The tool was designed to check that the download URLs pointed to files hosted under the intel.com domain name. However, man-in-the-middle attackers would have been able to both modify the XML files in transit and to bypass the tool's domain check by using techniques such as ARP poisoning and DNS spoofing.
If you have someone doing ARP poisoning on your LAN and hijacking your DNS, you have a hell of a lot bigger problem than the issue with Intel's update utility.
It's a good practice to always start by downloading and installing the latest firmware when you get your device home. In the example described here, they in claim to have disabled updates somehow. Attempting to update might at least alert you that something is amiss .
IP blocking doesn't work - because someone can watch Netflix at home using their home broadband, while someone else is using a mobile connection...
You're missing the point of "IP blocking" in this context. It's not about a user accessing from multiple IP addresses. It's about people using a VPN service to make their connection come in from another country. If some content is not licenced for viewing outside the US, for example, viewers outside the US can use a VPN provider to tunnel their traffic through a US IP address. It is this IP address - one being used by a VPN service provider to tunnel in unauthorized viewers - that Netflix would be trying to block. And yes, it would be effective, although they admit it's "a cat and mouse game" because the VPN provider can switch to using a different IP address.
There is no reason high capacity would need to involve "millions of volts". Voltage does not equal storage capacity. Consider static electricity, which can involve very high voltages but very little actual power.
Also, very high voltages aren't a good idea with capacitors because they result in more leakage across whatever dielectric is used.
I imagine Google Play Store has protections against MitM attacks, at least I hope it would.
FTA: "Infection of his device was made possible due to the lack of SSL encryption for sensitive communications between the TV and remote servers".
SSL would be the main defence against MitM attacks. If the TV manufacturers aren't even checking for a valid SSL cert on the server they're downloading from, they fail.
From the article
"However, it is now recognized (Black 1992) that the maximum sustained winds estimated for typhoons during the 1940s to 1960s were too strong. The strongest reliably measured tropical cyclones were both 10 mph weaker than Patricia...".
I'm surprised you don't have issues with that. There are RBL's that specifically list IP address blocks that are thought to be dynamic address pools, and some servers will reject you for nothing more. Also, how do you handle reverse DNS with a dynamic IP?
Also, there aren't any adverts on iPlayer, unless you mean the intertitles?
I have no idea what an "intertitle" is, but I know what advertisements are, or what we refer to here as "commercials". Not sure if you call them that in the UK, but I am subjected to two or three rounds of commercials in the course of watching a show. You can see little markers on the iPlayer timeline where they are going to occur, but you can't skip past them.
So their concern comes down to people accessing content that they aren't paying for? Then charge for access. They estimate 60 million people outside the UK are accessing. That's a large potential market.
I'm currently paying for VPN service to watch shows with iPlayer. I would be happy to just pay them directly.
The BBC doesn't estimate that number - that number has been suggested by third parties and the BBC has suggested that the number is nowhere near accurate.
The other point is that they *do* charge for access outside the UK, but via their for-profit arm BBC Worldwide, which handles distribution of their content to non-UK markets. Due to various legal reasons in the way the BBC is funded, they have to do it this way, and the profits they can receive back from BBC Worldwide from these overseas sales are limited by legal limitations.
They understand how big the market is but they are legally hamstrung in being able to access it.
So some bright parliamentarian should propose changing the law. People want to pay for our content? Then take their money.
It doesn't even have to be a "for-profit" scenario, if that contravenes the BBC's mandate. Just charge what it takes to cover the cost of distribution. With iPlayer it's not even possible to skip over the ads. Even their advertisers should be happy with more eyeballs viewing their content.
So their concern comes down to people accessing content that they aren't paying for? Then charge for access. They estimate 60 million people outside the UK are accessing. That's a large potential market.
I'm currently paying for VPN service to watch shows with iPlayer. I would be happy to just pay them directly.
All of the routers tested in TFA are rated for 600Mb/s @2.4GHz and 1,300Mb/s @ 5GHz. The UniFi AC Lite AP that you link to is rated at 300Mb/s @2.4GHz and 867Mb/s @ 5GHz, so no surprise they're a lot cheaper.
The Ubiquiti UniFi products also require management software to be installed on some local computer, they don't provide a built-in web interface like most home networking devices. Whether this makes them "easier to configure" is a matter of personal preference I suppose.
Even after disabling the "animations" and "hardware acceleration"
You do realize that disabling hardware acceleration makes things slower, right?
FWIW, I see absolutely zero performance issues on my Windows laptop. Diagnose the performance bottleneck on your machine before you blame the software.
Why don't they just aim a bunch of infrared LED's at the audience? Wouldn't that mess with the recording devices without the audience noticing?
Of course, the IR couldn't be too powerful, or you could damage people's eyes. In a darkened theatre their pupils would be dilated, and IR does not cause the pupils to contract like visible light.
Slashdot Mirror
The tool was designed to check that the download URLs pointed to files hosted under the intel.com domain name. However, man-in-the-middle attackers would have been able to both modify the XML files in transit and to bypass the tool's domain check by using techniques such as ARP poisoning and DNS spoofing.
If you have someone doing ARP poisoning on your LAN and hijacking your DNS, you have a hell of a lot bigger problem than the issue with Intel's update utility.
...there has to be a point at which the blame is on the supplier and not the buyer...
Blame accomplishes nothing. Boycotting would.
It's a good practice to always start by downloading and installing the latest firmware when you get your device home. In the example described here, they in claim to have disabled updates somehow. Attempting to update might at least alert you that something is amiss .
Agreed. It's disheartening to see from the list that Haiti gets more shows than Canada.
IP blocking doesn't work - because someone can watch Netflix at home using their home broadband, while someone else is using a mobile connection...
