More importantly is the fact that aircraft are operated by trained pilots, and maintained by trained maintenance staff - both of whom have to undergo rigorous tests to ensure they are capable of doing the job and have a very good understanding of the aircraft they're working on.
Systems today are too complex for the users, and even the supposed administrators to understand... And all these added layers of extra "security product" just compound the problem. Many organisations are simply unaware of all the risks because they have no idea how most of these things actually work.
The iPhone 3G was released in 2008, if you've been using it for the past 2 years then it was 4 years old when you *started* using it...
While it's true that Apple obsolete the hardware fairly quickly, using microsoft as a counter example is ridiculous... Microsoft were pushing windows mobile 6.x when the iPhone 3g came out, the hardware this ran on is also obsolete and cannot run current windows versions, and unlike the iPhone old apps won't run at all on current versions. Windows phone 7 came out in 2010, and this os (as well as the hardware it ran on) has already been abandoned.
Apple are probably the least terrible when it comes to obsoleting the hardware.
As for trusting google, that's just as bad as trusting microsoft... But at least with android, you have the option of custom non-google rome.
Microsoft are terrible at long term support in the phone market... Windows mobile was completely dropped and replaced with something totally incompatible... Windows phone 7 was short lived, and replaced with something incompatible and most (all?) windows phone 7 handsets cannot be upgraded to 8. It seems windows phone 8 is no better than android, with several devices running 8.0 not getting the update to 8.1.
If you want decent support on a phone, get a handset that's well supported by third party android rome. Or even go for Apple, they tend to support their handsets far longer than most other manufacturers.
Only it won't create such a race, since there are only two parties they will simply collaborate and basically take turns. Having to wait a few years for your next turn is far better than having to compromise on your goals by competing, or risking losing out to a third party.
So how do you trust a company? Profit is their primary goal, and if they feel that hiding a breach like this will be more profitable than disclosing it that's exactly what happens... Meanwhile, you now potentially have to also trust some criminals who have already demonstrated their willingness to commit blackmail.
The malware may be gone, but the machine is still vulnerable and prone to being reinfected at any time... When the hacker loads his malware into memory, he may also patch the vulnerability in the process so that someone else doesn't step on his toes.
The only way for an employer in this field to increase diversity is to discriminate against whites and asians... The majority of qualified applicants are white or asian, there are virtually no black applicants applying for these jobs just like there were virtually no black students attending the appropriate study courses. The employer can only employ qualified individuals who actually apply for the job, if only 1% of applicants are black then it stands to reason that only 1% of employees will be. The only thing the employer can do to change that is to discriminate against the other 99% of applicants.
There is a lot of peer pressure in school, and this drives people into classes they wouldn't necessarily choose otherwise... School is actually a pretty poor environment for learning anything because of this, kids who work hard get shunned by their peers, smart kids get shunned by their peers, kids who dare to choose a subject thats not seen as appropriate for their gender get shunned.
And what percentage of qualified applications were black or female? If they never apply, they can never get the jobs... That's nothing to do with "diversity" or "racism", indeed most people who fling around accusations of racism in the industry conveniently ignore that theres a lot of asians working in the field.. The reason for this? They actually apply for the jobs and are qualified to do them.
Auto unlock to boot, ie autonomous booting... not unlocking of non system drives, but unlocking of the system drive in order to boot without requiring user intervention (i.e. entering the key).
Windows system passwords are laughable, the encryption is extremely poor by modern standards (no salts etc), and if certain network services are running (e.g. smb - running by default) you can login using the hash even without knowing the plaintext password.
If the system can boot autonomously, you can use specialised hardware to extract the contents of memory, which will include the password hash.
Even if you don't have access to such hardware, you can probably plug the machine into a small isolated network and try to attack it that way... If the system is fully patched you just keep the box turned off and wait for new exploits to come out as it's not going to patch itself without a working internet connection.
If you can boot the machine then there are a number of attacks... Chances are you could connect the machine to a dhcp network via ethernet and it will get an ip, so you can exploit the machine over the network... If it's not vulnerable to anything you just wait for new vulnerabilities to come out as the machine is never going to patch itself while it's turned off. Not terribly sophisticated, needs an ethernet switch and a copy of metasploit.
A more sophisticated attacker could extract the contents of memory using custom hardware once the machine has booted.
You can already do this with Gentoo, you're highly unlikely to use the same combination of compiler, kernel, assembler, libraries, use flags, compiler flags etc as anyone else...
And streaming is stupid... Downloading movies would make a lot more sense than DVDs, but streaming is ridiculous... Most people would want to watch movies around the same time, so think of the crippling bandwidth requirements all at once. And what about those who can't get fast connections at home for whatever reason - streaming would be impractical, but downloading would usually still be quicker than a mail order dvd.
And storing the key in a TPM chip isn't equivalent to leaving the key in the computer? The key is there, it's just obfuscated, only takes one person to work out how to extract it...
Automatically unlock the drive to boot is a false sense of security, if the computer can boot autonomously then it has the key and therefore so does anyone who steals the whole machine (as opposed to stealing just the drive)... You're no longer relying on the strength of the encryption, but rather the strength of the obfuscation used to hide the key.
