they are illegal in most of Europe, which is why this company went through the trouble to make "Cop Detectors".

No, they can't and won't ban these, since they are passive receivers and they detect *any* emergency person carrying a radio. I do suspect that the mobile speed trap teams will switch off their 2-way when working and use their cell phones for connecting with home base. Radar detectors only have a single purpose and because of that purpose they get to ban them for "hindring police investigation". You can come up with semi-legit reasons for having a device that will detect if someone with an emergency service radio, but you can't come up with a single one that will detect speed trap radar signals.

Speed traps with their radios switched off, will only leave unmarked civilian police cars with cameras on board and special "ProVida" brand equipment that are used to film evidence of people speeding by driving behind them that can be detected. Those can't be detected with radar detectors and will be detectable by this system. Still, the amount of speeding people that get caught will be so large with these systems for sale, that I doubt they ar worried much.e

This system has been in "testing phase" for quite a while, I remember reading about beta tests probably over a year ago, so it's hardly news. If they'd be worried, there would have been something happening already.

It's up to the OEM and MicroSoft to risk bundling the OS with the machine. It's up to the OEM to add crapware that they actually get paid for to install on the machine. If a consumer wants the machine without the software, they should get the retail price of the software discounted off the price of the bundle.

Who pays for the price difference between the money the consumer gets back their money is between the OEM and MicroSoft. Maybe this will teach both to price stuff reasonably since the consumer now will be able to make a more informed and concious desision on actually paying for the OS, or getting a cheap(er) or free alternative.

Sure, you'll see more people pirating Windows. But right now, many companies have to pay twice for a windows license. Once when they buy the machine and once when they install the enterprise version they have a volume license for. That's just as much theft in my book. Upgraded your main board? Pay again for the windows license. You can't have your cake and eat it too. If you sell software, it's not fair to force people to buy it even if they don't use it, just because otherwise someone might pirate your alternative if the computer is sold without an OS. You want to sell, you take the risk.

Disclosure: I work as a penetration tester In my line of work, we often go for passwords, encrypted or not. Especially on office networks, we go for the LANMAN (yes, we do get to see those on a regular basis still) or NTLM password hashes. Even NTLMv2 are useful to us, although cracking those requires more time.

The reason that LANMAN and NTLM are so useful to us, is that we can just use the hashes to authenticate against remote servers. That's right, knowing the password isn't required, just having the hash is enough for the remote server to authorize us as the person that the hash belongs to. This is "fixed" in NTLMv2 and if you properly implement Kerberos for your AD authentication. However, since legacy systems are abundant, in practically every office network we encounter, the older systems are still in place because of "backwards compatibility requirements".

No amount of password complexity helps against the above problem. Several commercial 2-factor vendors solutions aren't even a solution. Why? Because they replace the password prompt for a prompt for a token generated by their device and once that reply is satisfactory, they simply send the hash themselves. Their solution replaces the password, but not the real weakness, the hash itself.

This may not be a significant problem on the internet, but once an attacker has gained access to your corporate network, this problem usually means doom for anything password protected. This sort of thing happens on a larger scale than most internet users realize. Advanced Persistent Threats (APTs) aren't named that for no reason and they are just a few of the many organizations and individuals attacking companies these days.

Because biometrics can often be cloned, copied or otherwise be "fooled" when used for authentication. Finger print scanners are worthless since so many attacks exist to current finger print readers when someone copies your print. You can't get new finger prints once someone made a copy of yours, so as an authntication method they are worthless.

Some other authentication methods using biometrics exist, but they are generally too expensive to implement in most cases. They may not be "affordably" circumvented yet, but I have no doubt that once it's worth it to put time and effort in it, people will find ways to fool those systems too. I'd hate to have to get new eyeballs because someone copied a scan of mine onto a synthetic ball.....

Apart from this, remote authentication using biometrics replaces the biometrics with some sort of device sending some sort of signal to the remote location with either a signature of the biometric information, or just a version of "I've check this person out and they're okay". You once again transfer the problem from biometrics to some form of digital communication which obviously is just as weak to hack as the technology you are trying to augment for being weak.

You just created one tiny extra step for people stealing the database. If a system is so flawed that an attacker can get your database, they will most likely only take a few extra minutes to get their paws on your salt.

Granted, they need to write their own module for oclhashcat to get this cracked at a decent speed, but once that's done, your proposal isn't functional.

You must have encountered one of the few systems where people actually pay attention to such "details". There are plenty of locations where you can brute all you want and where the entire DB of passwords or hashes is relatively easy to obtain for a hacker. Since people re-use passwords a lot, that's often enough to get into the few locations where brute-forcing is made more difficult.

This is clearly a crime, thought out well in advance by a group of people. Membership of a criminal organization afaik is a felony. Are the owners and management of this company prosecuted for this?

His implementation only uses non-secret memory and should therefor be safe from these patents. The patents described here rely on the contents of the memory of the contraptions to be "secret" to make the process "secure".

You could even say that the original implementation by INSIDE secure doesn't follow the patent since obviously, the memory content isn't that "secret" anymore.

So maybe they also worked 10-20 hours a week longer than the control group? Maybe they ate different things? Maybe they lived in a more urban environment?

There have been so many of this sort of researches carried out that came to the wrong conclusion that while this is worrying, I doubt that there's actually any scientific value in this at all.

There are plenty of people that are on a static IP that is tied to the box in the end of the street or a few streets further away. Not only that, but depending on what other characteristics they may find on your usage of the line/IP, they can still tie it to you without reasonable doubt if they have estmated location. Even "some doubt" may be enough for an employer to finger out you are behind something and things could cost you your job.

They will run in a VM that is hosted on a hypervisor in windows 10. 16 bit apps have been treated "special" since I believe windows 2000, where they got their own process and if you had to kill one 16 bit application, they all went with that. I'm no windows expert, but I believe that since either Windows Vista or possibly Windows 7 they got hypervisored and there was no longer a separate process but an actual VM running for them.

YouTube was purchased, Google's own initiative Google Books is has been using this exact method. Even though YouTube is now mostly annnoying it's users and mostly paying people for ads served, not for content, before Google bought it it was doing the same thing.

236 dollars buys you what? A boatload of cocain? One MDMA pill? That's no way to get any relevant information out of research.

So now we have to turn off our phones too if we don't want companies to follow us in their stores? We solved this for WiFi (random MAC addresses), I do hope they will solve it for LTE before it's implemented.

First of all, it's Bourne shellcode and bash has extensions to it. Second of all, whether the programming language is bad or not is totally not relevant. It's the parser in the shell itself that has some fundamental flaws because it executes code inside environment variables that are totally unchecked. You could have a brilliant programming language and still make the exact same mistake.

While you may say that is "by design" it is not common for Bourne shell to do so and most of shell scripts are written to be Bourne shell compatible. By choosing to allow this to happen, Bash programmers made a giant hole in shell security.