Slashdot Mirror


User: macs4all

macs4all's activity in the archive.

Stories
0
Comments
6,526
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,526

  1. Re:Don't use this stuff ... on HTC Doesn't Protect Fingerprint Data · · Score: 1

    And you believe this shit they spew?

    Why yes. Yes I do. At least generally, and certainly about this particular subject.

    Where's our open source / standard video conferencing protocol? If you're saying that some company sued them to prevent their use...

    See? You answered your own objection. That was easy...

    Remember when they sold LTE tablets in the UK that couldn't be used in the UK (it had US bands at the time)?

    Nope. Never heard of that. According to your own words, you must've been the only one butt-hurt about that, apparently.

  2. Re:Don't use this stuff ... on HTC Doesn't Protect Fingerprint Data · · Score: 5, Informative

    Corporations want to sell a product, sell advertising, and don't give a damn about your security or privacy. You should also assume they'll hand any of this crap over to governments if they demand it.

    Not all of them.

    For example, in iOS Devices, even the Device itself can't retrieve the biometric data. It is locked inside a "secure enclave" chip, that has ZERO exposure to the rest of the system.

    Neither Apple, nor anyone else, including the Gummint, can access that information without physically taking apart the Secure Enclave chip and using God-Knows-What to read the memory in the chip directly.

    Easier and cheaper to just to apply blowtorches and pliers to the actual fingerprint-holder, as per the obligatory XKCD 'toon.

  3. Re:not the only coutry on North Korea Is Switching To a New Time Zone · · Score: 1

    And then there's Alaska, which defies that "All of a state" rule outright and has 7 timezones defined

    I had NO idea...

    Man, that's Cah-RAY-ZEE!!!

  4. Re:not the only coutry on North Korea Is Switching To a New Time Zone · · Score: 1

    Actually, if you want to look at a true Time-Zone embattled state, look at Arizona.

    Wow! no kidding!!!

    I knew they were also DST-rebels also (their name comes up in Indiana every time there is another Temporal War here in Indiana); but they make Indiana sound absolutely SANE by comparison!!!

  5. Re:not the only coutry on North Korea Is Switching To a New Time Zone · · Score: 1

    So there's definitely some stretching being done

    As I said previously, being from Indiana, I certainly know about Timezone "stretching"!

  6. Re:Finding a less-popular target on Researcher Exploits 18-Year-Old Design Flaw To Compromise X86 Chips · · Score: 1

    The Year of the Raspberry Pi On The Desktop

    We got a new meme!

    LOL! I want credit for that... ;-)

  7. Re:not the only coutry on North Korea Is Switching To a New Time Zone · · Score: 1

    Eh, Kentucky and Tennessee are also split along this line, and the reason for those counties to be on Central Time is because they are closer economically to larger areas on Central Time, and that was their preference.

    And that's the same excuse given with the Indiana counties that remain on Central. The ones down by Louisville that wanted to be on-parity with that "economic center", and those up by Chicago, for the same (in that case, understandable) reason.

  8. Re:not the only coutry on North Korea Is Switching To a New Time Zone · · Score: 1

    Haven't noticed Tennessee have you? It's just a few hours drive to CST from me in my EST location.

    Well, Tennessee is one of those states (like Florida) that is just too damned big. It's so big they have to repeat THREE of the letters in the state-name to make the name as big as the state!

    Thank you very much. I'll be here all week...

  9. Re:not the only coutry on North Korea Is Switching To a New Time Zone · · Score: 3, Informative

    It happens more than you think. Florida should geographically be in the Central Time Zone.

    Have you looked at a map of the U.S. lately??? There is NO way that Florida should be on Central Time. Perhaps the western-most part of the FL Panhandle; but not the majority of the "sock" part of the state, nor even most of the Panhandle. But in the U.S., the Department of Transportation pretty-much insists that ALL of a State must be on the same time zone, and for FL, that would logically dictate Eastern Time.

    Now, if you want to see a Time-Zone embattled State, look no farther than my home-state of Indiana. It STILL has some counties that are on Central Time, even though most of the State is Eastern (which it really shouldn't be, either).

    Here's some history on Indiana's Time Zone fun.

  10. Re:Finding a less-popular target on Researcher Exploits 18-Year-Old Design Flaw To Compromise X86 Chips · · Score: 1

    Or switch to Linux running on Arm. The Raspberry Pi 2 is good enough for basic desktop tasks.

    Wow, you REALLY want me to have no Applications!!!

    The Year of the Raspberry Pi On The Desktop, Woohoo!!!

  11. Finding a less-popular target on Researcher Exploits 18-Year-Old Design Flaw To Compromise X86 Chips · · Score: 1

    All this recent news makes me want to fire-up my PowerPC-based G5 Tower again. Then I can simply worry about unpatched SSL vulnerabilities in OS X 10.5 Leopard.

    But at least no one will be writing exploits that can easily run on my computer.