No you have a system where the vote must be hacked both electronically and on the paper side, if you only hack one method then the results wouldnt match and the election could be declared void and thoroughly investigated.
That is one of the key problems tho, short term thinking... While reducing headcount may increase profits in the short term, depending on what those staff do you are likely to decrease the viability of the business in the long term.
Cutting down R&D increases short term profits, but then leaves you behind the curve on the next generation of products. Cutting down support staff can decrease short term costs, but will drive customers away if the quality of service goes down.
I've dealt with such a company myself recently when renting out an apartment, instead of having their regional offices deal with my queries directly they centralised it all to one office staffed by people who are no longer familiar with me or the local area, and there is now someone different who deals with me every time. While i'm sure it saved them quite a bit by having all the staff in one place, after putting up with that for a year it's cost them a customer and there are plenty of others who have made the same decision as me.
How do you think the rest of the world got so far ahead of these remote african locations? We had all the same problems in the past too, and we overcame them.
The real key is education, to enable people to improve their own conditions... Dishing out medicines and food will just increase the population while doing nothing about the conditions that make even the current population levels unsustainable. It's only making the problem worse, and making the people ever more dependent on foreign aid.
There was noone around giving europeans free food and medicine when people were starving or dying from plagues. Most people had to go it alone and have emerged much stronger as a result. Africa on the other hand is being completely screwed by foreign interference.
BSD and Linux are the obvious places to start, as you already cover the vast majority of embedded devices and a significant proportion of server systems. The only other OS that's really relevant these days is Windows, and that already has its own native SSL implementation.
OpenBSD is a relatively minimal OS compared to AIX, Solaris or HPUX... There's bound to be less issues found. Conversely these systems (with the partial exception of solaris) are entirely closed source and developed behind closed doors, so many more security holes may have been found and fixed but never disclosed. Similarly finding and fixing security holes is a primary goal of OpenBSD, and they do so in an open and transparent manner.
Or buy a router which already ships with the desired firmware preinstalled... That way you know the device will be fully compatible with it. Buying random devices can often be problematic as manufacturers will change the specs without changing the model number and you might find yourself with a crippled version that can't run the firmware you want.
Really they should just give up developing their own crippled firmware and just ship one of the well known firmwares, would save a lot of development time and provide a better experience for users.
Slashdot Mirror
More importantly is the fact that aircraft are operated by trained pilots, and maintained by trained maintenance staff - both of whom have to undergo rigorous tests to ensure they are capable of doing the job and have a very good understanding of the aircraft they're working on.
Systems today are too complex for the users, and even the supposed administrators to understand... And all these added layers of extra "security product" just compound the problem. Many organisations are simply unaware of all the risks because they have no idea how most of these things actually work.
The iPhone 3G was released in 2008, if you've been using it for the past 2 years then it was 4 years old when you *started* using it...
While it's true that Apple obsolete the hardware fairly quickly, using microsoft as a counter example is ridiculous... Microsoft were pushing windows mobile 6.x when the iPhone 3g came out, the hardware this ran on is also obsolete and cannot run current windows versions, and unlike the iPhone old apps won't run at all on current versions. Windows phone 7 came out in 2010, and this os (as well as the hardware it ran on) has already been abandoned.
Apple are probably the least terrible when it comes to obsoleting the hardware.
As for trusting google, that's just as bad as trusting microsoft... But at least with android, you have the option of custom non-google rome.
Microsoft are terrible at long term support in the phone market...
Windows mobile was completely dropped and replaced with something totally incompatible...
Windows phone 7 was short lived, and replaced with something incompatible and most (all?) windows phone 7 handsets cannot be upgraded to 8.
It seems windows phone 8 is no better than android, with several devices running 8.0 not getting the update to 8.1.
If you want decent support on a phone, get a handset that's well supported by third party android rome. Or even go for Apple, they tend to support their handsets far longer than most other manufacturers.
Only it won't create such a race, since there are only two parties they will simply collaborate and basically take turns. Having to wait a few years for your next turn is far better than having to compromise on your goals by competing, or risking losing out to a third party.
So how do you trust a company? Profit is their primary goal, and if they feel that hiding a breach like this will be more profitable than disclosing it that's exactly what happens... Meanwhile, you now potentially have to also trust some criminals who have already demonstrated their willingness to commit blackmail.
He spent 150k of someone else's money to make 10k for himself... Personally he spent 0 to make 10k, plenty of profit.
The malware may be gone, but the machine is still vulnerable and prone to being reinfected at any time...
When the hacker loads his malware into memory, he may also patch the vulnerability in the process so that someone else doesn't step on his toes.
The only way for an employer in this field to increase diversity is to discriminate against whites and asians...
The majority of qualified applicants are white or asian, there are virtually no black applicants applying for these jobs just like there were virtually no black students attending the appropriate study courses.
The employer can only employ qualified individuals who actually apply for the job, if only 1% of applicants are black then it stands to reason that only 1% of employees will be. The only thing the employer can do to change that is to discriminate against the other 99% of applicants.
