Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Limiting the Teaching of the Scientific Process In Ohio

vux984 Re:This is good! (522 comments)

In my experience, it's because high school math is taught equally terribly. No... more terribly, because the subject matter is more complex. Useless busywork and rote memorization abound.

See, on this point we actually agree. I was appalled at Physics 11 and 12 for example; once I hit first year calculus and all the stupid formulas we were applying and memorizing v=1/2at^2 for velocity of an accelerating object etc.. just fell out of simple calculus cases. But Organic Chemistry and balancing reactions, that needed to be exactly what it was.

The paper you linked had a musical example... and berated the fixation on music theory, and was a good read. But at the same time, theory is good too, and the history of music too. It is not bad to teach and test those, its bad to ONLY teach those.

But elementary school math? I'm just NOT seeing the issue you have. They are drawing things, and piling them up, and working with sequences, nearly everything they do at the beginning is based around patterns and symmetry. All the times tables are introduced gradually, and as sequences, and visually. The relationships established between numbers, grids of squares, piles of beads. It doesn't seem bad to me at all.

Yes, memorization of basic arithmetic facts kicks in grade 3 and 4 but I just can't get upset by that. Its a small but important piece. And even if they "fixed" the latter years education, I'm hard pressed to imagine a curriculum that wouldn't be facilitated by having single digit arithmetic as a basis skill to draw from. Just as I can't imagine a written language course that didn't require you to have at some early point memorized the alphabet and their canonical sounds. (Or in the case of a language like Mandarin, the basic set and the rules that govern the alphabet..)

Just as your document mocked painting in terms of theory, and rightly so, there is a need to be able to name colours taught alongside the freeform expression of fingerpainting. Does a child need to know that colour they smeared from here to there in a pleasing squiggle is blue to make that blue squiggle? No all they need is paint and imagination. But they still DO need to be taught that the color is blue to be able to communicate. And that has to be memorized. There is no deeper understanding of the names of colours -- you just have to remember which are called blue and which are called green, etc.

Your linked paper went into detail talking about the joy of discovering analytic geometry by drawing a rectangle around a triangle, but how would you teach this if your students hadn't previously memorized what a rectangle and triangle actually were? And how would you teach the names of shapes? They are occasionally descriptive... quadrilateral, triangle, parallelogram... but why is it canonically called a triangle and rarely a trilateral? And what the fuck is a rhombus or a trapezoid or a hexagon? And usually what is meant by a hexagon is a regular hexagon, god help the kid who tries to bisect an irregular hexagon into 6 equilateral triangles...

"A similar problem occurs when teachers or textbooks succumb to âoecutesyness.â This is
where, in an attempt to combat so-called âoemath anxietyâ (one of the panoply of diseases which
are actually caused by school), math is made to seem âoefriendly.â To help your students
memorize formulas for the area and circumference of a circle, for example, you might invent this
whole story about âoeMr. C,â who drives around âoeMrs. Aâ and tells her how nice his âoetwo pies
areâ (C = 2Ïr) and how her âoepies are squareâ (A = Ïr2) or some such nonsense"

Yikes. I've never seen something so banal in my own or my kids education. We can agree that's terrible. But I can also stipulate that my kids weren't exposed to it either... has anybody actually been taught that? Was it ever more than a failed experiment? Tried for a few years, found wanting, and then abandoned?

The upshot, in my opinion is that something like the area of a circle, just like my physics 11/12 formulas really SHOULDN'T be taught until after the kids have learned trigonometry, periodic functions, and calculus... because those are necessary to really understand the answer.

There's no reason to memorize the forumula though. Ever. And I'm not sure they are expected to now.

Your linked article also writes:

"Mathematics is the purest of the arts,"

I'd argue that philosophy (logic) is purer still. Mathematics itself is a construct of logic. (And for truly fun mind games, take meta-logic.)

-cheers

3 days ago
top

Limiting the Teaching of the Scientific Process In Ohio

vux984 Re:This is good! (522 comments)

Because not everyone needs to do that as much as others.

Well, everyone needs to do it several days a week in math class for the remaining 8 years of school left after they start learning arithmetic, as they learn algebra, analytic geometry, polynomials, pre-calculus... you know, grade school math classes that everyone does.... so there's THAT. Not to mention where it shows up in science ... chemistry and physics.

Arguably you need it more in school, FOR school, than you do as an adult. Although it's pretty valuable too if you want to do any STEM post high school, and STEM is something school SHOULD be preparing kids for, even if most of them don't go that route.

