Tivo had a brilliant idea, first to release first to implement and revolutionize the concept of DVR, and despite being better then the setups that the cable networks bundled in almost every category, got completely crushed by falsely claimed free offerings offered by the cable and satellite companies.
1. Greedy thieves hear about anon vs sony, launch an attack to steal valubles, and leave an anon was here note to keep the authorities and sony chasing 13 year old kids instead of coming after them
2. Activists realized actually harming the customers was bad for their message, takes information without using it to force sony to admit and apologize to a breach, without directly harming the users
3. Activists are launching DDOS and other attacks keeping security busy, while simultaneously pointing out flaws in security, criminal hackers are hearing these flaws, noticing security is busy handling DDOSes, and they take advantage of the situation.
All you need is a simple "warning this app may not function correctly if you deny these rights, if the app does not work you will need to either add these rights or remove the app"
The big thing is it's microsoft not even waiting a few weeks before yanking support for things. Because they are not a majority does not mean it isn't a huge issue. Next will most likely be the linux client, possibly followed by the android and IOS apps, in the end we could be looking at skype being windows and Windows phone only.
Well I do agree on that for adults, I think the weakness however is the false sense of security the fact that teens think that only their friends can see when they are posting their schedules, where they will be when etc.... What's worse is the parents don't know either. Facebook has a pretense implying security and privacy that many parents and teens don't realize how weak it is and set things wrong.
The 170M is just the cost to hire security consultants to... make the security the way it should have been from day 1, apply security patches and actually put some real security people in the loop. Actual damages were most likely peanuts.
No I'm saying to solve problems in one field you have to write the program for it. Writing a program to solve a trigonometry or physics problem doesn't just depend on your computer programing skills. You obviously have to know the algorithm yourself in order to make a computer execute it for you. By the time you've researched something, and converted the complicated algorithms into something the calculator can execute, odds are you've worked with it so much the formula itself is committed to memory anyway. I believe there was an old show where a kid spent all night copying down facts onto his shoes to cheat on a test, then when he got to the test he realized he spent so much time copying the stuff that it was committed to his memory anyway and didn't need to look at them. Same principle applies only most likely much deeper, because odds are you have to do a bit of troubleshooting and debugging, which requires you to repeatedly go over the steps to figure out which step is getting the wrong information.
"I don't think it's an issue of running untrusted executable code, the code IS trusted but it's capable of doing things the phone should never have exposed to the application. I'd like to see security enforced for every execution of an application, so when you close an application, it gives you a list of the data the application tried to access. Rather than trying to ask the user each time to accept or decline, it should be configured BEFORE execution."
You pretty much described the way the android works, when you install the application it gives you a list of what it can access. Out of the box when you install a program the android says "this program requires permission to access X, X and X, do you still want to install it?"
I don't think the bug bounties will ever match the insane prices that black hats will sell these things for, but they can motivate the white and grey hats to spend more time looking for the bugs. The black hats have the perk that they can more or less turn the hunting into a full fledged job, find the right 2-3 exploits and you can make profits that legitimate programmers make in 5 years, but for every one of those guys, there's 10 people who work 9-5 and could probably use a bit of extra cash, $1000 or so isn't a bad incentive to spend a few extra hours each night looking around for something, it's also something that could look good on the resume for a starting programmer, and substantial money to say a teenager. Rather then spending 80K on one good black hat, you can spend 70k and keep thousands of white/grey hats from all walks of life. Heck there's some mistakes that I'm sure a bored teenage prodigy would catch that an experienced veteran programmer would miss just because they see things differently.
