Disclosure: I really dislike netflix because of their 1) "smoothing" policies, 2) price hikes, 3) unreliable content selection
That said, Netflix is the established company and "Hollywood" doesn't like their terms because they are convinced that they can do better. The problem has been the lack of competition. Any deals that Amazon is able to get may in fact be better than what Netflix can negotiate because what Amazon brings to the table is an option to Netflix. If Amazon ever becomes a real competitor then the copyright holders can use bidding wars to drive up costs, but they have to become a meaningful option first.
Despite being the entrenched player, Netflix is relatively powerless here and has no bargaining power.
This isn't anything new. Amazon already did this, horning into the music market. The labels were only too happy to give Amazon preferential deals because Apple -- using their position as the sole gateway to the masses -- would not give the labels an ever larger cut of the pie. Initially at least, they gave Amazon *better* pricing because they wanted to fund the existence of a competitor to Apple.
If you make widgets would you prefer them to be made available through a single reseller who then has complete control over your access to market, or would you prefer to have multiple resellers who you could then negotiate differential deals with?
...and what would be notable is if 30 years from now someone actually comes up with a way of reading & writing in a durable fashion.
It isn't that their work is useless, it just isn't notable. When IBM arrogantly wrote their name in atoms it was notable because no one had done anything like that before. What these guys have done is kinda neat, but it isn't even remotely near the usable stage.
Maybe you're too young to remember the excitement about "room temperature superconductors" that never transpired. There's no reason to expect this to ever get anywhere near room temperature, either. Using helium is more of a necessity in advancement and a relatively simple engineering problem. No one has even a plan for maintaining the required stability at room temperature, or alternatively how you would achieve supercooling in a consumer product.
"Oooo, look we've got 500 terabytes of storage per square inch on the medium, but when factoring in the support equipment we can achieve 500 kilobytes per square foot"
If such a device is ever installed on vehicles in the US then, no matter what the rules/laws might be at the time of inception, they will in short order certainly:
1. require citizens comply with law enforcement request for a data dump 2. criminalize tampering/disabling logging 3. be considered infallible by those consulting them 4. be utilized by insurance companies to obtain discounts
In the interests of protecting privacy, the interface will be proprietary and secret, thus conveniently preventing owners from doing their own data dumps. A grey market in readers will develop.
It also would likely form an entry point for: putting GPS on all vehicles to enable ore accurate road taxes; a remote kill switch for public safety (think of Nice, France); and a transponder for emergency assistance/stolen vehicle recovery
Sorry, I didn't read your whole post so my answer is incomplete. While collisions can be generated, for even semi-modern hashes they involve more than just data changes (e.g., the size of the data is changed as well). A digital chain of custody will record both the hash and the size in bytes. And that does not alter the fact that the burden of proof lies with the defense when making allegations of alteration. That is, the allegations must be specific -- not just a general hand waving that "something could have happened". There is a presumption that evidence has not been tampered with. Breaks in chain of custody are not uncommon and normally have no impact on proceedings other than some additional testimony.
Furthermore, hash collisions are not considered to be an issue by the courts. Fingerprints have a far far greater risk of collision (or simply misidentification) than say md5 and law enforcement has done an effective job of convincing the courts that *fingerprints* are unassailable evidence and now with hashing being vastly better it is considered completely irrefutable.
Again, the purpose of encryption is to protect confidentiality, not provide integrity. While it may have some impact in that regard it is a side effect. Integrity measures (such as documenting the chain of custody, hashing evidence on collection, etc.) are what provide that.
To be properly forensic the data should be hashed on the source machine and the hash verified on the destination. Not doing so is a failure in due diligence and introduces an implicit logical gap in the chain of custody. Now, the reality is that the obligation lies with the defense that something happened causing the data to be altered. And it sounds like they are trying to go that route. It just isn't a realistic defense (meaning it has about a snowball's chance of succeeding).
The real reason for encryption isn't an attempt to ensure the data is not altered, it is to prevent it from being exposed. Any system that is logging/recording what goes through it (hello, NSA) can capture the plain text. Encryption is to provide confidentiality, not integrity.
