Forgot your password?
typodupeerror

+ - Experian breach exposed 200 million Americans' personal data over a year ago

Submitted by BUL2294
BUL2294 (1081735) writes "CNN Money is reporting that, prior to the Target breach that exposed information on 110 million customers, and prior to Experian gaining Target's "identity theft protection" business from that breach, Experian was involved a serious breach, to which nobody admits the scope of. Their subsidiary, Court Ventures, unwittingly sold access to a database to a Vietnamese fraudster named Hieu Minh Ngo. This database contained information on some 200 million Americans, including names, addresses, Social Security numbers, birthdays, work history, driver's license numbers, email addresses, and banking information. "Criminals tapped that database 3.1 million times, investigators said. Surprised you haven't heard this? It's because Experian is staying quiet about it. It's been more than a year since Experian was notified of the leak. Yet the company still won't say how many Americans were affected. CNNMoney asked Experian to detail the scope of the breach. The company refused. "As we've said consistently, it is an unfortunate and isolated issue," Experian spokesman Gerry Tschopp said.""

Comment: Re:Pass (Score 1) 75

by BUL2294 (#47522283) Attached to: Verizon's Offer: Let Us Track You, Get Free Stuff
Save money on Verizon or save money on things marketers want you to buy? What's the difference--if you're still saving $$$?

Imagine a brave new world where you walk into a Whole Foods and the "VZWAds" app pops-up a coupon for $0.50 off a $4.99 gallon of "365" brand milk, $0.30 off some couscous, and $1 off the pre-made food bar (minimum $15 purchase) for lunch? You needed milk, have no idea how to cook couscous, and you were getting hungry for lunch--but $15 worth of pre-made food is a lot, even at Whole Foods... After using that coupon, and scarfing down your huge lunch, you get another popup that gives you $0.50 off a Starbucks "mocho-choco-latte-cremo-supremo" venti-sized drink--but, HURRY, only if you buy one within the next 30 minutes at the Starbucks right next to Whole Foods! You've never had that type of drink, but the discounted price makes it worth trying! Then, the cloud concludes that you're probably low on cat food, since you last bought 36 cans a few weeks ago, so the app pops up yet another $0.50 coupon, this time for cat food at PetSmart! And all of these places are in the same strip mall...

Just thing of the possibilities!

Comment: Re:Why does this work (Score 1) 194

by BUL2294 (#47507101) Attached to: A New Form of Online Tracking: Canvas Fingerprinting
I agree--I just don't see how this is the case. Sure, one person's Cleartype settings would be different from another's, so are we saying that the exact subpixel rendering is calculated? The article also mentions fonts installed... So, if I add a font, or a font like Arial Unicode gets updated (e.g. install a new version of MS-Office), my CANVAS fingerprint is now different/broken?

The claim of 90% accuracy for PCs is shockingly, quite high... But if tablets & mobile devices have problems with this and PCs don't, something don't smell right. So, is this trick working on a somehow poor implementation of CANVAS--that somehow creates different images on different PCs--but the same image on the same PC? What about a PC running Firefox vs. the same PC running Firefox in a VM (same OS or different OS)?

Comment: While I welcome any increase in bandwidth... (Score 1, Interesting) 234

by BUL2294 (#47501957) Attached to: Verizon Boosts FiOS Uploads To Match Downloads
Uploading is still a fraction of what downloading is... Most home consumers, even those with IoT devices or heavy P2P users, are still net consumers of online information. (Think Netflix, Windows Updates, VPN, remote desktop, etc.) I see it as a gift I didn't care to receive but one that I wouldn't pass up. So, I have to ask, what's the point?

A more valuable gift would be continue the lack of symmetry, and bump existing download & upload speeds by some percentage. Until Netflix becomes P2P, most people wouldn't see much of a benefit from this... (e.g. Netflix streaming still sucks but my uploads to YouTube are 40% faster!)

Comment: Re:Fantastic! Open sourcing will make pwning easie (Score 1) 136

by BUL2294 (#47373511) Attached to: Microsoft Backs Open Source For the Internet of Things

Closed source doesn't do much to slow down 'sploit writers. Moreover, opening the source code gives nerds a fighting chance to update abandoned devices. Don't believe me? Look at Cyanogenmod.

Really? There's enough encryption, licensing, hardware, etc., that prevents most users from rooting their Android & iOS devices. I have an Android phone and I am a nerd. But I'm still afraid to put Cyanogenmod (or another distro) on my phone for fear that it'd be an expensive one-way trip. Manufacturers have come a long way since the simple hardware that Rockbox could be used on... (Notice how Rockbox hasn't added any devices lately--and that the project is receiving less submissions...)

And just because something has been open sourced & the code has been dumped onto Sourceforge or GitHub doesn't mean someone's actively working on the project. And most manufacturers would not cede control of the code, even for 5-10 year old devices, lest that code be used by a competitor--or worse, by someone filing a lawsuit for a defective product...

