And if you want to read everything into the film, that's on you. On that same note you could say the entire show of Roseanne was racist and pro-Trump except if you actually watched it.
Because no one really gives a damn. So the first lady recently had surgery and is not doing any press. So what? I have more issues with her husband being an idiot all the time.
This also probably killed the movie for countless red-state movie goers who were already incensed at the blatant SJW preaching that The Last Jedi seemed to do.
I think people will read whatever they want into a movie to justify their hatred of it. For example the "preaching" that The Last Jedi had. What was it? Rose had a very negative opinion of the people on Canto Blight and how they were working for the First Order; however, when they steal the ship later, DJ points out that the owner was selling to both the First Order and the Rebellion.
I haven’t had to sign into an app for months - complaining about that would require setting a really low bar.
I don't think that's the point of single sign-on. Right now the issue is that every channel is making their own app. But the content often isn't free. Either you pay for a subscription a-la-carte or you have a cable provider which means credentials. For those people that have cable every time they get a new app or the app changes to require a reboot and lose credentials, it means that they sign-on again. As a single person the number of sign-ons might be small. For a household, it could be much larger depending on all the different tastes in that household.
They can fix the exploit but that also means they can only fix exploits one at a time whenever someone finds another. With this feature they can mitigate a whole class of exploits.
Let's say that Apple can do this. The problem is that Apple is then limited to plugging every single flaw one at time. With this feature they can mitigate a whole class of exploits.
Yes, Microsoft did buy design patents. But I probably used a poor choice of words when I said that they received the patent portfolio. What they did get was "...8,500 of Nokia’s design patents"
To me that means that no one can make Lumia phones. The cell phone technology patents are probably still in Nokia's portfolio. Can MS use their patents to sue? Yes but it's limited.
The bootloader can be accessed via the lightning port. That's how iTunes can recover an unbootable phone by doing a "factory reset". In that case iTunes instructs the bootloader to secure erase the flash memory and writes a new OS image to it.
That would probably destroy any ability to recover the data on the phone as the per file encryption keys would be lost forever. This feature isn't to make a phone immune to theft; it's to make the data on the phone more secure from hacking.
I'm not sure this change will affect GrayKey and Cellebrite anyway. My understanding is that they attack the phone's bootloader.
How does GrayKey and Cellebrite get access to the boot loader? Cellebrite currently sells a small device that plugs into the phone.
Eventually, law enforcement came to rely on Cellebrite's Universal Forensics Extraction Device, the UFED. It's a small, hand-held device that's easy to use. Police can simply plug in a phone and download the device's memory to a flash drive in a matter of seconds. That's how police can find your deleted text messages.
GrayKey is a box that plugs into the Lightning port.
The product itself is a gray box four inches deep by two inches tall, with two lightning cables sticking out of the front. Up to two phones can be plugged into the device at a time and are connected for about two minutes.
If the iPhone refuses to communicate via cable then neither device can probably work unless the companies find a flaw they can exploit.
I would assume the time allowance is for syncing and backups. Depending on the phone and the computer that could take a long time if the phone has a lot of files and the computer is older and using USB2.
I admit, I don't know exactly how GrayKey and Cellebrite work. However, if viewed from proper access control and privileges point of view, it shouldn't be possible to siphon the kinds of data (e.g. contacts, calls) that it is reportedly capable of doing.
I would assume that both require plugging in a cable instead over wifi or cellular connection. The problem isn't "siphoning" data. The problem is taking advantage of some flaw in the iPhone. Apple can fix each and every flaw however this would also help mitigate many attacks.
So, could someone explain to me why they went with a solution that still leaves 1 hour window of opportunity to compromise a phone instead of fixing, what I guess are overly permissive privileges within the file system?
I would say all security involves a balance of convenience vs effectiveness. If they didn't leave the 1 hour, that would mean that their customers would have to use a passcode every single time which would be inconvenient. The fingerprint and face scans are also a trade off of convenience vs effectiveness. You can set a extremely long ultra secure alphanumeric passcode to unlock your phone if you want but most people don't want to do that.
Sorta like customers have to authorize purchases on the Apple store with a passcode or a fingerprint unlock. However if you buy multiple things within 15 mins so you don't have to keep re-authorizing. With the store authorization you can set it to always require instead of 15 mins. With this you can turn it on or off.
You ignored the "spoof a LOCAL number" part of the GP's object. IE, I have no problems with the postal service marking envelopes based on where they were mailed from. And zero problem with them just throwing away letters from China that say "mailed in Spokane, Washington" which were clearly not mailed from there.
Again you do understand that his telecom company (T-Mobile) cannot ignore rules and procedures that are technically legal. Caller ID Spoofing is generally legal in the US and Canada. Now it is illegal if the spoofing was done "with the intent to defraud, cause harm, or wrongfully obtain anything of value". The problem with that standard is that his telecom company must decide that before the call is made.