“[Had that data been encrypted,] It would still be valid, it still would have been accurate data; however, it would not have been as forensically sound as being able to turn over exactly what the government collected,” Alfin said.
Which is such utter BS its hard to credit. I figured the summary was just the usual flame bait, but unless the article is misquoting the agent that is pretty damning.
Hint: if the hash of the data before and after it is sent remains the same then that satisfies one of the requirements to being forensically sound (specifically, the data will be "accurate" -- unchanged since collection). Does the "special" agent think running it through an SSH tunnel would have altered the data? How about over a VPN connection? Does he not realize that the data was *shock* modified during transit (encapsulation at the very least, quite possibly encoded depending on the nature of the physical links along the way). What a moron.
By his reasoning all digital data is forensically unsound because spinning platters *encode* the data (hint, it isn't the bits and bytes you might think, longer story has to do with run length synchronization issues). And *encryption* is a particular means of *encoding*. So if encryption is "the bad" because it transforms data then all encodings are bad because they all inherently transform data.
"Bernie says he will gladly accept whatever bones Queen Hillary tosses him in return for not being sent to gitmo following her coronation."
"Hillary says she is glad Bernie came to his senses because she was beginning to think she'd have to have him put down for being a rabid dog."
Not that this should surprise anyone. While the imminent blood bath is sure to provide some moments of dark humor, sadly we will be voting on which candidate will continue the rise in executive power.
National elections, where the populace of mice decide whether they would prefer to be eaten by a tabby or a calico.
I suspect that instead of MS choosing over "pay once" vs "subscription" they will introduce it as a "cost saving alternative" to "reduce the up front cost" of maintaining your operating system. Instead of paying $200 (or whatever) for an OEM copy it will be $5/mo. Then they can insist they are simply providing more options.
To move into complete subscription mode they will transition the "legacy free support" model to "ad supported" with the option to pay a subscription fee in order to eliminate (or at least reduce) the advertising.
ah, trolls. It was tempting to mod you appropriately (I have the points), but I dislike down-modding and reserve it for the never-give-up (like APK). Do you understand how your smug and self-conceited claim to be moderated into oblivion was, at best, a self-fulfilling prediction (after all, you posted a troll comment, so why would the comment not be moderated as such?)
This "local Apple fanboy" wouldn't happen to be a figment of your imagination, would he? I mean, such a creature is possible, but considering you are completely ignoring the reported facts you are either a bigger troll than you look, or so self deluded in your hatred of Apple that you are blind.
Many normal users (who, by the way, are largely *windows* users simply due to the weight of numbers -- platform really is irrelevant) use a single, bad password for everything. So when linkedin gets hacked and their bad password is cracked -- the bad guy now has the password and can do anything the user can do with the password. Which, for iOS devices, includes locking the device and posting a message.
Is Apple wrong to empower its users with this in case their device is lost?
Is Apple responsible for users selecting weak passwords and then re-using them?
Is Apple responsible for the security of unrelated third parties?
Unless you can answer yes to all of those then Apple is not responsible. And I'm very glad that we do not live in a world where any of those are true.
#1 is quick and easy (which commends it) but is too little. Why do you think spammers use "you have a package" emails as bait? Because some fraction of the recipients *will* be expecting a package so -- for them -- it is not unexpected and they think they know the sender. Opening an email should never be risky, though in practice it is. Rephrased:
1. If at all possible use a mail reader that does not load external content without your prompting it to do so. Be wary of links (hover, don't click) and attachments (save, then open from what should open it -- never double click/execute/directly open an attachment)
To keep it short, I'd split that into three components: a) block external content; b) don't trust links; c) don't trust attachments
#3 is a popular notion, but is just wrong. Thank you advertising networks for ensuring there is as much badness on the popular sites as the "sketchy" ones. Don't believe me? Google it. I can't be bothered to find citations for the actual research on the topic. That's right, actual research, not just a seat-of-the-pants feels-right guess.
The only other comment I have is that with all of those you are still not done. For example, if your OS supports it, ensure at least basic white listing is enabled (e.g., Gatekeeper on OS X). And smack anyone who says to disable it because they don't feel like signing their application (the proper method is to right click, then select run -- not disable Gatekeeper).
