WRONG answer, all those users that do no jailbreak their iPhones (a lot of people) are vulnerable to this attack, those are not jailbreak possibilities, those are big security vulnerabilities that are used to jailbreak. I am pretty sure any other OS manufacturer bug like this will be called like they must be called "Security bugs" and not jailbreaks
The same way nearly all signup forms request your email in order to be able to recover your account if you forget your password. Oh I forgot people create fake emails if they do not trust the site
The failure of the PSP Go was not related with any blocking of after market activities, people are not rejecting that (I do, I prefer disc based games over online download), many people here love Steam, the masters of blocking second hand sale, even multiuser gaming on the same PC, and many others love to buy games from the Apple App Store and Android Market. The Go died because Sony did not had the infrastructure and rules to game makers to make games available on disk and as online download. many recent PSP games are not available yet on the PSN store. For the PSP Vita that are telling that every game will be available for download too, They are changing the rules so developers now need to test and deploy online too.
Disc based games can be cheaper too if you wait and do not buy it on day one, I buy many games at 30$ or less frequently. By the way, can I buy some of your Steam games you do not play anymore?
People here frequently bash Sony, but be consistent, this blocking of online for second hand users is not good, keep in mind that they are not the only one doing it. In Steam I can not even play the same game with another user on the same machine without that person messing with my scores/saved game
The obsession to add Windows to every product name, and that obsession is killing the few good products they make because people associate them with Windows and the problems they have suffered using it
if your phone use half of the battery power than before (50% reduction of power consumption) that means double battery life, the real problem here is not math, is that Wifi usage is not the only way to consume power, screen is a big factor, so half reduction on Wifi usage does not always means half total power usage, so that statement is only true when other parts of the phone are using much less that Wifi like screen being off
I think they are using Mozill Audio Data API and that must be the reason it only work currently with Firefox, until the API advance from experimental to something more standard
No the sanity of people installing from non respectable sources, the warning is very informative, if someone still try to save a few bucks installing applications from unknown sources, that is their problem
Right, we need to check mental sanity of people that activate the option to install software from outside the market after the phone showed a big warning and they install anything from any place
Replace which, I am not saying that it is impossible to detect, I am just saying that simply checking ps and killing is not enough. I am the kind of person that think if a machine has indications of malware, it must be cleaned by reinstalling everything starting with the OS
oops I forgot, when the malware is installed, it can just change all your init session scripts, prepend a directory to your PATH, install new versions of ps, top, htop, kill,.... not impossible to detect, but it can hide itself a little more that simple running ps and kill
is that OS X install wizard build by the OS?, or is it an executable coded by the malware author? if the answer is true to the last question, why is needed to continue the install wizard?, the malware author can add code before opening it to install anything they want even if you press cancel
The problem is Safari setting to open "safe" files automatically, that is the most dumb thing a browser can do
Every normal computer on the planet could overheat, block ventilation circulation or put it in a closed cabinet and run and intensive process, but the hardware must not break if temperature reach designed limits. That is what happens on the PS3, the system shutdowns itself and refuse to work in that environment. I am sure the XBox 360 must be able to do something like that
Sony did not blamed Anonymous, they published that they found a file named Anonymous on their website and that we may never know if Anonymous member were duped to provide cover with their denial of service attacks to the person/group that exploited the vulnerability
