To clarify, if at any point you connect using HTTP to a website, FireSheep can steal your cookies and impersonate you from that point on. It doesn't matter if the login form uses HTTPS or not (but of course if it does not your password can be stolen too, but AFAIK FireSheep just looks for cookies).
Even worse, apparently even if you log out of the aforementioned site, the session data may not be cleared on the server side. This means someone could continue to impersonate you, even after you have logged out.
"The problem is that a smaller government will be left powerless in the face of the multi-national mega corps that are paying out the ass to fund the tea party. The party and the ideas they propose are just pawns of a larger movement in class warfare by the owner class to sacrifice the American way of life to bump up next quarters profits and buy a new jet to fly over the shattered remnants of a once great nation."
All things told, I would love to have a Gmail solution, but until they get FIPS 140-2 compliance, I'm stuck with MS Exchange...sad though it may be.
If you are waiting for gmail to support any sort of encryption, don't hold your breath. Google has a very vested interest in being able to scan and catalog every single piece of mail that flows through their system. Never forget why gmail was created. Google doesn't do it to be a good netizen. In the end it's all about money, and having email traffic that they cannot read doesn't make them any.
VPN at an airport or coffee shop. Now a hijacker has to actually be tapping the high speed fibre links between your VPNs colo facility and the target. The only people who actually do this is government, and guess what - they can just go to Facebook, Twitter or Amazon and demand co-operation anyway. 99.99% of the populace does not include the government in their daily lives threat model, mostly because you can't do anything about it except move country and most governments, at least in the west, just aren't that bad.
Don't forget to add the VPN provider (and all of its employees) to your threat model.
This is true for any phone OS, since jailbreak is a political term for rooting.
I thought that jailbreaking meant getting your process access to parts of the file system outside of the chroot() jail, whereas rooting meant getting root access for your process. Is this always the same thing or does one require the other on all phone OSes?
Great. I wonder how many of my tax dollars this year were spent so that mathematicians can indulge in "I wonder..." studies where there is no expected useful outcome?
"I don't understand the objection to this. If a library puts a book out to be sold, why would it be happier to sell the book to one person than to another?"
At our local library sale, these people sweep in as soon as the sale opens, snatching up anything that has resale value. For computer books that means anything written recently relating to popular topics. The same thing happens in many other sections and genres. For those of us who work nearby but can't get to the sale until lunch, it means anything we might be interested in will be long gone. As a result, we no longer even bother going. The library may have sold the 150 books bought by these entrepreneurs, but how many others did they fail to sell because people didn't come and browse?
Might as well finish it off. The summary was just a quote of most of the article anyway.
"I know of a major company having a multimillion dollar project held up because of it," he said. "Project managers definitely prefer developing for iPhone over Android because there is less to worry about in final QA."
Android TweetDeck 1.0 is available from the Android Market and although development might have been challenging, the company said the open environment meant it could get its software to a wider variety of end users.
"We were really shocked to see the number of custom versions, crazy phones and general level of customisation of Android," the company said. "From our perspective, it's pretty cool to have our app work on such a wide variety of devices and Android OS variations."
"Here is a design I have for a secure hard disk that would, if stolen or seized by the cops, prevent the recovery of any useful data."
You want to know why this wouldn't work? Because if someone built something this cool they would be talking about it to everyone. There would be an instructable that they posetd and a blog with the build pictures. Heck, they might even post their design on slashdot. The cops will know exactly what to look for and exactly how to secure it properly.
"If someone were to build it, they would first have to pick and choose from among Babbage's numerous sketches, then fill in any of the missing bits. It's not a true, 100% authentic, Babbage design, unlike the simpler Difference Engine, which had a clean set of engineering drawings for its creation."
I believe there was also the issue of deliberate flaws in the drawings. In order to protect his works, Babbage (or his engineer) created different sets of drawings and they would have different flaws included. You could build a machine from a particular set of drawings, but it would instantly seize up if you tried to run it.
"The Plane Finder AR application, developed by a British firm for the Apple iPhone and Google's Android, allows users to point their phone at the sky and see the position, height and speed of nearby aircraft."
No, you don't have to point your iPhone at the sky. You'll just look like a twit.
"The new application works by intercepting the so-called Automatic Dependent Surveillance-Broadcasts (ADS-B) transmitted by most passenger aircraft to a new satellite tracking system that supplements or, in some countries, replaces radar."
Your iPhone does not now, nor will it ever, be able to pick up ADS-B transmissions.
"The firm behind the app, Pinkfroot, uses a network of aircraft enthusiasts in Britain and abroad, who are equipped with ADS-B receivers costing around 200 pounds to intercept the information from aircraft and send it to a central
database."
It is just another app that accesses data from a database and correlates it to your GPS coordinates. You can see the same information by browsing to the company's site. Since it relies on volunteers and the receivers are a bit pricey, coverage in your area is likely to be spotty at best.
That's relatively easy to get around. Create your initial gmail account on 1 machine using a particular ISP, and create your second acct by using a different computing device(like a droid) on another ISP. Of course, you must remember to never use one machine to check both accounts. It takes dicipline, but it an be done.
I have a gmail account that I created on Comcast with my home desktop, and a completely different one that was created when I purchased my droid through verizon.
I never check the droid gmail account from home on the phone because I do not want GPS to put me close to the other gmail account. I never check my original gmail from work (I'm blocked)
I highly doubt that google can link these two accounts together.