Further in my experience, the kids that have trouble with high school math are frequently hobbled because they can't manipulate basic arithmetic efficiently, and too much of their time and concentration is spent adding, multipliying and dividing coefficients that they don't have anything left to do the actual math. They can't keep up. Homework is a huge chore -- because they are spending hours on arithmetic... 8x - 4= - 4x; they spend their time not on the simple algebra manipulations... but 8+4 = ?, and then 12/3 = ?

Because not everyone who does it 'manually' does it at the same speed. Because some people use tools.

And either way 15 minutes of homework turns into 2 hour marathons and they don't even learn anything because too much time and energy was diverted from learning algebra that it becomes like learning chop wood, but having to carry each log for 20 minutes before you can swing at it. 2 hours of practice, and you've only actually swung at the log 6 times.

You can just memorize a few and then observe simple, basic patterns.

So now your argument isn't that we need to rote memorize the entire multiplication tables, we just need to rote memorize part of the multiplication tables? No shit sherlock.

Pretty much nobody would memorize 100 separate multiplication facts.

The 0, 1, and 10x tables... nobody "memorizes those" as they are just:

0x? = 0
1x? = ?
10x? = ?0

Then 11x? = ?? (not even in the single digit tables, but its so easy you might as well remember this too)

The 2x table is 100% overlapped with addition. If you know 4+4 you know 2x4. So nothing new to remember there either.

Then you can reduce what is left to a diagnonal matrix. Nobody has to remember 9x3 if they know 3x9, etc. The only 9x table fact that need to know is 9x9. The only 8x facts they need are 8x8 and 8x9. The only 7x facts they need are 7x7, 7x8, and 7x9, etc.

The size of the remaining diagnonal matrix is 1+2+3+4+5+6+7 = 28 lousy multiplication facts should be memorized along with a handful of trivial rules. That's the most anyone needs to even TRY to commit to memory to have instant recall of the complete set.

The names of the letters of the alphabet are just as "arbitrary" and there's 26 of those.

Sure if you forget 7x8 one day, recalling 7x5 and counting by 7s to get to 7x8 is perfectly fine, but if your having to do stuff like that all in high school, your seriously handicapping yourself.

You want to graduate and forget everything you knew about history, arithmetic, physics, and chemistry that's fine. You can probably "get along fine" with grade 5 literacy, and the ability to use a calculator for basic arithmetic. Millions do. But that's hardly a good thing.

3 days ago
top

Canada Tops List of Most Science-Literate Countries

vux984 Re:Those stupid Canadians! (213 comments)

They think maple syrup grows on trees!

No they don't. It grows IN trees not on them; that's why you need to install a tap.

4 days ago
top

Limiting the Teaching of the Scientific Process In Ohio

vux984 Re:This is good! (522 comments)

I've found otherwise.

I don't know what that means. If you need to calculate 7 x 7 how is not being able to recall it, not a significant drawback.

Why do you think that what works for you must work for everyone else, or what doesn't work for you must not work for everyone else?

Because there is no method of arithmetic that doesn't require memorization of at least a significant subset of basic single digit math facts.

I'm going to say something truly outrageous: Different individuals are different.

Different sure. But your claim amounts to them being magical.

I'm trying to be open minded here... but just how do you calculate 7x7 ? Or 9x22 ? How do you simplify 35/56? How do you divide 4/61 to get a decimal?

What technique do you use that allows you to do this easily without being able to recall basic arithmetic facts about single digit addition and multiplication?

4 days ago
top

Chromium 37 Launches With Major Security Fixes, 64-bit Windows Support

vux984 Re:Why not a master password for the PW manager? (113 comments)

You just happen to be super vigilant with your security and if Chrome had implemented a Firefox style password protected password manager it most certainly would not have met your needs either.

It could potentially replace the lowest value vault.

the most worthwhile measure you take above Firefox and Chrome, is that you compartmentalise your passwords

Yes, and its a major failing of all systems out there that compartmentalization isn't better supported at the system level. Not only does the OS fail to guide users to compartmentalizing, it abjectly fails to support it at all.

Some random piece of software I download from the internet shouldn't get read access to my documents folders or be able to root through (on windows) the programdata folders of OTHER installed software by default. It should get access to its OWN programdata folder, it should get access to its own documents. If I want to grant it access to other things, that should be explicit.