There are bad software architectures and bad security bugs, but I do not believe the key to sign code to be run on the PS3 is the same they use to encrypt internal PSN data, that would be a BIG error. About the key found on the PS3, there is no other way to use symmetric key cryptography without one key on the side doing the signature validation so one key must be hidden on the PS3, and a bug on how they implemented the algorithm allowed people to deduct it, not that they found it in plain text
Not defending Sony, but if I must tell to my customers that we detected unauthorized access and they got the password hashes, I will report that we believe someone got access to the passwords database, hashed or not those are password related and the common user will not understand what is a hash or why if they are encrypted they must care to change it. This do not means they are storing hashes or not, there is a high probability than not but it is not conclusive
Note: password encryption is not a panacea either, if someone accessed the servers, they probably could access the encryption keys too because some code needs to decrypt them to validate the user, that is why you hash with a powerful algorithm and encrypt if you want more protection
Easy, do not link to GPL code. You ask for your rights but do not want to respect the rights of the GPL code authors?, When you link to GPL code, nobody is forcing you to release your code, your decision to link and use GPL and distribute it is what force you to do that, do not want to do it? do not take the decision to use GPL code in your software
Not sure about that, do you remember the standard proposal of SQL on the browser that Chrome implemented? It was shutdown because the spec required to implement the SQL dialect of an specific version of SQLIte, so in reality one implementation will rule over all browsers and that is bad for a browser technology to be used on the web. If there is no specification and multiple implementations of NaCl I think it does not belongs to the web
A lot of people knew that when they decided to hide the http:/// portion of the URL bar, the real reason was to be able to push SPDY without users noticing, the problem: they told the user do not need to see that, bla bla bla, Not that I have something against an efficient enhancement to HTTP, but please, no need to hide the real reason
Why is hardware an issue?, do Windows 95 drivers work on Windows 7?, regular people do not upgrade Windows over old hardware, they buy new hardware with Windows. Probably upgrades are more common on corporate computers, if you have some business application that require some special hardware then continue using your old Windows because it will be supported, oh wait that is happening right now with Windows XP, and if you do not have plans to upgrade your applications in 10 years of support of the old OS, please that company deserve to be owned by every security bug the old vendors left behind
On the software side, with today computers and virtualization it is easy to run your old applications. MS do not want to do it because they are slow to react to anything and in order to build a new foundation for your OS it is required to do react fast to the difficulties you will find, MS knows they can not do that right now, but do not make it sounds like it is impossible
Slashdot Mirror
WRONG answer, all those users that do no jailbreak their iPhones (a lot of people) are vulnerable to this attack, those are not jailbreak possibilities, those are big security vulnerabilities that are used to jailbreak. I am pretty sure any other OS manufacturer bug like this will be called like they must be called "Security bugs" and not jailbreaks
The same way nearly all signup forms request your email in order to be able to recover your account if you forget your password. Oh I forgot people create fake emails if they do not trust the site
Oh my goodness. Shut me down! Androids controlling Robots. Hmm. How perverse.
The failure of the PSP Go was not related with any blocking of after market activities, people are not rejecting that (I do, I prefer disc based games over online download), many people here love Steam, the masters of blocking second hand sale, even multiuser gaming on the same PC, and many others love to buy games from the Apple App Store and Android Market. The Go died because Sony did not had the infrastructure and rules to game makers to make games available on disk and as online download. many recent PSP games are not available yet on the PSN store. For the PSP Vita that are telling that every game will be available for download too, They are changing the rules so developers now need to test and deploy online too.
Disc based games can be cheaper too if you wait and do not buy it on day one, I buy many games at 30$ or less frequently. By the way, can I buy some of your Steam games you do not play anymore?
