If they were serious, they would spend money in a range where it could actually have some effect. Try at the very least 100x that, and more likely 1000x...10000x.
Not necessarily. First, attacking the sound-chip firmware may not even need a compromise of the rest of the system and may be doable with user-rights only or by getting the user to install a compromised driver, possibly for an entirely different component.
Now assume, for example that the attacker changes the firmware of your soundcard at some time, say to let frequencies >= 20kHz always through to the speakers, but behave normal otherwise. Then the user boots Tails and the machine is in a non-compromised state (well, except for said sound-chip). The web ad can then use the beacon successfully.
The whole thing is an attack on a very high difficulty-level. Simplistic countermeasures will not cut it.
and if not, leave. The check is to first talk to your manager and if that fails to take it if with HR. If that still fails, hand in your notice as soon as you economically can. That may mean staying on a few more months, or may mean leaving immediately. It is neither your expertise nor your responsibility to solve that kind of problem. It is your responsibility to escalate it though, as it harms the organization.
Do not get your hopes up too much for the organization to be able to resolve this, unless you are essential and the piece-of-shit doing this is not, it is pretty likely that they will not resolve the issue and you will have to leave.
Nothing depending on software is secure here. Remember that this is an attack, and while the required zero-days my initially only be available to nation-state-level criminals, they often become the tools of other hackers pretty fast.
Well, I agree that good security habits may be far less known and followed in the NoSQL-crowd, because they are "hip" and "dynamic" and often inexperienced in server system configuration and management. Also, because all these mistakes _have_ been made with RDBM Systems in the past, they are less likely to be insecure by default, but it still is a risk and you need to check.
In the best case, hardening just involves checks and you find everything is fine. It still needs to be done and sometimes you find insecure things were you least expect them.
That is what you think. Actually it will be something like 6dB/octave dampening, so it still puts out about 12% of maximum volume at 24kHz. Receiving ultrasound is easier than normal sound, as there is less of it around in a normal environment. And in this application there is no need to worry about signal quality, a straight rectangle signal will do just fine, because of the dampening. The next generation of this malware will probably use ultra-wideband audio-pulses and be even more resilient.
No traditional RDBMS is "secured by default". You have absolutely no clue what you are talking about. That said, in my experience the only people even more arrogant and stupid in the DB world than the "No SQL" crowd are the traditional RDBMS people.
Simple: Morons in IT are far-cheaper salary-wise than people with a clue. And morons in management are too stupid to see that these people cost extremely much more overall than people with a clue. This is why such gross stupidity happens all the time in modern IT.
I imagine this is how things were done in the Roman Empire, right before it collapsed...
Sure. the typical luser has no idea what a commandline is about and how to use it. But there are a few people that know better and without them everything comes crashing down.
There are reasons CPU and RAM are separated. These are good reasons. The whole article is unmitigated nonsense, except for a very small set of special-purpose computations that can already be done with FPGAs anyways.
I agree on both counts. Unfortunately, intense research into this direction (parallelization, not getting rid of clueless idiots) has been running for more than 50 years with basically no good results except for some search and simulation problems that are easy to parallelize. I think most of that research should be stopped, and we should instead research how to get rid of clueless idiots.
Annoyed me so much because it was the same trash as everything else, I stopped watching it after 5 minutes. That one was not even worth the bandwidth. Maybe the new strategy of the movie-industry is to bore pirates to tears. If so, they are succeeding with me.
Very much this. For the last few things like "Rogue One", I cannot even bothered to check whether they would be available online. I watched the first 5 minutes of Episode 7 and all it did was annoy me. Same with all other other "AAA" releases I looked at last year. No thanks.
Well, the last few movies I "pirated" (legally tolerated here), I found so bad that I did not even watch them to the end. And these were high-budget "AAA" titles. I think I will not even bother to look at the current trash they are making. It is just not worth the time. Guess they should be happy, because that will reduce piracy on my side and by their "logic", they are hence losing less money. Of course, any rational business-person would rather have me pirate the stuff than not watch it at all...
I am aware of that. Even going to parallelized software done well will not give us much more, but there may still be some real gains to be had in areas like gaming, simulation and classifiers (often misnamed "learning"). One of the nice things of ARM though is that you can have different cores and mix them and that it generally draws much less power. But yes, for many tasks that have no speed-up or really bad speed-up when parallelized, we are now possibly seeing close-to endgame performance. This is not really a surprise either, every tool is finished at some time and cannot be improved anymore.
That is about the most stupid idea, ever. Even trying this would break _everything_.
If they were serious, they would spend money in a range where it could actually have some effect. Try at the very least 100x that, and more likely 1000x...10000x.
Not necessarily. First, attacking the sound-chip firmware may not even need a compromise of the rest of the system and may be doable with user-rights only or by getting the user to install a compromised driver, possibly for an entirely different component.