Have you thought about how it is technically not possible for his telecom company to do so. In the old days of analog phones, telecom companies had regional monopolies. So someone with a 310 number was calling from California which means either AT&T or Pacific Telesis controlled the number.
Enter telephone deregulation, the cell phone industry, and number portability. Now the number of providers mushrooms to any number of landline companies and cell phone companies. A person living in New York can now have that number which is no longer controlled by a California company. But that's with cell phones.
Now enter VOIP. A person from anywhere in the world can originate a call as a computer can be anywhere. So how do telecoms know what the number is? They have to rely on the company originating the call to tell them as T-Mobile can't know the number unless the originating company tells them. All T-Mobile can know is that they don't have that number in their control.
I would have to say it is more about the type of crime she committed. If she had committed murder, then I would think the Food Network would not have her back. I would not have done business with her again.
Meanwhile, Martin Shkreli was never charged with screwing people over as everyone was hoping, but they were able to nail him on another technical securities violation.
Because screwing over normal people as he did (while despicable) wasn't a crime; however, lying to rich people (ie investors) is a crime.
Solution: Don't allow non-conforming companies to connect to the American telecom network.
So you're advocating not letting anyone use a telephone worldwide then.
Why should MY phone company (T-Mobile) be allowed to let a foreign company connect to their network and spoof a LOCAL number?
That's as idiotic as saying why should my email carrier allow someone to send me an email from overseas. Why should the United States Post Office allow someone to send me a letter from overseas?
If T-Mobile pays a fine every time that happens, they will find a technical solution really quickly.
You do understand that as a telecom T-Mobile is obligated to do all these things otherwise they would be in non-compliance right?
Besides insider trading which is illegal and then lying to investigators which is also illegal, nothing. The problem really was the second part. If she had admitted what she had done at most she would have had to pay a fine as she's a rich white person.
As others have pointed out how would you punish a company overseas? They are beyond jurisdiction of your country's laws. It would require pursuing the matter in the other country's courts. Without the government pursuing it, most people don't have the time or money.
Slashdot Mirror
And if you want to read everything into the film, that's on you. On that same note you could say the entire show of Roseanne was racist and pro-Trump except if you actually watched it.
Because no one really gives a damn. So the first lady recently had surgery and is not doing any press. So what? I have more issues with her husband being an idiot all the time.
This also probably killed the movie for countless red-state movie goers who were already incensed at the blatant SJW preaching that The Last Jedi seemed to do.
I think people will read whatever they want into a movie to justify their hatred of it. For example the "preaching" that The Last Jedi had. What was it? Rose had a very negative opinion of the people on Canto Blight and how they were working for the First Order; however, when they steal the ship later, DJ points out that the owner was selling to both the First Order and the Rebellion.
I haven’t had to sign into an app for months - complaining about that would require setting a really low bar.
I don't think that's the point of single sign-on. Right now the issue is that every channel is making their own app. But the content often isn't free. Either you pay for a subscription a-la-carte or you have a cable provider which means credentials. For those people that have cable every time they get a new app or the app changes to require a reboot and lose credentials, it means that they sign-on again. As a single person the number of sign-ons might be small. For a household, it could be much larger depending on all the different tastes in that household.
So you're unwilling to admit the many, many times you were wrong in this post and the numerous attempts to lie about what you posted?
They can fix the exploit but that also means they can only fix exploits one at a time whenever someone finds another. With this feature they can mitigate a whole class of exploits.
Let's say that Apple can do this. The problem is that Apple is then limited to plugging every single flaw one at time. With this feature they can mitigate a whole class of exploits.
Yes, Microsoft did buy design patents. But I probably used a poor choice of words when I said that they received the patent portfolio. What they did get was "...8,500 of Nokia’s design patents"
To me that means that no one can make Lumia phones. The cell phone technology patents are probably still in Nokia's portfolio. Can MS use their patents to sue? Yes but it's limited.
The bootloader can be accessed via the lightning port. That's how iTunes can recover an unbootable phone by doing a "factory reset". In that case iTunes instructs the bootloader to secure erase the flash memory and writes a new OS image to it.
That would probably destroy any ability to recover the data on the phone as the per file encryption keys would be lost forever. This feature isn't to make a phone immune to theft; it's to make the data on the phone more secure from hacking.
With this feature both scenario 2 and 3 are the same. This feature can be turned off so scenario 1 is a choice.
That requires the phone to be unlocked when the police seize it though.
It has to be implemented most likely at a very low level in the hardware or iOS or it might be circumvented somehow via software.
I'm not sure this change will affect GrayKey and Cellebrite anyway. My understanding is that they attack the phone's bootloader.
How does GrayKey and Cellebrite get access to the boot loader? Cellebrite currently sells a small device that plugs into the phone.
Eventually, law enforcement came to rely on Cellebrite's Universal Forensics Extraction Device, the UFED. It's a small, hand-held device that's easy to use. Police can simply plug in a phone and download the device's memory to a flash drive in a matter of seconds. That's how police can find your deleted text messages.