As for your argument about key loggers being "harder" to develop than other malware

I didn't make that argument.

I made the argument that it was easier to *detect* keyboard hooks. And that hooking into the keyboard takes longer to compromise the passwords because it has to wait until passwords are typed in -- vs just being able to read them out.

then it stands to reason they could also log attempts to read the password management API.

That's a good point. However, the number of apps that have a legitimate reason to call the password management API is very high. The number of apps that legitimately need to hook into the keyboard apis necessary for keylogging the foreground app is pretty low. You could almost block that by default and require per-app authorization.

The password management API should also default to an app only being able to read its own data out without escalation. There's really no reason for App A being able to read credentials for App B.

Thinking about how app identity would actually be established, I think the on disk filesystem folder path of the running process should be sufficient, assuming that can't be easily spoofed (?)

That would allow updated versions of legitimate software to retrieve credentials stored with the previous version, but still prevent random drive-by processes from doing anything with them.

And that goes back to my complaint that OSes don't do compartmentalization well yet.

4 days ago
top

Limiting the Teaching of the Scientific Process In Ohio

vux984 Re:This is good! (522 comments)

holy sh!t did it frustrate the hell out of the younger one because once he had figured out a method that was intuitive to him, all the other methods were just, in his opinion, superfluous wastes of time.

To a point they -are- a waste of time, once you grasp the underlying point -- the deeper understanding of multiplication... or whatever it is.

However, everyone learns differently, and the shotgun approach at least gives them a shot at hitting your kid with a method that clicks for him.

Now I hear that the "new thought" is that, for some things such as basic single digit multiplication, rote memorization is in fact the most effective method and it leaves time free to work on higher level problems.

Single digit addition and single digit multiplication are pretty much a prerequisite for everything else; not having them on instant recall is a pretty major handicap.

My kids are three to four years behind that timeline because of the unnecessary fluffery that seems to pervade North American education.

Not sure what to say, my kids are on that same timeline, but have been subjected to a lot of the fluffery too... my daughter's moving into grade seven, and she was doing common factors, least common multiples and so forth in grade 6. She spent a lot less time doing long division than I did though... and that's fair in my opinion... long division is a 'process' that's been largely replaced by calculators. And the process of long division itself is an iterative convergence process sort of like newtons method... kids were taught to perform it by rote in gradeschool because it was the only way to do division, but understanding how it works is fairly advanced, and its just not as important as it used to be. My daughter can do it, but she spent WAY less time practicing it than I did.

4 days ago
top

Limiting the Teaching of the Scientific Process In Ohio

vux984 Re:This is good! (522 comments)

Don't care. Use an eftpos card. Who carries cash?/em>

Because your bank account has unlimited funds? Because buying fastfood combos is the only thing you could imagine needing to do some quick math for ever? How many fish sticks to buy for a party of 8 if you want to have 3 each, and they come in packages of 6... or is that calculator math for you?

And why don't they put the tax up on the price list anyway? As an occasional visitor to the US, I hate that.

Yeah, its pretty annoying. There are no real good reasons for it. Advertising is one aspect, as the US is a large market, but taxation jurisdictions are extremely local... but that's not insurmountable; its just an excuse.

5 days ago
top

Chromium 37 Launches With Major Security Fixes, 64-bit Windows Support

vux984 Re:Why not a master password for the PW manager? (113 comments)

that malware could just as easily watch the password you type into a password manager

That is actually far from "just as easily".

1) Hooking into the keyboard is much easier to detect from an antivirus-suspicious activity point of view.

2) It also requires that the malware be running WHILE I load unlock my password manager and enter the master password.

I personally run password safe, with multiple safes, with different category passwords because I distrust the native browser password storage.

Sure the low value websites safe is opened daily. But the one with my utilities and daily banking? Often goes a week or two at a time without being unlocked. The one for even higher value targets - my tax accounts, my domain registrar, certain investment accounts, often goes several weeks at a time between accesses.

That gives me in practice, a fairly large window to detect and remove malware before I'm hopelessly and completely compromised.

Compare that to your alternative, where the malware, can harvest all the passwords I've saved literally within milliseconds of its first run.

There is no comparison. I'll gamble with a keylogger over risking a malicious user process just being able to read my saved passwords every time.

5 days ago
top

Limiting the Teaching of the Scientific Process In Ohio

vux984 Re:This is good! (522 comments)

No, they're not. They might think they understand, but they likely don't. Schools encourage rote memorization.