Comment: Fantastic! Open sourcing will make pwning easier! (Score 4, Insightful) 136

by BUL2294 (#47372965) Attached to: Microsoft Backs Open Source For the Internet of Things
Everything about the IoT is a bad idea, especially when it comes to security on old devices. Now there's a consortium to open-source some of the code? Even better--for those who want to cause harm.

Right now, most household appliances (refrigerators, stoves, thermostats, home automation, home security, etc.) are devices that are closed off. So, even though my stove may have a security hole, I might not be able to exploit it without using a JTAG. Ultimately, there's no easy way to exploit them unless you have physical access to the internals of the appliance. But the IoT changes that--and not for the better. To add, many of the devices you'd want to connect to the IoT have lifespans of decades. So, unless we get government action saying that "if you want to make an IoT device, you have to provide security support for 20+ years", we'll end up with pwned thermostats that we can't change, the fridge that now sends spam & doesn't have enough available processing power to turn on the compressor, or that my TV now shows popup ads for hookers, offshore pharmacies selling Viagra, and other ads in front of the kids & I can't shut it off. And all the better when the pwned IoT fridge wants to talk to my non-pwned IoT Smart TV. On top of that, it won't help that the Linux kernel (or Apache, PHP, MySQL, drivers, etc.) it's running on is 20 years old & nobody--except malware authors--has looked at that version for over a decade...

What an obvious clusterfuck waiting to happen... I'm just waiting for a group of early Smart TVs to get bricked because some malware does something to them--and the manufacturer says "not our problem--it's old!" Then people might realize what a Pandora's Box this is...

Comment: Generally, no timers at RLC intersections... (Score 1) 579

by BUL2294 (#47367661) Attached to: Unintended Consequences For Traffic Safety Feature
One thing to note (and this is evil), often the red-light camera (RLC) intersections DON'T have the countdown timers.*** In Chicago, the RLC capital of the USA--with over 200 RLC intersections in the city alone, the vast majority don't have pedestrian countdown timers. In this city, revenue generation trumps pedestrian safety...

***As a driver, in my estimation, less than 10% of Chicago's RLC intersections have pedestrian countdown timers. To add, even in non-RLC intersections, the blinking "DON'T WALK" is shorter in the city than in the suburbs (old people won't make it across if they start to cross right before blinking DON'T WALK), except if the intersection has state-owned property abutting the intersection (e.g. a state university like UIC).

Comment: Re:No airgap? (Score 2) 86

by BUL2294 (#47360471) Attached to: Western Energy Companies Under Sabotage Threat
Yes, but now you'd need someone on-site, at the machine in question or on another PC within the airgapped network, to do their evil deeds. Doesn't matter if I know the password of the machine with the "NOC list" (from "Mission Impossible 1"); if the airgapped PC is physically thousands of miles away and/or I can't get into the site with the airgapped network, then what's the point??? I'm willing to bet some of the passwords on PCs within an airgapped network are "password", "12345", blank, "00000", etc.

And if you're really paranoid or anal, keyboards are cheap to replace -- or randomly cycle different brands/models/styles of keyboards between a set of PCs at random intervals...

Comment: Re:And here I'm hoping... (Score 1) 681

which describes every version from Windows 95 until XP 64-bit edition - can run 16-bit apps.

Wrong. Every 32 bit version of Windows, including the 16/32-bit hybrid Win9x versions, and including Windows 8.1 Update 1, can run 16-bit apps. XP 64-bit cannot run 16-bit applications. That being said, there's a LOT of old code out there, still being used by businesses, that's 16-bit, some weird 16/32-bit mix, or pure 32-bit originally intended for Win9x that has problems. These could be mission-critical applications from some company that went out of business 20 years ago, nobody has the source code to anymore, and nobody has come up with an alternative. For these people, Dosbox isn't an option as it would require 1) a license Windows 3.1x or Win9x; 2) Dosbox 0.74 officially doesn't support running any version of Windows on it--and there are serious limitations for applications that you would run on it (e.g. no SHARE.EXE or VSHARE.386 capabilities).

In addition, there are a LOT of 32-bit applications, mostly written in the Win9x era, that will not run on Win XP/2003/Vista/7/8.x 64-bit or may need cajoling. Specific examples include certain .NET applications (e.g. 32-bit applications that are compiled with the setting to run on the target hardware--which has problems if you use certain data types on 64-bit) and Visual FoxPro. So now we have to run them on their 32-bit equivalents. And even then, that's not a guarantee, even with Compatibility Modes.

Now, I'm all for Win9 being 64-bit only, but improve compatibility for business users with 16 & 32 bit applications--even if that means running a VM within a VM (e.g. NTVDM under WoW on a 64-bit OS). Yes, we can all argue that MS at some point has to let the past be in the past, but there are valid reasons why companies generally load 32-bit OSes on their PCs...