People here frequently bash Sony, but be consistent, this blocking of online for second hand users is not good, keep in mind that they are not the only one doing it. In Steam I can not even play the same game with another user on the same machine without that person messing with my scores/saved game
The obsession to add Windows to every product name, and that obsession is killing the few good products they make because people associate them with Windows and the problems they have suffered using it
if your phone use half of the battery power than before (50% reduction of power consumption) that means double battery life, the real problem here is not math, is that Wifi usage is not the only way to consume power, screen is a big factor, so half reduction on Wifi usage does not always means half total power usage, so that statement is only true when other parts of the phone are using much less that Wifi like screen being off
I think they are using Mozill Audio Data API and that must be the reason it only work currently with Firefox, until the API advance from experimental to something more standard
and I still think that write once, debug everywhere is better that write n times, and debug everywhere
No the sanity of people installing from non respectable sources, the warning is very informative, if someone still try to save a few bucks installing applications from unknown sources, that is their problem
Right, we need to check mental sanity of people that activate the option to install software from outside the market after the phone showed a big warning and they install anything from any place
Apparently there are other ways to do it with prctl on Linux and other APIs on OS X
Replace which, I am not saying that it is impossible to detect, I am just saying that simply checking ps and killing is not enough. I am the kind of person that think if a machine has indications of malware, it must be cleaned by reinstalling everything starting with the OS
oops I forgot, when the malware is installed, it can just change all your init session scripts, prepend a directory to your PATH, install new versions of ps, top, htop, kill,.... not impossible to detect, but it can hide itself a little more that simple running ps and kill
With tricks like this Howto change a UNIX process and child process name by modifying argv[0]
For example sendmail change it to this "sendmail: accepting connections"
is that OS X install wizard build by the OS?, or is it an executable coded by the malware author? if the answer is true to the last question, why is needed to continue the install wizard?, the malware author can add code before opening it to install anything they want even if you press cancel
The problem is Safari setting to open "safe" files automatically, that is the most dumb thing a browser can do
Every normal computer on the planet could overheat, block ventilation circulation or put it in a closed cabinet and run and intensive process, but the hardware must not break if temperature reach designed limits. That is what happens on the PS3, the system shutdowns itself and refuse to work in that environment. I am sure the XBox 360 must be able to do something like that
The Android mascot is open (Creative Commons Attribution license) , you can start a business selling those
Sony did not blamed Anonymous, they published that they found a file named Anonymous on their website and that we may never know if Anonymous member were duped to provide cover with their denial of service attacks to the person/group that exploited the vulnerability
There are bad software architectures and bad security bugs, but I do not believe the key to sign code to be run on the PS3 is the same they use to encrypt internal PSN data, that would be a BIG error. About the key found on the PS3, there is no other way to use symmetric key cryptography without one key on the side doing the signature validation so one key must be hidden on the PS3, and a bug on how they implemented the algorithm allowed people to deduct it, not that they found it in plain text
Not defending Sony, but if I must tell to my customers that we detected unauthorized access and they got the password hashes, I will report that we believe someone got access to the passwords database, hashed or not those are password related and the common user will not understand what is a hash or why if they are encrypted they must care to change it. This do not means they are storing hashes or not, there is a high probability than not but it is not conclusive
Note: password encryption is not a panacea either, if someone accessed the servers, they probably could access the encryption keys too because some code needs to decrypt them to validate the user, that is why you hash with a powerful algorithm and encrypt if you want more protection
Easy, do not link to GPL code. You ask for your rights but do not want to respect the rights of the GPL code authors?, When you link to GPL code, nobody is forcing you to release your code, your decision to link and use GPL and distribute it is what force you to do that, do not want to do it? do not take the decision to use GPL code in your software
Not sure about that, do you remember the standard proposal of SQL on the browser that Chrome implemented? It was shutdown because the spec required to implement the SQL dialect of an specific version of SQLIte, so in reality one implementation will rule over all browsers and that is bad for a browser technology to be used on the web. If there is no specification and multiple implementations of NaCl I think it does not belongs to the web
A lot of people knew that when they decided to hide the http:/// portion of the URL bar, the real reason was to be able to push SPDY without users noticing, the problem: they told the user do not need to see that, bla bla bla, Not that I have something against an efficient enhancement to HTTP, but please, no need to hide the real reason
Why is hardware an issue?, do Windows 95 drivers work on Windows 7?, regular people do not upgrade Windows over old hardware, they buy new hardware with Windows. Probably upgrades are more common on corporate computers, if you have some business application that require some special hardware then continue using your old Windows because it will be supported, oh wait that is happening right now with Windows XP, and if you do not have plans to upgrade your applications in 10 years of support of the old OS, please that company deserve to be owned by every security bug the old vendors left behind
On the software side, with today computers and virtualization it is easy to run your old applications. MS do not want to do it because they are slow to react to anything and in order to build a new foundation for your OS it is required to do react fast to the difficulties you will find, MS knows they can not do that right now, but do not make it sounds like it is impossible