Researchers Disarm Microsoft's EMET
Well the first step in exploiting IE or other apps on a system in the wild is to bypass EMET. Remember, EMET is a mitigation technology designed to make it harder to exploit a vulnerability in IE, Flash, Acrobat Reader, etc. by adding extra protections. So if you are able to turn EMET off, you can then get back to your normal exploit.
US Marshals Seize Police Stingray Records To Keep Them From the ACLU
They are probably more Pollyannas than Myrmidons. Either way, not good. Hopefully something will break this seeming juggernaut of government action suppressing information that people should have available to them.
Malvertising Up By Over 200%
While your definitions are correct, a lot of drive by downloads happen when you visit otherwise trusted pages - because the ad network servers either got successfully breached or they didn't vet their advertisers well enough (again). For example - go to cnn.com today and view the source of the page. ads.indeed.com, doubleclick.com, etc. All of these ad networks have had serious issues with serving malicious advertisements from time to time. They will allow someone's ad that uses a malware kit attacking all the Java, Flash, Adobe Reader, etc. vulnerabilities that are out there. People shouldn't get drive by downloads just because they visited what should be a trustworthy site. So yes, drive by downloads can and do come from what are supposed to be ads. They are purchased via legitimate ad networks and run on many sites.
Pedophile Asks To Be Deleted From Google Search After European Court Ruling
It doesn't really matter if it is external or internal. Any time you remove it from a search index you have effectively taken the material down. If people can't find it, it doesn't exist for them. If you remove a book from the card catalog, it can exist in the stacks for years with nobody ever seeing it. Web pages are the same way. If it isn't on the first couple of pages of results on Google, Bing, Duck Duck Go, Yandex, Baidu or whatever - forget it; it no longer exists as far as the world is concerned: they will never see it. Sure you can always send out links to a few people and those people can see it. You can post links on MyTwitFace+ and a few people will see it. But for the vast majority, the index is their view into the internet. Remove it from the index and it ceases to exist for all practical purposes.
Yahoo Mail Resets Account Passwords After Attack
I actually got a text message the other day (purporting to be Yahoo - turns out it was them) saying that unusual activity had been seen on my account and they had disabled it until I went to the site on a PC. (I hardly ever use it - so this was a surprise - it is just a catch all for crap sites I may have to sign up for to keep them out of my "real" email). Anyway, I have two factor auth turned on (for Google, MS, and Yahoo) so I was surprised to see this. I guess they used the right password, but couldn't pass the two factor test. Just signing on to my account sent me to a special page saying there was unusual activity and having me input my password and a new password (once only; no "type it twice" thing). The new password had to meet some criteria and their regex or whatever they were using is broken beyond belief. It says it must be between 8 and 32 characters, have upper and lower case, and numbers. However, my old password met most of this already and was 8 chars (it was only missing the upper case character). Adding a "Y" to the end did not pass - because apparently that is not an upper case character. Neither is any other upper case character. It looks like they need all of the character types in the first 8 positions in order to accept it. Very poor coding and design on that page. I finally just had KeePass generate a random PW for me and used that.
I think this is a "score one for two factor" moment - but the poor implementation of the "fix" on Yahoo's part was a turn off.
Supreme Court Refuses To Hear Newegg Patent Case
Oh, if it plays a tune ASCAP will be there asking for their live performance fee. Run. Just run.
Bennett Haselton: Google+ To Gmail Controversy Missing the Point
Spammers didn't typically scan the phone book and use automated bots to email all the people in it. So although phone books were "databases" they weren't easily accessible with some scripting.
The OP may believe that the Google+ "SPAMagedon" isn't coming - however - I have noticed that, over the last week, I have been added to the "circles" of well over one hundred "accounts". When I click on these, most of them are marketing accounts or sock puppets. Some of the names are clearly marketing: "Angry Birds Lösung 3 Stars Games.J500", "Anime TV and Title Loans Chicago", "Fred's Best Title Loans", etc. Others, when you go look at them, are pretty clearly similar. 10 people have them in circles but they have 5,000+ circled. The posts (if there are any) are just advertisements. Does anybody really think that this was random? I am pretty sure these folks are getting ready to spam using G+. Sure, they will eventually get shut down. But I'd advise people to go change the setting in GMail that allows these folks to send you mail without knowing your gmail account.
Ask Slashdot: How To Protect Your Passwords From Amnesia?
I had an amazing solution for just this problem. But, I had a small stroke and can no longer remember the solution. Sorry.
Linux Distributions Storing Wi-Fi Passwords In Plain Text
I have two access points as well. House is a two-story, 2,590 square feet. Cable access is at one end of the house and the main router is there as well. At the far end of the house, the signal has to go through several walls, a washer and dryer, and a staircase to get to the Chromecast plugged in behind the TV against the outer wall. It is about 1 bar and I am not about to try to use it like that as it will likely stutter and degrade. So I pulled wire to that end of the house and there is a second router (in simple bridge mode) there. As a bonus, I now have coverage in the upstairs master bedroom / bathroom where there was basically no signal before. BTW, this isn't a single router / brand issue. I have used about 7 or 8 different routers - all sorts of brands from Linksys, Netgear, Buffalo, etc. and they all had the same issue getting to the other end of the house.
