And if you buy a new Chevy, you cannot remove the stereo system and return it to the dealer for a refund of that $1000 it supposedly costs.
But you can remove the stereo and sell it through eBay (although Chevy is probably trying to figure out how to stop that trade). Try re-selling your OEM license of Windows!
That's why FB's response was to respond to all requests from Tunisia using https.
That would still leave those users out in the cold that don't know that they're now supposed to enter https://www.facebook.com/ [facebook.com] . Unfortunately, that would be 99% of the users...
I assume that Facbook sends back a a re-direct in response to a connection attempt to their http site from Tunisia. However, if the code that intercepts and re-writes the webpage is updated, it could intercept the re-direct and proxy the connection, with an https connection to facebook and an http connection to the poor Tunisian's client PC. So, facebook's response won't be very effective.
How badly does Facebook's password encryption suck if a man-in-the-middle attack can easily steal everybody's password?
The attack may have been a little more sophisticated. Most pages are loaded over a non-encrypted connection. Just the pasword may be sent over an https connection. However, the use of unencrypted pages for everything else allows man in the middle attacks that insert a javascript keylogger into the reply that logs keystrokes directly from the source PC, not from packets as they cross the wire.
That's why FB's response was to respond to all requests from Tunisia using https. That's why GMAIL now defaults to 100% https.
Some time back, there was a judgment that allowed police to trawl through the entire contents of a hard drive if they had a subpoena for one person's data from the drive, so I was wondering if the following scenario would work:
Police get a subpoena for electronic bank records of an individual. They go to the bank and the bank offers to provide the relevant data. However, the police say: "No, this subpoena is not limited like that. Give us all the hard drives that might contain data on the subject". The bank is compelled to hand over thousands of hard drives. Now the police can trawl through bank records of millions of people unrelated to the original subpoena.
I know. What I meant is - is WGA for XP still being regularly updated to thwart the various cracks that disable it? I
WGA != Genuine Advantage Notifications. Related, yes, but not the same. No crack is required under XP for Genuine Advantage Notifications since systems will run perfectly well (including downloading all updates and add-ons from MS) if it is simply not present on a system.
I found Ubuntu Linux to be very difficult to learn, mainly because every time you need to fix something (example: change to supervisor mode to install flash), it involves opening the CLI.
Actually, I think that the article is probably accurate. The problem is/.'s summary. The report says:
Yet the finding that open-source advocates will like least is that free programs are not always cheaper.
Thus, the article acknowledges that the use of open source is cheaper in some circumstances -- but what proportion? The article doesn't elaborate. It could be 1%, it could be 99%.
Your scenario: false arrest -> search -> find something for legitimate arrest.
This is a classic "fruit of the poison tree" and will be thrown out in any court.
Your scenario of false arrest is unrealistic. They can always find some "legitimate" reason to arrest you. There was a study that suggested that every American commits an average of 3 felonies per day. Have you paid all your parking tickets? Then there is the old standby "resisting arrest".
Let's say, that my smartphone provides acess to my emails that are not stored locally, but on a server somewhere, or files that II acess using a key that is stored on my smartphone. Would the CA Supremes think that an arrest would allow the police to then rifle through my (remotely stored) files and emails?
What if the files and email are stored on my home PC and acessed over a VPN?
This is really about some people who have seen vastly increased bills. Now, the question is: are the new meters wrong or were the old electromechanical meters (installed decades ago) wrong?
Occam, whare are you? Or, as the saying goes, when you hear hoofbeats, think horses, not zebras.
In true slashdot fashion I shall pontificate without RTFA.
And you would be completely, 100% wrong.
The keys rely on proximity. What the "attackers" did was to provide a boost to the signals sent out by the car, causing the key to respond at much larger distances from the car than normal. The near-proximity requirement only works one way (from the car to the key), so the key will respond to the boosted signals and the car will pick up the reply if the key is within 100 meters. This attack would allow a key inside a house to unlock and start a car on the driveway.
