other N900 enthusiasts very happy).
That system lasted all the way until just before xmas 2013 when I moved to the other side of Australia and decided the old clunker of a PC wasn't worth moving (especially since I only had a really old really heavy CRT monitor that I was using with it).
Since then my use of Linux has been confined to my Nokia N900, a VMWare VM I set up for N900 development (which I haven't used since I bought an SSD and re-installed Windows) and various interactions of various sorts with computers I dont own out there in the cloud :)
Would love to get back into Gentoo again though but I dont have any hardware I can run it on (maybe if I ever get enough money I can upgrade this Core 2 Duo to a nice Core i7 or something and use the Core 2 Duo as a Gentoo box :)