NSA's Legal Win Introduces a Lot of Online Insecurity
Interesting point about the "reasonable person". I don't know any of them though. Most people I personally know (aside from my kids, who think like I do) think the meta data collection is OK. They equate it with survey data that is aggregated and anonymous - even though the meta data includes non-anonymous stuff like your phone number. I don't consider them reasonable, but they seem to be in the majority. Generally, if put to a vote, the majority - assuming they aren't apathetic and don't vote - will win and will be considered the reasonable ones. Maybe I am unreasonable? But I sure don't like the NSA collecting all of this info...
How much of your media do you store locally?
I guess the question does come down to "your media". However some of it is in a grey area. For example, I have a bunch of (legal) MP3 files that I personally ripped from CDs (which I still have). So I have these MP3 files and CDs here locally. But, I also have them on Google Music. How does that count? 1/3 cloud? Or, since they are the same files is that "local" and ignore the cloud "copy". We have a ton of DVDs in several racks. Those, of course, are local. As far as movies in the cloud, I never purchased any, but I got a free one here and there - so there are a few. But we watch a TON of Netflix. Those aren't MY media. But I have access. How does that count? I am going to have to say - because of all of that, that I have only those few movies I got free that are cloud only and are supposedly "mine". Compared to the number of DVDs and CDs (and MP3 files) that I have local those few free ones are rounding error making it 100% local. But since I use a lot of Netflix I think of myself as a heavy cloud consumer. Strange, huh?
62% of 16 To 24-Year-Olds Prefer Printed Books Over eBooks
Well, my wife and I are getting older (late 40s) and our eyes are not the best anymore. It is much easier to read an ebook on a Nexus 7 or a Kindle because you can increase the font size and lower the eye strain. Unfortunately you can't increase the font size on a paper book.
LoJack To Release Tracking Devices For Consumers, Insurance, and Auto Makers
If it was designed properly, they would not HAVE any information to sell (or leak when hacked). If, for example, I bought such a device for my kid's car, I would expect that the information it sends (including any unique identifier like a serial number in the equipment) is sent encrypted by my public key to the cloud service along with an unencrypted number representing ME (so that it can route to me in their system). I would have an application on my computer, tablet, etc. into which I could put my private key / certificate. It would download the encrypted information and decrypt it locally. Anything less - nope! No sale. If they are able to do alerts and geo fencing - it is clear that they get the information on location unecrypted and can access it. I would not want to get such a system...
Time For a Warrant Canary Metatag?
None of this matters. If any sort of canary became popular - EVERY site that had one would immediately get one of these secret orders. That order may be for something ludicrous (home phone of the CEO or something), but they would ALL get a secret order immediately. Boom. All the canarys are dead. And they no longer provide any information. Your move internet...
In an arcade with only the following games ...
I chose the Pinball option. But if it had Galaga and Gorf - I'd have to split my time 3 ways between Galaga, Gorf, and Pinball.
A Plan To Fix Daylight Savings Time By Creating Two National Time Zones
There is only one real fix - abolish time zones completely. As the summary states, time is arbitrary. Duration may be based on something concrete (like the decay of a particle or something), but the actual time itself is indeed arbitrary. Let's just agree that everyone uses UTC and call it done. Can you imagine the benefit? When is that world cup football (US: soccer) match on? Oh, at 17:00. Who gives a rat's ass where it is now? It is on when it is on. No, hmm, it is in Brazil, that is x time zones from me - wait am I forward x or back y from that - heck, when the fuck is it on! Just one time. World wide. Why does it matter if we get up at 23:30? It is arbitrary. If your boss then expects you at work at 2:00 - fine. Later in the year, if they want to change that to 3:00, no problem. But the time itself is just a referent. There is absolutely no reason that it cannot be 14:00 in California, Singapore, and the UK at the same instant. Who cares where the sun appears to be if you look up at that same instant? It doesn't matter. What matters much more is being able to coordinate things easily on a global scale. Get it done!
Twitter Marks Clean Sites As Harmful, Breaks Links
Sure, but it wouldn't be so hard to just block the content from the ad network until it was verified as cleaned up. An added benefit is that - the first time this happened - the ad networks would start to take security more seriously.
Matchstick-Sized Sensor Can Record Your Private Chats Outdoors
'It's not just this one technology that's the problem,' Schneier says. 'It's the mic plus the drones, plus the signal processing, plus voice recognition.'"
I usually agree with Bruce. But unless that quote was taken way out of context, he is wrong here. Technology isn't the problem. It never is. It is the people salivating at the thought of using it against us. Even those who think they are doing us a service to keep us safe: when they invade our privacy, they are the problem. The tech? It's actually cool. There are probably - how would someone jaded to the world of sound and copyright put it - many non-infringing uses of the tech. It can probably even be used in a way that isn't spying. For example recording a conference speaker (with permission) in a noisy room or the like.
Robotic Boat Hits 1,000-Mile Mark In Transatlantic Crossing
They would need weaponized autonomous vehicles though. Otherwise the other drug runners would steal from them by capturing their autonomous vehicle. They would need to be hardened from a computer / radio front so that they can't simply be "hacked" to go to a different destination and they would need to be hardened to physical assault so that crazies in rubber boats wouldn't come steal the drugs or simply grab the whole unit.
Should the U.S. bomb Syria?
Bombing even selected targets will just make innocent people pay for the actions of a few. There are a few people who were involved in ordering the chemical attacks. If anything were done, those few would be taken to international court (the Hague is it?) and charged with war crimes. That should be the extent of it. Oh, and someone should investigate the claims that the rebels also used chemicals several months ago. There might be some folks that need to be charged with war crimes there too.
GIL_Dude has no journal entries.