×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Lessons Learned From Google's Green Energy Bust

Aaden42 Re:Simple (222 comments)

That should be long enough for the sun to go red giant, no? I think we’ll have plenty of deuterium on Earth after that...

about a week ago
top

UK Hotel Adds Hefty Charge For Bad Reviews Online

Aaden42 Re: Ask the credit card for a refund (307 comments)

Start with http://consumerist.com/

It’s a big jump to communism for a couple of lousy hotels. Shame them into better behavior or out of business. Either way, the market’s working properly in this case.

about a week ago
top

US Gov't Issues Alert About iOS "Masque Attack" Threat

Aaden42 Re:I don't get it... (98 comments)

But we don’t have Steve Jobs to tell us that we’re doing it wrong!

He did tell you. He was against the Enterprise provisioning system from day one. I can only assume it was because it would make attacks like this possible. The other ways of running non-Apple signed code are all per-device limited (you need an Apple-signed profile with each device’s UDID in it, max of 100 devices). Enterprise provisioning allows running on unlimited devices without needing to know the UDID’s in advance.

about two weeks ago
top

US Gov't Issues Alert About iOS "Masque Attack" Threat

Aaden42 Re:I don't get it... (98 comments)

You also have to enter your phone’s unlock code (assuming you set one) to install the provisioning profile.

I’d have a *tiny* amount of concern if it was tap-tap-tap-pwn3d, but it’s not something anyone could realistically do accidentally. Do without realizing the impact of it yes, but not “tap the wrong thing and you’re dead”.

At the point that you’re keying in your phone’s password (something you’d never do when installing a normal Apple app store app, unless your iTunes account & phone use the same password, in which case WTF???), you have to be pretty willfully ignorant OR dead set on installing some l33t p1r4t3 w4r3z to go though all those hoops. If the former, seriously, get a clue. If your das compüterbox is asking you to do something it’s never asked you to do before and you have no idea why, STOP and ask a grown up FFS! (If the latter, enjoy your malware. You earned it!)

As much as I hate to admit it, this thing actually validates Apple’s original stance that users can’t handle side-loading intelligently. Before the enterprise provisioning program was created, this attack would have been impossible. The only way to run non-Apple signed code would have been with a developer profile which requires each individual phone UDID to be encoded in it with an Apple-imposed maximum of 100 devices. Enterprise provisioning profiles are pretty much exactly equivalent to Android side-loading.

This is why we can’t have nice things...

about two weeks ago
top

WireLurker Mac OS X Malware Found, Shut Down

Aaden42 Re:Now (59 comments)

RTFA, please. This didn’t require jailbreaking to infect the phone.

Infection process:

1) Download pirate-friendly AppStore app for your Mac.
2) Download & run one of the trojaned, probably pirated apps on your Mac.
3) Plug in your phone.
4) Accept the prompt to install an enterprise provisioning profile, enter your device’s unlock code to authorize that, confirm one more time that you’re certain you want to install the profile (at least that was the process last time I added a custom profile: Two “Are you sure?"’s and an authentication prompt, not just TouchID).
5) Trojaned apps on Mac scan for interesting apps on the phone & replace them with trojaned versions of the iOS apps.

No iOS or Mac bugs were exploited.

The Mac side was just downloading & running dodgy software from (software) houses of ill repute.

The iOS side relied on a legitimate Apple-signed key that was issued to some company (haven’t found the name of the company yet — redacted to protect the careless?) It does seem that the key had greater than usual entitlements to allow additional background execution beyond what’s usually allowed. The trojaned iOS apps ran on a non-jailbroken, non-compromised (by bugs anyways) phone because the user allowed installation of the enterprise provisioning profile which allows the phone to run apps signed by someone other than Apple.

As far as mitigation, Apple added signatures for the Mac-side stuff to Gatekeeper so OS X won’t run them any more unless you stand on your head and accept a bunch of, “This will explode your computer!” prompts.