Other than, that, it depends on what your definition of "secure" is. Once again, this e-mail has absolutely dick all to do with OS security. If you allow users to have documents, and you allow users to run files, and you allow users to send and receive e-mails, then you're creating an environment where a user can run a program which copies all of his documents and e-mails them to someone else. Period, full stop
Once again, I will label you as part of the problem. Essentially, you have given up on the idea of security.
There is no reason why users should not be able to send and receive emails without being able to run random executables. There is no reason that it should not be possible to configure a ciomputer so that random executables cannot be executed.
I'll say it again -- 10 years of "educating users" has failed. What did Einstein say about repeating an action and expecting a different result?
on a Linux distro that doesn't have/home mounted as noexec, the exact same thing could have happened, with some idiot running Dancing Bunnies.sh that installs a trojan to the userspace and has it run when the desktop environment launches.
We should be careful of false dichotomies. Just because Linux might have the same weakness, does not make it any less WIndows' fault.
However, Windows 2000 has been out for over 10 years, Windows XP has been out almost 10 years. We have had enough time to realize that training users to not click on the dancing bunnies is not an effective strategy to prevent this type of problem. Hence the problem is that WIndows doesn't have a mechanism to prevent execution of arbitrary code which is normally on and not easily overridden by the user.
Thought experiment: why doesn't MS offer a locked-down-by-default version of WIndows ("Windows for Government" or Windows Secure")? It could be just the same as a normal version except that all the security options default to it being secure, rather than open? There are a number of possible reasons and they all point to MS being the root cause of the PC security problems found by Windows users.
Don't blame Windows. This was a case of government employees being duped by an email Christmas Card. They may as well have "checked out this screensaver!" or pictures of "Anna Kornikova"
Apologists like you are why we have lousy computer security as a nation.
You blame the users, elsewhere people blame the sysadmins for not locking down the systems. Which is it? Neither, because the root problem is that Windows is designed to be used in a non-locked down mode.
How many people actually run Windows as non-admin users? It's a pain. Why is it that sysadmins don't lock down Windows machines? If this were not the norm, one could blame a few sysadmins for not doing their job properly, but it reflects how most Windows systems are used. Why is this? The answer lies in how people expect to run Windows -- from developers through to users -- they all expect the systems to be open.
So, while in theory Windows systems should be locked down, and users should not click on such things, in practice they are not locked down and people click on dangerous links because that is the way Windows is designed.
Car analogy: if a car manufacturer built cars with ineffective brakes, would you blame drivers for not braking early enough?
Where Windows is today is that the driver can make an adjustment that would make the brakes work properly, but if that were done, the car would be limited to 50mph. No-one chooses that option.
Why would you do this when you can book right on Expedia or Orbitz for the same price as booking direct on the airline's site?
Imagine that there is a volcano affecting flights between Europe and the USA, or a massive storm affecting all flights in and out of the east coast and your flight is canceled. You want to get a new flight or a refund. The airline will tell you to call Expedia or Orbitz and you may find that getting your new itinerary or refund is much more difficult than if you booked direct. At one time, one of these sites actually tacked on an additional change fee (over and above the airline's change fee), so that changes cost you more if you booked via that site.
Until quite recently, one of the major online travel booking sites used to add their own change fee if you wanted to change your flight. You still had to pay the airline's fee, so the reward that the website gave you for using their site was increasing your cost.
I was using Hotels.com (really Expedia, I think) for hotel bookings. However, I stopped after one bad experience. I booked through hotels.com and when I arrived at the hotel, they denied that I had booked the room. When my credit card statement came through and I saw both the Hotels.com and the actual hotel's charge for the room, I called hotels.com and demanded a refund. While I was on the phone, they confirmed that I had stayed in the hotel and had paid the hotel directly, athough they claimed that the hotel had received the booked (but really, after the fact, who knew whether the booking had been transmitted before I arrived at the hotel?). Knowing this, they said I would have to call back again to ensure that I got the refund. I told them that my next call would be to my credit card company to dispute the charge. The operator even had the gall to claim that his supervisor wasn't there (yeah, right -- a call center without a supervisor there?).
