It's not hard to envisage every gas station having chargers some day (or diners / supermarkets / convenience stores who want to attract business while vehicles charge). That day is still some way off.
I guess someone would have to tell us how to detect it, or something else equally helpful to actually PREVENT this threat. Warnings are pointless without a plan.
Just google for "free antivirus and sexy girl screensaver APK". Lots of Chinese warez sites have it. The app asks for a lot of permissions but only to see if there are viruses hiding in your text messages or contacts.
The existing model is broken by the fact that CAs are not always trustworthy, the certs they issue to most sites are worthless as tokens of trust and the whole mechanism is a tax on security. It needs all browser makers to knock heads and make CAs for security an optional thing. Yes some sites like banks or whatever might want to pay some CA to audit their security procedures for storing a cert. For most sites it's complete overkill.
This Kickstarter stuff isn't very well regulated...
A fool and their money are soon parted. I've yet to see a single kickstarter that would justify me giving a single penny to it. Most of them are glorified preorders - "give us money now and in a year or two we might deliver a product you can have for a small discount off its eventual retail price". No thanks.
I would agree with the sentiment that people who think JS (or HTML5) is some panacea for Flash are idiots. Flash was hated primarily because it was TOO popular - sites abused the fuck out of it and multi tabbed browsers sagged under the weight of so many running instances. If JS is abused the same way the performance would be just as bad.
JS is often considered the problem, not the solution to web development. This is why coffeescript, typescript et al exit. Plus a raft of JS libraries like jquery, backbone, underscore, phantom, handlebars etc. to hide the differences or provide basic niceties that JS lacks. Plus the likes of dart, emscripten, GWT and so on which bury JS completely and spit out compiled JS. Plus the recognition from browsers that JS performance sucks and the optimization paths they've implemented (e.g. asm.js). That said, we're almost in a place where 95% of the use cases for Flash are probably achievable in JS. Personally I wish browsers would adopt PNaCl or something similar so code can be compiled and run at near native speeds - skip JS as an intermediate format when it doesn't make sense and just let sites ship bitcode.
So it's unsurprising that Ubisoft pushed it out the way it was. If they announced a delay, they'd lose out on seasonal sales, their preorders would be decimated and it would affect their quarterly figures. So they pushed out something with some serious bugs and performance issues and used an embargo to prevent bad press until after all those preorders were fulfilled. I'm sure they'll get around to fixing the worst of the bugs, but people have been sold a lemon.
As consumers, there is a clear lesson to be learned here - do not preorder. Do not reward companies who use hype and lies to promote a game that may not live up to expectations. If a game is THAT AMAZING, then it'll still be so in a week or two after release when consensus is formed. And if it isn't... well that's €60+ you've saved for a better game.
It seems like it would be pretty trivial for someone working at a store to disconnect it from the internet at will.
And it would be pretty trivial for the credit card company and police to notice thefts all occurring from this one shop and rain fire down on their asses.
Aside from digits, EBCDIC is infamous for it's bizarro alphabet layout which wasn't contiguous so code patterns like "if 'a' I suspect the EBCDIC only existed because IBM being IBM couldn't countenance interoperability with other systems and therefore tried to ringfence and enforce its own format.
TL;DR: Install Perspectives if you want to use an unknown CA.
It's not a case of installing anything. It requires a whole new secure protocol that browsers support out of the box.
Broken by StartSSL, which provides personal use certificates without charge.
It's still a CA and it's demonstrative of the uselessness of a CA in the first place. The cert makes a scary box go away nothing more. Even if its free (in money) it's still an onerous task in time and effort to obtain a cert. And with my tinfoil hat on, why should I trust an operation in Israel to generate a trustworthy certificate for my site? It's not the first time a CA has been compromised and issued phony certs for MITM attacks.
I have my own problems with PGP's assumption of transitive trust. Just because you can vouch for someone's identity doesn't mean you can vouch for that person's ability to correctly vouch for others' identities.
True but it still has the potential to build more meaningful trust to a site than a CA can. e.g. Red Hat could sign Ubuntu's site and vice versa and they could sign various Linux user groups and so forth. Just like happens with PGP keys. It's more meaningful than some random CA and far harder compromise especially if browsers cache keys and signatories or look them up in SSL observatory.