It ia a joke analogy, I know but the main idea is that your deals doesn't give you a blank cheque to do anything above the law, as I said, "if that was the case"
Continuing with the joke analogy, If the killer don't agree to kill the husband, the customer, the wife, will not get access to enjoy the money from the inheritance either
Public Key pinning is a small first step in the right direction, I think the problem is the first connection with the site, hopefuly something with DNSSEC could be added to help more
In my understanding of the Android docs and this blog, yes it can have one, Google Wallet use the harware secure element on supported devices. Recent Android releases added APIs too, for applications to emulate cards without access to the secure element, pure CPU based implementations, less secure but still an option.
Until someone use one of those remote vulnerabilities that were used previously to jailbreak phones for malware (I remember one that did the jailbreak with just visiting a web page). We are talking about China here, so if this is some kind of government sponsored attack, they probably already have unreported security bugs at their disposal. It is true that iPhone security has being enhanced with every release, but at the same time code size has increased, so It must be something in ther to do more damage with enough resources
Because firmware updates become difficult, instead of binary differences between releases, you need a full fledged package manager and dependecy resolution to update the phone
Yahoo has something to tell you about their $250,000 per day fine if they didn't accept PRISM
Re:Extensions are interesting
on
iOS 8 Review
·
· Score: 1
The skype bug was not a skype bug, but one on some qualcomm camera driver that locked up using a lot of CPU, It had nothing to do with Android multitasking APIs
Google, stop chaging people that uses inum, those are SIP endpoints so it is wrong to charge money for a connection that is direct between SIP user agents, if not, don't complain about the lack of Net neutrality. You are giving advantage to people on your own IP network (Hangouts users) that those outside that want to communicate with Hangouts users.
Search rates for "International Networks - Voxbone" at their calling rate list
If I am out of my home for a night I should be able to use my watch the next day until I get home, without the need to carry another charger with me, 3 days Is something I want as a minimum
Should a Linux kernel privilege scalation bugs be called a C vulnerability? no, those are bugs on code that use a particular language. If you say that the bug was found on the embeeed XML parser or any other library that is part of the Java Runtime, I would say yes, but this time no
SELinux is another leyer of security people should learn. Is it difficult the first time you use it? true, but that doesn't mean it isn't useful.
Every time someone says that SELinux should be disabled, instead of learining how to use it, I remember the days when Windows changed from FAT to NTFS, and people said "disable NTFS, format FAT, filesystem permissions are difficult":)
Input this code I show you on screen with this virtual keyboard, and the OS filter everu other input event from that device that is not targeted to that keyboard, validate the input and accept or reject the device, annoying I know, but not impossible to protect
This kind of attack is not new, the new part are the examples of generic devices with hacked firmware to do that. This can be solved easily requesting user autorization before activating any USB device type, for example, before telling the system that there is a new USB network device, ask the user for confirmation. The trick is with input devices, where the new device could be replacing a broken one (keyboard or mouse), the confirmation can be done requesting the user to type a code displayed on screen or using the mouse to use a on screen keyboard in order to accept the input device for general usage. The other problem is with devices permanently attached, assume that any attached device at boot time is trusted, If someone replaced your USB device when you weren't present other more awful things couls have been done.
The Internet was done so well that most people think of it as a natural resource like the Pacific Ocean, rather than something that was man-made. When was the last time a technology with a scale like that was so error-free? The Web, in comparison, is a joke. The Web was done by amateurs
I have seen manufacturers enabling their IPMI implementation by default, sharing the primary network interface, add that many people don't know what IPMI is and you get this problem, lot of IPMI devices accesible from the internet
It is a problem of the Android tools for OS X and Windows, on a Linux distribution with a compiled kernel with KVM virtualization enabled (any modern distro), you only install the x86 image and start it without any other install or configuration needed, who would have said that using Linux would be easier than Windows hehe. The only downside is that if you start using KVM VMs, other virtualization solutions like VirtualBox can not be used at the same time, so if you need a Windows VM for your daily work you must run it inside KVM or not use it at all when running Android x86 images
Who built it isn't more important to who designed and tested it. In Venezuela, the state has partenrships with Chinese manufacturers, I have no plan to buy a Chinese mede car here because we don't have a certification or testing infraestructure, we don't have verified dummy tests like USA and Europe has. Why a Chinese made vehicle that pass USA certifications and tests be any different in quality than one make in Europe, if they are different in quality and both passes the tests, the tests are the problem
Slashdot Mirror
It ia a joke analogy, I know but the main idea is that your deals doesn't give you a blank cheque to do anything above the law, as I said, "if that was the case"
Continuing with the joke analogy, If the killer don't agree to kill the husband, the customer, the wife, will not get access to enjoy the money from the inheritance either
"Your Honor, I ended up killing him, It was absolutely necessary given deals I had with his wife to patch her problems"
A secret deal is not an excuse to screw illegaly your customers, if that was the case.