A sony shill, that's new. Now the thing with the blu-ray player is, with what they got on the removal of other OS, sony basically reserved themselves the right to remove features that may or may not have been a selling point for the system. Other OS may have only been used by 5% of people, but that still dosn't justify removing it, what's to say they can't remove blu ray 1-2 years down the road, sure they would be retarded to do it, but they more or less secured the right to do it if they wanted. Secondly it isn't considered for free when the system is expensive and it's on the box that it can do it, it's not a bonus for free it's a system feature and a selling point.
are you actually defending their suing of hotz? He posted keys that he figured out, that isn't/shouldn't be a crime. Publishing keys would only be a crime if he signed an NDA with sony beforehand. Hotz never condoned encouraged or even supported piracy. All he did was give people the keys to do what they wanted with the hardware that they paid for. What hotz did is no different then say posting a guide to upgrade the engine in a car to make it go faster, yes someone may be able to use that information to make a getaway car, or speed, but just having a car that can go fast in itself is not a crime, nor is making one able to go fast a crime.
Well if you actually wrote it I would say yes, you can't write a program to do something, without having a solid understanding of what that something is. Of course that still doesn't justify the 500+ people afterwards that may just download and install the program made by the author, or even possible trades from programmers. (I understand geometry enough to write a geometry program, you know physics enough to write a physics program, lets swap).
Alcohol is a tad expensive to use for an analogy, what about an all you can eat buffet. Only difference, the price of food dosn't go down as technology upgrades, yet these buffets still manage to stay in business, despite not asking for more money from customers who weigh over 200 LBs.
I do agree, a correctly configured and updated linux server is a great moving target, and a non-updated one that just sits there, is a marvelous broad side of a barn target.
Still a number of other issues with zombies, first off if the actual host bodies are indeed rotting etc as they are usually depicted then that would be an issue, also if zombies used guns then they would render the victims unable to become zombies themselves. In which case then it would be the equivalent of a normal gang of people to take down. 100 or less people would not rival a nation.
That's the issue though, ignoring technicalities of the name, OSX is directly vulnerable to a huge widespread trojan infestation due to an extreme overconfidence in the userbase. Send them a link to an infected executable (or pdf, doc, link to flash game etc...) "sure I can open it, I'm on a mac I'm safe".
Hard to say on nintendo, they have very little to offer hackers, as you mentioned they probably don't keep much of that information. They also haven't intentionally stuck their junk into a hornets nest by directly attacking the individual hackers and fighting with lawsuits, they took down the homebrew channel, they attempt to secure their systems, but generally when the security is bypassed they shrug their shoulders and say ok it's broken oh well, rather then waging a full on war against majorly ticked off hackers. If there is a lesson from this, hopefully even though sony is hardheaded and stupid and will never learn, it is fully possible Nintendo and Microsoft are paying attention to Sony as a "this is what not to do" rule.
Seriously only 5% of people ignore warnings? I would have to say about 75% of people I have seen download regardless of if you say "warning this will completely reduce your computer into a pile of steaming dung" in exchange for a screensaver with kittens, and then if you cut it down from that to IE users... well then I'd put that number closer to 95% would ignore the warnings.
Again I hold to the fact that I am not convinced that this breach is even connected to geohot in any way more then an opportunistic coverup to cover their asses. I think this was a mass CC# theft intended to use the current tensions between anon and sony as a distraction, possibly even borrow some of anon's members to do a DDOS and keep sony + legal authorities busy chasing 13 year olds while the criminals are unloading money into offshore bank accounts.
Well for this author which one would be most valuable would depend largely on where his work/authoring was stored. For me all of my critical work that I would regret losing is on an encrypted flash drive attached to my key-chain, and backed up to a dropbox account (encrypted before backed up of course). If my laptop was stolen the cost of the laptop would be the biggest loss, personally I don't go with whole disk encryption because I don't like the chance of having to re-install re-setup my things in the slight chance of something going corrupt in my OS or in the sectors controlling the encryption.
Well for starters if it's for a program they don't have on their computer, and if it is asking for CC information. I load all of my friends/relatives up with microsoft security essentials or avira. I tell them if any program asks them for their CC# dont' give it.