  12. Re:Also fixed in 10.10.5 on OS X Bug Exploited To Infect Macs Without Need For Password · · Score: 2

    That's a pity. This exploit could be used to automatically deinstall Apple's app store, install an open one and replace XCode with some free, cross-platform development environments. It would be a win-win for Apple and everyone else.

    Apple uses the App Store platform to roll-out Software Updates; so you might want to think twice about that.

    And as far as XCode goes, Apple hasn't automatically installed XCode for about a decade. Do try to keep up!

  13. Re:Also fixed in 10.10.5 on OS X Bug Exploited To Infect Macs Without Need For Password · · Score: 3, Insightful

    But Windows 10 is free

    I know you were trying to be humorous; but OS X has been Free for the past 3 Revisions now.

  14. Re: Piss off systemd on Lennart Poettering Announces the First Systemd Conference · · Score: 1

    Nobody forgot this shit. If it was better now, I would say it is. It's not.

    Linux is the natural flight to quality and BSD is awesome as well. Windows is death knell.

    I won't argue ONE BIT (haha) about EVERYTHING you say about the Windows Registry (and trying to troubleshoot Windows problems). Been there, done that. Printed my OWN T-Shirt. Multiple times. I hate, hate HATE the Windows Registry. Even though I haven't personally been hosed by it for a long time. It still scares me every time I type "Regedit", even if it's just to look at something.

    And I really don't have an opinion on systemd, because I don't run Linux. However, I would really like to know if you have an opinion on OS X's Open-Sourced launchd; which is somewhat similar in purpose and scope to systemd (but I think came before systemd). Apple has literally millions of copies of launchd in the field, and has been using it since OS X 10.4 (Tiger), which was launched (no pun) a decade ago. And I haven't heard any real horror stories about it. And I see that FreeBSD has adopted it as well. And launchd has normal, ordinary Logs...

  15. Because this is a brand-new Class of malware.

    What is, Thunderstrike 2 or what I was referring to, Flashback? Because Flashback looks like a trojan installed via a Java flaw.

    Thunderstrike. I was apparently not reading closely.

    However, Thunderstrike (and I believe Thunderstrike 2) has already been patched months ago by Apple, in their OS X 10.10.2 Update. Also, apparently Macs sold after mid-2014 are immune.

    By the way, there is a far more sinister fact that is completely glossed over here on Slashdot: These same vulnerabilities were first found in the UEFI firmware on "Windows/Linux" PCs. The "researchers" just wanted some notoriety; so, when they found the same vulnerability in Macs, they decided to develop a proof-of-concept for that platform and crow about it to the world. And BTW, "Option ROMs" are certainly not unique to Apple-compatible peripherals. Far from it. So, even if you don't use OS X, this exploit, or one very similar to it, can be coming to a computer on your desktop.

  16. I remember the day when ROM actually meant Read Only Memory.......and why Thunderbolt devices need to be re-writeable "flash" firmware instead of ROM is a mystery to me. I'm not aware of Apple issuing any firmware upgrades to these devices since their inception.

    1. The "Option ROM" is a 35-year-old concept that is certainly not unique to Apple, hence the fact that these Vulnerabilities also pertain to Windows/Linux PCs (like the one you are probably using right now). Here is a quick explanation of the original intent behind the "Option ROM".

    2. OS X 10.10.2, released in January, 2015, Fixed this vulnerability; so keep your systems Up-To-Date!!!

    3. Because of the way that Apple patched this vulnerability, I would expect that Thunderstrike 2 will not infect Macs running OS X 10.10.2 or above. 4. If you're already infected, you are probably hosed.

    What I would like to see is some way to detect whether a particular computer (of any type) is infected with Thunderstrike.

  17. Re:So, the actual attack surface is vanishingly sm on Researchers Create Mac "Firmworm" That Spreads Via Thunderbolt Ethernet Adapters · · Score: 1

    All current MacBook Pros (for the past few years actually) do not have built-in ethernet but would require either a Thunderbolt or USB adapter.

    Also, what about Thunderbolt displays, especially in an office "hotel" situation where one shows up and grabs an empty spot to plug in? This is pretty common enough behavior.

    NO Hotel is going to have a Thunderbolt Display. Not even one next door to Moscone Center.

    So, no. Not gonna happen.

    And besides, it is only certain TB devices (those with an "Option ROM") that are affected; in fact, the only two mentioned in TFA were the TB-Ethernet adaptor and certain External TB SSDs (which are REALLY rare, and wouldn't likely be passed-around anyway).

  18. Re:In other words... on Researchers Create Mac "Firmworm" That Spreads Via Thunderbolt Ethernet Adapters · · Score: 1

    So basically the target audience for said products?

    If anything, people always say their products are for people who don't know what they're doing with tech.

    People may say that; but do you really think that the average Windows user is more tech-savvy than the average Mac user?

    I work in the Windows-world every day, and have for decades. I can say with authority that there is absolutely no difference between the average Windows user and the average Mac user. Some are very savvy; some are decidedly not. Platform choice simply does not enter into that demographic in any definable manner, period.

    And if it ever actually became "The Year of the Linux Desktop", the same would be true of the average Linux user, too.