So I stopped using hotels.com. In truth, the same rates are available directly from the hotels. The websites provide some value in locating the hotels, but after that, there is no value.
MS is going to announce an OS for ARM-based tablets, Lots of people have assumed that it will be a derivative of the desktop OSes. However, it seems more likely that it would be a derivative of WIndows CE (like Windows Phone 7). Until more details come out, we won't really know.
If it is CE, why should MS be treated differently from other OSes?
And modern engines need no more than 30 seconds of idling to be "warmed up" for driving.
But what about the catalytic converter -- that has to be hot before it does anything and I don't think that 30 seconds of running gets it anywhere near hot enough.
But you can remove the stereo and sell it through eBay (although Chevy is probably trying to figure out how to stop that trade). Try re-selling your OEM license of Windows!
I assume that Facbook sends back a a re-direct in response to a connection attempt to their http site from Tunisia. However, if the code that intercepts and re-writes the webpage is updated, it could intercept the re-direct and proxy the connection, with an https connection to facebook and an http connection to the poor Tunisian's client PC. So, facebook's response won't be very effective.
The attack may have been a little more sophisticated. Most pages are loaded over a non-encrypted connection. Just the pasword may be sent over an https connection. However, the use of unencrypted pages for everything else allows man in the middle attacks that insert a javascript keylogger into the reply that logs keystrokes directly from the source PC, not from packets as they cross the wire.
That's why FB's response was to respond to all requests from Tunisia using https. That's why GMAIL now defaults to 100% https.
Some time back, there was a judgment that allowed police to trawl through the entire contents of a hard drive if they had a subpoena for one person's data from the drive, so I was wondering if the following scenario would work:
Police get a subpoena for electronic bank records of an individual. They go to the bank and the bank offers to provide the relevant data. However, the police say: "No, this subpoena is not limited like that. Give us all the hard drives that might contain data on the subject". The bank is compelled to hand over thousands of hard drives. Now the police can trawl through bank records of millions of people unrelated to the original subpoena.
Could this happen? Will it happen?
Since Betelgeuse is about 640 light years away, it could have happened hundreds of years ago. We just don't know it yet.
WGA != Genuine Advantage Notifications. Related, yes, but not the same. No crack is required under XP for Genuine Advantage Notifications since systems will run perfectly well (including downloading all updates and add-ons from MS) if it is simply not present on a system.
A fresh install of XP does not include Genuine Advantage Notifications, but it will be downloaded and installed on the first update unless blocked.
And Genuine Advantage Notifications.
Once agian, you are full of it. Command line mode is not needed for installing flash.
... and nothing of value was lost.
Thus, the article acknowledges that the use of open source is cheaper in some circumstances -- but what proportion? The article doesn't elaborate. It could be 1%, it could be 99%.
Your scenario of false arrest is unrealistic. They can always find some "legitimate" reason to arrest you. There was a study that suggested that every American commits an average of 3 felonies per day. Have you paid all your parking tickets? Then there is the old standby "resisting arrest".
Let's say, that my smartphone provides acess to my emails that are not stored locally, but on a server somewhere, or files that II acess using a key that is stored on my smartphone. Would the CA Supremes think that an arrest would allow the police to then rifle through my (remotely stored) files and emails?
What if the files and email are stored on my home PC and acessed over a VPN?
What if I can access a camera in my house?
Mistakes, well what do you expect from the lowest cost bidders for this government project?
Perhaps the son pays for the Internet connection?
This is really about some people who have seen vastly increased bills. Now, the question is: are the new meters wrong or were the old electromechanical meters (installed decades ago) wrong?
Occam, whare are you? Or, as the saying goes, when you hear hoofbeats, think horses, not zebras.
And you would be completely, 100% wrong.
The keys rely on proximity. What the "attackers" did was to provide a boost to the signals sent out by the car, causing the key to respond at much larger distances from the car than normal. The near-proximity requirement only works one way (from the car to the key), so the key will respond to the boosted signals and the car will pick up the reply if the key is within 100 meters. This attack would allow a key inside a house to unlock and start a car on the driveway.