None of these measures is sufficient and neither are all possible measures combined. There is always a way. Sometimes you have a bad day and click on a link because you're half asleep. So plan for *that* and have backups.
I'll see your anecdote and raise you: most are caused by malvertising from general web browsing. Perhaps you aren't seeing other infection vectors if your work focuses on the email side? I don't run the mail service or the network, but I'm responsible for security generally. Most of the unwanted email we see is spam, a bit of phishing, and of course login attempts from Nigeria. Email is normally how *accounts* are exploited here, but *system* compromises usually originate from malvertising.
Of course, we also likely have different user bases. If you have everything locked down and going through a proxy then email as a vector may get to the front. We certainly have seen our share of email delivered badness, but there is far more being stopped by blocking advertising and making use of blackhole DNS than is blocked by the email filtering.
nice way to justify your voyeurism. Or is it a desire to look down on and belittle them?
Trawling through someone's browsing history and attributing an infection to "trying to download a movie" is about as robust as any other "pulled it out of my ass" explanation. People with the knowledge of how to track down a root infection cost more than a "rebuild my computer" effort is worth. And, frankly, the time spent is rarely worth it. If all you have is a dead file system (no RAM dumps, no packet captures, not even netflow traffic, no meaningful logging enabled on the end point, no DNS logging, etc.) then there will be a lot of dead ends.
At one time home infections were primarily caused by malicious links spread through instant messaging clients. You could ask about links being clicked on or just save your breath over the argument as to whether or not it was "something they had done" and just remind them to be cautious about links (was it expected? who sent it? hover before click; best practice is to type it in manually to avoid look-a-like domains). And that same advice then serves them well when the delivery method shifts to email.
Aspiring programmers created many viruses for the Amiga. If memory serves, LAMER was one of the more prevalent ones. It was so-named for being targeted at pirates (and quite possibly written by a commercial software programmer). The Amiga had *zero* security features. Any application could write to any portion of memory which made poorly written but otherwise non-malicious software a problem for system stability. It was an inherently single-user system. File attributes are not protection. RDB permitted the inclusion of arbitrary code that would be loaded on demand when a drive was scanned (this was intended to allow a drive to provide its own file system drivers, but like many such cool features no one had given security even a passing thought).
However, *most* of the "viruses" on the Amiga were toys or jokes -- there weren't that many with malicious intent (though see LAMER) -- so users often were not particularly concerned about them.
Nice to hear someone without a clue comment on the topic. Speaking as someone who actually works in an IT security position (responsible for a ~8000 node network or so -- you have to decide how you're going to count it...) there are two basic measures that cut the majority of infections off at the knees:
1) block advertising
2) blackhole DNS
While some advertising industry shills get very shrill about #1, the problem is solidly in their court due to their increasingly obvious inability to stop malware from being delivered as advertising. I've posted before about why the problem exists and it is easy enough to learn more on the topic so I won't belabor that point further.
The idea behind blackhole DNS is that you discover a domain name is bad and you prevent hosts on your network from being able to resolve. More precisely, you resolve it to a server that will happily deliver a message about content having been blocked.
Blocking advertising is better because it does not rely on prior knowledge or a threat feed. It is simple, easy and very effective. But if you have a good threat feed then blackhole DNS is also quite effective. Sure, someone *else* paid the price already, but now the rest of the population is protected.
*Most* security professionals would not recommend eliminating AV (although in many cases that is solely to maintain the ability to check the box in audits) and it does serve a purpose (either as a canary or blocking old school malware).
EMET and related techniques aim for generic protections, but they are only relevant after the malware is already on the system and it is obviously better to prevent that from happening in the first place. Defense in depth means that additional measures are good, but they should never been seen as a replacement.
I get it, we shouldn't call out the half-truths or misleading statements made by corporate mouth-pieces because it is nothing new and everyone knows they will do whatever they want anyway.
Btw: what do you mean by "this technology"? Are you trying to say that QR codes are decades old? Or were you oblivious to the story and the comment you were responding to? Because you do realize (I hope) neither one was actually about what people normally call technology, right?