That was not convincing. I gave several examples of the actual processes my kids went through over the last couple years, based on the actual homework they received in grade 3 / 4 / 5 / 6.

Rote memorization was a minor part of the process.

If you need to memorize a table to do that, then maybe you're just slow. I can think about it and calculate it almost instantly, without even memorizing results from a table.

How does one instantly "calculate" 2x8 without merely memorizing the answer? Simplifying it to 8+8 is merely memorizing a different answer. At some point, unless you are counting on your fingers you are recalling the answer.

What if the combos were 6.99 and you wanted 7 of them? I do that instantly by recalling 7x7 = 49. I don't "calculate" anything. It's just there.

Of course they're not.

So what was your point about mathematicians then?

Keep saying that, while I continue not using them and getting along fine.

Why wouldn't you get along fine? I know lots of people who can't add fractions to save their life, who don't remember even the most basic geometry or trig, and who can't do even the simplest algebra. They all get along fine too.

Clearly "getting along fine" without something doesn't mean it's not worth knowing.

As for you, I'm genuinely curious... how would you "calculate" 7x7 ?

5 days ago
top

Limiting the Teaching of the Scientific Process In Ohio

vux984 Re:This is good! (522 comments)

But they're never taught how and why it works.

Yes, they are. They're taught so many different ways its not even funny.

4x5 - they draw it as a grid, put it together with blocks, then again with piles of beads, do it as a sum 5+5+5+5, compare it to 3x5 and 5x5 (numerically, , compare it to 4x4 and 4x6 to show how it fits, express it as a position in sequence counting by fours, and again as fives...

They are very well taught not only that 4x5 is 20, but to UNDERSTAND what 4x5 really means.

When they get to bigger numbers, 45x5 they get into numeric composition (45 = 40 + 5), factorization, and they express it both numerically and pictorially...

I'm only disappointed they don't talk about it formally, in terms of the commutative property and associative property, and identity property... but they go over those properties at length without naming them.

But I was generally quite impressed with the amount of time they put into understanding arithmetic.

Math is a form of art; it's not about speed.

If your in line at a fast food restaurant, you need to be able to estimate if the $20 in your pocket will cover the order you plan on making or not. Combo is $7.99 round to $8, I need two of them...$16 tax is 7%.. round to $10... $1.60 tax... $17.60 total; ok I'm good.

Plenty of mathematicians are rather slow at performing trivial calculations, but they are far beyond the fools our public schools pump out

Basic arithmetic and advanced mathematics are no more the same subject than basic arithmetic and organic chemistry.

Instead of tables, why not use one's understanding of multiplication and such to observe simple patterns and tricks that will work in general, rather than be confined to some idiotic table of calculations?

They get taught those too. If my daughter can't remember 7x9 she was taught a repertoire of tricks to help. She knows the digits add up to 9, she knows that counting by 9s is as easy as plus 10 minus 1.. So if she spaces on 7x9 she can go 6x9 = 54 + 10 = 64 - 1 = 63. And 6+3=9 so 63 is divisble by 9 so I'm sure I'm right...

Being able to instant recall the multiplication tables is a useful capability to have, not just for math, but for life in general.

5 days ago
top

Chromium 37 Launches With Major Security Fixes, 64-bit Windows Support

vux984 Re:Why not a master password for the PW manager? (113 comments)

, all it takes is an API call run by that user to decrypt them, no reauthentication necessary (and this is why you lock your PC when you walk away).

I'm far more concerned about malware than coworkers. Does locking my PC stop malware from harvesting the passwords? Does malware only run when you walk away and if you lock your PC that prevents it from running? If only, right? :)

The problem with saving passwords in a the user profile is that ANY non-privileged process running under my account can access them. That is plainly terrible.

5 days ago
top

New Windows Coming In Late September -- But Which One?

vux984 Re:Not worth it (251 comments)

Until MS forces OEMs to sell a clean copy of Windows with zero third-party crapware, I won't even consider it.

So let me get this straight. You'll install linux on bare metal without any complaint, but if you had to do that for another OS it would be reason enough that you won't even consider it.

How is that not hypocrisy?

. I've been a Linux user since 1998, and since then, have seen no compelling reason

Good for you. From programming my harmony remote, to running quickbooks, to watching netflix, to Microsoft Office, to playing many of the games I like there are lots of compelling reasons that keep me running windows on at least some of my computers.

Fact is, when you buy a new Windows PC, it's largely unusable what with all the Kaptalistic crapware and bloat already bringing the system down below peak performance.