They also revoked the provisioning profile signing key on the phone side, so it can’t create newly trojaned apps on the phone, and the profile won’t be installable on new phones. I’m not sure at the moment what effect that revocation has on phones that have already installed the profile or on apps that were already modified by it. I’m also not sure if it’s vulnerable to the “change the date on your phone” thing that was used to installed NES emulators a while back. At one point, apps’ signatures were only checked on initial install, but I *think* expired or revoked enterprise profiles are actually checked at each launch and the apps should die now.

about three weeks ago
top

The Fight Over the EFF's Secure Messaging Scoreboard

Aaden42 Re:Don't buy American. (63 comments)

Right, I forgot about WinCE, I mean WinMo, I mean WinRT, I mean “just-Windows, but it’s different and doesn’t run the same apps”. That’s a much more trust-worthy option than Android or iOS. Or were you talking about WebOS (US-made, essentially defunct) or Blackberry (long standing tradition of rolling over for oppressive governments to prop up their bottom line).

Anything else?

about three weeks ago
top

Virginia Court: LEOs Can Force You To Provide Fingerprint To Unlock Your Phone

Aaden42 Re:don't use biometrics (328 comments)

Okay, okay. I know what this is Your “phone” is really one of these:

Motorola DynaTAC

You had me going there for a minute.

about three weeks ago
top

Virginia Court: LEOs Can Force You To Provide Fingerprint To Unlock Your Phone

Aaden42 Re:don't use biometrics (328 comments)

That’s a very nice delusional world you live in that you believe that you need actual evidence that would stick in court and lead to a jury actually convicting you in order to have your life ruined.

“Leak” to the press or your employer from the cops or DA? Nice knowing you

about three weeks ago
top

Virginia Court: LEOs Can Force You To Provide Fingerprint To Unlock Your Phone

Aaden42 Re:don't use biometrics (328 comments)

If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.
  -- Cardinal Richelieu

Do you have any idea how many “lines written by [your] hand” are on your phone? I would bet you your phone that a dedicated investigator could find either evidence of a crime OR evidence sufficient to bolster suspicion of a crime which would be adequate to secure further warrants to search your home, vehicle, person, etc. The only question is whether you’re interesting enough to an investigator or if one of those crimes is in vogue for “zero tolerance” prosecutions at that time.

about three weeks ago
top

MPAA Bans Google Glass In Theaters

Aaden42 Re:Who likes a horrible recording? (357 comments)

And clearly teenagers who can neither get to a theater nor pay for a ticket are exactly the untapped segment of the customer base that the MPAA is just dying to...... no... wait...

about a month ago
top

MPAA Bans Google Glass In Theaters

Aaden42 Re:Smart phones still acceptable. (357 comments)

Because the 128GB of flash in your phone isn’t enough to cap a two hour movie without a network connection? Math much?

I don’t spend two hours in places that have no reception. It doesn’t happen. Yes, my phone is on silent & in my pocket. No, I don’t pull it out & light up the screen in the middle of the show. But if one of a handful of distinctive vibrate patterns goes off while I’m watching the film, I’m out the door in the lobby to answer it before it stops ringing, or else I’m out of a job.

about a month ago
top

MPAA Bans Google Glass In Theaters

Aaden42 Re:Laywer fight (357 comments)

Wearing Glass != making a recording. Prove I made an MP4 or no law has been violated.

about a month ago
top

MPAA Bans Google Glass In Theaters

Aaden42 Re:So the question is ... (357 comments)

I had my iPad bag searched going in to watch The Giver a couple of months ago. My group of four respectable looking 30-something’s who were having a conversation about the book it was based on at the time, were physically blocked by the Rent-a-Truncheon(tm) who demanded to paw though my stuff before I could be permitted to walk in. They’d already taken our tickets, so I wouldn’t even have been permitted to run it back out to the car without paying for a second ticket. He pointedly gestured at the “Absolutely no re-entry!” sign when I stated that’s what I wanted to do.

You’ll never catch me at that theatre again. I have to just about be bodily dragged to a theater anyways, and I’m kind of a stickler when it comes to being secure in my person and effects...

about a month ago
top

MPAA Bans Google Glass In Theaters

Aaden42 Re:No sympathy for either side (357 comments)

Except of course when the abusers “lose” the cameras or they “malfunction,” coincidentally at the exact moment the abuse was about to occur.