Public Key pinning is a small first step in the right direction, I think the problem is the first connection with the site, hopefuly something with DNSSEC could be added to help more
Yea sure, business will want to unblock Facebook on their proxies just because you have a "For Work" version. It will not happen.
In my understanding of the Android docs and this blog, yes it can have one, Google Wallet use the harware secure element on supported devices. Recent Android releases added APIs too, for applications to emulate cards without access to the secure element, pure CPU based implementations, less secure but still an option.
Fido U2F overview
I propose IBAR, International Business Apple Reseller
Until someone use one of those remote vulnerabilities that were used previously to jailbreak phones for malware (I remember one that did the jailbreak with just visiting a web page). We are talking about China here, so if this is some kind of government sponsored attack, they probably already have unreported security bugs at their disposal. It is true that iPhone security has being enhanced with every release, but at the same time code size has increased, so It must be something in ther to do more damage with enough resources
Because firmware updates become difficult, instead of binary differences between releases, you need a full fledged package manager and dependecy resolution to update the phone
Yahoo has something to tell you about their $250,000 per day fine if they didn't accept PRISM
The skype bug was not a skype bug, but one on some qualcomm camera driver that locked up using a lot of CPU, It had nothing to do with Android multitasking APIs
Google, stop chaging people that uses inum, those are SIP endpoints so it is wrong to charge money for a connection that is direct between SIP user agents, if not, don't complain about the lack of Net neutrality. You are giving advantage to people on your own IP network (Hangouts users) that those outside that want to communicate with Hangouts users.
Search rates for "International Networks - Voxbone" at their calling rate list
If I am out of my home for a night I should be able to use my watch the next day until I get home, without the need to carry another charger with me, 3 days Is something I want as a minimum
One of them, logind Manage user sessions with all the tools used with server processes. I for one welcome this.
Should a Linux kernel privilege scalation bugs be called a C vulnerability? no, those are bugs on code that use a particular language. If you say that the bug was found on the embeeed XML parser or any other library that is part of the Java Runtime, I would say yes, but this time no
The default is:
1. Allow User MITM (pinning not enforced if the trust anchor is a user inserted CA, default)
So CAs inserted by the corporate networks will be allowed, only verified for CAs shipped by Mozilla
I wish more people were sued to use a Linux distro
SELinux is another leyer of security people should learn. Is it difficult the first time you use it? true, but that doesn't mean it isn't useful.
Every time someone says that SELinux should be disabled, instead of learining how to use it, I remember the days when Windows changed from FAT to NTFS, and people said "disable NTFS, format FAT, filesystem permissions are difficult" :)
For once we beat Debian packaging then
# yum list java-1.8.0-openjdk ... ...
Loaded plugins: langpacks, refresh-packagekit, remove-with-leaves, show-leaves
Installed Packages
java-1.8.0-openjdk.x86_64
Input this code I show you on screen with this virtual keyboard, and the OS filter everu other input event from that device that is not targeted to that keyboard, validate the input and accept or reject the device, annoying I know, but not impossible to protect
This kind of attack is not new, the new part are the examples of generic devices with hacked firmware to do that. This can be solved easily requesting user autorization before activating any USB device type, for example, before telling the system that there is a new USB network device, ask the user for confirmation. The trick is with input devices, where the new device could be replacing a broken one (keyboard or mouse), the confirmation can be done requesting the user to type a code displayed on screen or using the mouse to use a on screen keyboard in order to accept the input device for general usage. The other problem is with devices permanently attached, assume that any attached device at boot time is trusted, If someone replaced your USB device when you weren't present other more awful things couls have been done.
The Internet was done so well that most people think of it as a natural resource like the Pacific Ocean, rather than something that was man-made. When was the last time a technology with a scale like that was so error-free? The Web, in comparison, is a joke. The Web was done by amateurs
Alan Kay
http://www.drdobbs.com/archite...
I have seen manufacturers enabling their IPMI implementation by default, sharing the primary network interface, add that many people don't know what IPMI is and you get this problem, lot of IPMI devices accesible from the internet
It is a problem of the Android tools for OS X and Windows, on a Linux distribution with a compiled kernel with KVM virtualization enabled (any modern distro), you only install the x86 image and start it without any other install or configuration needed, who would have said that using Linux would be easier than Windows hehe. The only downside is that if you start using KVM VMs, other virtualization solutions like VirtualBox can not be used at the same time, so if you need a Windows VM for your daily work you must run it inside KVM or not use it at all when running Android x86 images
Who built it isn't more important to who designed and tested it. In Venezuela, the state has partenrships with Chinese manufacturers, I have no plan to buy a Chinese mede car here because we don't have a certification or testing infraestructure, we don't have verified dummy tests like USA and Europe has. Why a Chinese made vehicle that pass USA certifications and tests be any different in quality than one make in Europe, if they are different in quality and both passes the tests, the tests are the problem