Fact is, that's not even true. There's plenty of decent OEMs and venders out there. Plus whitebox system builders. Plus the fact that if your reinstalling the OS anyway, you can do the exact custom windows install you want just about as easily as any Linux distro.

This is a black eye for the Windows brand.

Android phones ship with all kinds of shit pre-installed by OEMs too. Even the google nexus -- given that I even consider stuff like "Hangouts" and the "gmail app" to be unwanted bloat.

about a week ago
top

California DMV Told Google Cars Still Need Steering Wheels

vux984 Re:Backward-thinking by the DMV (505 comments)

Any car that allows the driver to take "immediate physical control" makes the roads unsafer for all.

Yeah, it does sound pretty risky to take control of a car mid maneuver, at speed.

However, a control transition while stopped is reasonable, and there are lots of reasons that a car should support a driver.

Navigating around a major traffic incident. (Lets say hypothetically you are on a divided highway approaching a double bridge and one of the bridges becomes unpassable. What happens?

Police for example may divide the remaining bridge into two directions, and divert traffic onto it. Cars will need to turn around, go back up the highway they way they came (against its usual direction), probably use a restricted emergency vehicle access to cross over to the other side of the highway, and then be directed to drive in what would normally be an oncoming lane of the other route accross the bridge, before being diverted back to the usual side of the highway via another restricted access road... its going to be a long while before a driverless car is ready for THAT.

Other uses for manual controls -- off road event parking in ad hoc overflow lots, moving the vehicle after an accident that has damaged the sensors etc but it's still otherwise drivable.

  I'd love to see a google driverless car handle downtown Calcutta... where even if every car was driverless and "wirelessly communicating with eachother" there'd still be throngs of people, bicycles, livestock, and the only thing the other cars around it would report is "yup, its a huge mess here too".

Or even a major american city when half of downtown is shut down for an event and there are hordes of people on the streets... and police are directing traffic.

about a week ago
top

Whole Organ Grown In Animal For First Time

vux984 Re:Prior art (77 comments)

I have been growing whole, working organs in my own body since at least 1984.

pfft... one set for personal use? Nearly all of us can do that. Even my cat managed it. Call me when you can grow something on demand. :)

about a week ago
top

Among Gamers, Adult Women Vastly Outnumber Teenage Boys

vux984 Re:Sigh (276 comments)

A "gamer" is someone who plays games.

That's why pro-football players, the elderly Chinese men in a remote village playing Go, the seniors at the community center playing bingo, and the participants in the office hockey pool are all "gamers" too, right? They play games.

No, of course not. The vernacular use of the word "Gamers" doesn't include them.

And neither does it include grandmothers playing Candy Crush, no matter how many of them there are. That's a new thing. Its a big thing, but they aren't gamers.

But "gamer" means nothing.

Of course it means something. We use the word all the time and generally understand each other. A 'gamer' is someone who plays at least a subset of video games that meet certain complexity or difficulty thresholds, and considers them an important part of their identity.

You'd be included as a gamer even if you only play platformers. You can also be a gamer who only plays FPS. Or RTS, or MMOs or racers or roguelikes.

But it doesn't normally include people who only play casual mobile games, even if they play them a LOT. Nor if you only play chess, not even if its chess on a computer. And soccer? Maybe if its FIFA 2014, but not if your on a field somewhere with an actual ball.

As for your Mom... maybe. She plays a 'recognized' class of games to be gamer, and she's finished them... so if she considers it an important part of her identity etc then sure, she's a gamer.

My mom, though? With her Candy Crush on her ipad. No. She's not.

That's not what people actually mean when they say gamer, just as they don't mean people who are obsessed with golf.

 

about a week ago
top

Researchers Hack Gmail With 92 Percent Success Rate

vux984 Re:tl;dr (87 comments)

Although I agree with you in general, the thing is that you need to think of what the effects of a false positive are. Imagine starting up your game of solitaire and then seeing a Gmail-like login window.

I'm not an android dev.. but on platforms I do write for, any app can determine the name of the foreground process/task.

So the worst that happens, is an oddly timed credentials box for the app you WERE using. That's going to set off far fewer alarm bells than you would think.

about two weeks ago
top

Researchers Hack Gmail With 92 Percent Success Rate

vux984 Re:Blast from the past (87 comments)

Hence my point:

"b) to remove untrusted apps ability to pre-empt the screen"

Its silly that this is possible, and hopefully we see patches real soon.

about two weeks ago
top

Researchers Hack Gmail With 92 Percent Success Rate

vux984 Re:tl;dr (87 comments)

Everybody knows that 'carefully designed timing' and generalisable match very poorly.

