Computers & Technology 3

Message boards : Politics : Computers & Technology 3
Message board moderation

To post messages, you must log in.

Previous · 1 . . . 17 · 18 · 19 · 20 · 21 · 22 · 23 . . . 25 · Next

AuthorMessage
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 29520
Credit: 53,134,872
RAC: 32
United States
Message 1903016 - Posted: 26 Nov 2017, 18:10:27 UTC - in response to Message 1902976.  

Breach 2014, but it is 2017 when you find out?!
https://www.theverge.com/2017/11/25/16699116/imgur-hack-1-7-million-accounts-2014-cybersecurity

Actually the story is badly worded, Imgur only found out on the 23rd, that they were hacked in 2014.,

Yes obviously no daemon to see if the master password file is being downloaded. No security.
ID: 1903016 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 29520
Credit: 53,134,872
RAC: 32
United States
Message 1903132 - Posted: 27 Nov 2017, 7:52:33 UTC

IT, it is what you make it - a man in the middle attack
http://www.bbc.com/news/av/uk-42132804/relay-crime-theft-caught-on-camera
ID: 1903132 · Report as offensive
W-K 666 Project Donor
Volunteer tester

Send message
Joined: 18 May 99
Posts: 17847
Credit: 40,757,560
RAC: 67
United Kingdom
Message 1903296 - Posted: 28 Nov 2017, 6:40:01 UTC

Interesting case, even if you are only slightly paranoid, you need to keep your eye on the final decision.
Supreme court cellphone case puts free speech – not just privacy – at risk
On Wednesday, the supreme court will consider whether the government must obtain a warrant before accessing the rich trove of data that cellphone providers collect about cellphone users’ movements. Among scholars and campaigners, there is broad agreement that the case could yield the most consequential privacy ruling in a generation.

Less appreciated is the significance of the case for rights protected by the first amendment. The parties’ briefs make little mention of the first amendment, instead framing the dispute – for understandable reasons – as one about the right to privacy. Yet the court’s resolution of the case is likely to have far-reaching implications for the freedoms of speech, press and association.
The case, Carpenter v United States, arises out of the government’s prosecution of Timothy Carpenter for a series of armed robberies.
Importantly, it turned over these records even though the government had not obtained a warrant based on probable cause. Carpenter asked the court to suppress the government’s evidence under the fourth amendment, which protects the right to privacy.

Many cellphone users have only a vague understanding of the extent to which providers monitor their movements, but these companies now track us much more closely than even the most committed human spies ever could. Cellphones function by connecting to antennas – “cell sites” or “cell towers” – that provide cellular service. Those cell sites, which are owned and operated by the cellular companies, are programmed to record which phones connect to them, and when. They also record the direction from which the connecting phone’s signal is received and, often, the distance of the phone from the cell site.

So-called “cell site location information” is becoming ever more precise, because the cellular network is becoming ever more dense. The analytical tools that can be brought to bear on this information are also becoming more sophisticated, meaning that investigators can draw reliable conclusions from smaller and smaller amounts of data. It’s precisely because the information is so rich, of course, that the government is interested in accessing it.
ID: 1903296 · Report as offensive
moomin
Avatar

Send message
Joined: 21 Oct 17
Posts: 6204
Credit: 38,420
RAC: 0
Sweden
Message 1903334 - Posted: 28 Nov 2017, 12:45:54 UTC

World Wide Web is about to divide.
https://meduza.io/en/news/2017/11/28/russia-s-security-council-tells-the-government-to-develop-a-separate-internet-for-the-brics
Russia’s Security Council has instructed the Communications Ministry and Foreign Ministry to develop plans for a separate Internet infrastructure that would serve the five major “emerging national economies” (Brazil, Russia, India, China, and South Africa), known as “the BRICS.” According to the magazine RBC, Russia’s Security Council discussed the initiative at a meeting on October 26, and President Putin ordered the government to draw up a proposal by August 1, 2018.

https://www.rt.com/politics/411156-russia-to-launch-independent-internet/
ID: 1903334 · Report as offensive
Profile Wiggo
Avatar

Send message
Joined: 24 Jan 00
Posts: 28364
Credit: 261,360,520
RAC: 489
Australia
Message 1903346 - Posted: 29 Nov 2017, 0:48:50 UTC

Major Apple security flaw grants admin access on macOS High Sierra without password

There’s a major flaw in Apple’s macOS High Sierra operating system that allows anyone with physical access to a Mac to gain system administrator access without so much as entering a password. Late Tuesday, Apple confirmed that it’s working on a software update to fix the issue and published step-by-step instructions to help customers protect their machines in the meantime.