Once again, I will label you as part of the problem. Essentially, you have given up on the idea of security.
There is no reason why users should not be able to send and receive emails without being able to run random executables. There is no reason that it should not be possible to configure a ciomputer so that random executables cannot be executed.
I'll say it again -- 10 years of "educating users" has failed. What did Einstein say about repeating an action and expecting a different result?
So, what you are saying is that it is impossible to lock down Windows so that it is secure?
We should be careful of false dichotomies. Just because Linux might have the same weakness, does not make it any less WIndows' fault.
However, Windows 2000 has been out for over 10 years, Windows XP has been out almost 10 years. We have had enough time to realize that training users to not click on the dancing bunnies is not an effective strategy to prevent this type of problem. Hence the problem is that WIndows doesn't have a mechanism to prevent execution of arbitrary code which is normally on and not easily overridden by the user.
Thought experiment: why doesn't MS offer a locked-down-by-default version of WIndows ("Windows for Government" or Windows Secure")? It could be just the same as a normal version except that all the security options default to it being secure, rather than open? There are a number of possible reasons and they all point to MS being the root cause of the PC security problems found by Windows users.
Apologists like you are why we have lousy computer security as a nation.
You blame the users, elsewhere people blame the sysadmins for not locking down the systems. Which is it? Neither, because the root problem is that Windows is designed to be used in a non-locked down mode.
How many people actually run Windows as non-admin users? It's a pain. Why is it that sysadmins don't lock down Windows machines? If this were not the norm, one could blame a few sysadmins for not doing their job properly, but it reflects how most Windows systems are used. Why is this? The answer lies in how people expect to run Windows -- from developers through to users -- they all expect the systems to be open.
So, while in theory Windows systems should be locked down, and users should not click on such things, in practice they are not locked down and people click on dangerous links because that is the way Windows is designed.
Car analogy: if a car manufacturer built cars with ineffective brakes, would you blame drivers for not braking early enough?
Where Windows is today is that the driver can make an adjustment that would make the brakes work properly, but if that were done, the car would be limited to 50mph. No-one chooses that option.
Imagine that there is a volcano affecting flights between Europe and the USA, or a massive storm affecting all flights in and out of the east coast and your flight is canceled. You want to get a new flight or a refund. The airline will tell you to call Expedia or Orbitz and you may find that getting your new itinerary or refund is much more difficult than if you booked direct. At one time, one of these sites actually tacked on an additional change fee (over and above the airline's change fee), so that changes cost you more if you booked via that site.
Until quite recently, one of the major online travel booking sites used to add their own change fee if you wanted to change your flight. You still had to pay the airline's fee, so the reward that the website gave you for using their site was increasing your cost.
I was using Hotels.com (really Expedia, I think) for hotel bookings. However, I stopped after one bad experience. I booked through hotels.com and when I arrived at the hotel, they denied that I had booked the room. When my credit card statement came through and I saw both the Hotels.com and the actual hotel's charge for the room, I called hotels.com and demanded a refund. While I was on the phone, they confirmed that I had stayed in the hotel and had paid the hotel directly, athough they claimed that the hotel had received the booked (but really, after the fact, who knew whether the booking had been transmitted before I arrived at the hotel?). Knowing this, they said I would have to call back again to ensure that I got the refund. I told them that my next call would be to my credit card company to dispute the charge. The operator even had the gall to claim that his supervisor wasn't there (yeah, right -- a call center without a supervisor there?).
So I stopped using hotels.com. In truth, the same rates are available directly from the hotels. The websites provide some value in locating the hotels, but after that, there is no value.
MS is going to announce an OS for ARM-based tablets, Lots of people have assumed that it will be a derivative of the desktop OSes. However, it seems more likely that it would be a derivative of WIndows CE (like Windows Phone 7). Until more details come out, we won't really know.
If it is CE, why should MS be treated differently from other OSes?
But what about the catalytic converter -- that has to be hot before it does anything and I don't think that 30 seconds of running gets it anywhere near hot enough.