I have to agree. No matter how you look at it driverless cars almost ineveitably will be safer then human drivers, and unless they are legalized in an area the testing to make them safer and better will not be available, but the first accident, even if it is the fault of the other driver, will make everyone fear and assume the worst about the automatic driving cars, even if they are replacing something that we all know is the leading cause of death in the country. The biggest difference between auto driving cars and human drivers, the automatic ones have the potential to continue to improve as a whole as more data is gathered, while humans will remain at roughly the same level of intelligence, if not get stupider as time goes on. It kind of reminds me of how in england there is a huge fuss over one person who was an ex-smoker that switched to electronic cigarettes, then died of indeterminable lung problems. If someone quit cold turkey after smoking for 20 years nobody would think twice about it it would have just been assumed to be problems left over from his years of smoking. I'm not saying it absolutely couldn't have been the e-cig, but for many that is the only option that will get them off of a more or less guaranteed killer onto a possible killer. I'll take possible death over almost certain death any day.
Well considering google is talking free 3G included for $20 a month, not all college students have $500 laying around the house, then extra $X a month for a data plan. Useless without internet, but it is bundled with 3g internet that works almost anywhere, I fail to see the problem. It isn't a top of the line perfect for everyone device, but it is a nice, inexpensive tool that seems appropriate for many students needs.
Well theoretically wouldn't that also give microsoft and security vendors a chance to adapt, patch the holes and flaws that allow the kit to work in the first place? Sure it's a huge extra fear since the source code is out and it can adapt to new holes faster, but I'd imagine the ones who were capable of finding and exploiting vulnerabilities were already a threat.
Indeed, pulling a few big names doesn't do much. I'd be willing to bet if you take samples from the NFL and NBA, a very large number of them were steriotypical jocks in their teens, and now they are making millions. What does that say about jocks and success, absolutely nothing. Vin diesel played D&D growing up, so I'm going to equate D&D to becoming a muscular tough movie star, after all it happened once to one person so it must always be true.
IMO This dosn't sound like a moneygrubbing move, it sounds to me like googles gameplan actually makes sense. With android for phones the issue was half the phone developers made great implementations, the other half released horrible mockeries of the original concepts (burried the good under their vendor specific changes, AT&T flat out blocking non-app store programs etc...). What google is doing is pretty much saying the first batch of google endorsed tablets need to be good, once the consumer knows what an android tablet should be then they can give developers the freedom to improve or fsck it up, once the users have had a baseline to know what normal is for comparison, instead of getting a half backed knockoff and thinking "this tablet sucks, all android tablets must suck".
Slashdot Mirror
Tivo had a brilliant idea, first to release first to implement and revolutionize the concept of DVR, and despite being better then the setups that the cable networks bundled in almost every category, got completely crushed by falsely claimed free offerings offered by the cable and satellite companies.
1. Greedy thieves hear about anon vs sony, launch an attack to steal valubles, and leave an anon was here note to keep the authorities and sony chasing 13 year old kids instead of coming after them
2. Activists realized actually harming the customers was bad for their message, takes information without using it to force sony to admit and apologize to a breach, without directly harming the users
3. Activists are launching DDOS and other attacks keeping security busy, while simultaneously pointing out flaws in security, criminal hackers are hearing these flaws, noticing security is busy handling DDOSes, and they take advantage of the situation.
All you need is a simple "warning this app may not function correctly if you deny these rights, if the app does not work you will need to either add these rights or remove the app"
The big thing is it's microsoft not even waiting a few weeks before yanking support for things. Because they are not a majority does not mean it isn't a huge issue. Next will most likely be the linux client, possibly followed by the android and IOS apps, in the end we could be looking at skype being windows and Windows phone only.
Well I do agree on that for adults, I think the weakness however is the false sense of security the fact that teens think that only their friends can see when they are posting their schedules, where they will be when etc.... What's worse is the parents don't know either. Facebook has a pretense implying security and privacy that many parents and teens don't realize how weak it is and set things wrong.
The 170M is just the cost to hire security consultants to... make the security the way it should have been from day 1, apply security patches and actually put some real security people in the loop. Actual damages were most likely peanuts.