Cheers.
ID: 1903346 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 29520
Credit: 53,134,872
RAC: 32
United States
Message 1904024 - Posted: 1 Dec 2017, 4:48:35 UTC

Open source panacea ... not
https://www.designnews.com/content/7-reasons-open-source-software-should-be-avoided/100858102757881
7 Reasons Open Source Software Should Be Avoided
As much potential as open source software can provide, there are several reasons why embedded software developers should avoid it like the plague.
Reason #1 – Lacks a traceable software development life cycle
Reason #2 – Designed for functionality not robustness
Reason #3 – Accidentally exposing confidential intellectual property
Reason #4 – Lacking automated or manual tests
Reason #5 – Poor documentation or documentation that is lacking completely
Reason # 6 – Real-time support is lacking
Reason #7 – Integration is never as easy as it seems
ID: 1904024 · Report as offensive
Profile Mr. Kevvy Crowdfunding Project Donor*Special Project $250 donor
Volunteer moderator
Volunteer tester
Avatar

Send message
Joined: 15 May 99
Posts: 3652
Credit: 1,114,826,392
RAC: 3,319
Canada
Message 1904051 - Posted: 1 Dec 2017, 9:49:17 UTC - in response to Message 1904024.  

Gary, I think you should enlighten the owners, developers and administrators of earth's top 500 supercomputers, because as of a few days ago, every single one of them are running Linux. (The two AIX holdouts fell off the bottom as of the last update... it was "only" 498 for a year or more.)

Those poor people... whatever will they do?

//sarc
ID: 1904051 · Report as offensive
Profile Siran d'Vel'nahr
Volunteer tester
Avatar

Send message
Joined: 23 May 99
Posts: 7373
Credit: 44,181,323
RAC: 238
United States
Message 1904065 - Posted: 1 Dec 2017, 11:31:57 UTC - in response to Message 1904051.  

Gary, I think you should enlighten the owners, developers and administrators of earth's top 500 supercomputers, because as of a few days ago, every single one of them are running Linux. (The two AIX holdouts fell off the bottom as of the last update... it was "only" 498 for a year or more.)

Those poor people... whatever will they do?

//sarc

Mr. Kevvy,

Is Gary still ranting on about the "horrors" of using open-source software (I don't see his posts anymore)? He is dead set against it. Me? I use open-source software and have no problem with keeping it updated.

Siran
CAPT Siran d'Vel'nahr XO - L L & P _\\//
USS Vre'kasht NCC-33187
Winders 10 OS? "What a piece of junk!" - L. Skywalker
"Logic is the cement of our civilization with which we ascend from chaos using reason as our guide." - T'Plana-hath
ID: 1904065 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 29520
Credit: 53,134,872
RAC: 32
United States
Message 1904109 - Posted: 1 Dec 2017, 14:57:22 UTC - in response to Message 1904051.  

Gary, I think you should enlighten the owners, developers and administrators of earth's top 500 supercomputers, because as of a few days ago, every single one of them are running Linux. (The two AIX holdouts fell off the bottom as of the last update... it was "only" 498 for a year or more.)

Those poor people... whatever will they do?

//sarc

Mr. Kevvy, the issue isn't the linux kernel, the issue is assuming the over 1+ million other open source projects are run as well. And you have just proven the issue.
Might have a read of the article.
ID: 1904109 · Report as offensive
moomin
Avatar

Send message
Joined: 21 Oct 17
Posts: 6204
Credit: 38,420
RAC: 0
Sweden
Message 1904158 - Posted: 1 Dec 2017, 16:33:29 UTC - in response to Message 1904065.  

Gary, I think you should enlighten the owners, developers and administrators of earth's top 500 supercomputers, because as of a few days ago, every single one of them are running Linux. (The two AIX holdouts fell off the bottom as of the last update... it was "only" 498 for a year or more.)
Those poor people... whatever will they do?
//sarc

Mr. Kevvy,
Is Gary still ranting on about the "horrors" of using open-source software (I don't see his posts anymore)? He is dead set against it. Me? I use open-source software and have no problem with keeping it updated.
Siran

Fun with NULL pointers.
https://lwn.net/Articles/342330/
Perhaps not so funny when some open source coder did that mistake some years ago.
The check of the password to Linux "root" was then compared to the value of a pointer.
Not the content of the pointer.
Resulted to that every password was accepted even null ones!
ID: 1904158 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 29520
Credit: 53,134,872
RAC: 32
United States
Message 1904172 - Posted: 1 Dec 2017, 17:07:32 UTC - in response to Message 1904158.  

