Comment Re:Watermarks? (Score 2) 126
I can think of a $12 experiment that would answer that question
I can think of a $12 experiment that would answer that question
That would be because any (competent) backdoor will be encrypted and cryptographically signed with key(s) known only to the TLA. Consider a router -- it passes all packets normally unless it finds one that is properly signed, then it extracts and executes the payload, fully opening up the device to the whims of the TLA. In lieu of someone leaking or determining the key, it would be extremely hard to identify such a backdoor.
... and change all of your passwords today. This is the best way to devalue the 'massive database'. Then sanitize your SQL queries!
Thanks for your insightful contribution that doesn't suck.
> and it may kill some business models that could have brought phones to the poor with no monthly charges
If a potential business model relies on creating a captive market via legislated freedom removal, it's a bad business model, full stop. Cell phone subsidization plans are already protected by contract law. The additional criminalization of unlocking is unnecessary.
Really? The summary describes a software flaw with grave security implications, and you weigh in with some whining about the use of 'actor' and a mediocre quality sentence?
Education time: Some words have multiple meanings. Actor is one of them.
actor
noun: actor; plural noun: actors
1. a person whose profession is acting on the stage, in movies, or on television.
2. a participant in an action or process.
It's bog standard to use the second sense in this context. See http://en.wikipedia.org/wiki/A...
I see it as good news that security software is getting more attention. There was a lot of bug backlog that's finally getting fixed. Each bug a bug is fixed we slowly and steadily eliminate attack vectors. Heartbleed is undoubtedly one of the drivers of this renewed attention, as are the revelations that nation states are actively working to exploit weaknesses. Patching bugs is one of the ways ordinary people can work against mass surveillance.
> Despite the fact that, as in Heartbleed, hyped to the max, very few actual bad things seem to happen.
Not all exploits get noticed. If your old laptop was keylogged, and a year after you got a new laptop you discovered that you were a victim of some sort of identity theft--- would you ever trace it back to the keylogger? If your $device was part of a botnet used for some sort of click fraud, would you notice?
So, you would have preferred a positive sounding statement indicating that they are aware that some users have privacy concerns and a vague reference to ongoing efforts to address these concerns?
I didn't find that response "worst of all time". It came across as lacking in the bullshit department, almost refreshingly so, actually.
... treat it as a regular unencrypted drive and apply proper encryption on top. Next.
Seems like a problem with a simple solution: Cisco needs to publish their build procedure.
Block the element with ad-block.
> The OpenBSD project late last night rushed out a patch
Sensationalist introductory sentence. LibreSSL is is not used in any production environment, there is no "rush" here.
It is an early version released to solicit feedback. Feedback was provided, resulting in a bug fix. This is *exactly* anticipated outcome.
But when the capital cost of the machine is zero, the higher power cost is not to bad.
TPTB can freeze credit cards, bank accounts, etc on a whim, but can't freeze a wallet full of $20s.
"What if" is a trademark of Hewlett Packard, so stop using it in your sentences without permission, or risk being sued.