No I'm saying to solve problems in one field you have to write the program for it. Writing a program to solve a trigonometry or physics problem doesn't just depend on your computer programing skills. You obviously have to know the algorithm yourself in order to make a computer execute it for you. By the time you've researched something, and converted the complicated algorithms into something the calculator can execute, odds are you've worked with it so much the formula itself is committed to memory anyway. I believe there was an old show where a kid spent all night copying down facts onto his shoes to cheat on a test, then when he got to the test he realized he spent so much time copying the stuff that it was committed to his memory anyway and didn't need to look at them. Same principle applies only most likely much deeper, because odds are you have to do a bit of troubleshooting and debugging, which requires you to repeatedly go over the steps to figure out which step is getting the wrong information.
You pretty much described the way the android works, when you install the application it gives you a list of what it can access. Out of the box when you install a program the android says "this program requires permission to access X, X and X, do you still want to install it?"
I don't think the bug bounties will ever match the insane prices that black hats will sell these things for, but they can motivate the white and grey hats to spend more time looking for the bugs. The black hats have the perk that they can more or less turn the hunting into a full fledged job, find the right 2-3 exploits and you can make profits that legitimate programmers make in 5 years, but for every one of those guys, there's 10 people who work 9-5 and could probably use a bit of extra cash, $1000 or so isn't a bad incentive to spend a few extra hours each night looking around for something, it's also something that could look good on the resume for a starting programmer, and substantial money to say a teenager. Rather then spending 80K on one good black hat, you can spend 70k and keep thousands of white/grey hats from all walks of life. Heck there's some mistakes that I'm sure a bored teenage prodigy would catch that an experienced veteran programmer would miss just because they see things differently.
are you actually defending their suing of hotz? He posted keys that he figured out, that isn't/shouldn't be a crime. Publishing keys would only be a crime if he signed an NDA with sony beforehand. Hotz never condoned encouraged or even supported piracy. All he did was give people the keys to do what they wanted with the hardware that they paid for. What hotz did is no different then say posting a guide to upgrade the engine in a car to make it go faster, yes someone may be able to use that information to make a getaway car, or speed, but just having a car that can go fast in itself is not a crime, nor is making one able to go fast a crime.
Well if you actually wrote it I would say yes, you can't write a program to do something, without having a solid understanding of what that something is. Of course that still doesn't justify the 500+ people afterwards that may just download and install the program made by the author, or even possible trades from programmers. (I understand geometry enough to write a geometry program, you know physics enough to write a physics program, lets swap).
Alcohol is a tad expensive to use for an analogy, what about an all you can eat buffet. Only difference, the price of food dosn't go down as technology upgrades, yet these buffets still manage to stay in business, despite not asking for more money from customers who weigh over 200 LBs.
I do agree, a correctly configured and updated linux server is a great moving target, and a non-updated one that just sits there, is a marvelous broad side of a barn target.
Still a number of other issues with zombies, first off if the actual host bodies are indeed rotting etc as they are usually depicted then that would be an issue, also if zombies used guns then they would render the victims unable to become zombies themselves. In which case then it would be the equivalent of a normal gang of people to take down. 100 or less people would not rival a nation.
That's the issue though, ignoring technicalities of the name, OSX is directly vulnerable to a huge widespread trojan infestation due to an extreme overconfidence in the userbase. Send them a link to an infected executable (or pdf, doc, link to flash game etc...) "sure I can open it, I'm on a mac I'm safe".
Hard to say on nintendo, they have very little to offer hackers, as you mentioned they probably don't keep much of that information. They also haven't intentionally stuck their junk into a hornets nest by directly attacking the individual hackers and fighting with lawsuits, they took down the homebrew channel, they attempt to secure their systems, but generally when the security is bypassed they shrug their shoulders and say ok it's broken oh well, rather then waging a full on war against majorly ticked off hackers. If there is a lesson from this, hopefully even though sony is hardheaded and stupid and will never learn, it is fully possible Nintendo and Microsoft are paying attention to Sony as a "this is what not to do" rule.