Gary, I think you should enlighten the owners, developers and administrators of earth's top 500 supercomputers, because as of a few days ago, every single one of them are running Linux. (The two AIX holdouts fell off the bottom as of the last update... it was "only" 498 for a year or more.)
Those poor people... whatever will they do?
//sarc

Mr. Kevvy,
Is Gary still ranting on about the "horrors" of using open-source software (I don't see his posts anymore)? He is dead set against it. Me? I use open-source software and have no problem with keeping it updated.
Siran

Fun with NULL pointers.
https://lwn.net/Articles/342330/
Perhaps not so funny when some open source coder did that mistake some years ago.
The check of the password to Linux "root" was then compared to the value of a pointer.
Not the content of the pointer.
Resulted to that every password was accepted even null ones!

I like this from part 2 of that article
One way of finding these problems may be the Smatch static analysis tool. Smatch went quiet for some years, but it appears that Dan Carpenter is working on it again; he recently posted a NULL pointer bug that Smatch found for him. If Smatch could be turned into a general-purpose tool that could find this sort of problem, the result should be a more secure kernel. It is unfortunate that checkers like this do not seem to attract very many interested developers; free software is very much behind the state of the art in this area and it hurts us.
ID: 1904172 · Report as offensive
Profile Mr. Kevvy Crowdfunding Project Donor*Special Project $250 donor
Volunteer moderator
Volunteer tester
Avatar

Send message
Joined: 15 May 99
Posts: 3652
Credit: 1,114,826,392
RAC: 3,319
Canada
Message 1904173 - Posted: 1 Dec 2017, 17:17:02 UTC - in response to Message 1904172.  

<<shrug>> Apple, worth what... $700 billion? And anyone can get into their flagship desktop OS as an admin. by entering "root" as a logon name and clicking the logon button repeatedly. How many hundreds of closed-source mobile apps. had to be pulled for being fake or containing malware again?

This is not an open-source issue. It's a human nature issue.
ID: 1904173 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 29520
Credit: 53,134,872
RAC: 32
United States
Message 1904176 - Posted: 1 Dec 2017, 17:49:07 UTC - in response to Message 1904173.  

This is not an open-source issue. It's a human nature issue.
Yes. And people who say open source doesn't have human nature issues are the open source issue.
ID: 1904176 · Report as offensive
Profile Mr. Kevvy Crowdfunding Project Donor*Special Project $250 donor
Volunteer moderator
Volunteer tester
Avatar

Send message
Joined: 15 May 99
Posts: 3652
Credit: 1,114,826,392
RAC: 3,319
Canada
Message 1904178 - Posted: 1 Dec 2017, 18:02:47 UTC - in response to Message 1904176.  

Yes. And people who say open source doesn't have human nature issues are the open source issue.


And who exactly are these people? I haven't seen one and I am certainly not one.
ID: 1904178 · Report as offensive
moomin
Avatar

Send message
Joined: 21 Oct 17
Posts: 6204
Credit: 38,420
RAC: 0
Sweden
Message 1904180 - Posted: 1 Dec 2017, 18:06:44 UTC - in response to Message 1904173.  
Last modified: 1 Dec 2017, 18:07:29 UTC

This is not an open-source issue. It's a human nature issue.

That's very true.
For instance.
I bought a new computer with a newer OS from Microsoft.
Naturally I wanted to copy files from my older one.
It didn't work over my network
The answer I got from Microsoft Support was that their OS where not compatibal.
BS answer and if I wanted more "support" they would charge me/company another $10 per hour!!!
Anyway. After a while I figured it out.
I connected the two computers with a cable instead.
Voilà and behold, my precious files where copied:)
ID: 1904180 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 29520
Credit: 53,134,872
RAC: 32
United States
Message 1904198 - Posted: 1 Dec 2017, 20:01:18 UTC - in response to Message 1904178.  

Yes. And people who say open source doesn't have human nature issues are the open source issue.


And who exactly are these people? I haven't seen one and I am certainly not one.
Those who scream that the top X computers run linux might be them. Those that scream about millions of eyeballs might be them. Not that they utter it, they say it by other methods. Frequently they say it's open source as if that is a panacea when talking about some project. As you clearly know it is not, nor does it make any difference in the possibility of serious flaws, but to the believers in the myth ...
ID: 1904198 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 29520
Credit: 53,134,872
RAC: 32
United States
Message 1904510 - Posted: 2 Dec 2017, 22:21:07 UTC

The reality: http://thehill.com/opinion/cybersecurity/361855-pentagons-move-toward-open-source-software-isnt-going-to-enhance
The expected 2018 Pentagon and Department of Defense (DoD) budget includes a new pilot program which requires at least 20 percent of custom developed code to be released as open source software (OSS). The OSS program holds many advantages, notably reducing costs and increasing code reuse, but one of its claimed benefits — improving security — is not quite as simple as it seems.