"Walmart can get insights into consumer behavior, though it says it won't use the data without a shopper's permission."...and using Walmart Pay will be considered consent. But I guess the honest statement of "we will data mine the fuck out of all purchase information we can snag, and by using Walmart Pay you maximize our opportunity" doesn't sound so nice.
"If you are an organ donor, then they take extra steps to make sure you are really dead."
Nurse: Here's one.
Organ Collector: Nine pence.
Organ Donor: I'm not dead.
Organ Collector: What?
Nurse: Nothing. [hands the collector his money] There's your nine pence.
Organ Donor: I'm not dead!
Organ Collector: 'Ere, he says he's not dead.
Nurse: Yes he is.
Organ Donor: I'm not.
Organ Collector: He isn't.
Nurse: Well, he will be soon, he's very ill.
Organ Donor: I'm getting better.
Nurse: No you're not, you'll be stone dead in a moment.
Organ Collector: Well, I can't take him like that. It's against regulations.
Organ Donor: I don't want to go on the cart.
Nurse:' Oh, don't be such a baby.
Organ Collector: I can't take him.
Organ Donor: I feel fine.
Nurse: Oh, do me a favor.
Organ Collector: I can't.
Nurse: Well, can you hang around for a couple of minutes? He won't be long.
Organ Collector: I promised I'd be at the Robinsons'. They've lost nine today.
Nurse: Well, when's your next round?
Organ Collector: Thursday.
Organ Donor: I think I'll go for a walk.
Nurse: You're not fooling anyone, you know. Isn't there anything you could do?
Organ Donor: I feel happy. I feel happy.
[The collector paces for an idea, then whacks the body with his club, solving the problem]
Nurse: Ah, thank you very much.
Organ Collector: Not at all. See you on Thursday.
Nurse: Right.
People hate Hillary (with some justification) and it isn't exactly common knowledge of how often classified rules get broken. I'm personally aware of multiple, but then again I had a clearance and was involved in security (audits and such). Some examples: one case was not prosecuted after report because "it would have damaged [his|her] career". Another response was "don't report" with the unstated (but obvious) reason being the violator's rank.
And then of course there's the publicly available but politically unpalatable facts about previous administrations.
In summary: the FBI is correct, this is common and the precedent is no prosecution.
the existence of additional parties serves as a pool to observe trends likely to affect the leading parties. Otherwise known as a third party candidate doing well in a major election is likely to result in shifts in at least one of the big two to accommodate. I'm not trying to suggest that this makes everything better and the leadership can be blind, but it is there.
I dislike Hillary Clinton, but I've never understood the hatred she inspires. The double standard of "not my favorite politicians" is such a trivial game that it doesn't really bother that much (though I admit it does get old having to correct the half-truths).
Exactly my thought. In Oracle's defense, it was clear in 2001 that Itanium was dying. You could hear the Monty Python dialog, "I'm not dead yet!" but despite the protestations the writing was on the wall. AMD proved you didn't need a completely incompatible system in order to move forward to a 64-bit architecture.
You almost wonder about the choice of name as Itanium is close to Titanic, which is about the size of its failure.
So you know that GP would be "throwing a shitfit[sic]" if Walmart were requiring manufacturers to abide by Walmart's rules? You are aware then that Walmart has dedicated staff to assisting manufacturers in cutting costs (quality) in order to meet Walmart's purchase requirements? Does Apple dedicate resources to lowering quality standards? In what way is what Apple does even remotely like Walmart? It isn't a matter of preferring one to the other (they could both be shit or both be angels), they operate entirely differently and in different markets.
If you don't like Apple's "walled garden" then use Android. Heck, if Spotify doesn't like it then they should focus on the Android market. I hear that it is much larger than Apple's and so would be more profitable, right?
Which takes us back to the silly assertion that Apple has a monopoly position. No, Google has the dominant position in the mobile market. Apple is in distant second place (albeit far ahead of Microsoft).