  19. Re:In other words... on Researchers Create Mac "Firmworm" That Spreads Via Thunderbolt Ethernet Adapters · · Score: 1

    Are you being serious right now? I guarantee that I can craft a spoofed e-mail to fool a good 60+% of office workers without trying. And That is being pessimistic on numbers. And, since it only takes one, your entire argument is invalid.

    Users are in aggregate stupid. Using keywords and events around them to make a passable phishing is child's play for experienced hackers.

    My question is: Since OS X Mail.app and Safari (and likely Chrome and FireFox) are Sandboxed, how is this thing getting out to the TB device's Option ROM in the first place?

    Seems like a simple OS update will plug this vulnerability.

  20. Re:Viruses and worms on a Mac on Researchers Create Mac "Firmworm" That Spreads Via Thunderbolt Ethernet Adapters · · Score: 1

    Mac's are not really any more secure than any other OS. They do have better security models in the creation of their OS's than say Windows...

    You do realize, of course, that the second sentence negates the first.

  21. Moreover, don't you think it's a fairly serious flaw if Macs cannot detect a trojan being installed? Why exactly are Macs incapable of detecting when Flashback gets installed?

    Because this is a brand-new Class of malware.

    And if you read TFA, you would know that pretty-much all "x86-based" (although that term doesn't mean what it used-to) computers (IOW, pretty much anything that doesn't use ARM) could be attacked in this manner, and in fact, IIRC, the researchers actually demonstrated the same vulnerabilities in those systems as well.

    So, just because they decided to declare bragging-rights by targeting Macs first; don't think that this isn't just as dangerous for many other "PCs", too, regardless of OS Platform.

  22. AV exists for mac becuz windows switchers are stuck on this idea of "needing antivirus" and so shysters have stepped in to provide the product. not to mention all macs come with antivirus supplied by apple.

    This; and also because some Mac users that exist in primarily-Windows environments are nice enough to not want to pass-along Windows Viruses to their friends and colleagues.

  23. Re:So, the actual attack surface is vanishingly sm on Researchers Create Mac "Firmworm" That Spreads Via Thunderbolt Ethernet Adapters · · Score: 1

    And do you really want to see the list of Macs still being sold and/or still in common use that do have a Terrestrial Ethernet port? I assure you, it is a LOT more models than your measly little list.

    Incorrect

    Around 2/3 of all Macs sold are the laptops listed above.

    Otherwise known as, "the majority of Macs sold."

    Nice job of ignoring the part of the sentence that doesn't support your argument.

    Note that I said "...and/or still in common use". So, in about 5 years or so, a good majority of Macs "still in common use" will not have Terrestrial Ethernet built-in; but for now, that still isn't the case. So, I stand by my original statement. And as I said, I would probably be safe in saying that the majority of Macs without built-in Terrestrial Ethernet are using WiFi instead; which isn't affected by this exploit.

    And "now" is what matters to this vulnerability; because Apple will be sure to update their products to plug this vulnerability. In fact, according to TFA, the hacker team supposedly uncovered five vulnerabilities, and Apple has already patched three of them.

  24. Re:So, the actual attack surface is vanishingly sm on Researchers Create Mac "Firmworm" That Spreads Via Thunderbolt Ethernet Adapters · · Score: 1

    Most Macs still have built-in Ethernet connectors...

    • MacBook - No Ethernet Port
    • 11" MacBook Air - No Ethernet Port
    • 13" MacBook Air - No Ethernet Port
    • 13" Retina MacBook Pro - No Ethernet Port
    • 15" Retina MacBook Pro - No Ethernet Port

    Nice use of the "li" tag. I'll have to remember that.

    But, without telling me which version of the Airs, I can't tell you whether they have TB ports. The first-generation Airs only had USB. And I don't know if the new "MacBook" (non-"Pro") qualifies as "vulnerable" either; since (I think) it actually does "TB-Over-USB-C".

    And, as I said, MOST of time, Macs without intrinsic Terrestrial Ethernet ports simply use WiFi; and so most of those people don't even know that there is a TB-Ethernet adapter.

    And do you really want to see the list of Macs still being sold and/or still in common use that do have a Terrestrial Ethernet port? I assure you, it is a LOT more models than your measly little list.

    So, actually, you proved my point, not yours. Thanks!!!

  25. Re:So, the actual attack surface is vanishingly sm on Researchers Create Mac "Firmworm" That Spreads Via Thunderbolt Ethernet Adapters · · Score: 1

    2. Those who fall for some unknown social-engineering trap.

    Well, that's every Mac user. You bought into the idea that you were buying a lifestyle, but actually you were just buying a PC made by slaves at Foxconn like every other PC.

    Actually, I thought I was buying a PC. I don't know what your problem is.

    Oh, and nice job of artificially-increasing the attack surface, by ignoring one of the criteria "Must have a TB Ethernet Adapter" (or at least a TB Device with an "Option ROM").

    Typical Slashtard. Hate, hate, hate. It's all some people know how to do.