The issue with FDE in Android has for long been the lack of combining strong passwords with a pattern lock or pin lock for unlocking the screen.
Not really necessary.. cost just needs to be gated by hardware security chip holding actual encryption keys. It can do anything it wants. Slow down the process to 1hr/attempt after nn attempts or even enforce a hard limit based on entropy estimate of the underlying data.
Personally I have a strong distrust of "full disk encryption"... Much better off with implementations closer to the application than as a generic transparent storage aspect.
This is especially true given Android OS has never been trustworthy with well known exploits routinely going unpatched for years or forever given laughable product lifecycle vendors currently get away with peddling.
Amazing the el-cheapo feature and smartphones are able to afford replaceable batteries while these things tend to go missing in higher end versions costing >5x more.
and is incompatible with thinness.
Why do you say that?
My phone has a replaceable battery, if it were any thinner I wouldn't want it.. hard enough as it is trying to hold without sides of your fingers touching the edge of the digitizer. I've seen back covers of LG and Samsung models and don't see any wasted space.
Most people get a new phone long before the battery dies.
Funny there seems to be a healthy market for replacement and aftermarket expanded capacity batteries.
The best we can hope for is systems offering assurances they can be restored to their initial state. The only way to do this is for hardware to physically lack any means of remembering.
Holy balls, how many times have we had this conversation? Will you people ever give it a rest?
And queue yourself not giving it a rest.
First of all, the IAU's definition is for technical and scientific discussions/communications.
Scientific labels tend to be intentionally recognizably distinct from popular ones as lack of distinction is an invitation for ambiguity and confusion.
People would inevitable invent a new set of categories for the eight 'big' planets and the other 'smaller' planets. Some people's new terms would conflict with other people's terms. It would be a mess.
Yes this is what you get for "voting" rather than recognizing more work is needed to build consensus to get everyone save outliers onboard. 1/3 disagreeing isn't a consensus.
On the other hand, if you named the 'big' planets anything other than 'planet', it would lose efficiency. They are the planets that are talked about most often, so it makes sense to give them a short, concise name.
This sounds a bit lame as justifications go... lose efficiency? Since when are scientists in the business of conserving syllables? In astronomy especially they seem to be preoccupied with naming things after _all_ the principals who discovered them.
There is no what it "might do" it is what they have been actively doing, and trying to get money out of...Also there is nothing in this that allows the NSA to get taps on it.
While NN provides protection against overt violations such as outright blocking or throttling of competing interests this hasn't been the vehicle used. There isn't some machine at the ISP explicitly designed to slow down or block all traffic to somewhere the ISPs dislike...it is all much more subtle than that. Hey look x victim interconnects with y,w and k so we will pref z,o and p to keep links g,h,i,j saturated. Then we will claim it isn't "our fault" your *** is slow.
I still believe the only solution that at all stands any chance of working are focused efforts to restore a competitive market. Break up monopolies, FRAND access to last mile, erasing anti-competitive legislation, etc.
Also there is nothing in this that allows the NSA to get taps on it.
I will assume you have carefully read all 317 pages which is great. I'm embarrassed to say I can't even find the text.
The failure is business models requiring secrets to be burnt into hardware by manufacturer.
When customer takes delivery they should be responsible for installing keys.
Otherwise events like RSA FOB compromise or the proverbial safe company with stolen customer and combination lists will continue.
The only defense against mass exploit is decentralization. Not only does it make prospect of "0wn1ng th3 w0rld" less likely it keeps you from presenting a massive target to extremely well funded adversaries.
So âoebackdoorâ is not the context I would use. When I hear the phrase âoebackdoor,â I think, âoewell, this is kind of shady. Why would you want to go in the backdoor?"
In venues I have read or listened to NSA brass speak they come prepared with exotic definitions of plain language and seek to confuse and manipulate perception by invoking nonsense that would give most lawyers a run for their money.
Completely Ignoring underlying topic when you act like a weasel hard to understand how it is you expect to earn any respect or consideration for your cause.
Moore's Law had a good run, but she's dead Jim. Two, maybe 3 shrinks at most, and you're at the end of getting benefit from feature size.
