That the ticket sales sites don't implement such a simple solution suggests they actually like scalpers.
Exactly. StubHub is owned by TicketMaster. Tickets go up for sale on TicketMaster first and get sold out in seconds. Then they appear on StubHub where TicketMaster takes another cut of the sales. They have zero interest in curtailing this.
"Assemblyline is described by CSE as akin to a conveyor belt: files go in, and a handful of small helper applications automatically comb through each one in search of malicious clues. On the way out, every file is given a score, which lets analysts sort old, familiar threats from the new and novel attacks that typically require a closer, more manual approach to analysis".
While the attack would result in decrypting any clear text being sent over wifi, the saving grace is that an increasing amount of traffic is sent via HTTPS or SSL, which would provide an additional barrier to an attacker seeing login credentials for remote websites, etc.
If you watch the video posted by Mathy Vanhoef, you'll see at 1:16 he's also using sslstrip.
You seem to have overlooked where he wrote "from a separate laptop". Canvas fingerprinting work on a per machine basis. That's what the "fingerprint" refers to. It is not a way to link activities between different machines.
If the Russian gov't has obtained, one way or another, copies of Kaspersky's TLS keys, then they really don't need cooperation to see everything that's coming down the pipe. They can also probably MITM the connection and take control of the AV application, without Kaspersky's knowledge.
That's a very interesting thought, considering that Kaspersky has offered to make their source code available for scrutiny. In the scenario your describe, the vulnerability would arise outside of the code itself.
"Software produced by Microsoft" could mean anything from "Windows Server 2016" to "Clippy". The article gives no indication what they're talking about.
Consistently the worst brand of printers I have to deal with. When clients ask for me for a printer recommendation, the short answer is "anything other than Brother".
OK, before you go off on the usual rant against "fake RAID", ask yourself what alternative you're advocating. We're talking about NVMe SSD's here - the kind that insert directly into a PCIe or M.2 slot. They are not SSD's with a SAS or SATA interface, so they cannot be attached to a hardware RAID controller.
Personally I'm very happy to have BIOS support for using these devices in a RAID configuration, and it doesn't bother me at all that "OMG - A DRIVER IS REQUIRED!".
I can't stand it when browsers try to turn what I type in the address bar into a search. First thing I do is turn that crap off. So whether it's Internet Explorer or not, the only thing "leaking" from my address bar is the address I typed.
No one asked for this feature, but Apple wants to give it to us anyway. They have really lost touch with their user base...
Users may not have asked directly for an alternative to to the fingerprint reader, but consumer preference for larger screens made it desirable to get rid of the fingerprint reader / home button.
News flash: Being a thief is not difficult. That any particular thievery is based on technology does not make it cool, intrinsically interesting, or OK.
I can think of dozens ways to steal things that are "scarily easy". Like knocking down an old lady and grabbing her purse.
Slashdot Mirror
That the ticket sales sites don't implement such a simple solution suggests they actually like scalpers.
Exactly. StubHub is owned by TicketMaster. Tickets go up for sale on TicketMaster first and get sold out in seconds. Then they appear on StubHub where TicketMaster takes another cut of the sales. They have zero interest in curtailing this.
Ya, there's a bright idea. Disable your antivirus and then go download some key generator.
If their customers are sheep, who do you think does the herding?
Maybe because they're not idiots and want to control their image / marketing.
Let's just throw out acronyms and expect that everyone knows WTF you're talking about.
also does some one have a working tool setup where i can test some files through
Or at least some instructions on how to compile it.
From the article:
"Assemblyline is described by CSE as akin to a conveyor belt: files go in, and a handful of small helper applications automatically comb through each one in search of malicious clues. On the way out, every file is given a score, which lets analysts sort old, familiar threats from the new and novel attacks that typically require a closer, more manual approach to analysis".
Isn't the BMI measurement widely deprecated these days?
USB-C doesn't solve any problem I have...
So you've never tried to insert a USB connector wrong-way-up?
While the attack would result in decrypting any clear text being sent over wifi, the saving grace is that an increasing amount of traffic is sent via HTTPS or SSL, which would provide an additional barrier to an attacker seeing login credentials for remote websites, etc.
If you watch the video posted by Mathy Vanhoef, you'll see at 1:16 he's also using sslstrip.
You seem to have overlooked where he wrote "from a separate laptop". Canvas fingerprinting work on a per machine basis. That's what the "fingerprint" refers to. It is not a way to link activities between different machines.
If the Russian gov't has obtained, one way or another, copies of Kaspersky's TLS keys, then they really don't need cooperation to see everything that's coming down the pipe. They can also probably MITM the connection and take control of the AV application, without Kaspersky's knowledge.
That's a very interesting thought, considering that Kaspersky has offered to make their source code available for scrutiny. In the scenario your describe, the vulnerability would arise outside of the code itself.
"Software produced by Microsoft" could mean anything from "Windows Server 2016" to "Clippy". The article gives no indication what they're talking about.
I dunno. There's probably a lot of low-digit Slashdot users who could fall for a trap like that.
Consistently the worst brand of printers I have to deal with. When clients ask for me for a printer recommendation, the short answer is "anything other than Brother".
Nice! Four M.2 SSD's in a PCIe x16 slot.
OK, before you go off on the usual rant against "fake RAID", ask yourself what alternative you're advocating. We're talking about NVMe SSD's here - the kind that insert directly into a PCIe or M.2 slot. They are not SSD's with a SAS or SATA interface, so they cannot be attached to a hardware RAID controller.
Personally I'm very happy to have BIOS support for using these devices in a RAID configuration, and it doesn't bother me at all that "OMG - A DRIVER IS REQUIRED!".
I can't stand it when browsers try to turn what I type in the address bar into a search. First thing I do is turn that crap off. So whether it's Internet Explorer or not, the only thing "leaking" from my address bar is the address I typed.
what a DOM engine is.
If one ordered potassium nitrate and Amazon's algorithm "suggested items include sulfur and charcoal", how is that not bomb-making ingredients?
No one asked for this feature, but Apple wants to give it to us anyway. They have really lost touch with their user base...
Users may not have asked directly for an alternative to to the fingerprint reader, but consumer preference for larger screens made it desirable to get rid of the fingerprint reader / home button.
I purchased my first Bitcoins about a week ago, and I'm known to have that kind of effect.
I can also stop a cashier lineup just by standing in it.
aren't secure anyway, being transmitted in plain text. That's why we have SSH.
News flash: Being a thief is not difficult. That any particular thievery is based on technology does not make it cool, intrinsically interesting, or OK.
I can think of dozens ways to steal things that are "scarily easy". Like knocking down an old lady and grabbing her purse.
Joey Bada$$ proved it!