Comment but but (Score 1) 82
But then how will big companies pay their crypto ransoms?
Are really expecting the hacking groups to start going through KYC to receive payments??
But then how will big companies pay their crypto ransoms?
Are really expecting the hacking groups to start going through KYC to receive payments??
So... China just implemented this, by nationalizing all zero days. Who's next?
---
This is one place I disagree with Snowden. He has good facts, he has good insights, but he is not a qualified expert on multinational game theory and macroeconomics.
The obvious solution is customers should demand Apple to increase its paltry bounties for vulnerabilities (Apple's current bounty is about 4–20 months of one person's Bay Area salary to hack 1 billion devices). If the alternative is some everyone-needs-to-cooperate macroeconomic solution, I'd like to see it compared to this null hypothesis.
I visited a provincial-sized pharmaceutical company in China and doing tea with the CEO and the party representative.
So I asked, wait a minute, so which one of you is the boss. And they would both laugh say each other. This became a joke as we kept going on and drinking over lunch. And we kept bringing it up.
The joke wasn't that one of them was right and I didn't know which. The joke was that the question was wrong--it didn't matter. They both worked for the Party and they want the company to succeed.
I don't listen to Apple's advertising on how good their security is. I only look at how difficult they say their own systems are to break:
https://developer.apple.com/se...
Below this is converted to the price of one median Apple engineer (USD 300k/yr, no benefits) working on an exploit.
iCloud
Unauthorized access to iCloud account data on Apple Servers / 4 months
Device attack via physical access
Lock screen bypass / 4 months
User data extraction / 10 months
Device attack via user-installed app
Unauthorized access to sensitive data** / 4 months
Kernel code execution / 6 months
CPU side channel attack / 10 months
Network attack with user interaction
One-click unauthorized access to sensitive data** / 6 months
One-click kernel code execution / 10 months
Network attack without user interaction
Zero-click radio to kernel with physical proximity / 10 months
Zero-click unauthorized access to sensitive data** / 20 months
Zero-click kernel code execution with persistence and kernel PAC bypass / 40 months
This is a predictable outcome from the US government.
The actual solution to ransomware is simple and does not require participation from government:
1. Wait until you get hacked
2. Get reliable attribution that the hack was caused by the same group that targeted somebody else
3. Confirm that that somebody else paid the ransom (i.e. invested in the company)
4. Sue that somebody else for damages
A successful suit here entirely changes the economics of ransomware, and does not depend on useless attorneys general to do step #4 in criminal courts.
Thank you. Great find. I was starting on this same project and glad to know the outcome, saves a lot of time.
Yup. This is exactly why we have regulations. Hopefully there are some enforcers that can actually come down on these manufacturers/operators.
Here is the source document https://about.fb.com/wp-conten... (A posting from PACER would be authoritative, but this link is probably trustable enough.)
Below is my brief logical analysis. If I was a lawyer you might call this a legal analysis.
Cinderella Career and Finishing Schools, Inc., Stephencorporation, Vincent Melzac, Petitioners, v. Federal Trade Commission, Respondent, 425 F.2d 583 (D.C. Cir. 1968):
In this case, the FTC took an administrative action against Cinderella. And the (former) FTC commissioner was not recused in the decision making process. The former commissioner had said things in the past which put their partiality in question.
Because the (former) FTC commissioner was biased and because the role of the commissioner in an administrative action is to act as an arbiter, this action was fatally flawed.
Facts in current case:
Khan published her own beliefs onThe Accusations against Facebook at a time before she joined the FTC.
This is a lawsuit which the FTC brings against Facebook.
Facebook's argument:
Because of Cinderella, the FTC commissioner should be recused from this case.
Why Facebook is wrong
In Cinderella, (former) FTC Commissioner was in a role that required impartiality (specifically, they were the adjudicator). In FTC v. Facebook, the FTC is not an adjudicator, the judge is the adjudicator. No impartiality is required from the FTC or any of its members. Therefore this is distinguishable and no precedent is binding on this case.
Implementing a private VPN service and bundling it with your digital subscription service is...
NOT AN ABUSE OF MONOPOLY
Tying the Photos app into iCloud, and preventing third parties from doing same, which is the number one reason people by iCloud is...
AN ABUSE OF MONOPOLY
At first, you might think this was a bait and switch
^^ That's one narrative and I would have liked to see reporters be critical of China CCP for effectively taking foreign money on a fraudulent basis.
BUT
Since China CCP is really axing its own private sector, they clearly have skin in the game here and so it offsets the above. And this axing is widespread, not just affecting the one company.
This report includes input from 4 of the 6 relevant stakeholders.
- Workers
- Unions
- The public sector
- A think tank
- Private employers
- Customers of the affected enterprises
This law is directly in the interest of the Russian federal government. And I expect more laws like this will pass in other countries.
In places where this law may be seen in a negative light as "control of media" such as USA, I expect other actions to effectively implement this anyway. Such as how Trump and Biden effectively banned China from operating TikTok in the US.
<small>When something is banned by law, often it just stops. When something is "effectively banned", there is just some huge cost attached to it and it continues--like how Trump, and then further, Biden have prevented US citizen investment or payments with China companies directly in retaliation to ByteDance.</small>
If you want to read the actual source material yourself, and you like paying 10 per page on PACER, look up:
Federal court: District of Colombia
Case: 1:20-cv-03590-JEB
Document: 73: Memorandum & Opinion
Direct link: https://ecf.dcd.uscourts.gov/d...
WARNING: That link costs ~5 USD to click
You will see the amazing and oft-repeated idiot quote from Judge James E. Boasberg: "Rather, [Personal Social Networking] services are free to use, and the exact metes and bounds of what even constitutes a PSN service... are hardly crystal clear."
Once somebody has demonstrated this level of ignorance of how business, economy and value works, you can trick them into believing anything. Ice cream is free because once your mom buys it for you you don't have to pay to eat it. College is free because you don't have to write them a check to attend. Radio is free because you can listen to it.
No. Obviously the FTC is raising this case because of the advertising services that Facebook sells and their approach to preventing eyeballs being sold elsewhere. And of course ads on Facebook do cost money.
Sure the number is a number that is easy for a reporter to copy-paste into a headline. Great, some millions or billions or trillions of dollars.
So. The actual question, how does this bill improve accountability so that recipients of this money will actually do what we are paying them for?
Because news reporting is uncritical, this discussion has been framed by Apple exactly on the basis of what they want and how they want us to feel.
Instead, we should be asking Apple to make commitments and release information that helps shape public policy.
Like:
- Apple says the proposed legislation would open their platform to scammers. Does Apple commit to stop calling any of its products "secure" or "private" if the legislation is passed?
Yes you can have a closed platform that restricts competition, just so long as the company doesn't get worth more than half a trillion dollars (the original cost of the US highway system, the formerly largest infrastructure project on Earth).
God doesn't play dice. -- Albert Einstein