Slashdot Mirror
Disclosure: I really dislike netflix because of their 1) "smoothing" policies, 2) price hikes, 3) unreliable content selection
That said, Netflix is the established company and "Hollywood" doesn't like their terms because they are convinced that they can do better. The problem has been the lack of competition. Any deals that Amazon is able to get may in fact be better than what Netflix can negotiate because what Amazon brings to the table is an option to Netflix. If Amazon ever becomes a real competitor then the copyright holders can use bidding wars to drive up costs, but they have to become a meaningful option first.
Despite being the entrenched player, Netflix is relatively powerless here and has no bargaining power.
This isn't anything new. Amazon already did this, horning into the music market. The labels were only too happy to give Amazon preferential deals because Apple -- using their position as the sole gateway to the masses -- would not give the labels an ever larger cut of the pie. Initially at least, they gave Amazon *better* pricing because they wanted to fund the existence of a competitor to Apple.
If you make widgets would you prefer them to be made available through a single reseller who then has complete control over your access to market, or would you prefer to have multiple resellers who you could then negotiate differential deals with?
...and what would be notable is if 30 years from now someone actually comes up with a way of reading & writing in a durable fashion.
It isn't that their work is useless, it just isn't notable. When IBM arrogantly wrote their name in atoms it was notable because no one had done anything like that before. What these guys have done is kinda neat, but it isn't even remotely near the usable stage.
Maybe you're too young to remember the excitement about "room temperature superconductors" that never transpired. There's no reason to expect this to ever get anywhere near room temperature, either. Using helium is more of a necessity in advancement and a relatively simple engineering problem. No one has even a plan for maintaining the required stability at room temperature, or alternatively how you would achieve supercooling in a consumer product.
"Oooo, look we've got 500 terabytes of storage per square inch on the medium, but when factoring in the support equipment we can achieve 500 kilobytes per square foot"
If such a device is ever installed on vehicles in the US then, no matter what the rules/laws might be at the time of inception, they will in short order certainly:
1. require citizens comply with law enforcement request for a data dump
2. criminalize tampering/disabling logging
3. be considered infallible by those consulting them
4. be utilized by insurance companies to obtain discounts
In the interests of protecting privacy, the interface will be proprietary and secret, thus conveniently preventing owners from doing their own data dumps. A grey market in readers will develop.
It also would likely form an entry point for: putting GPS on all vehicles to enable ore accurate road taxes; a remote kill switch for public safety (think of Nice, France); and a transponder for emergency assistance/stolen vehicle recovery
I don't see how anything could go wrong with this
Sorry, I didn't read your whole post so my answer is incomplete. While collisions can be generated, for even semi-modern hashes they involve more than just data changes (e.g., the size of the data is changed as well). A digital chain of custody will record both the hash and the size in bytes. And that does not alter the fact that the burden of proof lies with the defense when making allegations of alteration. That is, the allegations must be specific -- not just a general hand waving that "something could have happened". There is a presumption that evidence has not been tampered with. Breaks in chain of custody are not uncommon and normally have no impact on proceedings other than some additional testimony.
Furthermore, hash collisions are not considered to be an issue by the courts. Fingerprints have a far far greater risk of collision (or simply misidentification) than say md5 and law enforcement has done an effective job of convincing the courts that *fingerprints* are unassailable evidence and now with hashing being vastly better it is considered completely irrefutable.
Again, the purpose of encryption is to protect confidentiality, not provide integrity. While it may have some impact in that regard it is a side effect. Integrity measures (such as documenting the chain of custody, hashing evidence on collection, etc.) are what provide that.
To be properly forensic the data should be hashed on the source machine and the hash verified on the destination. Not doing so is a failure in due diligence and introduces an implicit logical gap in the chain of custody. Now, the reality is that the obligation lies with the defense that something happened causing the data to be altered. And it sounds like they are trying to go that route. It just isn't a realistic defense (meaning it has about a snowball's chance of succeeding).
The real reason for encryption isn't an attempt to ensure the data is not altered, it is to prevent it from being exposed. Any system that is logging/recording what goes through it (hello, NSA) can capture the plain text. Encryption is to provide confidentiality, not integrity.
“[Had that data been encrypted,] It would still be valid, it still would have been accurate data; however, it would not have been as forensically sound as being able to turn over exactly what the government collected,” Alfin said.
