There is a legal obligation to focus on profits.

No, there is a legal obligation to act based on another party's interests, not based solely on another party's financial interests. Shareholders have interests other than money—having clean drinking water for their kids, supporting cultural growth, improving the quality of education, not getting buried in lawsuits from the government when you cross a legal line (though this one arguably is financial, just over the longer term), and so on. That's why you don't see shareholders suing companies for giving money to charities, for example. A purely financial misinterpretation of the word "fiduciary" would make such donations illegal.

IMO, it's 33% of a roughly 3x larger pie.

400 kilobytes? For 30 seconds of video? That's barely a hundred kilobits per second. Are you sure that wasn't a reference movie to content at a different URL? Because that's not likely to be anything approaching what most people would call "full quality" unless the content started out as a postage-stamp-sized cell phone video....

It's not the bloody that's allegedly the perpetrator's, but semen found on the shawl. I'm surprised nobody else replying to you seems to have done their homework either.

It is a government actions, specifically this lawsuit is based on the federal anti-trust laws, which are completely unconstitutional and illegal and detrimental to the economy in every way.

You're joking, right? Antitrust laws are only detrimental to one aspect of the economy: the unregulated ability for a few individuals or corporations to make an obscene amount of money at the expense of everyone else. When a monopoly exists, it gains an incredible amount of power over the free market that is not easy to overcome. At that point, a free market no longer realistically exists without government intervention, because the ability to break into that market becomes hopelessly compromised. To the extent that free markets are generally considered to be the epitome of a good economic system these days, clearly any government intervention required to ensure that such free markets continue to exist is justified, legal, and constitutional.

I'm pretty sure the headline "ISIS attacks ISS" would confuse so many people that the world would never recover.

The solution isn't random info. It's questions you create with personal information that is memorable enough that you're remember in an instance, but only you, or a very small handful of intimate people, would know. Ie, 'Who was that girl you had a really secret crush on in grade 10?"

This is a great example of why security questions are inherently dangerous. Most people—even geeks—have no idea what makes a good security question. Cracking an account secured with this question is almost always very, very easy:

• Determine what high school the person went to.
• Iterate through all the girls who attended that school that year, providing both first-name form and a couple of first-and-last-name forms, beginning with the ones who were in your grade, then moving on to other grades. Include teachers.

Better than 95% of of the time, this will result in a successful compromise of the user's account. And if you branch out from there into organizations that the person was in, churches, etc., you'll rapidly approach 100% coverage. And of course if someone really knew you or your crush back in 10th grade, it probably wasn't nearly as much of a secret as you thought it was, which could mean that it won't take many tries at all.

To be fair, unless you're someone famous or there's a significant financial incentive to do so, it probably wouldn't be worth someone's time to type in the names of all the several hundred girls who attended your school, but once you have that information in electronic form, it would probably take a matter of seconds to crack such a security question in the absence of mechanisms to prevent repeat guessing. And even those mechanisms only slow down the process.

Do you mean Yorkshire Pudding Purple Monkey Dishwasher or her sister, Idaho Potato Purple Monkey Dishwasher?

A cell phone is not a second factor, or at least not a meaningful one. If somebody hacks your phone to install a keylogger, they'll be able to convince any software running on your phone to do their bidding as well. Either you trust the device or you don't. If you do, you don't need a second factor. If you don't, then all bets are off.

For a reasonably strong second factor, you need a device that has basically no network connectivity whatsoever, like a CryptoCard token. And even then, you're potentially at the mercy of man-in-the-middle attacks stealing your credential, using it elsewhere, and temporarily providing bogus credential to the site that's requesting authentication, thus forcing you to generate another new number and concealing the fact that it just hijacked your second factor....

For a truly strong second factor, you need a device that communicates using a dog-simple protocol, does nothing more than verifying the signature on a signed authentication request, displaying the signer's identity on a screen, waiting for the user to approve the transaction, signing the request with its own private key, and sending it back as the response. And even that isn't without its security risks.

I'm unconvinced that an attack based on manipulating the secret questions is not Apple's fault. As others have pointed out, this is useless for celebrities whose lives are relatively public. Birthplace, pet names, mother's maiden name, etc. are the kind of things that are relatively easily collected from fluff interviews. For non-celebrities, such information may only require a personal meeting.

Yes. The mere existence of security questions is a fundamental security hole—doubly so when users are forced to provide answers to those questions. Users have only two choices:

• Answer truthfully, which catastrophically weakens security on their account, because quite frankly, everybody on my Facebook friends list knows the answers to about half of those questions; anything that I'm guaranteed to remember is also something that anyone I know also knows.
• Make up answers, which is now a secret piece of information that is no better than a password, and no more likely to be remembered, but still weakens security by virtue of the fact that there are now five or six of those secret answers that magically unlock the account, rather than just one.

IMO, not only should security questions not be required, they should not even be an option, precisely because most people don't understand enough about security to recognize just how horribly dangerous it is to answer the questions truthfully, leading to unfortunate incidents like these.

As far as I'm concerned, there are only three safe ways to allow a user to regain access to accounts without knowing the password:

1. Callback/email-back to a registered phone number or email address.
2. Presenting proof of death along with proof of executorship.
3. Presenting multiple forms of ID, either in person or with a combination of fax/email and video chat. Ideally, one of these forms of ID should be a photo ID, and the other should be a credit card (the physical card or a photocopy thereof, not just the number). The company should charge a $1 fee, both to discourage people from forgetting their password repeatedly and to ensure that the credit card was not stolen and used to impersonate the account holder. If the password was changed by someone else, the fee could be refunded after it goes through. Then, the company should provide a temporary password to the user, lock the account, and wait for the charge to go through before unlocking it again.

And users should have the option of disabling the first one, precisely because some of those external accounts may require security questions, and thus may be easier to compromise, allowing a springboard attack.

The USPTO isn't funded by campaign contributions, it's funded by patent application fees. Much easier to follow the money than assume ulterior motive being applied in a more roundabout way.

Definitely not true. Backwards, in fact. POP defaults to removing messages from the server and must be explicitly configured to leave the messages on the server. IMAP leaves them on the server by default, and IIRC, most IMAP clients don't even provide the option of removing messages from the server until you delete them.

Dead animals and a cave wall.

That's a pretty scary abuse of power. By Canada. Diverting the plane to Canada was okay, because the U.S. has jurisdiction over what air traffic may enter its airspace. However, the Canadian government had no legitimate legal right to arrest any person so diverted, because as a passenger on an international flight, he did not legally enter Canada, and a landing forced by the inability to reach your destination due to circumstances beyond the pilot's control constitutes an emergency landing, which is subject to various legal protections in all civilized countries.

Unfortunately, I've read that the Canadian government did a lot of that sort of thing for international passengers diverted on 9/11, too. Apparently Canada has little respect for international law regarding air travel—specifically, Articles 5 and 25 of the Chicago Convention (of which Canada was originally a signatory, but later withdrew from).

What the U.S. did was rather bizarre, but legal. What Canada did was unconscionable. Want to ensure that this never happens again? Write your MPs and demand that Canada re-sign the International Air Services Transit Agreement (IASTA).

The criteria themselves should not be secret. The details of what actions meet the criteria might be. Of course, once a person is dead, there's likely no reason to keep that person's details secret. So they should disclose the way that the guy who was fighting against us in Iraq got on the no-fly list. Wait, what? He wasn't on the list? Seriously? Then what the f*** good is it?