Have you accessed gmail from both of these devices? Have you visited a web site that runs google analytics or adsense at least once from each of these devices? Gotcha.
According to TFA, the sled will be "hitting speeds of about Mach 10." That's fast, but then the TFA says, "electric tracks catapult rollercoaster riders daily at theme parks. But those tracks call for speeds of 60 mph -- enough to thrill riders, but not nearly fast enough to launch something into space. The launcher would need to reach at least 10 times that speed"
Sorry, but 10x roller coaster speeds isn't close to Mach 10.
I think he is looking for more like 128x. Furthermore TFA calls for reaching that speed in two miles. Anyone want to figure out the acceleration needed? There wouldn't be anything left but goo.
Slashdot Mirror
Yes, but they only have to store the schematic for this one. It is the Rosetta Stone of Swiss army knives, from which all the others can be made.
Even worse, apparently even if you log out of the aforementioned site, the session data may not be cleared on the server side. This means someone could continue to impersonate you, even after you have logged out.
Citation needed.
Technically that's two questions.
If you are waiting for gmail to support any sort of encryption, don't hold your breath. Google has a very vested interest in being able to scan and catalog every single piece of mail that flows through their system. Never forget why gmail was created. Google doesn't do it to be a good netizen. In the end it's all about money, and having email traffic that they cannot read doesn't make them any.
Don't forget to add the VPN provider (and all of its employees) to your threat model.
And please try to explain it using a car analogy.
Fire nation soldiers of course.
I thought that jailbreaking meant getting your process access to parts of the file system outside of the chroot() jail, whereas rooting meant getting root access for your process. Is this always the same thing or does one require the other on all phone OSes?
There, fixed that for ya.
It's an exercise in "I wonder..."
Great. I wonder how many of my tax dollars this year were spent so that mathematicians can indulge in "I wonder..." studies where there is no expected useful outcome?
Huh? You're trying to get to who?
I don't know!
Citation needed
In other news, Microsoft profits were down somewhat this quarter. Sources at Microsoft cited an increase in overtime expenses as the cause.
Mythbusters is to science what a horoscope is to astronomy.
At our local library sale, these people sweep in as soon as the sale opens, snatching up anything that has resale value. For computer books that means anything written recently relating to popular topics. The same thing happens in many other sections and genres. For those of us who work nearby but can't get to the sale until lunch, it means anything we might be interested in will be long gone. As a result, we no longer even bother going. The library may have sold the 150 books bought by these entrepreneurs, but how many others did they fail to sell because people didn't come and browse?
Might as well finish it off. The summary was just a quote of most of the article anyway.
"I know of a major company having a multimillion dollar project held up because of it," he said. "Project managers definitely prefer developing for iPhone over Android because there is less to worry about in final QA."
Android TweetDeck 1.0 is available from the Android Market and although development might have been challenging, the company said the open environment meant it could get its software to a wider variety of end users.
"We were really shocked to see the number of custom versions, crazy phones and general level of customisation of Android," the company said. "From our perspective, it's pretty cool to have our app work on such a wide variety of devices and Android OS variations."
"Here is a design I have for a secure hard disk that would, if stolen or seized by the cops, prevent the recovery of any useful data."
You want to know why this wouldn't work? Because if someone built something this cool they would be talking about it to everyone. There would be an instructable that they posetd and a blog with the build pictures. Heck, they might even post their design on slashdot. The cops will know exactly what to look for and exactly how to secure it properly.
"If someone were to build it, they would first have to pick and choose from among Babbage's numerous sketches, then fill in any of the missing bits. It's not a true, 100% authentic, Babbage design, unlike the simpler Difference Engine, which had a clean set of engineering drawings for its creation."
I believe there was also the issue of deliberate flaws in the drawings. In order to protect his works, Babbage (or his engineer) created different sets of drawings and they would have different flaws included. You could build a machine from a particular set of drawings, but it would instantly seize up if you tried to run it.
"The Plane Finder AR application, developed by a British firm for the Apple iPhone and Google's Android, allows users to point their phone at the sky and see the position, height and speed of nearby aircraft."
No, you don't have to point your iPhone at the sky. You'll just look like a twit.
"The new application works by intercepting the so-called Automatic Dependent Surveillance-Broadcasts (ADS-B) transmitted by most passenger aircraft to a new satellite tracking system that supplements or, in some countries, replaces radar."
Your iPhone does not now, nor will it ever, be able to pick up ADS-B transmissions.
"The firm behind the app, Pinkfroot, uses a network of aircraft enthusiasts in Britain and abroad, who are equipped with ADS-B receivers costing around 200 pounds to intercept the information from aircraft and send it to a central database."
It is just another app that accesses data from a database and correlates it to your GPS coordinates. You can see the same information by browsing to the company's site. Since it relies on volunteers and the receivers are a bit pricey, coverage in your area is likely to be spotty at best.
or perhaps http://planefinder.net/, the homepage for this app, which has a nice map updating in real time?
If you want to read about what is actually going on, please see this article. The article linked in the summary is riddled with factual inaccuracies.
Have you accessed gmail from both of these devices? Have you visited a web site that runs google analytics or adsense at least once from each of these devices? Gotcha.
I think he is looking for more like 128x. Furthermore TFA calls for reaching that speed in two miles. Anyone want to figure out the acceleration needed? There wouldn't be anything left but goo.