Which is such utter BS its hard to credit. I figured the summary was just the usual flame bait, but unless the article is misquoting the agent that is pretty damning.
Hint: if the hash of the data before and after it is sent remains the same then that satisfies one of the requirements to being forensically sound (specifically, the data will be "accurate" -- unchanged since collection). Does the "special" agent think running it through an SSH tunnel would have altered the data? How about over a VPN connection? Does he not realize that the data was *shock* modified during transit (encapsulation at the very least, quite possibly encoded depending on the nature of the physical links along the way). What a moron.
By his reasoning all digital data is forensically unsound because spinning platters *encode* the data (hint, it isn't the bits and bytes you might think, longer story has to do with run length synchronization issues). And *encryption* is a particular means of *encoding*. So if encryption is "the bad" because it transforms data then all encodings are bad because they all inherently transform data.
Translated:
"Bernie says he will gladly accept whatever bones Queen Hillary tosses him in return for not being sent to gitmo following her coronation."
"Hillary says she is glad Bernie came to his senses because she was beginning to think she'd have to have him put down for being a rabid dog."
Not that this should surprise anyone. While the imminent blood bath is sure to provide some moments of dark humor, sadly we will be voting on which candidate will continue the rise in executive power.
National elections, where the populace of mice decide whether they would prefer to be eaten by a tabby or a calico.
I suspect that instead of MS choosing over "pay once" vs "subscription" they will introduce it as a "cost saving alternative" to "reduce the up front cost" of maintaining your operating system. Instead of paying $200 (or whatever) for an OEM copy it will be $5/mo. Then they can insist they are simply providing more options.
To move into complete subscription mode they will transition the "legacy free support" model to "ad supported" with the option to pay a subscription fee in order to eliminate (or at least reduce) the advertising.
...to be followed by truly heart-felt apologies and the addition of a "No Thanks" widget that will immediately initiate the upgrade.
ah, trolls. It was tempting to mod you appropriately (I have the points), but I dislike down-modding and reserve it for the never-give-up (like APK). Do you understand how your smug and self-conceited claim to be moderated into oblivion was, at best, a self-fulfilling prediction (after all, you posted a troll comment, so why would the comment not be moderated as such?)
This "local Apple fanboy" wouldn't happen to be a figment of your imagination, would he? I mean, such a creature is possible, but considering you are completely ignoring the reported facts you are either a bigger troll than you look, or so self deluded in your hatred of Apple that you are blind.
Many normal users (who, by the way, are largely *windows* users simply due to the weight of numbers -- platform really is irrelevant) use a single, bad password for everything. So when linkedin gets hacked and their bad password is cracked -- the bad guy now has the password and can do anything the user can do with the password. Which, for iOS devices, includes locking the device and posting a message.
Is Apple wrong to empower its users with this in case their device is lost?
Is Apple responsible for users selecting weak passwords and then re-using them?
Is Apple responsible for the security of unrelated third parties?
Unless you can answer yes to all of those then Apple is not responsible. And I'm very glad that we do not live in a world where any of those are true.
that deserves at least a +1 Funny, but sadly I've already posted. Sigh.
Responding to AC, but it isn't a /bad/ post.
#1 is quick and easy (which commends it) but is too little. Why do you think spammers use "you have a package" emails as bait? Because some fraction of the recipients *will* be expecting a package so -- for them -- it is not unexpected and they think they know the sender. Opening an email should never be risky, though in practice it is. Rephrased:
1. If at all possible use a mail reader that does not load external content without your prompting it to do so. Be wary of links (hover, don't click) and attachments (save, then open from what should open it -- never double click/execute/directly open an attachment)
To keep it short, I'd split that into three components: a) block external content; b) don't trust links; c) don't trust attachments
#3 is a popular notion, but is just wrong. Thank you advertising networks for ensuring there is as much badness on the popular sites as the "sketchy" ones. Don't believe me? Google it. I can't be bothered to find citations for the actual research on the topic. That's right, actual research, not just a seat-of-the-pants feels-right guess.
The only other comment I have is that with all of those you are still not done. For example, if your OS supports it, ensure at least basic white listing is enabled (e.g., Gatekeeper on OS X). And smack anyone who says to disable it because they don't feel like signing their application (the proper method is to right click, then select run -- not disable Gatekeeper).
