Simply false. DNSChanger can infect Windows, MacOS, and many consumer-grade routers that provide DNS or DHCP.

What's special about MacOS infections is that the user has to be an ignorant pollyanna to get infected. If I were you, I'd check my DNS config.

Yes, and its universal availability is a result of the low bar it presents to amateurs. Anyone selling very cheap hosting has to sell a lot of it to a lot of people who aren't going to be interested in anything hard.

Why contribute to a project that has such a solid record of recklessly incompetent leadership? Why work to prop up an ecosystem that has developed into a vast toxic swamp?

The advantages of PHP have always been reducible to the fact that it is relatively easy for non-programmers to understand. It's accessible for people who don't have a mindset for or interest in computer science. That's not inherently a bad thing, but it is risky. As with VB before it, it is true that any crazy idiot can code in PHP, so many of them do. The choices made over the years by many in the PHP community (led from the top) to keep it an easy, accessible, and forgiving platform in order to grow rather than improve the community have had predictable results. The debacle of the recent release bungles and the ongoing failure to either obviate Suhosin for 5.4.x or make it work is demonstrative evidence that the guiding spirit of the PHP universe is still one of reckless incompetence.

My Japanese is worthless, but I'm not a large multi-national industrial conglomerate with operations in Japan worth millions of dollars per year that would justify my time and/or money to actually learn Japanese or hire someone who can write a press release in Japanese fluently. If I had a need to issue press releases in Japanese, I'd at least have a native speaker read them to make sure my machine translator hadn't messed up.

It is a bad sign that the IEEE paper linked from the Wikipedia page (http://grouper.ieee.org/groups/1363/IBC/material/P1363.3-D1-200805.pdf) didn't even get enough care from its authors to catch a serious typo in the title.

Frankly, that's paranoid. I stopped trying to understand the deep math of leading-edge crypto some years ago as my brain calcified, but I understand enough of it to know that there's no need for intentional sabotage to explain vulnerabilities to innovative attack.

My question is how *THIS* mechanism has survived as long as it has. I haven't looked at the math in depth, but the broad descriptions I've found make me expect that there must be far-better-than-brute-force attacks on it. This crack isn't the first one to prove that to be the case, if I'm reading the Fujitsu PR right. I'm hoping for a deeper explanation of why pairing-based cryptography is so attractive that what seems like past evidence of diminishing returns from increased nominal complexity didn't kill it off before now.

Got a reference for that? The Fujitsu PR seems to say otherwise but it suffers from being a weak translation. (which raises the question: WTF is wrong with Fujitsu that they don't have anyone capable of well-written English???)

The real story is going to be how something with (apparently) severe weaknesses became anyone's pet new crypto standard.

A lot of Windows malware is transmitted via email, because there's a long history of Windows mail clients (most importantly Microsoft's crapware) being directly vulnerable and/or facilitating deceptive mail.

I have a lot of Windows malware on my Macs because I have email addresses that have been used openly and actively for 20 years and so have made it onto all sorts of indiscriminate spamming lists that are used for malware distribution. Because mail abuse is a professional focus of mine, the archives of malware-bearing spam I have accumulated is a resource, not an infection. I'm not sure why anyone else would retain all of their junk forever, but many people do so. It is a rare hour when I can't identify a log entry from my mail server rejecting mail that is almost certain to be bearing malware, and a rare week when I don't have at least one spam slip through carrying some form of malware.

If you dig down past the click-bait page referenced in the /. submission, the original source of this story is a blog post by Graham Cluley at Sophos: http://nakedsecurity.sophos.com/2012/04/24/mac-malware-study/ and it includes a breakdown of the strains of Windows malware seen on Macs. The top 2 I recognize as mail-borne and some of the other named ones are likely to end up the browser cache of any carelessly wandering user. It is an act of irresponsible fearmongering by Cluley to say (as he does) in an unqualified way that these "can still be spread to others" and compare the 20% infection rate to the 20% rate of Chlamydia infection in young men in the UK. Those in men are infective, a Mac with a Windows trojan in its browser cache or junk mailbox is not.