Moore's law is really all about "cost" per transistor. While process shrinks are certainly an important enabler they don't have to be the only driver that keeps things going.
Anyone smart enough to write an HTTPS proxy able to dynamically create and sign certs surely must have known enough about underlying technology to recognize and comprehend importance of validating trust chain. How does someone innocently "overlook" this in either design or test? Simply MUST have occurred to someone.
Why would anyone assume that? How clueless does someone have to be in 2015 to not understand that nothing on the internet is private, ever, in any way. It is a public place. Do not do anything on the internet you would not do in your front lawn.
At least this article admits to a level of "programmer error". However --- like most "computer error" news articles, this one misses a key point: This (like many others) is actually management error. Management failed to oversee programmers. Management failed implement test. Management failed.
Assuming story on its face is true the blame for failure to recover goes to IT hierarchy responsible for managing the database. No data programming error should have the capability of causing unrecoverable data loss. It isn't so much you guard against someone or something typing DELETE FROM... as much as retaining ability to restore database to a transitionally consistent state immediately prior to execution. There is no excuse for failure to retain a chain of log backups.
Whatever happened to off-line backups? One mistake can't wipe you out then.
What is worse all database systems worth using offer the ability to view the database as it was at any point in history. It is like a rolling historical backup guaranteeing data cannot be lost forever due to mistakes manipulating data.
The good old "DELETE FROM records WHERE 1;.... FFFFFFFFFFFFFUUUUUU----" on the production system on a Friday afternoon...
Even then you would have to be a hack to not be able to recover a snapshot of database prior to the incident from redo log.
Properly managed capability to see database as it existed at any point in time is maintained throughout the useful life of the database with no exceptions.
I think we all need to work together to get rid of this terrible, nasty, unpredictable hacker group -- for the sake of national and international security. They represent a clear and present danger to the future of this country.
I think time would be better spent improving systems especially communication systems to deny all adversaries capability to "hack the planet".
Aggregating sources of trust like this is akin to piling gold bars on the street corner, holding a press conference announcing to the world their presence and being surprised when gold turns up missing next morning.
Because voice processing and searching on the scale of some of the applications such as SIRI require centralized processing.
I don't buy it. These sentiments jumble a number of separable components.
Have a 10 year old device was able to do local speech recognition including arbitrary voice shortcuts and search without training. I would tell it to play song x or anything from artist y and it would most of the time get it right and just do it all offline and all on hardware at least an order of magnitude less capable than what is available today.
There are PC software packages such as Dragon and Sphinx able to do free-form speech to text locally.
You don't need "the cloud" to control a TV. Recognizing a short list of commands to control a device is relatively trivial. There is nothing wrong with searching online databases if that is explicitly necessary... What is wrong are generation of bullshit excuses to collect usage data by virtue of voice enablement. People have never really gave a shit about voice recognition enough to justify any serious R&D expenditure. Vendors push it because they want revenue stream that goes with data collection.
Preloading advertising spyware with a new computer while knowingly disabling all https and code signing security.
There is selfish, there is stupid, there is dumb and there is criminal batshit insanity.
Having been a fan of Lenovo for years I sincerely hope they are sued into oblivion and face criminal prosecution. No need wasting your time wondering if I will ever buy anything from them again.
I suppose this makes sense. If you select port 80 it is more likely to be noticed or more likely to be intercepted and or mangled by proxies and AG's making it difficult to transport non- HTTP data streams.
Port 443 would best allow for unmolested arbitrary stream while remaining most unlikely to be filtered.
The rest I can't explain... is there really such a big ass market for ads and data justifying such behavior or is some of this at least partially being "subsidized" by state actors? The mindset and thinking not just of Samsung but of growing numbers of vendors strikes me as both disgusting and unsustainable.
Let me be the first to say that Yandex sounds like a bunch of whiny losers if this is their comparison. Google isn't imposing anti-competitive contracts on OEMs and using secret APIs to give their products a home turf advantage. They've open sourced the entire OS and most of the problems getting a competing product on an Android device is due to OEM malfeasance.
Google play services are not open source and whose APIs are by design required to run an increasing number of Apps. Google play services are available for bundling exclusively at Googles pleasure on their terms.