Comment: Re:For Starters... (Score 1) 88

Not necessarily true. Just because you're the 23-year old "CEO" of a small firm employing 25 people making one product or service, doesn't mean you're capable of scaling up if things take off. Sure, it may be fun & games at 25 people, but if you suddenly balloon to 1000 employees, you'll need someone who knows how to navigate all of the following in the business world: shareholders, investors, salespeople, legal headaches, red tape, patent trolls, new products, multi-year plans, security breaches, logistics, accounting, etc. Those situations likely call for such a firm getting acquired--and they should be acquired.

Any firm that experiences exponential growth, especially related to the Internet or IoT, should be acquired...

+ - Supreme Court Rules Against Aereo's Streaming TV Service->

Submitted by bsharma
bsharma (577257) writes "The U.S. Supreme Court on Wednesday dealt a potentially fatal blow to Aereo, an Internet service that allows customers to watch broadcast TV programs on mobile devices.

Launched a year ago in New York and then extended to 10 other U.S. cities, it allows customers to watch over-the-air TV programs on a smartphone, tablet, or computer for as little as $8 a month. Selections can be viewed live or recorded for later viewing."

Link to Original Source

Comment: Re: Just unplug your server from the internet... (Score 1) 387

by BUL2294 (#47263415) Attached to: Code Spaces Hosting Shutting Down After Attacker Deletes All Data
Who do you "call" with most cloud vendors? After all, sounds like whoever was doing the DDOS to extort Code Spaces could have also "called" Amazon to do any number of things, as whoever it was had the passwords, other accounts, etc.

Unless you're one of Amazon EC3's largest customers (e.g. Netflix), you're one of thousands of low-paying customers with rudimentary authentication. Amazon should have an "oh shit" master key that relies on old-school technology, like a RSA number keyfob that the client's president keeps in a locked drawer. That would be the nuclear option. But if something like that were available, it might have cost the client an extra $10/month...

Comment: Re:DirecTV is a major problem, potential solution. (Score 1) 394

by BUL2294 (#47254859) Attached to: Cable Boxes Are the 2nd Biggest Energy Users In Many Homes
DirecTV has no VOD unless you have your box connected to the Internet (where it streams from that source).

Firmware & software updates are relatively small, can be sent anytime & queued for processing later--I have no objections to the box waking from sleep by itself in the middle of the night to apply an update that was received earlier in the day. (After all, the updates are sent constantly--e.g. for boxes that were off because of vacations, power failures, etc.)

I don't care if my guide is updated perfectly in the middle of the night during a window that I choose--I'd rather the box be using 1 watt in sleep mode during this time.

Comment: DirecTV is a major problem, potential solution... (Score 1) 394

by BUL2294 (#47253747) Attached to: Cable Boxes Are the 2nd Biggest Energy Users In Many Homes
Currently, DirecTV has 6 models of STBs (set top boxes): three HD DVR, one HD non-DVR, one SD DVR, one SD non-DVR. Sending firmware upgrades to all of 6 device types adding a user-set deep-sleep mode would be amazing, the immediate effects of which would be massive nationwide! Generally, I don't have anything recording in the middle of the night--or it's a one-off repeat that I don't care about. Offer 4 simple options: 1) deep sleep & not record during user-specified times (e.g. 1am-7am and 11am-4pm); 2) not-so-deep-sleep and wake to record during specified times (e.g. wakes 10 minutes before a recording time); 3) sleep based on x-hours of inactivity; 4) no power management (e.g. for insomniacs).

Currently, my DirecTV HD-DVR (non-Genie) box offers a "lower power" mode that I can't adjust, that it goes into after 4 hours of inactivity. But I have no control over how the time is defined, etc. And it pointlessly reminds me that it went into low-power mode & I have to click out of it--something users may choose to disable just to not get that pointless annoyance...

Let's not forget that these devices are "computers" with power savings in the processors, motherboards, OSes (Linux?), hard drives, etc., that DirecTV, Comcast, and others chose not to enable. Let's face it, DirecTV, you're ~20% of the problem (based on US market share), now become part of the solution...

Oh, and one last thing... How the fuck do some of your boxes have the "Energy Star" logo??? Is it because the boxes themselves are efficient & you choose not to implement those efficiencies?

Comment: Get 10% less fuel economy with E10... (Score 4, Interesting) 432

by BUL2294 (#47087723) Attached to: Has the Ethanol Threat Manifested In the US?
I firmly believe that E10 is a total scam. Anecdotally, doing pure highway driving, I get 8-10% less fuel economy with E10 than E0 (pure gasoline), so what's the point? This has been consistently the case with the last 3 cars I've owned (V8 RWD, turbo I4 AWD, regular I4 FWD). Losing 10% fuel economy for the privilege (more accurately, the forced subsidy of corn growers in many states) of driving E10 makes no sense to me. Just water down my gasoline by 10%--same effect but water is cheaper than ethanol...

Anyone can do any amount of work provided it isn't the work he is supposed to be doing at the moment. -- Robert Benchley

Working...