The perception that open source software is more secure than its closed source cousin is best explained with Linus’s Law. The law, named after the creator of the open source Linux operating system, states that “given enough eyeballs, all bugs are shallow.” Since the code of open source software is publicly available, the entire community can inspect it, uncovering all flaws and security holes. This statement may have been correct when it was coined in 1999, when OSS was still in its infancy, but it was rendered invalid as the usage of open source skyrocketed.

The volume of OSS usage today is mind boggling. GitHub, the platform hosting most OSS projects, hosts roughly 70 million open source projects. There are nearly 600,000 open source components on the repository, which are downloaded a combined 14 billion times a month. And these numbers are growing by double digit percentages each year, a pace the community can barely keep up with, let alone allow the community to tightly scrutinize each project.

Even the most popular open source projects, which get a disproportionate amount of usage and attention, can have severe security flaws. Shellshock, a severe vulnerability in the popular open source bash utility, existed in the project since 1989, but was only disclosed in 2014. Heartbleed, a flaw in a popular encryption library which exposed the secrets of roughly 25 percent of "https" (supposedly secure) websites, existed for two years before being discovered. And the latest Equifax breach was caused by a vulnerability in a popular open source Apache Struts library, which took four years to unveil.

It’s important to clarify open source is also not less secure than commercial software. Vulnerabilities are frequently discovered in commercial, closed-source software, and attackers reverse engineer it regularly. However, relying on the open source community to unveil vulnerabilities is not a path to a secure future.
ID: 1904510 · Report as offensive
Profile Siran d'Vel'nahr
Volunteer tester
Avatar

Send message
Joined: 23 May 99
Posts: 7373
Credit: 44,181,323
RAC: 238
United States
Message 1904517 - Posted: 2 Dec 2017, 22:55:47 UTC

Hey everyone,

You know? Someone here is so darned set against OSS (Open-Source Software) that they seem to forget the BIG gorilla when it comes to Operating Systems. Namely Microsoft. Equifax is ALWAYS the go-to scenario in arguments against OSS. It was not the software's fault the breach was made, it was the IT department's lack of applying the update to PREVENT the breach. The issue was fixed before the breach. I'm here to turn-the-tide so-to-speak...

How about this security breach: https://en.wikipedia.org/wiki/WannaCry_ransomware_attack. This did NOT happen on Open-Source Software, it happen on Microsoft's own Windows. The issue was discovered and fixed in March this year and the attack started in May. Who's at fault? Not the software. It's individuals and IT departments that are at fault for not applying the patch.

Nuf sed.

Siran
CAPT Siran d'Vel'nahr XO - L L & P _\\//
USS Vre'kasht NCC-33187
Winders 10 OS? "What a piece of junk!" - L. Skywalker
"Logic is the cement of our civilization with which we ascend from chaos using reason as our guide." - T'Plana-hath
ID: 1904517 · Report as offensive
moomin
Avatar

Send message
Joined: 21 Oct 17
Posts: 6204
Credit: 38,420
RAC: 0
Sweden
Message 1907238 - Posted: 15 Dec 2017, 14:17:17 UTC
Last modified: 15 Dec 2017, 14:24:43 UTC

Sophisticated malware halts operations at power station in unprecedented attack which experts believe was state-sponsored.
In what experts are calling a watershed moment, hackers have infiltrated the critical safety systems for industrial control units used in nuclear, oil and gas plants, halting operations at at least one facility.
https://www.theguardian.com/technology/2017/dec/15/triton-hackers-malware-attack-safety-systems-energy-plant
https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html

Previous similar cases has been seen against Iran and Ukraine.
ID: 1907238 · Report as offensive
Profile Wiggo
Avatar

Send message
Joined: 24 Jan 00
Posts: 28364
Credit: 261,360,520
RAC: 489
Australia
Message 1908549 - Posted: 23 Dec 2017, 3:10:28 UTC
Last modified: 23 Dec 2017, 3:12:27 UTC

Apple Is Being Sued Over Slowing Down iPhones.

Apple is facing two separate lawsuits over its recently disclosed throttling of the performance of older iPhones. The lawsuits, filed in Illinois and California, allege that Apple intentionally slowed down iPhones in order to get consumers to buy new models.

Being greedy could cost you big time and more law suits are expected to follow.

Cheers.
ID: 1908549 · Report as offensive
Previous · 1 . . . 17 · 18 · 19 · 20 · 21 · 22 · 23 . . . 25 · Next

Message boards : Politics : Computers & Technology 3


 
©2022 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.