If you don't have Google play not only is the Google appstore unavailable multiple Google services integrating with Google play services are also unavailable to you.
If Microsoft had competed with Be and Netscape back then like this, I'd be running Firefox on BeOS R10.5 not Windows 7.
They are clearly leveraging their position to enforce artificial dependencies and behaviors favorable to themselves just like Micro$oft did years ago and just like Microsoft it's all closed source.
SCP moves one file. SSH doesn't move any. RDP makes every file the target has access to directly accessible as a file share on the client even if you don't want it to.
CryptoLocker running on the client wouldn't have seen the files the target could access at all had the connection been VNC, X, or ssh.
So this is just a security by obscurity play. The assertion is since a particular instance of malware lacks a feature set enabling it to detect and subvert SSH connections from a compromised client then SSH is more secure than RDP even though both offer functionally equivalent access.
Sounds like all the wrong lessons have been learned from this security breach.
Also worth noting RDP maps the clients local resources to remote server not the other way around.
The file sharing that allowed the nasty on the remote terminal to get at the fileserver was not required and was not part of the reason for allowing that RDP connection. But it was there because RDP in the wild overshares by default.
SSH and X don't tend to overshare by default. You can do port redirection, but only by explicitly asking for it.
Can you explain the difference between a share allowed with an RDP connection and the use of SCP over SSH which is enabled and allowed by default?
If you own the client and the client logs on to something it would seem to me this is game over you must assume everything the client has access was compromised unless you have reason to believe otherwise... as we already know SSH provides file system access by default to all clients. I'm failing to comprehend the difference.
Slashdot Mirror
The issue with FDE in Android has for long been the lack of combining strong passwords with a pattern lock or pin lock for unlocking the screen.
Not really necessary.. cost just needs to be gated by hardware security chip holding actual encryption keys. It can do anything it wants. Slow down the process to 1hr/attempt after nn attempts or even enforce a hard limit based on entropy estimate of the underlying data.
Personally I have a strong distrust of "full disk encryption" ... Much better off with implementations closer to the application than as a generic transparent storage aspect.
This is especially true given Android OS has never been trustworthy with well known exploits routinely going unpatched for years or forever given laughable product lifecycle vendors currently get away with peddling.
Oh come on 2560x1440 AMOLED is just insane and pointless. 1080 is ridiculous as-is nobody is ever going to benefit from or notice any difference.
More importantly I won't buy a phone with an AMOLED display. IPS is more reliable, lasts longer, no burn-in issues and easier to see in daylight.
Also no SD card? WTF were they thinking?
No replaceable battery in a device that costs hundreds of dollars... Don't think so - not that rich/stupid.
A replaceable battery costs more upfront
Amazing the el-cheapo feature and smartphones are able to afford replaceable batteries while these things tend to go missing in higher end versions costing >5x more.
and is incompatible with thinness.
Why do you say that?
My phone has a replaceable battery, if it were any thinner I wouldn't want it.. hard enough as it is trying to hold without sides of your fingers touching the edge of the digitizer. I've seen back covers of LG and Samsung models and don't see any wasted space.
Most people get a new phone long before the battery dies.
Funny there seems to be a healthy market for replacement and aftermarket expanded capacity batteries.
The best we can hope for is systems offering assurances they can be restored to their initial state. The only way to do this is for hardware to physically lack any means of remembering.
Holy balls, how many times have we had this conversation? Will you people ever give it a rest?
And queue yourself not giving it a rest.
First of all, the IAU's definition is for technical and scientific discussions/communications.
Scientific labels tend to be intentionally recognizably distinct from popular ones as lack of distinction is an invitation for ambiguity and confusion.
People would inevitable invent a new set of categories for the eight 'big' planets and the other 'smaller' planets. Some people's new terms would conflict with other people's terms. It would be a mess.
Yes this is what you get for "voting" rather than recognizing more work is needed to build consensus to get everyone save outliers onboard. 1/3 disagreeing isn't a consensus.
On the other hand, if you named the 'big' planets anything other than 'planet', it would lose efficiency. They are the planets that are talked about most often, so it makes sense to give them a short, concise name.
