As a long-standing member of the computer security industry, having done vulnerability research my entire career [0], there's exactly two sentiments in the industry:
1.) This is cool! I'll do this in my free time, it's fun! 2.) Fuck you, pay me.
The problem with #1 is that as soon as you hit any real resistance, it stops being fun. Have you tried landing a patch at GNU.org or in the upstream kernel? Biggest pain in the rear, ever.
The current state of affairs is that you can remain a White Hat and report vulnerabilities to Google in any open source software [1] or even Android specifically [2] and earn TENS OF THOUSANDS OF DOLLARS PER BUG. You can find even more companies / projects to assist through BugCrowd or HackerOne.
Alternately, if you don't mind your bugs being sold to any number of nation states, just take your research to Apple iOS, and either Exodus [3] or VUPEN-nee-Zerodium will pay you A MOTHER FUCKING MILLION DOLLARS [4] for the right bugs.
All of this whining is coming from the same open-source community leader (Torvalds) that has publicly shunned GRSecurity [5] one of the groups that has been trying to help for 20 years, and has stated that infosec industry members should "Please just kill yourself now. The world would be a better place." [6]
If I steal your SSH key, and then you change your password, I can still access your box.
The only difference here is that you're no longer in control of the effective authorized_hosts file, Dropbox is. Yes, they should regenerate the key every time you change your password.
The article's hysteria seems to be much more about the file, rather than the fact that a password change doesn't change your API key / secret key / etc.
If your local machine is accessed by an untrustworthy party and they get your shared secret/API token/whatever, they can impersonate you.
ALSO:
Applications store your login information locally when you request that they save your login information!!!
News at eleven.
An XBox isn't at the same price point as either a Google or Apple TV. Even Sony has $90 BluRay players that do NetFlix, Hulu Plus, and Amazon On Demand, among other things.
Re:CmdrTaco drags big brass ones along the ground
on
iPad Review
·
· Score: 1
Look at the Meebo application. Supports every network under the sun with Push notification. The Meebo servers keep you signed in, the app just signs you into the Meebo server. Push notifications work just like text messages -- but over AIM, Facebook, Google Talk, etc.
Right, because the content publishers aren't getting their panties in a bunch over being one of the first "iPad-compatible" websites with HTML5.
You're not factoring into the equation that many of the consumers that will be using an iPad may very well start to use these "compatible" websites just because they are "specifically designed for iPad" and have compatible video.
http://www.apple.com/ipad/ready-for-ipad/
Something else to consider is whether you actually save money by *not* purchasing the laptop, in the time and gas spent going to/from the computer lab.
Also, assuming the school does away the computer labs and the Technology Fee is removed (which is several hundred dollars per semester) a laptop may end up being cheaper.
I am a student at Michigan State University. They have a system where I can print from any platform (via Windows sharing or LDP) to any printer, anywhere on campus. There is a networked printer in each wing of each dorm, in every computer lab, and in all of the libraries. This works well with the campus-wide network (migrating to Wireless-N, IIRC).
Prints are $.05 per page side, an extra $.05 per side for color. All of the printer billing is integrated into the standard billing system.
It seems that the school tech administrators are gettnig more anal retentive every day. Compared to these guys, I lucked out.
Banned from school computers for life for downloading PuTTy.
(To get my homework nonetheless. I had misplaced the file on my webserver, and had to move it so that I could download it. That's it.)
The game has had bullet-time for quite some time, and only effects players in your immediate area. This allows the rest of the game to go along unhampered by your slow-flying bullets.
Slashdot Mirror
Are you saying fileless / in-memory only exploitation, post-exploitation donâ(TM)t exist?
Welcome to 2002, go read about any exploit kit from the past decade.
As a long-standing member of the computer security industry, having done vulnerability research my entire career [0], there's exactly two sentiments in the industry:
1.) This is cool! I'll do this in my free time, it's fun!
2.) Fuck you, pay me.