Agreed -- however, a visible glitch or hiccup would that really set the majority of android users on guard? I'm skeptical.

Honestly, the entire timing element is almost superfluous; for a large number of users simply throwing up a fishing screen while they are IN another app would garner high success rates.

Launch gmail app... Popup "connection to server failed", "please enter username password". It would be horrifying to see how high a success percentage that gets you."

This attack is impressive in that it generates 98% success rate at detecting and invisibly injecting its phishing screen 'just so'. But honestly -- they'd probably snatch a shocking high portion of credentials simply timing the popup to coincide with 1-2 seconds after a given app starts for a large number of apps.

Granted the sophistication of a finely tuned and well crafted attack would mean even I'd fall for it without being any wiser, and it enables them to go after some more complicated apps, in more complicate scenarios. And yes, a finely tuned profile using knowledge about the particular model of phone, and particular application set etc are required for to pull it off.

But the reality remains that the low hanging fruit (dumb users + easily predictable apps) is going to be very easily harvested.

about two weeks ago
top

Researchers Hack Gmail With 92 Percent Success Rate

vux984 Re:Blast from the past (87 comments)

Memory allocation is still controlled by the OS. (At least insofar as apps request memory from the OS, and release it back to the OS).

Normally, an app would have no need to know what another app was doing with memory. However, the instrumentation for another app to track the memory usage of another app exists and is not restricted to elevated / trusted apps.

Clearly it should be.

I can't honestly imagine what a regular app would need this for anyway. Its very much a 'task manager' or 'debugging tool' class of information - and only developers and system level apps need this information.

That along with the fact that apps should not be able to pre-empt eachother and go into the foreground on their own. (iOS apps for example, apparently can't pre-empt; unless they have exceptional permissions (e.g. sideloaded by developers or enterprises or if the device is rooted/jailbroken) so on ios even if the app can determine the app activity, it won't be able to prempt it with its phishing screen.

about two weeks ago
top

Researchers Hack Gmail With 92 Percent Success Rate

vux984 Re:tl;dr (87 comments)

An immediate work-around would be to randomly place the log-in screen within a pre-determined area such that the hostile app would be unable to immediately overlap it. The double image will tell the user something is wrong.

The double image will tell the user something is wrong.

How is that a work around?

Its a phone. The login 'window' is going into a 3" to 5" space and is full screen in nearly every implementation. The 'popup' that the hostile app preempts simply covers the whole screen.
All in all not a particularly powerful attack vector.

Quite the opposite. Its a very powerful attack vector; and given the surprisingly good ability to time the pre-emption a very dangerous one.

about two weeks ago

Submissions

top

Evidence for another Sony Rootkit

vux984 vux984 writes  |  about 2 years ago

vux984 (928602) writes "There's some preliminary evidence that SOE is heading face first into what may be another rootkit scandal. A poster named Bug started this thread here: (I expect it to disappear if the story gains traction.)

http://forums.station.sony.com/eq2/posts/list.m?&topic_id=520848
and posted his findings to a torrent:
http://thepiratebay.se/torrent/7522392/NEW_2012_Sony_Rootkit_Exploit

My read is frankly that "Bug" is overreacting to a lot of the details, and assigning a lot of malicious intent where I'm highly skeptical any exists.

Nonetheless: They do in fact install a browser add-on without any sort of proper disclosure in all major browsers. They do in fact silently add zones to your Internet 'trusted zones' lists. And they are in fact uploading scads of crash data (multiple GB) without user permission or review and its evident that the crash data can contain information the user would not wish to transmit to Sony.

Additionally, the combined effect of the add-on and white listed zones potentially exposes users to remote execution attacks; similiar to the way Sony's XCP could be exploited by 3rd parties. Again there is some circumstantial evidence at least that it is already being exploited in the wild.

There was an uproar here when Microsoft quietly added its .NET Framework Assistant add-on to Firefox , this seems to go way beyond that, and its the first time I think I've seen zones silently added to the trusted zone. I think Sony's crossed a line... again.

In any case, anyone here who plays any SOE titles should at least be aware what Sony is doing and decide for themselves what they think of it."

Link to Original Source

Journals

vux984 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>