Hello,

Dell didn't pay anything for it, as far as I can tell.

This is a post by MojoKid, who operates the HotHardware.Com site. I'm guessing he submitted the article to Slashdot in order to get some ad revenue from people visiting his site as a result.

I'm guessing that blocking

googletagservices.com
googleusercontent.com
tru.am

before visiting his site will make that a little more difficult.

I do not know if he is a Slashdot or a Dice Holdings, Inc., employee, but it would be nice if there was some sort of transparency statement, if that's the case.

Regards,

Aryeh Goretsky

Hello,

While I suspect the original reason for secrecy surrounding the No Fly List was to protect government sources and methods, my suspicion is that these days there simply is no criteria at all. Information is simply added from a variety of sources with varying degrees of quality (from high-quality covert intelligence feeds to TSA agents who simply think a person "looks like" a terrorist) and that by keeping information about the lack of controls on what goes in secret, the government uses the list as a deterrent factor to would-be terrorists.

A secondary function would be to reassure the public that air-travel is still safe, but like the much-criticized and ineffectual TSA screeners, it serves as "security theater" and not a bona-fide barrier to terroristic activity.

Regards,

Aryeh Goretsky

Hello,

I am really unsure of what confusion there is.

Windows 'Threshold' appears to be the codename for 'Windows 9.'

About the only thing those speculative articles seem good for is generating page views for advertisements.

Regards,

Aryeh Goretsky

Hello,

I know that Slashdot loves to bash Microsoft, but calling it's monthly patching cycle "Black Tuesday" is pushing it. Black Tuesday was the name for the stock market crash that preceded the Great Depression, and for all the negativism about Microsoft, I have yet to hear of someone committing suicide over a Microsoft patch.

Frankly, using Woody "I'm a Windows victim" Leonhard as a source of information about Microsoft patches isn't a good idea, at least until he stops grinding whatever axe it is he has against Microsoft. Go read Microsoft's Security TechCenter if you want to know the patches are for, or at least blogs like ComputerWorld o ZDNet's r>Ed Bott, both of whom are more likely to put facts ahead of opinions. Even Paul Thurrott provides some good coverage, although I think he often is the opposite of Woody Leonhard, e.g.doesn't critical enough coverage.
Regards,

Aryeh Goretsky

Hello,

Most people would likely get thrown off the stage at DEF CON for using it to promote their business in such a fashion. Instead, Mr. McAfee gets applause and people lining up to take photos with him.

Aside from that, the whole concept of simultaneously railing against the erosion of privacy while creating a web site that encourages people to share private information (without much information about how it will be safely secured) that is possibly libelous and may even be criminal at times is, well, going to be interesting. Especially with a FAQ which states things like " Yes, any entity can respond to a complaint. However, if the entity is not a subscriber, the response will not be featured in the official response section." and " It must not be possible for information on the site to be altered for any purpose."

It is going to be very interesting to see how this latest business venture of Mr. McAfee's turns out.

Regards,

Aryeh Goretsky

Hello,

It might help. You could probably start by contacting the reporter who wrote the article, or the hospitals at which the surgeries were performed to ask for more information.

Regards,

Aryeh Goretsky

Hello,

The question going through my mind, is what does this mean for Lenovo? Lenovo acquired IBM's Personal Computing Division in 2004, and announced at the beginning of 2014 that they had reached an agreement to acquire IBM's x86 server business.

The fact that IBM chose not to partner with Lenovo for developing all these apps and services for Lenovo's Windows and Android tablets and smartphones is downright bizarre.

Regards,

Aryeh Goretsky

Hello,

Completely unsurprising. Comcast billed me for imaginary hardware, twice.

I set up cable Internet service with Comcast at a vacation home with no TVs in it about two years ago, just to be able to surf the web, etc., while there. Sometime around December, 2013, Comcast apparently decided that we needed TV service and shipped a set top box to the address, where it apparently sat, covered with a light dusting of snow for months (it's a vacation home). And, of course, they billed us for TV service and a rental fee for the box for months. I got that straightened out, and a credit issued.

A couple of weeks ago, I looked at my bill from them, and, lo and behold, they have been charging me an $8.00/month modem rental fee. I bought my cable modem from Fry's for less than the $96/year that would have ended up costing me.

As far as I can tell, when they removed my non-existent TV service and took back their set top box for the imaginary TVs, they stuck on a modem lease fee.

I have finally gotten that straightened out, and, no doubt, will have some new billing failure from them in a few months for hardware or services I did not request, own or otherwise purchase from them.

Regards,

Aryeh Goretsky

Hello,

Software vendors are not charged for submitting to the CMX, and the Taggant System is free for packer authors, as well.

It is the developers of anti-malware software who are paying for access to the CMX and Taggant System metadata, since they get the most value out of using that information. They are essentially underwriting the costs for everyone else in order to help provide a mechanism that helps clean up the ecosystem.

While there are probably some anti-malware software developers for whom this would be a big investment, there are probably a lot for whom it is not, and since this is being done under the auspices of the IEEE, I wouldn't be surprised if there wasn't some provision for academia, too.

Regards,

Aryeh Goretsky

Hello,

Oops. Thanks for catching this!

Regards,

Aryeh Goretsky

Hello,

I believe the idea is to allow legitimate developers of packers, cryptors, etc. a means of identifying their software. I would not expect those folks on the malware side of things to take any action as a result of this activity under the IEEE's auspices as it does not apply to them.

Regards,

Aryeh Goretsky

Hello,

It probably won't help much, if at all, but the number of legitimate applications which are self-modifying is comparatively very rare compared to those which done.

Regards,

Aryeh Goretsky

In reply to "Anonymous Coward" at Wednesday July 02, 2014 @12:34AM:

how will this help against self rewriting applications

Hello,

No problems viewing either PDF file via Sumatra PDF Reader. Perhaps you could try that.

Regards,

Aryeh Goretsky

Hello,

The SHA-256 hash for the file is 8e64c38789c1bae752e7b4d0d58078399feb7cd3339712590cf727dfd90d254d.

According to VirusTotal, at the time the report was released, it was being detected by by the following anti-malware programs:

• Avira AntiVir - Android/FakeInst.ES.4
• Baidu-International - Trojan.Android.FakeInst.bES
• ESET - a variant of Android/Morcut.A
• Kaspersky - HEUR:Trojan-Spy.AndroidOS.Mekir.a
• ThreatTrack VIPRE - Trojan.AndroidOS.Generic.A

Five out of fifty-three program, or a little under 10%. Currently, detection is at 13/53, according to this report.

Regards,

Aryeh Goretsky