1. It is a physical relative to steganography, which is itself a form of security through obscurity. It isn't gold bars hidden under the couch. I promise. Many of the things in my home that I might consider putting in a safe if I had one are in the class of things one would need to know about a priori to make any real start at finding them. Others are such that most people could stare right at them and not understand them to be worth stealing.

2. Most forms of security that do not involve credible threats of violence are ultimately "security through obscurity."

But legitimate questions remain as to whether they will ever truly replace their leathery counterparts.

Legitimate questions would be much less like "Is water wet?" or "Does the Mayan calendar not actually predict the obliteration of the Earth in 2012?" or "Will Apple and Google and a few million /.ers running Kubuntu drive Microsoft into irrelevance and bankruptcy by 2015?"

The physical wallet is not going away. As long as there are legal purchases for which many people would prefer to have plausible deniability, there will be cash. Until the final merger that yields AppFedGoocrosoft, L. L. C., Our Beloved Planetary Government, (with 51% of voting shares held by Goldman-CitiSachs of America, and the financial equity held mostly by the Bain/Koch Group and the LDS Church Inc.) those of us not standing in line to be rendered into spare parts and raw biodiesel input will need some way to hold a half-dozen competing trackable-money tokens, a dozen merchant "savings club" cards, blank bits of thermal paper that used to be receipts we thought we should keep, and enough paper money for a Big Mac, a USA Today, a pack of smokes, and an hour of high-res porn on the medium du jour.

My safe is even safer. It's a physical relative to steganography known as "somewhere in all this clutter."

Mobile wallets are all the rage

I'm 47 and have never owned a non-mobile wallet. Not sure what the point would be.

You could have answered that with a simple act of RTFA. In short: no. They had no access to their subjects' mental health records.

I put up my screed on the weakness of the study (after seeing it covered by the Grauniad) at http://tmblr.co/ZaUL7yHBNSh0 before I saw it here, and the short version of my unassailable opinion is that it is a deeply flawed study whose data is just good enough to make a strong case for further study, undermined by the authors drawing unsupportable conclusions and pointlessly denigrating prior work and practical experience.

And yes, hypnotics are often taken by people for whom insomnia is a secondary condition grounded in deeper problems. That doesn't mean the hypnotics are not very useful in enabling them to address the deeper problems. Speaking from personal experience, a dozen doses of Ambien taken over the space of about 2 months during the breakup of my first marriage were critical to saving my job, my ability to eventually pull out of a deep depression, and possibly as many as 4 lives. When life is slicing deep enough that you cannot sleep for days on end, the lack of sleep itself gnaws on the stripped bones of sanity.

The main recommended use of hypnotics is for short periods in cases where insomnia itself is causing additional problems and more comprehensive treatments for underlying primary causes are too slow and/or are impeded by the effects of insomnia. Real primary insomnia that can be managed with hypnotics is pretty rare. A valid conclusion from the study is that people in that one HMO in rural PA who are being prescribed hypnotics are not getting adequate overall care, and that the inadequacy correlates with the amount of hypnotics that they are being prescribed. The authors claim (and I tend to believe them) that there is a growing consensus that CBT is a better treatment for chronic insomnia, but CBT is not something a doctor can write a scrip for and have the patient sleeping soundly that night for a few bucks. It can also uncover and address underlying issues like depression, OCD, and other cases where insomnia is really just a symptom of a more complex primary mental disorder. Of course, if you are a researcher specializing in retrospective studies of this sort who has been given access to a very large data set of patient records by an HMO, you don't have a strong incentive to write a conclusion that this HMO is controlling costs by encouraging doctors to prescribe cheap drugs instead of referring patients to expensive months-long rounds of a talk therapy, even when the best type seems to be the relatively efficient CBT.