This sounds a bit lame as justifications go... lose efficiency? Since when are scientists in the business of conserving syllables? In astronomy especially they seem to be preoccupied with naming things after _all_ the principals who discovered them.
There is no what it "might do" it is what they have been actively doing, and trying to get money out of...Also there is nothing in this that allows the NSA to get taps on it.
While NN provides protection against overt violations such as outright blocking or throttling of competing interests this hasn't been the vehicle used. There isn't some machine at the ISP explicitly designed to slow down or block all traffic to somewhere the ISPs dislike...it is all much more subtle than that. Hey look x victim interconnects with y,w and k so we will pref z,o and p to keep links g,h,i,j saturated. Then we will claim it isn't "our fault" your *** is slow.
I still believe the only solution that at all stands any chance of working are focused efforts to restore a competitive market. Break up monopolies, FRAND access to last mile, erasing anti-competitive legislation, etc.
Also there is nothing in this that allows the NSA to get taps on it.
I will assume you have carefully read all 317 pages which is great. I'm embarrassed to say I can't even find the text.
The failure is business models requiring secrets to be burnt into hardware by manufacturer.
When customer takes delivery they should be responsible for installing keys.
Otherwise events like RSA FOB compromise or the proverbial safe company with stolen customer and combination lists will continue.
The only defense against mass exploit is decentralization. Not only does it make prospect of "0wn1ng th3 w0rld" less likely it keeps you from presenting a massive target to extremely well funded adversaries.
So âoebackdoorâ is not the context I would use. When I hear the phrase âoebackdoor,â I think, âoewell, this is kind of shady. Why would you want to go in the backdoor?"
In venues I have read or listened to NSA brass speak they come prepared with exotic definitions of plain language and seek to confuse and manipulate perception by invoking nonsense that would give most lawyers a run for their money.
Completely Ignoring underlying topic when you act like a weasel hard to understand how it is you expect to earn any respect or consideration for your cause.
Moore's Law had a good run, but she's dead Jim. Two, maybe 3 shrinks at most, and you're at the end of getting benefit from feature size.
Moore's law is really all about "cost" per transistor. While process shrinks are certainly an important enabler they don't have to be the only driver that keeps things going.
Anyone smart enough to write an HTTPS proxy able to dynamically create and sign certs surely must have known enough about underlying technology to recognize and comprehend importance of validating trust chain. How does someone innocently "overlook" this in either design or test? Simply MUST have occurred to someone.
Why would anyone assume that? How clueless does someone have to be in 2015 to not understand that nothing on the internet is private, ever, in any way. It is a public place. Do not do anything on the internet you would not do in your front lawn.
Even in public stalking is still illegal.
Just paint the earth white - works during ice ages.
What if a drug to control aggression was developed and it was introduced into the atmosphere? It would impact everyone equally, with no opt-out.
Paxilon Hydrochlorate?
At least this article admits to a level of "programmer error". However --- like most "computer error" news articles, this one misses a key point: This (like many others) is actually management error. Management failed to oversee programmers. Management failed implement test. Management failed.
Assuming story on its face is true the blame for failure to recover goes to IT hierarchy responsible for managing the database. No data programming error should have the capability of causing unrecoverable data loss. It isn't so much you guard against someone or something typing DELETE FROM ... as much as retaining ability to restore database to a transitionally consistent state immediately prior to execution. There is no excuse for failure to retain a chain of log backups.
Whatever happened to off-line backups? One mistake can't wipe you out then.
What is worse all database systems worth using offer the ability to view the database as it was at any point in history. It is like a rolling historical backup guaranteeing data cannot be lost forever due to mistakes manipulating data.
The good old "DELETE FROM records WHERE 1;.... FFFFFFFFFFFFFUUUUUU----" on the production system on a Friday afternoon...
Even then you would have to be a hack to not be able to recover a snapshot of database prior to the incident from redo log.
Properly managed capability to see database as it existed at any point in time is maintained throughout the useful life of the database with no exceptions.
I think we all need to work together to get rid of this terrible, nasty, unpredictable hacker group -- for the sake of national and international security. They represent a clear and present danger to the future of this country.
I think time would be better spent improving systems especially communication systems to deny all adversaries capability to "hack the planet".