GrayKey is a box that plugs into the Lightning port.
The product itself is a gray box four inches deep by two inches tall, with two lightning cables sticking out of the front. Up to two phones can be plugged into the device at a time and are connected for about two minutes.
If the iPhone refuses to communicate via cable then neither device can probably work unless the companies find a flaw they can exploit.
I would assume the time allowance is for syncing and backups. Depending on the phone and the computer that could take a long time if the phone has a lot of files and the computer is older and using USB2.
I admit, I don't know exactly how GrayKey and Cellebrite work. However, if viewed from proper access control and privileges point of view, it shouldn't be possible to siphon the kinds of data (e.g. contacts, calls) that it is reportedly capable of doing.
I would assume that both require plugging in a cable instead over wifi or cellular connection. The problem isn't "siphoning" data. The problem is taking advantage of some flaw in the iPhone. Apple can fix each and every flaw however this would also help mitigate many attacks.
So, could someone explain to me why they went with a solution that still leaves 1 hour window of opportunity to compromise a phone instead of fixing, what I guess are overly permissive privileges within the file system?
I would say all security involves a balance of convenience vs effectiveness. If they didn't leave the 1 hour, that would mean that their customers would have to use a passcode every single time which would be inconvenient. The fingerprint and face scans are also a trade off of convenience vs effectiveness. You can set a extremely long ultra secure alphanumeric passcode to unlock your phone if you want but most people don't want to do that.
Sorta like customers have to authorize purchases on the Apple store with a passcode or a fingerprint unlock. However if you buy multiple things within 15 mins so you don't have to keep re-authorizing. With the store authorization you can set it to always require instead of 15 mins. With this you can turn it on or off.
They also made it soNokia's patent royalties go to ms.
Do you have a citation for that as that seems illogical for Nokia to keep the patents and not the royalties from said patents.
You ignored the "spoof a LOCAL number" part of the GP's object. IE, I have no problems with the postal service marking envelopes based on where they were mailed from. And zero problem with them just throwing away letters from China that say "mailed in Spokane, Washington" which were clearly not mailed from there.
Again you do understand that his telecom company (T-Mobile) cannot ignore rules and procedures that are technically legal. Caller ID Spoofing is generally legal in the US and Canada. Now it is illegal if the spoofing was done "with the intent to defraud, cause harm, or wrongfully obtain anything of value". The problem with that standard is that his telecom company must decide that before the call is made.
Have you thought about how it is technically not possible for his telecom company to do so. In the old days of analog phones, telecom companies had regional monopolies. So someone with a 310 number was calling from California which means either AT&T or Pacific Telesis controlled the number.
Enter telephone deregulation, the cell phone industry, and number portability. Now the number of providers mushrooms to any number of landline companies and cell phone companies. A person living in New York can now have that number which is no longer controlled by a California company. But that's with cell phones.
Now enter VOIP. A person from anywhere in the world can originate a call as a computer can be anywhere. So how do telecoms know what the number is? They have to rely on the company originating the call to tell them as T-Mobile can't know the number unless the originating company tells them. All T-Mobile can know is that they don't have that number in their control.
Well no as MS didn't acquire the patents. They got the device and services part of Nokia. Nokia still retains their patent portfolio.
It's clear that your Slashdot ID describes you perfectly.
So you are admitting that you don't understand anything about the case or the judiciary?
I would have to say it is more about the type of crime she committed. If she had committed murder, then I would think the Food Network would not have her back. I would not have done business with her again.
Meanwhile, Martin Shkreli was never charged with screwing people over as everyone was hoping, but they were able to nail him on another technical securities violation.
Because screwing over normal people as he did (while despicable) wasn't a crime; however, lying to rich people (ie investors) is a crime.
Solution: Don't allow non-conforming companies to connect to the American telecom network.
So you're advocating not letting anyone use a telephone worldwide then.
Why should MY phone company (T-Mobile) be allowed to let a foreign company connect to their network and spoof a LOCAL number?
That's as idiotic as saying why should my email carrier allow someone to send me an email from overseas. Why should the United States Post Office allow someone to send me a letter from overseas?
If T-Mobile pays a fine every time that happens, they will find a technical solution really quickly.
You do understand that as a telecom T-Mobile is obligated to do all these things otherwise they would be in non-compliance right?
And exactly what was it that Martha Stewart did?
Besides insider trading which is illegal and then lying to investigators which is also illegal, nothing. The problem really was the second part. If she had admitted what she had done at most she would have had to pay a fine as she's a rich white person.
As others have pointed out how would you punish a company overseas? They are beyond jurisdiction of your country's laws. It would require pursuing the matter in the other country's courts. Without the government pursuing it, most people don't have the time or money.
I'm pretty sure the public will notice 486 machines vs Kaby Lake more than Kaby Lake with 4 lanes or 2 lanes.