None of these measures is sufficient and neither are all possible measures combined. There is always a way. Sometimes you have a bad day and click on a link because you're half asleep. So plan for *that* and have backups.
I'll see your anecdote and raise you: most are caused by malvertising from general web browsing. Perhaps you aren't seeing other infection vectors if your work focuses on the email side? I don't run the mail service or the network, but I'm responsible for security generally. Most of the unwanted email we see is spam, a bit of phishing, and of course login attempts from Nigeria. Email is normally how *accounts* are exploited here, but *system* compromises usually originate from malvertising.
Of course, we also likely have different user bases. If you have everything locked down and going through a proxy then email as a vector may get to the front. We certainly have seen our share of email delivered badness, but there is far more being stopped by blocking advertising and making use of blackhole DNS than is blocked by the email filtering.
nice way to justify your voyeurism. Or is it a desire to look down on and belittle them?
Trawling through someone's browsing history and attributing an infection to "trying to download a movie" is about as robust as any other "pulled it out of my ass" explanation. People with the knowledge of how to track down a root infection cost more than a "rebuild my computer" effort is worth. And, frankly, the time spent is rarely worth it. If all you have is a dead file system (no RAM dumps, no packet captures, not even netflow traffic, no meaningful logging enabled on the end point, no DNS logging, etc.) then there will be a lot of dead ends.
At one time home infections were primarily caused by malicious links spread through instant messaging clients. You could ask about links being clicked on or just save your breath over the argument as to whether or not it was "something they had done" and just remind them to be cautious about links (was it expected? who sent it? hover before click; best practice is to type it in manually to avoid look-a-like domains). And that same advice then serves them well when the delivery method shifts to email.
Aspiring programmers created many viruses for the Amiga. If memory serves, LAMER was one of the more prevalent ones. It was so-named for being targeted at pirates (and quite possibly written by a commercial software programmer). The Amiga had *zero* security features. Any application could write to any portion of memory which made poorly written but otherwise non-malicious software a problem for system stability. It was an inherently single-user system. File attributes are not protection. RDB permitted the inclusion of arbitrary code that would be loaded on demand when a drive was scanned (this was intended to allow a drive to provide its own file system drivers, but like many such cool features no one had given security even a passing thought).
However, *most* of the "viruses" on the Amiga were toys or jokes -- there weren't that many with malicious intent (though see LAMER) -- so users often were not particularly concerned about them.
Nice to hear someone without a clue comment on the topic. Speaking as someone who actually works in an IT security position (responsible for a ~8000 node network or so -- you have to decide how you're going to count it...) there are two basic measures that cut the majority of infections off at the knees:
1) block advertising
2) blackhole DNS
While some advertising industry shills get very shrill about #1, the problem is solidly in their court due to their increasingly obvious inability to stop malware from being delivered as advertising. I've posted before about why the problem exists and it is easy enough to learn more on the topic so I won't belabor that point further.
The idea behind blackhole DNS is that you discover a domain name is bad and you prevent hosts on your network from being able to resolve. More precisely, you resolve it to a server that will happily deliver a message about content having been blocked.
Blocking advertising is better because it does not rely on prior knowledge or a threat feed. It is simple, easy and very effective. But if you have a good threat feed then blackhole DNS is also quite effective. Sure, someone *else* paid the price already, but now the rest of the population is protected.
*Most* security professionals would not recommend eliminating AV (although in many cases that is solely to maintain the ability to check the box in audits) and it does serve a purpose (either as a canary or blocking old school malware).
EMET and related techniques aim for generic protections, but they are only relevant after the malware is already on the system and it is obviously better to prevent that from happening in the first place. Defense in depth means that additional measures are good, but they should never been seen as a replacement.
I get it, we shouldn't call out the half-truths or misleading statements made by corporate mouth-pieces because it is nothing new and everyone knows they will do whatever they want anyway.
Btw: what do you mean by "this technology"? Are you trying to say that QR codes are decades old? Or were you oblivious to the story and the comment you were responding to? Because you do realize (I hope) neither one was actually about what people normally call technology, right?