Now assume, for example that the attacker changes the firmware of your soundcard at some time, say to let frequencies >= 20kHz always through to the speakers, but behave normal otherwise. Then the user boots Tails and the machine is in a non-compromised state (well, except for said sound-chip). The web ad can then use the beacon successfully.
The whole thing is an attack on a very high difficulty-level. Simplistic countermeasures will not cut it.
and if not, leave. The check is to first talk to your manager and if that fails to take it if with HR. If that still fails, hand in your notice as soon as you economically can. That may mean staying on a few more months, or may mean leaving immediately. It is neither your expertise nor your responsibility to solve that kind of problem. It is your responsibility to escalate it though, as it harms the organization.
Do not get your hopes up too much for the organization to be able to resolve this, unless you are essential and the piece-of-shit doing this is not, it is pretty likely that they will not resolve the issue and you will have to leave.
Unless that is done by the firmware of the sound-chip. Then it may be possible to hack it. Have you verified this?
Nothing depending on software is secure here. Remember that this is an attack, and while the required zero-days my initially only be available to nation-state-level criminals, they often become the tools of other hackers pretty fast.
Well, I agree that good security habits may be far less known and followed in the NoSQL-crowd, because they are "hip" and "dynamic" and often inexperienced in server system configuration and management. Also, because all these mistakes _have_ been made with RDBM Systems in the past, they are less likely to be insecure by default, but it still is a risk and you need to check.
In the best case, hardening just involves checks and you find everything is fine. It still needs to be done and sometimes you find insecure things were you least expect them.
Can't do that because you are on a laptop? Too bad, you are screwed.
That is what you think. Actually it will be something like 6dB/octave dampening, so it still puts out about 12% of maximum volume at 24kHz. Receiving ultrasound is easier than normal sound, as there is less of it around in a normal environment. And in this application there is no need to worry about signal quality, a straight rectangle signal will do just fine, because of the dampening. The next generation of this malware will probably use ultra-wideband audio-pulses and be even more resilient.
And that is the problem: Most managers are clueless idiots as well, so the "once you can identify them" part is the hard one.
Not everybody has a choice what to use professionally. That makes your comment basically just clueless.
No traditional RDBMS is "secured by default". You have absolutely no clue what you are talking about. That said, in my experience the only people even more arrogant and stupid in the DB world than the "No SQL" crowd are the traditional RDBMS people.
Behold people, the "big lie" technique at work.
Simple: Morons in IT are far-cheaper salary-wise than people with a clue. And morons in management are too stupid to see that these people cost extremely much more overall than people with a clue. This is why such gross stupidity happens all the time in modern IT.
I imagine this is how things were done in the Roman Empire, right before it collapsed...
And /. contributed to the scam with its last article on BitCoin. Stupid.
Sure. the typical luser has no idea what a commandline is about and how to use it. But there are a few people that know better and without them everything comes crashing down.
That may be true for the average idiot, it is not true for me.
There are reasons CPU and RAM are separated. These are good reasons. The whole article is unmitigated nonsense, except for a very small set of special-purpose computations that can already be done with FPGAs anyways.
I agree on both counts. Unfortunately, intense research into this direction (parallelization, not getting rid of clueless idiots) has been running for more than 50 years with basically no good results except for some search and simulation problems that are easy to parallelize. I think most of that research should be stopped, and we should instead research how to get rid of clueless idiots.
Star War: New Hope Awakens, anyone?
Annoyed me so much because it was the same trash as everything else, I stopped watching it after 5 minutes. That one was not even worth the bandwidth. Maybe the new strategy of the movie-industry is to bore pirates to tears. If so, they are succeeding with me.
You obviously have very low standards. Like most people these days, unfortunately.
Very much this. For the last few things like "Rogue One", I cannot even bothered to check whether they would be available online. I watched the first 5 minutes of Episode 7 and all it did was annoy me. Same with all other other "AAA" releases I looked at last year. No thanks.
Well, the last few movies I "pirated" (legally tolerated here), I found so bad that I did not even watch them to the end. And these were high-budget "AAA" titles. I think I will not even bother to look at the current trash they are making. It is just not worth the time. Guess they should be happy, because that will reduce piracy on my side and by their "logic", they are hence losing less money. Of course, any rational business-person would rather have me pirate the stuff than not watch it at all...
What, a rational, logical argument? We cannot have those. The content-industry execs are not equipped to handle them. Not enough neurons.
I am aware of that. Even going to parallelized software done well will not give us much more, but there may still be some real gains to be had in areas like gaming, simulation and classifiers (often misnamed "learning"). One of the nice things of ARM though is that you can have different cores and mix them and that it generally draws much less power. But yes, for many tasks that have no speed-up or really bad speed-up when parallelized, we are now possibly seeing close-to endgame performance. This is not really a surprise either, every tool is finished at some time and cannot be improved anymore.