The problem with #1 is that as soon as you hit any real resistance, it stops being fun. Have you tried landing a patch at GNU.org or in the upstream kernel? Biggest pain in the rear, ever.
The current state of affairs is that you can remain a White Hat and report vulnerabilities to Google in any open source software [1] or even Android specifically [2] and earn TENS OF THOUSANDS OF DOLLARS PER BUG. You can find even more companies / projects to assist through BugCrowd or HackerOne.
Alternately, if you don't mind your bugs being sold to any number of nation states, just take your research to Apple iOS, and either Exodus [3] or VUPEN-nee-Zerodium will pay you A MOTHER FUCKING MILLION DOLLARS [4] for the right bugs.
All of this whining is coming from the same open-source community leader (Torvalds) that has publicly shunned GRSecurity [5] one of the groups that has been trying to help for 20 years, and has stated that infosec industry members should "Please just kill yourself now. The world would be a better place." [6]
So to you, Mr. Torvalds, I say:
FUCK YOU, PAY ME.
[0]: https://www.linkedin.com/in/za...
[1]: https://www.google.com/about/a...
[2]: https://www.google.com/about/a...
[3]: https://rsp.exodusintel.com/
[4]: https://zerodium.com/program.h...
[5]: https://lkml.org/lkml/2017/6/2...
[6]: https://web.archive.org/web/20...
If I steal your SSH key, and then you change your password, I can still access your box.
The only difference here is that you're no longer in control of the effective authorized_hosts file, Dropbox is. Yes, they should regenerate the key every time you change your password.
The article's hysteria seems to be much more about the file, rather than the fact that a password change doesn't change your API key / secret key / etc.
If your local machine is accessed by an untrustworthy party and they get your shared secret/API token/whatever, they can impersonate you. ALSO: Applications store your login information locally when you request that they save your login information!!! News at eleven.
An XBox isn't at the same price point as either a Google or Apple TV. Even Sony has $90 BluRay players that do NetFlix, Hulu Plus, and Amazon On Demand, among other things.
It's called Piercing the Corporate Veil. If you've got some time, the Buffalo Creek Disaster is an excellent book that outlines most of the specific situations you talked about.
Mod parent up insightful, or GP down.
Look at the Meebo application. Supports every network under the sun with Push notification. The Meebo servers keep you signed in, the app just signs you into the Meebo server. Push notifications work just like text messages -- but over AIM, Facebook, Google Talk, etc.
alen, I'd like you to meet Javascript/AJAX/DOM/HTML5. Javascript/AJAX/DOM/HTML5, alen.
Mod parent up.
Right, because the content publishers aren't getting their panties in a bunch over being one of the first "iPad-compatible" websites with HTML5. You're not factoring into the equation that many of the consumers that will be using an iPad may very well start to use these "compatible" websites just because they are "specifically designed for iPad" and have compatible video. http://www.apple.com/ipad/ready-for-ipad/
All of these news sites also happen to provide video to go with their news. This video is now offered in HTML5 when browsed to by an iPad.
Something else to consider is whether you actually save money by *not* purchasing the laptop, in the time and gas spent going to/from the computer lab. Also, assuming the school does away the computer labs and the Technology Fee is removed (which is several hundred dollars per semester) a laptop may end up being cheaper.
I am a student at Michigan State University. They have a system where I can print from any platform (via Windows sharing or LDP) to any printer, anywhere on campus. There is a networked printer in each wing of each dorm, in every computer lab, and in all of the libraries. This works well with the campus-wide network (migrating to Wireless-N, IIRC). Prints are $.05 per page side, an extra $.05 per side for color. All of the printer billing is integrated into the standard billing system.
It seems that the school tech administrators are gettnig more anal retentive every day. Compared to these guys, I lucked out. Banned from school computers for life for downloading PuTTy. (To get my homework nonetheless. I had misplaced the file on my webserver, and had to move it so that I could download it. That's it.)
http://www.specialistsmod.net/
The game has had bullet-time for quite some time, and only effects players in your immediate area. This allows the rest of the game to go along unhampered by your slow-flying bullets.