"Walmart can get insights into consumer behavior, though it says it won't use the data without a shopper's permission." ...and using Walmart Pay will be considered consent. But I guess the honest statement of "we will data mine the fuck out of all purchase information we can snag, and by using Walmart Pay you maximize our opportunity" doesn't sound so nice.
Oh, yes, though I was really responding to the "make sure you're dead" part. More importantly, I haven't seen Meaning of Life in a decade or longer.
"If you are an organ donor, then they take extra steps to make sure you are really dead."
Nurse: Here's one.
Organ Collector: Nine pence.
Organ Donor: I'm not dead.
Organ Collector: What?
Nurse: Nothing. [hands the collector his money] There's your nine pence.
Organ Donor: I'm not dead!
Organ Collector: 'Ere, he says he's not dead.
Nurse: Yes he is.
Organ Donor: I'm not.
Organ Collector: He isn't.
Nurse: Well, he will be soon, he's very ill.
Organ Donor: I'm getting better.
Nurse: No you're not, you'll be stone dead in a moment.
Organ Collector: Well, I can't take him like that. It's against regulations.
Organ Donor: I don't want to go on the cart.
Nurse:' Oh, don't be such a baby.
Organ Collector: I can't take him.
Organ Donor: I feel fine.
Nurse: Oh, do me a favor.
Organ Collector: I can't.
Nurse: Well, can you hang around for a couple of minutes? He won't be long.
Organ Collector: I promised I'd be at the Robinsons'. They've lost nine today.
Nurse: Well, when's your next round?
Organ Collector: Thursday.
Organ Donor: I think I'll go for a walk.
Nurse: You're not fooling anyone, you know. Isn't there anything you could do?
Organ Donor: I feel happy. I feel happy.
[The collector paces for an idea, then whacks the body with his club, solving the problem]
Nurse: Ah, thank you very much.
Organ Collector: Not at all. See you on Thursday.
Nurse: Right.
People hate Hillary (with some justification) and it isn't exactly common knowledge of how often classified rules get broken. I'm personally aware of multiple, but then again I had a clearance and was involved in security (audits and such). Some examples: one case was not prosecuted after report because "it would have damaged [his|her] career". Another response was "don't report" with the unstated (but obvious) reason being the violator's rank.
And then of course there's the publicly available but politically unpalatable facts about previous administrations.
In summary: the FBI is correct, this is common and the precedent is no prosecution.
the existence of additional parties serves as a pool to observe trends likely to affect the leading parties. Otherwise known as a third party candidate doing well in a major election is likely to result in shifts in at least one of the big two to accommodate. I'm not trying to suggest that this makes everything better and the leadership can be blind, but it is there.
Shame i don't have mod points.
I dislike Hillary Clinton, but I've never understood the hatred she inspires. The double standard of "not my favorite politicians" is such a trivial game that it doesn't really bother that much (though I admit it does get old having to correct the half-truths).
Exactly my thought. In Oracle's defense, it was clear in 2001 that Itanium was dying. You could hear the Monty Python dialog, "I'm not dead yet!" but despite the protestations the writing was on the wall. AMD proved you didn't need a completely incompatible system in order to move forward to a 64-bit architecture.
You almost wonder about the choice of name as Itanium is close to Titanic, which is about the size of its failure.
So you know that GP would be "throwing a shitfit[sic]" if Walmart were requiring manufacturers to abide by Walmart's rules? You are aware then that Walmart has dedicated staff to assisting manufacturers in cutting costs (quality) in order to meet Walmart's purchase requirements? Does Apple dedicate resources to lowering quality standards? In what way is what Apple does even remotely like Walmart? It isn't a matter of preferring one to the other (they could both be shit or both be angels), they operate entirely differently and in different markets.
If you don't like Apple's "walled garden" then use Android. Heck, if Spotify doesn't like it then they should focus on the Android market. I hear that it is much larger than Apple's and so would be more profitable, right?
Which takes us back to the silly assertion that Apple has a monopoly position. No, Google has the dominant position in the mobile market. Apple is in distant second place (albeit far ahead of Microsoft).