All the more reason for abusees and disinterested third parties to be camera-equipped. Sorry to hear your $50,000 police cruiser dash cam malfunctioned. Here’s the MP4 from my $600 smartphone that caught the whole thing. You’re welcome!!!!

about a month ago
top

MPAA Bans Google Glass In Theaters

Aaden42 Re:I dunno what's worse... (357 comments)

The theaters kind of do care actually. I’d put money down that every screening has the date/time and theater’s location and/or ID steganographed into the video and audio. When something gets cammed and leaked, the *AA knows what theater f-d up and the theater knows who was on duty when it happened. I’m positive there are contractual stipulations with respect to how much the theater chain pays when they f-up, how many times they can f-up before being penalized in terms of not getting first-run movies, and how close to zero tolerance they have for employees who let it happen on their watch.

The tech to do it is TRIVIAL considering they’re already doing per-viewing DRM to unlock the encrypted digital copies stored on-site. Just post-process the A/V while you’re playing it back. Simple

about a month ago
top

Why CurrentC Will Beat Out Apple Pay

Aaden42 Re:Not a chance (631 comments)

That debit fraud has been reversed in hours is a courtesy extended to you by your bank, not a legal requirement placed upon them. They may legally hold debited funds until the conclusion of any investigation into the charge. In contrast, credit cards are required by law to reverse the deduction in your clear to spend and not charge any interest or late fees upon the beginning of an investigation.

Some banks are usually nice about it on debit transactions, but they don’t have to be. If they were last time is no guarantee they will be next time.

about 1 month ago
top

Why CurrentC Will Beat Out Apple Pay

Aaden42 Re:Not a chance (631 comments)

You’re lucky the bank didn’t automatically re-open the account, hit you with the overdrafts, take you to collections, and black list you from ever having a checking account in the US again.

My girlfriend had to close her checking account three or four times when she found her family had got her check book and was using it (both deposits AND checks) as if it was their own account (since they’d already f-d their credit and couldn’t open a checking account anywhere in the state). The bank “helpfully” re-opened the account any time there was activity within 45 days of it being “closed.” It took a nastygram from an attorney to convince the bank manager that, “It’s just the way our system works,” was not an acceptable answer and he needed to fix it for good.

Not a chance in hell I’d sign up for any payment system that was ACH based, and that’s saying nothing of the credit card rewards programs I rather enjoy milking for everything they’re worth. I don’t even let PayPal use ACH (even though I had to give them access). It’s “Change Payment Method” to a good old credit card every single time.

about 1 month ago
top

LAX To London Flight Delayed Over "Al-Quida" Wi-Fi Name

Aaden42 Free Public WiFi (339 comments)

Imagine if the bug that used to rebroadcast SSID’s in WinXP was still prevalent in widely used systems? All it would take was one of these in an airport, and it would be bouncing around for days...

about 1 month ago
top

An Algorithm to End the Lines for Ice at Burning Man

Aaden42 Re: Agner Krarup Erlang - The telephone in 1909! (342 comments)

One supermarket chain around Albany, NY tried implementing the single line system about a year ago. It only lasted a few months before they reverted.

At least at the grocery store, people disliked feeling corralled like cattle more than they dislike waiting slightly longer in a less efficient line. Might have been the way it was implemented, honestly. It had a rather frenetic feel to it, with the line “leader” guiding people to one of the actual registers with quite a bit of urgency and insistence. I’d guess there was probably some misguided, management-imposed, career-limiting metric system associated with the process such that the employee ultimately paid the price if customers dawdled and brought the throughput numbers down. That translated to a rather jarring mood to the whole thing.

about a month ago
top

BitHammer, the BitTorrent Banhammer

Aaden42 Re:Traffic Shaper? (429 comments)

I handle waiting rooms with crappy coffee & crappy wifi the same way: I bring the former in my own cup and the latter on my own phone w/ tethering enabled if I need it.

Sometimes you have to spend a little more money to have nice things, but it’s often worth it.

Oh? Any crappy wifi AND poor cell service in the same place? I’ve literally changed doctors for that before.

about a month and a half ago

Submissions

Aaden42 hasn't submitted any stories.

Journals

Aaden42 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?