Aggregating sources of trust like this is akin to piling gold bars on the street corner, holding a press conference announcing to the world their presence and being surprised when gold turns up missing next morning.
Because voice processing and searching on the scale of some of the applications such as SIRI require centralized processing.
I don't buy it. These sentiments jumble a number of separable components.
Have a 10 year old device was able to do local speech recognition including arbitrary voice shortcuts and search without training. I would tell it to play song x or anything from artist y and it would most of the time get it right and just do it all offline and all on hardware at least an order of magnitude less capable than what is available today.
There are PC software packages such as Dragon and Sphinx able to do free-form speech to text locally.
You don't need "the cloud" to control a TV. Recognizing a short list of commands to control a device is relatively trivial. There is nothing wrong with searching online databases if that is explicitly necessary... What is wrong are generation of bullshit excuses to collect usage data by virtue of voice enablement. People have never really gave a shit about voice recognition enough to justify any serious R&D expenditure. Vendors push it because they want revenue stream that goes with data collection.
Preloading advertising spyware with a new computer while knowingly disabling all https and code signing security.
There is selfish, there is stupid, there is dumb and there is criminal batshit insanity.
Having been a fan of Lenovo for years I sincerely hope they are sued into oblivion and face criminal prosecution. No need wasting your time wondering if I will ever buy anything from them again.
I suppose this makes sense. If you select port 80 it is more likely to be noticed or more likely to be intercepted and or mangled by proxies and AG's making it difficult to transport non- HTTP data streams.
Port 443 would best allow for unmolested arbitrary stream while remaining most unlikely to be filtered.
The rest I can't explain... is there really such a big ass market for ads and data justifying such behavior or is some of this at least partially being "subsidized" by state actors? The mindset and thinking not just of Samsung but of growing numbers of vendors strikes me as both disgusting and unsustainable.
Nope it's too late - they are already here having strategically taken over Comcasts call center in a bid to drive us off the planet.
Let me be the first to say that Yandex sounds like a bunch of whiny losers if this is their comparison. Google isn't imposing anti-competitive contracts on OEMs and using secret APIs to give their products a home turf advantage. They've open sourced the entire OS and most of the problems getting a competing product on an Android device is due to OEM malfeasance.
Google play services are not open source and whose APIs are by design required to run an increasing number of Apps. Google play services are available for bundling exclusively at Googles pleasure on their terms.
If you don't have Google play not only is the Google appstore unavailable multiple Google services integrating with Google play services are also unavailable to you.
If Microsoft had competed with Be and Netscape back then like this, I'd be running Firefox on BeOS R10.5 not Windows 7.
They are clearly leveraging their position to enforce artificial dependencies and behaviors favorable to themselves just like Micro$oft did years ago and just like Microsoft it's all closed source.
Except there isn't anything to indicate that Google is actually spying on you when you use their internet service.
This would be redundant. Virtually every website on the planet already reports to Google for one reason or another.
SCP moves one file. SSH doesn't move any. RDP makes every file the target has access to directly accessible as a file share on the client even if you don't want it to.
CryptoLocker running on the client wouldn't have seen the files the target could access at all had the connection been VNC, X, or ssh.
So this is just a security by obscurity play. The assertion is since a particular instance of malware lacks a feature set enabling it to detect and subvert SSH connections from a compromised client then SSH is more secure than RDP even though both offer functionally equivalent access.
Sounds like all the wrong lessons have been learned from this security breach.
Also worth noting RDP maps the clients local resources to remote server not the other way around.
Wow, you are desperately working to miss it!
Right back at ya.
The file sharing that allowed the nasty on the remote terminal to get at the fileserver was not required and was not part of the reason for allowing that RDP connection. But it was there because RDP in the wild overshares by default.
SSH and X don't tend to overshare by default. You can do port redirection, but only by explicitly asking for it.
Can you explain the difference between a share allowed with an RDP connection and the use of SCP over SSH which is enabled and allowed by default?
If you own the client and the client logs on to something it would seem to me this is game over you must assume everything the client has access was compromised unless you have reason to believe otherwise... as we already know SSH provides file system access by default to all clients. I'm failing to comprehend the difference.