There is a lot of peer pressure in school, and this drives people into classes they wouldn't necessarily choose otherwise... School is actually a pretty poor environment for learning anything because of this, kids who work hard get shunned by their peers, smart kids get shunned by their peers, kids who dare to choose a subject thats not seen as appropriate for their gender get shunned.
And what percentage of qualified applications were black or female?
If they never apply, they can never get the jobs... That's nothing to do with "diversity" or "racism", indeed most people who fling around accusations of racism in the industry conveniently ignore that theres a lot of asians working in the field.. The reason for this? They actually apply for the jobs and are qualified to do them.
Hence "boot autonomously", as in boot without a password having to be entered.
Auto unlock to boot, ie autonomous booting... not unlocking of non system drives, but unlocking of the system drive in order to boot without requiring user intervention (i.e. entering the key).
Windows system passwords are laughable, the encryption is extremely poor by modern standards (no salts etc), and if certain network services are running (e.g. smb - running by default) you can login using the hash even without knowing the plaintext password.
If the system can boot autonomously, you can use specialised hardware to extract the contents of memory, which will include the password hash.
Even if you don't have access to such hardware, you can probably plug the machine into a small isolated network and try to attack it that way... If the system is fully patched you just keep the box turned off and wait for new exploits to come out as it's not going to patch itself without a working internet connection.
If you can boot the machine then there are a number of attacks...
Chances are you could connect the machine to a dhcp network via ethernet and it will get an ip, so you can exploit the machine over the network... If it's not vulnerable to anything you just wait for new vulnerabilities to come out as the machine is never going to patch itself while it's turned off.
Not terribly sophisticated, needs an ethernet switch and a copy of metasploit.
A more sophisticated attacker could extract the contents of memory using custom hardware once the machine has booted.
You can already do this with Gentoo, you're highly unlikely to use the same combination of compiler, kernel, assembler, libraries, use flags, compiler flags etc as anyone else...
And streaming is stupid... Downloading movies would make a lot more sense than DVDs, but streaming is ridiculous...
Most people would want to watch movies around the same time, so think of the crippling bandwidth requirements all at once. And what about those who can't get fast connections at home for whatever reason - streaming would be impractical, but downloading would usually still be quicker than a mail order dvd.
And storing the key in a TPM chip isn't equivalent to leaving the key in the computer?
The key is there, it's just obfuscated, only takes one person to work out how to extract it...
Automatically unlock the drive to boot is a false sense of security, if the computer can boot autonomously then it has the key and therefore so does anyone who steals the whole machine (as opposed to stealing just the drive)... You're no longer relying on the strength of the encryption, but rather the strength of the obfuscation used to hide the key.
Many slashdot readers are well versed in CS and we do not trust these systems. How then can we expect the public to have any faith in these systems?
Precisely because they are not well versed, and thus blindly trust the system without being aware of the possible flaws... This happens all the time.
No you have a system where the vote must be hacked both electronically and on the paper side, if you only hack one method then the results wouldnt match and the election could be declared void and thoroughly investigated.
That is one of the key problems tho, short term thinking... While reducing headcount may increase profits in the short term, depending on what those staff do you are likely to decrease the viability of the business in the long term.
Cutting down R&D increases short term profits, but then leaves you behind the curve on the next generation of products.
Cutting down support staff can decrease short term costs, but will drive customers away if the quality of service goes down.
I've dealt with such a company myself recently when renting out an apartment, instead of having their regional offices deal with my queries directly they centralised it all to one office staffed by people who are no longer familiar with me or the local area, and there is now someone different who deals with me every time.
While i'm sure it saved them quite a bit by having all the staff in one place, after putting up with that for a year it's cost them a customer and there are plenty of others who have made the same decision as me.
How do you think the rest of the world got so far ahead of these remote african locations?
We had all the same problems in the past too, and we overcame them.
The real key is education, to enable people to improve their own conditions... Dishing out medicines and food will just increase the population while doing nothing about the conditions that make even the current population levels unsustainable. It's only making the problem worse, and making the people ever more dependent on foreign aid.
There was noone around giving europeans free food and medicine when people were starving or dying from plagues. Most people had to go it alone and have emerged much stronger as a result. Africa on the other hand is being completely screwed by foreign interference.
BSD and Linux are the obvious places to start, as you already cover the vast majority of embedded devices and a significant proportion of server systems.
The only other OS that's really relevant these days is Windows, and that already has its own native SSL implementation.
This is a very poor comparison to make...
OpenBSD is a relatively minimal OS compared to AIX, Solaris or HPUX... There's bound to be less issues found.
Conversely these systems (with the partial exception of solaris) are entirely closed source and developed behind closed doors, so many more security holes may have been found and fixed but never disclosed.
Similarly finding and fixing security holes is a primary goal of OpenBSD, and they do so in an open and transparent manner.
Or buy a router which already ships with the desired firmware preinstalled...
That way you know the device will be fully compatible with it. Buying random devices can often be problematic as manufacturers will change the specs without changing the model number and you might find yourself with a crippled version that can't run the firmware you want.
Really they should just give up developing their own crippled firmware and just ship one of the well known firmwares, would save a lot of development time and provide a better experience for users.