Comment Re:Secondary password... (Score 1) 85
Oh, the fools! If only they'd built it. with 6001 hulls! When will they learn?
Oh, the fools! If only they'd built it. with 6001 hulls! When will they learn?
It's not really a MITM attack, it's spoofing credentials. It's copying the credential token from machine X, installing it on machine Y, then telling machine Y to connect to iCloud pretending to be machine X, and then downloading all the ancient backups in hopes they contained undeleted and unprotected juicy information.
In the past people have used "sort-of" MITM attacks* for jailbreaking, specifically to keep your iPhone from "upgrading" itself to the new version of iOS. The jailbreakers had figured out that they could restore from an old version of iOS and jailbreak it, so Apple wanted to stop that. They introduced SHSH blobs that contained your phone's signed version info, and when you wanted to install an old version of iOS from a backup, they would check to make sure you hadn't upgraded to a newer version. So the jailbreakers came up with a program called TinyUmbrella that you would load up with your iPhone's old SHSH blobs, and it would pretend to be the official Apple blob server. You'd modify your hosts file to redirect the Apple server at your local host, run TinyUmbrella, then launch iTunes. When iTunes wanted to restore the user-specified version of iOS, it would request the latest blobs, but TinyUmbrella would deliver them, tricking the phone into staying at its older version of iOS. In more recent versions of iOS Apple required the server to securely exchange the messages so iTunes could no longer be fooled, but this worked through about iOS version 6 or so.
Of course, this is not a MITM attack against iCloud, but rather against their update process. Still, it was a pretty clever hack.
* I say "sort-of" because TinyUmbrella did not intercept the blob exchange itself; it only stood in as a phony Apple server for a SHSH blob you had to extract on your own, using another tool.
I was a member of my high school's student parliament but wouldn't think to report that during a background check and wouldn't consider it any more relevant than what this woman did thirty years ago.
Was your high school's student parliament dedicated to the violent overthrow of the US government? Don't you think that's maybe the kind of student activity you might find rather difficult to forget? Then it's probably not the same thing.
Private research dollars are expected to produce profitable innovations. Bell Labs wasn't run for the good of all humanity, it was run to innovate in the communications space, and it did. They made tremendous amounts of money on the research their lab produced. And the rest of us have continued to benefit from the existence of the transistor. But even though they were wildly successful, where are they now?
Government funded research isn't expected to produce profit, but instead to the betterment of all. Look at any the Big Science projects, such as anything NASA does, or the Human Genome Sequencing project. These projects aren't intended to produce money, they are intended to further our collective understanding.
If private labs are profitable, they are built and run. Google Labs, Microsoft Research, etc., they do a lot of useful stuff and donate much of it. Even the research universities are not contributing as much to the common good as they once did, and are now becoming profit centers for their schools. A tiny example is to look at how much money the University of Minnesota's ag laboratories have made patenting apple hybrids. This is something that once upon a time would have been shared with everyone.
Private money isn't the only answer.
I've always said that when I retire I'm going to go back to school and finish that physics degree.
If it's something you're passionate about, don't wait. I went back as soon as my son left the house, and I found I had more free time. Very satisfying.
I imagine that criminal law has been updated to the same standards as civil law, under FRCP you can no longer bury the opponent with paper, if they make a request for digital records in a digital format then you must supply the records in that format if it is at all reasonable to do so (ie if you ask for PDFs from email that is reasonable, as would be TIFF, but
Or Paris, or London, roundabouts with more than 2 lanes are a nightmare because humans aren't made to handle that many inputs in real time.
Yes, my 2007 Blackberry on T-Mobile transitioned from WiFi to cellular without dropping calls just fine. It's not exactly rocket science.
The entire premise of the article is bull. Are companies ever going to get off this fixation on specific programming languages?
No. Companies (at least the executives running them) look at their code base differently than technologists. They see the cost of maintenance as X$, and if it's written in ten languages, the cost of hiring ten people to do maintenance is 10X. If you say "one person can know ten languages" they assume such people are expensive and very hard to find.
They want a simple way to manage the cost of maintenance. Cutting the number of languages in use accomplishes that goal, in their minds. Therefore, this practice will continue at companies that don't have unlimited IT budgets.
Touch ID is broken and will be until Apple uses a non-crap (expensive) fingerprint reader.
So if you lose or upgrade your phone you have to re-setup all your stored cards? That doesn't sound very Apple like. If not then they're storing it in your device backup and just like the nude pics it's open for hackers to retrieve from the backup image.
They submitted exactly what they use in a god damn congressional hearing
[citation needed]
Preferably a link to the Congressional Record where the additives are listed.
Huh? Cleveland and Detroit are both the definition of rustbelt and urban sprawl, heck Youngstown was ranked 175/221 for worst urban sprawl in the smart growth 2014 report.
and """contiminated""" frac water isn't any more polluted.
Really, you say that with such conviction. Would you drink untreated, or lightly treated fracking water every day for a year? Because AFAIK nobody but the fracking companies knows exactly what they're putting into their mixtures (and often not even then, many wildcaters buy from Halliburton and friends). The companies have fought extremely hard against any attempt to have them disclose what they are using, or at having and independent scientific analysis of the safety of the fracking effluent. One of the few scholarly articles I've found shows significant risks:
The analysis of effluent samples collected prior to the PADEP’s request supports our first hypothesis that concentrations of analytes in effluent were above water quality criteria (Table 1). Ba, Sr, and bromides are of particular public health concern. For the metals strontium and barium, both surpassed the federal MCL for drinking water link
Bullshit. There was a case here locally where a farm that had had fine drinking water for almost 200 years suddenly had flammable water with Benzene levels 5-10x the allowable limit. They have water reports from as little as 2 years before the fracking began because they were contemplating selling the farm (they ended up donating most of the land to the county for a park and taking a 100 year tax abatement on the homestead instead, which is how the land ended up being fracked to begin with, talk about no good deed going unpunished). You can check out the story yourself if you think I'm some fringe lunatic.
How many QA engineers does it take to screw in a lightbulb? 3: 1 to screw it in and 2 to say "I told you so" when it doesn't work.