Seriously only 5% of people ignore warnings? I would have to say about 75% of people I have seen download regardless of if you say "warning this will completely reduce your computer into a pile of steaming dung" in exchange for a screensaver with kittens, and then if you cut it down from that to IE users... well then I'd put that number closer to 95% would ignore the warnings.
Again I hold to the fact that I am not convinced that this breach is even connected to geohot in any way more then an opportunistic coverup to cover their asses. I think this was a mass CC# theft intended to use the current tensions between anon and sony as a distraction, possibly even borrow some of anon's members to do a DDOS and keep sony + legal authorities busy chasing 13 year olds while the criminals are unloading money into offshore bank accounts.
Well for this author which one would be most valuable would depend largely on where his work/authoring was stored. For me all of my critical work that I would regret losing is on an encrypted flash drive attached to my key-chain, and backed up to a dropbox account (encrypted before backed up of course). If my laptop was stolen the cost of the laptop would be the biggest loss, personally I don't go with whole disk encryption because I don't like the chance of having to re-install re-setup my things in the slight chance of something going corrupt in my OS or in the sectors controlling the encryption.
Well for starters if it's for a program they don't have on their computer, and if it is asking for CC information. I load all of my friends/relatives up with microsoft security essentials or avira. I tell them if any program asks them for their CC# dont' give it.
I have to agree. No matter how you look at it driverless cars almost ineveitably will be safer then human drivers, and unless they are legalized in an area the testing to make them safer and better will not be available, but the first accident, even if it is the fault of the other driver, will make everyone fear and assume the worst about the automatic driving cars, even if they are replacing something that we all know is the leading cause of death in the country. The biggest difference between auto driving cars and human drivers, the automatic ones have the potential to continue to improve as a whole as more data is gathered, while humans will remain at roughly the same level of intelligence, if not get stupider as time goes on. It kind of reminds me of how in england there is a huge fuss over one person who was an ex-smoker that switched to electronic cigarettes, then died of indeterminable lung problems. If someone quit cold turkey after smoking for 20 years nobody would think twice about it it would have just been assumed to be problems left over from his years of smoking. I'm not saying it absolutely couldn't have been the e-cig, but for many that is the only option that will get them off of a more or less guaranteed killer onto a possible killer. I'll take possible death over almost certain death any day.
Well considering google is talking free 3G included for $20 a month, not all college students have $500 laying around the house, then extra $X a month for a data plan. Useless without internet, but it is bundled with 3g internet that works almost anywhere, I fail to see the problem. It isn't a top of the line perfect for everyone device, but it is a nice, inexpensive tool that seems appropriate for many students needs.
Well theoretically wouldn't that also give microsoft and security vendors a chance to adapt, patch the holes and flaws that allow the kit to work in the first place? Sure it's a huge extra fear since the source code is out and it can adapt to new holes faster, but I'd imagine the ones who were capable of finding and exploiting vulnerabilities were already a threat.
Indeed, pulling a few big names doesn't do much. I'd be willing to bet if you take samples from the NFL and NBA, a very large number of them were steriotypical jocks in their teens, and now they are making millions. What does that say about jocks and success, absolutely nothing. Vin diesel played D&D growing up, so I'm going to equate D&D to becoming a muscular tough movie star, after all it happened once to one person so it must always be true.
IMO This dosn't sound like a moneygrubbing move, it sounds to me like googles gameplan actually makes sense. With android for phones the issue was half the phone developers made great implementations, the other half released horrible mockeries of the original concepts (burried the good under their vendor specific changes, AT&T flat out blocking non-app store programs etc...). What google is doing is pretty much saying the first batch of google endorsed tablets need to be good, once the consumer knows what an android tablet should be then they can give developers the freedom to improve or fsck it up, once the users have had a baseline to know what normal is for comparison, instead of getting a half backed knockoff and thinking "this tablet sucks, all android tablets must suck".