You're missing the point of "IP blocking" in this context. It's not about a user accessing from multiple IP addresses. It's about people using a VPN service to make their connection come in from another country. If some content is not licenced for viewing outside the US, for example, viewers outside the US can use a VPN provider to tunnel their traffic through a US IP address. It is this IP address - one being used by a VPN service provider to tunnel in unauthorized viewers - that Netflix would be trying to block. And yes, it would be effective, although they admit it's "a cat and mouse game" because the VPN provider can switch to using a different IP address.
I had two of these...Both failed spectacularly.
I think you mean "Twice bitten once shy".
Presumable the decision to produce offspring is not something one would toggle on a weekly basis.
I believe Ashley Madison has had this capability for some time already.
Instead of
"You may not promote violence against or directly attack or threaten other people on the basis of..."
How about
"You may not promote violence against or directly attack or threaten other people." PERIOD
There is no reason high capacity would need to involve "millions of volts". Voltage does not equal storage capacity. Consider static electricity, which can involve very high voltages but very little actual power.
Also, very high voltages aren't a good idea with capacitors because they result in more leakage across whatever dielectric is used.
Well written and insightful article. Well worth the read.
eat a tree!
I imagine Google Play Store has protections against MitM attacks, at least I hope it would.
FTA: "Infection of his device was made possible due to the lack of SSL encryption for sensitive communications between the TV and remote servers".
SSL would be the main defence against MitM attacks. If the TV manufacturers aren't even checking for a valid SSL cert on the server they're downloading from, they fail.
As we've all learned from Apple: No half-assed shit. Do or don't do.
I believe that was taught by Yoda, not Apple.
I find that Microsoft is really innovating in the user interface department these days.
From the article
"However, it is now recognized (Black 1992) that the maximum sustained winds estimated for typhoons during the 1940s to 1960s were too strong. The strongest reliably measured tropical cyclones were both 10 mph weaker than Patricia...".
I run my own mail server on a dyndns connection.
I'm surprised you don't have issues with that. There are RBL's that specifically list IP address blocks that are thought to be dynamic address pools, and some servers will reject you for nothing more. Also, how do you handle reverse DNS with a dynamic IP?
Ah, I see my mistake. I was confusing "itvplayer" with "iplayer".
Also, there aren't any adverts on iPlayer, unless you mean the intertitles?
I have no idea what an "intertitle" is, but I know what advertisements are, or what we refer to here as "commercials". Not sure if you call them that in the UK, but I am subjected to two or three rounds of commercials in the course of watching a show. You can see little markers on the iPlayer timeline where they are going to occur, but you can't skip past them.
So their concern comes down to people accessing content that they aren't paying for? Then charge for access. They estimate 60 million people outside the UK are accessing. That's a large potential market.
I'm currently paying for VPN service to watch shows with iPlayer. I would be happy to just pay them directly.
The BBC doesn't estimate that number - that number has been suggested by third parties and the BBC has suggested that the number is nowhere near accurate.
The other point is that they *do* charge for access outside the UK, but via their for-profit arm BBC Worldwide, which handles distribution of their content to non-UK markets. Due to various legal reasons in the way the BBC is funded, they have to do it this way, and the profits they can receive back from BBC Worldwide from these overseas sales are limited by legal limitations.
They understand how big the market is but they are legally hamstrung in being able to access it.
So some bright parliamentarian should propose changing the law. People want to pay for our content? Then take their money.
It doesn't even have to be a "for-profit" scenario, if that contravenes the BBC's mandate. Just charge what it takes to cover the cost of distribution. With iPlayer it's not even possible to skip over the ads. Even their advertisers should be happy with more eyeballs viewing their content.
So their concern comes down to people accessing content that they aren't paying for? Then charge for access. They estimate 60 million people outside the UK are accessing. That's a large potential market.
I'm currently paying for VPN service to watch shows with iPlayer. I would be happy to just pay them directly.
All of the routers tested in TFA are rated for 600Mb/s @2.4GHz and 1,300Mb/s @ 5GHz. The UniFi AC Lite AP that you link to is rated at 300Mb/s @2.4GHz and 867Mb/s @ 5GHz, so no surprise they're a lot cheaper.
The Ubiquiti UniFi products also require management software to be installed on some local computer, they don't provide a built-in web interface like most home networking devices. Whether this makes them "easier to configure" is a matter of personal preference I suppose.
My server spec's likely won't be helpful for you. One of the SSD's alone would pretty much use up your budget. Here are the details anyway:
Intel S2600CP Motherboard
2 of E5-2620 v2 @ 2.10GHz
64GB of DDR3L 1600MHz RAM
1000W Power Supply
Intel RMS25KB040 RAID Controller
AXXCBL740MS7P RAID/SAS Cable Kit
2 of 500GB SATA HDD in RAID1 for OS/Boot
2 of Intel 750 Series PCIe 1.2TB SSD for VM storage
Software installed includes:
VMware ESXi 6.0.0
Intel-nvme-1.0e.1.1-1OEM.550.0.0.1391871.x86_64.vib
Scsi-mpt2sas-20.00.00.00.1vmw-1OEM.550.0.0.1331820.x86_64.vib
Vmware-esx-provider-lsiprovider.vib
All current office products (2013)
Office 2013 is not the current version.
Even after disabling the "animations" and "hardware acceleration"
You do realize that disabling hardware acceleration makes things slower, right?
FWIW, I see absolutely zero performance issues on my Windows laptop. Diagnose the performance bottleneck on your machine before you blame the software.
Why don't they just aim a bunch of infrared LED's at the audience? Wouldn't that mess with the recording devices without the audience noticing?
Of course, the IR couldn't be too powerful, or you could damage people's eyes. In a darkened theatre their pupils would be dilated, and IR does not cause the pupils to contract like visible light.